package net.shibboleth.idp.plugin.oidc.op.profile.impl;

import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.openid.connect.sdk.rp.OIDCClientMetadata;
import java.util.Collections;
import java.util.List;
import net.shibboleth.idp.profile.config.ProfileConfiguration;
import net.shibboleth.idp.profile.context.RelyingPartyContext;
import net.shibboleth.idp.profile.testing.ActionTestingSupport;
import net.shibboleth.oidc.profile.config.JSONSecurityConfiguration;
import net.shibboleth.oidc.security.jose.EncryptionConfiguration;
import net.shibboleth.oidc.security.jose.SignatureSigningConfiguration;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import org.mockito.Mockito;
import org.opensaml.profile.context.ProfileRequestContext;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/plugin/oidc/op/profile/impl/AddSecurityConfigurationToClientMetadataTest.class */
public class AddSecurityConfigurationToClientMetadataTest extends BaseOIDCClientMetadataPopulationTest {
    AddSecurityConfigurationToClientMetadata action;

    @BeforeMethod
    public void setUp() throws ComponentInitializationException {
        this.action = new AddSecurityConfigurationToClientMetadata();
        this.action.initialize();
    }

    @Override // net.shibboleth.idp.plugin.oidc.op.profile.impl.BaseOIDCClientMetadataPopulationTest
    /* renamed from: constructAction */
    protected AbstractOIDCClientMetadataPopulationAction mo10constructAction() {
        return new AddSecurityConfigurationToClientMetadata();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void initializeRpCtx(ProfileRequestContext profileRequestContext, List<String> list, List<String> list2, List<String> list3) {
        RelyingPartyContext subcontext = profileRequestContext.getSubcontext(RelyingPartyContext.class);
        ProfileConfiguration profileConfiguration = (ProfileConfiguration) Mockito.mock(ProfileConfiguration.class);
        JSONSecurityConfiguration jSONSecurityConfiguration = (JSONSecurityConfiguration) Mockito.mock(JSONSecurityConfiguration.class);
        SignatureSigningConfiguration signatureSigningConfiguration = (SignatureSigningConfiguration) Mockito.mock(SignatureSigningConfiguration.class);
        Mockito.when(signatureSigningConfiguration.getSignatureAlgorithms()).thenReturn(list);
        Mockito.when(jSONSecurityConfiguration.getJwtSignatureSigningConfiguration()).thenReturn(signatureSigningConfiguration);
        EncryptionConfiguration encryptionConfiguration = (EncryptionConfiguration) Mockito.mock(EncryptionConfiguration.class);
        Mockito.when(encryptionConfiguration.getDataEncryptionAlgorithms()).thenReturn(list3);
        Mockito.when(encryptionConfiguration.getKeyTransportEncryptionAlgorithms()).thenReturn(list2);
        Mockito.when(jSONSecurityConfiguration.getJwtEncryptionConfiguration()).thenReturn(encryptionConfiguration);
        Mockito.when(profileConfiguration.getSecurityConfiguration(profileRequestContext)).thenReturn(jSONSecurityConfiguration);
        subcontext.setProfileConfig(profileConfiguration);
    }

    protected void setUpContext(OIDCClientMetadata oIDCClientMetadata, OIDCClientMetadata oIDCClientMetadata2, List<String> list, List<String> list2, List<String> list3) throws ComponentInitializationException {
        super.setUpContext(oIDCClientMetadata, oIDCClientMetadata2);
        initializeRpCtx(this.profileRequestCtx, list, list2, list3);
    }

    @Test
    public void testEmptySignatureAlgorithmsListWithoutRequest() throws ComponentInitializationException {
        setUpContext(new OIDCClientMetadata(), new OIDCClientMetadata());
        ActionTestingSupport.assertEvent(this.action.execute(this.requestCtx), "InvalidMessage");
    }

    @Test
    public void testSignatureAlgorithmsListWithEmptyRequest() throws ComponentInitializationException {
        OIDCClientMetadata oIDCClientMetadata = new OIDCClientMetadata();
        OIDCClientMetadata oIDCClientMetadata2 = new OIDCClientMetadata();
        setUpContext(oIDCClientMetadata, oIDCClientMetadata2, Collections.singletonList("RS256"), null, null);
        Assert.assertNull(this.action.execute(this.requestCtx));
        Assert.assertEquals(oIDCClientMetadata2.getIDTokenJWSAlg(), JWSAlgorithm.RS256);
        Assert.assertNull(oIDCClientMetadata2.getIDTokenJWEEnc());
        Assert.assertNull(oIDCClientMetadata2.getIDTokenJWEAlg());
    }

