package org.apereo.cas.support.oauth.web.response.accesstoken;

import java.util.LinkedHashSet;
import java.util.Map;
import org.apereo.cas.AbstractOAuth20Tests;
import org.apereo.cas.services.DefaultRegisteredServiceProperty;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceCipherExecutor;
import org.apereo.cas.services.RegisteredServiceProperty;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.support.oauth.web.response.accesstoken.response.OAuth20JwtAccessTokenCipherExecutor;
import org.apereo.cas.support.oauth.web.response.accesstoken.response.OAuth20JwtAccessTokenEncoder;
import org.apereo.cas.support.oauth.web.response.accesstoken.response.OAuth20RegisteredServiceJwtAccessTokenCipherExecutor;
import org.apereo.cas.ticket.accesstoken.OAuth20AccessToken;
import org.apereo.cas.ticket.accesstoken.OAuth20JwtBuilder;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.apereo.cas.util.crypto.DecodableCipher;
import org.apereo.cas.util.crypto.EncodableCipher;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;

@Tag("OAuthToken")
/* loaded from: input_file:org/apereo/cas/support/oauth/web/response/accesstoken/OAuth20JwtAccessTokenEncoderTests.class */
class OAuth20JwtAccessTokenEncoderTests extends AbstractOAuth20Tests {
    OAuth20JwtAccessTokenEncoderTests() {
    }

    @Test
    void verifyAccessTokenHeaderService() throws Throwable {
        OAuth20AccessToken accessToken = getAccessToken();
        OAuth20JwtBuilder cipherDisabledJwtBuilder = getCipherDisabledJwtBuilder();
        OAuthRegisteredService registeredService = getRegisteredService("example", "secret", new LinkedHashSet());
        registeredService.setId(100200L);
        registeredService.setJwtAccessToken(true);
        this.servicesManager.save(registeredService);
        String str = (String) getAccessTokenEncodingCipher(accessToken, cipherDisabledJwtBuilder, registeredService).encode(accessToken.getId());
        Assertions.assertNotNull(str);
        Assertions.assertDoesNotThrow(() -> {
            return (String) getAccessTokenDecodingCipher(cipherDisabledJwtBuilder).decode(str);
        });
    }

    @Test
    void verifyAccessTokenIdEncodingWithoutJwt() throws Throwable {
        OAuth20AccessToken accessToken = getAccessToken();
        OAuth20JwtBuilder cipherDisabledJwtBuilder = getCipherDisabledJwtBuilder();
        OAuthRegisteredService registeredService = getRegisteredService("example", "secret", new LinkedHashSet());
        String str = (String) getAccessTokenEncodingCipher(accessToken, cipherDisabledJwtBuilder, registeredService).encode(accessToken.getId());
        Assertions.assertNotNull(str);
        Assertions.assertEquals(str, (String) getAccessTokenEncodingCipher(accessToken, cipherDisabledJwtBuilder, registeredService).encode(accessToken.getId()));
    }

    @Test
    void verifyAccessTokenIdEncodingWithJwtWithNoCipher() throws Throwable {
        OAuth20AccessToken accessToken = getAccessToken();
        OAuthRegisteredService registeredServiceForJwtAccessTokenWithoutKeys = getRegisteredServiceForJwtAccessTokenWithoutKeys(accessToken);
        OAuth20JwtBuilder cipherDisabledJwtBuilder = getCipherDisabledJwtBuilder();
        String str = (String) getAccessTokenEncodingCipher(accessToken, cipherDisabledJwtBuilder, registeredServiceForJwtAccessTokenWithoutKeys).encode(accessToken.getId());
        Assertions.assertNotNull(str);
        Assertions.assertEquals(str, (String) getAccessTokenEncodingCipher(accessToken, cipherDisabledJwtBuilder, registeredServiceForJwtAccessTokenWithoutKeys).encode(accessToken.getId()));
    }

