package net.shibboleth.oidc.security.impl;

import com.google.common.base.Predicates;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.List;
import java.util.stream.Collectors;
import javax.annotation.Nonnull;
import net.shibboleth.oidc.jwa.algorithm.descriptors.EncryptionA128CBCHS256;
import net.shibboleth.oidc.jwa.algorithm.descriptors.EncryptionA128GCM;
import net.shibboleth.oidc.jwa.algorithm.descriptors.EncryptionA192CBCHS384;
import net.shibboleth.oidc.jwa.algorithm.descriptors.EncryptionA256CBCHS512;
import net.shibboleth.oidc.security.jose.criterion.EncryptionConfigurationCriterion;
import net.shibboleth.oidc.security.jose.criterion.ProviderMetadataCriterion;
import net.shibboleth.oidc.security.jose.impl.BasicEncryptionConfiguration;
import net.shibboleth.oidc.security.jose.impl.ProviderMetadataDataEncryptionAlgorithmsLookupStrategy;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.Criterion;
import org.opensaml.xmlsec.algorithm.AlgorithmRegistry;
import org.springframework.core.io.ClassPathResource;
import org.springframework.core.io.Resource;
import org.springframework.util.FileCopyUtils;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/oidc/security/impl/ProviderMetadataDataEncryptionAlgorithmsLookupStrategyTest.class */
public class ProviderMetadataDataEncryptionAlgorithmsLookupStrategyTest {
    private ProviderMetadataDataEncryptionAlgorithmsLookupStrategy strategy;
    private BasicEncryptionConfiguration config;
    private CriteriaSet criteria;
    private AlgorithmRegistry algorithmRegistry;
    private static final ClassPathResource GOOD_PROVIDER_CONFIGURATION_INFO = new ClassPathResource("/metadata/test-resolver-provider-encryption.json");

    private String readJsonFromFile(@Nonnull Resource resource) {
        try {
            InputStreamReader inputStreamReader = new InputStreamReader(resource.getInputStream(), StandardCharsets.UTF_8);
            try {
                String copyToString = FileCopyUtils.copyToString(inputStreamReader);
                inputStreamReader.close();
                return copyToString;
            } finally {
            }
        } catch (Exception e) {
            Assert.fail();
            return null;
        }
    }

    @BeforeMethod
    public void setup() throws ParseException {
        this.algorithmRegistry = new AlgorithmRegistry();
        this.algorithmRegistry.register(new EncryptionA128GCM());
        this.algorithmRegistry.register(new EncryptionA128CBCHS256());
        this.algorithmRegistry.register(new EncryptionA256CBCHS512());
        this.algorithmRegistry.register(new EncryptionA192CBCHS384());
        this.config = new BasicEncryptionConfiguration();
        this.config.setDataEncryptionAlgorithms(List.of("A128CBC-HS256", "A128GCM", "A256CBC-HS512", "A192CBC-HS384"));
        this.criteria = new CriteriaSet(new Criterion[]{new EncryptionConfigurationCriterion(List.of(this.config))});
        OIDCProviderMetadata parse = OIDCProviderMetadata.parse(readJsonFromFile(GOOD_PROVIDER_CONFIGURATION_INFO));
        this.criteria.add(new ProviderMetadataCriterion(parse));
        this.strategy = new ProviderMetadataDataEncryptionAlgorithmsLookupStrategy(oIDCProviderMetadata -> {
            return (List) parse.getRequestObjectJWEEncs().stream().map((v0) -> {
                return v0.getName();
            }).collect(Collectors.toList());
        }, this.algorithmRegistry);
    }

    @Test
    public void testSuccess_AllConfiguredAlgsAreSupported() {
        List apply = this.strategy.apply(this.criteria, Predicates.alwaysTrue());
        Assert.assertNotNull(apply);
        Assert.assertEquals(apply.size(), 4);
    }

    @Test
    public void testSuccess_SomeAlgsNotSupportedByOP() {
        this.config.setDataEncryptionAlgorithms(List.of("A128CBC-HS256", "A128GCM", "A256CBC-HS512", "A192CBC-HS384", "A256GCM"));
        List apply = this.strategy.apply(this.criteria, Predicates.alwaysTrue());
        Assert.assertNotNull(apply);
        Assert.assertEquals(apply.size(), 4);
    }

    @Test
    public void testSuccess_SomeAlgsExluded() {
        List apply = this.strategy.apply(this.criteria, str -> {
            return !"A128CBC-HS256".equals(str);
        });
        Assert.assertNotNull(apply);
        Assert.assertEquals(apply.size(), 3);
    }

    @Test
    public void testSuccess_NoSupportedAlgs() {
        this.config.setDataEncryptionAlgorithms(Collections.emptyList());
        List apply = this.strategy.apply(this.criteria, Predicates.alwaysTrue());
        Assert.assertNotNull(apply);
        Assert.assertEquals(apply.size(), 0);
    }

    @Test
    public void testSuccess_NullProviderAlgs() {
        this.strategy = new ProviderMetadataDataEncryptionAlgorithmsLookupStrategy(oIDCProviderMetadata -> {
            return null;
        }, this.algorithmRegistry);
        List apply = this.strategy.apply(this.criteria, Predicates.alwaysTrue());
        Assert.assertNotNull(apply);
        Assert.assertEquals(apply.size(), 4);
    }
}
