package net.shibboleth.oidc.metadata.impl;

import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.oauth2.sdk.GrantType;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.ResponseType;
import com.nimbusds.oauth2.sdk.Scope;
import com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod;
import com.nimbusds.openid.connect.sdk.SubjectType;
import com.nimbusds.openid.connect.sdk.claims.ACR;
import com.nimbusds.openid.connect.sdk.rp.ApplicationType;
import com.nimbusds.openid.connect.sdk.rp.OIDCClientInformation;
import com.nimbusds.openid.connect.sdk.rp.OIDCClientMetadata;
import java.io.File;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import net.shibboleth.ext.spring.resource.ResourceHelper;
import net.shibboleth.oidc.metadata.keyinfo.ext.impl.provider.ClientSecretProvider;
import net.shibboleth.oidc.metadata.keyinfo.ext.impl.provider.InlineJwksProvider;
import net.shibboleth.oidc.metadata.keyinfo.ext.impl.provider.JWKSReferenceProvider;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.Criterion;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import net.shibboleth.utilities.java.support.xml.ClasspathResolver;
import net.shibboleth.utilities.java.support.xml.SchemaBuilder;
import org.opensaml.core.criterion.EntityIdCriterion;
import org.opensaml.core.testing.XMLObjectBaseTestCase;
import org.opensaml.saml.common.xml.SAMLSchemaBuilder;
import org.opensaml.saml.criterion.EntityRoleCriterion;
import org.opensaml.saml.criterion.ProtocolCriterion;
import org.opensaml.saml.metadata.resolver.filter.MetadataFilterChain;
import org.opensaml.saml.metadata.resolver.filter.impl.NodeProcessingMetadataFilter;
import org.opensaml.saml.metadata.resolver.filter.impl.SchemaValidationFilter;
import org.opensaml.saml.metadata.resolver.impl.FilesystemMetadataResolver;
import org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver;
import org.opensaml.saml.saml2.metadata.RoleDescriptor;
import org.opensaml.saml.saml2.metadata.SPSSODescriptor;
import org.opensaml.xmlsec.keyinfo.impl.provider.DSAKeyValueProvider;
import org.opensaml.xmlsec.keyinfo.impl.provider.InlineX509DataProvider;
import org.opensaml.xmlsec.keyinfo.impl.provider.RSAKeyValueProvider;
import org.springframework.core.io.ClassPathResource;
import org.testng.Assert;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/oidc/metadata/impl/ClientInformationNodeProcessorTest.class */
public class ClientInformationNodeProcessorTest extends XMLObjectBaseTestCase {
    protected RoleDescriptor parseRoleDescriptor(String str) throws ResolverException, ComponentInitializationException, URISyntaxException, IOException {
        FilesystemMetadataResolver filesystemMetadataResolver = new FilesystemMetadataResolver(new File(ClientInformationNodeProcessorTest.class.getResource(str).toURI()));
        filesystemMetadataResolver.setParserPool(parserPool);
        filesystemMetadataResolver.setId("test");
        MetadataFilterChain metadataFilterChain = new MetadataFilterChain();
        NodeProcessingMetadataFilter nodeProcessingMetadataFilter = new NodeProcessingMetadataFilter();
        ArrayList arrayList = new ArrayList();
        arrayList.add(new DSAKeyValueProvider());
        arrayList.add(new RSAKeyValueProvider());
        arrayList.add(new InlineX509DataProvider());
        arrayList.add(new InlineJwksProvider());
        arrayList.add(new JWKSReferenceProvider());
        arrayList.add(new ClientSecretProvider());
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(new ClientInformationNodeProcessor(arrayList));
        nodeProcessingMetadataFilter.setNodeProcessors(arrayList2);
        nodeProcessingMetadataFilter.initialize();
        metadataFilterChain.getFilters().add(buildSchemaValidationFilter());
        metadataFilterChain.getFilters().add(nodeProcessingMetadataFilter);
        filesystemMetadataResolver.setMetadataFilter(metadataFilterChain);
        filesystemMetadataResolver.initialize();
        PredicateRoleDescriptorResolver predicateRoleDescriptorResolver = new PredicateRoleDescriptorResolver(filesystemMetadataResolver);
        predicateRoleDescriptorResolver.initialize();
        return predicateRoleDescriptorResolver.resolveSingle(new CriteriaSet(new Criterion[]{new EntityIdCriterion("mockSamlClientId"), new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME), new ProtocolCriterion("http://openid.net/specs/openid-connect-core-1_0.html")}));
    }

    protected SchemaValidationFilter buildSchemaValidationFilter() {
        SAMLSchemaBuilder sAMLSchemaBuilder = new SAMLSchemaBuilder(SAMLSchemaBuilder.SAML1Version.SAML_11);
        SchemaBuilder schemaBuilder = new SchemaBuilder();
        schemaBuilder.setResourceResolver(new ClasspathResolver());
        ArrayList arrayList = new ArrayList();
        arrayList.add(ResourceHelper.of(new ClassPathResource("/schema/xmldsig-core-schema.xsd")));
        arrayList.add(ResourceHelper.of(new ClassPathResource("/schema/shibboleth-metadata-1.0.xsd")));
        arrayList.add(ResourceHelper.of(new ClassPathResource("/schema/saml-metadata-ext-oidcmd.xsd")));
        schemaBuilder.setSchemaResources(arrayList);
        sAMLSchemaBuilder.setSchemaBuilder(schemaBuilder);
        return new SchemaValidationFilter(sAMLSchemaBuilder);
    }