    @Test
    void verifyAccessTokenIdEncodingWithJwtGlobally() throws Throwable {
        OAuth20AccessToken accessToken = getAccessToken();
        OAuthRegisteredService registeredServiceForJwtAccessTokenWithoutKeys = getRegisteredServiceForJwtAccessTokenWithoutKeys(accessToken);
        OAuth20JwtBuilder cipherEnabledJwtBuilder = getCipherEnabledJwtBuilder();
        String str = (String) getAccessTokenEncodingCipher(accessToken, cipherEnabledJwtBuilder, registeredServiceForJwtAccessTokenWithoutKeys).encode(accessToken.getId());
        Assertions.assertNotNull(str);
        String str2 = (String) getAccessTokenDecodingCipher(cipherEnabledJwtBuilder).decode(str);
        Assertions.assertNotNull(str2);
        Assertions.assertEquals(accessToken.getId(), str2);
    }

    @Test
    void verifyExtractionAsParameterForService() throws Throwable {
        OAuth20AccessToken accessToken = getAccessToken();
        OAuthRegisteredService registeredServiceForJwtAccessTokenWithKeys = getRegisteredServiceForJwtAccessTokenWithKeys(accessToken);
        OAuth20JwtBuilder cipherEnabledJwtBuilder = getCipherEnabledJwtBuilder();
        String str = (String) getAccessTokenDecodingCipher(cipherEnabledJwtBuilder).decode((String) getAccessTokenEncodingCipher(accessToken, cipherEnabledJwtBuilder, registeredServiceForJwtAccessTokenWithKeys).encode(accessToken.getId()));
        Assertions.assertNotNull(str);
        Assertions.assertEquals(accessToken.getId(), str);
    }

    @Test
    void verifyExtractionAsParameter() throws Throwable {
        OAuth20AccessToken accessToken = getAccessToken();
        OAuthRegisteredService registeredServiceForJwtAccessTokenWithoutKeys = getRegisteredServiceForJwtAccessTokenWithoutKeys(accessToken);
        OAuth20JwtBuilder cipherEnabledJwtBuilder = getCipherEnabledJwtBuilder();
        String str = (String) getAccessTokenDecodingCipher(cipherEnabledJwtBuilder).decode((String) getAccessTokenEncodingCipher(accessToken, cipherEnabledJwtBuilder, registeredServiceForJwtAccessTokenWithoutKeys).encode(accessToken.getId()));
        Assertions.assertNotNull(str);
        Assertions.assertEquals(accessToken.getId(), str);
    }

    @Test
    void verifyAccessTokenIdEncodingWithJwtForService() throws Throwable {
        OAuth20AccessToken accessToken = getAccessToken();
        OAuthRegisteredService registeredServiceForJwtAccessTokenWithKeys = getRegisteredServiceForJwtAccessTokenWithKeys(accessToken);
        OAuth20JwtBuilder cipherEnabledJwtBuilder = getCipherEnabledJwtBuilder();
        String str = (String) getAccessTokenEncodingCipher(accessToken, cipherEnabledJwtBuilder, registeredServiceForJwtAccessTokenWithKeys).encode(accessToken.getId());
        Assertions.assertNotNull(str);
        String str2 = (String) getAccessTokenDecodingCipher(cipherEnabledJwtBuilder).decode(str);
        Assertions.assertNotNull(str2);
        Assertions.assertEquals(accessToken.getId(), str2);
    }

