package org.eclipse.microprofile.jwt.tck.util;

import java.security.interfaces.RSAPrivateKey;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.eclipse.microprofile.jwt.Claims;
import org.eclipse.microprofile.jwt.tck.TCKConstants;
import org.eclipse.microprofile.jwt.tck.util.TokenUtils;
import org.jose4j.jwa.AlgorithmConstraints;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.jwt.NumericDate;
import org.jose4j.jwt.consumer.InvalidJwtException;
import org.jose4j.jwt.consumer.JwtConsumerBuilder;
import org.testng.Assert;
import org.testng.annotations.Test;

/* loaded from: input_file:org/eclipse/microprofile/jwt/tck/util/TokenUtilsEncryptTest.class */
public class TokenUtilsEncryptTest {
    @Test(groups = {TCKConstants.TEST_GROUP_UTILS}, expectedExceptions = {InvalidJwtException.class}, description = "Illustrate validation of iss")
    public void testFailAlgorithm() throws Exception {
        HashSet hashSet = new HashSet();
        hashSet.add(TokenUtils.InvalidClaims.ALG);
        validateToken(TokenUtils.encryptClaims("/Token1.json", hashSet));
    }

    @Test(groups = {TCKConstants.TEST_GROUP_UTILS}, description = "Illustrate validation of a JWT")
    public void testValidToken() throws Exception {
        validateToken(TokenUtils.encryptClaims("/Token1.json"));
    }

    @Test(groups = {TCKConstants.TEST_GROUP_UTILS}, expectedExceptions = {InvalidJwtException.class}, description = "Illustrate validation failure if signed token is used")
    public void testValidateSignedToken() throws Exception {
        validateToken(TokenUtils.signClaims("/Token1.json"));
    }

    @Test(groups = {TCKConstants.TEST_GROUP_UTILS}, expectedExceptions = {InvalidJwtException.class}, description = "Illustrate validation of alg")
    public void testFailIssuer() throws Exception {
        HashSet hashSet = new HashSet();
        hashSet.add(TokenUtils.InvalidClaims.ISSUER);
        validateToken(TokenUtils.encryptClaims("/Token1.json", hashSet));
    }

    @Test(groups = {TCKConstants.TEST_GROUP_UTILS}, expectedExceptions = {InvalidJwtException.class}, description = "Illustrate validation of encryptor")
    public void testFailEncryption() throws Exception {
        HashSet hashSet = new HashSet();
        hashSet.add(TokenUtils.InvalidClaims.ENCRYPTOR);
        validateToken(TokenUtils.encryptClaims("/Token1.json", hashSet));
    }

    @Test(groups = {TCKConstants.TEST_GROUP_UTILS}, expectedExceptions = {InvalidJwtException.class}, description = "Illustrate validation of exp")
    public void testFailExpired() throws Exception {
        HashMap hashMap = new HashMap();
        HashSet hashSet = new HashSet();
        hashSet.add(TokenUtils.InvalidClaims.EXP);
        validateToken(TokenUtils.encryptClaims("/Token1.json", hashSet, hashMap));
    }

    @Test(groups = {TCKConstants.TEST_GROUP_UTILS}, expectedExceptions = {InvalidJwtException.class}, description = "Illustrate validation of exp that has just expired")
    public void testFailJustExpired() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put(Claims.exp.name(), Long.valueOf(TokenUtils.currentTimeInSecs() - 61));
        validateToken(TokenUtils.encryptClaims("/Token1.json", (Set) null, hashMap));
    }

