package net.shibboleth.idp.plugin.oidc.op.oauth2.profile.impl;

import com.nimbusds.oauth2.sdk.Scope;
import com.nimbusds.openid.connect.sdk.AuthenticationRequest;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.NoSuchAlgorithmException;
import java.text.ParseException;
import java.time.Instant;
import java.util.Map;
import java.util.function.BiFunction;
import java.util.function.Function;
import net.shibboleth.idp.authn.context.SubjectContext;
import net.shibboleth.idp.plugin.oidc.op.messaging.context.OIDCAuthenticationResponseConsentContext;
import net.shibboleth.idp.plugin.oidc.op.messaging.context.OIDCAuthenticationResponseTokenClaimsContext;
import net.shibboleth.idp.plugin.oidc.op.profile.impl.BaseOIDCResponseActionTest;
import net.shibboleth.idp.plugin.oidc.op.token.support.AuthorizeCodeClaimsSet;
import net.shibboleth.idp.profile.config.ProfileConfiguration;
import net.shibboleth.idp.profile.context.RelyingPartyContext;
import net.shibboleth.idp.profile.testing.ActionTestingSupport;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.security.DataSealerException;
import org.opensaml.profile.context.ProfileRequestContext;
import org.testng.Assert;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/plugin/oidc/op/oauth2/profile/impl/SetAuthorizationCodeToResponseContextTest.class */
public class SetAuthorizationCodeToResponseContextTest extends BaseOIDCResponseActionTest {
    private SetAuthorizationCodeToResponseContext action;

    private void init() throws ComponentInitializationException, NoSuchAlgorithmException, URISyntaxException {
        init(null);
    }

    private void init(Function<ProfileRequestContext, BiFunction<ProfileRequestContext, Map<String, Object>, Map<String, Object>>> function) throws ComponentInitializationException, NoSuchAlgorithmException, URISyntaxException {
        this.respCtx.setScope(new Scope());
        this.respCtx.setSubject("subject");
        this.respCtx.setAuthTime(Instant.now());
        this.respCtx.setAcr("0");
        this.respCtx.setRedirectURI(new URI("http://example.com"));
        this.action = new SetAuthorizationCodeToResponseContext();
        this.action.setDataSealer(getDataSealer());
        if (function != null) {
            this.action.setTokenClaimsSetManipulationStrategyLookupStrategy(function);
        }
        this.action.initialize();
        this.profileRequestCtx.getSubcontext(SubjectContext.class, true).setPrincipalName("userPrin");
    }

    @Test
    public void testSuccess() throws ComponentInitializationException, NoSuchAlgorithmException, URISyntaxException, ParseException, DataSealerException {
        init();
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.requestCtx));
        Assert.assertNotNull(this.respCtx.getAuthorizationCode());
        AuthorizeCodeClaimsSet parse = AuthorizeCodeClaimsSet.parse(this.respCtx.getAuthorizationCode().getValue(), getDataSealer());
        Assert.assertNotNull(parse);
        Assert.assertNull(parse.getSessionIdentifier());
    }

    @Test
    public void testSuccessWithSid() throws ComponentInitializationException, NoSuchAlgorithmException, URISyntaxException, ParseException, DataSealerException {
        init();
        this.respCtx.setSessionId("mockSid");
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.requestCtx));
        Assert.assertNotNull(this.respCtx.getAuthorizationCode());
        AuthorizeCodeClaimsSet parse = AuthorizeCodeClaimsSet.parse(this.respCtx.getAuthorizationCode().getValue(), getDataSealer());
        Assert.assertNotNull(parse);
        Assert.assertEquals(parse.getSessionIdentifier(), "mockSid");
    }

    @Test
    public void testSuccessWithCustomClaim() throws ComponentInitializationException, NoSuchAlgorithmException, URISyntaxException, ParseException, DataSealerException {
        init(profileRequestContext -> {
            return (profileRequestContext, map) -> {
                return addEntryToMap(map, "custom_claim", "custom_value");
            };
        });
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.requestCtx));
        Assert.assertNotNull(this.respCtx.getAuthorizationCode());
        AuthorizeCodeClaimsSet parse = AuthorizeCodeClaimsSet.parse(this.respCtx.getAuthorizationCode().getValue(), getDataSealer());
        Assert.assertNotNull(parse);
        Assert.assertNotNull(parse.getClaimsSet().getClaim("custom_claim"));
        Assert.assertEquals(parse.getClaimsSet().getStringClaim("custom_claim"), "custom_value");
    }

