package io.jans.as.client.ws.rs;

import io.jans.as.client.AuthorizationRequest;
import io.jans.as.client.AuthorizationResponse;
import io.jans.as.client.AuthorizeClient;
import io.jans.as.client.BaseTest;
import io.jans.as.client.RegisterClient;
import io.jans.as.client.RegisterRequest;
import io.jans.as.client.RegisterResponse;
import io.jans.as.client.TokenClient;
import io.jans.as.client.TokenRequest;
import io.jans.as.client.TokenResponse;
import io.jans.as.client.UserInfoClient;
import io.jans.as.client.UserInfoResponse;
import io.jans.as.client.client.AssertBuilder;
import io.jans.as.model.common.AuthenticationMethod;
import io.jans.as.model.common.GrantType;
import io.jans.as.model.common.Prompt;
import io.jans.as.model.common.ResponseType;
import io.jans.as.model.common.SubjectType;
import io.jans.as.model.crypto.signature.SignatureAlgorithm;
import io.jans.as.model.jwt.Jwt;
import io.jans.as.model.register.ApplicationType;
import io.jans.as.model.util.StringUtils;
import java.util.Arrays;
import java.util.List;
import java.util.UUID;
import org.testng.Assert;
import org.testng.annotations.Parameters;
import org.testng.annotations.Test;

/* loaded from: input_file:io/jans/as/client/ws/rs/SectorIdentifierUrlVerificationHttpTest.class */
public class SectorIdentifierUrlVerificationHttpTest extends BaseTest {
    @Parameters({"redirectUris", "sectorIdentifierUri", "redirectUri", "userId", "userSecret"})
    @Test(enabled = false)
    public void pairwiseSectorIdentifierTypeToPreventSubjectIdentifierCorrelation(String str, String str2, String str3, String str4, String str5) throws Exception {
        showTitle("pairwiseSectorIdentifierTypeToPreventSubjectIdentifierCorrelation");
        RegisterResponse requestClientRegistration = requestClientRegistration(str, str2);
        RegisterResponse requestClientRegistration2 = requestClientRegistration(str, str2);
        String requestAuthorizationCodeWithPairwiseSectorIdentifierType = requestAuthorizationCodeWithPairwiseSectorIdentifierType(str3, str4, str5, requestClientRegistration.getClientId(), requestClientRegistration.getClientSecret(), requestClientRegistration.getResponseTypes());
        String requestAuthorizationCodeWithPairwiseSectorIdentifierType2 = requestAuthorizationCodeWithPairwiseSectorIdentifierType(str3, str4, str5, requestClientRegistration2.getClientId(), requestClientRegistration2.getClientSecret(), requestClientRegistration2.getResponseTypes());
        Assert.assertNotEquals(requestAuthorizationCodeWithPairwiseSectorIdentifierType, requestAuthorizationCodeWithPairwiseSectorIdentifierType2, "Each client must receive a different sub value");
        String requestAuthorizationCodeWithPairwiseSectorIdentifierType3 = requestAuthorizationCodeWithPairwiseSectorIdentifierType(str3, str4, str5, requestClientRegistration.getClientId(), requestClientRegistration.getClientSecret(), requestClientRegistration.getResponseTypes());
        String requestAuthorizationCodeWithPairwiseSectorIdentifierType4 = requestAuthorizationCodeWithPairwiseSectorIdentifierType(str3, str4, str5, requestClientRegistration2.getClientId(), requestClientRegistration2.getClientSecret(), requestClientRegistration2.getResponseTypes());
        Assert.assertEquals(requestAuthorizationCodeWithPairwiseSectorIdentifierType, requestAuthorizationCodeWithPairwiseSectorIdentifierType3, "Same client must receive the same sub value");
        Assert.assertEquals(requestAuthorizationCodeWithPairwiseSectorIdentifierType2, requestAuthorizationCodeWithPairwiseSectorIdentifierType4, "Same client must receive the same sub value");
    }

