package io.jans.as.client.client.assertbuilders;

import io.jans.as.client.BaseTest;
import io.jans.as.client.JwkClient;
import io.jans.as.client.client.Asserter;
import io.jans.as.model.crypto.signature.SignatureAlgorithm;
import io.jans.as.model.jws.AbstractJwsSigner;
import io.jans.as.model.jws.ECDSASigner;
import io.jans.as.model.jws.HMACSigner;
import io.jans.as.model.jws.PlainTextSignature;
import io.jans.as.model.jws.RSASigner;
import io.jans.as.model.jwt.Jwt;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.util.ArrayList;
import java.util.Arrays;
import org.testng.Assert;

/* loaded from: input_file:io/jans/as/client/client/assertbuilders/JwtAssertBuilder.class */
public class JwtAssertBuilder extends BaseAssertBuilder {
    private Jwt jwt;
    private boolean notNullClaimsAddressdata;
    private boolean checkMemberOfClaimNoEmpty;
    private boolean notBlankDsHash;
    private String[] claimsNoPresence;
    private String authorizationCode;
    private String accessToken;
    private String state;
    private boolean notNullAccesTokenHash = false;
    private boolean notNullAuthenticationTime = false;
    private boolean notNullOxOpenIDConnectVersion = false;
    private boolean notNullAuthenticationContextClassReference = false;
    private boolean notNullAuthenticationMethodReferences = false;
    private String[] claimsPresence = null;
    private AbstractJwsSigner jwtSigner = null;

    public JwtAssertBuilder(Jwt jwt) {
        this.jwt = jwt;
    }

    public JwtAssertBuilder notNullAccesTokenHash() {
        this.notNullAccesTokenHash = true;
        return this;
    }

    public JwtAssertBuilder notBlankDsHash() {
        this.notBlankDsHash = true;
        return this;
    }

    public JwtAssertBuilder notNullAuthenticationTime() {
        this.notNullAuthenticationTime = true;
        return this;
    }

    public JwtAssertBuilder notNullOxOpenIDConnectVersion() {
        this.notNullOxOpenIDConnectVersion = true;
        return this;
    }

    public JwtAssertBuilder notNullAuthenticationContextClassReference() {
        this.notNullAuthenticationContextClassReference = true;
        return this;
    }

    public JwtAssertBuilder notNullAuthenticationMethodReferences() {
        this.notNullAuthenticationMethodReferences = true;
        return this;
    }

    public JwtAssertBuilder notNullClaimsAddressdata() {
        this.notNullClaimsAddressdata = true;
        return this;
    }

    public JwtAssertBuilder claimsPresence(String... strArr) {
        if (this.claimsPresence != null) {
            ArrayList arrayList = new ArrayList();
            arrayList.addAll(Arrays.asList(this.claimsPresence));
            arrayList.addAll(Arrays.asList(strArr));
            this.claimsPresence = (String[]) arrayList.toArray(new String[0]);
        } else {
            this.claimsPresence = strArr;
        }
        return this;
    }

    public JwtAssertBuilder claimsNoPresence(String... strArr) {
        if (this.claimsNoPresence != null) {
            ArrayList arrayList = new ArrayList();
            arrayList.addAll(Arrays.asList(this.claimsNoPresence));
            arrayList.addAll(Arrays.asList(strArr));
            this.claimsNoPresence = (String[]) arrayList.toArray(new String[0]);
        } else {
            this.claimsNoPresence = strArr;
        }
        return this;
    }

    public JwtAssertBuilder authorizationCode(String str) {
        this.authorizationCode = str;
        return this;
    }

    public JwtAssertBuilder state(String str) {
        this.state = str;
        return this;
    }

    public JwtAssertBuilder accessToken(String str) {
        this.accessToken = str;
        return this;
    }

    private void assertNotNullHeaderClaim(String str) {
        Assert.assertNotNull(this.jwt.getHeader().getClaimAsString(str), "Jwt Claim Header " + str + " is null");
    }

    private void assertNotNullClaim(String str) {
        Assert.assertNotNull(this.jwt.getClaims().getClaimAsString(str), "Jwt Claim " + str + " is null");
    }

    public JwtAssertBuilder claimMemberOfNoEmpty() {
        this.checkMemberOfClaimNoEmpty = true;
        return this;
    }

    public JwtAssertBuilder validateSignatureRSA(String str, SignatureAlgorithm signatureAlgorithm) {
        this.jwtSigner = new RSASigner(signatureAlgorithm, JwkClient.getRSAPublicKey(str, this.jwt.getHeader().getClaimAsString("kid")));
        return this;
    }

