package net.shibboleth.oidc.security.jwt.claims.impl;

import com.nimbusds.jwt.JWTClaimsSet;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import javax.annotation.Nonnull;
import net.shibboleth.oidc.jwt.claims.JWTValidationException;
import net.shibboleth.shared.component.ComponentInitializationException;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/oidc/security/jwt/claims/impl/AuthenticationTimeClaimsValidatorTest.class */
public class AuthenticationTimeClaimsValidatorTest extends AbstractClaimsValidatorTest {

    @Nonnull
    private AuthenticationTimeClaimsValidator validator;

    @Override // net.shibboleth.oidc.security.jwt.claims.impl.AbstractClaimsValidatorTest
    @BeforeMethod
    public void setup() throws ComponentInitializationException {
        super.setup();
        this.validator = new AuthenticationTimeClaimsValidator();
    }

    @Test
    public void doValidateTest() throws JWTValidationException, ComponentInitializationException {
        JWTClaimsSet build = new JWTClaimsSet.Builder().claim(IDTokenClaims.AUTHENTICATION_TIME.getClaimName(), Long.valueOf(Instant.now().getEpochSecond())).build();
        this.validator.setId("test-validator");
        this.validator.setAuthnLifetime(Duration.ofMinutes(1L));
        this.validator.setClockSkew(Duration.ofSeconds(0L));
        this.validator.initialize();
        this.validator.validate(build, this.prc);
    }

    @Test
    public void doValidateTest_UseAuthnStrategy() throws JWTValidationException, ComponentInitializationException {
        JWTClaimsSet build = new JWTClaimsSet.Builder().claim(IDTokenClaims.AUTHENTICATION_TIME.getClaimName(), Long.valueOf(Instant.now().getEpochSecond())).build();
        this.validator.setId("test-validator");
        this.validator.setAuthnLifetimeLookupStrategy(profileRequestContext -> {
            return Duration.ofMinutes(1L);
        });
        this.validator.setClockSkew(Duration.ofSeconds(0L));
        this.validator.initialize();
        this.validator.validate(build, this.prc);
    }

    @Test
    public void doValidateTest_DefaultAuthnTime() throws JWTValidationException, ComponentInitializationException {
        JWTClaimsSet build = new JWTClaimsSet.Builder().claim(IDTokenClaims.AUTHENTICATION_TIME.getClaimName(), Long.valueOf(Instant.now().getEpochSecond())).build();
        this.validator.setId("test-validator");
        this.validator.setClockSkew(Duration.ofSeconds(0L));
        this.validator.initialize();
        this.validator.validate(build, this.prc);
    }

    @Test
    public void doValidateTestWithinLifetime() throws JWTValidationException, ComponentInitializationException {
        JWTClaimsSet build = new JWTClaimsSet.Builder().claim(IDTokenClaims.AUTHENTICATION_TIME.getClaimName(), Long.valueOf(Instant.now().minus((TemporalAmount) Duration.ofSeconds(30L)).getEpochSecond())).build();
        this.validator.setId("test-validator");
        this.validator.setAuthnLifetime(Duration.ofMinutes(1L));
        this.validator.setClockSkew(Duration.ofSeconds(0L));
        this.validator.initialize();
        this.validator.validate(build, this.prc);
    }

    @Test
    public void doValidateNoClaimButNotActive() throws JWTValidationException, ComponentInitializationException {
        JWTClaimsSet build = new JWTClaimsSet.Builder().build();
        this.validator.setActivationCondition((profileRequestContext, jWTClaimsSet) -> {
            return false;
        });
        this.validator.setId("test-validator");
        this.validator.setAuthnLifetime(Duration.ofMinutes(1L));
        this.validator.initialize();
        this.validator.validate(build, this.prc);
    }

    @Test(expectedExceptions = {JWTValidationException.class})
    public void doRejectedTestCanNotParseDate() throws JWTValidationException, ComponentInitializationException {
        JWTClaimsSet build = new JWTClaimsSet.Builder().claim(IDTokenClaims.AUTHENTICATION_TIME.getClaimName(), "not-a-date").build();
        this.validator.setId("test-validator");
        this.validator.setAuthnLifetime(Duration.ofMinutes(1L));
        this.validator.initialize();
        this.validator.validate(build, this.prc);
    }

