package net.shibboleth.idp.plugin.authn.oidc.rp.context.navigate;

import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jwt.EncryptedJWT;
import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.SignedJWT;
import com.nimbusds.openid.connect.sdk.UserInfoSuccessResponse;
import java.util.List;
import java.util.Map;
import net.shibboleth.idp.plugin.authn.oidc.rp.context.UserInfoResponseContext;
import net.shibboleth.idp.plugin.authn.oidc.rp.test.TestTokenHelper;
import net.shibboleth.oidc.security.credential.DefaultClientSecretCredential;
import org.opensaml.profile.context.ProfileRequestContext;
import org.testng.Assert;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/idp/plugin/authn/oidc/rp/context/navigate/UserInfoInUserInfoResponseContextUpdateStrategyTest.class */
public class UserInfoInUserInfoResponseContextUpdateStrategyTest {
    private static final String CLIENT_SECRET = "Xp2s5v8y/B?E(H+MbQeThWmYq3t6w9z$";
    private UserInfoInUserInfoResponseContextUpdateStrategy strategy;

    @Test
    public void testUpdateEncryptedToSigned() throws Exception {
        JWT createJWTUserInfoResponse = TestTokenHelper.createJWTUserInfoResponse(Map.of("iss", "issuer", "aud", List.of("client_id")), JWSAlgorithm.HS256, JWEAlgorithm.DIR, EncryptionMethod.A128CBC_HS256, new DefaultClientSecretCredential(CLIENT_SECRET).toSigningCredential(), new DefaultClientSecretCredential(CLIENT_SECRET).toEncryptionCredential(JWEAlgorithm.DIR, EncryptionMethod.A128CBC_HS256));
        UserInfoResponseContext userInfoResponseContext = new UserInfoResponseContext();
        userInfoResponseContext.setUserInfo(new UserInfoSuccessResponse(createJWTUserInfoResponse));
        this.strategy = new UserInfoInUserInfoResponseContextUpdateStrategy(profileRequestContext -> {
            return userInfoResponseContext;
        });
        JWT createJWTUserInfoResponse2 = TestTokenHelper.createJWTUserInfoResponse(Map.of("iss", "issuer", "aud", List.of("client_id")), JWSAlgorithm.HS256, null, null, new DefaultClientSecretCredential(CLIENT_SECRET).toSigningCredential(), null);
        Assert.assertNotNull(userInfoResponseContext.getUserInfo());
        Assert.assertNotNull(userInfoResponseContext.getUserInfo().getUserInfoJWT());
        Assert.assertTrue(userInfoResponseContext.getUserInfo().getUserInfoJWT() instanceof EncryptedJWT);
        this.strategy.accept(new ProfileRequestContext(), createJWTUserInfoResponse2);
        Assert.assertNotNull(userInfoResponseContext.getUserInfo());
        Assert.assertNotNull(userInfoResponseContext.getUserInfo().getUserInfoJWT());
        Assert.assertTrue(userInfoResponseContext.getUserInfo().getUserInfoJWT() instanceof SignedJWT);
        Assert.assertEquals(userInfoResponseContext.getUserInfo().getUserInfoJWT(), createJWTUserInfoResponse2);
    }
}
