package org.eclipse.microprofile.jwt.tck.util;

import java.security.KeyPair;
import java.security.PublicKey;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.eclipse.microprofile.jwt.Claims;
import org.eclipse.microprofile.jwt.tck.TCKConstants;
import org.eclipse.microprofile.jwt.tck.util.TokenUtils;
import org.jose4j.jwa.AlgorithmConstraints;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.jwt.NumericDate;
import org.jose4j.jwt.consumer.InvalidJwtException;
import org.jose4j.jwt.consumer.JwtConsumerBuilder;
import org.testng.Assert;
import org.testng.annotations.Test;

/* loaded from: input_file:org/eclipse/microprofile/jwt/tck/util/TokenUtilsTest.class */
public class TokenUtilsTest {
    @Test(groups = {TCKConstants.TEST_GROUP_UTILS}, expectedExceptions = {InvalidJwtException.class}, description = "Illustrate validation of alg")
    public void testFailAlgorithm() throws Exception {
        HashSet hashSet = new HashSet();
        hashSet.add(TokenUtils.InvalidClaims.ALG);
        validateToken(TokenUtils.signClaims("/Token1.json", SignatureAlgorithm.RS256, hashSet));
    }

    @Test(groups = {TCKConstants.TEST_GROUP_UTILS}, expectedExceptions = {InvalidJwtException.class}, description = "Deprecated: Illustrate validation of alg")
    public void testFailAlgorithmDeprecated() throws Exception {
        HashSet hashSet = new HashSet();
        hashSet.add(TokenUtils.InvalidClaims.ALG);
        validateToken(TokenUtils.generateTokenString("/Token1.json", hashSet));
    }

    @Test(groups = {TCKConstants.TEST_GROUP_UTILS}, description = "Illustrate validation of a JWT")
    public void testValidToken() throws Exception {
        validateToken(TokenUtils.signClaims("/Token1.json"));
    }

    @Test(groups = {TCKConstants.TEST_GROUP_UTILS}, description = "Illustrate validation of a JWT")
    public void testValidToken1024BitKeyLength() throws Exception {
        KeyPair generateKeyPair = TokenUtils.generateKeyPair(1024);
        validateToken(TokenUtils.signClaims(generateKeyPair.getPrivate(), "kid", "/Token1.json", (Set) null, (Map) null), generateKeyPair.getPublic(), SignatureAlgorithm.RS256, null);
    }

    @Test(groups = {TCKConstants.TEST_GROUP_UTILS}, description = "Illustrate validation of a JWT")
    public void testValidTokenEC256() throws Exception {
        validateToken(TokenUtils.signClaims("/Token1.json", SignatureAlgorithm.ES256), SignatureAlgorithm.ES256, null);
    }

    @Test(groups = {TCKConstants.TEST_GROUP_UTILS}, description = "Illustrate validation of a JWT", expectedExceptions = {InvalidJwtException.class})
    public void testSignedByRSKeyVerifiedByECKey() throws Exception {
        validateToken(TokenUtils.signClaims("/Token1.json", SignatureAlgorithm.RS256), SignatureAlgorithm.ES256, null);
    }

    @Test(groups = {TCKConstants.TEST_GROUP_UTILS}, description = "Illustrate validation of a JWT", expectedExceptions = {InvalidJwtException.class})
    public void testSignedByECKeyVerifiedByRSKey() throws Exception {
        validateToken(TokenUtils.signClaims("/Token1.json", SignatureAlgorithm.ES256), SignatureAlgorithm.RS256, null);
    }

    @Test(groups = {TCKConstants.TEST_GROUP_UTILS}, description = "Deprecated: Illustrate validation of a JWT")
    public void testValidTokenDeprecated() throws Exception {
        validateToken(TokenUtils.generateTokenString("/Token1.json"));
    }

    @Test(groups = {TCKConstants.TEST_GROUP_UTILS}, expectedExceptions = {InvalidJwtException.class}, description = "Illustrate validation of issuer")
    public void testFailIssuer() throws Exception {
        HashSet hashSet = new HashSet();
        hashSet.add(TokenUtils.InvalidClaims.ISSUER);
        validateToken(TokenUtils.signClaims("/Token1.json", SignatureAlgorithm.RS256, hashSet));
    }

