package net.shibboleth.idp.plugin.authn.duo.impl;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.PlainHeader;
import com.nimbusds.jose.crypto.MACSigner;
import com.nimbusds.jose.util.Base64URL;
import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.PlainJWT;
import com.nimbusds.jwt.SignedJWT;
import java.text.ParseException;
import java.time.Instant;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.idp.authn.AuthenticationFlowDescriptor;
import net.shibboleth.idp.authn.context.AuthenticationContext;
import net.shibboleth.idp.plugin.authn.duo.DefaultDuoOIDCIntegration;
import net.shibboleth.idp.plugin.authn.duo.context.DuoOIDCAuthenticationContext;
import net.shibboleth.idp.profile.context.navigate.WebflowRequestContextProfileRequestContextLookup;
import net.shibboleth.idp.profile.testing.RequestContextBuilder;
import net.shibboleth.utilities.java.support.codec.Base64Support;
import net.shibboleth.utilities.java.support.codec.EncodingException;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import org.opensaml.profile.context.EventContext;
import org.opensaml.profile.context.ProfileRequestContext;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;
import org.testng.Assert;

/* loaded from: input_file:net/shibboleth/idp/plugin/authn/duo/impl/AbstractDuoActionTest.class */
public abstract class AbstractDuoActionTest {
    protected static final String CLIENT_ID = "DIU6GEFWG5LIUBVV2M3P";
    protected static final String REDIRECT_URI = "http://localhost/";
    protected static final String API_HOST = "api.duosecurity.com";
    protected static final String AUTHORIZE_URI = "/authorize";
    protected static final String TOKEN_URI = "/token";
    protected static final String HEALTH_URI = "/health";
    protected static final String SECRET = "rFvDfPul27v3Wew2zb6xRPzAJewJ34MP2w8UitPh";
    protected RequestContext src;
    protected ProfileRequestContext prc;
    protected AuthenticationContext ac;
    protected DuoOIDCAuthenticationContext dc;

    public void setup() throws ComponentInitializationException {
        this.src = new RequestContextBuilder().buildRequestContext();
        this.prc = new WebflowRequestContextProfileRequestContextLookup().apply(this.src);
        this.ac = new AuthenticationContext();
        this.prc.addSubcontext(this.ac);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public JWT createPlainDummyToken(@Nonnull String str, @Nonnull String str2, @Nonnull String str3, @Nonnull Instant instant, @Nonnull Instant instant2, @Nonnull Instant instant3, @Nonnull String str4, @Nonnull String str5) {
        try {
            PlainJWT plainJWT = new PlainJWT(new PlainHeader().toBase64URL(), new Base64URL(Base64Support.encodeURLSafe(createJWTJson(str, str2, str3, instant, instant2, instant3, str4, str5).getBytes())));
            plainJWT.getJWTClaimsSet();
            return plainJWT;
        } catch (EncodingException | ParseException e) {
            Assert.fail("Error creating the Mock JWT", e);
            Assert.fail();
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public JWT createPlainDummyTokenNoAuthResult(@Nonnull String str, @Nonnull String str2, @Nonnull String str3, @Nonnull Instant instant, @Nonnull Instant instant2, @Nonnull Instant instant3, @Nonnull String str4, @Nonnull String str5) {
        try {
            PlainJWT plainJWT = new PlainJWT(new PlainHeader().toBase64URL(), new Base64URL(Base64Support.encodeURLSafe(createJWTJsonWithNoAuthResult(str, str2, str3, instant, instant2, instant3, str4, str5).getBytes())));
            plainJWT.getJWTClaimsSet();
            return plainJWT;
        } catch (EncodingException | ParseException e) {
            Assert.fail("Error creating the Mock JWT", e);
            Assert.fail();
            return null;
        }
    }

    protected JWT createPlainDummyToken(@Nonnull String str, @Nonnull String str2, @Nonnull Instant instant, @Nonnull Instant instant2, @Nonnull String str3, @Nonnull String str4) {
        try {
            PlainJWT plainJWT = new PlainJWT(new PlainHeader().toBase64URL(), new Base64URL(Base64Support.encodeURLSafe(createJWTJsonMissingAudAndExpClaims(str, str2, instant, instant2, str3, str4).getBytes())));
            plainJWT.getJWTClaimsSet();
            return plainJWT;
        } catch (EncodingException | ParseException e) {
            Assert.fail("Error creating the Mock JWT", e);
            Assert.fail();
            return null;
        }
    }

