package io.jans.as.server.register.ws.rs;

import io.jans.as.model.configuration.AppConfiguration;
import io.jans.as.model.crypto.AbstractCryptoProvider;
import io.jans.as.model.crypto.signature.SignatureAlgorithm;
import io.jans.as.model.exception.CryptoProviderException;
import io.jans.as.model.exception.InvalidJwtException;
import io.jans.as.model.jwt.Jwt;
import io.jans.as.model.jwt.JwtClaims;
import io.jans.as.model.ssa.SsaValidationConfig;
import io.jans.as.model.ssa.SsaValidationType;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.UUID;
import org.json.JSONObject;
import org.mockito.ArgumentMatchers;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.Spy;
import org.mockito.testng.MockitoTestNGListener;
import org.slf4j.Logger;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Listeners;
import org.testng.annotations.Test;

@Listeners({MockitoTestNGListener.class})
/* loaded from: input_file:io/jans/as/server/register/ws/rs/SsaValidationConfigServiceTest.class */
public class SsaValidationConfigServiceTest {

    @InjectMocks
    @Spy
    private SsaValidationConfigService ssaValidationConfigService;

    @Mock
    private AppConfiguration appConfiguration;

    @Mock
    private Logger log;

    @Mock
    private AbstractCryptoProvider cryptoProvider;

    @BeforeMethod
    public void setUp() {
        SsaValidationConfig ssaValidationConfig = new SsaValidationConfig();
        ssaValidationConfig.setId(UUID.randomUUID().toString());
        ssaValidationConfig.setType(SsaValidationType.DCR);
        ssaValidationConfig.setIssuers(Collections.singletonList("Acme"));
        ssaValidationConfig.setScopes(Arrays.asList("read", "write"));
        ssaValidationConfig.setAllowedClaims(Arrays.asList("exp", "iat"));
        ssaValidationConfig.setJwks("{}");
        ssaValidationConfig.setSharedSecret("secret");
        SsaValidationConfig ssaValidationConfig2 = new SsaValidationConfig();
        ssaValidationConfig2.setId(UUID.randomUUID().toString());
        ssaValidationConfig2.setType(SsaValidationType.SSA);
        ssaValidationConfig2.setIssuers(Collections.singletonList("jans-auth"));
        ssaValidationConfig2.setScopes(Arrays.asList("my_read", "my_write"));
        ssaValidationConfig2.setAllowedClaims(Arrays.asList("test_exp", "test_iat"));
        ssaValidationConfig2.setJwks("{}");
        ssaValidationConfig2.setSharedSecret("secret");
        SsaValidationConfig ssaValidationConfig3 = new SsaValidationConfig();
        ssaValidationConfig3.setId(UUID.randomUUID().toString());
        ssaValidationConfig3.setType(SsaValidationType.SSA);
        ssaValidationConfig3.setIssuers(Collections.singletonList("empty"));
        ssaValidationConfig3.setJwks("{}");
        ssaValidationConfig3.setSharedSecret("secret");
        Mockito.lenient().when(this.appConfiguration.getDcrSsaValidationConfigs()).thenReturn(Arrays.asList(ssaValidationConfig, ssaValidationConfig2, ssaValidationConfig3));
    }

    @Test
    public void getByIssuer_whenCalledWithWrongIssuer_shouldReturnEmptyList() {
        Assert.assertTrue(this.ssaValidationConfigService.getByIssuer("none_existent_issuer", SsaValidationType.DCR).isEmpty());
        Assert.assertTrue(this.ssaValidationConfigService.getByIssuer("none_existent_issuer", SsaValidationType.SSA).isEmpty());
        Assert.assertTrue(this.ssaValidationConfigService.getByIssuer("none_existent_issuer", SsaValidationType.NONE).isEmpty());
        Assert.assertTrue(this.ssaValidationConfigService.getByIssuer("none_existent_issuer", (SsaValidationType) null).isEmpty());
    }

    @Test
    public void getByIssuer_whenCalledExistingIssuer_shouldReturnNonEmptyList() {
        List byIssuer = this.ssaValidationConfigService.getByIssuer("Acme", SsaValidationType.DCR);
        org.junit.Assert.assertFalse(byIssuer.isEmpty());
        Assert.assertTrue(((SsaValidationConfig) byIssuer.iterator().next()).getIssuers().contains("Acme"));
        List byIssuer2 = this.ssaValidationConfigService.getByIssuer("jans-auth", SsaValidationType.SSA);
        org.junit.Assert.assertFalse(byIssuer2.isEmpty());
        Assert.assertTrue(((SsaValidationConfig) byIssuer2.iterator().next()).getIssuers().contains("jans-auth"));
    }

