package net.shibboleth.oidc.profile.impl;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.oauth2.sdk.ParseException;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.minidev.json.JSONArray;
import net.shibboleth.idp.profile.context.navigate.WebflowRequestContextProfileRequestContextLookup;
import net.shibboleth.idp.profile.testing.ActionTestingSupport;
import net.shibboleth.idp.profile.testing.RequestContextBuilder;
import net.shibboleth.oidc.profile.config.JSONSecurityConfiguration;
import net.shibboleth.oidc.profile.config.impl.DefaultOIDCPublishKeySetConfiguration;
import net.shibboleth.oidc.profile.config.navigate.JWKCredentialsToPublishLookupStrategy;
import net.shibboleth.oidc.profile.messaging.JSONSuccessResponse;
import net.shibboleth.oidc.security.credential.BasicJWKCredentialFactoryBean;
import net.shibboleth.oidc.security.credential.JOSEObjectCredentialResolver;
import net.shibboleth.oidc.security.jose.DecryptionConfiguration;
import net.shibboleth.oidc.security.jose.SignatureSigningConfiguration;
import net.shibboleth.profile.config.ProfileConfiguration;
import net.shibboleth.profile.context.RelyingPartyContext;
import net.shibboleth.shared.annotation.ParameterName;
import net.shibboleth.shared.component.ComponentInitializationException;
import net.shibboleth.shared.logic.Constraint;
import net.shibboleth.shared.resolver.CriteriaSet;
import net.shibboleth.shared.resolver.ResolverException;
import org.mockito.Mockito;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.security.config.SecurityConfiguration;
import org.opensaml.security.credential.Credential;
import org.springframework.core.io.ClassPathResource;
import org.springframework.webflow.execution.RequestContext;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:net/shibboleth/oidc/profile/impl/FormOutboundKeySetResponseMessageTest.class */
public class FormOutboundKeySetResponseMessageTest {
    private ProfileRequestContext profileRequestCtx;
    private FormOutboundKeySetResponseMessage action;
    private RequestContext requestCtx;
    private DefaultOIDCPublishKeySetConfiguration profileConf;
    private RelyingPartyContext rpCtx;

    /* loaded from: input_file:net/shibboleth/oidc/profile/impl/FormOutboundKeySetResponseMessageTest$MockReturnAllCollectionJOSEObjectCredentialResolver.class */
    private static class MockReturnAllCollectionJOSEObjectCredentialResolver implements JOSEObjectCredentialResolver {

        @Nonnull
        private final List<Credential> collection;

        public MockReturnAllCollectionJOSEObjectCredentialResolver(@ParameterName(name = "credentials") @Nonnull List<Credential> list) {
            Constraint.isNotNull(list, "Input credentials list cannot be null");
            this.collection = new ArrayList(list);
        }

        @Nonnull
        public Iterable<Credential> resolve(@Nullable CriteriaSet criteriaSet) throws ResolverException {
            return this.collection;
        }

        @Nullable
        public Credential resolveSingle(@Nullable CriteriaSet criteriaSet) throws ResolverException {
            Iterable<Credential> resolve = resolve(criteriaSet);
            if (resolve.iterator().hasNext()) {
                return resolve.iterator().next();
            }
            return null;
        }
    }

