package org.keycloak.jose.jwk;

import java.nio.charset.StandardCharsets;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECPoint;
import java.util.Arrays;
import java.util.List;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Test;
import org.keycloak.common.crypto.CryptoIntegration;
import org.keycloak.common.util.Base64Url;
import org.keycloak.common.util.CertificateUtils;
import org.keycloak.common.util.KeyUtils;
import org.keycloak.common.util.PemUtils;
import org.keycloak.rule.CryptoInitRule;
import org.keycloak.util.JsonSerialization;

/* loaded from: input_file:org/keycloak/jose/jwk/JWKTest.class */
public abstract class JWKTest {

    @ClassRule
    public static CryptoInitRule cryptoInitRule = new CryptoInitRule();

    @Test
    public void publicRs256() throws Exception {
        KeyPair generateKeyPair = CryptoIntegration.getProvider().getKeyPairGen("RSA").generateKeyPair();
        PublicKey publicKey = generateKeyPair.getPublic();
        X509Certificate generateV1SelfSignedCertificate = CertificateUtils.generateV1SelfSignedCertificate(generateKeyPair, "Test");
        RSAPublicJWK rsa = JWKBuilder.create().kid(KeyUtils.createKeyId(publicKey)).algorithm("RS256").rsa(publicKey, generateV1SelfSignedCertificate);
        Assert.assertNotNull(rsa.getKeyId());
        Assert.assertEquals("RSA", rsa.getKeyType());
        Assert.assertEquals("RS256", rsa.getAlgorithm());
        Assert.assertEquals("sig", rsa.getPublicKeyUse());
        Assert.assertTrue(rsa instanceof RSAPublicJWK);
        Assert.assertNotNull(rsa.getModulus());
        Assert.assertNotNull(rsa.getPublicExponent());
        Assert.assertNotNull(rsa.getX509CertificateChain());
        Assert.assertEquals(PemUtils.encodeCertificate(generateV1SelfSignedCertificate), rsa.getX509CertificateChain()[0]);
        Assert.assertNotNull(rsa.getSha1x509Thumbprint());
        Assert.assertEquals(PemUtils.generateThumbprint(rsa.getX509CertificateChain(), "SHA-1"), rsa.getSha1x509Thumbprint());
        Assert.assertNotNull(rsa.getSha256x509Thumbprint());
        Assert.assertEquals(PemUtils.generateThumbprint(rsa.getX509CertificateChain(), "SHA-256"), rsa.getSha256x509Thumbprint());
        PublicKey publicKey2 = JWKParser.create().parse(JsonSerialization.writeValueAsString(rsa)).toPublicKey();
        Assert.assertArrayEquals(publicKey.getEncoded(), publicKey2.getEncoded());
        byte[] bytes = "Some test string".getBytes(StandardCharsets.UTF_8);
        verify(bytes, sign(bytes, "SHA256withRSA", generateKeyPair.getPrivate()), "SHA256withRSA", publicKey2);
    }

    @Test
    public void publicRs256Chain() throws Exception {
        KeyPair generateKeyPair = CryptoIntegration.getProvider().getKeyPairGen("RSA").generateKeyPair();
        PublicKey publicKey = generateKeyPair.getPublic();
        List asList = Arrays.asList(CertificateUtils.generateV1SelfSignedCertificate(generateKeyPair, "Test"), CertificateUtils.generateV1SelfSignedCertificate(generateKeyPair, "Intermediate"));
        RSAPublicJWK rsa = JWKBuilder.create().kid(KeyUtils.createKeyId(publicKey)).algorithm("RS256").rsa(publicKey, asList);
        Assert.assertNotNull(rsa.getKeyId());
        Assert.assertEquals("RSA", rsa.getKeyType());
        Assert.assertEquals("RS256", rsa.getAlgorithm());
        Assert.assertEquals("sig", rsa.getPublicKeyUse());
        Assert.assertTrue(rsa instanceof RSAPublicJWK);
        Assert.assertNotNull(rsa.getModulus());
        Assert.assertNotNull(rsa.getPublicExponent());
        Assert.assertNotNull(rsa.getX509CertificateChain());
        String[] strArr = new String[asList.size()];
        for (int i = 0; i < asList.size(); i++) {
            strArr[i] = PemUtils.encodeCertificate((Certificate) asList.get(i));
        }
        Assert.assertArrayEquals(strArr, rsa.getX509CertificateChain());
        Assert.assertNotNull(rsa.getSha1x509Thumbprint());
        Assert.assertEquals(PemUtils.generateThumbprint(rsa.getX509CertificateChain(), "SHA-1"), rsa.getSha1x509Thumbprint());
        Assert.assertNotNull(rsa.getSha256x509Thumbprint());
        Assert.assertEquals(PemUtils.generateThumbprint(rsa.getX509CertificateChain(), "SHA-256"), rsa.getSha256x509Thumbprint());
        PublicKey publicKey2 = JWKParser.create().parse(JsonSerialization.writeValueAsString(rsa)).toPublicKey();
        Assert.assertArrayEquals(publicKey.getEncoded(), publicKey2.getEncoded());
        byte[] bytes = "Some test string".getBytes(StandardCharsets.UTF_8);
        verify(bytes, sign(bytes, "SHA256withRSA", generateKeyPair.getPrivate()), "SHA256withRSA", publicKey2);
    }