    @Test
    public void testIDTokenSignatureAlgorithmsListWithRS256Request() throws ComponentInitializationException {
        OIDCClientMetadata oIDCClientMetadata = new OIDCClientMetadata();
        oIDCClientMetadata.setIDTokenJWSAlg(JWSAlgorithm.RS256);
        OIDCClientMetadata oIDCClientMetadata2 = new OIDCClientMetadata();
        setUpContext(oIDCClientMetadata, oIDCClientMetadata2, Collections.singletonList("RS256"), null, null);
        Assert.assertNull(this.action.execute(this.requestCtx));
        Assert.assertEquals(oIDCClientMetadata2.getIDTokenJWSAlg(), JWSAlgorithm.RS256);
        Assert.assertNull(oIDCClientMetadata2.getIDTokenJWEEnc());
        Assert.assertNull(oIDCClientMetadata2.getIDTokenJWEAlg());
    }

    @Test
    public void testIDTokenSignatureAlgorithmsListWithES512Request() throws ComponentInitializationException {
        OIDCClientMetadata oIDCClientMetadata = new OIDCClientMetadata();
        oIDCClientMetadata.setIDTokenJWSAlg(JWSAlgorithm.ES512);
        OIDCClientMetadata oIDCClientMetadata2 = new OIDCClientMetadata();
        setUpContext(oIDCClientMetadata, oIDCClientMetadata2, List.of("RS256", "ES512"), null, null);
        Assert.assertNull(this.action.execute(this.requestCtx));
        Assert.assertEquals(oIDCClientMetadata2.getIDTokenJWSAlg(), JWSAlgorithm.ES512);
        Assert.assertNull(oIDCClientMetadata2.getIDTokenJWEEnc());
        Assert.assertNull(oIDCClientMetadata2.getIDTokenJWEAlg());
    }

    @Test
    public void testIDTokenInvalidEncryptionConfig() throws ComponentInitializationException {
        OIDCClientMetadata oIDCClientMetadata = new OIDCClientMetadata();
        oIDCClientMetadata.setIDTokenJWEAlg((JWEAlgorithm) null);
        oIDCClientMetadata.setIDTokenJWEEnc(EncryptionMethod.A128CBC_HS256);
        setUpContext(oIDCClientMetadata, new OIDCClientMetadata(), Collections.singletonList("RS256"), null, null);
        ActionTestingSupport.assertEvent(this.action.execute(this.requestCtx), "InvalidMessage");
    }

    @Test
    public void testIDTokenUnsupportedKeyTransportEncryptionConfig() throws ComponentInitializationException {
        OIDCClientMetadata oIDCClientMetadata = new OIDCClientMetadata();
        oIDCClientMetadata.setIDTokenJWEAlg(new JWEAlgorithm("RSA1_5"));
        oIDCClientMetadata.setIDTokenJWEEnc(EncryptionMethod.A256CBC_HS512);
        setUpContext(oIDCClientMetadata, new OIDCClientMetadata(), Collections.singletonList("RS256"), Collections.singletonList("RSA1_5"), Collections.singletonList("A128CBC-HS256"));
        ActionTestingSupport.assertEvent(this.action.execute(this.requestCtx), "InvalidMessage");
    }

    @Test
    public void testIDTokenUnsupportedEncryptionConfig() throws ComponentInitializationException {
        OIDCClientMetadata oIDCClientMetadata = new OIDCClientMetadata();
        oIDCClientMetadata.setIDTokenJWEAlg(new JWEAlgorithm("A128GCMKW"));
        oIDCClientMetadata.setIDTokenJWEEnc(EncryptionMethod.A128CBC_HS256);
        setUpContext(oIDCClientMetadata, new OIDCClientMetadata(), Collections.singletonList("RS256"), Collections.singletonList("RSA1_5"), Collections.singletonList("A128CBC-HS256"));
        ActionTestingSupport.assertEvent(this.action.execute(this.requestCtx), "InvalidMessage");
    }

    @Test
    public void testIDTokenValidEncryptionConfig() throws ComponentInitializationException {
        OIDCClientMetadata oIDCClientMetadata = new OIDCClientMetadata();
        oIDCClientMetadata.setIDTokenJWEAlg(new JWEAlgorithm("RSA1_5"));
        oIDCClientMetadata.setIDTokenJWEEnc(EncryptionMethod.A128CBC_HS256);
        OIDCClientMetadata oIDCClientMetadata2 = new OIDCClientMetadata();
        setUpContext(oIDCClientMetadata, oIDCClientMetadata2, Collections.singletonList("RS256"), Collections.singletonList("RSA1_5"), Collections.singletonList("A128CBC-HS256"));
        Assert.assertNull(this.action.execute(this.requestCtx));
        Assert.assertEquals(oIDCClientMetadata2.getIDTokenJWSAlg(), JWSAlgorithm.RS256);
        Assert.assertEquals(oIDCClientMetadata2.getIDTokenJWEAlg(), new JWEAlgorithm("RSA1_5"));
        Assert.assertEquals(oIDCClientMetadata2.getIDTokenJWEEnc(), EncryptionMethod.A128CBC_HS256);
    }