    @Test(expectedExceptions = {JWTValidationException.class})
    public void doRejectedTest() throws JWTValidationException, ComponentInitializationException {
        JWTClaimsSet build = new JWTClaimsSet.Builder().claim(IDTokenClaims.AUTHENTICATION_TIME.getClaimName(), Long.valueOf(Instant.now().minus((TemporalAmount) Duration.ofMinutes(10L)).getEpochSecond())).build();
        this.validator.setId("test-validator");
        this.validator.setAuthnLifetime(Duration.ofMinutes(1L));
        this.validator.setClockSkew(Duration.ofMinutes(0L));
        this.validator.initialize();
        this.validator.validate(build, this.prc);
    }

    @Test(expectedExceptions = {JWTValidationException.class})
    public void doRejectedInTheFuture() throws JWTValidationException, ComponentInitializationException {
        JWTClaimsSet build = new JWTClaimsSet.Builder().claim(IDTokenClaims.AUTHENTICATION_TIME.getClaimName(), Long.valueOf(Instant.now().plus((TemporalAmount) Duration.ofSeconds(30L)).getEpochSecond())).build();
        this.validator.setId("test-validator");
        this.validator.setAuthnLifetime(Duration.ofMinutes(1L));
        this.validator.setClockSkew(Duration.ofSeconds(10L));
        this.validator.initialize();
        this.validator.validate(build, this.prc);
    }

    @Test
    public void doRejectedInTheFutureButInsideSkew() throws JWTValidationException, ComponentInitializationException {
        JWTClaimsSet build = new JWTClaimsSet.Builder().claim(IDTokenClaims.AUTHENTICATION_TIME.getClaimName(), Long.valueOf(Instant.now().plus((TemporalAmount) Duration.ofSeconds(30L)).getEpochSecond())).build();
        this.validator.setId("test-validator");
        this.validator.setAuthnLifetime(Duration.ofMinutes(1L));
        this.validator.setClockSkew(Duration.ofSeconds(60L));
        this.validator.initialize();
        this.validator.validate(build, this.prc);
    }

    @Test(expectedExceptions = {JWTValidationException.class})
    public void doRejectedNoClaim() throws JWTValidationException, ComponentInitializationException {
        JWTClaimsSet build = new JWTClaimsSet.Builder().build();
        this.validator.setId("test-validator");
        this.validator.setAuthnLifetime(Duration.ofMinutes(1L));
        this.validator.initialize();
        this.validator.validate(build, this.prc);
    }

    @Test(expectedExceptions = {JWTValidationException.class})
    public void doRejectedForceAuthenticationRequestButOldAuthnTime() throws JWTValidationException, ComponentInitializationException {
        JWTClaimsSet build = new JWTClaimsSet.Builder().claim(IDTokenClaims.AUTHENTICATION_TIME.getClaimName(), Long.valueOf(Instant.now().minus((TemporalAmount) Duration.ofSeconds(10L)).getEpochSecond())).build();
        this.validator.setId("test-validator");
        this.validator.setAuthnLifetime(Duration.ofSeconds(0L));
        this.validator.setAuthnRequestTimeLookupStrategy(profileRequestContext -> {
            return Instant.now();
        });
        this.validator.initialize();
        this.validator.validate(build, this.prc);
    }

    @Test
    public void doValidForceAuthenticationRequest() throws JWTValidationException, ComponentInitializationException {
        JWTClaimsSet build = new JWTClaimsSet.Builder().claim(IDTokenClaims.AUTHENTICATION_TIME.getClaimName(), Long.valueOf(Instant.now().plus((TemporalAmount) Duration.ofSeconds(10L)).getEpochSecond())).build();
        this.validator.setId("test-validator");
        this.validator.setAuthnLifetime(Duration.ofSeconds(0L));
        this.validator.setAuthnRequestTimeLookupStrategy(profileRequestContext -> {
            return Instant.now();
        });
        this.validator.initialize();
        this.validator.validate(build, this.prc);
    }

    @Test
    public void doValidateAuthTimeNotRequested() throws JWTValidationException, ComponentInitializationException {
        JWTClaimsSet build = new JWTClaimsSet.Builder().build();
        this.validator.setId("test-validator");
        this.validator.setRequested(profileRequestContext -> {
            return false;
        });
        this.validator.setAuthnLifetime(Duration.ofMinutes(1L));
        this.validator.initialize();
        this.validator.validate(build, this.prc);
    }
}
