package org.apereo.cas.oidc.token;

import java.util.List;
import java.util.Optional;
import org.apereo.cas.oidc.AbstractOidcTests;
import org.apereo.cas.oidc.discovery.OidcServerDiscoverySettings;
import org.apereo.cas.oidc.issuer.OidcDefaultIssuerService;
import org.apereo.cas.services.OidcRegisteredService;
import org.jose4j.jwt.JwtClaims;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.springframework.test.context.TestPropertySource;

@Tag("OIDC")
@TestPropertySource(properties = {"cas.authn.oidc.discovery.id-token-signing-alg-values-supported=RS256,RS384,RS512", "cas.authn.oidc.discovery.id-token-encryption-encoding-values-supported=A128CBC-HS256,A192CBC-HS384,A256CBC-HS512,A128GCM,A192GCM,A256GCM"})
/* loaded from: input_file:org/apereo/cas/oidc/token/OidcIdTokenSigningAndEncryptionServiceTests.class */
public class OidcIdTokenSigningAndEncryptionServiceTests extends AbstractOidcTests {
    @Test
    public void verifyOperation() {
        Assertions.assertNotNull(this.oidcTokenSigningAndEncryptionService.encode(getOidcRegisteredService(), getClaims()));
    }

    @Test
    public void verifyWrongType() {
        Assertions.assertFalse(this.oidcTokenSigningAndEncryptionService.shouldEncryptToken(getOAuthRegisteredService("1", "http://localhost/cas")));
        Assertions.assertFalse(this.oidcTokenSigningAndEncryptionService.shouldSignToken(getOAuthRegisteredService("1", "http://localhost/cas")));
    }

    @Test
    public void verifySkipSigning() {
        Assertions.assertFalse(this.oidcTokenSigningAndEncryptionService.shouldSignToken(getOidcRegisteredService(false, false)));
    }

    @Test
    public void verifyValidationOperation() {
        JwtClaims claims = getClaims();
        OidcRegisteredService oidcRegisteredService = getOidcRegisteredService(true, false);
        Assertions.assertNotNull(this.oidcTokenSigningAndEncryptionService.decode(this.oidcTokenSigningAndEncryptionService.encode(oidcRegisteredService, claims), Optional.of(oidcRegisteredService)));
    }

    @Test
    public void verifyDecodingFailureBadToken() {
        OidcRegisteredService oidcRegisteredService = getOidcRegisteredService(true, false);
        Assertions.assertThrows(IllegalArgumentException.class, () -> {
            this.oidcTokenSigningAndEncryptionService.decode("bad-token", Optional.of(oidcRegisteredService));
        });
    }

    @Test
    public void verifyDecodingFailureNoIssuer() {
        OidcRegisteredService oidcRegisteredService = getOidcRegisteredService(true, false);
        JwtClaims claims = getClaims();
        claims.setIssuer("");
        String encode = this.oidcTokenSigningAndEncryptionService.encode(oidcRegisteredService, claims);
        Assertions.assertThrows(IllegalArgumentException.class, () -> {
            this.oidcTokenSigningAndEncryptionService.decode(encode, Optional.of(oidcRegisteredService));
        });
    }

    @Test
    public void verifyDecodingFailureBadIssuer() {
        OidcRegisteredService oidcRegisteredService = getOidcRegisteredService(true, false);
        JwtClaims claims = getClaims();
        claims.setIssuer("bad-issuer");
        String encode = this.oidcTokenSigningAndEncryptionService.encode(oidcRegisteredService, claims);
        Assertions.assertThrows(IllegalArgumentException.class, () -> {
            this.oidcTokenSigningAndEncryptionService.decode(encode, Optional.of(oidcRegisteredService));
        });
    }

    @Test
    public void verifyDecodingFailureBadClient() {
        OidcRegisteredService oidcRegisteredService = getOidcRegisteredService(true, false);
        JwtClaims claims = getClaims();
        claims.setStringClaim("client_id", "");
        String encode = this.oidcTokenSigningAndEncryptionService.encode(oidcRegisteredService, claims);
        Assertions.assertThrows(IllegalArgumentException.class, () -> {
            this.oidcTokenSigningAndEncryptionService.decode(encode, Optional.of(oidcRegisteredService));
        });
    }

    @Test
    public void verifyNoneNotSupported() {
        JwtClaims claims = getClaims();
        OidcRegisteredService oidcRegisteredService = getOidcRegisteredService();
        oidcRegisteredService.setIdTokenSigningAlg("none");
        Assertions.assertThrows(IllegalArgumentException.class, () -> {
            this.oidcTokenSigningAndEncryptionService.encode(oidcRegisteredService, claims);
        });
        oidcRegisteredService.setIdTokenSigningAlg("RS256");
        oidcRegisteredService.setIdTokenEncryptionAlg("none");
        Assertions.assertThrows(IllegalArgumentException.class, () -> {
            this.oidcTokenSigningAndEncryptionService.encode(oidcRegisteredService, claims);
        });
    }

    @Test
    public void verifyNoneSupported() {
        OidcServerDiscoverySettings oidcServerDiscoverySettings = new OidcServerDiscoverySettings(this.casProperties.getAuthn().getOidc().getCore().getIssuer());
        oidcServerDiscoverySettings.setIdTokenSigningAlgValuesSupported(List.of("none"));
        oidcServerDiscoverySettings.setIdTokenEncryptionAlgValuesSupported(List.of("none"));
        OidcIdTokenSigningAndEncryptionService oidcIdTokenSigningAndEncryptionService = new OidcIdTokenSigningAndEncryptionService(this.oidcDefaultJsonWebKeystoreCache, this.oidcServiceJsonWebKeystoreCache, new OidcDefaultIssuerService(this.casProperties.getAuthn().getOidc()), oidcServerDiscoverySettings);
        JwtClaims claims = getClaims();
        OidcRegisteredService oidcRegisteredService = getOidcRegisteredService();
        oidcRegisteredService.setIdTokenSigningAlg("none");
        oidcRegisteredService.setIdTokenEncryptionAlg("none");
        Assertions.assertNotNull(oidcIdTokenSigningAndEncryptionService.encode(oidcRegisteredService, claims));
    }
}