    @Parameters({"redirectUris", "sectorIdentifierUri", "redirectUri", "userId", "userSecret"})
    @Test(enabled = true)
    public void shareSubjectIdBetweenClientsWithSameSectorId(String str, String str2, String str3, String str4, String str5) throws Exception {
        showTitle("shareSubjectIdBetweenClientsWithSameSectorId");
        RegisterResponse requestClientRegistration = requestClientRegistration(str, str2);
        RegisterResponse requestClientRegistration2 = requestClientRegistration(str, str2);
        String requestAuthorizationCodeWithPairwiseSectorIdentifierType = requestAuthorizationCodeWithPairwiseSectorIdentifierType(str3, str4, str5, requestClientRegistration.getClientId(), requestClientRegistration.getClientSecret(), requestClientRegistration.getResponseTypes());
        String requestAuthorizationCodeWithPairwiseSectorIdentifierType2 = requestAuthorizationCodeWithPairwiseSectorIdentifierType(str3, str4, str5, requestClientRegistration2.getClientId(), requestClientRegistration2.getClientSecret(), requestClientRegistration2.getResponseTypes());
        Assert.assertEquals(requestAuthorizationCodeWithPairwiseSectorIdentifierType, requestAuthorizationCodeWithPairwiseSectorIdentifierType2, "Each client must share the same sub value");
        String requestAuthorizationCodeWithPairwiseSectorIdentifierType3 = requestAuthorizationCodeWithPairwiseSectorIdentifierType(str3, str4, str5, requestClientRegistration.getClientId(), requestClientRegistration.getClientSecret(), requestClientRegistration.getResponseTypes());
        String requestAuthorizationCodeWithPairwiseSectorIdentifierType4 = requestAuthorizationCodeWithPairwiseSectorIdentifierType(str3, str4, str5, requestClientRegistration2.getClientId(), requestClientRegistration2.getClientSecret(), requestClientRegistration2.getResponseTypes());
        Assert.assertEquals(requestAuthorizationCodeWithPairwiseSectorIdentifierType, requestAuthorizationCodeWithPairwiseSectorIdentifierType3, "Same client must receive the same sub value");
        Assert.assertEquals(requestAuthorizationCodeWithPairwiseSectorIdentifierType2, requestAuthorizationCodeWithPairwiseSectorIdentifierType4, "Same client must receive the same sub value");
    }

    public RegisterResponse requestClientRegistration(String str, String str2) {
        List asList = Arrays.asList(ResponseType.CODE, ResponseType.ID_TOKEN);
        RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(str));
        registerRequest.addCustomAttribute("jansTrustedClnt", "true");
        registerRequest.setResponseTypes(asList);
        registerRequest.setSubjectType(SubjectType.PAIRWISE);
        registerRequest.setSectorIdentifierUri(str2);
        registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_POST);
        registerRequest.setScope(Tester.standardScopes);
        RegisterClient registerClient = new RegisterClient(this.registrationEndpoint);
        registerClient.setRequest(registerRequest);
        RegisterResponse exec = registerClient.exec();
        showClient(registerClient);
        AssertBuilder.registerResponse(exec).created().check();
        return exec;
    }

    public String requestAuthorizationCodeWithPairwiseSectorIdentifierType(String str, String str2, String str3, String str4, String str5, List<ResponseType> list) throws Exception {
        List asList = Arrays.asList("openid", "profile", "address", "email");
        String uuid = UUID.randomUUID().toString();
        AuthorizationRequest authorizationRequest = new AuthorizationRequest(list, str4, asList, str, UUID.randomUUID().toString());
        authorizationRequest.setState(uuid);
        authorizationRequest.setAuthUsername(str2);
        authorizationRequest.setAuthPassword(str3);
        authorizationRequest.getPrompts().add(Prompt.NONE);
        AuthorizeClient authorizeClient = new AuthorizeClient(this.authorizationEndpoint);
        authorizeClient.setRequest(authorizationRequest);
        AuthorizationResponse exec = authorizeClient.exec();
        showClient(authorizeClient);
        Assert.assertEquals(exec.getStatus(), 302, "Unexpected response code: " + exec.getStatus());
        AssertBuilder.authorizationResponse(exec).check();
        Assert.assertEquals(exec.getState(), uuid);
        String code = exec.getCode();
        Jwt parse = Jwt.parse(exec.getIdToken());
        AssertBuilder.jwt(parse).validateSignatureRSA(this.jwksUri, SignatureAlgorithm.RS256).notNullAuthenticationTime().claimsPresence("c_hash").check();
        String claimAsString = parse.getClaims().getClaimAsString("sub");
        TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
        tokenRequest.setCode(code);
        tokenRequest.setRedirectUri(str);
        tokenRequest.setAuthUsername(str4);
        tokenRequest.setAuthPassword(str5);
        tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_POST);
        TokenClient tokenClient = new TokenClient(this.tokenEndpoint);
        tokenClient.setRequest(tokenRequest);
        TokenResponse exec2 = tokenClient.exec();
        showClient(tokenClient);
        AssertBuilder.tokenResponse(exec2).notNullRefreshToken().check();
        String accessToken = exec2.getAccessToken();
        UserInfoClient userInfoClient = new UserInfoClient(this.userInfoEndpoint);
        UserInfoResponse execUserInfo = userInfoClient.execUserInfo(accessToken);
        showClient(userInfoClient);
        AssertBuilder.userInfoResponse(execUserInfo).notNullClaimsPersonalData().claimsPresence("email").check();
        return claimAsString;
    }

