package net.shibboleth.idp.plugin.oidc.op.profile.flow;

import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.crypto.AESDecrypter;
import com.nimbusds.jose.crypto.DirectDecrypter;
import com.nimbusds.jose.crypto.ECDHDecrypter;
import com.nimbusds.jose.crypto.ECDSAVerifier;
import com.nimbusds.jose.crypto.MACVerifier;
import com.nimbusds.jose.crypto.RSADecrypter;
import com.nimbusds.jose.crypto.RSASSAVerifier;
import com.nimbusds.jwt.EncryptedJWT;
import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.SignedJWT;
import com.nimbusds.oauth2.sdk.AccessTokenResponse;
import com.nimbusds.oauth2.sdk.AuthorizationResponse;
import com.nimbusds.oauth2.sdk.AuthorizationSuccessResponse;
import com.nimbusds.oauth2.sdk.ResponseType;
import com.nimbusds.oauth2.sdk.Scope;
import com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod;
import com.nimbusds.oauth2.sdk.auth.ClientSecretJWT;
import com.nimbusds.oauth2.sdk.token.BearerAccessToken;
import com.nimbusds.openid.connect.sdk.AuthenticationResponse;
import com.nimbusds.openid.connect.sdk.AuthenticationSuccessResponse;
import com.nimbusds.openid.connect.sdk.OIDCTokenResponse;
import com.nimbusds.openid.connect.sdk.UserInfoSuccessResponse;
import com.nimbusds.openid.connect.sdk.rp.OIDCClientMetadata;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.KeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.text.ParseException;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import net.shibboleth.oidc.security.impl.support.TestCredentialHelper;
import net.shibboleth.utilities.java.support.collection.Pair;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.security.DataSealerException;
import org.springframework.webflow.core.collection.MutableAttributeMap;
import org.springframework.webflow.executor.FlowExecutionResult;
import org.testng.Assert;

/* loaded from: input_file:net/shibboleth/idp/plugin/oidc/op/profile/flow/AbstractIssuedJWTSecurityTest.class */
public abstract class AbstractIssuedJWTSecurityTest extends AbstractOidcFlowTest {
    String defaultClientId;
    String defaultClientIdEncryptionEnforced;
    String defaultClientSecret;
    String defaultClientSecret64B;
    protected final JWT_FETCHING_TYPE fetchingType;
    protected final boolean encryptionOptional;

    /* loaded from: input_file:net/shibboleth/idp/plugin/oidc/op/profile/flow/AbstractIssuedJWTSecurityTest$JWT_FETCHING_TYPE.class */
    public enum JWT_FETCHING_TYPE {
        USERINFO,
        TOKEN_ID_TOKEN,
        TOKEN_ACCESS_TOKEN,
        AUTHORIZE_ID_TOKEN,
        AUTHORIZE_ACCESS_TOKEN,
        REQUEST_OBJECT
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractIssuedJWTSecurityTest(JWT_FETCHING_TYPE jwt_fetching_type, String str) {
        this(jwt_fetching_type, str, true);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractIssuedJWTSecurityTest(JWT_FETCHING_TYPE jwt_fetching_type, String str, boolean z) {
        super(str);
        this.defaultClientId = "mockClientId";
        this.defaultClientIdEncryptionEnforced = "mockClientIdEncryptionEnforced";
        this.defaultClientSecret = "/A?D(G+KbPdSgVkYp3s6v9y$B&E)H@Mc";
        this.defaultClientSecret64B = "/A?D(G+KbPdSgVkYp3s6v9y$B&E)H@Mc/A?D(G+KbPdSgVkYp3s6v9y$B&E)H@Mc";
        this.fetchingType = jwt_fetching_type;
        this.encryptionOptional = z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public JWT obtainJwt(JWSAlgorithm jWSAlgorithm) {
        return obtainJwt(this.defaultClientSecret, jWSAlgorithm);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public JWT obtainJwt(String str, JWSAlgorithm jWSAlgorithm) {
        return obtainJwt(str, null, jWSAlgorithm, null, null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public JWT obtainJwt(String str, PublicKey publicKey, JWSAlgorithm jWSAlgorithm, JWEAlgorithm jWEAlgorithm, EncryptionMethod encryptionMethod) {
        return obtainJwt(this.encryptionOptional ? this.defaultClientId : this.defaultClientIdEncryptionEnforced, str, publicKey, jWSAlgorithm, jWEAlgorithm, encryptionMethod);
    }

