package net.shibboleth.idp.plugin.oidc.op.profile.impl;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jwt.SignedJWT;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.TokenRequest;
import com.nimbusds.oauth2.sdk.auth.Secret;
import com.nimbusds.oauth2.sdk.id.Audience;
import com.nimbusds.oauth2.sdk.id.ClientID;
import com.nimbusds.oauth2.sdk.id.Issuer;
import com.nimbusds.oauth2.sdk.id.Subject;
import com.nimbusds.openid.connect.sdk.AuthenticationRequest;
import com.nimbusds.openid.connect.sdk.UserInfoRequest;
import com.nimbusds.openid.connect.sdk.claims.IDTokenClaimsSet;
import com.nimbusds.openid.connect.sdk.claims.UserInfo;
import com.nimbusds.openid.connect.sdk.rp.OIDCClientInformation;
import com.nimbusds.openid.connect.sdk.rp.OIDCClientMetadata;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.time.Duration;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Date;
import java.util.Map;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.Nonnull;
import net.shibboleth.ext.spring.resource.ResourceHelper;
import net.shibboleth.idp.plugin.oidc.op.messaging.context.OIDCAuthenticationResponseContext;
import net.shibboleth.idp.profile.context.RelyingPartyContext;
import net.shibboleth.idp.profile.context.navigate.WebflowRequestContextProfileRequestContextLookup;
import net.shibboleth.idp.profile.testing.RequestContextBuilder;
import net.shibboleth.oidc.metadata.context.OIDCMetadataContext;
import net.shibboleth.oidc.profile.config.impl.DefaultOIDCAuthorizationConfiguration;
import net.shibboleth.oidc.security.credential.BasicJWKCredentialFactoryBean;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.security.DataSealer;
import net.shibboleth.utilities.java.support.security.IdentifierGenerationStrategy;
import net.shibboleth.utilities.java.support.security.impl.BasicKeystoreKeyStrategy;
import net.shibboleth.utilities.java.support.security.impl.SecureRandomIdentifierGenerationStrategy;
import org.opensaml.core.testing.OpenSAMLInitBaseTestCase;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.security.credential.Credential;
import org.opensaml.storage.RevocationCache;
import org.springframework.core.io.ClassPathResource;
import org.springframework.webflow.execution.RequestContext;
import org.testng.annotations.BeforeMethod;

/* loaded from: input_file:net/shibboleth/idp/plugin/oidc/op/profile/impl/BaseOIDCResponseActionTest.class */
public abstract class BaseOIDCResponseActionTest extends OpenSAMLInitBaseTestCase {
    protected RequestContext requestCtx;
    protected OIDCAuthenticationResponseContext respCtx;
    protected OIDCMetadataContext metadataCtx;
    protected AuthenticationRequest request;
    protected RelyingPartyContext rpCtx;
    private DataSealer dataSealer;
    protected ProfileRequestContext profileRequestCtx;
    protected Credential credentialRSA;
    protected Credential credentialEC256;
    protected Credential credentialEC384;
    protected Credential credentialEC521;
    protected Credential credentialHMAC;
    protected final String subject = "generatedSubject";
    protected final String clientId = "s6BhdRkqt3";
    protected final IdentifierGenerationStrategy idGenerator = new SecureRandomIdentifierGenerationStrategy();

    /* loaded from: input_file:net/shibboleth/idp/plugin/oidc/op/profile/impl/BaseOIDCResponseActionTest$MockRevocationCache.class */
    public class MockRevocationCache extends RevocationCache {
        boolean revoke;
        boolean isRevoked;

        public MockRevocationCache(boolean z, boolean z2) {
            this.revoke = z2;
            this.isRevoked = z;
        }

        public void doInitialize() throws ComponentInitializationException {
        }

        public synchronized boolean revoke(@NotEmpty @Nonnull String str, @NotEmpty @Nonnull String str2) {
            return this.revoke;
        }

        public synchronized boolean isRevoked(@NotEmpty @Nonnull String str, @NotEmpty @Nonnull String str2) {
            return this.isRevoked;
        }
    }

