package net.shibboleth.idp.plugin.oidc.op.profile.flow;

import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWEHeader;
import com.nimbusds.jose.JWEObject;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.crypto.AESEncrypter;
import com.nimbusds.jose.crypto.ECDHEncrypter;
import com.nimbusds.jose.crypto.ECDSASigner;
import com.nimbusds.jose.crypto.MACSigner;
import com.nimbusds.jose.crypto.RSAEncrypter;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.jwk.Curve;
import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jose.jwk.gen.ECKeyGenerator;
import com.nimbusds.jwt.EncryptedJWT;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import com.nimbusds.oauth2.sdk.ErrorResponse;
import com.nimbusds.oauth2.sdk.GrantType;
import com.nimbusds.oauth2.sdk.Response;
import com.nimbusds.oauth2.sdk.ResponseType;
import com.nimbusds.oauth2.sdk.Scope;
import com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod;
import com.nimbusds.oauth2.sdk.auth.Secret;
import com.nimbusds.oauth2.sdk.id.ClientID;
import com.nimbusds.oauth2.sdk.token.BearerAccessToken;
import com.nimbusds.openid.connect.sdk.claims.ClaimsSet;
import com.nimbusds.openid.connect.sdk.rp.OIDCClientInformation;
import com.nimbusds.openid.connect.sdk.rp.OIDCClientMetadata;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.text.ParseException;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import net.shibboleth.idp.plugin.oidc.op.token.support.AccessTokenClaimsSet;
import net.shibboleth.idp.test.flows.AbstractFlowTest;
import net.shibboleth.oidc.security.credential.BasicJWKCredential;
import net.shibboleth.oidc.security.credential.BasicJWKCredentialFactoryBean;
import net.shibboleth.oidc.security.credential.JWKCredentialSupport;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.net.HttpServletRequestResponseContext;
import net.shibboleth.utilities.java.support.security.DataSealer;
import net.shibboleth.utilities.java.support.security.DataSealerException;
import org.apache.commons.codec.binary.Base64;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.storage.StorageService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.core.io.ClassPathResource;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.webflow.executor.FlowExecutionResult;
import org.springframework.webflow.test.MockExternalContext;
import org.testng.Assert;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.BeforeMethod;

@ContextConfiguration(locations = {"classpath*:/META-INF/net.shibboleth.idp/postconfig.xml"})
/* loaded from: input_file:net/shibboleth/idp/plugin/oidc/op/profile/flow/AbstractOidcFlowTest.class */
public abstract class AbstractOidcFlowTest extends AbstractFlowTest {
    public static final String END_STATE_ID = "CommitResponse";
    protected String flowId;
    protected String endStateId;

    @Autowired
    @Qualifier("shibboleth.oidc.TokenSealer")
    private DataSealer dataSealer;

    @Autowired
    @Qualifier("shibboleth.StorageService")
    StorageService storageService;
    RSAPrivateKey rsaPrivateKey;
    RSAPublicKey rsaPublicKey;
    ECKey ecKey;

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractOidcFlowTest(String str) {
        this(str, END_STATE_ID);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractOidcFlowTest(String str, String str2) {
        this.flowId = str;
        this.endStateId = str2;
    }

    @BeforeMethod
    public void initializeMocks() {
        overrideEndStateOutput(this.flowId, this.endStateId);
        this.request = new MockHttpServletRequest();
        this.response = new MockHttpServletResponse();
        this.externalContext = new MockExternalContext();
        this.externalContext.setNativeRequest(this.request);
        this.externalContext.setNativeResponse(this.response);
    }

    @BeforeMethod
    public void initializeThreadLocals() {
        HttpServletRequestResponseContext.loadCurrent(this.request, this.response);
    }

