package net.shibboleth.idp.plugin.authn.oidc.rp.test;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWEHeader;
import com.nimbusds.jose.JWEObject;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.Payload;
import com.nimbusds.jose.crypto.AESEncrypter;
import com.nimbusds.jose.crypto.DirectEncrypter;
import com.nimbusds.jose.crypto.ECDHEncrypter;
import com.nimbusds.jose.crypto.ECDSASigner;
import com.nimbusds.jose.crypto.MACSigner;
import com.nimbusds.jose.crypto.RSAEncrypter;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jwt.EncryptedJWT;
import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.PlainJWT;
import com.nimbusds.jwt.SignedJWT;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.text.ParseException;
import java.time.Instant;
import java.util.Date;
import java.util.List;
import java.util.Map;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.shared.collection.CollectionSupport;
import org.opensaml.security.credential.Credential;

/* loaded from: input_file:net/shibboleth/idp/plugin/authn/oidc/rp/test/TestTokenHelper.class */
public final class TestTokenHelper {
    static final /* synthetic */ boolean $assertionsDisabled;

    private TestTokenHelper() {
    }

    @Nonnull
    public static JWTClaimsSet createBasicClaims(Map<String, Object> map) {
        return new JWTClaimsSet.Builder().issuer((String) getClaimValue(map, "iss", "test-issuer", String.class)).audience((List) getClaimValue(map, "aud", List.of("test-client"), List.class)).subject((String) getClaimValue(map, "sub", "jdoe", String.class)).claim("preferred_username", getClaimValue(map, "preferred_username", "d.tu", String.class)).claim("given_name", getClaimValue(map, "given_name", "Demo", String.class)).claim("family_name", getClaimValue(map, "family_name", "User", String.class)).claim("nonce", getClaimValue(map, "nonce", "abadnonce", String.class)).claim("nickname", getClaimValue(map, "nickname", "Dee", String.class)).claim("azp", getClaimValue(map, "azp", "test-client", String.class)).claim("name", getClaimValue(map, "name", "Demo T. User", String.class)).claim("acr", getClaimValue(map, "acr", "urn:mace:incommon:iap:silver", String.class)).claim("amr", getClaimValue(map, "amr", List.of("pwd", "otp"), List.class)).claim("auth_time", getClaimValue(map, "auth_time", new Date(), Date.class)).issueTime((Date) getClaimValue(map, "iat", new Date(), Date.class)).expirationTime((Date) getClaimValue(map, "auth_time", Date.from(Instant.now().plusSeconds(120L)), Date.class)).build();
    }

    @Nonnull
    public static JWTClaimsSet createBasicUserInfoClaims(Map<String, Object> map) {
        return new JWTClaimsSet.Builder().issuer((String) getClaimValue(map, "iss", "test-issuer", String.class)).audience((List) getClaimValue(map, "aud", CollectionSupport.listOf("test-client"), List.class)).subject((String) getClaimValue(map, "sub", "jdoe", String.class)).claim("preferred_username", getClaimValue(map, "preferred_username", "d.tu", String.class)).claim("given_name", getClaimValue(map, "given_name", "Demo", String.class)).claim("family_name", getClaimValue(map, "family_name", "User", String.class)).claim("nickname", getClaimValue(map, "nickname", "Dee", String.class)).claim("name", getClaimValue(map, "name", "Demo T. User", String.class)).build();
    }

    private static <T> T getClaimValue(Map<String, Object> map, String str, Object obj, Class<T> cls) {
        if (map.containsKey(str)) {
            Object obj2 = map.get(str);
            if (obj2 == null) {
                return null;
            }
            if (cls.isInstance(obj2)) {
                if ((obj2 instanceof String) && ((String) obj2).isEmpty()) {
                    return null;
                }
                return cls.cast(obj2);
            }
        }
        return cls.cast(obj);
    }