    protected JWT createPlainDummyToken(@Nonnull String str, @Nonnull String str2, @Nonnull String str3, @Nonnull Instant instant, @Nonnull Instant instant2, @Nonnull Instant instant3, @Nonnull Instant instant4, @Nonnull String str4, @Nonnull String str5) {
        try {
            PlainJWT plainJWT = new PlainJWT(new PlainHeader().toBase64URL(), new Base64URL(Base64Support.encodeURLSafe(createJWTJsonWithNbf(str, str2, str3, instant, instant2, instant3, instant4, str4, str5).getBytes())));
            plainJWT.getJWTClaimsSet();
            return plainJWT;
        } catch (EncodingException | ParseException e) {
            Assert.fail("Error creating the Mock JWT", e);
            Assert.fail();
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public JWT createSignedDummyToken(@Nonnull String str, @Nonnull String str2, @Nonnull String str3, @Nonnull String str4, @Nonnull String str5, @Nonnull Instant instant, @Nonnull Instant instant2, @Nonnull Instant instant3, @Nonnull String str6, @Nonnull String str7) {
        String createJWTJson = createJWTJson(str3, str4, str5, instant, instant2, instant3, str6, str7);
        try {
            MACSigner mACSigner = new MACSigner(str2);
            SignedJWT signedJWT = new SignedJWT(JWSHeader.parse(str), JWTClaimsSet.parse(createJWTJson));
            signedJWT.sign(mACSigner);
            signedJWT.getJWTClaimsSet();
            return signedJWT;
        } catch (ParseException | JOSEException e) {
            Assert.fail("Error creating the Mock JWT", e);
            Assert.fail();
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public JWT createSignedDummyTokenFromGivenSignature(@Nonnull String str, @Nonnull String str2, @Nonnull String str3, @Nonnull String str4, @Nonnull String str5, @Nonnull Instant instant, @Nonnull Instant instant2, @Nonnull Instant instant3, @Nonnull String str6, @Nonnull String str7) {
        try {
            SignedJWT signedJWT = new SignedJWT(new Base64URL(Base64Support.encodeURLSafe(str.getBytes())), new Base64URL(Base64Support.encodeURLSafe(createJWTJson(str3, str4, str5, instant, instant2, instant3, str6, str7).getBytes())), new Base64URL(str2));
            signedJWT.getJWTClaimsSet();
            return signedJWT;
        } catch (ParseException | EncodingException e) {
            Assert.fail("Error creating the Mock JWT", e);
            Assert.fail();
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public JWT createUnsignedSignedDummyToken(@Nonnull String str, @Nonnull String str2, @Nonnull String str3, @Nonnull String str4, @Nonnull Instant instant, @Nonnull Instant instant2, @Nonnull Instant instant3, @Nonnull String str5, @Nonnull String str6) {
        try {
            SignedJWT signedJWT = new SignedJWT(JWSHeader.parse(str), JWTClaimsSet.parse(createJWTJson(str2, str3, str4, instant, instant2, instant3, str5, str6)));
            signedJWT.getJWTClaimsSet();
            return signedJWT;
        } catch (ParseException e) {
            Assert.fail("Error creating the Mock JWT", e);
            Assert.fail();
            return null;
        }
    }

    private String createJWTJson(@Nonnull String str, @Nonnull String str2, @Nonnull String str3, @Nonnull Instant instant, @Nonnull Instant instant2, @Nonnull Instant instant3, @Nonnull String str4, @Nonnull String str5) {
        return "{\n    \"iss\": \"https://" + str4 + "/oauth/v1/token\",\n    \"sub\": \"jdoe\",\n    \"preferred_username\": \"jdoe\",\n    \"aud\": \"" + str3 + "\",\n    \"exp\": " + Math.toIntExact(instant.getEpochSecond()) + ",\n    \"iat\": " + instant2.getEpochSecond() + ",\n    \"auth_time\": " + str4 + ",\n    \"auth_result\": {\n        \"status_msg\": \"" + instant3.getEpochSecond() + "\",\n        \"status\": \"" + str4 + "\",\n        \"result\": \"" + str2 + "\"\n    },\n    \"auth_context\": {\n        \"result\": \"success\",\n        \"timestamp\": 1599749128,\n        \"auth_device\": {\n            \"ip\": \"82.17.89.232\",\n            \"name\": \"+44 7852 119881\",\n            \"location\": {\n                \"state\": \"Wales\",\n                \"city\": \"Cardiff\",\n                \"country\": \"United Kingdom\"\n            }\n        },\n        \"txid\": \"1684599c-bb16-4250-af85-904291bfe7cc\",\n        \"event_type\": \"authentication\",\n        \"reason\": \"user_approved\",\n        \"access_device\": {\n            \"hostname\": null,\n            \"ip\": \"82.17.89.232\",\n            \"location\": {\n                \"state\": \"Wales\",\n                \"city\": \"Cardiff\",\n                \"country\": \"United Kingdom\"\n            }\n        },\n        \"application\": {\n            \"key\": \"DIU6GEFWG5LIUTVV2M3N\",\n            \"name\": \"Shibboleth Integration Testing\"\n        },\n        \"factor\": \"" + str + "\",\n        \"user\": {\n            \"key\": \"DUGL8U46QGJSOUJWG59W\",\n            \"name\": \"philsmart\"\n        }\n    }\n}";
    }