    @BeforeClass
    public void initKeys() throws NoSuchAlgorithmException, JOSEException {
        KeyPair generateNewKeyPair = generateNewKeyPair();
        this.rsaPrivateKey = (RSAPrivateKey) generateNewKeyPair.getPrivate();
        this.rsaPublicKey = (RSAPublicKey) generateNewKeyPair.getPublic();
        this.ecKey = initializeECKey(Curve.P_256, "123");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ECKey initializeECKey(Curve curve, String str) {
        try {
            return new ECKeyGenerator(curve).keyID(str).generate();
        } catch (JOSEException e) {
            Assert.fail();
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public KeyPair generateNewKeyPair() throws NoSuchAlgorithmException {
        return generateNewKeyPair("RSA", 2048);
    }

    protected KeyPair generateNewKeyPair(String str, int i) throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str);
        keyPairGenerator.initialize(i);
        return keyPairGenerator.genKeyPair();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public DataSealer getDataSealer() {
        return this.dataSealer;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Response parseResponse(FlowExecutionResult flowExecutionResult) {
        assertFlowExecutionOutcome(flowExecutionResult.getOutcome(), END_STATE_ID);
        ProfileRequestContext retrieveProfileRequestContext = retrieveProfileRequestContext(flowExecutionResult);
        Assert.assertNotNull(retrieveProfileRequestContext);
        Assert.assertNotNull(retrieveProfileRequestContext.getOutboundMessageContext());
        Object message = retrieveProfileRequestContext.getOutboundMessageContext().getMessage();
        Assert.assertNotNull(message);
        Assert.assertTrue(message instanceof Response);
        return (Response) message;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ErrorResponse parseErrorResponse(FlowExecutionResult flowExecutionResult) {
        ErrorResponse parseResponse = parseResponse(flowExecutionResult);
        Assert.assertFalse(parseResponse.indicatesSuccess());
        Assert.assertTrue(parseResponse instanceof ErrorResponse);
        return parseResponse;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public <AResponseType extends Response> AResponseType parseSuccessResponse(FlowExecutionResult flowExecutionResult, Class<AResponseType> cls) {
        Response parseResponse = parseResponse(flowExecutionResult);
        if (!parseResponse.indicatesSuccess()) {
            return null;
        }
        Assert.assertTrue(cls.isInstance(parseResponse));
        return cls.cast(parseResponse);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertErrorCode(FlowExecutionResult flowExecutionResult, String str) {
        Assert.assertEquals(parseErrorResponse(flowExecutionResult).getErrorObject().getCode(), str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertErrorDescriptionContains(FlowExecutionResult flowExecutionResult, String str) {
        ErrorResponse parseErrorResponse = parseErrorResponse(flowExecutionResult);
        Assert.assertNotNull(parseErrorResponse.getErrorObject().getDescription());
        Assert.assertTrue(parseErrorResponse.getErrorObject().getDescription().contains(str));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setJsonRequest(String str, String str2) {
        setRequest(str, str2, "application/json");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setHttpFormRequest(String str, Map<String, String> map) {
        setHttpFormRequest(this.request, str, map);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void setHttpFormRequest(MockHttpServletRequest mockHttpServletRequest, String str, Map<String, String> map) {
        setRequest(mockHttpServletRequest, str, "", "application/x-www-form-urlencoded");
        mockHttpServletRequest.setParameters(map);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setBasicAuth(String str, String str2) {
        this.request.removeHeader("Authorization");
        this.request.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64(new String(str + ":" + str2).getBytes())));
    }

    protected void setRequest(String str, String str2, String str3) {
        setRequest(this.request, str, str2, str3);
    }

    protected static void setRequest(MockHttpServletRequest mockHttpServletRequest, String str, String str2, String str3) {
        mockHttpServletRequest.setMethod(str);
        mockHttpServletRequest.setContentType(str3);
        mockHttpServletRequest.setContent(str2.getBytes());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void storeMetadata(StorageService storageService, String str, String str2, Scope scope, String... strArr) throws IOException {
        storeMetadata(storageService, str, str2, scope, (JWSAlgorithm) null, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, (JWSAlgorithm) null, (PublicKey) null, strArr);
    }