    @Test
    public void publicEs256() throws Exception {
        KeyPairGenerator keyPairGen = CryptoIntegration.getProvider().getKeyPairGen("EC");
        keyPairGen.initialize(new ECGenParameterSpec("secp256r1"), new SecureRandom());
        KeyPair generateKeyPair = keyPairGen.generateKeyPair();
        PublicKey publicKey = generateKeyPair.getPublic();
        ECPublicJWK ec = JWKBuilder.create().kid(KeyUtils.createKeyId(generateKeyPair.getPublic())).algorithm("ES256").ec(publicKey);
        Assert.assertEquals("EC", ec.getKeyType());
        Assert.assertEquals("ES256", ec.getAlgorithm());
        Assert.assertEquals("sig", ec.getPublicKeyUse());
        Assert.assertTrue(ec instanceof ECPublicJWK);
        ECPublicJWK eCPublicJWK = ec;
        Assert.assertNotNull(eCPublicJWK.getCrv());
        Assert.assertNotNull(eCPublicJWK.getX());
        Assert.assertNotNull(eCPublicJWK.getY());
        byte[] decode = Base64Url.decode(eCPublicJWK.getX());
        byte[] decode2 = Base64Url.decode(eCPublicJWK.getY());
        Assert.assertTrue(publicKey instanceof ECPublicKey);
        ECPoint w = ((ECPublicKey) publicKey).getW();
        Assert.assertNotNull(w);
        int length = JWKUtil.toIntegerBytes(w.getAffineX()).length;
        int length2 = JWKUtil.toIntegerBytes(w.getAffineY()).length;
        Assert.assertEquals(length, decode.length);
        Assert.assertEquals(length2, decode2.length);
        PublicKey publicKey2 = JWKParser.create().parse(JsonSerialization.writeValueAsString(ec)).toPublicKey();
        Assert.assertArrayEquals(publicKey.getEncoded(), publicKey2.getEncoded());
        byte[] bytes = "Some test string".getBytes(StandardCharsets.UTF_8);
        verify(bytes, sign(bytes, "SHA256withECDSA", generateKeyPair.getPrivate()), "SHA256withECDSA", publicKey2);
    }

    @Test
    public void parse() {
        PublicKey publicKey = JWKParser.create().parse("{   \"kty\": \"RSA\",   \"alg\": \"RS256\",   \"use\": \"sig\",   \"kid\": \"3121adaa80ace09f89d80899d4a5dc4ce33d0747\",   \"n\": \"soFDjoZ5mQ8XAA7reQAFg90inKAHk0DXMTizo4JuOsgzUbhcplIeZ7ks83hsEjm8mP8lUVaHMPMAHEIp3gu6Xxsg-s73ofx1dtt_Fo7aj8j383MFQGl8-FvixTVobNeGeC0XBBQjN8lEl-lIwOa4ZoERNAShplTej0ntDp7TQm0=\",   \"e\": \"AQAB\"  }").toPublicKey();
        Assert.assertEquals("RSA", publicKey.getAlgorithm());
        Assert.assertEquals("X.509", publicKey.getFormat());
    }

    private byte[] sign(byte[] bArr, String str, PrivateKey privateKey) throws Exception {
        Signature signature = Signature.getInstance(str);
        signature.initSign(privateKey);
        signature.update(bArr);
        return signature.sign();
    }

    private boolean verify(byte[] bArr, byte[] bArr2, String str, PublicKey publicKey) throws Exception {
        Signature signature = Signature.getInstance(str);
        signature.initVerify(publicKey);
        signature.update(bArr);
        return signature.verify(bArr2);
    }
}
