package io.jans.as.client.ciba;

import io.jans.as.client.AuthorizationRequest;
import io.jans.as.client.AuthorizationResponse;
import io.jans.as.client.AuthorizeClient;
import io.jans.as.client.BackchannelAuthenticationClient;
import io.jans.as.client.BackchannelAuthenticationRequest;
import io.jans.as.client.BackchannelAuthenticationResponse;
import io.jans.as.client.BaseTest;
import io.jans.as.client.RegisterClient;
import io.jans.as.client.RegisterRequest;
import io.jans.as.client.RegisterResponse;
import io.jans.as.client.client.AssertBuilder;
import io.jans.as.client.model.authorize.JwtAuthorizationRequest;
import io.jans.as.client.ws.rs.Tester;
import io.jans.as.model.ciba.BackchannelAuthenticationErrorResponseType;
import io.jans.as.model.common.BackchannelTokenDeliveryMode;
import io.jans.as.model.common.GrantType;
import io.jans.as.model.common.ResponseType;
import io.jans.as.model.crypto.AuthCryptoProvider;
import io.jans.as.model.crypto.signature.AsymmetricSignatureAlgorithm;
import io.jans.as.model.crypto.signature.SignatureAlgorithm;
import io.jans.as.model.register.ApplicationType;
import io.jans.as.model.util.StringUtils;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.UUID;
import org.apache.commons.lang.time.DateUtils;
import org.testng.annotations.Parameters;
import org.testng.annotations.Test;

/* loaded from: input_file:io/jans/as/client/ciba/CibaPingModeJwtAuthRequestTests.class */
public class CibaPingModeJwtAuthRequestTests extends BaseTest {
    private RegisterResponse registerResponse;
    private String idTokenHintRS384;

    @Parameters({"PS256_keyId", "userId", "dnName", "keyStoreFile", "keyStoreSecret", "clientJwksUri", "backchannelClientNotificationEndpoint"})
    @Test
    public void pingFlowPS256HappyFlow(String str, String str2, String str3, String str4, String str5, String str6, String str7) throws Exception {
        showTitle("pingFlowPS256HappyFlow");
        registerPingClient(str6, BackchannelTokenDeliveryMode.PING, AsymmetricSignatureAlgorithm.PS256, str7);
        processCibaAuthorizationEndpointSuccessfulCall(createJwtRequest(str4, str5, str3, str2, str, SignatureAlgorithm.PS256).getEncodedJwt(), this.registerResponse.getClientId(), this.registerResponse.getClientSecret());
    }

    @Parameters({"PS384_keyId", "userId", "dnName", "keyStoreFile", "keyStoreSecret", "clientJwksUri", "backchannelClientNotificationEndpoint"})
    @Test
    public void pingFlowPS384HappyFlow(String str, String str2, String str3, String str4, String str5, String str6, String str7) throws Exception {
        showTitle("pingFlowPS384HappyFlow");
        registerPingClient(str6, BackchannelTokenDeliveryMode.PING, AsymmetricSignatureAlgorithm.PS384, str7);
        processCibaAuthorizationEndpointSuccessfulCall(createJwtRequest(str4, str5, str3, str2, str, SignatureAlgorithm.PS384).getEncodedJwt(), this.registerResponse.getClientId(), this.registerResponse.getClientSecret());
    }

    @Parameters({"PS512_keyId", "userId", "dnName", "keyStoreFile", "keyStoreSecret", "clientJwksUri", "backchannelClientNotificationEndpoint"})
    @Test
    public void pingFlowPS512HappyFlow(String str, String str2, String str3, String str4, String str5, String str6, String str7) throws Exception {
        showTitle("pingFlowPS512HappyFlow");
        registerPingClient(str6, BackchannelTokenDeliveryMode.PING, AsymmetricSignatureAlgorithm.PS512, str7);
        processCibaAuthorizationEndpointSuccessfulCall(createJwtRequest(str4, str5, str3, str2, str, SignatureAlgorithm.PS512).getEncodedJwt(), this.registerResponse.getClientId(), this.registerResponse.getClientSecret());
    }

    @Parameters({"ES256_keyId", "userId", "dnName", "keyStoreFile", "keyStoreSecret", "clientJwksUri", "backchannelClientNotificationEndpoint"})
    @Test
    public void pingFlowES256HappyFlow(String str, String str2, String str3, String str4, String str5, String str6, String str7) throws Exception {
        showTitle("pingFlowES256HappyFlow");
        registerPingClient(str6, BackchannelTokenDeliveryMode.PING, AsymmetricSignatureAlgorithm.ES256, str7);
        processCibaAuthorizationEndpointSuccessfulCall(createJwtRequest(str4, str5, str3, str2, str, SignatureAlgorithm.ES256).getEncodedJwt(), this.registerResponse.getClientId(), this.registerResponse.getClientSecret());
    }