    protected void storeMetadata(StorageService storageService, String str, String str2, Scope scope, JWSAlgorithm jWSAlgorithm, String... strArr) throws IOException {
        storeMetadata(storageService, str, str2, scope, null, null, null, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, null, null, false, jWSAlgorithm, strArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void storeMetadata(StorageService storageService, String str, String str2, Scope scope, JWSAlgorithm jWSAlgorithm, PublicKey publicKey, String... strArr) throws IOException {
        storeMetadata(storageService, str, str2, scope, null, null, null, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, null, publicKey, false, jWSAlgorithm, strArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void storeMetadata(StorageService storageService, String str, String str2, Scope scope, JWSAlgorithm jWSAlgorithm, PublicKey publicKey, JWEAlgorithm jWEAlgorithm, EncryptionMethod encryptionMethod, String... strArr) throws IOException {
        storeMetadata(storageService, str, str2, scope, null, null, null, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, null, publicKey, false, jWSAlgorithm, jWEAlgorithm, encryptionMethod, strArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void storeMetadata(StorageService storageService, String str, String str2, Scope scope, boolean z, String... strArr) throws IOException {
        storeMetadata(storageService, str, str2, scope, null, null, null, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, null, null, z, null, strArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void storeMetadata(StorageService storageService, String str, String str2, Scope scope, JWSAlgorithm jWSAlgorithm, ClientAuthenticationMethod clientAuthenticationMethod, String... strArr) throws IOException {
        storeMetadata(storageService, str, str2, scope, jWSAlgorithm, clientAuthenticationMethod, (JWSAlgorithm) null, (PublicKey) null, strArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void storeMetadata(StorageService storageService, String str, String str2, Scope scope, JWSAlgorithm jWSAlgorithm, ClientAuthenticationMethod clientAuthenticationMethod, JWSAlgorithm jWSAlgorithm2, String... strArr) throws IOException {
        storeMetadata(storageService, str, str2, scope, jWSAlgorithm, clientAuthenticationMethod, jWSAlgorithm2, (PublicKey) null, strArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void storeMetadata(StorageService storageService, String str, String str2, Scope scope, JWSAlgorithm jWSAlgorithm, ClientAuthenticationMethod clientAuthenticationMethod, JWSAlgorithm jWSAlgorithm2, PublicKey publicKey, String... strArr) throws IOException {
        storeMetadata(storageService, str, str2, scope, jWSAlgorithm, null, null, clientAuthenticationMethod, jWSAlgorithm2, publicKey, strArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void storeMetadata(StorageService storageService, String str, String str2, Scope scope, JWSAlgorithm jWSAlgorithm, JWEAlgorithm jWEAlgorithm, EncryptionMethod encryptionMethod, ClientAuthenticationMethod clientAuthenticationMethod, JWSAlgorithm jWSAlgorithm2, PublicKey publicKey, String... strArr) throws IOException {
        storeMetadata(storageService, str, str2, scope, jWSAlgorithm, jWEAlgorithm, encryptionMethod, clientAuthenticationMethod, jWSAlgorithm2, publicKey, true, null, strArr);
    }

    protected void storeMetadata(StorageService storageService, String str, String str2, Scope scope, JWSAlgorithm jWSAlgorithm, JWEAlgorithm jWEAlgorithm, EncryptionMethod encryptionMethod, ClientAuthenticationMethod clientAuthenticationMethod, JWSAlgorithm jWSAlgorithm2, PublicKey publicKey, boolean z, JWSAlgorithm jWSAlgorithm3, String... strArr) throws IOException {
        storeMetadata(storageService, str, str2, scope, jWSAlgorithm, jWEAlgorithm, encryptionMethod, clientAuthenticationMethod, jWSAlgorithm2, publicKey, z, jWSAlgorithm3, null, null, strArr);
    }

