package net.shibboleth.idp.plugin.oidc.op.profile.flow;

import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jwt.JWT;
import com.nimbusds.openid.connect.sdk.UserInfoSuccessResponse;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.Iterator;
import java.util.List;
import net.shibboleth.idp.plugin.oidc.op.profile.flow.AbstractIssuedJWTSecurityTest;
import org.testng.Assert;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/plugin/oidc/op/profile/flow/IssuedEncryptedJWTTest.class */
public class IssuedEncryptedJWTTest extends AbstractIssuedJWTSecurityTest {
    protected static final List<JWSAlgorithm> JWS_ALGORITHMS = List.of((Object[]) new JWSAlgorithm[]{JWSAlgorithm.RS256, JWSAlgorithm.RS384, JWSAlgorithm.RS512, JWSAlgorithm.PS256, JWSAlgorithm.PS384, JWSAlgorithm.PS512, JWSAlgorithm.HS256, JWSAlgorithm.HS384, JWSAlgorithm.HS512, JWSAlgorithm.ES256, JWSAlgorithm.ES512});
    protected static final List<JWEAlgorithm> JWE_ALGORITHMS = List.of((Object[]) new JWEAlgorithm[]{JWEAlgorithm.ECDH_ES, JWEAlgorithm.ECDH_ES_A128KW, JWEAlgorithm.ECDH_ES_A192KW, JWEAlgorithm.ECDH_ES_A256KW, JWEAlgorithm.RSA1_5, JWEAlgorithm.RSA_OAEP, JWEAlgorithm.RSA_OAEP_256, JWEAlgorithm.RSA_OAEP_512, JWEAlgorithm.A128KW, JWEAlgorithm.A192KW, JWEAlgorithm.A256KW, JWEAlgorithm.A128GCMKW, JWEAlgorithm.A192GCMKW, JWEAlgorithm.A256GCMKW});
    protected static final List<EncryptionMethod> ENCRYPTION_METHODS = List.of(EncryptionMethod.A128CBC_HS256, EncryptionMethod.A256CBC_HS512, EncryptionMethod.A128GCM, EncryptionMethod.A192GCM, EncryptionMethod.A256GCM);
    protected final boolean testSignedJwt;

    public IssuedEncryptedJWTTest(AbstractIssuedJWTSecurityTest.JWT_FETCHING_TYPE jwt_fetching_type, String str) {
        this(jwt_fetching_type, str, false, false);
    }

    public IssuedEncryptedJWTTest(AbstractIssuedJWTSecurityTest.JWT_FETCHING_TYPE jwt_fetching_type, String str, boolean z, boolean z2) {
        super(jwt_fetching_type, str, z2);
        this.testSignedJwt = z;
    }

    @Test
    public void testJwtEncryption_noSigAlgNorEncSpecified() throws Exception {
        if (!this.fetchingType.equals(AbstractIssuedJWTSecurityTest.JWT_FETCHING_TYPE.USERINFO)) {
            JWT obtainJwt = obtainJwt(this.defaultClientSecret, this.rsaPublicKey, null, null, null);
            if (this.encryptionOptional) {
                assertSignedJwt(obtainJwt, JWSAlgorithm.RS256, loadRSSigningCredential().getPublicKey());
                return;
            } else {
                Assert.assertNull(obtainJwt);
                return;
            }
        }
        UserInfoSuccessResponse obtainUserInfoResponse = obtainUserInfoResponse(this.encryptionOptional ? this.defaultClientId : this.defaultClientIdEncryptionEnforced, this.defaultClientSecret, this.rsaPublicKey, null, null, null);
        if (!this.encryptionOptional) {
            Assert.assertNull(obtainUserInfoResponse);
        } else {
            Assert.assertNotNull(obtainUserInfoResponse.getUserInfo());
            Assert.assertNull(obtainUserInfoResponse.getUserInfoJWT());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static PublicKey getSignatureVerificationKey(JWSAlgorithm jWSAlgorithm) {
        return JWSAlgorithm.ES256.equals(jWSAlgorithm) ? loadESSigningCredential().getPublicKey() : JWSAlgorithm.ES512.equals(jWSAlgorithm) ? loadES512SigningCredential().getPublicKey() : loadRSSigningCredential().getPublicKey();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static PrivateKey getSigningKey(JWSAlgorithm jWSAlgorithm) {
        return JWSAlgorithm.ES256.equals(jWSAlgorithm) ? loadESSigningCredential().getPrivateKey() : JWSAlgorithm.ES512.equals(jWSAlgorithm) ? loadES512SigningCredential().getPrivateKey() : loadRSSigningCredential().getPrivateKey();
    }