    @Parameters({"ES384_keyId", "userId", "dnName", "keyStoreFile", "keyStoreSecret", "clientJwksUri", "backchannelClientNotificationEndpoint"})
    @Test
    public void pingFlowES384HappyFlow(String str, String str2, String str3, String str4, String str5, String str6, String str7) throws Exception {
        showTitle("pingFlowES384HappyFlow");
        registerPingClient(str6, BackchannelTokenDeliveryMode.PING, AsymmetricSignatureAlgorithm.ES384, str7);
        processCibaAuthorizationEndpointSuccessfulCall(createJwtRequest(str4, str5, str3, str2, str, SignatureAlgorithm.ES384).getEncodedJwt(), this.registerResponse.getClientId(), this.registerResponse.getClientSecret());
    }

    @Parameters({"ES512_keyId", "userId", "dnName", "keyStoreFile", "keyStoreSecret", "clientJwksUri", "backchannelClientNotificationEndpoint"})
    @Test
    public void pingFlowES512HappyFlow(String str, String str2, String str3, String str4, String str5, String str6, String str7) throws Exception {
        showTitle("pingFlowES512HappyFlow");
        registerPingClient(str6, BackchannelTokenDeliveryMode.PING, AsymmetricSignatureAlgorithm.ES512, str7);
        processCibaAuthorizationEndpointSuccessfulCall(createJwtRequest(str4, str5, str3, str2, str, SignatureAlgorithm.ES512).getEncodedJwt(), this.registerResponse.getClientId(), this.registerResponse.getClientSecret());
    }

    @Parameters({"PS256_keyId", "userId", "dnName", "keyStoreFile", "keyStoreSecret", "clientJwksUri", "backchannelClientNotificationEndpoint"})
    @Test
    public void cibaPingJWTRequestDataValidations(String str, String str2, String str3, String str4, String str5, String str6, String str7) throws Exception {
        showTitle("cibaPingJWTRequestDataValidations");
        registerPingClient(str6, BackchannelTokenDeliveryMode.PING, AsymmetricSignatureAlgorithm.PS256, str7);
        String clientId = this.registerResponse.getClientId();
        JwtAuthorizationRequest createJwtRequest = createJwtRequest(str4, str5, str3, str2, str, SignatureAlgorithm.PS256);
        createJwtRequest.setAud((String) null);
        processCibaAuthorizationEndpointFailCall(createJwtRequest.getEncodedJwt(), clientId, this.registerResponse.getClientSecret(), 400, BackchannelAuthenticationErrorResponseType.INVALID_REQUEST);
        JwtAuthorizationRequest createJwtRequest2 = createJwtRequest(str4, str5, str3, str2, str, SignatureAlgorithm.PS256);
        createJwtRequest2.setLoginHint((String) null);
        processCibaAuthorizationEndpointFailCall(createJwtRequest2.getEncodedJwt(), clientId, this.registerResponse.getClientSecret(), 400, BackchannelAuthenticationErrorResponseType.UNKNOWN_USER_ID);
        JwtAuthorizationRequest createJwtRequest3 = createJwtRequest(str4, str5, str3, str2, str, SignatureAlgorithm.PS256);
        createJwtRequest3.setBindingMessage("(/)=&/(%&/(%$/&($%/&)");
        processCibaAuthorizationEndpointFailCall(createJwtRequest3.getEncodedJwt(), clientId, this.registerResponse.getClientSecret(), 400, BackchannelAuthenticationErrorResponseType.INVALID_BINDING_MESSAGE);
        JwtAuthorizationRequest createJwtRequest4 = createJwtRequest(str4, str5, str3, str2, str, SignatureAlgorithm.PS256);
        createJwtRequest4.setClientId("abcabcabcabcabcabcabcabcabcabc");
        processCibaAuthorizationEndpointFailCall(createJwtRequest4.getEncodedJwt(), "abcabcabcabcabcabcabcabcabcabc", this.registerResponse.getClientSecret(), 401, BackchannelAuthenticationErrorResponseType.INVALID_CLIENT);
        JwtAuthorizationRequest createJwtRequest5 = createJwtRequest(str4, str5, str3, str2, str, SignatureAlgorithm.PS256);
        createJwtRequest5.setClientNotificationToken((String) null);
        processCibaAuthorizationEndpointFailCall(createJwtRequest5.getEncodedJwt(), clientId, this.registerResponse.getClientSecret(), 400, BackchannelAuthenticationErrorResponseType.INVALID_REQUEST);
    }