    @Test(groups = {TCKConstants.TEST_GROUP_UTILS}, expectedExceptions = {InvalidJwtException.class}, description = "Deprecated: Illustrate validation of issuer")
    public void testFailIssuerDeprecated() throws Exception {
        HashSet hashSet = new HashSet();
        hashSet.add(TokenUtils.InvalidClaims.ISSUER);
        validateToken(TokenUtils.generateTokenString("/Token1.json", hashSet));
    }

    @Test(groups = {TCKConstants.TEST_GROUP_UTILS}, expectedExceptions = {InvalidJwtException.class}, description = "Illustrate validation of signer")
    public void testFailSignature() throws Exception {
        HashSet hashSet = new HashSet();
        hashSet.add(TokenUtils.InvalidClaims.SIGNER);
        validateToken(TokenUtils.signClaims("/Token1.json", SignatureAlgorithm.RS256, hashSet));
    }

    @Test(groups = {TCKConstants.TEST_GROUP_UTILS}, expectedExceptions = {InvalidJwtException.class}, description = "Deprecated: Illustrate validation of signer")
    public void testFailSignatureDeprecated() throws Exception {
        HashSet hashSet = new HashSet();
        hashSet.add(TokenUtils.InvalidClaims.SIGNER);
        validateToken(TokenUtils.generateTokenString("/Token1.json", hashSet));
    }

    @Test(groups = {TCKConstants.TEST_GROUP_UTILS}, expectedExceptions = {InvalidJwtException.class}, description = "Illustrate validation of exp")
    public void testFailExpired() throws Exception {
        HashMap hashMap = new HashMap();
        HashSet hashSet = new HashSet();
        hashSet.add(TokenUtils.InvalidClaims.EXP);
        validateToken(TokenUtils.signClaims("/Token1.json", SignatureAlgorithm.RS256, hashSet, hashMap));
    }

    @Test(groups = {TCKConstants.TEST_GROUP_UTILS}, expectedExceptions = {InvalidJwtException.class}, description = "Deprecated: Illustrate validation of exp")
    public void testFailExpiredDeprecated() throws Exception {
        HashMap hashMap = new HashMap();
        HashSet hashSet = new HashSet();
        hashSet.add(TokenUtils.InvalidClaims.EXP);
        validateToken(TokenUtils.generateTokenString("/Token1.json", hashSet, hashMap));
    }

    @Test(groups = {TCKConstants.TEST_GROUP_UTILS}, expectedExceptions = {InvalidJwtException.class}, description = "Illustrate validation of exp that has just expired")
    public void testFailJustExpired() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put(Claims.exp.name(), Long.valueOf(TokenUtils.currentTimeInSecs() - 61));
        validateToken(TokenUtils.signClaims("/Token1.json", SignatureAlgorithm.RS256, (Set) null, hashMap));
    }

    @Test(groups = {TCKConstants.TEST_GROUP_UTILS}, expectedExceptions = {InvalidJwtException.class}, description = "Deprecated: Illustrate validation of exp that has just expired")
    public void testFailJustExpiredDeprecated() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put(Claims.exp.name(), Long.valueOf(TokenUtils.currentTimeInSecs() - 61));
        validateToken(TokenUtils.generateTokenString("/Token1.json", (Set) null, hashMap));
    }

    @Test(groups = {TCKConstants.TEST_GROUP_UTILS}, description = "Illustrate validation of exp that is in grace period")
    public void testExpGrace() throws Exception {
        HashMap hashMap = new HashMap();
        long currentTimeInSecs = TokenUtils.currentTimeInSecs() - 45;
        hashMap.put(Claims.exp.name(), Long.valueOf(currentTimeInSecs));
        validateToken(TokenUtils.signClaims("/Token1.json", SignatureAlgorithm.RS256, (Set) null, hashMap), Long.valueOf(currentTimeInSecs));
    }