    protected void assertSecretBasedEncryption(JWEAlgorithm jWEAlgorithm, EncryptionMethod encryptionMethod) {
        if (!this.testSignedJwt) {
            assertEncryptedJwt(obtainJwt(this.defaultClientSecret, null, null, jWEAlgorithm, encryptionMethod), jWEAlgorithm, encryptionMethod, this.defaultClientSecret, null);
            return;
        }
        for (JWSAlgorithm jWSAlgorithm : JWS_ALGORITHMS) {
            assertEncryptedSignedJwt(obtainJwt(this.defaultClientSecret64B, null, jWSAlgorithm, jWEAlgorithm, encryptionMethod), jWSAlgorithm, jWEAlgorithm, encryptionMethod, this.defaultClientSecret64B, getSignatureVerificationKey(jWSAlgorithm));
        }
    }

    @Test
    public void testJwtEncryption_a128kwWithEnabledMethods() throws Exception {
        Iterator<EncryptionMethod> it = ENCRYPTION_METHODS.iterator();
        while (it.hasNext()) {
            assertSecretBasedEncryption(JWEAlgorithm.A128KW, it.next());
        }
    }

    @Test
    public void testJwtEncryption_a128kwWithExcludedMethod() throws Exception {
        assertExcludedAlgorithm(JWEAlgorithm.A128KW, EncryptionMethod.A192CBC_HS384);
    }

    @Test
    public void testJwtEncryption_a192kwWithEnabledMethods() throws Exception {
        Iterator<EncryptionMethod> it = ENCRYPTION_METHODS.iterator();
        while (it.hasNext()) {
            assertSecretBasedEncryption(JWEAlgorithm.A192KW, it.next());
        }
    }

    @Test
    public void testJwtEncryption_a192kwWithExcludedMethod() throws Exception {
        assertExcludedAlgorithm(JWEAlgorithm.A192KW, EncryptionMethod.A192CBC_HS384);
    }

    @Test
    public void testJwtEncryption_a256kwWithEnabledMethods() throws Exception {
        Iterator<EncryptionMethod> it = ENCRYPTION_METHODS.iterator();
        while (it.hasNext()) {
            assertSecretBasedEncryption(JWEAlgorithm.A256KW, it.next());
        }
    }

    @Test
    public void testJwtEncryption_a256kwWithExcludedMethod() throws Exception {
        assertExcludedAlgorithm(JWEAlgorithm.A256KW, EncryptionMethod.A192CBC_HS384);
    }

    @Test
    public void testJwtEncryption_a128gcmkwWithEnabledMethods() throws Exception {
        Iterator<EncryptionMethod> it = ENCRYPTION_METHODS.iterator();
        while (it.hasNext()) {
            assertSecretBasedEncryption(JWEAlgorithm.A128GCMKW, it.next());
        }
    }

    @Test
    public void testJwtEncryption_a128gcmkwWithExcludedMethod() throws Exception {
        assertExcludedAlgorithm(JWEAlgorithm.A128GCMKW, EncryptionMethod.A192CBC_HS384);
    }

    @Test
    public void testJwtEncryption_a192gcmkwWithEnabledMethods() throws Exception {
        Iterator<EncryptionMethod> it = ENCRYPTION_METHODS.iterator();
        while (it.hasNext()) {
            assertSecretBasedEncryption(JWEAlgorithm.A192GCMKW, it.next());
        }
    }

    @Test
    public void testJwtEncryption_a192gcmkwWithExcludedMethod() throws Exception {
        assertExcludedAlgorithm(JWEAlgorithm.A192GCMKW, EncryptionMethod.A192CBC_HS384);
    }

    @Test
    public void testJwtEncryption_a256gcmkwWithEnabledMethods() throws Exception {
        Iterator<EncryptionMethod> it = ENCRYPTION_METHODS.iterator();
        while (it.hasNext()) {
            assertSecretBasedEncryption(JWEAlgorithm.A256GCMKW, it.next());
        }
    }

    @Test
    public void testJwtEncryption_a256gcmkwWithExcludedMethod() throws Exception {
        assertExcludedAlgorithm(JWEAlgorithm.A256GCMKW, EncryptionMethod.A192CBC_HS384);
    }

    protected void assertNoSymmetricKeyResponse(JWEAlgorithm jWEAlgorithm, EncryptionMethod encryptionMethod) throws Exception {
        if (!this.testSignedJwt) {
            assertNoJwtResponse(null, null, null, jWEAlgorithm, encryptionMethod, this.fetchingType);
            return;
        }
        for (JWSAlgorithm jWSAlgorithm : JWS_ALGORITHMS) {
            if (!JWSAlgorithm.Family.HMAC_SHA.contains(jWSAlgorithm)) {
                assertNoJwtResponse(null, getSignatureVerificationKey(jWSAlgorithm), jWSAlgorithm, jWEAlgorithm, encryptionMethod, this.fetchingType);
            }
        }
    }