    @BeforeMethod
    public void init() throws Exception {
        this.requestCtx = new RequestContextBuilder().buildRequestContext();
        MessageContext messageContext = new MessageContext();
        this.profileRequestCtx = new WebflowRequestContextProfileRequestContextLookup().apply(this.requestCtx);
        this.profileRequestCtx.setOutboundMessageContext(messageContext);
        this.rpCtx = this.profileRequestCtx.ensureSubcontext(RelyingPartyContext.class);
        ArrayList arrayList = new ArrayList();
        BasicJWKCredentialFactoryBean basicJWKCredentialFactoryBean = new BasicJWKCredentialFactoryBean();
        basicJWKCredentialFactoryBean.setResource(new ClassPathResource("credentials/idp-signing-es.jwk"));
        basicJWKCredentialFactoryBean.afterPropertiesSet();
        arrayList.add((Credential) basicJWKCredentialFactoryBean.getObject());
        BasicJWKCredentialFactoryBean basicJWKCredentialFactoryBean2 = new BasicJWKCredentialFactoryBean();
        basicJWKCredentialFactoryBean2.setResource(new ClassPathResource("credentials/idp-signing-rs.jwk"));
        basicJWKCredentialFactoryBean2.afterPropertiesSet();
        arrayList.add((Credential) basicJWKCredentialFactoryBean2.getObject());
        BasicJWKCredentialFactoryBean basicJWKCredentialFactoryBean3 = new BasicJWKCredentialFactoryBean();
        basicJWKCredentialFactoryBean3.setResource(new ClassPathResource("credentials/idp-encryption-rsa.jwk"));
        basicJWKCredentialFactoryBean3.afterPropertiesSet();
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add((Credential) basicJWKCredentialFactoryBean3.getObject());
        SignatureSigningConfiguration signatureSigningConfiguration = (SignatureSigningConfiguration) Mockito.mock(SignatureSigningConfiguration.class);
        Mockito.when(signatureSigningConfiguration.getSigningCredentials()).thenReturn(arrayList);
        DecryptionConfiguration decryptionConfiguration = (DecryptionConfiguration) Mockito.mock(DecryptionConfiguration.class);
        Mockito.when(decryptionConfiguration.getKEKCredentialResolver()).thenReturn(new MockReturnAllCollectionJOSEObjectCredentialResolver(arrayList2));
        JSONSecurityConfiguration jSONSecurityConfiguration = new JSONSecurityConfiguration();
        jSONSecurityConfiguration.setJwtSignatureSigningConfiguration(signatureSigningConfiguration);
        jSONSecurityConfiguration.setJwtDecryptionConfiguration(decryptionConfiguration);
        this.profileConf = new DefaultOIDCPublishKeySetConfiguration();
        this.profileConf.setSecurityConfiguration(jSONSecurityConfiguration);
        this.rpCtx.setProfileConfig(this.profileConf);
        this.action = new FormOutboundKeySetResponseMessage();
        this.action.setCredentialsToPublishLookupStrategy(new JWKCredentialsToPublishLookupStrategy());
        this.action.initialize();
    }

    @Test
    public void testSuccessMessage() throws ComponentInitializationException, URISyntaxException, ParseException, JOSEException, java.text.ParseException {
        ActionTestingSupport.assertProceedEvent(this.action.execute(this.requestCtx));
        Assert.assertTrue(this.profileRequestCtx.ensureOutboundMessageContext().getMessage() instanceof JSONSuccessResponse);
        JSONSuccessResponse jSONSuccessResponse = (JSONSuccessResponse) this.profileRequestCtx.ensureOutboundMessageContext().ensureMessage();
        Assert.assertTrue(jSONSuccessResponse.indicatesSuccess());
        Assert.assertEquals(((JSONArray) jSONSuccessResponse.toHTTPResponse().getContentAsJSONObject().get("keys")).size(), 3);
    }

    @Test
    public void testFailNoSecConf() throws ComponentInitializationException, URISyntaxException, ParseException, JOSEException {
        this.profileConf.setSecurityConfiguration((SecurityConfiguration) null);
        ActionTestingSupport.assertEvent(this.action.execute(this.requestCtx), "InvalidSecurityConfiguration");
    }

    @Test
    public void testFailNoProfileConf() throws ComponentInitializationException, URISyntaxException, ParseException, JOSEException {
        this.rpCtx.setProfileConfig((ProfileConfiguration) null);
        ActionTestingSupport.assertEvent(this.action.execute(this.requestCtx), "InvalidRelyingPartyContext");
    }

    @Test
    public void testFailNoRPCtx() throws ComponentInitializationException, URISyntaxException, ParseException, JOSEException {
        this.profileRequestCtx.removeSubcontext(RelyingPartyContext.class);
        ActionTestingSupport.assertEvent(this.action.execute(this.requestCtx), "InvalidRelyingPartyContext");
    }
}