    private String createJWTJsonWithNoAuthResult(@Nonnull String str, @Nonnull String str2, @Nonnull String str3, @Nonnull Instant instant, @Nonnull Instant instant2, @Nonnull Instant instant3, @Nonnull String str4, @Nonnull String str5) {
        return "{\n    \"iss\": \"https://" + str4 + "/oauth/v1/token\",\n    \"sub\": \"jdoe\",\n    \"preferred_username\": \"jdoe\",\n    \"aud\": \"" + str3 + "\",\n    \"exp\": " + Math.toIntExact(instant.getEpochSecond()) + ",\n    \"iat\": " + instant2.getEpochSecond() + ",\n    \"auth_time\": " + str4 + ",\n    \"auth_context\": {\n        \"result\": \"success\",\n        \"timestamp\": 1599749128,\n        \"auth_device\": {\n            \"ip\": \"82.17.89.232\",\n            \"name\": \"+44 7852 119881\",\n            \"location\": {\n                \"state\": \"Wales\",\n                \"city\": \"Cardiff\",\n                \"country\": \"United Kingdom\"\n            }\n        },\n        \"txid\": \"1684599c-bb16-4250-af85-904291bfe7cc\",\n        \"event_type\": \"authentication\",\n        \"reason\": \"user_approved\",\n        \"access_device\": {\n            \"hostname\": null,\n            \"ip\": \"82.17.89.232\",\n            \"location\": {\n                \"state\": \"Wales\",\n                \"city\": \"Cardiff\",\n                \"country\": \"United Kingdom\"\n            }\n        },\n        \"application\": {\n            \"key\": \"DIU6GEFWG5LIUTVV2M3N\",\n            \"name\": \"Shibboleth Integration Testing\"\n        },\n        \"factor\": \"" + instant3.getEpochSecond() + "\",\n        \"user\": {\n            \"key\": \"DUGL8U46QGJSOUJWG59W\",\n            \"name\": \"philsmart\"\n        }\n    }\n}";
    }

    private String createJWTJsonMissingAudAndExpClaims(@Nonnull String str, @Nonnull String str2, @Nonnull Instant instant, @Nonnull Instant instant2, @Nonnull String str3, @Nonnull String str4) {
        return "{\n    \"iss\": \"https://" + str3 + "/oauth/v1/token\",\n    \"sub\": \"jdoe\",\n    \"preferred_username\": \"jdoe\",\n    \"iat\": " + instant.getEpochSecond() + ",\n    \"auth_time\": " + str3 + ",\n    \"auth_result\": {\n        \"status_msg\": \"" + instant2.getEpochSecond() + "\",\n        \"status\": \"" + str3 + "\",\n        \"result\": \"" + str2 + "\"\n    },\n    \"auth_context\": {\n        \"result\": \"success\",\n        \"timestamp\": 1599749128,\n        \"auth_device\": {\n            \"ip\": \"82.17.89.232\",\n            \"name\": \"+44 7852 119881\",\n            \"location\": {\n                \"state\": \"Wales\",\n                \"city\": \"Cardiff\",\n                \"country\": \"United Kingdom\"\n            }\n        },\n        \"txid\": \"1684599c-bb16-4250-af85-904291bfe7cc\",\n        \"event_type\": \"authentication\",\n        \"reason\": \"user_approved\",\n        \"access_device\": {\n            \"hostname\": null,\n            \"ip\": \"82.17.89.232\",\n            \"location\": {\n                \"state\": \"Wales\",\n                \"city\": \"Cardiff\",\n                \"country\": \"United Kingdom\"\n            }\n        },\n        \"application\": {\n            \"key\": \"DIU6GEFWG5LIUTVV2M3N\",\n            \"name\": \"Shibboleth Integration Testing\"\n        },\n        \"factor\": \"" + str + "\",\n        \"user\": {\n            \"key\": \"DUGL8U46QGJSOUJWG59W\",\n            \"name\": \"philsmart\"\n        }\n    }\n}";
    }