    protected JWT obtainJwt(String str, String str2, PublicKey publicKey, JWSAlgorithm jWSAlgorithm, JWEAlgorithm jWEAlgorithm, EncryptionMethod encryptionMethod) {
        switch (this.fetchingType) {
            case USERINFO:
                return obtainUserInfoAsJwt(str, str2, publicKey, jWSAlgorithm, jWEAlgorithm, encryptionMethod);
            case TOKEN_ID_TOKEN:
                return obtainIdTokenFromTokenEndpoint(str, str2, publicKey, jWSAlgorithm, jWEAlgorithm, encryptionMethod);
            case TOKEN_ACCESS_TOKEN:
                return obtainJwtAccessTokenFromTokenEndpoint(str, str2, publicKey, jWSAlgorithm, jWEAlgorithm, encryptionMethod);
            case AUTHORIZE_ID_TOKEN:
                return obtainIdTokenFromAuthorizeEndpoint(str, str2, publicKey, jWSAlgorithm, jWEAlgorithm, encryptionMethod);
            case AUTHORIZE_ACCESS_TOKEN:
                return obtainAccessTokenFromAuthorizeEndpoint(str, str2, publicKey, jWSAlgorithm, jWEAlgorithm, encryptionMethod);
            default:
                Assert.fail();
                return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertSignedJwt(JWT jwt, JWSAlgorithm jWSAlgorithm, String str) {
        assertSignedJwt(jwt, jWSAlgorithm, null, str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertSignedJwt(JWT jwt, JWSAlgorithm jWSAlgorithm, PublicKey publicKey) {
        assertSignedJwt(jwt, jWSAlgorithm, publicKey, null);
    }

    protected void assertSignedJwt(JWT jwt, JWSAlgorithm jWSAlgorithm, PublicKey publicKey, String str) {
        MACVerifier eCDSAVerifier;
        Assert.assertTrue(SignedJWT.class.isInstance(jwt), "The JWT was not SignedJWT: " + jwt);
        SignedJWT signedJWT = (SignedJWT) jwt;
        Assert.assertEquals(signedJWT.getHeader().getAlgorithm(), jWSAlgorithm);
        try {
            if (JWSAlgorithm.Family.HMAC_SHA.contains(jWSAlgorithm)) {
                eCDSAVerifier = new MACVerifier(str);
            } else if (JWSAlgorithm.Family.RSA.contains(jWSAlgorithm) && (publicKey instanceof RSAPublicKey)) {
                eCDSAVerifier = new RSASSAVerifier((RSAPublicKey) publicKey);
            } else {
                if (!JWSAlgorithm.Family.EC.contains(jWSAlgorithm) || !(publicKey instanceof ECPublicKey)) {
                    Assert.fail("The algorithm " + jWSAlgorithm + " was not detected for validation");
                    return;
                }
                eCDSAVerifier = new ECDSAVerifier((ECPublicKey) publicKey);
            }
            Assert.assertTrue(signedJWT.verify(eCDSAVerifier), "Could not verify signature with " + jWSAlgorithm);
        } catch (JOSEException e) {
            Assert.fail();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void assertEncryptedJwt(JWT jwt, JWEAlgorithm jWEAlgorithm, EncryptionMethod encryptionMethod, String str, PrivateKey privateKey) {
        EncryptedJWT assertAndDecryptJwt = assertAndDecryptJwt(jwt, jWEAlgorithm, encryptionMethod, str, privateKey);
        Assert.assertNotNull(assertAndDecryptJwt.getPayload());
        Assert.assertNotNull(assertAndDecryptJwt.getPayload().toJSONObject());
        Assert.assertEquals(assertAndDecryptJwt.getPayload().toJSONObject().get("sub"), "mockSubject");
    }

