package org.apereo.cas.oidc.token;

import com.nimbusds.jwt.SignedJWT;
import java.util.Optional;
import org.apereo.cas.oidc.AbstractOidcTests;
import org.apereo.cas.services.DefaultRegisteredServiceProperty;
import org.apereo.cas.services.OidcRegisteredService;
import org.apereo.cas.services.RegisteredServiceProperty;
import org.apereo.cas.ticket.accesstoken.OAuth20AccessToken;
import org.apereo.cas.util.EncodingUtils;
import org.jose4j.jwk.JsonWebKey;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;

@Tag("OIDC")
/* loaded from: input_file:org/apereo/cas/oidc/token/OidcRegisteredServiceJwtAccessTokenCipherExecutorTests.class */
public class OidcRegisteredServiceJwtAccessTokenCipherExecutorTests extends AbstractOidcTests {
    @Test
    public void verifyOperation() throws Exception {
        OidcRegisteredService oidcRegisteredService = getOidcRegisteredService("whatever");
        Assertions.assertTrue(this.oidcRegisteredServiceJwtAccessTokenCipherExecutor.supports(oidcRegisteredService));
        OAuth20AccessToken accessToken = getAccessToken();
        String encode = this.oidcRegisteredServiceJwtAccessTokenCipherExecutor.encode(accessToken.getId(), Optional.of(oidcRegisteredService));
        Assertions.assertNotNull(encode);
        Assertions.assertNotNull(SignedJWT.parse(encode).getHeader().getAlgorithm());
        String decode = this.oidcRegisteredServiceJwtAccessTokenCipherExecutor.decode(encode, Optional.of(oidcRegisteredService));
        Assertions.assertNotNull(decode);
        Assertions.assertEquals(accessToken.getId(), decode);
    }

    @Test
    public void verifyNoSigningKey() throws Exception {
        OidcRegisteredService oidcRegisteredService = getOidcRegisteredService("whatever");
        oidcRegisteredService.getProperties().put(RegisteredServiceProperty.RegisteredServiceProperties.ACCESS_TOKEN_AS_JWT_SIGNING_ENABLED.getPropertyName(), new DefaultRegisteredServiceProperty(new String[]{RegisteredServiceProperty.RegisteredServiceProperties.ACCESS_TOKEN_AS_JWT_SIGNING_ENABLED.getDefaultValue()}));
        oidcRegisteredService.getProperties().put(RegisteredServiceProperty.RegisteredServiceProperties.ACCESS_TOKEN_AS_JWT_SIGNING_KEY.getPropertyName(), new DefaultRegisteredServiceProperty(new String[]{EncodingUtils.generateJsonWebKey(512)}));
        Assertions.assertNotNull(this.oidcRegisteredServiceJwtAccessTokenCipherExecutor.encode(getAccessToken().getId(), Optional.of(oidcRegisteredService)));
    }

    @Test
    public void verifyEncKey() throws Exception {
        OidcRegisteredService oidcRegisteredService = getOidcRegisteredService("whatever");
        oidcRegisteredService.getProperties().put(RegisteredServiceProperty.RegisteredServiceProperties.ACCESS_TOKEN_AS_JWT_ENCRYPTION_ENABLED.getPropertyName(), new DefaultRegisteredServiceProperty(new String[]{"true"}));
        oidcRegisteredService.getProperties().put(RegisteredServiceProperty.RegisteredServiceProperties.ACCESS_TOKEN_AS_JWT_ENCRYPTION_KEY.getPropertyName(), new DefaultRegisteredServiceProperty(new String[]{EncodingUtils.newJsonWebKey(2048).toJson(JsonWebKey.OutputControlLevel.INCLUDE_PRIVATE)}));
        Assertions.assertNotNull(this.oidcRegisteredServiceJwtAccessTokenCipherExecutor.encode(getAccessToken().getId(), Optional.of(oidcRegisteredService)));
    }

    @Test
    public void verifyNoEncKey() throws Exception {
        OidcRegisteredService oidcRegisteredService = getOidcRegisteredService("whatever");
        oidcRegisteredService.getProperties().put(RegisteredServiceProperty.RegisteredServiceProperties.ACCESS_TOKEN_AS_JWT_ENCRYPTION_ENABLED.getPropertyName(), new DefaultRegisteredServiceProperty(new String[]{"true"}));
        Assertions.assertNotNull(this.oidcRegisteredServiceJwtAccessTokenCipherExecutor.encode(getAccessToken().getId(), Optional.of(oidcRegisteredService)));
    }
}
