package io.jans.as.server.ssa.ws.rs;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.jwk.JWK;
import io.jans.as.common.model.ssa.Ssa;
import io.jans.as.model.config.WebKeysConfiguration;
import io.jans.as.model.configuration.AppConfiguration;
import io.jans.as.model.crypto.AbstractCryptoProvider;
import io.jans.as.model.crypto.signature.SignatureAlgorithm;
import io.jans.as.model.exception.CryptoProviderException;
import io.jans.as.model.jwk.Algorithm;
import io.jans.as.model.jwk.JSONWebKey;
import io.jans.as.model.jwt.Jwt;
import io.jans.as.model.jwt.JwtClaims;
import io.jans.as.model.jwt.JwtHeader;
import io.jans.as.model.ssa.SsaConfiguration;
import io.jans.as.model.util.Base64Util;
import io.jans.as.server.model.common.ExecutionContext;
import io.jans.orm.PersistenceEntryManager;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.RSAPrivateKey;
import java.text.ParseException;
import java.util.Collections;
import java.util.GregorianCalendar;
import java.util.TimeZone;
import java.util.UUID;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.json.JSONObject;
import org.mockito.ArgumentCaptor;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.testng.MockitoTestNGListener;
import org.slf4j.Logger;
import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Listeners;
import org.testng.annotations.Test;

@Listeners({MockitoTestNGListener.class})
/* loaded from: input_file:io/jans/as/server/ssa/ws/rs/SsaServiceTest.class */
public class SsaServiceTest {
    private final String senderJwkJson = "{\n    \"kty\": \"RSA\",\n    \"d\": \"iSx-zxihgOITpEhz6WwGiiCZjxx597wqblhSYgFWa_bL9esLY3FT_Kq9sdvGPiI8QmObRxPZuTi4n3BVKYUWcfjVz3swq7VmESxnJJZE-vMI9NTaZ-CT2b4I-c3qwAsejhWagJf899I3MRtPOnyxMimyOw4_5YYvXjBkXkCMfCsbj5TBR3RbtMrUYzDMXsVT1EJ_7H76DPBFJx5JptsEAA17VMtqwvWhRutnPyQOftDGPxD-1aGgpteKOUCv7Lx-mFX-zV6nnPB8vmgTgaMqCbCFKSZI567p714gzWBkwnNdRHleX8wos8yZAGbdwGqqUz5x3iKKdn3c7U9TTU7DAQ\",\n    \"e\": \"AQAB\",\n    \"use\": \"sig\",\n    \"kid\": \"1\",\n    \"alg\": \"RS256\",\n    \"n\": \"i6tdK2fREwykTUU-qkYkiSHgg9B31-8EjVCbH0iyrewY9s7_WYPT7I3argjcmiDkufnVfGGW0FadtO3br-Qgk_N2e9LqGMtjUoGMZKFS3fJhqjnLYDi_E5l2FYU_ilw4EXPsZJY0CaM7BxjwUBoCjopYrgvtdxA9G6gpGoAH4LopAkgX-gkawVLpB4NpLvA09FLF2OlYZL7aaybvM2Lz_IXEPa-LSOwLum80Et-_A1-YMx_Z767Iwl1pGTpgZ87jrDD1vEdMdiLcWFG3UIYAAIxtg6X23cvQVLMaXKpyV0USDCWRJrZYxEDgZngbDRj3Sd2-LnixPkMWAfo_D9lBVQ\"\n}";
    private AbstractCryptoProvider cryptoProvider;

    @Mock
    private Logger log;

    @InjectMocks
    private SsaService ssaService;

    @Mock
    private AppConfiguration appConfiguration;

    @Mock
    private PersistenceEntryManager persistenceEntryManager;
    private Ssa ssa;