    protected static EncryptedJWT assertAndDecryptJwt(JWT jwt, JWEAlgorithm jWEAlgorithm, EncryptionMethod encryptionMethod, String str, PrivateKey privateKey) {
        DirectDecrypter aESDecrypter;
        Assert.assertTrue(EncryptedJWT.class.isInstance(jwt));
        EncryptedJWT encryptedJWT = (EncryptedJWT) jwt;
        Assert.assertEquals(encryptedJWT.getHeader().getAlgorithm(), jWEAlgorithm);
        Assert.assertEquals(encryptedJWT.getHeader().getEncryptionMethod(), encryptionMethod);
        try {
            if (JWEAlgorithm.DIR.equals(jWEAlgorithm)) {
                aESDecrypter = new DirectDecrypter(str.getBytes());
            } else if (JWEAlgorithm.Family.RSA.contains(jWEAlgorithm)) {
                aESDecrypter = new RSADecrypter(privateKey);
            } else if (JWEAlgorithm.Family.AES_GCM_KW.contains(jWEAlgorithm) || JWEAlgorithm.Family.AES_KW.contains(jWEAlgorithm)) {
                aESDecrypter = new AESDecrypter(TestCredentialHelper.createClientSecretCredential(str).toEncryptionCredential(jWEAlgorithm, encryptionMethod).getSecretKey());
            } else {
                if (!JWEAlgorithm.Family.ECDH_ES.contains(jWEAlgorithm)) {
                    Assert.fail("JWE algorithm '" + jWEAlgorithm.getName() + "' not expected");
                    return null;
                }
                aESDecrypter = new ECDHDecrypter((ECPrivateKey) privateKey);
            }
            encryptedJWT.decrypt(aESDecrypter);
        } catch (JOSEException | KeyException e) {
            Assert.fail(e.getMessage(), e);
        }
        return encryptedJWT;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertEncryptedSignedJwt(JWT jwt, JWSAlgorithm jWSAlgorithm, JWEAlgorithm jWEAlgorithm, EncryptionMethod encryptionMethod, String str, PublicKey publicKey) {
        assertEncryptedSignedJwt(jwt, jWSAlgorithm, jWEAlgorithm, encryptionMethod, str, null, null, publicKey);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertEncryptedSignedJwt(JWT jwt, JWSAlgorithm jWSAlgorithm, JWEAlgorithm jWEAlgorithm, EncryptionMethod encryptionMethod, String str, PrivateKey privateKey, PublicKey publicKey, PublicKey publicKey2) {
        EncryptedJWT assertAndDecryptJwt = assertAndDecryptJwt(jwt, jWEAlgorithm, encryptionMethod, str, privateKey);
        Assert.assertNotNull(assertAndDecryptJwt.getPayload());
        try {
            assertSignedJwt(SignedJWT.parse(assertAndDecryptJwt.getPayload().toString()), jWSAlgorithm, publicKey2, str);
        } catch (ParseException e) {
            Assert.fail("Could not parse SignedJWT from the unencrypted JWT", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertNoJwtResponse(String str, String str2, PublicKey publicKey, JWSAlgorithm jWSAlgorithm, JWT_FETCHING_TYPE jwt_fetching_type) {
        assertNoJwtResponse(str, str2, publicKey, jWSAlgorithm, null, null, jwt_fetching_type);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertNoJwtResponse(String str, PublicKey publicKey, JWSAlgorithm jWSAlgorithm, JWEAlgorithm jWEAlgorithm, EncryptionMethod encryptionMethod, JWT_FETCHING_TYPE jwt_fetching_type) {
        assertNoJwtResponse(this.encryptionOptional ? this.defaultClientId : this.defaultClientIdEncryptionEnforced, str, publicKey, jWSAlgorithm, jWEAlgorithm, encryptionMethod, jwt_fetching_type);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertNoJwtResponse(String str, String str2, PublicKey publicKey, JWSAlgorithm jWSAlgorithm, JWEAlgorithm jWEAlgorithm, EncryptionMethod encryptionMethod, JWT_FETCHING_TYPE jwt_fetching_type) {
        if (!jwt_fetching_type.equals(JWT_FETCHING_TYPE.USERINFO)) {
            JWT obtainJwt = obtainJwt(str, str2, publicKey, jWSAlgorithm, jWEAlgorithm, encryptionMethod);
            if (jWSAlgorithm == null || jWEAlgorithm == null || !this.encryptionOptional) {
                Assert.assertNull(obtainJwt);
                return;
            } else {
                Assert.assertTrue(SignedJWT.class.isInstance(obtainJwt), "Expected SignedJWT, obtained " + obtainJwt);
                return;
            }
        }
        UserInfoSuccessResponse obtainUserInfoResponse = obtainUserInfoResponse(str, str2, publicKey, jWSAlgorithm, jWEAlgorithm, encryptionMethod);
        if (!this.encryptionOptional) {
            if (jWEAlgorithm != null) {
                Assert.assertNull(obtainUserInfoResponse);
                return;
            } else {
                Assert.assertNotNull(obtainUserInfoResponse.getUserInfo());
                Assert.assertNull(obtainUserInfoResponse.getUserInfoJWT());
                return;
            }
        }
        if (jWSAlgorithm == null) {
            Assert.assertNotNull(obtainUserInfoResponse.getUserInfo());
            Assert.assertNull(obtainUserInfoResponse.getUserInfoJWT());
        } else if (jWEAlgorithm == null) {
            Assert.assertNotNull(obtainUserInfoResponse.getUserInfo());
            Assert.assertNull(obtainUserInfoResponse.getUserInfoJWT());
        } else {
            Assert.assertNull(obtainUserInfoResponse.getUserInfo());
            Assert.assertNotNull(obtainUserInfoResponse.getUserInfoJWT());
        }
    }