    protected void storeMetadata(StorageService storageService, String str, String str2, Scope scope, JWSAlgorithm jWSAlgorithm, JWEAlgorithm jWEAlgorithm, EncryptionMethod encryptionMethod, ClientAuthenticationMethod clientAuthenticationMethod, JWSAlgorithm jWSAlgorithm2, PublicKey publicKey, boolean z, JWSAlgorithm jWSAlgorithm3, JWEAlgorithm jWEAlgorithm2, EncryptionMethod encryptionMethod2, String... strArr) throws IOException {
        OIDCClientMetadata buildMetadataSkeleton = buildMetadataSkeleton();
        HashSet hashSet = new HashSet();
        if (strArr != null) {
            for (String str3 : strArr) {
                try {
                    hashSet.add(new URI(str3));
                } catch (URISyntaxException e) {
                    throw new IOException(e);
                }
            }
        }
        buildMetadataSkeleton.setRedirectionURIs(hashSet);
        buildMetadataSkeleton.setScope(scope);
        buildMetadataSkeleton.setTokenEndpointAuthJWSAlg(jWSAlgorithm);
        buildMetadataSkeleton.setIDTokenJWEAlg(jWEAlgorithm);
        buildMetadataSkeleton.setIDTokenJWEEnc(encryptionMethod);
        buildMetadataSkeleton.setTokenEndpointAuthMethod(clientAuthenticationMethod);
        buildMetadataSkeleton.setUserInfoJWSAlg(jWSAlgorithm2);
        buildMetadataSkeleton.setRequestObjectJWSAlg(jWSAlgorithm3);
        buildMetadataSkeleton.setRequestObjectJWEAlg(jWEAlgorithm2);
        buildMetadataSkeleton.setRequestObjectJWEEnc(encryptionMethod2);
        if (z) {
            buildMetadataSkeleton.setCustomField("audience", List.of("https://rp.example.org", "https://rp2.example.org", "https://resource.example.org"));
        }
        if (publicKey != null) {
            buildMetadataSkeleton.setJWKSet(buildJWKSet(publicKey));
        }
        storeMetadataObject(storageService, str, str2, buildMetadataSkeleton);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void storeMetadataObject(StorageService storageService, String str, String str2, OIDCClientMetadata oIDCClientMetadata) throws IOException {
        oIDCClientMetadata.setGrantTypes(new HashSet(List.of(GrantType.AUTHORIZATION_CODE, GrantType.REFRESH_TOKEN, GrantType.CLIENT_CREDENTIALS)));
        storageService.create("oidcClientInformation", str, new OIDCClientInformation(new ClientID(str), new Date(), oIDCClientMetadata, str2 != null ? new Secret(str2) : null).toJSONObject().toJSONString(), Long.valueOf(System.currentTimeMillis() + 3600000));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static OIDCClientMetadata buildMetadataSkeleton() {
        OIDCClientMetadata oIDCClientMetadata = new OIDCClientMetadata();
        oIDCClientMetadata.setGrantTypes(new HashSet(List.of(GrantType.AUTHORIZATION_CODE, GrantType.REFRESH_TOKEN, GrantType.CLIENT_CREDENTIALS)));
        HashSet hashSet = new HashSet();
        hashSet.add(new ResponseType(new String[]{"code"}));
        hashSet.add(new ResponseType(new String[]{"id_token"}));
        hashSet.add(new ResponseType(new String[]{"id_token", "token"}));
        hashSet.add(new ResponseType(new String[]{"code", "id_token"}));
        hashSet.add(new ResponseType(new String[]{"code", "token"}));
        hashSet.add(new ResponseType(new String[]{"code", "id_token", "token"}));
        oIDCClientMetadata.setResponseTypes(hashSet);
        return oIDCClientMetadata;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static JWKSet buildJWKSet(PublicKey... publicKeyArr) {
        ArrayList arrayList = new ArrayList();
        for (PublicKey publicKey : publicKeyArr) {
            if (publicKey instanceof RSAPublicKey) {
                arrayList.add(new RSAKey.Builder((RSAPublicKey) publicKey).build());