    @BeforeMethod
    public void setUp() {
        Security.addProvider(new BouncyCastleProvider());
        this.cryptoProvider = new AbstractCryptoProvider() { // from class: io.jans.as.server.ssa.ws.rs.SsaServiceTest.1
            public JSONObject generateKey(Algorithm algorithm, Long l) throws CryptoProviderException {
                return null;
            }

            public JSONObject generateKey(Algorithm algorithm, Long l, int i) throws CryptoProviderException {
                return null;
            }

            public String sign(String str, String str2, String str3, SignatureAlgorithm signatureAlgorithm) throws CryptoProviderException {
                try {
                    RSAPrivateKey rSAPrivateKey = JWK.parse("{\n    \"kty\": \"RSA\",\n    \"d\": \"iSx-zxihgOITpEhz6WwGiiCZjxx597wqblhSYgFWa_bL9esLY3FT_Kq9sdvGPiI8QmObRxPZuTi4n3BVKYUWcfjVz3swq7VmESxnJJZE-vMI9NTaZ-CT2b4I-c3qwAsejhWagJf899I3MRtPOnyxMimyOw4_5YYvXjBkXkCMfCsbj5TBR3RbtMrUYzDMXsVT1EJ_7H76DPBFJx5JptsEAA17VMtqwvWhRutnPyQOftDGPxD-1aGgpteKOUCv7Lx-mFX-zV6nnPB8vmgTgaMqCbCFKSZI567p714gzWBkwnNdRHleX8wos8yZAGbdwGqqUz5x3iKKdn3c7U9TTU7DAQ\",\n    \"e\": \"AQAB\",\n    \"use\": \"sig\",\n    \"kid\": \"1\",\n    \"alg\": \"RS256\",\n    \"n\": \"i6tdK2fREwykTUU-qkYkiSHgg9B31-8EjVCbH0iyrewY9s7_WYPT7I3argjcmiDkufnVfGGW0FadtO3br-Qgk_N2e9LqGMtjUoGMZKFS3fJhqjnLYDi_E5l2FYU_ilw4EXPsZJY0CaM7BxjwUBoCjopYrgvtdxA9G6gpGoAH4LopAkgX-gkawVLpB4NpLvA09FLF2OlYZL7aaybvM2Lz_IXEPa-LSOwLum80Et-_A1-YMx_Z767Iwl1pGTpgZ87jrDD1vEdMdiLcWFG3UIYAAIxtg6X23cvQVLMaXKpyV0USDCWRJrZYxEDgZngbDRj3Sd2-LnixPkMWAfo_D9lBVQ\"\n}").toRSAPrivateKey();
                    Signature signature = Signature.getInstance(signatureAlgorithm.getAlgorithm(), "BC");
                    signature.initSign(rSAPrivateKey);
                    signature.update(str.getBytes());
                    return Base64Util.base64urlencode(signature.sign());
                } catch (JOSEException | InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | ParseException e) {
                    throw new CryptoProviderException(e);
                }
            }

            public boolean verifySignature(String str, String str2, String str3, JSONObject jSONObject, String str4, SignatureAlgorithm signatureAlgorithm) throws CryptoProviderException {
                return false;
            }

            public boolean deleteKey(String str) throws CryptoProviderException {
                return false;
            }

            public boolean containsKey(String str) {
                return false;
            }

            public PrivateKey getPrivateKey(String str) throws CryptoProviderException {
                return null;
            }

            public PublicKey getPublicKey(String str) throws CryptoProviderException {
                return null;
            }
        };
        GregorianCalendar gregorianCalendar = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
        gregorianCalendar.add(10, 24);
        this.ssa = new Ssa();
        this.ssa.setId(UUID.randomUUID().toString());
        this.ssa.setOrgId("1");
        this.ssa.setExpirationDate(gregorianCalendar.getTime());
        this.ssa.setDescription("Test description");
        this.ssa.getAttributes().setSoftwareId("scan-api-test");
        this.ssa.getAttributes().setSoftwareRoles(Collections.singletonList("passwurd"));
        this.ssa.getAttributes().setGrantTypes(Collections.singletonList("client_credentials"));
        this.ssa.getAttributes().setOneTimeUse(true);
        this.ssa.getAttributes().setRotateSsa(true);
    }

    @Test
    public void persist_ssa_valid() {
        this.ssaService.persist(this.ssa);
        ((PersistenceEntryManager) Mockito.verify(this.persistenceEntryManager)).persist(Mockito.any(Ssa.class));
        Mockito.verifyNoInteractions(new Object[]{this.log});
        ArgumentCaptor forClass = ArgumentCaptor.forClass(Ssa.class);
        ((PersistenceEntryManager) Mockito.verify(this.persistenceEntryManager)).persist(forClass.capture());
        assertSsaWithAux(this.ssa, (Ssa) forClass.getValue());
    }