    public UserInfoSuccessResponse obtainUserInfoResponse(String str, JWSAlgorithm jWSAlgorithm) {
        return obtainUserInfoResponse(str, null, null, jWSAlgorithm, null, null);
    }

    public UserInfoSuccessResponse obtainUserInfoResponse(String str, String str2, PublicKey publicKey, JWSAlgorithm jWSAlgorithm, JWEAlgorithm jWEAlgorithm, EncryptionMethod encryptionMethod) {
        this.request.setMethod("GET");
        try {
            removeMetadata(this.storageService, str);
        } catch (IOException e) {
            Assert.fail();
        }
        try {
            BearerAccessToken buildToken = buildToken(str, "mockSubject", new Scope(new String[]{"openid"}));
            OIDCClientMetadata oIDCClientMetadata = new OIDCClientMetadata();
            oIDCClientMetadata.setScope(new Scope(new String[]{"openid"}));
            oIDCClientMetadata.setUserInfoJWSAlg(jWSAlgorithm);
            oIDCClientMetadata.setUserInfoJWEAlg(jWEAlgorithm);
            oIDCClientMetadata.setUserInfoJWEEnc(encryptionMethod);
            if (publicKey != null) {
                oIDCClientMetadata.setJWKSet(AbstractOidcFlowTest.buildJWKSet(publicKey));
            }
            try {
                storeMetadataObject(this.storageService, str, str2, oIDCClientMetadata);
                this.request.addHeader("Authorization", buildToken.toAuthorizationHeader());
                FlowExecutionResult launchExecution = this.flowExecutor.launchExecution(this.flowId, (MutableAttributeMap) null, this.externalContext);
                try {
                    removeMetadata(this.storageService, str);
                } catch (IOException e2) {
                    Assert.fail();
                }
                return parseSuccessResponse(launchExecution, UserInfoSuccessResponse.class);
            } catch (IOException e3) {
                Assert.fail();
                return null;
            }
        } catch (URISyntaxException | NoSuchAlgorithmException | DataSealerException | ComponentInitializationException e4) {
            Assert.fail();
            return null;
        }
    }

    public JWT obtainUserInfoAsJwt(String str, String str2, PublicKey publicKey, JWSAlgorithm jWSAlgorithm, JWEAlgorithm jWEAlgorithm, EncryptionMethod encryptionMethod) {
        UserInfoSuccessResponse obtainUserInfoResponse = obtainUserInfoResponse(str, str2, publicKey, jWSAlgorithm, jWEAlgorithm, encryptionMethod);
        if (obtainUserInfoResponse == null) {
            return null;
        }
        Assert.assertNull(obtainUserInfoResponse.getUserInfo());
        Assert.assertNotNull(obtainUserInfoResponse.getUserInfoJWT());
        return obtainUserInfoResponse.getUserInfoJWT();
    }

