package net.shibboleth.idp.plugin.oidc.op.profile.impl;

import com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod;
import com.nimbusds.oauth2.sdk.auth.Secret;
import com.nimbusds.oauth2.sdk.id.ClientID;
import com.nimbusds.openid.connect.sdk.rp.OIDCClientInformationResponse;
import com.nimbusds.openid.connect.sdk.rp.OIDCClientMetadata;
import java.time.Instant;
import net.shibboleth.idp.plugin.oidc.op.messaging.context.OIDCClientRegistrationResponseContext;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.profile.testing.ActionTestingSupport;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/plugin/oidc/op/profile/impl/BuildClientInformationTest.class */
public class BuildClientInformationTest {
    protected BuildClientInformation action;
    protected ProfileRequestContext profileRequestCtx;
    protected MessageContext messageCtx;
    protected OIDCClientRegistrationResponseContext registrationCtx;
    protected OIDCClientMetadata metadata;
    protected String clientId;
    protected String clientSecret;

    @BeforeMethod
    public void setup() throws ComponentInitializationException {
        this.action = new BuildClientInformation();
        this.action.initialize();
        this.profileRequestCtx = new ProfileRequestContext();
        this.messageCtx = new MessageContext();
        Assert.assertNull(this.messageCtx.getMessage());
        this.profileRequestCtx.setOutboundMessageContext(this.messageCtx);
        this.registrationCtx = this.profileRequestCtx.getOutboundMessageContext().getSubcontext(OIDCClientRegistrationResponseContext.class, true);
        this.clientId = "mockClientId";
        this.clientSecret = "mockSecret";
        this.metadata = new OIDCClientMetadata();
        this.registrationCtx.setClientId(this.clientId);
        this.registrationCtx.setClientSecret(this.clientSecret);
        this.registrationCtx.setClientMetadata(this.metadata);
    }

    @Test
    public void noOutboundMessageContext() {
        ProfileRequestContext profileRequestContext = new ProfileRequestContext();
        this.action.execute(profileRequestContext);
        ActionTestingSupport.assertEvent(profileRequestContext, "InvalidProfileContext");
    }

    @Test
    public void noMetadataContext() {
        ProfileRequestContext profileRequestContext = new ProfileRequestContext();
        profileRequestContext.setOutboundMessageContext(new MessageContext());
        this.action.execute(profileRequestContext);
        ActionTestingSupport.assertEvent(profileRequestContext, "InvalidMessageContext");
    }

    @Test
    public void noClientIdInContext() {
        this.registrationCtx.setClientId((String) null);
        this.action.execute(this.profileRequestCtx);
        ActionTestingSupport.assertEvent(this.profileRequestCtx, "InvalidMessageContext");
    }

    @Test
    public void noClientMetadataInContext() {
        this.registrationCtx.setClientMetadata((OIDCClientMetadata) null);
        this.action.execute(this.profileRequestCtx);
        ActionTestingSupport.assertEvent(this.profileRequestCtx, "InvalidMessageContext");
    }

    @Test
    public void noClientSecretInContextWhenRequired() {
        this.registrationCtx.setClientSecret((String) null);
        this.action.execute(this.profileRequestCtx);
        ActionTestingSupport.assertEvent(this.profileRequestCtx, "InvalidMessageContext");
    }

    @Test
    public void noClientSecretInContextRequiredWithPrivateKeyJWT() {
        this.registrationCtx.setClientSecret((String) null);
        this.metadata.setTokenEndpointAuthMethod(ClientAuthenticationMethod.PRIVATE_KEY_JWT);
        this.action.execute(this.profileRequestCtx);
        assertSuccessfulResponse(false);
    }

    @Test
    public void noTokenEndpointAuthMethodCreatesSecret() {
        this.action.execute(this.profileRequestCtx);
        assertSuccessfulResponse();
    }

    @Test
    public void basicTokenEndpointAuthMethodCreatesSecret() {
        this.metadata.setTokenEndpointAuthMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC);
        this.action.execute(this.profileRequestCtx);
        assertSuccessfulResponse();
    }

    @Test
    public void postTokenEndpointAuthMethodCreatesSecret() {
        this.metadata.setTokenEndpointAuthMethod(ClientAuthenticationMethod.CLIENT_SECRET_POST);
        this.action.execute(this.profileRequestCtx);
        assertSuccessfulResponse();
    }

    @Test
    public void jwtSecretTokenEndpointAuthMethodCreatesSecret() {
        this.metadata.setTokenEndpointAuthMethod(ClientAuthenticationMethod.CLIENT_SECRET_JWT);
        this.action.execute(this.profileRequestCtx);
        assertSuccessfulResponse();
    }

    @Test
    public void noTokenEndpointAuthMethodCreatesSecret_expirationTimeIgnored() {
        this.registrationCtx.setClientSecretExpiresAt(Instant.now().plusSeconds(60L));
        this.action.execute(this.profileRequestCtx);
        assertSuccessfulResponse();
    }

    protected void assertSuccessfulResponse() {
        assertSuccessfulResponse(true);
    }

    protected void assertSuccessfulResponse(boolean z) {
        ActionTestingSupport.assertProceedEvent(this.profileRequestCtx);
        OIDCClientInformationResponse oIDCClientInformationResponse = (OIDCClientInformationResponse) this.messageCtx.getMessage();
        Assert.assertNotNull(oIDCClientInformationResponse);
        Assert.assertEquals(oIDCClientInformationResponse.getOIDCClientInformation().getID(), new ClientID(this.clientId));
        if (z) {
            assertSecret(oIDCClientInformationResponse);
        }
    }

    protected void assertSecret(OIDCClientInformationResponse oIDCClientInformationResponse) {
        Secret secret = oIDCClientInformationResponse.getOIDCClientInformation().getSecret();
        Assert.assertNotNull(secret);
        Assert.assertEquals(secret.getValue(), this.clientSecret);
        Assert.assertNull(secret.getExpirationDate());
    }
}
