package org.gluu.oxauth.comp;

import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.ECDSAVerifier;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.crypto.RSASSAVerifier;
import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.security.KeyStoreException;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Date;
import org.gluu.oxauth.BaseTest;
import org.gluu.oxauth.model.crypto.OxAuthCryptoProvider;
import org.gluu.oxauth.model.crypto.signature.AlgorithmFamily;
import org.gluu.oxauth.model.crypto.signature.ECDSAPublicKey;
import org.gluu.oxauth.model.crypto.signature.SignatureAlgorithm;
import org.gluu.oxauth.model.jwk.Use;
import org.gluu.oxauth.model.jws.ECDSASigner;
import org.gluu.oxauth.model.jws.RSASigner;
import org.gluu.oxauth.model.jwt.Jwt;
import org.gluu.oxauth.model.jwt.JwtType;
import org.json.JSONObject;
import org.testng.Assert;
import org.testng.AssertJUnit;
import org.testng.annotations.Parameters;
import org.testng.annotations.Test;

/* loaded from: input_file:org/gluu/oxauth/comp/JwtCrossCheckTest.class */
public class JwtCrossCheckTest extends BaseTest {

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.gluu.oxauth.comp.JwtCrossCheckTest$1, reason: invalid class name */
    /* loaded from: input_file:org/gluu/oxauth/comp/JwtCrossCheckTest$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$gluu$oxauth$model$crypto$signature$AlgorithmFamily = new int[AlgorithmFamily.values().length];

        static {
            try {
                $SwitchMap$org$gluu$oxauth$model$crypto$signature$AlgorithmFamily[AlgorithmFamily.EC.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$gluu$oxauth$model$crypto$signature$AlgorithmFamily[AlgorithmFamily.RSA.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    @Parameters({"dnName", "keyStoreFile", "keyStoreSecret"})
    @Test
    public void rs256CrossCheck(String str, String str2, String str3) throws Exception {
        crossCheck(new OxAuthCryptoProvider(str2, str3, str), SignatureAlgorithm.RS256);
    }

    @Parameters({"dnName", "keyStoreFile", "keyStoreSecret"})
    @Test
    public void rs384CrossCheck(String str, String str2, String str3) throws Exception {
        crossCheck(new OxAuthCryptoProvider(str2, str3, str), SignatureAlgorithm.RS384);
    }

    @Parameters({"dnName", "keyStoreFile", "keyStoreSecret"})
    @Test
    public void rs512CrossCheck(String str, String str2, String str3) throws Exception {
        crossCheck(new OxAuthCryptoProvider(str2, str3, str), SignatureAlgorithm.RS512);
    }

    @Parameters({"dnName", "keyStoreFile", "keyStoreSecret"})
    @Test
    public void es256CrossCheck(String str, String str2, String str3) throws Exception {
        crossCheck(new OxAuthCryptoProvider(str2, str3, str), SignatureAlgorithm.ES256);
    }

    @Parameters({"dnName", "keyStoreFile", "keyStoreSecret"})
    @Test
    public void es384CrossCheck(String str, String str2, String str3) throws Exception {
        crossCheck(new OxAuthCryptoProvider(str2, str3, str), SignatureAlgorithm.ES384);
    }

    @Parameters({"dnName", "keyStoreFile", "keyStoreSecret"})
    @Test
    public void es512CrossCheck(String str, String str2, String str3) throws Exception {
        crossCheck(new OxAuthCryptoProvider(str2, str3, str), SignatureAlgorithm.ES512);
    }

    private void crossCheck(OxAuthCryptoProvider oxAuthCryptoProvider, SignatureAlgorithm signatureAlgorithm) throws Exception {
        String keyIdByAlgorithm = getKeyIdByAlgorithm(signatureAlgorithm, Use.SIGNATURE, oxAuthCryptoProvider);
        System.out.println(String.format("Cross check for %s ...", signatureAlgorithm.getName()));
        validate(createNimbusJwt(oxAuthCryptoProvider, keyIdByAlgorithm, signatureAlgorithm), oxAuthCryptoProvider, keyIdByAlgorithm, signatureAlgorithm);
        validate(createOxauthJwt(oxAuthCryptoProvider, keyIdByAlgorithm, signatureAlgorithm), oxAuthCryptoProvider, keyIdByAlgorithm, signatureAlgorithm);
        System.out.println(String.format("Finished cross check for %s.", signatureAlgorithm.getName()));
    }