    @Test(groups = {TCKConstants.TEST_GROUP_UTILS}, description = "Illustrate validation of exp that is in grace period")
    public void testExpGrace() throws Exception {
        HashMap hashMap = new HashMap();
        long currentTimeInSecs = TokenUtils.currentTimeInSecs() - 45;
        hashMap.put(Claims.exp.name(), Long.valueOf(currentTimeInSecs));
        validateToken(TokenUtils.encryptClaims("/Token1.json", (Set) null, hashMap), Long.valueOf(currentTimeInSecs));
    }

    private void validateToken(String str) throws Exception {
        validateToken(str, null);
    }

    private void validateToken(String str, Long l) throws Exception {
        RSAPrivateKey readPrivateKey = TokenUtils.readPrivateKey("/privateKey.pem");
        JwtConsumerBuilder jwtConsumerBuilder = new JwtConsumerBuilder();
        jwtConsumerBuilder.setDisableRequireSignature();
        jwtConsumerBuilder.setEnableRequireEncryption();
        jwtConsumerBuilder.setRequireExpirationTime();
        jwtConsumerBuilder.setSkipDefaultAudienceValidation();
        jwtConsumerBuilder.setRequireIssuedAt();
        jwtConsumerBuilder.setJwsAlgorithmConstraints(new AlgorithmConstraints(AlgorithmConstraints.ConstraintType.WHITELIST, new String[]{"RSA-OAEP"}));
        jwtConsumerBuilder.setExpectedIssuer(true, TCKConstants.TEST_ISSUER);
        jwtConsumerBuilder.setDecryptionKey(readPrivateKey);
        jwtConsumerBuilder.setAllowedClockSkewInSeconds(60);
        JwtClaims processToClaims = jwtConsumerBuilder.build().processToClaims(str);
        Assert.assertEquals(processToClaims.getClaimsMap().size(), 19);
        Assert.assertEquals(processToClaims.getIssuer(), TCKConstants.TEST_ISSUER);
        Assert.assertEquals(processToClaims.getJwtId(), "a-123");
        Assert.assertEquals(processToClaims.getSubject(), "24400320");
        Assert.assertEquals(processToClaims.getClaimValueAsString("upn"), "jdoe@example.com");
        Assert.assertEquals(processToClaims.getClaimValueAsString("preferred_username"), "jdoe");
        Assert.assertEquals(processToClaims.getAudience().size(), 1);
        Assert.assertEquals((String) processToClaims.getAudience().get(0), "s6BhdRkqt3");
        if (l != null) {
            Assert.assertEquals(processToClaims.getExpirationTime().getValue(), l.longValue());
            Assert.assertEquals(processToClaims.getIssuedAt().getValue(), l.longValue() - 5);
            Assert.assertEquals(NumericDate.fromSeconds(((Long) processToClaims.getClaimValue("auth_time", Long.class)).longValue()).getValue(), l.longValue() - 5);
        } else {
            Assert.assertNotNull(processToClaims.getExpirationTime());
            long value = processToClaims.getExpirationTime().getValue();
            Assert.assertEquals(processToClaims.getIssuedAt().getValue(), value - 300);
            Assert.assertEquals(NumericDate.fromSeconds(((Long) processToClaims.getClaimValue("auth_time", Long.class)).longValue()).getValue(), value - 300);
        }
        Assert.assertEquals(processToClaims.getClaimValueAsString("customString"), "customStringValue");
        Assert.assertEquals(processToClaims.getClaimValue("customInteger", Long.class), 123456789L);
        Assert.assertEquals(processToClaims.getClaimValue("customDouble", Double.class), Double.valueOf(3.141592653589793d));
        Assert.assertEquals(((List) processToClaims.getClaimsMap().get("roles")).size(), 1);
        Assert.assertEquals(((List) processToClaims.getClaimsMap().get("groups")).size(), 4);
        Assert.assertEquals(((List) processToClaims.getClaimsMap().get("customStringArray")).size(), 3);
        Assert.assertEquals(((List) processToClaims.getClaimsMap().get("customIntegerArray")).size(), 4);
        Assert.assertEquals(((List) processToClaims.getClaimsMap().get("customDoubleArray")).size(), 5);
        Assert.assertEquals(((Map) processToClaims.getClaimsMap().get("customObject")).size(), 3);
    }
}