    @Test
    public void testParsedXMLMetadata() throws ResolverException, ComponentInitializationException, URISyntaxException, ParseException, IOException {
        SPSSODescriptor parseRoleDescriptor = parseRoleDescriptor("/net/shibboleth/oidc/metadata/impl/EntitiesDescriptor-with-oidcmd.xml");
        Assert.assertNotNull(parseRoleDescriptor);
        Assert.assertTrue(parseRoleDescriptor instanceof SPSSODescriptor);
        List list = parseRoleDescriptor.getObjectMetadata().get(OIDCClientInformation.class);
        Assert.assertNotNull(list);
        Assert.assertEquals(list.size(), 1);
        OIDCClientInformation oIDCClientInformation = (OIDCClientInformation) list.get(0);
        Assert.assertEquals(oIDCClientInformation.getID().getValue(), "mockSamlClientId");
        OIDCClientMetadata oIDCMetadata = oIDCClientInformation.getOIDCMetadata();
        Assert.assertEquals(oIDCMetadata.getApplicationType(), ApplicationType.WEB);
        Assert.assertEquals(oIDCMetadata.getURI(), new URI("https://example.org/clientUri"));
        List defaultACRs = oIDCMetadata.getDefaultACRs();
        Assert.assertEquals(defaultACRs.size(), 2);
        Assert.assertTrue(defaultACRs.contains(new ACR("password")));
        Assert.assertTrue(defaultACRs.contains(new ACR("mfa")));
        Set grantTypes = oIDCMetadata.getGrantTypes();
        Assert.assertEquals(grantTypes.size(), 1);
        Assert.assertEquals(grantTypes.iterator().next(), GrantType.AUTHORIZATION_CODE);
        Assert.assertEquals(oIDCMetadata.getIDTokenJWEAlg(), JWEAlgorithm.A256KW);
        Assert.assertEquals(oIDCMetadata.getIDTokenJWEEnc(), EncryptionMethod.A256GCM);
        Assert.assertEquals(oIDCMetadata.getIDTokenJWSAlg(), JWSAlgorithm.RS512);
        Assert.assertEquals(oIDCMetadata.getInitiateLoginURI(), new URI("https://example.org/initiateLogin"));
        Set postLogoutRedirectionURIs = oIDCMetadata.getPostLogoutRedirectionURIs();
        Assert.assertEquals(postLogoutRedirectionURIs.size(), 1);
        Assert.assertEquals(postLogoutRedirectionURIs.iterator().next(), new URI("https://example.org/postLogout"));
        Assert.assertEquals(oIDCMetadata.getRequestObjectJWEAlg(), JWEAlgorithm.A128KW);
        Assert.assertEquals(oIDCMetadata.getRequestObjectJWEEnc(), EncryptionMethod.A128GCM);
        Assert.assertEquals(oIDCMetadata.getRequestObjectJWSAlg(), JWSAlgorithm.RS256);
        Set requestObjectURIs = oIDCMetadata.getRequestObjectURIs();
        Assert.assertEquals(requestObjectURIs.size(), 1);
        Assert.assertEquals(requestObjectURIs.iterator().next(), new URI("https://example.org/request"));
        Set responseTypes = oIDCMetadata.getResponseTypes();
        Assert.assertEquals(responseTypes.size(), 2);
        Assert.assertTrue(responseTypes.contains(ResponseType.parse("code")));
        Assert.assertTrue(responseTypes.contains(ResponseType.parse("id_token")));
        Scope scope = oIDCMetadata.getScope();
        Assert.assertEquals(scope.size(), 2);
        Assert.assertTrue(scope.contains("openid"));
        Assert.assertTrue(scope.contains("profile"));
        Assert.assertEquals(oIDCMetadata.getSectorIDURI(), new URI("https://example.org/sectorIdentifier"));
        Assert.assertEquals(oIDCMetadata.getSoftwareID().getValue(), "mockSoftwareId");
        Assert.assertEquals(oIDCMetadata.getSoftwareVersion().getValue(), "mockSoftwareVersion");
        Assert.assertEquals(oIDCMetadata.getTokenEndpointAuthMethod(), ClientAuthenticationMethod.CLIENT_SECRET_BASIC);
        Assert.assertEquals(oIDCMetadata.getTokenEndpointAuthJWSAlg(), JWSAlgorithm.RS512);
        Assert.assertEquals(oIDCMetadata.getUserInfoJWEAlg(), JWEAlgorithm.A192KW);
        Assert.assertEquals(oIDCMetadata.getUserInfoJWEEnc(), EncryptionMethod.A192GCM);
        Assert.assertEquals(oIDCMetadata.getUserInfoJWSAlg(), JWSAlgorithm.RS384);
        JWKSet jWKSet = oIDCMetadata.getJWKSet();
        Assert.assertEquals(jWKSet.getKeys().size(), 4);
        Assert.assertNotNull(jWKSet.getKeyByKeyId("mock"));
        Assert.assertNotNull(jWKSet.getKeyByKeyId("mockRSA"));
        Assert.assertNotNull(jWKSet.getKeyByKeyId("mockX509RSA"));
        Assert.assertNotNull(jWKSet.getKeyByKeyId("mockX509EC"));
        Set redirectionURIs = oIDCMetadata.getRedirectionURIs();
        Assert.assertEquals(redirectionURIs.size(), 2);
        Assert.assertTrue(redirectionURIs.contains(new URI("https://example.org/cb")));
        Assert.assertTrue(redirectionURIs.contains(new URI("https://example.org/cb2")));
        Assert.assertEquals(oIDCMetadata.getSubjectType(), SubjectType.PAIRWISE);
    }
}
