package org.apereo.cas.oidc.token;

import java.util.Map;
import org.apereo.cas.oidc.AbstractOidcTests;
import org.apereo.cas.services.DefaultRegisteredServiceProperty;
import org.apereo.cas.services.OidcRegisteredService;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceProperty;
import org.apereo.cas.support.oauth.web.response.accesstoken.response.OAuth20JwtAccessTokenEncoder;
import org.apereo.cas.ticket.accesstoken.OAuth20AccessToken;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.springframework.test.context.TestPropertySource;

@Tag("OIDC")
@TestPropertySource(properties = {"cas.authn.oauth.access-token.crypto.encryption-enabled=false"})
/* loaded from: input_file:org/apereo/cas/oidc/token/OidcJwtAccessTokenEncoderTests.class */
public class OidcJwtAccessTokenEncoderTests extends AbstractOidcTests {
    private OAuth20JwtAccessTokenEncoder getAccessTokenEncoder(OAuth20AccessToken oAuth20AccessToken, RegisteredService registeredService) {
        return OAuth20JwtAccessTokenEncoder.builder().accessToken(oAuth20AccessToken).registeredService(registeredService).service(oAuth20AccessToken.getService()).accessTokenJwtBuilder(this.oidcAccessTokenJwtBuilder).casProperties(this.casProperties).build();
    }

    @Test
    public void verifyEncodingWithoutEncryptionForService() throws Exception {
        OAuth20AccessToken accessToken = getAccessToken();
        OidcRegisteredService oidcRegisteredService = getOidcRegisteredService(accessToken.getClientId());
        oidcRegisteredService.setJwtAccessToken(true);
        oidcRegisteredService.setProperties(Map.of(RegisteredServiceProperty.RegisteredServiceProperties.ACCESS_TOKEN_AS_JWT_ENCRYPTION_ENABLED.getPropertyName(), new DefaultRegisteredServiceProperty(new String[]{"false"})));
        this.servicesManager.save(oidcRegisteredService);
        Assertions.assertEquals(getAccessTokenEncoder(accessToken, oidcRegisteredService).encode(), getAccessTokenEncoder(accessToken, oidcRegisteredService).encode());
    }

    @Test
    public void verifyExtractionAsParameterForService() throws Exception {
        OAuth20AccessToken accessToken = getAccessToken();
        OAuth20JwtAccessTokenEncoder accessTokenEncoder = getAccessTokenEncoder(accessToken, getRegisteredServiceForJwtAccessTokenWithKeys(accessToken));
        String decode = accessTokenEncoder.decode(accessTokenEncoder.encode());
        Assertions.assertNotNull(decode);
        Assertions.assertEquals(accessToken.getId(), decode);
    }

    @Test
    public void verifyEncodingWithNoCiphersForService() throws Exception {
        OAuth20AccessToken accessToken = getAccessToken("", "encoding-service-clientid");
        OAuth20JwtAccessTokenEncoder accessTokenEncoder = getAccessTokenEncoder(accessToken, getRegisteredServiceForJwtAccessTokenWithKeys(accessToken));
        String encode = accessTokenEncoder.encode();
        String encode2 = accessTokenEncoder.encode();
        Assertions.assertEquals(encode, encode2);
        String decode = accessTokenEncoder.decode(encode);
        Assertions.assertEquals(decode, accessTokenEncoder.decode(encode2));
        Assertions.assertEquals(accessToken.getId(), decode);
    }

    private OidcRegisteredService getRegisteredServiceForJwtAccessTokenWithKeys(OAuth20AccessToken oAuth20AccessToken) {
        OidcRegisteredService oidcRegisteredService = getOidcRegisteredService(oAuth20AccessToken.getClientId());
        oidcRegisteredService.setJwtAccessToken(true);
        DefaultRegisteredServiceProperty defaultRegisteredServiceProperty = new DefaultRegisteredServiceProperty(new String[]{"false"});
        oidcRegisteredService.setProperties(Map.of(RegisteredServiceProperty.RegisteredServiceProperties.ACCESS_TOKEN_AS_JWT_ENCRYPTION_ENABLED.getPropertyName(), defaultRegisteredServiceProperty, RegisteredServiceProperty.RegisteredServiceProperties.ACCESS_TOKEN_AS_JWT_SIGNING_ENABLED.getPropertyName(), defaultRegisteredServiceProperty));
        this.servicesManager.save(oidcRegisteredService);
        return oidcRegisteredService;
    }
}