    protected JWT obtainIdTokenFromTokenEndpoint(String str, String str2, PublicKey publicKey, JWSAlgorithm jWSAlgorithm, JWEAlgorithm jWEAlgorithm, EncryptionMethod encryptionMethod) {
        ClientSecretJWT buildPrivateKeyJwtAuth;
        try {
            OIDCClientMetadata buildMetadataSkeleton = buildMetadataSkeleton();
            HashSet hashSet = new HashSet();
            if (str2 != null) {
                buildPrivateKeyJwtAuth = TokenFlowTest.buildSecretJwtAuth(str, str2, "http://localhost");
                buildMetadataSkeleton.setTokenEndpointAuthJWSAlg(JWSAlgorithm.HS256);
                buildMetadataSkeleton.setTokenEndpointAuthMethod(ClientAuthenticationMethod.CLIENT_SECRET_JWT);
            } else {
                buildPrivateKeyJwtAuth = TokenFlowTest.buildPrivateKeyJwtAuth(str, this.rsaPrivateKey, "http://localhost");
                buildMetadataSkeleton.setTokenEndpointAuthJWSAlg(JWSAlgorithm.RS256);
                buildMetadataSkeleton.setTokenEndpointAuthMethod(ClientAuthenticationMethod.PRIVATE_KEY_JWT);
                hashSet.add(this.rsaPublicKey);
            }
            buildMetadataSkeleton.setScope(Scope.parse("openid profile email offline_access"));
            buildMetadataSkeleton.setIDTokenJWEAlg(jWEAlgorithm);
            buildMetadataSkeleton.setIDTokenJWSAlg(jWSAlgorithm);
            buildMetadataSkeleton.setIDTokenJWEEnc(encryptionMethod);
            if (publicKey != null) {
                hashSet.add(publicKey);
            }
            if (!hashSet.isEmpty()) {
                buildMetadataSkeleton.setJWKSet(AbstractOidcFlowTest.buildJWKSet((PublicKey[]) hashSet.toArray(new PublicKey[0])));
            }
            FlowExecutionResult launchWithJwtAuthentication = TokenFlowTest.launchWithJwtAuthentication(this.flowExecutor, buildPrivateKeyJwtAuth, this.externalContext, this.request, "http://localhost", "openid", buildMetadataSkeleton, str2, this.storageService);
            removeMetadata(this.storageService, str);
            if (!parseResponse(launchWithJwtAuthentication).indicatesSuccess()) {
                return null;
            }
            OIDCTokenResponse parseSuccessResponse = parseSuccessResponse(launchWithJwtAuthentication, OIDCTokenResponse.class);
            Assert.assertNotNull(parseSuccessResponse.getOIDCTokens().getIDToken());
            return parseSuccessResponse.getOIDCTokens().getIDToken();
        } catch (Exception e) {
            Assert.fail(e.getMessage(), e);
            return null;
        }
    }