    @Test(groups = {TCKConstants.TEST_GROUP_UTILS}, description = "Deprecated: Illustrate validation of exp that is in grace period")
    public void testExpGraceDeprecated() throws Exception {
        HashMap hashMap = new HashMap();
        long currentTimeInSecs = TokenUtils.currentTimeInSecs() - 45;
        hashMap.put(Claims.exp.name(), Long.valueOf(currentTimeInSecs));
        validateToken(TokenUtils.generateTokenString("/Token1.json", (Set) null, hashMap), SignatureAlgorithm.RS256, Long.valueOf(currentTimeInSecs));
    }

    private void validateToken(String str) throws Exception {
        validateToken(str, SignatureAlgorithm.RS256, null);
    }

    private void validateToken(String str, Long l) throws Exception {
        validateToken(str, SignatureAlgorithm.RS256, l);
    }

    private void validateToken(String str, SignatureAlgorithm signatureAlgorithm, Long l) throws Exception {
        validateToken(str, signatureAlgorithm == SignatureAlgorithm.RS256 ? TokenUtils.readPublicKey("/publicKey.pem") : TokenUtils.readECPublicKey("/ecPublicKey.pem"), signatureAlgorithm, l);
    }

    private void validateToken(String str, PublicKey publicKey, SignatureAlgorithm signatureAlgorithm, Long l) throws Exception {
        JwtConsumerBuilder jwtConsumerBuilder = new JwtConsumerBuilder();
        jwtConsumerBuilder.setRequireExpirationTime();
        jwtConsumerBuilder.setSkipDefaultAudienceValidation();
        jwtConsumerBuilder.setRequireIssuedAt();
        jwtConsumerBuilder.setJwsAlgorithmConstraints(new AlgorithmConstraints(AlgorithmConstraints.ConstraintType.WHITELIST, new String[]{signatureAlgorithm.getAlgorithm()}));
        jwtConsumerBuilder.setExpectedIssuer(true, TCKConstants.TEST_ISSUER);
        jwtConsumerBuilder.setVerificationKey(publicKey);
        jwtConsumerBuilder.setAllowedClockSkewInSeconds(60);
        jwtConsumerBuilder.setRelaxVerificationKeyValidation();
        JwtClaims processToClaims = jwtConsumerBuilder.build().processToClaims(str);
        Assert.assertEquals(processToClaims.getClaimsMap().size(), 19);
        Assert.assertEquals(processToClaims.getIssuer(), TCKConstants.TEST_ISSUER);
        Assert.assertEquals(processToClaims.getJwtId(), "a-123");
        Assert.assertEquals(processToClaims.getSubject(), "24400320");
        Assert.assertEquals(processToClaims.getClaimValueAsString("upn"), "jdoe@example.com");
        Assert.assertEquals(processToClaims.getClaimValueAsString("preferred_username"), "jdoe");
        Assert.assertEquals(processToClaims.getAudience().size(), 1);
        Assert.assertEquals((String) processToClaims.getAudience().get(0), "s6BhdRkqt3");
        if (l != null) {
            Assert.assertEquals(processToClaims.getExpirationTime().getValue(), l.longValue());
            Assert.assertEquals(processToClaims.getIssuedAt().getValue(), l.longValue() - 5);
            Assert.assertEquals(NumericDate.fromSeconds(((Long) processToClaims.getClaimValue("auth_time", Long.class)).longValue()).getValue(), l.longValue() - 5);
        } else {
            Assert.assertNotNull(processToClaims.getExpirationTime());
            long value = processToClaims.getExpirationTime().getValue();
            Assert.assertEquals(processToClaims.getIssuedAt().getValue(), value - 300);
            Assert.assertEquals(NumericDate.fromSeconds(((Long) processToClaims.getClaimValue("auth_time", Long.class)).longValue()).getValue(), value - 300);
        }
        Assert.assertEquals(processToClaims.getClaimValueAsString("customString"), "customStringValue");
        Assert.assertEquals(processToClaims.getClaimValue("customInteger", Long.class), 123456789L);
        Assert.assertEquals(processToClaims.getClaimValue("customDouble", Double.class), Double.valueOf(3.141592653589793d));
        Assert.assertTrue(((Boolean) processToClaims.getClaimValue("customBoolean", Boolean.class)).booleanValue());
        Assert.assertEquals(((List) processToClaims.getClaimsMap().get("roles")).size(), 1);
        Assert.assertEquals(((List) processToClaims.getClaimsMap().get("groups")).size(), 4);
        Assert.assertEquals(((List) processToClaims.getClaimsMap().get("customStringArray")).size(), 3);
        Assert.assertEquals(((List) processToClaims.getClaimsMap().get("customIntegerArray")).size(), 4);
        Assert.assertEquals(((List) processToClaims.getClaimsMap().get("customDoubleArray")).size(), 5);
        Assert.assertEquals(((Map) processToClaims.getClaimsMap().get("customObject")).size(), 3);
    }
}
