package net.shibboleth.oidc.security.jwt.claims.impl;

import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.oauth2.sdk.token.BearerAccessToken;
import java.text.ParseException;
import java.util.Map;
import javax.annotation.Nonnull;
import net.shibboleth.oidc.jwt.claims.JWTValidationException;
import net.shibboleth.shared.component.ComponentInitializationException;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/oidc/security/jwt/claims/impl/AccessTokenHashValidatorTest.class */
public class AccessTokenHashValidatorTest extends AbstractClaimsValidatorTest {

    @Nonnull
    private AccessTokenHashValidator validator;

    @Override // net.shibboleth.oidc.security.jwt.claims.impl.AbstractClaimsValidatorTest
    @BeforeMethod
    public void setup() throws ComponentInitializationException {
        super.setup();
        this.validator = new AccessTokenHashValidator();
        this.validator.setAllowMissing(false);
        this.validator.setId("test-validator");
    }

    @Test(expectedExceptions = {JWTValidationException.class})
    public void doValidateTest_Mismatch() throws JWTValidationException, ComponentInitializationException {
        JWTClaimsSet build = new JWTClaimsSet.Builder().claim("at_hash", "bad-at-hash").build();
        this.validator.setJoseHeaderLookupStrategy(profileRequestContext -> {
            try {
                return JWSHeader.parse(Map.of("alg", "RS256"));
            } catch (ParseException e) {
                Assert.fail(e.getMessage());
                return null;
            }
        });
        this.validator.setAccessTokenLookupStrategy(profileRequestContext2 -> {
            return new BearerAccessToken("token");
        });
        this.validator.initialize();
        this.validator.validate(build, this.prc);
    }

    @Test
    public void doValidateTest_Success() throws JWTValidationException, ComponentInitializationException {
        JWTClaimsSet build = new JWTClaimsSet.Builder().claim("at_hash", "77QmUPtjPfzWtF2AnpK9RQ").build();
        this.validator.setJoseHeaderLookupStrategy(profileRequestContext -> {
            try {
                return JWSHeader.parse(Map.of("alg", "RS256"));
            } catch (ParseException e) {
                Assert.fail(e.getMessage());
                return null;
            }
        });
        this.validator.setAccessTokenLookupStrategy(profileRequestContext2 -> {
            return new BearerAccessToken("jHkWEdUXMU1BwAsC4vtUsZwnNvTIxEl0z9K3vx5KF0Y");
        });
        this.validator.initialize();
        this.validator.validate(build, this.prc);
    }

    @Test(expectedExceptions = {JWTValidationException.class})
    public void doValidateTest_NoToken() throws JWTValidationException, ComponentInitializationException {
        JWTClaimsSet build = new JWTClaimsSet.Builder().claim("at_hash", "bad-at-hash").build();
        this.validator.setJoseHeaderLookupStrategy(profileRequestContext -> {
            try {
                return JWSHeader.parse(Map.of("alg", "RS256"));
            } catch (ParseException e) {
                Assert.fail(e.getMessage());
                return null;
            }
        });
        this.validator.setAccessTokenLookupStrategy(profileRequestContext2 -> {
            return null;
        });
        this.validator.initialize();
        this.validator.validate(build, this.prc);
    }

    @Test(expectedExceptions = {JWTValidationException.class})
    public void doValidateTest_NoHeader() throws JWTValidationException, ComponentInitializationException {
        JWTClaimsSet build = new JWTClaimsSet.Builder().claim("at_hash", "bad-at-hash").build();
        this.validator.setJoseHeaderLookupStrategy(profileRequestContext -> {
            return null;
        });
        this.validator.setAccessTokenLookupStrategy(profileRequestContext2 -> {
            return new BearerAccessToken("token");
        });
        this.validator.initialize();
        this.validator.validate(build, this.prc);
    }

    @Test(expectedExceptions = {JWTValidationException.class})
    public void doValidateTest_NoAtHash_Required() throws JWTValidationException, ComponentInitializationException {
        JWTClaimsSet build = new JWTClaimsSet.Builder().build();
        this.validator.setAllowMissing(false);
        this.validator.setJoseHeaderLookupStrategy(profileRequestContext -> {
            try {
                return JWSHeader.parse(Map.of("alg", "RS256"));
            } catch (ParseException e) {
                Assert.fail(e.getMessage());
                return null;
            }
        });
        this.validator.setAccessTokenLookupStrategy(profileRequestContext2 -> {
            return new BearerAccessToken("token");
        });
        this.validator.initialize();
        this.validator.validate(build, this.prc);
    }

    @Test
    public void doValidateTest_NoAtHash_NotRequired() throws JWTValidationException, ComponentInitializationException {
        JWTClaimsSet build = new JWTClaimsSet.Builder().build();
        this.validator.setAllowMissing(true);
        this.validator.setJoseHeaderLookupStrategy(profileRequestContext -> {
            try {
                return JWSHeader.parse(Map.of("alg", "RS256"));
            } catch (ParseException e) {
                Assert.fail(e.getMessage());
                return null;
            }
        });
        this.validator.setAccessTokenLookupStrategy(profileRequestContext2 -> {
            return new BearerAccessToken("token");
        });
        this.validator.initialize();
        this.validator.validate(build, this.prc);
    }

    @Test(expectedExceptions = {ComponentInitializationException.class})
    public void doValidateTest_NoStrategies() throws JWTValidationException, ComponentInitializationException {
        JWTClaimsSet build = new JWTClaimsSet.Builder().claim("at_hash", "bad-at-hash").build();
        this.validator.initialize();
        this.validator.validate(build, this.prc);
    }
}