            } else if (publicKey instanceof ECPublicKey) {
                ECPublicKey eCPublicKey = (ECPublicKey) publicKey;
                arrayList.add(new ECKey.Builder(Curve.forECParameterSpec(eCPublicKey.getParams()), eCPublicKey).build());
            } else {
                Assert.fail();
            }
        }
        return new JWKSet(arrayList);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void removeMetadata(StorageService storageService, String str) throws IOException {
        storageService.delete("oidcClientInformation", str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void storeConsent(StorageService storageService, String str, String str2, String... strArr) throws IOException {
        StringBuilder sb = new StringBuilder("[{\"id\":\"subject-public\"}");
        for (String str3 : strArr) {
            sb.append(",{\"id\":\"" + str3 + "\"}");
        }
        storageService.create("intercept/attribute-release", str + ":" + str2, sb.append("]").toString(), Long.valueOf(System.currentTimeMillis() + 3600000));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String buildJsonForLegacyToken(String str, String str2, Scope scope, String str3, String... strArr) {
        String str4;
        if (strArr == null || strArr.length <= 0) {
            str4 = "";
        } else {
            String str5 = "[\"" + String.join("\",\"", strArr) + "\"]";
            str4 = "\"cnsntd_claims\":" + str5 + ",\"cnsntbl_claims\":" + str5 + ",";
        }
        long epochSecond = Instant.now().getEpochSecond();
        String scope2 = scope.toString();
        long epochSecond2 = Instant.now().plusSeconds(30L).getEpochSecond();
        Instant.now().getEpochSecond();
        this.idGenerator.generateIdentifier();
        return "{\"sub\":\"" + str + "\"," + str4 + "\"iss\":\"https:\\/\\/op.example.org\",\"clid\":\"" + str2 + "\",\"prncpl\":\"jdoe\",\"type\":\"" + str3 + "\",\"nonce\":\"j2hzbXZhqkNh8to0\",\"dl_claims_ui\":{},\"auth_time\":" + epochSecond + ",\"scope\":\"" + str + "\",\"dl_claims\":{},\"redirect_uri\":\"https:\\/\\/example.org\\/cb\",\"exp\":" + scope2 + ",\"iat\":" + epochSecond2 + ",\"jti\":\"" + str + "\"}";
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static SignedJWT createSecretJWT(JWTClaimsSet jWTClaimsSet, String str) throws JOSEException {
        return createSecretJWT(jWTClaimsSet, str, JWSAlgorithm.HS256);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static SignedJWT createSecretJWT(JWTClaimsSet jWTClaimsSet, String str, JWSAlgorithm jWSAlgorithm) {
        SignedJWT signedJWT = new SignedJWT(new JWSHeader(jWSAlgorithm), jWTClaimsSet);
        try {
            signedJWT.sign(new MACSigner(str));
            return signedJWT;
        } catch (JOSEException e) {
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static SignedJWT createPrivateKeyJWT(JWTClaimsSet jWTClaimsSet, RSAPrivateKey rSAPrivateKey) throws JOSEException {
        return createPrivateKeyJWT(jWTClaimsSet, rSAPrivateKey, JWSAlgorithm.RS256);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static SignedJWT createPrivateKeyJWT(JWTClaimsSet jWTClaimsSet, RSAPrivateKey rSAPrivateKey, JWSAlgorithm jWSAlgorithm) throws JOSEException {
        SignedJWT signedJWT = new SignedJWT(new JWSHeader(jWSAlgorithm), jWTClaimsSet);
        signedJWT.sign(new RSASSASigner(rSAPrivateKey));
        return signedJWT;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static SignedJWT createPrivateKeyJWT(JWTClaimsSet jWTClaimsSet, ECPrivateKey eCPrivateKey, JWSAlgorithm jWSAlgorithm) throws JOSEException {
        SignedJWT signedJWT = new SignedJWT(new JWSHeader(jWSAlgorithm), jWTClaimsSet);
        signedJWT.sign(new ECDSASigner(eCPrivateKey));
        return signedJWT;
    }