    @Parameters({"PS256_keyId", "userId", "dnName", "keyStoreFile", "keyStoreSecret", "clientJwksUri", "backchannelClientNotificationEndpoint"})
    @Test(dependsOnMethods = {"idTokenHintRS384"})
    public void cibaPingJWTRequestIdTokenHint(String str, String str2, String str3, String str4, String str5, String str6, String str7) throws Exception {
        showTitle("cibaPingJWTRequestIdTokenHint");
        registerPingClient(str6, BackchannelTokenDeliveryMode.PING, AsymmetricSignatureAlgorithm.PS256, str7);
        JwtAuthorizationRequest createJwtRequest = createJwtRequest(str4, str5, str3, str2, str, SignatureAlgorithm.PS256);
        createJwtRequest.setLoginHint((String) null);
        createJwtRequest.setIdTokenHint(this.idTokenHintRS384);
        processCibaAuthorizationEndpointSuccessfulCall(createJwtRequest.getEncodedJwt(), this.registerResponse.getClientId(), this.registerResponse.getClientSecret());
    }

    @Parameters({"PS256_keyId", "userId", "dnName", "keyStoreFile", "keyStoreSecret", "clientJwksUri", "backchannelClientNotificationEndpoint"})
    @Test
    public void cibaPingJWTRequestWrongSigning(String str, String str2, String str3, String str4, String str5, String str6, String str7) throws Exception {
        showTitle("cibaPingJWTRequestWrongSigning");
        registerPingClient(str6, BackchannelTokenDeliveryMode.PING, AsymmetricSignatureAlgorithm.PS256, str7);
        String[] split = createJwtRequest(str4, str5, str3, str2, str, SignatureAlgorithm.PS256).getEncodedJwt().split("\\.");
        processCibaAuthorizationEndpointFailCall(split[0] + "." + split[1] + ".WRONG-SIGNING", this.registerResponse.getClientId(), this.registerResponse.getClientSecret(), 400, BackchannelAuthenticationErrorResponseType.INVALID_REQUEST);
    }

    private void registerPingClient(String str, BackchannelTokenDeliveryMode backchannelTokenDeliveryMode, AsymmetricSignatureAlgorithm asymmetricSignatureAlgorithm, String str2) {
        RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", (List) null);
        registerRequest.setJwksUri(str);
        registerRequest.setGrantTypes(Collections.singletonList(GrantType.CIBA));
        registerRequest.setScope(Tester.standardScopes);
        registerRequest.setBackchannelTokenDeliveryMode(backchannelTokenDeliveryMode);
        registerRequest.setBackchannelAuthenticationRequestSigningAlg(asymmetricSignatureAlgorithm);
        registerRequest.setBackchannelUserCodeParameter(false);
        registerRequest.setBackchannelClientNotificationEndpoint(str2);
        RegisterClient registerClient = new RegisterClient(this.registrationEndpoint);
        registerClient.setRequest(registerRequest);
        this.registerResponse = registerClient.exec();
        showClient(registerClient);
        AssertBuilder.registerResponse(this.registerResponse).created().backchannelTokenDeliveryMode(backchannelTokenDeliveryMode).backchannelRequestSigningAlgorithm(asymmetricSignatureAlgorithm).backchannelUserCodeParameter(false).check();
    }

    private void processCibaAuthorizationEndpointSuccessfulCall(String str, String str2, String str3) {
        BackchannelAuthenticationRequest backchannelAuthenticationRequest = new BackchannelAuthenticationRequest();
        backchannelAuthenticationRequest.setRequest(str);
        backchannelAuthenticationRequest.setClientId(str2);
        backchannelAuthenticationRequest.setAuthUsername(str2);
        backchannelAuthenticationRequest.setAuthPassword(str3);
        BackchannelAuthenticationClient backchannelAuthenticationClient = new BackchannelAuthenticationClient(this.backchannelAuthenticationEndpoint);
        backchannelAuthenticationClient.setRequest(backchannelAuthenticationRequest);
        BackchannelAuthenticationResponse exec = backchannelAuthenticationClient.exec();
        showClient(backchannelAuthenticationClient);
        AssertBuilder.backchannelAuthenticationResponse(exec).ok().check();
    }