    protected JWT obtainJwtAccessTokenFromTokenEndpoint(String str, String str2, PublicKey publicKey, JWSAlgorithm jWSAlgorithm, JWEAlgorithm jWEAlgorithm, EncryptionMethod encryptionMethod) {
        ClientSecretJWT buildPrivateKeyJwtAuth;
        try {
            String str3 = this.encryptionOptional ? "https://mock.example.org" : "https://encryption.enforced.example.org";
            OIDCClientMetadata buildMetadataSkeleton = buildMetadataSkeleton();
            if (str2 != null) {
                buildPrivateKeyJwtAuth = TokenFlowTest.buildSecretJwtAuth(str, str2, "http://localhost");
                buildMetadataSkeleton.setTokenEndpointAuthJWSAlg(JWSAlgorithm.HS256);
                buildMetadataSkeleton.setTokenEndpointAuthMethod(ClientAuthenticationMethod.CLIENT_SECRET_JWT);
            } else {
                buildPrivateKeyJwtAuth = TokenFlowTest.buildPrivateKeyJwtAuth(str, this.rsaPrivateKey, "http://localhost");
                buildMetadataSkeleton.setTokenEndpointAuthJWSAlg(JWSAlgorithm.RS256);
                buildMetadataSkeleton.setTokenEndpointAuthMethod(ClientAuthenticationMethod.PRIVATE_KEY_JWT);
                buildMetadataSkeleton.setJWKSet(AbstractOidcFlowTest.buildJWKSet(this.rsaPublicKey));
            }
            buildMetadataSkeleton.setScope(Scope.parse("openid profile email offline_access"));
            buildMetadataSkeleton.setCustomField("audience", List.of(str3));
            OIDCClientMetadata buildMetadataSkeleton2 = buildMetadataSkeleton();
            buildMetadataSkeleton2.setScope(Scope.parse("openid profile email offline_access"));
            buildMetadataSkeleton2.setIDTokenJWEAlg(jWEAlgorithm);
            buildMetadataSkeleton2.setIDTokenJWSAlg(jWSAlgorithm);
            buildMetadataSkeleton2.setIDTokenJWEEnc(encryptionMethod);
            if (publicKey != null) {
                buildMetadataSkeleton2.setJWKSet(AbstractOidcFlowTest.buildJWKSet(publicKey));
            }
            AbstractOidcFlowTest.storeMetadataObject(this.storageService, str3, str2, buildMetadataSkeleton2);
            FlowExecutionResult launchWithJwtAuthentication = TokenFlowTest.launchWithJwtAuthentication(this.flowExecutor, buildPrivateKeyJwtAuth, this.externalContext, this.request, "http://localhost", "profile", buildMetadataSkeleton, str2, this.storageService);
            removeMetadata(this.storageService, str);
            removeMetadata(this.storageService, str3);
            if (!parseResponse(launchWithJwtAuthentication).indicatesSuccess()) {
                return null;
            }
            AccessTokenResponse parseSuccessResponse = parseSuccessResponse(launchWithJwtAuthentication, AccessTokenResponse.class);
            Assert.assertNotNull(parseSuccessResponse.getTokens().getAccessToken());
            return parseEncryptedOrSignedJWT(parseSuccessResponse.getTokens().getAccessToken().getValue());
        } catch (Exception e) {
            Assert.fail(e.getMessage(), e);
            return null;
        }
    }

    protected JWT obtainIdTokenFromAuthorizeEndpoint(String str, String str2, PublicKey publicKey, JWSAlgorithm jWSAlgorithm, JWEAlgorithm jWEAlgorithm, EncryptionMethod encryptionMethod) {
        setBasicAuth("jdoe", "changeit");
        this.request.setMethod("GET");
        AuthorizeFlowTest.setRequestParameters(this.request, List.of(new Pair("client_id", str), new Pair("response_type", "id_token"), new Pair("scope", "openid profile"), new Pair("redirect_uri", "https://example.org/cb"), new Pair("nonce", "idhas3h23hi13h1o2i32")));
        OIDCClientMetadata buildMetadataSkeleton = buildMetadataSkeleton();
        buildMetadataSkeleton.setScope(Scope.parse("openid profile email offline_access"));
        buildMetadataSkeleton.setIDTokenJWEAlg(jWEAlgorithm);
        buildMetadataSkeleton.setIDTokenJWSAlg(jWSAlgorithm);
        buildMetadataSkeleton.setIDTokenJWEEnc(encryptionMethod);
        if (publicKey != null) {
            buildMetadataSkeleton.setJWKSet(AbstractOidcFlowTest.buildJWKSet(publicKey));
        }
        try {
            buildMetadataSkeleton.setRedirectionURI(new URI("https://example.org/cb"));
            AbstractOidcFlowTest.storeMetadataObject(this.storageService, str, str2, buildMetadataSkeleton);
        } catch (IOException | URISyntaxException e) {
            Assert.fail(e.getMessage(), e);
        }
        initializeThreadLocals();
        FlowExecutionResult launchExecution = this.flowExecutor.launchExecution(this.flowId, (MutableAttributeMap) null, this.externalContext);
        try {
            super.removeMetadata(this.storageService, str);
        } catch (IOException e2) {
            Assert.fail(e2.getMessage(), e2);
        }
        if (!parseResponse(launchExecution).indicatesSuccess()) {
            return null;
        }
        AuthenticationSuccessResponse successResponse = parseSuccessResponse(launchExecution, AuthenticationResponse.class).toSuccessResponse();
        Assert.assertEquals(successResponse.getRedirectionURI().toString(), "https://example.org/cb");
        Assert.assertNotNull(successResponse.getIDToken());
        return successResponse.getIDToken();
    }