    protected static EncryptedJWT createEncryptedJWT(String str, JWEAlgorithm jWEAlgorithm, EncryptionMethod encryptionMethod) throws JOSEException, ParseException {
        return createEncryptedJWT(str, jWEAlgorithm, encryptionMethod, loadEncryptionCredential(), null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static EncryptedJWT createEncryptedJWT(String str, JWEAlgorithm jWEAlgorithm, EncryptionMethod encryptionMethod, BasicJWKCredential basicJWKCredential, String str2) throws JOSEException, ParseException {
        return createEncryptedJWT(str, jWEAlgorithm, encryptionMethod, basicJWKCredential, str2, true);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static EncryptedJWT createEncryptedJWT(String str, JWEAlgorithm jWEAlgorithm, EncryptionMethod encryptionMethod, BasicJWKCredential basicJWKCredential, String str2, boolean z) throws JOSEException, ParseException {
        JWEObject jWEObject = new JWEObject(new JWEHeader.Builder(jWEAlgorithm, encryptionMethod).contentType("JWT").keyID(z ? basicJWKCredential.getKid() : null).build(), new Payload(str));
        PublicKey publicKey = basicJWKCredential == null ? null : basicJWKCredential.getPublicKey();
        if ((publicKey instanceof RSAPublicKey) && JWEAlgorithm.Family.RSA.contains(jWEAlgorithm)) {
            jWEObject.encrypt(new RSAEncrypter((RSAPublicKey) publicKey));
        } else if ((publicKey instanceof ECPublicKey) && JWEAlgorithm.Family.ECDH_ES.contains(jWEAlgorithm)) {
            jWEObject.encrypt(new ECDHEncrypter((ECPublicKey) publicKey));
        } else {
            if (str2 == null) {
                Assert.fail("Could not find encrypter for " + jWEAlgorithm);
                return null;
            }
            try {
                jWEObject.encrypt(new AESEncrypter(JWKCredentialSupport.generateSymmetricKey(str2.getBytes("UTF-8"), jWEAlgorithm, encryptionMethod)));
            } catch (UnsupportedEncodingException | JOSEException e) {
                Assert.fail("Could not encrypt with client secret", e);
                return null;
            }
        }
        return EncryptedJWT.parse(jWEObject.serialize());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static BasicJWKCredential loadEncryptionCredential() {
        return loadCredential("/credentials/idp-encryption-rsa.jwk");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static BasicJWKCredential loadRSSigningCredential() {
        return loadCredential("/credentials/idp-signing-rs.jwk");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static BasicJWKCredential loadESSigningCredential() {
        return loadCredential("/credentials/idp-signing-es.jwk");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static BasicJWKCredential loadES384SigningCredential() {
        return loadCredential("/credentials/idp-signing-es384.jwk");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static BasicJWKCredential loadES512SigningCredential() {
        return loadCredential("/credentials/idp-signing-es521.jwk");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static BasicJWKCredential loadCredential(String str) {
        BasicJWKCredentialFactoryBean basicJWKCredentialFactoryBean = new BasicJWKCredentialFactoryBean();
        basicJWKCredentialFactoryBean.setResource(new ClassPathResource(str));
        try {
            basicJWKCredentialFactoryBean.afterPropertiesSet();
            return (BasicJWKCredential) basicJWKCredentialFactoryBean.getObject();
        } catch (Exception e) {
            Assert.fail();
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public BearerAccessToken buildToken(String str, String str2, Scope scope) throws URISyntaxException, NoSuchAlgorithmException, DataSealerException, ComponentInitializationException {
        return buildToken(str, str2, scope, null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public BearerAccessToken buildToken(String str, String str2, Scope scope, ClaimsSet claimsSet) throws URISyntaxException, NoSuchAlgorithmException, DataSealerException, ComponentInitializationException {
        return buildToken(str, str2, scope, claimsSet, null, null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public BearerAccessToken buildToken(String str, String str2, Scope scope, ClaimsSet claimsSet, String str3, String str4) throws URISyntaxException, NoSuchAlgorithmException, DataSealerException, ComponentInitializationException {
        return new BearerAccessToken(new AccessTokenClaimsSet.Builder().setJWTID(str3 == null ? this.idGenerator.generateIdentifier() : str3).setClientID(new ClientID(str)).setIssuer("https://op.example.org").setPrincipal("jdoe").setSubject(str2).setIssuedAt(Instant.now()).setExpiresAt(Instant.now().plusSeconds(30L)).setAuthenticationTime(Instant.now()).setRedirectURI(new URI("https://example.org/cb")).setScope(scope).setDlClaimsUI(claimsSet).setRootTokenIdentifier(str4).build().serialize(getDataSealer()));
    }
}
