package au.csiro.fhir.auth;

import au.csiro.test.TestUtils;
import com.auth0.jwt.JWT;
import com.auth0.jwt.algorithms.Algorithm;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.jwk.AsymmetricJWK;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.JWKSet;
import java.security.interfaces.ECKey;
import java.security.interfaces.RSAKey;
import java.text.ParseException;
import java.time.Instant;
import java.util.Collections;
import java.util.List;
import org.apache.http.message.BasicNameValuePair;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:au/csiro/fhir/auth/AsymmetricClientAuthMethodTest.class */
class AsymmetricClientAuthMethodTest {
    AsymmetricClientAuthMethodTest() {
    }

    @Test
    void createsCorrectAssertionAndHeadersForRS384Key() throws JOSEException, ParseException {
        JWKSet parse = JWKSet.parse(TestUtils.getResourceAsString("auth/bulk_rs384_jwks.json"));
        AsymmetricJWK asymmetricJWK = (JWK) parse.getKeys().get(0);
        AsymmetricClientAuthMethod build = AsymmetricClientAuthMethod.builder().tokenEndpoint("token_endpoint_1").clientId("client_id_1").scope("scope_1").privateKey((JWK) parse.getKeys().get(1)).build();
        Instant now = Instant.now();
        Assertions.assertEquals(Collections.emptyList(), build.getAuthHeaders());
        List authParams = build.getAuthParams(now);
        Assertions.assertEquals(2, authParams.size());
        Assertions.assertEquals("urn:ietf:params:oauth:client-assertion-type:jwt-bearer", ((BasicNameValuePair) authParams.stream().filter(basicNameValuePair -> {
            return basicNameValuePair.getName().equals("client_assertion_type");
        }).findFirst().orElseThrow()).getValue());
        JWT.require(Algorithm.RSA384((RSAKey) asymmetricJWK.toPublicKey())).withIssuer("client_id_1").withSubject("client_id_1").withAudience(new String[]{"token_endpoint_1"}).withClaimPresence("jti").withClaim("exp", Long.valueOf(now.getEpochSecond() + 60)).build().verify(JWT.decode(((BasicNameValuePair) authParams.stream().filter(basicNameValuePair2 -> {
            return basicNameValuePair2.getName().equals("client_assertion");
        }).findFirst().orElseThrow()).getValue()));
    }

    @Test
    void createsCorrectAssertionAndHeadersForES384Key() throws JOSEException, ParseException {
        JWKSet parse = JWKSet.parse(TestUtils.getResourceAsString("auth/bulk_es384_jwks.json"));
        AsymmetricJWK asymmetricJWK = (JWK) parse.getKeys().get(0);
        AsymmetricClientAuthMethod build = AsymmetricClientAuthMethod.builder().tokenEndpoint("token_endpoint_2").clientId("client_id_2").scope("scope_2").privateKey((JWK) parse.getKeys().get(1)).build();
        Instant now = Instant.now();
        Assertions.assertEquals(Collections.emptyList(), build.getAuthHeaders());
        List authParams = build.getAuthParams(now);
        Assertions.assertEquals(2, authParams.size());
        Assertions.assertEquals("urn:ietf:params:oauth:client-assertion-type:jwt-bearer", ((BasicNameValuePair) authParams.stream().filter(basicNameValuePair -> {
            return basicNameValuePair.getName().equals("client_assertion_type");
        }).findFirst().orElseThrow()).getValue());
        JWT.require(Algorithm.ECDSA384((ECKey) asymmetricJWK.toPublicKey())).withIssuer("client_id_2").withSubject("client_id_2").withAudience(new String[]{"token_endpoint_2"}).withClaimPresence("jti").withClaim("exp", Long.valueOf(now.getEpochSecond() + 60)).build().verify(JWT.decode(((BasicNameValuePair) authParams.stream().filter(basicNameValuePair2 -> {
            return basicNameValuePair2.getName().equals("client_assertion");
        }).findFirst().orElseThrow()).getValue()));
    }
}