    @Test
    public void testUserInfoSignatureAlgorithmsListWithRS256Request() throws ComponentInitializationException {
        OIDCClientMetadata oIDCClientMetadata = new OIDCClientMetadata();
        oIDCClientMetadata.setUserInfoJWSAlg(JWSAlgorithm.RS256);
        OIDCClientMetadata oIDCClientMetadata2 = new OIDCClientMetadata();
        setUpContext(oIDCClientMetadata, oIDCClientMetadata2, Collections.singletonList("RS256"), null, null);
        Assert.assertNull(this.action.execute(this.requestCtx));
        Assert.assertEquals(oIDCClientMetadata2.getUserInfoJWSAlg(), JWSAlgorithm.RS256);
        Assert.assertNull(oIDCClientMetadata2.getUserInfoJWEEnc());
        Assert.assertNull(oIDCClientMetadata2.getUserInfoJWEAlg());
    }

    @Test
    public void testUserInfoSignatureAlgorithmsListWithES512Request() throws ComponentInitializationException {
        OIDCClientMetadata oIDCClientMetadata = new OIDCClientMetadata();
        oIDCClientMetadata.setUserInfoJWSAlg(JWSAlgorithm.ES512);
        OIDCClientMetadata oIDCClientMetadata2 = new OIDCClientMetadata();
        setUpContext(oIDCClientMetadata, oIDCClientMetadata2, List.of("RS256", "ES512"), null, null);
        Assert.assertNull(this.action.execute(this.requestCtx));
        Assert.assertEquals(oIDCClientMetadata2.getUserInfoJWSAlg(), JWSAlgorithm.ES512);
        Assert.assertNull(oIDCClientMetadata2.getUserInfoJWEEnc());
        Assert.assertNull(oIDCClientMetadata2.getUserInfoJWEAlg());
    }

    @Test
    public void testUserInfoInvalidEncryptionConfig() throws ComponentInitializationException {
        OIDCClientMetadata oIDCClientMetadata = new OIDCClientMetadata();
        oIDCClientMetadata.setUserInfoJWEAlg((JWEAlgorithm) null);
        oIDCClientMetadata.setUserInfoJWEEnc(EncryptionMethod.A128CBC_HS256);
        setUpContext(oIDCClientMetadata, new OIDCClientMetadata(), Collections.singletonList("RS256"), null, null);
        ActionTestingSupport.assertEvent(this.action.execute(this.requestCtx), "InvalidMessage");
    }

    @Test
    public void testUserInfoUnsupportedKeyTransportEncryptionConfig() throws ComponentInitializationException {
        OIDCClientMetadata oIDCClientMetadata = new OIDCClientMetadata();
        oIDCClientMetadata.setUserInfoJWEAlg(new JWEAlgorithm("RSA1_5"));
        oIDCClientMetadata.setUserInfoJWEEnc(EncryptionMethod.A256CBC_HS512);
        setUpContext(oIDCClientMetadata, new OIDCClientMetadata(), Collections.singletonList("RS256"), Collections.singletonList("RSA1_5"), Collections.singletonList("A128CBC-HS256"));
        ActionTestingSupport.assertEvent(this.action.execute(this.requestCtx), "InvalidMessage");
    }

    @Test
    public void testUserInfoUnsupportedEncryptionConfig() throws ComponentInitializationException {
        OIDCClientMetadata oIDCClientMetadata = new OIDCClientMetadata();
        oIDCClientMetadata.setUserInfoJWEAlg(new JWEAlgorithm("A128GCMKW"));
        oIDCClientMetadata.setUserInfoJWEEnc(EncryptionMethod.A128CBC_HS256);
        setUpContext(oIDCClientMetadata, new OIDCClientMetadata(), Collections.singletonList("RS256"), Collections.singletonList("RSA1_5"), Collections.singletonList("A128CBC-HS256"));
        ActionTestingSupport.assertEvent(this.action.execute(this.requestCtx), "InvalidMessage");
    }

    @Test
    public void testUserInfoValidEncryptionConfig() throws ComponentInitializationException {
        OIDCClientMetadata oIDCClientMetadata = new OIDCClientMetadata();
        oIDCClientMetadata.setUserInfoJWEAlg(new JWEAlgorithm("RSA1_5"));
        oIDCClientMetadata.setUserInfoJWEEnc(EncryptionMethod.A128CBC_HS256);
        OIDCClientMetadata oIDCClientMetadata2 = new OIDCClientMetadata();
        setUpContext(oIDCClientMetadata, oIDCClientMetadata2, Collections.singletonList("RS256"), Collections.singletonList("RSA1_5"), Collections.singletonList("A128CBC-HS256"));
        Assert.assertNull(this.action.execute(this.requestCtx));
        Assert.assertEquals(oIDCClientMetadata2.getUserInfoJWEAlg(), new JWEAlgorithm("RSA1_5"));
        Assert.assertEquals(oIDCClientMetadata2.getUserInfoJWEEnc(), EncryptionMethod.A128CBC_HS256);
    }
}
