package org.keycloak.sdjwt;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ObjectNode;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Test;
import org.keycloak.common.VerificationException;
import org.keycloak.rule.CryptoInitRule;

/* loaded from: input_file:org/keycloak/sdjwt/SdJwsTest.class */
public abstract class SdJwsTest {

    @ClassRule
    public static CryptoInitRule cryptoInitRule = new CryptoInitRule();
    static TestSettings testSettings = TestSettings.getInstance();

    private JsonNode createPayload() {
        ObjectNode createObjectNode = new ObjectMapper().createObjectNode();
        createObjectNode.put("sub", "test");
        createObjectNode.put("exp", Instant.now().plus(1L, (TemporalUnit) ChronoUnit.HOURS).getEpochSecond());
        createObjectNode.put("name", "Test User");
        return createObjectNode;
    }

    @Test
    public void testVerifySignature_Positive() throws Exception {
        new SdJws(createPayload(), testSettings.holderSigContext, "jwt") { // from class: org.keycloak.sdjwt.SdJwsTest.1
        }.verifySignature(testSettings.holderVerifierContext);
    }

    @Test
    public void testVerifySignature_WrongPublicKey() {
        SdJws sdJws = new SdJws(createPayload(), testSettings.holderSigContext, "jwt") { // from class: org.keycloak.sdjwt.SdJwsTest.2
        };
        Assert.assertThrows(VerificationException.class, () -> {
            sdJws.verifySignature(testSettings.issuerVerifierContext);
        });
    }

    @Test
    public void testVerifyExpClaim_ExpiredJWT() {
        ObjectNode createPayload = createPayload();
        createPayload.put("exp", Instant.now().minus(1L, (TemporalUnit) ChronoUnit.HOURS).getEpochSecond());
        SdJws sdJws = new SdJws(createPayload) { // from class: org.keycloak.sdjwt.SdJwsTest.3
        };
        Objects.requireNonNull(sdJws);
        Assert.assertThrows(VerificationException.class, sdJws::verifyExpClaim);
    }

    @Test
    public void testVerifyExpClaim_Positive() throws Exception {
        ObjectNode createPayload = createPayload();
        createPayload.put("exp", Instant.now().plus(1L, (TemporalUnit) ChronoUnit.HOURS).getEpochSecond());
        new SdJws(createPayload) { // from class: org.keycloak.sdjwt.SdJwsTest.4
        }.verifyExpClaim();
    }

    @Test
    public void testVerifyNotBeforeClaim_Negative() {
        ObjectNode createPayload = createPayload();
        createPayload.put("nbf", Instant.now().plus(1L, (TemporalUnit) ChronoUnit.HOURS).getEpochSecond());
        SdJws sdJws = new SdJws(createPayload) { // from class: org.keycloak.sdjwt.SdJwsTest.5
        };
        Objects.requireNonNull(sdJws);
        Assert.assertThrows(VerificationException.class, sdJws::verifyNotBeforeClaim);
    }

    @Test
    public void testVerifyNotBeforeClaim_Positive() throws Exception {
        ObjectNode createPayload = createPayload();
        createPayload.put("nbf", Instant.now().minus(1L, (TemporalUnit) ChronoUnit.HOURS).getEpochSecond());
        new SdJws(createPayload) { // from class: org.keycloak.sdjwt.SdJwsTest.6
        }.verifyNotBeforeClaim();
    }

    @Test
    public void testPayloadJwsConstruction() {
        Assert.assertNotNull(new SdJws(createPayload()) { // from class: org.keycloak.sdjwt.SdJwsTest.7
        }.getPayload());
    }

    @Test(expected = IllegalStateException.class)
    public void testUnsignedJwsConstruction() {
        new SdJws(createPayload()) { // from class: org.keycloak.sdjwt.SdJwsTest.8
        }.toJws();
    }

    @Test
    public void testSignedJwsConstruction() {
        Assert.assertNotNull(new SdJws(createPayload(), testSettings.holderSigContext, "jwt") { // from class: org.keycloak.sdjwt.SdJwsTest.9
        }.toJws());
    }

    @Test
    public void testVerifyIssClaim_Negative() {
        List asList = Arrays.asList("issuer1@sdjwt.com", "issuer2@sdjwt.com");
        ObjectNode createPayload = createPayload();
        createPayload.put("iss", "unknown-issuer@sdjwt.com");
        SdJws sdJws = new SdJws(createPayload) { // from class: org.keycloak.sdjwt.SdJwsTest.10
        };
        Assert.assertEquals("Unknown 'iss' claim value: unknown-issuer@sdjwt.com", Assert.assertThrows(VerificationException.class, () -> {
            sdJws.verifyIssClaim(asList);
        }).getMessage());
    }

    @Test
    public void testVerifyIssClaim_Positive() throws VerificationException {
        List asList = Arrays.asList("issuer1@sdjwt.com", "issuer2@sdjwt.com");
        ObjectNode createPayload = createPayload();
        createPayload.put("iss", "issuer1@sdjwt.com");
        new SdJws(createPayload) { // from class: org.keycloak.sdjwt.SdJwsTest.11
        }.verifyIssClaim(asList);
    }

    @Test
    public void testVerifyVctClaim_Negative() {
        ObjectNode createPayload = createPayload();
        createPayload.put("vct", "IdentityCredential");
        SdJws sdJws = new SdJws(createPayload) { // from class: org.keycloak.sdjwt.SdJwsTest.12
        };
        Assert.assertEquals("Unknown 'vct' claim value: IdentityCredential", Assert.assertThrows(VerificationException.class, () -> {
            sdJws.verifyVctClaim(Collections.singletonList("PassportCredential"));
        }).getMessage());
    }

    @Test
    public void testVerifyVctClaim_Positive() throws VerificationException {
        ObjectNode createPayload = createPayload();
        createPayload.put("vct", "IdentityCredential");
        new SdJws(createPayload) { // from class: org.keycloak.sdjwt.SdJwsTest.13
        }.verifyVctClaim(Collections.singletonList("IdentityCredential"));
    }

    @Test
    public void shouldValidateAgeSinceIssued() throws VerificationException {
        exampleSdJws(Instant.now().getEpochSecond()).verifyAge(180);
    }

    @Test
    public void shouldValidateAgeSinceIssued_IfJwtIsTooOld() {
        SdJws exampleSdJws = exampleSdJws(Instant.now().getEpochSecond() - 1000);
        Assert.assertEquals("jwt is too old", Assert.assertThrows(VerificationException.class, () -> {
            exampleSdJws.verifyAge(180);
        }).getMessage());
    }

    private SdJws exampleSdJws(long j) {
        ObjectNode createObjectNode = SdJwtUtils.mapper.createObjectNode();
        createObjectNode.set("iat", SdJwtUtils.mapper.valueToTree(Long.valueOf(j)));
        return new SdJws(createObjectNode) { // from class: org.keycloak.sdjwt.SdJwsTest.14
        };
    }
}
