package org.xdi.oxauth.comp;

import org.codehaus.jettison.json.JSONObject;
import org.testng.Assert;
import org.testng.annotations.Test;
import org.xdi.oxauth.BaseComponentTestAdapter;
import org.xdi.oxauth.model.config.ConfigurationFactory;
import org.xdi.oxauth.model.crypto.AbstractCryptoProvider;
import org.xdi.oxauth.model.crypto.CryptoProviderFactory;
import org.xdi.oxauth.model.crypto.signature.RSAKeyFactory;
import org.xdi.oxauth.model.crypto.signature.SignatureAlgorithm;
import org.xdi.oxauth.model.jwk.JSONWebKey;
import org.xdi.oxauth.model.jws.RSASigner;
import org.xdi.oxauth.model.jwt.Jwt;
import org.xdi.oxauth.model.jwt.JwtHeader;
import org.xdi.oxauth.model.jwt.JwtType;
import org.xdi.oxauth.model.jwt.PureJwt;
import org.xdi.oxauth.model.util.JwtUtil;

/* loaded from: input_file:org/xdi/oxauth/comp/FederationSigningTest.class */
public class FederationSigningTest extends BaseComponentTestAdapter {
    private static final String TEST_METADATA = "{\"federation_id\"  : \"@!2222!0008!FF8F!7434\",\n \"display_name\" : \"Federation example name\",\n \"OPs\" : [\n          {\n            \"display_name\" : \"Example OP\",\n            \"op_id\" : \"example.com\",\n            \"domain\" : \"example.com\"\n          }          \n         ],\n \"RPs\" : [\n          {\n            \"display_name\" : \"oxGraph client\",\n            \"redirect_uri\" : \"example.com/oxGraph\"\n          }\n         ]        \n}";

    @Test
    public void test() {
        try {
            String testKeyId = testKeyId();
            SignatureAlgorithm fromString = SignatureAlgorithm.fromString(ConfigurationFactory.instance().getConfiguration().getFederationSigningAlg());
            RSAKeyFactory valueOf = RSAKeyFactory.valueOf(ConfigurationFactory.instance().getWebKeys().getKey(testKeyId));
            JSONObject jsonObject = JwtHeader.instance().setType(JwtType.JWT).setAlgorithm(fromString).setKeyId(testKeyId).toJsonObject();
            JSONObject jSONObject = new JSONObject(TEST_METADATA);
            AbstractCryptoProvider cryptoProvider = CryptoProviderFactory.getCryptoProvider(ConfigurationFactory.instance().getConfiguration());
            String jSONObject2 = jsonObject.toString();
            String jSONObject3 = jSONObject.toString();
            String str = JwtUtil.base64urlencode(jSONObject2.getBytes("UTF-8")) + "." + JwtUtil.base64urlencode(jSONObject3.getBytes("UTF-8"));
            String str2 = str + "." + cryptoProvider.sign(str, testKeyId, (String) null, SignatureAlgorithm.RS512);
            PureJwt parse = PureJwt.parse(str2);
            Assert.assertTrue(new RSASigner(fromString, valueOf.getPublicKey()).validateSignature(parse.getSigningInput(), parse.getEncodedSignature()));
            Assert.assertTrue(Jwt.parse(str2).getHeader().getClaim("kid").equals(testKeyId));
        } catch (Exception e) {
            Assert.fail(e.getMessage(), e);
        }
    }

    public static String testKeyId() {
        String federationSigningKid = ConfigurationFactory.instance().getConfiguration().getFederationSigningKid();
        if (ConfigurationFactory.instance().getWebKeys().getKey(federationSigningKid) != null) {
            return federationSigningKid;
        }
        if (ConfigurationFactory.instance().getWebKeys().getKey("6898cff9-4f92-4b58-b37c-2a2b6779b0b3") != null) {
            return "6898cff9-4f92-4b58-b37c-2a2b6779b0b3";
        }
        if (ConfigurationFactory.instance().getWebKeys().getKeys().isEmpty()) {
            throw new RuntimeException("Failed to identify key id for signing");
        }
        return ((JSONWebKey) ConfigurationFactory.instance().getWebKeys().getKeys().get(0)).getKid();
    }
}
