package org.keycloak.sdjwt;

import com.fasterxml.jackson.databind.JsonNode;
import java.util.Collections;
import java.util.List;
import org.junit.Assert;
import org.junit.Before;
import org.junit.ClassRule;
import org.junit.Test;
import org.keycloak.common.VerificationException;
import org.keycloak.crypto.SignatureVerifierContext;
import org.keycloak.rule.CryptoInitRule;

/* loaded from: input_file:org/keycloak/sdjwt/SdJwtFacadeTest.class */
public abstract class SdJwtFacadeTest {

    @ClassRule
    public static CryptoInitRule cryptoInitRule = new CryptoInitRule();
    private static final String HASH_ALGORITHM = "sha-256";
    private static final String JWS_TYPE = "JWS_TYPE";
    private SdJwtFacade sdJwtFacade;
    private JsonNode claimSet;
    private DisclosureSpec disclosureSpec;

    @Before
    public void setUp() {
        this.sdJwtFacade = new SdJwtFacade(TestSettings.getInstance().getIssuerSignerContext(), HASH_ALGORITHM, JWS_TYPE);
        this.claimSet = TestUtils.readClaimSet(getClass(), "sdjwt/a1.example2-holder-claims.json");
        this.disclosureSpec = DisclosureSpec.builder().withUndisclosedClaim("sub", "2GLC42sKQveCfGfryNRN9w").withUndisclosedClaim("given_name", "eluV5Og3gSNII8EYnsxA_A").withUndisclosedClaim("family_name", "6Ij7tM-a5iVPGboS5tmvVA").build();
    }

    @Test
    public void shouldCreateSdJwtSuccessfully() {
        Assert.assertNotNull(this.sdJwtFacade.createSdJwt(this.claimSet, this.disclosureSpec));
    }

    @Test
    public void shouldVerifySdJwtSuccessfullyWithValidKeys() {
        this.claimSet = TestUtils.readClaimSet(getClass(), "sdjwt/a1.example2-issuer-claims.json");
        try {
            this.sdJwtFacade.verifySdJwt(this.sdJwtFacade.createSdJwt(this.claimSet, this.disclosureSpec), Collections.singletonList(createSignatureVerifierContext("doc-signer-05-25-2022", "ES256", true)), createVerificationOptions());
        } catch (VerificationException e) {
            Assert.fail("Verification failed: " + e.getMessage());
        }
    }

    @Test
    public void shouldReturnSdJwtString() {
        SdJwt createSdJwt = this.sdJwtFacade.createSdJwt(this.claimSet, this.disclosureSpec);
        String sdJwtString = this.sdJwtFacade.getSdJwtString(createSdJwt);
        Assert.assertNotNull(sdJwtString);
        Assert.assertEquals(createSdJwt.toString(), sdJwtString);
    }

    @Test
    public void shouldFailVerificationWithInvalidKeys() {
        this.claimSet = TestUtils.readClaimSet(getClass(), "sdjwt/a1.example2-issuer-claims.json");
        SdJwt createSdJwt = this.sdJwtFacade.createSdJwt(this.claimSet, this.disclosureSpec);
        List singletonList = Collections.singletonList(createSignatureVerifierContext("invalid-key-id", "invalid-algorithm", false));
        IssuerSignedJwtVerificationOpts createVerificationOptions = createVerificationOptions();
        Assert.assertTrue(Assert.assertThrows(VerificationException.class, () -> {
            this.sdJwtFacade.verifySdJwt(createSdJwt, singletonList, createVerificationOptions);
        }).getMessage().contains("Signature could not be verified"));
    }

    private SignatureVerifierContext createSignatureVerifierContext(final String str, final String str2, final boolean z) {
        return new SignatureVerifierContext() { // from class: org.keycloak.sdjwt.SdJwtFacadeTest.1
            public String getKid() {
                return str;
            }

            public String getAlgorithm() {
                return str2;
            }

            public boolean verify(byte[] bArr, byte[] bArr2) {
                return z;
            }
        };
    }

    private IssuerSignedJwtVerificationOpts createVerificationOptions() {
        return new IssuerSignedJwtVerificationOpts(true, true, false);
    }
}