    protected JWT obtainAccessTokenFromAuthorizeEndpoint(String str, String str2, PublicKey publicKey, JWSAlgorithm jWSAlgorithm, JWEAlgorithm jWEAlgorithm, EncryptionMethod encryptionMethod) {
        setBasicAuth("jdoe", "changeit");
        this.request.setMethod("GET");
        String str3 = this.encryptionOptional ? "https://mock.example.org" : "https://encryption.enforced.example.org";
        AuthorizeFlowTest.setRequestParameters(this.request, List.of(new Pair("client_id", str), new Pair("response_type", "token"), new Pair("scope", "profile"), new Pair("redirect_uri", "https://example.org/cb"), new Pair("resource", str3), new Pair("nonce", "idhas3h23hi13h1o2i32")));
        OIDCClientMetadata buildMetadataSkeleton = buildMetadataSkeleton();
        buildMetadataSkeleton.setScope(Scope.parse("openid profile email offline_access"));
        buildMetadataSkeleton.setCustomField("audience", List.of(str3));
        buildMetadataSkeleton.setResponseTypes(Set.of(ResponseType.TOKEN));
        OIDCClientMetadata buildMetadataSkeleton2 = buildMetadataSkeleton();
        buildMetadataSkeleton2.setScope(Scope.parse("openid profile email offline_access"));
        buildMetadataSkeleton2.setIDTokenJWEAlg(jWEAlgorithm);
        buildMetadataSkeleton2.setIDTokenJWSAlg(jWSAlgorithm);
        buildMetadataSkeleton2.setIDTokenJWEEnc(encryptionMethod);
        if (publicKey != null) {
            buildMetadataSkeleton2.setJWKSet(AbstractOidcFlowTest.buildJWKSet(publicKey));
            buildMetadataSkeleton.setJWKSet(AbstractOidcFlowTest.buildJWKSet(publicKey));
        }
        try {
            buildMetadataSkeleton.setRedirectionURI(new URI("https://example.org/cb"));
            AbstractOidcFlowTest.storeMetadataObject(this.storageService, str, str2, buildMetadataSkeleton);
            AbstractOidcFlowTest.storeMetadataObject(this.storageService, str3, str2, buildMetadataSkeleton2);
        } catch (IOException | URISyntaxException e) {
            Assert.fail(e.getMessage(), e);
        }
        initializeThreadLocals();
        FlowExecutionResult launchExecution = this.flowExecutor.launchExecution(this.flowId, (MutableAttributeMap) null, this.externalContext);
        try {
            super.removeMetadata(this.storageService, str);
            super.removeMetadata(this.storageService, str3);
        } catch (IOException e2) {
            Assert.fail(e2.getMessage(), e2);
        }
        if (!parseResponse(launchExecution).indicatesSuccess()) {
            return null;
        }
        AuthorizationSuccessResponse successResponse = parseSuccessResponse(launchExecution, AuthorizationResponse.class).toSuccessResponse();
        Assert.assertEquals(successResponse.getRedirectionURI().toString(), "https://example.org/cb");
        Assert.assertNotNull(successResponse.getAccessToken());
        return parseEncryptedOrSignedJWT(successResponse.getAccessToken().getValue());
    }

    protected JWT parseEncryptedOrSignedJWT(String str) {
        try {
            return SignedJWT.parse(str);
        } catch (ParseException e) {
            try {
                return EncryptedJWT.parse(str);
            } catch (ParseException e2) {
                Assert.fail("Could not parse either SignedJWT or EncryptedJWT from the input" + str, e2);
                return null;
            }
        }
    }
}