    @Test
    public void testJwtEncryption_symmetricKeyEncryption_noKey() throws Exception {
        for (JWEAlgorithm jWEAlgorithm : JWE_ALGORITHMS) {
            if (JWEAlgorithm.Family.SYMMETRIC.contains(jWEAlgorithm)) {
                Iterator<EncryptionMethod> it = ENCRYPTION_METHODS.iterator();
                while (it.hasNext()) {
                    assertNoSymmetricKeyResponse(jWEAlgorithm, it.next());
                }
            }
        }
    }

    protected void assertPublicKeyBasedEncryption(PublicKey publicKey, PrivateKey privateKey, JWEAlgorithm jWEAlgorithm, EncryptionMethod encryptionMethod) {
        if (!this.testSignedJwt) {
            assertEncryptedJwt(obtainJwt(this.defaultClientSecret, publicKey, null, jWEAlgorithm, encryptionMethod), jWEAlgorithm, encryptionMethod, this.defaultClientSecret, privateKey);
            return;
        }
        for (JWSAlgorithm jWSAlgorithm : JWS_ALGORITHMS) {
            assertEncryptedSignedJwt(obtainJwt(this.defaultClientSecret64B, publicKey, jWSAlgorithm, jWEAlgorithm, encryptionMethod), jWSAlgorithm, jWEAlgorithm, encryptionMethod, this.defaultClientSecret64B, privateKey, publicKey, getSignatureVerificationKey(jWSAlgorithm));
        }
    }

    @Test
    public void testJwtEncryption_ecdhWithEnabledMethods() throws Exception {
        Iterator<EncryptionMethod> it = ENCRYPTION_METHODS.iterator();
        while (it.hasNext()) {
            assertPublicKeyBasedEncryption(this.ecKey.toPublicKey(), this.ecKey.toPrivateKey(), JWEAlgorithm.ECDH_ES, it.next());
        }
    }

    @Test
    public void testJwtEncryption_ecdhWithExcludedMethod() throws Exception {
        assertExcludedAlgorithm(JWEAlgorithm.ECDH_ES, EncryptionMethod.A192CBC_HS384);
    }

    @Test
    public void testJwtEncryption_ecdh128kwWithEnabledMethods() throws Exception {
        Iterator<EncryptionMethod> it = ENCRYPTION_METHODS.iterator();
        while (it.hasNext()) {
            assertPublicKeyBasedEncryption(this.ecKey.toPublicKey(), this.ecKey.toPrivateKey(), JWEAlgorithm.ECDH_ES_A128KW, it.next());
        }
    }

    @Test
    public void testJwtEncryption_ecdh128kwWithExcludedMethod() throws Exception {
        assertExcludedAlgorithm(JWEAlgorithm.ECDH_ES_A128KW, EncryptionMethod.A192CBC_HS384);
    }

    @Test
    public void testJwtEncryption_ecdh192kwWithEnabledMethods() throws Exception {
        Iterator<EncryptionMethod> it = ENCRYPTION_METHODS.iterator();
        while (it.hasNext()) {
            assertPublicKeyBasedEncryption(this.ecKey.toPublicKey(), this.ecKey.toPrivateKey(), JWEAlgorithm.ECDH_ES_A192KW, it.next());
        }
    }

    @Test
    public void testJwtEncryption_ecdh192kwWithExcludedMethod() throws Exception {
        assertExcludedAlgorithm(JWEAlgorithm.ECDH_ES_A192KW, EncryptionMethod.A192CBC_HS384);
    }

    @Test
    public void testJwtEncryption_ecdh256kwWithEnabledMethods() throws Exception {
        Iterator<EncryptionMethod> it = ENCRYPTION_METHODS.iterator();
        while (it.hasNext()) {
            assertPublicKeyBasedEncryption(this.ecKey.toPublicKey(), this.ecKey.toPrivateKey(), JWEAlgorithm.ECDH_ES_A256KW, it.next());
        }
    }

    @Test
    public void testJwtEncryption_ecdh256kwWithExcludedMethod() throws Exception {
        assertExcludedAlgorithm(JWEAlgorithm.ECDH_ES_A256KW, EncryptionMethod.A192CBC_HS384);
    }

    @Test
    public void testJwtEncryption_rsa15WithEnabledMethods() throws Exception {
        Iterator<EncryptionMethod> it = ENCRYPTION_METHODS.iterator();
        while (it.hasNext()) {
            assertPublicKeyBasedEncryption(this.rsaPublicKey, this.rsaPrivateKey, JWEAlgorithm.RSA1_5, it.next());
        }
    }