    @Test
    public void merge_ssa_valid() {
        this.ssaService.merge(this.ssa);
        ((PersistenceEntryManager) Mockito.verify(this.persistenceEntryManager)).merge(Mockito.any(Ssa.class));
        Mockito.verifyNoInteractions(new Object[]{this.log});
        ArgumentCaptor forClass = ArgumentCaptor.forClass(Ssa.class);
        ((PersistenceEntryManager) Mockito.verify(this.persistenceEntryManager)).merge(forClass.capture());
        assertSsaWithAux(this.ssa, (Ssa) forClass.getValue());
    }

    @Test
    public void generateJwt_executionContextWithPostProcessorNull_jwtValid() {
        JSONWebKey fromJSONObject = JSONWebKey.fromJSONObject(new JSONObject("{\n    \"kty\": \"RSA\",\n    \"d\": \"iSx-zxihgOITpEhz6WwGiiCZjxx597wqblhSYgFWa_bL9esLY3FT_Kq9sdvGPiI8QmObRxPZuTi4n3BVKYUWcfjVz3swq7VmESxnJJZE-vMI9NTaZ-CT2b4I-c3qwAsejhWagJf899I3MRtPOnyxMimyOw4_5YYvXjBkXkCMfCsbj5TBR3RbtMrUYzDMXsVT1EJ_7H76DPBFJx5JptsEAA17VMtqwvWhRutnPyQOftDGPxD-1aGgpteKOUCv7Lx-mFX-zV6nnPB8vmgTgaMqCbCFKSZI567p714gzWBkwnNdRHleX8wos8yZAGbdwGqqUz5x3iKKdn3c7U9TTU7DAQ\",\n    \"e\": \"AQAB\",\n    \"use\": \"sig\",\n    \"kid\": \"1\",\n    \"alg\": \"RS256\",\n    \"n\": \"i6tdK2fREwykTUU-qkYkiSHgg9B31-8EjVCbH0iyrewY9s7_WYPT7I3argjcmiDkufnVfGGW0FadtO3br-Qgk_N2e9LqGMtjUoGMZKFS3fJhqjnLYDi_E5l2FYU_ilw4EXPsZJY0CaM7BxjwUBoCjopYrgvtdxA9G6gpGoAH4LopAkgX-gkawVLpB4NpLvA09FLF2OlYZL7aaybvM2Lz_IXEPa-LSOwLum80Et-_A1-YMx_Z767Iwl1pGTpgZ87jrDD1vEdMdiLcWFG3UIYAAIxtg6X23cvQVLMaXKpyV0USDCWRJrZYxEDgZngbDRj3Sd2-LnixPkMWAfo_D9lBVQ\"\n}"));
        WebKeysConfiguration webKeysConfiguration = new WebKeysConfiguration();
        webKeysConfiguration.setKeys(Collections.singletonList(fromJSONObject));
        SsaConfiguration ssaConfiguration = new SsaConfiguration();
        Mockito.when(this.appConfiguration.getSsaConfiguration()).thenReturn(ssaConfiguration);
        Mockito.when(this.appConfiguration.getIssuer()).thenReturn("https://jans.io");
        ExecutionContext executionContext = (ExecutionContext) Mockito.mock(ExecutionContext.class);
        assertSsaJwt(fromJSONObject, ssaConfiguration.getSsaSigningAlg(), "https://jans.io", this.ssa, this.ssaService.generateJwt(this.ssa, executionContext, webKeysConfiguration, this.cryptoProvider));
        ((ExecutionContext) Mockito.verify(executionContext)).getPostProcessor();
    }

