package net.shibboleth.oidc.security.jose.impl;

import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.crypto.impl.ECDSA;
import com.nimbusds.jose.jwk.Curve;
import com.nimbusds.jose.jwk.KeyUse;
import com.nimbusds.jose.jwk.gen.ECKeyGenerator;
import com.nimbusds.jose.jwk.gen.RSAKeyGenerator;
import com.nimbusds.oauth2.sdk.ParseException;
import java.security.PrivateKey;
import java.security.interfaces.ECKey;
import java.util.List;
import net.shibboleth.oidc.security.credential.DefaultClientSecretCredential;
import net.shibboleth.oidc.security.impl.support.TestCredentialHelper;
import net.shibboleth.oidc.security.jose.SignatureSigningParameters;
import net.shibboleth.oidc.security.jose.criterion.SignatureSigningConfigurationCriterion;
import net.shibboleth.shared.collection.CollectionSupport;
import net.shibboleth.shared.resolver.CriteriaSet;
import org.opensaml.core.config.InitializationException;
import org.opensaml.security.credential.Credential;
import org.opensaml.xmlsec.config.GlobalAlgorithmRegistryInitializer;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/oidc/security/jose/impl/BasicSignatureSigningParametersResolverTest.class */
public class BasicSignatureSigningParametersResolverTest {
    private BasicSignatureSigningParametersResolver resolver;
    static final /* synthetic */ boolean $assertionsDisabled;

    @BeforeMethod
    public void setup() throws Exception {
        this.resolver = new BasicSignatureSigningParametersResolver();
        try {
            new GlobalAlgorithmRegistryInitializer().init();
        } catch (InitializationException e) {
            Assert.fail();
        }
    }

    private CriteriaSet buildCriteria(List<String> list, List<Credential> list2) throws ParseException {
        CriteriaSet criteriaSet = new CriteriaSet();
        BasicSignatureSigningConfiguration basicSignatureSigningConfiguration = new BasicSignatureSigningConfiguration();
        basicSignatureSigningConfiguration.setSignatureAlgorithms(list);
        basicSignatureSigningConfiguration.setSigningCredentials(list2);
        criteriaSet.add(new SignatureSigningConfigurationCriterion(CollectionSupport.singletonList(basicSignatureSigningConfiguration)));
        return criteriaSet;
    }

    @Test
    public void testResolveSuccess_HS256() throws Exception {
        Iterable resolve = this.resolver.resolve(buildCriteria(List.of("HS256"), List.of(new DefaultClientSecretCredential("fUjXn2r5u8x/A?D(G+KbPeShVkYp3s6v").toSigningCredential())));
        Assert.assertNotNull(resolve);
        Assert.assertTrue(resolve.iterator().hasNext());
        Credential signingCredential = ((SignatureSigningParameters) resolve.iterator().next()).getSigningCredential();
        if (!$assertionsDisabled && signingCredential == null) {
            throw new AssertionError();
        }
        Assert.assertNotNull(signingCredential.getSecretKey());
    }

    @Test
    public void testResolveFail_HS512_KeySizeToSmall() throws Exception {
        Iterable resolve = this.resolver.resolve(buildCriteria(List.of("HS512"), List.of(new DefaultClientSecretCredential("a").toSigningCredential())));
        Assert.assertNotNull(resolve);
        Assert.assertFalse(resolve.iterator().hasNext());
    }

    @Test
    public void testResolveSuccess_PS256() throws Exception {
        Iterable resolve = this.resolver.resolve(buildCriteria(List.of("PS256"), List.of(TestCredentialHelper.createAsymmetricSigningCredential(new RSAKeyGenerator(2048).keyID("1").keyUse(KeyUse.SIGNATURE).generate()))));
        Assert.assertNotNull(resolve);
        Assert.assertTrue(resolve.iterator().hasNext());
        Credential signingCredential = ((SignatureSigningParameters) resolve.iterator().next()).getSigningCredential();
        if (!$assertionsDisabled && signingCredential == null) {
            throw new AssertionError();
        }
        PrivateKey privateKey = signingCredential.getPrivateKey();
        if (!$assertionsDisabled && privateKey == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(privateKey.getAlgorithm(), "RSA");
    }