    private static void validate(String str, OxAuthCryptoProvider oxAuthCryptoProvider, String str2, SignatureAlgorithm signatureAlgorithm) throws Exception {
        SignedJWT parse = SignedJWT.parse(str);
        Jwt parse2 = Jwt.parse(str);
        ECDSAVerifier eCDSAVerifier = null;
        ECDSASigner eCDSASigner = null;
        switch (AnonymousClass1.$SwitchMap$org$gluu$oxauth$model$crypto$signature$AlgorithmFamily[signatureAlgorithm.getFamily().ordinal()]) {
            case 1:
                ECKey load = ECKey.load(oxAuthCryptoProvider.getKeyStore(), str2, oxAuthCryptoProvider.getKeyStoreSecret().toCharArray());
                ECPublicKey eCPublicKey = load.toECPublicKey();
                eCDSAVerifier = new ECDSAVerifier(load);
                eCDSASigner = new ECDSASigner(parse2.getHeader().getSignatureAlgorithm(), new ECDSAPublicKey(parse2.getHeader().getSignatureAlgorithm(), eCPublicKey.getW().getAffineX(), eCPublicKey.getW().getAffineY()));
                break;
            case 2:
                RSAKey load2 = RSAKey.load(oxAuthCryptoProvider.getKeyStore(), str2, oxAuthCryptoProvider.getKeyStoreSecret().toCharArray());
                RSAPublicKey rSAPublicKey = load2.toRSAPublicKey();
                eCDSAVerifier = new RSASSAVerifier(load2);
                eCDSASigner = new RSASigner(signatureAlgorithm, new org.gluu.oxauth.model.crypto.signature.RSAPublicKey(rSAPublicKey.getModulus(), rSAPublicKey.getPublicExponent()));
                break;
        }
        AssertJUnit.assertNotNull(eCDSAVerifier);
        AssertJUnit.assertNotNull(eCDSASigner);
        Assert.assertTrue(parse.verify(eCDSAVerifier));
        Assert.assertTrue(oxAuthCryptoProvider.verifySignature(parse2.getSigningInput(), parse2.getEncodedSignature(), str2, (JSONObject) null, (String) null, parse2.getHeader().getSignatureAlgorithm()));
        Assert.assertTrue(eCDSASigner.validate(parse2));
    }

    private static String createNimbusJwt(OxAuthCryptoProvider oxAuthCryptoProvider, String str, SignatureAlgorithm signatureAlgorithm) throws Exception {
        RSASSASigner rSASSASigner = null;
        switch (AnonymousClass1.$SwitchMap$org$gluu$oxauth$model$crypto$signature$AlgorithmFamily[signatureAlgorithm.getFamily().ordinal()]) {
            case 1:
                rSASSASigner = new com.nimbusds.jose.crypto.ECDSASigner(ECKey.load(oxAuthCryptoProvider.getKeyStore(), str, oxAuthCryptoProvider.getKeyStoreSecret().toCharArray()));
                break;
            case 2:
                rSASSASigner = new RSASSASigner(RSAKey.load(oxAuthCryptoProvider.getKeyStore(), str, oxAuthCryptoProvider.getKeyStoreSecret().toCharArray()));
                break;
        }
        SignedJWT signedJWT = new SignedJWT(new JWSHeader.Builder(signatureAlgorithm.getJwsAlgorithm()).keyID(str).build(), new JWTClaimsSet.Builder().subject("1202.d50a4eeb-ab5d-474b-aaaf-e4aa47bc54a5").issuer("1202.d50a4eeb-ab5d-474b-aaaf-e4aa47bc54a5").expirationTime(new Date(1575559276888000L)).issueTime(new Date(1575559276888000L)).audience("https://gomer-vbox/oxauth/restv1/token").build());
        signedJWT.sign(rSASSASigner);
        return signedJWT.serialize();
    }

    private static String createOxauthJwt(OxAuthCryptoProvider oxAuthCryptoProvider, String str, SignatureAlgorithm signatureAlgorithm) throws Exception {
        Jwt jwt = new Jwt();
        jwt.getHeader().setKeyId(str);
        jwt.getHeader().setType(JwtType.JWT);
        jwt.getHeader().setAlgorithm(signatureAlgorithm);
        jwt.getClaims().setSubjectIdentifier("1202.d50a4eeb-ab5d-474b-aaaf-e4aa47bc54a5");
        jwt.getClaims().setIssuer("1202.d50a4eeb-ab5d-474b-aaaf-e4aa47bc54a5");
        jwt.getClaims().setExpirationTime(new Date(1575559276888000L));
        jwt.getClaims().setIssuedAt(new Date(1575559276888000L));
        jwt.getClaims().setAudience("https://gomer-vbox/oxauth/restv1/token");
        jwt.setEncodedSignature(oxAuthCryptoProvider.sign(jwt.getSigningInput(), jwt.getHeader().getKeyId(), (String) null, signatureAlgorithm));
        return jwt.toString();
    }

    private static String getKeyIdByAlgorithm(SignatureAlgorithm signatureAlgorithm, Use use, OxAuthCryptoProvider oxAuthCryptoProvider) throws KeyStoreException {
        for (String str : oxAuthCryptoProvider.getKeys()) {
            if (str.endsWith(use.getParamName() + "_" + signatureAlgorithm.getName().toLowerCase())) {
                return str;
            }
        }
        return null;
    }
}