    @Test
    public void prepareSsaJsonObject_whenScopesAreSet_shouldOverwriteScopesInResultObject() throws InvalidJwtException {
        JwtClaims jwtClaims = new JwtClaims();
        jwtClaims.setClaim("scope", Arrays.asList("scope1", "scope2"));
        SsaValidationConfig ssaValidationConfig = new SsaValidationConfig();
        ssaValidationConfig.setScopes(Arrays.asList("config_scope1", "config_scope2"));
        Assert.assertEquals(this.ssaValidationConfigService.prepareSsaJsonObject(jwtClaims, ssaValidationConfig).get("scope"), "config_scope1 config_scope2");
    }

    @Test
    public void prepareSsaJsonObject_whenClaimsAreSet_shouldOverwriteClaimsInResultObject() throws InvalidJwtException {
        JwtClaims jwtClaims = new JwtClaims();
        jwtClaims.setClaim("claims", Arrays.asList("claim1", "claim2"));
        SsaValidationConfig ssaValidationConfig = new SsaValidationConfig();
        ssaValidationConfig.setAllowedClaims(Arrays.asList("config_claim1", "config_claim2"));
        Assert.assertEquals(this.ssaValidationConfigService.prepareSsaJsonObject(jwtClaims, ssaValidationConfig).get("claims"), "config_claim1 config_claim2");
    }

    @Test
    public void validateSsaForBuiltIn_whenVerifiedSuccessfullyAndHasScopesAndClaimsSet_shouldOverwriteScopesAndClaims() throws InvalidJwtException, CryptoProviderException {
        Mockito.when(Boolean.valueOf(this.cryptoProvider.verifySignature((String) ArgumentMatchers.any(), (String) ArgumentMatchers.any(), (String) ArgumentMatchers.any(), (JSONObject) ArgumentMatchers.any(), (String) ArgumentMatchers.any(), (SignatureAlgorithm) ArgumentMatchers.any()))).thenReturn(true);
        JSONObject validateSsaForBuiltIn = this.ssaValidationConfigService.validateSsaForBuiltIn(Jwt.parseOrThrow("eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqYW5zLWF1dGgiLCJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsInNjb3BlIjoic2NvcGUxIHNjb3BlMiIsImNsYWltcyI6ImNsYWltMSBjbGFpbTIiLCJpYXQiOjE2Njk4MDY3NjMsImV4cCI6MTY2OTgxMDM2M30.nR3LURANa5YAxOcLRdeFh0YjHbNA6roIUOhDfvhNeAw"));
        Assert.assertEquals(validateSsaForBuiltIn.get("scope"), "my_read my_write");
        Assert.assertEquals(validateSsaForBuiltIn.get("claims"), "test_exp test_iat");
    }

    @Test
    public void validateSsaForBuiltIn_whenVerifiedSuccessfullyAndHasNoScopesAndClaimsSet_shouldHaveOriginalJwtScopesAndClaims() throws InvalidJwtException, CryptoProviderException {
        Mockito.when(Boolean.valueOf(this.cryptoProvider.verifySignature((String) ArgumentMatchers.any(), (String) ArgumentMatchers.any(), (String) ArgumentMatchers.any(), (JSONObject) ArgumentMatchers.any(), (String) ArgumentMatchers.any(), (SignatureAlgorithm) ArgumentMatchers.any()))).thenReturn(true);
        Jwt parseOrThrow = Jwt.parseOrThrow("eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJlbXB0eSIsInN1YiI6IjEyMzQ1Njc4OTAiLCJuYW1lIjoiSm9obiBEb2UiLCJhZG1pbiI6dHJ1ZSwic2NvcGUiOiJzY29wZTEgc2NvcGUyIiwiY2xhaW1zIjoiY2xhaW0xIGNsYWltMiIsImlhdCI6MTY2OTgwNjc2MywiZXhwIjoxNjY5ODEwMzYzfQ.db0WQh2lmHkNYCWT8tSW684hqWTPJDTElppy42XM_lc");
        Object claim = parseOrThrow.getClaims().getClaim("scope");
        Object claim2 = parseOrThrow.getClaims().getClaim("claims");
        JSONObject validateSsaForBuiltIn = this.ssaValidationConfigService.validateSsaForBuiltIn(parseOrThrow);
        Assert.assertEquals(validateSsaForBuiltIn.get("scope"), claim);
        Assert.assertEquals(validateSsaForBuiltIn.get("claims"), claim2);
    }
}
