package net.shibboleth.idp.plugin.authn.oidc.rp.messaging;

import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWEHeader;
import com.nimbusds.jose.JWEObject;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.crypto.ECDSASigner;
import com.nimbusds.jose.crypto.RSAEncrypter;
import com.nimbusds.jose.jwk.Curve;
import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jose.jwk.KeyUse;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jose.jwk.gen.ECKeyGenerator;
import com.nimbusds.jose.jwk.gen.RSAKeyGenerator;
import com.nimbusds.jwt.EncryptedJWT;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.time.Instant;
import java.util.Date;
import org.testng.Assert;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/plugin/authn/oidc/rp/messaging/JWTUserInfoResponseTest.class */
public class JWTUserInfoResponseTest {
    @Test
    public void testSignedJwt() throws Exception {
        ECKey generate = new ECKeyGenerator(Curve.P_256).keyID("123").generate();
        SignedJWT signedJWT = new SignedJWT(new JWSHeader.Builder(JWSAlgorithm.ES256).type(JOSEObjectType.JWT).keyID(generate.getKeyID()).build(), new JWTClaimsSet.Builder().issuer("issuer").audience("rp-proxy").subject("jdoe").expirationTime(Date.from(Instant.now().plusSeconds(120L))).build());
        signedJWT.sign(new ECDSASigner(generate.toECPrivateKey()));
        JWTUserInfoResponse jWTUserInfoResponse = new JWTUserInfoResponse(signedJWT);
        Assert.assertTrue(jWTUserInfoResponse.isClaimsSetAvailable());
        Assert.assertNotNull(jWTUserInfoResponse.getClaimsSet());
        Assert.assertEquals(jWTUserInfoResponse.getClaimsSet().getStringClaim("sub"), "jdoe");
    }

    @Test
    public void testEncryptedJwt() throws Exception {
        ECKey generate = new ECKeyGenerator(Curve.P_256).keyID("1").generate();
        RSAKey generate2 = new RSAKeyGenerator(2048).keyID("2").keyUse(KeyUse.ENCRYPTION).generate();
        SignedJWT signedJWT = new SignedJWT(new JWSHeader.Builder(JWSAlgorithm.ES256).type(JOSEObjectType.JWT).keyID(generate.getKeyID()).build(), new JWTClaimsSet.Builder().issuer("issuer").audience("rp-proxy").subject("jdoe").expirationTime(Date.from(Instant.now().plusSeconds(120L))).build());
        signedJWT.sign(new ECDSASigner(generate.toECPrivateKey()));
        JWEObject jWEObject = new JWEObject(new JWEHeader.Builder(JWEAlgorithm.RSA_OAEP_256, EncryptionMethod.A256GCM).contentType("JWT").build(), new Payload(signedJWT));
        jWEObject.encrypt(new RSAEncrypter(generate2.toPublicJWK()));
        JWTUserInfoResponse jWTUserInfoResponse = new JWTUserInfoResponse(EncryptedJWT.parse(jWEObject.serialize()));
        Assert.assertFalse(jWTUserInfoResponse.isClaimsSetAvailable());
        Assert.assertNull(jWTUserInfoResponse.getClaimsSet());
        Assert.assertTrue(jWTUserInfoResponse.getResponseJwt().getHeader().getAlgorithm().equals(JWEAlgorithm.RSA_OAEP_256));
    }
}