    @Test
    public void testResolveSuccess_RS256() throws Exception {
        Iterable resolve = this.resolver.resolve(buildCriteria(List.of("RS256"), List.of(TestCredentialHelper.createAsymmetricSigningCredential(new RSAKeyGenerator(2048).keyID("1").keyUse(KeyUse.SIGNATURE).generate()))));
        Assert.assertNotNull(resolve);
        Assert.assertTrue(resolve.iterator().hasNext());
        Credential signingCredential = ((SignatureSigningParameters) resolve.iterator().next()).getSigningCredential();
        if (!$assertionsDisabled && signingCredential == null) {
            throw new AssertionError();
        }
        PrivateKey privateKey = signingCredential.getPrivateKey();
        if (!$assertionsDisabled && privateKey == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(privateKey.getAlgorithm(), "RSA");
    }

    @Test
    public void testResolveSuccess_ES256() throws Exception {
        Iterable resolve = this.resolver.resolve(buildCriteria(List.of("ES256"), List.of(TestCredentialHelper.createAsymmetricSigningCredential(new ECKeyGenerator(Curve.P_256).keyID("1").keyUse(KeyUse.SIGNATURE).generate()))));
        Assert.assertNotNull(resolve);
        Assert.assertTrue(resolve.iterator().hasNext());
        Credential signingCredential = ((SignatureSigningParameters) resolve.iterator().next()).getSigningCredential();
        if (!$assertionsDisabled && signingCredential == null) {
            throw new AssertionError();
        }
        PrivateKey privateKey = signingCredential.getPrivateKey();
        if (!$assertionsDisabled && privateKey == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(privateKey.getAlgorithm(), "EC");
    }

    @Test
    public void testResolveSuccess_Two_ES512_ChooseCorrectCurve() throws Exception {
        Iterable resolve = this.resolver.resolve(buildCriteria(List.of("ES512"), List.of(TestCredentialHelper.createAsymmetricSigningCredential(new ECKeyGenerator(Curve.P_256).keyID("1").keyUse(KeyUse.SIGNATURE).generate()), TestCredentialHelper.createAsymmetricSigningCredential(new ECKeyGenerator(Curve.P_521).keyID("2").keyUse(KeyUse.SIGNATURE).generate()))));
        Assert.assertNotNull(resolve);
        Assert.assertTrue(resolve.iterator().hasNext());
        SignatureSigningParameters signatureSigningParameters = (SignatureSigningParameters) resolve.iterator().next();
        Assert.assertNotNull(signatureSigningParameters.getSigningCredential());
        Credential signingCredential = signatureSigningParameters.getSigningCredential();
        if (!$assertionsDisabled && signingCredential == null) {
            throw new AssertionError();
        }
        PrivateKey privateKey = signingCredential.getPrivateKey();
        if (!$assertionsDisabled && privateKey == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(privateKey.getAlgorithm(), "EC");
        Assert.assertTrue(signingCredential.getPrivateKey() instanceof ECKey);
        ECKey eCKey = (ECKey) signingCredential.getPrivateKey();
        if (!$assertionsDisabled && eCKey == null) {
            throw new AssertionError();
        }
        Assert.assertEquals(ECDSA.resolveAlgorithm(Curve.forECParameterSpec(eCKey.getParams())), JWSAlgorithm.parse(signatureSigningParameters.getSignatureAlgorithm()), "Chosen EC key is not compatible with chose signature algorithm");
    }

    @Test
    public void testResolveFail_NoSupportedAlgs() throws Exception {
        Iterable resolve = this.resolver.resolve(buildCriteria(CollectionSupport.emptyList(), List.of(TestCredentialHelper.createAsymmetricSigningCredential(new ECKeyGenerator(Curve.P_256).keyID("1").keyUse(KeyUse.SIGNATURE).generate()))));
        Assert.assertNotNull(resolve);
        Assert.assertFalse(resolve.iterator().hasNext());
    }

    static {
        $assertionsDisabled = !BasicSignatureSigningParametersResolverTest.class.desiredAssertionStatus();
    }
}
