package net.shibboleth.oidc.security.impl;

import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.jwk.Curve;
import com.nimbusds.jose.jwk.KeyUse;
import com.nimbusds.jose.jwk.gen.ECKeyGenerator;
import com.nimbusds.jose.jwk.gen.RSAKeyGenerator;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.util.Date;
import javax.annotation.Nonnull;
import net.shibboleth.oidc.security.impl.support.TestCredentialHelper;
import net.shibboleth.oidc.security.jose.SignatureException;
import net.shibboleth.oidc.security.jose.SignatureSigningParameters;
import org.testng.Assert;
import org.testng.AssertJUnit;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/oidc/security/impl/JWSTokenSignerTest.class */
public class JWSTokenSignerTest {

    @Nonnull
    private static final String CLIENT_SECRET = "Xp2s5v8y/B?E(H+MbQeThWmYq3t6w9z$";
    private JWTClaimsSet claims;
    static final /* synthetic */ boolean $assertionsDisabled;

    @BeforeMethod
    public void setup() throws Exception {
        this.claims = new JWTClaimsSet.Builder().issuer("test-client").audience("test-op").issueTime(new Date()).build();
    }

    @Test
    public void testSignHMAC_Success() throws Exception {
        SignatureSigningParameters signatureSigningParameters = new SignatureSigningParameters();
        signatureSigningParameters.setSigningCredential(TestCredentialHelper.createClientSecretCredential(CLIENT_SECRET).toSigningCredential());
        signatureSigningParameters.setSignatureAlgorithm("HS256");
        JWSTokenSigner jWSTokenSigner = new JWSTokenSigner(signatureSigningParameters);
        Assert.assertNotNull(this.claims);
        if (!$assertionsDisabled && this.claims == null) {
            throw new AssertionError();
        }
        SignedJWT sign = jWSTokenSigner.sign(this.claims, (String) null);
        Assert.assertNotNull(sign);
        Assert.assertNotNull(sign.getSignature());
    }

    @Test(expectedExceptions = {SignatureException.class})
    public void testSignHMAC_WrongAlgorithm_Asymmetric() throws Exception {
        SignatureSigningParameters signatureSigningParameters = new SignatureSigningParameters();
        signatureSigningParameters.setSigningCredential(TestCredentialHelper.createClientSecretCredential(CLIENT_SECRET).toSigningCredential());
        signatureSigningParameters.setSignatureAlgorithm("RS256");
        JWSTokenSigner jWSTokenSigner = new JWSTokenSigner(signatureSigningParameters);
        if (!$assertionsDisabled && this.claims == null) {
            throw new AssertionError();
        }
        jWSTokenSigner.sign(this.claims, (String) null);
    }

    @Test(expectedExceptions = {SignatureException.class})
    public void testSignES256_WrongCredentialType_Asymmetric_RSAKey() throws Exception {
        SignatureSigningParameters signatureSigningParameters = new SignatureSigningParameters();
        signatureSigningParameters.setSigningCredential(TestCredentialHelper.createAsymmetricSigningCredential(new RSAKeyGenerator(2048).keyID("RSA-Mock-Key").keyUse(KeyUse.SIGNATURE).algorithm(new JWSAlgorithm("RS256")).generate()));
        signatureSigningParameters.setSignatureAlgorithm("ES256");
        new JWSTokenSigner(signatureSigningParameters).sign(this.claims, (String) null);
    }

    @Test(expectedExceptions = {SignatureException.class})
    public void testSignRS256_WrongCredentialType_Asymmetric_ECKey() throws Exception {
        SignatureSigningParameters signatureSigningParameters = new SignatureSigningParameters();
        signatureSigningParameters.setSigningCredential(TestCredentialHelper.createAsymmetricSigningCredential(new ECKeyGenerator(Curve.P_256).keyID("EC-Mock-Key").keyUse(KeyUse.SIGNATURE).algorithm(new JWSAlgorithm("ES256")).generate()));
        signatureSigningParameters.setSignatureAlgorithm("RS256");
        new JWSTokenSigner(signatureSigningParameters).sign(this.claims, (String) null);
    }

    @Test(expectedExceptions = {SignatureException.class})
    public void testSignHMAC_WrongCredentialType_Asymmetric_RSAKey() throws Exception {
        SignatureSigningParameters signatureSigningParameters = new SignatureSigningParameters();
        signatureSigningParameters.setSigningCredential(TestCredentialHelper.createAsymmetricSigningCredential(new RSAKeyGenerator(2048).keyID("RSA-Mock-Key").keyUse(KeyUse.SIGNATURE).algorithm(new JWSAlgorithm("RS256")).generate()));
        signatureSigningParameters.setSignatureAlgorithm("HS256");
        new JWSTokenSigner(signatureSigningParameters).sign(this.claims, (String) null);
    }