    @Nonnull
    public static JWT createJWT(@Nonnull JWTClaimsSet jWTClaimsSet, @Nullable JWSAlgorithm jWSAlgorithm, @Nullable JWEAlgorithm jWEAlgorithm, @Nullable EncryptionMethod encryptionMethod, @Nullable Credential credential, @Nullable Credential credential2) throws JOSEException, ParseException {
        if (jWSAlgorithm != null && credential != null) {
            SignedJWT signedJWT = new SignedJWT(new JWSHeader.Builder(jWSAlgorithm).type(JOSEObjectType.JWT).build(), jWTClaimsSet);
            if (JWSAlgorithm.Family.HMAC_SHA.contains(jWSAlgorithm)) {
                signedJWT.sign(new MACSigner(credential.getSecretKey()));
            } else if (JWSAlgorithm.Family.RSA.contains(jWSAlgorithm)) {
                signedJWT.sign(new RSASSASigner(credential.getPrivateKey()));
            } else if (JWSAlgorithm.Family.EC.contains(jWSAlgorithm)) {
                signedJWT.sign(new ECDSASigner((ECPrivateKey) credential.getPrivateKey()));
            }
            if (jWEAlgorithm == null || credential2 == null) {
                return signedJWT;
            }
            JWEObject jWEObject = new JWEObject(new JWEHeader.Builder(jWEAlgorithm, encryptionMethod).contentType("JWT").build(), new Payload(signedJWT));
            if (JWEAlgorithm.Family.RSA.contains(jWEAlgorithm)) {
                jWEObject.encrypt(new RSAEncrypter((RSAPublicKey) credential2.getPublicKey()));
                EncryptedJWT parse = EncryptedJWT.parse(jWEObject.serialize());
                if ($assertionsDisabled || parse != null) {
                    return parse;
                }
                throw new AssertionError();
            }
            if (JWEAlgorithm.Family.AES_KW.contains(jWEAlgorithm) || JWEAlgorithm.Family.AES_GCM_KW.contains(jWEAlgorithm)) {
                jWEObject.encrypt(new AESEncrypter(credential2.getSecretKey()));
                EncryptedJWT parse2 = EncryptedJWT.parse(jWEObject.serialize());
                if ($assertionsDisabled || parse2 != null) {
                    return parse2;
                }
                throw new AssertionError();
            }
            if (JWEAlgorithm.Family.ECDH_ES.contains(jWEAlgorithm)) {
                jWEObject.encrypt(new ECDHEncrypter((ECPublicKey) credential2.getPublicKey()));
                EncryptedJWT parse3 = EncryptedJWT.parse(jWEObject.serialize());
                if ($assertionsDisabled || parse3 != null) {
                    return parse3;
                }
                throw new AssertionError();
            }
            if (JWEAlgorithm.DIR == jWEAlgorithm) {
                jWEObject.encrypt(new DirectEncrypter(credential2.getSecretKey()));
                EncryptedJWT parse4 = EncryptedJWT.parse(jWEObject.serialize());
                if ($assertionsDisabled || parse4 != null) {
                    return parse4;
                }
                throw new AssertionError();
            }
        }
        return new PlainJWT(jWTClaimsSet);
    }

    @Nonnull
    public static JWT createJWTUserInfoResponse(Map<String, Object> map, @Nullable JWSAlgorithm jWSAlgorithm, @Nullable JWEAlgorithm jWEAlgorithm, @Nullable EncryptionMethod encryptionMethod, @Nullable Credential credential, @Nullable Credential credential2) throws JOSEException, ParseException {
        return createJWT(createBasicUserInfoClaims(map), jWSAlgorithm, jWEAlgorithm, encryptionMethod, credential, credential2);
    }

    @Nonnull
    public static String createAccessTokenResponseJSON(Map<String, Object> map, @Nullable JWSAlgorithm jWSAlgorithm, @Nullable JWEAlgorithm jWEAlgorithm, @Nullable EncryptionMethod encryptionMethod, @Nullable Credential credential, @Nullable Credential credential2) throws Exception {
        return buildTemplateAccessTokenJSONResponse(createJWT(createBasicClaims(map), jWSAlgorithm, jWEAlgorithm, encryptionMethod, credential, credential2).serialize());
    }

    @Nonnull
    public static String createPlainUserInfoResponseString(Map<String, Object> map) throws JsonProcessingException {
        String writeValueAsString = new ObjectMapper().writeValueAsString(createBasicUserInfoClaims(map).toJSONObject());
        if ($assertionsDisabled || writeValueAsString != null) {
            return writeValueAsString;
        }
        throw new AssertionError();
    }

    @Nonnull
    public static PlainJWT createPlainJWTUserInfoResponseJSON(Map<String, Object> map) throws JOSEException {
        return new PlainJWT(createBasicUserInfoClaims(map));
    }

    @Nonnull
    private static String buildTemplateAccessTokenJSONResponse(String str) {
        return "{\n  \"access_token\": \"W0y5aDNAzEPNpSzu1cuMG904BZuQFZJUUwG5F3ct0zydZWy1ji\",\n  \"token_type\": \"Bearer\",\n  \"id_token\": \"" + str + "\",\n  \"scope\": \"openid\"\n}";
    }

    static {
        $assertionsDisabled = !TestTokenHelper.class.desiredAssertionStatus();
    }
}