    @Parameters({"redirectUris", "redirectUri", "userId", "userSecret"})
    @Test
    public void publicSectorIdentifierType(String str, String str2, String str3, String str4) throws Exception {
        showTitle("publicSectorIdentifierType");
        Assert.assertEquals(requestAuthorizationCodeWithPublicSectorIdentifierType(str, str2, str3, str4), requestAuthorizationCodeWithPublicSectorIdentifierType(str, str2, str3, str4), "Each client must receive the same sub value");
    }

    public String requestAuthorizationCodeWithPublicSectorIdentifierType(String str, String str2, String str3, String str4) throws Exception {
        List asList = Arrays.asList(ResponseType.CODE, ResponseType.ID_TOKEN);
        List asList2 = Arrays.asList("openid", "profile", "address", "email");
        RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(str));
        registerRequest.addCustomAttribute("jansTrustedClnt", "true");
        registerRequest.setResponseTypes(asList);
        registerRequest.setSubjectType(SubjectType.PUBLIC);
        registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_POST);
        registerRequest.setScope(asList2);
        RegisterClient registerClient = new RegisterClient(this.registrationEndpoint);
        registerClient.setRequest(registerRequest);
        RegisterResponse exec = registerClient.exec();
        showClient(registerClient);
        AssertBuilder.registerResponse(exec).created().check();
        String clientId = exec.getClientId();
        String clientSecret = exec.getClientSecret();
        String uuid = UUID.randomUUID().toString();
        AuthorizationRequest authorizationRequest = new AuthorizationRequest(asList, clientId, asList2, str2, UUID.randomUUID().toString());
        authorizationRequest.setState(uuid);
        authorizationRequest.setAuthUsername(str3);
        authorizationRequest.setAuthPassword(str4);
        authorizationRequest.getPrompts().add(Prompt.NONE);
        AuthorizeClient authorizeClient = new AuthorizeClient(this.authorizationEndpoint);
        authorizeClient.setRequest(authorizationRequest);
        AuthorizationResponse exec2 = authorizeClient.exec();
        showClient(authorizeClient);
        Assert.assertEquals(exec2.getStatus(), 302, "Unexpected response code: " + exec2.getStatus());
        AssertBuilder.authorizationResponse(exec2).check();
        Assert.assertEquals(exec2.getState(), uuid);
        String code = exec2.getCode();
        Jwt parse = Jwt.parse(exec2.getIdToken());
        AssertBuilder.jwt(parse).validateSignatureRSA(this.jwksUri, SignatureAlgorithm.RS256).notNullAuthenticationTime().claimsPresence("c_hash").check();
        String claimAsString = parse.getClaims().getClaimAsString("sub");
        TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
        tokenRequest.setCode(code);
        tokenRequest.setRedirectUri(str2);
        tokenRequest.setAuthUsername(clientId);
        tokenRequest.setAuthPassword(clientSecret);
        tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_POST);
        TokenClient tokenClient = new TokenClient(this.tokenEndpoint);
        tokenClient.setRequest(tokenRequest);
        TokenResponse exec3 = tokenClient.exec();
        showClient(tokenClient);
        AssertBuilder.tokenResponse(exec3).notNullRefreshToken().check();
        String accessToken = exec3.getAccessToken();
        UserInfoClient userInfoClient = new UserInfoClient(this.userInfoEndpoint);
        UserInfoResponse execUserInfo = userInfoClient.execUserInfo(accessToken);
        showClient(userInfoClient);
        AssertBuilder.userInfoResponse(execUserInfo).notNullClaimsPersonalData().claimsPresence("email").check();
        return claimAsString;
    }

    @Parameters({"redirectUris"})
    @Test
    public void sectorIdentifierUrlVerificationFail1(String str) throws Exception {
        showTitle("sectorIdentifierUrlVerificationFail1");
        RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(str));
        registerRequest.addCustomAttribute("jansTrustedClnt", "true");
        registerRequest.setSectorIdentifierUri("https://INVALID_SECTOR_IDENTIFIER_URL");
        RegisterClient registerClient = new RegisterClient(this.registrationEndpoint);
        registerClient.setRequest(registerRequest);
        RegisterResponse exec = registerClient.exec();
        showClient(registerClient);
        AssertBuilder.registerResponse(exec).bad().check();
    }

    @Parameters({"sectorIdentifierUri"})
    @Test
    public void sectorIdentifierUrlVerificationFail2(String str) throws Exception {
        showTitle("sectorIdentifierUrlVerificationFail2");
        RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList("https://INVALID_REDIRECT_URI https://client.example.com/cb https://client.example.com/cb1 https://client.example.com/cb2"));
        registerRequest.addCustomAttribute("jansTrustedClnt", "true");
        registerRequest.setSectorIdentifierUri(str);
        RegisterClient registerClient = new RegisterClient(this.registrationEndpoint);
        registerClient.setRequest(registerRequest);
        RegisterResponse exec = registerClient.exec();
        showClient(registerClient);
        AssertBuilder.registerResponse(exec).bad().check();
    }

    @Parameters({"redirectUris"})
    @Test
    public void sectorIdentifierUrlVerificationFail3(String str) throws Exception {
        showTitle("sectorIdentifierUrlVerificationFail3");
        RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(str));
        registerRequest.setSubjectType(SubjectType.PAIRWISE);
        registerRequest.setSectorIdentifierUri((String) null);
        RegisterClient registerClient = new RegisterClient(this.registrationEndpoint);
        registerClient.setRequest(registerRequest);
        RegisterResponse exec = registerClient.exec();
        showClient(registerClient);
        AssertBuilder.registerResponse(exec).bad().check();
    }
}
