package net.shibboleth.oidc.security.jose.impl;

import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.util.JSONObjectUtils;
import com.nimbusds.openid.connect.sdk.rp.OIDCClientInformation;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.List;
import javax.annotation.Nonnull;
import net.shibboleth.oidc.security.jose.SignatureSigningParameters;
import net.shibboleth.oidc.security.jose.criterion.ClientInformationCriterion;
import net.shibboleth.oidc.security.jose.criterion.SignatureSigningConfigurationCriterion;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import org.opensaml.core.config.InitializationException;
import org.opensaml.xmlsec.config.GlobalAlgorithmRegistryInitializer;
import org.springframework.core.io.ClassPathResource;
import org.springframework.core.io.Resource;
import org.springframework.util.FileCopyUtils;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/oidc/security/jose/impl/ClientInformationSignatureSigningParametersResolverTest.class */
public class ClientInformationSignatureSigningParametersResolverTest {
    private static final ClassPathResource CLIENT_INFORMATION_SECRET = new ClassPathResource("/metadata/test-resolver-client-information-secret.json");
    private static final ClassPathResource CLIENT_INFORMATION_SECRET_512 = new ClassPathResource("/metadata/test-resolver-client-information-secret-512.json");
    private ClientInformationSignatureSigningParametersResolver resolver;

    @BeforeMethod
    public void setup() throws Exception {
        try {
            new GlobalAlgorithmRegistryInitializer().init();
        } catch (InitializationException e) {
            Assert.fail();
        }
    }

    protected String readJsonFromFile(@Nonnull Resource resource) {
        try {
            InputStreamReader inputStreamReader = new InputStreamReader(resource.getInputStream(), StandardCharsets.UTF_8);
            try {
                String copyToString = FileCopyUtils.copyToString(inputStreamReader);
                inputStreamReader.close();
                return copyToString;
            } finally {
            }
        } catch (Exception e) {
            Assert.fail();
            return null;
        }
    }

    private CriteriaSet buildCriteria(List<String> list, ClassPathResource classPathResource) throws ParseException {
        CriteriaSet criteriaSet = new CriteriaSet();
        BasicSignatureSigningConfiguration basicSignatureSigningConfiguration = new BasicSignatureSigningConfiguration();
        basicSignatureSigningConfiguration.setSignatureAlgorithms(list);
        basicSignatureSigningConfiguration.setSigningCredentials(Collections.emptyList());
        criteriaSet.add(new SignatureSigningConfigurationCriterion(List.of(basicSignatureSigningConfiguration)));
        criteriaSet.add(new ClientInformationCriterion(OIDCClientInformation.parse(JSONObjectUtils.parse(readJsonFromFile(classPathResource)))));
        return criteriaSet;
    }

    @Test
    public void testResolveSuccess_ClientSecretCredential256() throws Exception {
        this.resolver = new ClientInformationSignatureSigningParametersResolver(oIDCClientInformation -> {
            return "HS256".toString();
        }, "HS256".toString());
        Iterable resolve = this.resolver.resolve(buildCriteria(List.of("HS256"), CLIENT_INFORMATION_SECRET));
        Assert.assertNotNull(resolve);
        Assert.assertTrue(resolve.iterator().hasNext());
        Assert.assertNotNull(((SignatureSigningParameters) resolve.iterator().next()).getSigningCredential());
        Assert.assertNotNull(((SignatureSigningParameters) resolve.iterator().next()).getSigningCredential().getSecretKey());
    }

    @Test
    public void testResolveSuccess_ClientSecretCredential256_tooStrongAlg() throws Exception {
        this.resolver = new ClientInformationSignatureSigningParametersResolver(oIDCClientInformation -> {
            return "HS512".toString();
        }, "HS512".toString());
        Iterable resolve = this.resolver.resolve(buildCriteria(List.of("HS512"), CLIENT_INFORMATION_SECRET));
        Assert.assertNotNull(resolve);
        Assert.assertFalse(resolve.iterator().hasNext());
    }

    @Test
    public void testResolveSuccess_ClientSecretCredential256_algNotEnabled() throws Exception {
        this.resolver = new ClientInformationSignatureSigningParametersResolver(oIDCClientInformation -> {
            return "HS256".toString();
        }, "HS256".toString());
        Iterable resolve = this.resolver.resolve(buildCriteria(List.of("HS512", "HS384"), CLIENT_INFORMATION_SECRET));
        Assert.assertNotNull(resolve);
        Assert.assertFalse(resolve.iterator().hasNext());
    }

    @Test
    public void testResolveSuccess_ClientSecretCredential512() throws Exception {
        this.resolver = new ClientInformationSignatureSigningParametersResolver(oIDCClientInformation -> {
            return "HS512".toString();
        }, "HS512".toString());
        Iterable resolve = this.resolver.resolve(buildCriteria(List.of("HS512"), CLIENT_INFORMATION_SECRET_512));
        Assert.assertNotNull(resolve);
        Assert.assertTrue(resolve.iterator().hasNext());
        Assert.assertNotNull(((SignatureSigningParameters) resolve.iterator().next()).getSigningCredential());
        Assert.assertNotNull(((SignatureSigningParameters) resolve.iterator().next()).getSigningCredential().getSecretKey());
    }
}