    public JwtAssertBuilder validateSignatureRSAClientEngine(String str, SignatureAlgorithm signatureAlgorithm) throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
        this.jwtSigner = new RSASigner(signatureAlgorithm, JwkClient.getRSAPublicKey(str, this.jwt.getHeader().getClaimAsString("kid"), BaseTest.clientEngine(true)));
        return this;
    }

    public JwtAssertBuilder validateSignatureECDSA(String str, SignatureAlgorithm signatureAlgorithm) {
        this.jwtSigner = new ECDSASigner(signatureAlgorithm, JwkClient.getECDSAPublicKey(str, this.jwt.getHeader().getClaimAsString("kid")));
        return this;
    }

    public JwtAssertBuilder validateSignatureHMAC(SignatureAlgorithm signatureAlgorithm, String str) {
        this.jwtSigner = new HMACSigner(signatureAlgorithm, str);
        return this;
    }

    public JwtAssertBuilder validateSignaturePlainText() {
        this.jwtSigner = new PlainTextSignature();
        return this;
    }

    @Override // io.jans.as.client.client.assertbuilders.BaseAssertBuilder
    public void check() {
        Assert.assertNotNull(this.jwt, "Jwt is null");
        assertNotNullHeaderClaim("typ");
        assertNotNullHeaderClaim("alg");
        assertNotNullClaim("iss");
        assertNotNullClaim("aud");
        assertNotNullClaim("exp");
        assertNotNullClaim("iat");
        assertNotNullClaim("sub");
        if (this.notNullAuthenticationTime) {
            assertNotNullClaim("auth_time");
        }
        if (this.notNullAccesTokenHash) {
            assertNotNullClaim("at_hash");
        }
        if (this.notNullOxOpenIDConnectVersion) {
            assertNotNullClaim("oxOpenIDConnectVersion");
        }
        if (this.notNullAuthenticationContextClassReference) {
            assertNotNullClaim("acr");
        }
        if (this.notNullAuthenticationMethodReferences) {
            assertNotNullClaim("amr");
        }
        if (this.checkMemberOfClaimNoEmpty) {
            Assert.assertNotNull(this.jwt.getClaims().getClaimAsStringList("member_of"));
            Assert.assertTrue(this.jwt.getClaims().getClaimAsStringList("member_of").size() > 1);
        }
        if (this.notBlankDsHash) {
            Asserter.assertNotBlank(this.jwt.getClaims().getClaimAsString("ds_hash"), "ds_hash claim is not present");
        }
        if (this.notNullClaimsAddressdata) {
            assertNotNullClaim("street_address");
            assertNotNullClaim("country");
            Assert.assertNotNull(this.jwt.getClaims().getClaim("address"));
            Assert.assertNotNull(Boolean.valueOf(this.jwt.getClaims().getClaimAsJSON("address").has("street_address")));
            Assert.assertNotNull(Boolean.valueOf(this.jwt.getClaims().getClaimAsJSON("address").has("country")));
            Assert.assertNotNull(Boolean.valueOf(this.jwt.getClaims().getClaimAsJSON("address").has("locality")));
            Assert.assertNotNull(Boolean.valueOf(this.jwt.getClaims().getClaimAsJSON("address").has("region")));
        }
        if (this.claimsPresence != null) {
            for (String str : this.claimsPresence) {
                Assert.assertNotNull(str, "Claim name is null");
                Assert.assertNotNull(this.jwt.getClaims().getClaimAsString(str), "Jwt Claim " + str + " is not found");
            }
        }
        if (this.claimsNoPresence != null) {
            for (String str2 : this.claimsNoPresence) {
                Assert.assertNotNull(str2, "Claim name is null");
                Assert.assertNull(this.jwt.getClaims().getClaimAsString(str2), "Jwt Claim " + str2 + " is found");
            }
        }
        if (this.jwtSigner != null) {
            Assert.assertTrue(this.jwtSigner.validate(this.jwt));
            if (this.authorizationCode != null) {
                Assert.assertTrue(this.jwtSigner.validateAuthorizationCode(this.authorizationCode, this.jwt));
            }
            if (this.accessToken != null) {
                Assert.assertNotNull(this.jwt.getClaims().getClaimAsString("at_hash"));
                Assert.assertTrue(this.jwtSigner.validateAccessToken(this.accessToken, this.jwt));
            }
            if (this.state != null) {
                Assert.assertNotNull(this.jwt.getClaims().getClaimAsString("s_hash"));
                Assert.assertTrue(this.jwtSigner.validateState(this.state, this.jwt));
            }
        }
    }
}
