package io.jans.as.client.ws.rs.token;

import io.jans.as.client.AuthorizationRequest;
import io.jans.as.client.AuthorizationResponse;
import io.jans.as.client.BaseTest;
import io.jans.as.client.RegisterResponse;
import io.jans.as.client.TokenClient;
import io.jans.as.client.TokenRequest;
import io.jans.as.client.TokenResponse;
import io.jans.as.client.UserInfoClient;
import io.jans.as.client.UserInfoResponse;
import io.jans.as.client.client.AssertBuilder;
import io.jans.as.model.common.AuthenticationMethod;
import io.jans.as.model.common.GrantType;
import io.jans.as.model.common.ResponseType;
import io.jans.as.model.crypto.signature.SignatureAlgorithm;
import io.jans.as.model.exception.InvalidJwtException;
import io.jans.util.Pair;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.util.Arrays;
import java.util.List;
import java.util.UUID;
import org.testng.Assert;
import org.testng.annotations.Parameters;
import org.testng.annotations.Test;

/* loaded from: input_file:io/jans/as/client/ws/rs/token/NativeSsoHttpTest.class */
public class NativeSsoHttpTest extends BaseTest {
    @Parameters({"userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri"})
    @Test
    public void nativeSso(String str, String str2, String str3, String str4, String str5) throws Exception {
        Pair<String, String> app1Flow = app1Flow(str, str2, str3, str4, str5);
        app2Flow((String) app1Flow.getFirst(), (String) app1Flow.getSecond(), str3, str5);
    }

    private Pair<String, String> app1Flow(String str, String str2, String str3, String str4, String str5) throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, InvalidJwtException {
        showTitle("APP 1 - Perform Authorization Code Flow");
        List<ResponseType> asList = Arrays.asList(ResponseType.CODE, ResponseType.ID_TOKEN);
        List<GrantType> asList2 = Arrays.asList(GrantType.AUTHORIZATION_CODE, GrantType.TOKEN_EXCHANGE);
        List<String> asList3 = Arrays.asList("openid", "profile", "device_sso", "email");
        RegisterResponse registerClient = registerClient(str3, asList, asList2, asList3, str5);
        String clientId = registerClient.getClientId();
        String clientSecret = registerClient.getClientSecret();
        AuthorizationResponse requestAuthorization = requestAuthorization(str, str2, str4, asList, asList3, clientId, UUID.randomUUID().toString());
        String scope = requestAuthorization.getScope();
        String code = requestAuthorization.getCode();
        Assert.assertTrue(scope.contains("device_sso"));
        TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
        tokenRequest.setCode(code);
        tokenRequest.setRedirectUri(str4);
        tokenRequest.setScope("");
        tokenRequest.setAuthUsername(clientId);
        tokenRequest.setAuthPassword(clientSecret);
        tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_BASIC);
        TokenClient newTokenClient = newTokenClient(tokenRequest);
        newTokenClient.setRequest(tokenRequest);
        TokenResponse exec = newTokenClient.exec();
        showClient(newTokenClient);
        AssertBuilder.tokenResponse(exec).notNullRefreshToken().notBlankDeviceToken().check();
        String deviceToken = exec.getDeviceToken();
        String idToken = exec.getIdToken();
        AssertBuilder.jwtParse(idToken).validateSignatureRSAClientEngine(this.jwksUri, SignatureAlgorithm.RS256).claimsPresence("c_hash").notNullAuthenticationTime().notNullJansOpenIDConnectVersion().notNullAuthenticationContextClassReference().notNullAuthenticationMethodReferences().notBlankDsHash().check();
        String accessToken = exec.getAccessToken();
        UserInfoClient userInfoClient = new UserInfoClient(this.userInfoEndpoint);
        userInfoClient.setExecutor(clientEngine(true));
        UserInfoResponse execUserInfo = userInfoClient.execUserInfo(accessToken);
        showClient(userInfoClient);
        AssertBuilder.userInfoResponse(execUserInfo).notNullClaimsPersonalData().claimsPresence("email", "birthdate", "gender", "middle_name").claimsPresence("nickname", "preferred_username", "profile").check();
        return new Pair<>(deviceToken, idToken);
    }

    private AuthorizationResponse requestAuthorization(String str, String str2, String str3, List<ResponseType> list, List<String> list2, String str4, String str5) {
        String uuid = UUID.randomUUID().toString();
        AuthorizationRequest authorizationRequest = new AuthorizationRequest(list, str4, list2, str3, str5);
        authorizationRequest.setState(uuid);
        AuthorizationResponse authenticateResourceOwnerAndGrantAccess = authenticateResourceOwnerAndGrantAccess(this.authorizationEndpoint, authorizationRequest, str, str2);
        AssertBuilder.authorizationResponse(authenticateResourceOwnerAndGrantAccess).check();
        return authenticateResourceOwnerAndGrantAccess;
    }

    private void app2Flow(String str, String str2, String str3, String str4) throws InvalidJwtException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
        showTitle("APP 2 - Token Exchange with device_token and id_token");
        showTitle("APP 2 gets device_token and id_token via shared secured storage (here we just emulate it.)");
        RegisterResponse registerClient = registerClient(str3, Arrays.asList(ResponseType.CODE, ResponseType.ID_TOKEN), Arrays.asList(GrantType.AUTHORIZATION_CODE, GrantType.TOKEN_EXCHANGE), Arrays.asList("openid", "profile", "device_sso", "email"), str4);
        String clientId = registerClient.getClientId();
        String clientSecret = registerClient.getClientSecret();
        TokenRequest tokenRequest = new TokenRequest(GrantType.TOKEN_EXCHANGE);
        tokenRequest.setAudience(this.issuer);
        tokenRequest.setScope("openid profile email");
        tokenRequest.setSubjectToken(str2);
        tokenRequest.setSubjectTokenType("urn:ietf:params:oauth:token-type:id_token");
        tokenRequest.setActorToken(str);
        tokenRequest.setActorTokenType("urn:x-oath:params:oauth:token-type:device-secret");
        tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_BASIC);
        tokenRequest.setAuthUsername(clientId);
        tokenRequest.setAuthPassword(clientSecret);
        TokenClient newTokenClient = newTokenClient(tokenRequest);
        newTokenClient.setRequest(tokenRequest);
        TokenResponse exec = newTokenClient.exec();
        showTitle("APP 2:");
        showClient(newTokenClient);
        AssertBuilder.tokenResponse(exec).notNullRefreshToken().check();
        String accessToken = exec.getAccessToken();
        UserInfoClient userInfoClient = new UserInfoClient(this.userInfoEndpoint);
        userInfoClient.setExecutor(clientEngine(true));
        UserInfoResponse execUserInfo = userInfoClient.execUserInfo(accessToken);
        showClient(userInfoClient);
        AssertBuilder.userInfoResponse(execUserInfo).notNullClaimsPersonalData().claimsPresence("email", "birthdate", "gender", "middle_name").claimsPresence("nickname", "preferred_username", "profile").check();
    }
}