    @Test
    void verifyAccessTokenIdEncodingWithJwt() throws Throwable {
        OAuth20AccessToken accessToken = getAccessToken();
        OAuthRegisteredService registeredServiceForJwtAccessTokenWithKeys = getRegisteredServiceForJwtAccessTokenWithKeys(accessToken);
        OAuth20JwtBuilder cipherEnabledJwtBuilder = getCipherEnabledJwtBuilder();
        String str = (String) getAccessTokenEncodingCipher(accessToken, cipherEnabledJwtBuilder, registeredServiceForJwtAccessTokenWithKeys).encode(accessToken.getId());
        Assertions.assertNotNull(str);
        String str2 = (String) getAccessTokenDecodingCipher(cipherEnabledJwtBuilder).decode(str);
        Assertions.assertNotNull(str2);
        Assertions.assertEquals(accessToken.getId(), str2);
    }

    private EncodableCipher<String, String> getAccessTokenEncodingCipher(OAuth20AccessToken oAuth20AccessToken, OAuth20JwtBuilder oAuth20JwtBuilder, RegisteredService registeredService) {
        return OAuth20JwtAccessTokenEncoder.toEncodableCipher(oAuth20JwtBuilder, registeredService, oAuth20AccessToken, oAuth20AccessToken.getService(), this.casProperties, false);
    }

    private static DecodableCipher<String, String> getAccessTokenDecodingCipher(OAuth20JwtBuilder oAuth20JwtBuilder) {
        return OAuth20JwtAccessTokenEncoder.toDecodableCipher(oAuth20JwtBuilder);
    }

    private OAuth20JwtBuilder getCipherDisabledJwtBuilder() {
        return new OAuth20JwtBuilder(CipherExecutor.noOp(), this.applicationContext, this.servicesManager, RegisteredServiceCipherExecutor.noOp(), this.casProperties, this.principalResolver);
    }

    private OAuthRegisteredService getRegisteredServiceForJwtAccessTokenWithoutKeys(OAuth20AccessToken oAuth20AccessToken) {
        OAuthRegisteredService registeredService = getRegisteredService(oAuth20AccessToken.getService().getId(), "secret", new LinkedHashSet());
        registeredService.setJwtAccessToken(true);
        this.servicesManager.save(registeredService);
        return registeredService;
    }

    private OAuth20JwtBuilder getCipherEnabledJwtBuilder() {
        return new OAuth20JwtBuilder(new OAuth20JwtAccessTokenCipherExecutor(true, true), this.applicationContext, this.servicesManager, new OAuth20RegisteredServiceJwtAccessTokenCipherExecutor(), this.casProperties, this.principalResolver);
    }

    private OAuthRegisteredService getRegisteredServiceForJwtAccessTokenWithKeys(OAuth20AccessToken oAuth20AccessToken) {
        OAuthRegisteredService registeredService = getRegisteredService(oAuth20AccessToken.getService().getId(), "secret", new LinkedHashSet());
        registeredService.setProperties(Map.of(RegisteredServiceProperty.RegisteredServiceProperties.ACCESS_TOKEN_AS_JWT_ENCRYPTION_ENABLED.getPropertyName(), new DefaultRegisteredServiceProperty(new String[]{"true"}), RegisteredServiceProperty.RegisteredServiceProperties.ACCESS_TOKEN_AS_JWT_SIGNING_ENABLED.getPropertyName(), new DefaultRegisteredServiceProperty(new String[]{"true"}), RegisteredServiceProperty.RegisteredServiceProperties.ACCESS_TOKEN_AS_JWT_ENCRYPTION_KEY.getPropertyName(), new DefaultRegisteredServiceProperty(new String[]{"1PbwSbnHeinpkZOSZjuSJ8yYpUrInm5aaV18J2Ar4rM"}), RegisteredServiceProperty.RegisteredServiceProperties.ACCESS_TOKEN_AS_JWT_SIGNING_KEY.getPropertyName(), new DefaultRegisteredServiceProperty(new String[]{"szxK-5_eJjs-aUj-64MpUZ-GPPzGLhYPLGl0wrYjYNVAGva2P0lLe6UGKGM7k8dWxsOVGutZWgvmY3l5oVPO3w"})));
        registeredService.setJwtAccessToken(true);
        this.servicesManager.save(registeredService);
        return registeredService;
    }
}