    @Test
    public void generateJwt_executionContextWithPostProcessor_jwtValid() {
        JSONWebKey fromJSONObject = JSONWebKey.fromJSONObject(new JSONObject("{\n    \"kty\": \"RSA\",\n    \"d\": \"iSx-zxihgOITpEhz6WwGiiCZjxx597wqblhSYgFWa_bL9esLY3FT_Kq9sdvGPiI8QmObRxPZuTi4n3BVKYUWcfjVz3swq7VmESxnJJZE-vMI9NTaZ-CT2b4I-c3qwAsejhWagJf899I3MRtPOnyxMimyOw4_5YYvXjBkXkCMfCsbj5TBR3RbtMrUYzDMXsVT1EJ_7H76DPBFJx5JptsEAA17VMtqwvWhRutnPyQOftDGPxD-1aGgpteKOUCv7Lx-mFX-zV6nnPB8vmgTgaMqCbCFKSZI567p714gzWBkwnNdRHleX8wos8yZAGbdwGqqUz5x3iKKdn3c7U9TTU7DAQ\",\n    \"e\": \"AQAB\",\n    \"use\": \"sig\",\n    \"kid\": \"1\",\n    \"alg\": \"RS256\",\n    \"n\": \"i6tdK2fREwykTUU-qkYkiSHgg9B31-8EjVCbH0iyrewY9s7_WYPT7I3argjcmiDkufnVfGGW0FadtO3br-Qgk_N2e9LqGMtjUoGMZKFS3fJhqjnLYDi_E5l2FYU_ilw4EXPsZJY0CaM7BxjwUBoCjopYrgvtdxA9G6gpGoAH4LopAkgX-gkawVLpB4NpLvA09FLF2OlYZL7aaybvM2Lz_IXEPa-LSOwLum80Et-_A1-YMx_Z767Iwl1pGTpgZ87jrDD1vEdMdiLcWFG3UIYAAIxtg6X23cvQVLMaXKpyV0USDCWRJrZYxEDgZngbDRj3Sd2-LnixPkMWAfo_D9lBVQ\"\n}"));
        WebKeysConfiguration webKeysConfiguration = new WebKeysConfiguration();
        webKeysConfiguration.setKeys(Collections.singletonList(fromJSONObject));
        SsaConfiguration ssaConfiguration = new SsaConfiguration();
        Mockito.when(this.appConfiguration.getSsaConfiguration()).thenReturn(ssaConfiguration);
        Mockito.when(this.appConfiguration.getIssuer()).thenReturn("https://jans.io");
        ExecutionContext executionContext = (ExecutionContext) Mockito.mock(ExecutionContext.class);
        Mockito.when(executionContext.getPostProcessor()).thenReturn(jsonWebResponse -> {
            return null;
        });
        assertSsaJwt(fromJSONObject, ssaConfiguration.getSsaSigningAlg(), "https://jans.io", this.ssa, this.ssaService.generateJwt(this.ssa, executionContext, webKeysConfiguration, this.cryptoProvider));
        ((ExecutionContext) Mockito.verify(executionContext, Mockito.times(2))).getPostProcessor();
    }

    @Test
    public void generateJwt_exceptionWithIsErrorEnabledFalse_runtimeException() {
        Mockito.when(Boolean.valueOf(this.log.isErrorEnabled())).thenReturn(false);
        try {
            this.ssaService.generateJwt(this.ssa, (ExecutionContext) Mockito.mock(ExecutionContext.class), (WebKeysConfiguration) Mockito.mock(WebKeysConfiguration.class), this.cryptoProvider);
        } catch (Exception e) {
            Assert.assertNotNull(e, "Exception is null");
        }
        ((Logger) Mockito.verify(this.log)).isErrorEnabled();
        Mockito.verifyNoMoreInteractions(new Object[]{this.log});
    }

    @Test
    public void generateJwt_exceptionWithIsErrorEnabledTrue_runtimeException() {
        Mockito.when(Boolean.valueOf(this.log.isErrorEnabled())).thenReturn(true);
        try {
            this.ssaService.generateJwt(this.ssa, (ExecutionContext) Mockito.mock(ExecutionContext.class), (WebKeysConfiguration) Mockito.mock(WebKeysConfiguration.class), this.cryptoProvider);
        } catch (Exception e) {
            Assert.assertNotNull(e, "Exception is null");
        }
        ((Logger) Mockito.verify(this.log)).isErrorEnabled();
        ((Logger) Mockito.verify(this.log)).error(Mockito.anyString(), (Throwable) Mockito.any(Throwable.class));
    }