    @Test
    public void testSuccessConsent() throws ComponentInitializationException, NoSuchAlgorithmException, URISyntaxException, ParseException, DataSealerException {
        init();
        OIDCAuthenticationResponseConsentContext addSubcontext = this.respCtx.addSubcontext(new OIDCAuthenticationResponseConsentContext());
        addSubcontext.getConsentedAttributes().add("3");
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.requestCtx));
        Assert.assertNotNull(this.respCtx.getAuthorizationCode());
        AuthorizeCodeClaimsSet parse = AuthorizeCodeClaimsSet.parse(this.respCtx.getAuthorizationCode().getValue(), getDataSealer());
        Assert.assertNotNull(parse);
        Assert.assertEquals(parse.getConsentedClaims(), addSubcontext.getConsentedAttributes());
    }

    @Test
    public void testSuccessWithTokenDelivery() throws ComponentInitializationException, NoSuchAlgorithmException, URISyntaxException, ParseException, DataSealerException {
        init();
        OIDCAuthenticationResponseTokenClaimsContext addSubcontext = this.respCtx.addSubcontext(new OIDCAuthenticationResponseTokenClaimsContext());
        addSubcontext.getClaims().setClaim("1", "1");
        addSubcontext.getIdtokenClaims().setClaim("2", "2");
        addSubcontext.getUserinfoClaims().setClaim("3", "3");
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.requestCtx));
        Assert.assertNotNull(this.respCtx.getAuthorizationCode());
        AuthorizeCodeClaimsSet parse = AuthorizeCodeClaimsSet.parse(this.respCtx.getAuthorizationCode().getValue(), getDataSealer());
        Assert.assertNotNull(parse);
        Assert.assertNotNull(parse.getDeliveryClaims().getClaim("1"));
        Assert.assertNotNull(parse.getIDTokenDeliveryClaims().getClaim("2"));
        Assert.assertNotNull(parse.getUserinfoDeliveryClaims().getClaim("3"));
    }

    @Test
    public void testSuccessPKCE() throws ComponentInitializationException, NoSuchAlgorithmException, URISyntaxException, ParseException, DataSealerException, com.nimbusds.oauth2.sdk.ParseException {
        init();
        this.request = AuthenticationRequest.parse("code_challenge=123456&code_challenge_method=S256&response_type=id_token+token&client_id=s6BhdRkqt3&login_hint=foo&redirect_uri=https%3A%2F%2Fclient.example.org%2Fcb&scope=openid%20email%20profile%20offline_access&state=af0ifjsldkj&nonce=n-0S6_WzA2Mj");
        setAuthenticationRequest(this.request);
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.requestCtx));
        Assert.assertNotNull(this.respCtx.getAuthorizationCode());
        AuthorizeCodeClaimsSet parse = AuthorizeCodeClaimsSet.parse(this.respCtx.getAuthorizationCode().getValue(), getDataSealer());
        Assert.assertNotNull(parse);
        Assert.assertEquals(parse.getCodeChallenge(), "S256123456");
    }

    @Test
    public void testSuccessPKCEDefault() throws ComponentInitializationException, NoSuchAlgorithmException, URISyntaxException, ParseException, DataSealerException, com.nimbusds.oauth2.sdk.ParseException {
        init();
        this.request = AuthenticationRequest.parse("code_challenge=123456&response_type=id_token+token&client_id=s6BhdRkqt3&login_hint=foo&redirect_uri=https%3A%2F%2Fclient.example.org%2Fcb&scope=openid%20email%20profile%20offline_access&state=af0ifjsldkj&nonce=n-0S6_WzA2Mj");
        setAuthenticationRequest(this.request);
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.requestCtx));
        Assert.assertNotNull(this.respCtx.getAuthorizationCode());
        AuthorizeCodeClaimsSet parse = AuthorizeCodeClaimsSet.parse(this.respCtx.getAuthorizationCode().getValue(), getDataSealer());
        Assert.assertNotNull(parse);
        Assert.assertEquals(parse.getCodeChallenge(), "plain123456");
    }

    @Test
    public void testFailNoRPCtx() throws NoSuchAlgorithmException, ComponentInitializationException, URISyntaxException {
        init();
        this.profileRequestCtx.removeSubcontext(RelyingPartyContext.class);
        ActionTestingSupport.assertEvent(this.action.execute(this.requestCtx), "InvalidProfileConfiguration");
    }

    @Test
    public void testFailNoSubjectCtx() throws NoSuchAlgorithmException, ComponentInitializationException, URISyntaxException {
        init();
        this.profileRequestCtx.removeSubcontext(SubjectContext.class);
        ActionTestingSupport.assertEvent(this.action.execute(this.requestCtx), "InvalidProfileContext");
    }

    @Test
    public void testFailNoProfileConf() throws NoSuchAlgorithmException, ComponentInitializationException, URISyntaxException {
        init();
        this.profileRequestCtx.getSubcontext(RelyingPartyContext.class, false).setProfileConfig((ProfileConfiguration) null);
        ActionTestingSupport.assertEvent(this.action.execute(this.requestCtx), "InvalidProfileConfiguration");
    }
}