    @Test
    public void testSignRS256_Success() throws Exception {
        SignatureSigningParameters signatureSigningParameters = new SignatureSigningParameters();
        signatureSigningParameters.setSigningCredential(TestCredentialHelper.createAsymmetricSigningCredential(new RSAKeyGenerator(2048).keyID("RSA-Mock-Key").keyUse(KeyUse.SIGNATURE).algorithm(new JWSAlgorithm("RS256")).generate()));
        signatureSigningParameters.setSignatureAlgorithm("RS256");
        Assert.assertNotNull(this.claims);
        if (!$assertionsDisabled && this.claims == null) {
            throw new AssertionError();
        }
        SignedJWT sign = new JWSTokenSigner(signatureSigningParameters).sign(this.claims, (String) null);
        Assert.assertNotNull(sign);
        Assert.assertNotNull(sign.getSignature());
        Assert.assertTrue(JWSAlgorithm.Family.RSA.contains(sign.getHeader().getAlgorithm()));
    }

    @Test
    public void testSignES256_Success() throws Exception {
        SignatureSigningParameters signatureSigningParameters = new SignatureSigningParameters();
        signatureSigningParameters.setSigningCredential(TestCredentialHelper.createAsymmetricSigningCredential(new ECKeyGenerator(Curve.P_256).keyID("EC-Mock-Key").keyUse(KeyUse.SIGNATURE).algorithm(new JWSAlgorithm("ES256")).generate()));
        signatureSigningParameters.setSignatureAlgorithm("ES256");
        Assert.assertNotNull(this.claims);
        if (!$assertionsDisabled && this.claims == null) {
            throw new AssertionError();
        }
        SignedJWT sign = new JWSTokenSigner(signatureSigningParameters).sign(this.claims, (String) null);
        Assert.assertNotNull(sign);
        Assert.assertNotNull(sign.getSignature());
        AssertJUnit.assertTrue(JWSAlgorithm.Family.EC.contains(sign.getHeader().getAlgorithm()));
    }

    @Test
    public void testSignPS256_Success() throws Exception {
        SignatureSigningParameters signatureSigningParameters = new SignatureSigningParameters();
        signatureSigningParameters.setSigningCredential(TestCredentialHelper.createAsymmetricSigningCredential(new RSAKeyGenerator(2048).keyID("RSA-Mock-Key").keyUse(KeyUse.SIGNATURE).algorithm(new JWSAlgorithm("PS256")).generate()));
        signatureSigningParameters.setSignatureAlgorithm("PS256");
        Assert.assertNotNull(this.claims);
        if (!$assertionsDisabled && this.claims == null) {
            throw new AssertionError();
        }
        SignedJWT sign = new JWSTokenSigner(signatureSigningParameters).sign(this.claims, (String) null);
        Assert.assertNotNull(sign);
        Assert.assertNotNull(sign.getSignature());
        AssertJUnit.assertTrue(JWSAlgorithm.Family.RSA.contains(sign.getHeader().getAlgorithm()));
    }

    @Test(expectedExceptions = {SignatureException.class})
    public void testSignNoCredential_Failure() throws Exception {
        SignatureSigningParameters signatureSigningParameters = new SignatureSigningParameters();
        signatureSigningParameters.setSignatureAlgorithm("PS256");
        Assert.assertNotNull(this.claims);
        if (!$assertionsDisabled && this.claims == null) {
            throw new AssertionError();
        }
        new JWSTokenSigner(signatureSigningParameters).sign(this.claims, (String) null);
    }

    @Test(expectedExceptions = {SignatureException.class})
    public void testSignNoAlgorithm_Failure() throws Exception {
        SignatureSigningParameters signatureSigningParameters = new SignatureSigningParameters();
        signatureSigningParameters.setSigningCredential(TestCredentialHelper.createAsymmetricSigningCredential(new RSAKeyGenerator(2048).keyID("RSA-Mock-Key").keyUse(KeyUse.SIGNATURE).algorithm(new JWSAlgorithm("PS256")).generate()));
        Assert.assertNotNull(this.claims);
        if (!$assertionsDisabled && this.claims == null) {
            throw new AssertionError();
        }
        new JWSTokenSigner(signatureSigningParameters).sign(this.claims, (String) null);
    }

    static {
        $assertionsDisabled = !JWSTokenSignerTest.class.desiredAssertionStatus();
    }
}