    private static void assertSsaJwt(JSONWebKey jSONWebKey, String str, String str2, Ssa ssa, Jwt jwt) {
        Assert.assertNotNull(jwt, "The jwt is null");
        JwtHeader header = jwt.getHeader();
        Assert.assertNotNull(header.getSignatureAlgorithm().getJwsAlgorithm(), "The alg in jwt is null");
        Assert.assertEquals(header.getSignatureAlgorithm().getJwsAlgorithm().toString(), str);
        Assert.assertNotNull(header.getKeyId(), "The kid in jwt is null");
        Assert.assertEquals(header.getKeyId(), jSONWebKey.getKid());
        Assert.assertNotNull(header.getType(), "The type in jwt is null");
        Assert.assertEquals(header.getType().toString(), "jwt");
        JwtClaims claims = jwt.getClaims();
        Assert.assertNotNull(claims.getClaim("org_id"), "The org_id in jwt is null");
        Assert.assertEquals(claims.getClaim("org_id"), Long.valueOf(Long.parseLong(ssa.getOrgId())));
        Assert.assertNotNull(claims.getClaim("software_id"), "The software_id in jwt is null");
        Assert.assertEquals(claims.getClaim("software_id"), ssa.getAttributes().getSoftwareId());
        Assert.assertNotNull(claims.getClaim("software_roles"), "The software_roles in jwt is null");
        Assert.assertEquals(claims.getClaim("software_roles"), ssa.getAttributes().getSoftwareRoles());
        Assert.assertNotNull(claims.getClaim("grant_types"), "The grant_types in jwt is null");
        Assert.assertEquals(claims.getClaim("grant_types"), ssa.getAttributes().getGrantTypes());
        Assert.assertNotNull(claims.getClaim("jti"), "The jti in jwt is null");
        Assert.assertEquals(claims.getClaim("jti"), ssa.getId());
        Assert.assertNotNull(claims.getClaim("iss"), "The iss in jwt is null");
        Assert.assertEquals(claims.getClaim("iss"), str2);
        Assert.assertNotNull(claims.getClaim("iat"), "The iat in jwt is null");
        Assert.assertEquals(claims.getClaim("iat"), ssa.getCreationDate());
        Assert.assertNotNull(claims.getClaim("exp"), "The exp in jwt is null");
        Assert.assertEquals(claims.getClaim("exp"), ssa.getExpirationDate());
    }

    private static void assertSsaWithAux(Ssa ssa, Ssa ssa2) {
        Assert.assertNotNull(ssa2, "ssa is null");
        Assert.assertNotNull(ssa2.getId(), "ssa id is null");
        Assert.assertEquals(ssa2.getId(), ssa.getId());
        Assert.assertNotNull(ssa2.getOrgId(), "ssa org_id is null");
        Assert.assertEquals(ssa2.getOrgId(), ssa.getOrgId());
        Assert.assertNotNull(ssa2.getExpirationDate(), "ssa expiration is null");
        Assert.assertEquals(ssa2.getExpirationDate(), ssa.getExpirationDate());
        Assert.assertNotNull(ssa2.getDescription(), "ssa description is null");
        Assert.assertEquals(ssa2.getDescription(), ssa.getDescription());
        Assert.assertNotNull(ssa2.getAttributes().getSoftwareId(), "ssa software_id is null");
        Assert.assertEquals(ssa2.getAttributes().getSoftwareId(), ssa.getAttributes().getSoftwareId());
        Assert.assertNotNull(ssa2.getAttributes().getSoftwareRoles(), "ssa software_roles is null");
        Assert.assertEquals(ssa2.getAttributes().getSoftwareRoles(), ssa.getAttributes().getSoftwareRoles());
        Assert.assertNotNull(ssa2.getAttributes().getGrantTypes(), "ssa grant_types is null");
        Assert.assertEquals(ssa2.getAttributes().getGrantTypes(), ssa.getAttributes().getGrantTypes());
        Assert.assertNotNull(ssa2.getAttributes().getOneTimeUse(), "ssa one_time_use is null");
        Assert.assertEquals(ssa2.getAttributes().getOneTimeUse(), ssa.getAttributes().getOneTimeUse());
        Assert.assertNotNull(ssa2.getAttributes().getRotateSsa(), "ssa rotate_ssa is null");
        Assert.assertEquals(ssa2.getAttributes().getRotateSsa(), ssa.getAttributes().getRotateSsa());
    }
}