    private String createJWTJsonWithNbf(@Nonnull String str, @Nonnull String str2, @Nonnull String str3, @Nonnull Instant instant, @Nonnull Instant instant2, @Nonnull Instant instant3, @Nonnull Instant instant4, @Nonnull String str4, @Nonnull String str5) {
        int intExact = Math.toIntExact(instant4.getEpochSecond());
        return "{\n    \"nbf\": " + intExact + ",\n    \"iss\": \"https://" + str4 + "/oauth/v1/token\",\n    \"sub\": \"jdoe\",\n    \"preferred_username\": \"jdoe\",\n    \"aud\": \"" + str3 + "\",\n    \"exp\": " + Math.toIntExact(instant.getEpochSecond()) + ",\n    \"iat\": " + instant2.getEpochSecond() + ",\n    \"auth_time\": " + intExact + ",\n    \"auth_result\": {\n        \"status_msg\": \"" + instant3.getEpochSecond() + "\",\n        \"status\": \"" + intExact + "\",\n        \"result\": \"" + str2 + "\"\n    },\n    \"auth_context\": {\n        \"result\": \"success\",\n        \"timestamp\": 1599749128,\n        \"auth_device\": {\n            \"ip\": \"82.17.89.232\",\n            \"name\": \"+44 7852 119881\",\n            \"location\": {\n                \"state\": \"Wales\",\n                \"city\": \"Cardiff\",\n                \"country\": \"United Kingdom\"\n            }\n        },\n        \"txid\": \"1684599c-bb16-4250-af85-904291bfe7cc\",\n        \"event_type\": \"authentication\",\n        \"reason\": \"user_approved\",\n        \"access_device\": {\n            \"hostname\": null,\n            \"ip\": \"82.17.89.232\",\n            \"location\": {\n                \"state\": \"Wales\",\n                \"city\": \"Cardiff\",\n                \"country\": \"United Kingdom\"\n            }\n        },\n        \"application\": {\n            \"key\": \"DIU6GEFWG5LIUTVV2M3N\",\n            \"name\": \"Shibboleth Integration Testing\"\n        },\n        \"factor\": \"" + str + "\",\n        \"user\": {\n            \"key\": \"DUGL8U46QGJSOUJWG59W\",\n            \"name\": \"philsmart\"\n        }\n    }\n}";
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addAttemptedFlow(@Nonnull String str) {
        Assert.assertNotNull(str);
        AuthenticationFlowDescriptor authenticationFlowDescriptor = new AuthenticationFlowDescriptor();
        authenticationFlowDescriptor.setId(str);
        this.ac.setAttemptedFlow(authenticationFlowDescriptor);
    }

    protected void assertEventIdFromProfileRequestContext(@Nonnull String str) {
        Object event = this.prc.getSubcontext(EventContext.class, true).getEvent();
        Assert.assertNotNull(event);
        Assert.assertTrue(event instanceof String, "Event is not a string is: " + event.getClass());
        Assert.assertEquals(str, (String) event);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertEventId(@Nullable Event event, @Nonnull String str) {
        Assert.assertNotNull(event);
        Assert.assertEquals(event.getId(), str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addDuoContext() {
        this.dc = new DuoOIDCAuthenticationContext();
        this.dc.setUsername("jdoe");
        this.ac.addSubcontext(this.dc);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addDuoIntegrationToContext() {
        Assert.assertNotNull(this.dc, "try addDuoContext() before adding the duo integration");
        this.dc.setIntegration(createDummyDuoIntegration());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Nonnull
    public DefaultDuoOIDCIntegration createDummyDuoIntegration() {
        DefaultDuoOIDCIntegration defaultDuoOIDCIntegration = new DefaultDuoOIDCIntegration();
        defaultDuoOIDCIntegration.setAPIHost(API_HOST);
        defaultDuoOIDCIntegration.setClientId(CLIENT_ID);
        defaultDuoOIDCIntegration.setRegisteredRedirectURI(REDIRECT_URI);
        defaultDuoOIDCIntegration.setSecretKey(SECRET);
        defaultDuoOIDCIntegration.setAuthorizeEndpoint(AUTHORIZE_URI);
        defaultDuoOIDCIntegration.setTokenEndpoint(TOKEN_URI);
        defaultDuoOIDCIntegration.setHealthCheckEndpoint(HEALTH_URI);
        return defaultDuoOIDCIntegration;
    }
}