    public BaseOIDCResponseActionTest() {
        try {
            BasicJWKCredentialFactoryBean basicJWKCredentialFactoryBean = new BasicJWKCredentialFactoryBean();
            basicJWKCredentialFactoryBean.setResource(new ClassPathResource("credentials/idp-signing-es.jwk"));
            basicJWKCredentialFactoryBean.afterPropertiesSet();
            this.credentialEC256 = (Credential) basicJWKCredentialFactoryBean.getObject();
            BasicJWKCredentialFactoryBean basicJWKCredentialFactoryBean2 = new BasicJWKCredentialFactoryBean();
            basicJWKCredentialFactoryBean2.setResource(new ClassPathResource("credentials/idp-signing-es384.jwk"));
            basicJWKCredentialFactoryBean2.afterPropertiesSet();
            this.credentialEC384 = (Credential) basicJWKCredentialFactoryBean2.getObject();
            BasicJWKCredentialFactoryBean basicJWKCredentialFactoryBean3 = new BasicJWKCredentialFactoryBean();
            basicJWKCredentialFactoryBean3.setResource(new ClassPathResource("credentials/idp-signing-es521.jwk"));
            basicJWKCredentialFactoryBean3.afterPropertiesSet();
            this.credentialEC521 = (Credential) basicJWKCredentialFactoryBean3.getObject();
            BasicJWKCredentialFactoryBean basicJWKCredentialFactoryBean4 = new BasicJWKCredentialFactoryBean();
            basicJWKCredentialFactoryBean4.setResource(new ClassPathResource("credentials/idp-signing-rs.jwk"));
            basicJWKCredentialFactoryBean4.afterPropertiesSet();
            this.credentialRSA = (Credential) basicJWKCredentialFactoryBean4.getObject();
            BasicJWKCredentialFactoryBean basicJWKCredentialFactoryBean5 = new BasicJWKCredentialFactoryBean();
            basicJWKCredentialFactoryBean5.setResource(new ClassPathResource("credentials/idp-signing-dir.jwk"));
            basicJWKCredentialFactoryBean5.afterPropertiesSet();
            this.credentialHMAC = (Credential) basicJWKCredentialFactoryBean5.getObject();
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @BeforeMethod
    public void setUp() throws Exception {
        this.request = AuthenticationRequest.parse("response_type=id_token+token&client_id=s6BhdRkqt3&login_hint=foo&redirect_uri=https%3A%2F%2Fclient.example.org%2Fcb&scope=openid%20email%20profile%20offline_access&state=af0ifjsldkj&nonce=n-0S6_WzA2Mj");
        this.requestCtx = new RequestContextBuilder().setInboundMessage(this.request).buildRequestContext();
        MessageContext messageContext = new MessageContext();
        this.profileRequestCtx = new WebflowRequestContextProfileRequestContextLookup().apply(this.requestCtx);
        this.profileRequestCtx.setOutboundMessageContext(messageContext);
        this.respCtx = new OIDCAuthenticationResponseContext();
        this.profileRequestCtx.getOutboundMessageContext().addSubcontext(this.respCtx);
        this.metadataCtx = this.profileRequestCtx.getInboundMessageContext().addSubcontext(new OIDCMetadataContext());
        this.metadataCtx.setClientInformation(new OIDCClientInformation(new ClientID(this.clientId), new Date(), new OIDCClientMetadata(), new Secret()));
        this.rpCtx = this.profileRequestCtx.getSubcontext(RelyingPartyContext.class, true);
        this.rpCtx.setRelyingPartyId(this.clientId);
        this.respCtx.setSubject(this.subject);
        this.rpCtx.setProfileConfig(new DefaultOIDCAuthorizationConfiguration());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setAuthenticationRequest(AuthenticationRequest authenticationRequest) {
        this.profileRequestCtx.getInboundMessageContext().setMessage(authenticationRequest);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setTokenRequest(TokenRequest tokenRequest) {
        this.profileRequestCtx.getInboundMessageContext().setMessage(tokenRequest);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setUserInfoRequest(UserInfoRequest userInfoRequest) {
        this.profileRequestCtx.getInboundMessageContext().setMessage(userInfoRequest);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setIdTokenToResponseContext(String str, String str2, String str3, Instant instant, Instant instant2) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new Audience(str3));
        this.respCtx.setIDToken(new IDTokenClaimsSet(new Issuer(str), new Subject(str2), arrayList, Date.from(instant), Date.from(instant2)));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void signIdTokenInResponseContext() throws ParseException, JOSEException {
        SignedJWT signedJWT = new SignedJWT(new JWSHeader.Builder(JWSAlgorithm.RS256).keyID("id").build(), this.respCtx.getIDToken().toJWTClaimsSet());
        signedJWT.sign(new RSASSASigner(this.credentialRSA.getPrivateKey()));
        this.respCtx.setProcessedToken(signedJWT);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setUserInfoResponseToResponseContext(String str) {
        this.respCtx.setUserInfo(new UserInfo(new Subject(str)));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void signUserInfoResponseInResponseContext() throws ParseException, JOSEException {
        SignedJWT signedJWT = new SignedJWT(new JWSHeader.Builder(JWSAlgorithm.RS256).keyID("id").build(), this.respCtx.getUserInfo().toJWTClaimsSet());
        signedJWT.sign(new RSASSASigner(this.credentialRSA.getPrivateKey()));
        this.respCtx.setProcessedToken(signedJWT);
    }

    public DataSealer getDataSealer() throws ComponentInitializationException, NoSuchAlgorithmException {
        if (this.dataSealer == null) {
            this.dataSealer = initializeDataSealer();
        }
        return this.dataSealer;
    }

    public static DataSealer initializeDataSealer() throws ComponentInitializationException, NoSuchAlgorithmException {
        BasicKeystoreKeyStrategy basicKeystoreKeyStrategy = new BasicKeystoreKeyStrategy();
        basicKeystoreKeyStrategy.setKeystoreResource(ResourceHelper.of(new ClassPathResource("credentials/sealer.jks")));
        basicKeystoreKeyStrategy.setKeyVersionResource(ResourceHelper.of(new ClassPathResource("credentials/sealer.kver")));
        basicKeystoreKeyStrategy.setKeystorePassword("password");
        basicKeystoreKeyStrategy.setKeyAlias("secret");
        basicKeystoreKeyStrategy.setKeyPassword("password");
        basicKeystoreKeyStrategy.setUpdateInterval(Duration.ZERO);
        basicKeystoreKeyStrategy.initialize();
        DataSealer dataSealer = new DataSealer();
        dataSealer.setKeyStrategy(basicKeystoreKeyStrategy);
        dataSealer.setRandom(SecureRandom.getInstance("SHA1PRNG"));
        dataSealer.initialize();
        return dataSealer;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static <K, V> Map<K, V> addEntryToMap(Map<K, V> map, K k, V v) {
        return (Map) Stream.of((Object[]) new Map[]{map, Map.of(k, v)}).flatMap(map2 -> {
            return map2.entrySet().stream();
        }).collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, (v0) -> {
            return v0.getValue();
        }));
    }
}
