package net.shibboleth.oidc.security.jwt.claims.impl;

import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.oauth2.sdk.id.ClientID;
import com.nimbusds.openid.connect.sdk.OIDCClaimsRequest;
import com.nimbusds.openid.connect.sdk.claims.ClaimRequirement;
import com.nimbusds.openid.connect.sdk.claims.ClaimsSetRequest;
import java.time.Duration;
import javax.annotation.Nonnull;
import net.shibboleth.oidc.jwt.claims.JWTValidationException;
import net.shibboleth.oidc.profile.core.OIDCAuthenticationRequest;
import net.shibboleth.shared.component.ComponentInitializationException;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/oidc/security/jwt/claims/impl/AuthTimeRequestedActivationConditionTest.class */
public class AuthTimeRequestedActivationConditionTest extends AbstractClaimsValidatorTest {

    @Nonnull
    private AuthTimeRequestedActivationCondition condition;

    @Override // net.shibboleth.oidc.security.jwt.claims.impl.AbstractClaimsValidatorTest
    @BeforeMethod
    public void setup() throws ComponentInitializationException {
        super.setup();
    }

    @Test
    public void testRequired_AuthTimeNotRequested() throws JWTValidationException, ComponentInitializationException {
        OIDCAuthenticationRequest oIDCAuthenticationRequest = new OIDCAuthenticationRequest(new ClientID("mock-client"));
        this.condition = new AuthTimeRequestedActivationCondition(profileRequestContext -> {
            return oIDCAuthenticationRequest;
        });
        Assert.assertFalse(this.condition.test(this.prc, new JWTClaimsSet.Builder().audience("mock-client").build()));
    }

    @Test
    public void testRequired_AuthTimeRequestedViaMaxAge() throws JWTValidationException, ComponentInitializationException {
        OIDCAuthenticationRequest oIDCAuthenticationRequest = new OIDCAuthenticationRequest(new ClientID("mock-client"));
        oIDCAuthenticationRequest.setMaxAge(Duration.ofSeconds(60L));
        this.condition = new AuthTimeRequestedActivationCondition(profileRequestContext -> {
            return oIDCAuthenticationRequest;
        });
        Assert.assertTrue(this.condition.test(this.prc, new JWTClaimsSet.Builder().audience("mock-client").build()));
    }

    @Test
    public void testRequired_AuthTimeRequestedViaEssentialClaim() throws JWTValidationException, ComponentInitializationException {
        OIDCAuthenticationRequest oIDCAuthenticationRequest = new OIDCAuthenticationRequest(new ClientID("mock-client"));
        oIDCAuthenticationRequest.setRequestedClaims(new OIDCClaimsRequest().withIDTokenClaimsRequest(new ClaimsSetRequest().add(new ClaimsSetRequest.Entry("auth_time").withClaimRequirement(ClaimRequirement.ESSENTIAL))));
        this.condition = new AuthTimeRequestedActivationCondition(profileRequestContext -> {
            return oIDCAuthenticationRequest;
        });
        Assert.assertTrue(this.condition.test(this.prc, new JWTClaimsSet.Builder().audience("mock-client").build()));
    }

    @Test
    public void testRequired_AuthTimeRequestedViaVoluntaryClaim_IncludedInClaims() throws JWTValidationException, ComponentInitializationException {
        OIDCAuthenticationRequest oIDCAuthenticationRequest = new OIDCAuthenticationRequest(new ClientID("mock-client"));
        oIDCAuthenticationRequest.setRequestedClaims(new OIDCClaimsRequest().withIDTokenClaimsRequest(new ClaimsSetRequest().add(new ClaimsSetRequest.Entry("auth_time").withClaimRequirement(ClaimRequirement.VOLUNTARY))));
        this.condition = new AuthTimeRequestedActivationCondition(profileRequestContext -> {
            return oIDCAuthenticationRequest;
        });
        Assert.assertTrue(this.condition.test(this.prc, new JWTClaimsSet.Builder().audience("mock-client").claim("auth_time", "9999").build()));
    }

    @Test
    public void testNotRequired_AuthTimeRequestedViaVoluntaryClaim_NotIncludedInClaims() throws JWTValidationException, ComponentInitializationException {
        OIDCAuthenticationRequest oIDCAuthenticationRequest = new OIDCAuthenticationRequest(new ClientID("mock-client"));
        oIDCAuthenticationRequest.setRequestedClaims(new OIDCClaimsRequest().withIDTokenClaimsRequest(new ClaimsSetRequest().add(new ClaimsSetRequest.Entry("auth_time").withClaimRequirement(ClaimRequirement.VOLUNTARY))));
        this.condition = new AuthTimeRequestedActivationCondition(profileRequestContext -> {
            return oIDCAuthenticationRequest;
        });
        Assert.assertFalse(this.condition.test(this.prc, new JWTClaimsSet.Builder().audience("mock-client").build()));
    }

    @Test
    public void testNotRequired_NoMaxAge_NoAuthTimeRequest() throws JWTValidationException, ComponentInitializationException {
        OIDCAuthenticationRequest oIDCAuthenticationRequest = new OIDCAuthenticationRequest(new ClientID("mock-client"));
        this.condition = new AuthTimeRequestedActivationCondition(profileRequestContext -> {
            return oIDCAuthenticationRequest;
        });
        Assert.assertFalse(this.condition.test(this.prc, new JWTClaimsSet.Builder().audience("mock-client").build()));
    }

    @Test
    public void testNotRequired_RequestedClaimsWithoutIdTokenRequested() throws JWTValidationException, ComponentInitializationException {
        OIDCAuthenticationRequest oIDCAuthenticationRequest = new OIDCAuthenticationRequest(new ClientID("mock-client"));
        oIDCAuthenticationRequest.setRequestedClaims(new OIDCClaimsRequest());
        this.condition = new AuthTimeRequestedActivationCondition(profileRequestContext -> {
            return oIDCAuthenticationRequest;
        });
        Assert.assertFalse(this.condition.test(this.prc, new JWTClaimsSet.Builder().audience("mock-client").build()));
    }
}