    @Test
    public void testJwtEncryption_rsa15WithExcludedMethod() throws Exception {
        assertExcludedAlgorithm(JWEAlgorithm.RSA1_5, EncryptionMethod.A192CBC_HS384);
    }

    @Test
    public void testJwtEncryption_rsaOaepWithEnabledMethods() throws Exception {
        Iterator<EncryptionMethod> it = ENCRYPTION_METHODS.iterator();
        while (it.hasNext()) {
            assertPublicKeyBasedEncryption(this.rsaPublicKey, this.rsaPrivateKey, JWEAlgorithm.RSA_OAEP, it.next());
        }
    }

    @Test
    public void testJwtEncryption_rsaOaepWithExcludedMethod() throws Exception {
        assertExcludedAlgorithm(JWEAlgorithm.RSA_OAEP, EncryptionMethod.A192CBC_HS384);
    }

    @Test
    public void testJwtEncryption_rsaOaep256WithEnabledMethods() throws Exception {
        Iterator<EncryptionMethod> it = ENCRYPTION_METHODS.iterator();
        while (it.hasNext()) {
            assertPublicKeyBasedEncryption(this.rsaPublicKey, this.rsaPrivateKey, JWEAlgorithm.RSA_OAEP_256, it.next());
        }
    }

    @Test
    public void testJwtEncryption_rsaOaep256WithExcludedMethod() throws Exception {
        assertExcludedAlgorithm(JWEAlgorithm.RSA_OAEP_256, EncryptionMethod.A192CBC_HS384);
    }

    @Test
    public void testJwtEncryption_rsaOaep384WithEnabledMethods() throws Exception {
        Iterator<EncryptionMethod> it = ENCRYPTION_METHODS.iterator();
        while (it.hasNext()) {
            assertExcludedAlgorithm(JWEAlgorithm.RSA_OAEP_384, it.next());
        }
    }

    @Test
    public void testJwtEncryption_rsaOaep384WithExcludedMethod() throws Exception {
        assertExcludedAlgorithm(JWEAlgorithm.RSA_OAEP_384, EncryptionMethod.A192CBC_HS384);
    }

    @Test
    public void testJwtEncryption_rsaOaep512WithEnabledMethods() throws Exception {
        Iterator<EncryptionMethod> it = ENCRYPTION_METHODS.iterator();
        while (it.hasNext()) {
            assertPublicKeyBasedEncryption(this.rsaPublicKey, this.rsaPrivateKey, JWEAlgorithm.RSA_OAEP_512, it.next());
        }
    }

    @Test
    public void testJwtEncryption_rsaOaep512WithExcludedMethod() throws Exception {
        assertExcludedAlgorithm(JWEAlgorithm.RSA_OAEP_512, EncryptionMethod.A192CBC_HS384);
    }

    protected void assertExcludedAlgorithm(JWEAlgorithm jWEAlgorithm, EncryptionMethod encryptionMethod) throws Exception {
        if (!this.testSignedJwt) {
            assertNoJwtResponse(this.defaultClientSecret64B, this.rsaPublicKey, null, jWEAlgorithm, encryptionMethod, this.fetchingType);
            return;
        }
        Iterator<JWSAlgorithm> it = JWS_ALGORITHMS.iterator();
        while (it.hasNext()) {
            assertNoJwtResponse(this.defaultClientSecret64B, this.rsaPublicKey, it.next(), jWEAlgorithm, encryptionMethod, this.fetchingType);
        }
    }

    protected void assertNoPublicKeyResponse(JWEAlgorithm jWEAlgorithm, EncryptionMethod encryptionMethod) throws Exception {
        if (!this.testSignedJwt) {
            assertNoJwtResponse(null, null, null, jWEAlgorithm, encryptionMethod, this.fetchingType);
            return;
        }
        Iterator<JWSAlgorithm> it = JWS_ALGORITHMS.iterator();
        while (it.hasNext()) {
            assertNoJwtResponse(this.defaultClientSecret64B, null, it.next(), jWEAlgorithm, encryptionMethod, this.fetchingType);
        }
    }

    @Test
    public void testJwtEncryption_publicKeyEncryption_noKey() throws Exception {
        for (JWEAlgorithm jWEAlgorithm : JWE_ALGORITHMS) {
            if (JWEAlgorithm.Family.ASYMMETRIC.contains(jWEAlgorithm)) {
                Iterator<EncryptionMethod> it = ENCRYPTION_METHODS.iterator();
                while (it.hasNext()) {
                    assertNoPublicKeyResponse(jWEAlgorithm, it.next());
                }
            }
        }
    }
}
