package net.shibboleth.idp.plugin.authn.duo.impl;

import com.nimbusds.jose.JWSAlgorithm;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import net.shibboleth.idp.plugin.authn.duo.DuoOIDCIntegration;
import net.shibboleth.shared.codec.EncodingException;
import net.shibboleth.shared.component.ComponentInitializationException;
import net.shibboleth.shared.logic.ConstraintViolationException;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/plugin/authn/duo/impl/ValidateTokenSignatureTest.class */
public class ValidateTokenSignatureTest extends AbstractDuoActionTest {
    private ValidateTokenSignature action;
    static final /* synthetic */ boolean $assertionsDisabled;

    @BeforeMethod
    public void setUp() throws Exception {
        super.setup();
        this.action = new ValidateTokenSignature();
        this.action.setSignatureAlgorithm(JWSAlgorithm.HS256);
    }

    @Test
    public final void testNoneSignature() throws ComponentInitializationException {
        addDuoContext();
        addDuoIntegrationToContext();
        addAttemptedFlow("authn/DuoOIDC");
        this.dc.setAuthToken(createPlainDummyToken("allow", "Login Succesful", "DIU6GEFWG5LIUBVV2M3P", Instant.now().plus(1L, (TemporalUnit) ChronoUnit.MINUTES), Instant.now(), Instant.now(), "api.duosecurity.com", "duo_push"));
        this.action.initialize();
        assertEventId(this.action.execute(this.src), "NoCredentials");
    }

    @Test
    public final void testUnsuportedSignature() throws ComponentInitializationException, EncodingException {
        addDuoContext();
        addDuoIntegrationToContext();
        addAttemptedFlow("authn/DuoOIDC");
        this.dc.setAuthToken(createUnsignedSignedDummyToken("{\"typ\": \"JWT\",\"alg\": \"RS256\"}", "allow", "Login Succesful", "DIU6GEFWG5LIUBVV2M3P", Instant.now().plus(1L, (TemporalUnit) ChronoUnit.MINUTES), Instant.now(), Instant.now(), "api.duosecurity.com", "duo_push"));
        this.action.initialize();
        assertEventId(this.action.execute(this.src), "NoCredentials");
    }

    @Test
    public final void testValidSignature() throws ComponentInitializationException, EncodingException {
        addDuoContext();
        addDuoIntegrationToContext();
        addAttemptedFlow("authn/DuoOIDC");
        DuoOIDCIntegration integration = this.dc.getIntegration();
        Assert.assertNotNull(integration);
        if (!$assertionsDisabled && integration == null) {
            throw new AssertionError();
        }
        this.dc.setAuthToken(createSignedDummyToken("{\"typ\": \"JWT\",\"alg\": \"HS256\"}", integration.getSecretKey(), "allow", "Login Succesful", "DIU6GEFWG5LIUBVV2M3P", Instant.now().plus(1L, (TemporalUnit) ChronoUnit.MINUTES), Instant.now(), Instant.now(), "api.duosecurity.com", "duo_push"));
        this.action.initialize();
        Assert.assertNull(this.action.execute(this.src));
    }

    @Test
    public final void testInvalidSignature() throws ComponentInitializationException, EncodingException {
        addDuoContext();
        addDuoIntegrationToContext();
        addAttemptedFlow("authn/DuoOIDC");
        this.dc.setAuthToken(createSignedDummyTokenFromGivenSignature("{\"typ\": \"JWT\",\"alg\": \"HS256\"}", "dGhpc2lzbm90Z29pbmd0b3dvcms=", "allow", "Login Succesful", "DIU6GEFWG5LIUBVV2M3P", Instant.now().plus(1L, (TemporalUnit) ChronoUnit.MINUTES), Instant.now(), Instant.now(), "api.duosecurity.com", "duo_push"));
        this.action.initialize();
        assertEventId(this.action.execute(this.src), "NoCredentials");
    }

    @Test
    public final void testSignatureNotPresent() throws ComponentInitializationException, EncodingException {
        addDuoContext();
        addDuoIntegrationToContext();
        addAttemptedFlow("authn/DuoOIDC");
        this.dc.setAuthToken(createUnsignedSignedDummyToken("{\"typ\": \"JWT\",\"alg\": \"HS256\"}", "allow", "Login Succesful", "DIU6GEFWG5LIUBVV2M3P", Instant.now().plus(1L, (TemporalUnit) ChronoUnit.MINUTES), Instant.now(), Instant.now(), "api.duosecurity.com", "duo_push"));
        this.action.initialize();
        assertEventId(this.action.execute(this.src), "NoCredentials");
    }

    @Test(expectedExceptions = {ConstraintViolationException.class})
    public final void testSetUnsupportedSignatureAlgorithm() {
        this.action.setSignatureAlgorithm(JWSAlgorithm.RS256);
    }

    static {
        $assertionsDisabled = !ValidateTokenSignatureTest.class.desiredAssertionStatus();
    }
}
