package net.shibboleth.idp.plugin.oidc.op.authn.impl;

import com.nimbusds.oauth2.sdk.auth.Secret;
import com.nimbusds.oauth2.sdk.id.ClientID;
import com.nimbusds.openid.connect.sdk.rp.OIDCClientInformation;
import com.nimbusds.openid.connect.sdk.rp.OIDCClientMetadata;
import java.security.NoSuchAlgorithmException;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import javax.security.auth.login.LoginException;
import net.shibboleth.idp.authn.AuthenticationFlowDescriptor;
import net.shibboleth.idp.authn.context.AuthenticationContext;
import net.shibboleth.idp.authn.context.AuthenticationErrorContext;
import net.shibboleth.idp.authn.context.UsernamePasswordContext;
import net.shibboleth.idp.authn.impl.ValidateCredentials;
import net.shibboleth.idp.authn.impl.testing.BaseAuthenticationContextTest;
import net.shibboleth.idp.authn.principal.UsernamePrincipal;
import net.shibboleth.idp.profile.testing.ActionTestingSupport;
import net.shibboleth.oidc.metadata.context.OIDCMetadataContext;
import net.shibboleth.utilities.java.support.codec.StringDigester;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/plugin/oidc/op/authn/impl/OIDCClientInfoCredentialValidatorTest.class */
public class OIDCClientInfoCredentialValidatorTest extends BaseAuthenticationContextTest {
    private ClientID clientId;
    private Secret clientSecret;
    private OIDCClientInfoCredentialValidator validator;
    private ValidateCredentials action;

    @BeforeMethod
    public void setUp() throws ComponentInitializationException {
        super.setUp();
        this.clientId = new ClientID("mockId");
        this.clientSecret = new Secret("secret1234567890secret1234567890secret1234567890");
        this.validator = new OIDCClientInfoCredentialValidator();
        this.validator.setId("test");
        this.validator.initialize();
        this.action = new ValidateCredentials();
        this.action.setValidators(Collections.singletonList(this.validator));
        HashMap hashMap = new HashMap();
        hashMap.put("InvalidPassword", Collections.singleton("InvalidCredentials"));
        hashMap.put("UnknownUsername", Collections.singleton("UnknownUsername"));
        this.action.setClassifiedMessages(hashMap);
        this.action.initialize();
        OIDCMetadataContext oIDCMetadataContext = new OIDCMetadataContext();
        oIDCMetadataContext.setClientInformation(new OIDCClientInformation(this.clientId, new Date(), new OIDCClientMetadata(), new Secret("secret1234567890secret1234567890secret1234567890")));
        this.prc.getInboundMessageContext().addSubcontext(oIDCMetadataContext);
    }

    @Test
    public void testMissingFlow() {
        ActionTestingSupport.assertEvent(this.action.execute(this.src), "InvalidAuthenticationContext");
    }

    @Test
    public void testMissingUser() {
        this.prc.getSubcontext(AuthenticationContext.class).setAttemptedFlow((AuthenticationFlowDescriptor) this.authenticationFlows.get(0));
        ActionTestingSupport.assertEvent(this.action.execute(this.src), "NoCredentials");
    }

    @Test
    public void testMissingUser2() {
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        subcontext.setAttemptedFlow((AuthenticationFlowDescriptor) this.authenticationFlows.get(0));
        subcontext.getSubcontext(UsernamePasswordContext.class, true);
        ActionTestingSupport.assertEvent(this.action.execute(this.src), "NoCredentials");
    }

    @Test
    public void testBadPassword() {
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        subcontext.setAttemptedFlow((AuthenticationFlowDescriptor) this.authenticationFlows.get(0));
        subcontext.getSubcontext(UsernamePasswordContext.class, true).setUsername(this.clientId.getValue()).setPassword("foo");
        ActionTestingSupport.assertEvent(this.action.execute(this.src), "InvalidPassword");
        AuthenticationErrorContext subcontext2 = subcontext.getSubcontext(AuthenticationErrorContext.class);
        Assert.assertTrue(subcontext2.getExceptions().get(0) instanceof LoginException);
        Assert.assertFalse(subcontext2.isClassifiedError("UnknownUsername"));
        Assert.assertTrue(subcontext2.isClassifiedError("InvalidPassword"));
    }

    @Test
    public void testAuthorized() {
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        subcontext.setAttemptedFlow((AuthenticationFlowDescriptor) this.authenticationFlows.get(0));
        subcontext.getSubcontext(UsernamePasswordContext.class, true).setUsername(this.clientId.getValue()).setPassword(this.clientSecret.getValue());
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        Assert.assertNotNull(subcontext.getAuthenticationResult());
        Assert.assertEquals(((UsernamePrincipal) subcontext.getAuthenticationResult().getSubject().getPrincipals(UsernamePrincipal.class).iterator().next()).getName(), this.clientId.getValue());
    }

    @Test
    public void testAuthorizedSHA2() throws NoSuchAlgorithmException {
        AuthenticationContext subcontext = this.prc.getSubcontext(AuthenticationContext.class);
        subcontext.setAttemptedFlow((AuthenticationFlowDescriptor) this.authenticationFlows.get(0));
        subcontext.getSubcontext(UsernamePasswordContext.class, true).setUsername(this.clientId.getValue()).setPassword(this.clientSecret.getValue());
        this.prc.getInboundMessageContext().getSubcontext(OIDCMetadataContext.class).setClientInformation(new OIDCClientInformation(this.clientId, new Date(), new OIDCClientMetadata(), new Secret("{SHA2}" + new StringDigester("SHA-256", StringDigester.OutputFormat.BASE64).apply(this.clientSecret.getValue()))));
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.src));
        Assert.assertNotNull(subcontext.getAuthenticationResult());
        Assert.assertEquals(((UsernamePrincipal) subcontext.getAuthenticationResult().getSubject().getPrincipals(UsernamePrincipal.class).iterator().next()).getName(), this.clientId.getValue());
    }
}