    private void processCibaAuthorizationEndpointFailCall(String str, String str2, String str3, int i, BackchannelAuthenticationErrorResponseType backchannelAuthenticationErrorResponseType) {
        BackchannelAuthenticationRequest backchannelAuthenticationRequest = new BackchannelAuthenticationRequest();
        backchannelAuthenticationRequest.setRequest(str);
        backchannelAuthenticationRequest.setClientId(str2);
        backchannelAuthenticationRequest.setAuthUsername(str2);
        backchannelAuthenticationRequest.setAuthPassword(str3);
        BackchannelAuthenticationClient backchannelAuthenticationClient = new BackchannelAuthenticationClient(this.backchannelAuthenticationEndpoint);
        backchannelAuthenticationClient.setRequest(backchannelAuthenticationRequest);
        BackchannelAuthenticationResponse exec = backchannelAuthenticationClient.exec();
        showClient(backchannelAuthenticationClient);
        AssertBuilder.backchannelAuthenticationResponse(exec).status(i).errorResponseType(backchannelAuthenticationErrorResponseType).nullAuthReqId().nullExpiresIn().nullInterval().check();
    }

    private JwtAuthorizationRequest createJwtRequest(String str, String str2, String str3, String str4, String str5, SignatureAlgorithm signatureAlgorithm) throws Exception {
        AuthCryptoProvider authCryptoProvider = new AuthCryptoProvider(str, str2, str3);
        String clientId = this.registerResponse.getClientId();
        int currentTimeMillis = (int) (System.currentTimeMillis() / 1000);
        JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest((AuthorizationRequest) null, signatureAlgorithm, authCryptoProvider);
        jwtAuthorizationRequest.setClientNotificationToken("notification-token-123");
        jwtAuthorizationRequest.setAud(this.issuer);
        jwtAuthorizationRequest.setLoginHint(str4);
        jwtAuthorizationRequest.setNbf(Integer.valueOf(currentTimeMillis));
        jwtAuthorizationRequest.setScopes(Collections.singletonList("openid"));
        jwtAuthorizationRequest.setIss(clientId);
        jwtAuthorizationRequest.setBindingMessage("1234");
        jwtAuthorizationRequest.setExp(Integer.valueOf((int) (DateUtils.addMinutes(new Date(), 5).getTime() / 1000)));
        jwtAuthorizationRequest.setIat(Integer.valueOf(currentTimeMillis));
        jwtAuthorizationRequest.setJti(UUID.randomUUID().toString());
        jwtAuthorizationRequest.setKeyId(str5);
        return jwtAuthorizationRequest;
    }

    @Parameters({"userId", "userSecret", "redirectUri", "redirectUris", "sectorIdentifierUri"})
    @Test
    public void idTokenHintRS384(String str, String str2, String str3, String str4, String str5) throws Exception {
        showTitle("idTokenHintRS384");
        List<ResponseType> asList = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
        List singletonList = Collections.singletonList("openid");
        RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(str4));
        registerRequest.setResponseTypes(asList);
        registerRequest.setSectorIdentifierUri(str5);
        registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.RS384);
        registerRequest.setScope(singletonList);
        RegisterClient registerClient = new RegisterClient(this.registrationEndpoint);
        registerClient.setRequest(registerRequest);
        RegisterResponse exec = registerClient.exec();
        showClient(registerClient);
        AssertBuilder.registerResponse(exec).created().check();
        String clientId = exec.getClientId();
        String uuid = UUID.randomUUID().toString();
        String uuid2 = UUID.randomUUID().toString();
        AuthorizationRequest authorizationRequest = new AuthorizationRequest(asList, clientId, singletonList, str3, uuid);
        authorizationRequest.setState(uuid2);
        new AuthorizeClient(this.authorizationEndpoint).setRequest(authorizationRequest);
        AuthorizationResponse authenticateResourceOwnerAndGrantAccess = authenticateResourceOwnerAndGrantAccess(this.authorizationEndpoint, authorizationRequest, str, str2);
        AssertBuilder.authorizationResponse(authenticateResourceOwnerAndGrantAccess).responseTypes(asList).check();
        String idToken = authenticateResourceOwnerAndGrantAccess.getIdToken();
        AssertBuilder.jwtParse(idToken).validateSignatureRSA(this.jwksUri, SignatureAlgorithm.RS384).notNullAccesTokenHash().notNullAuthenticationTime().check();
        this.idTokenHintRS384 = idToken;
    }
}
