package org.apereo.cas.token.authentication;

import com.nimbusds.jose.EncryptionMethod;
import com.nimbusds.jose.JWEAlgorithm;
import com.nimbusds.jose.JWSAlgorithm;
import java.util.Map;
import org.apereo.cas.services.CasRegisteredService;
import org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy;
import org.apereo.cas.services.DefaultRegisteredServiceProperty;
import org.apereo.cas.services.RegisteredServiceProperty;
import org.apereo.cas.services.RegisteredServiceTestUtils;
import org.apereo.cas.services.ReturnAllAttributeReleasePolicy;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;

@Tag("Authentication")
/* loaded from: input_file:org/apereo/cas/token/authentication/TokenAuthenticationSecurityTests.class */
public class TokenAuthenticationSecurityTests {
    @Test
    void verifyRsaOperation() throws Throwable {
        CasRegisteredService registeredService = RegisteredServiceTestUtils.getRegisteredService("https://google.com");
        registeredService.setAttributeReleasePolicy(new ReturnAllAttributeReleasePolicy());
        registeredService.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy());
        DefaultRegisteredServiceProperty defaultRegisteredServiceProperty = new DefaultRegisteredServiceProperty();
        defaultRegisteredServiceProperty.addValue("classpath:/RSA4096Private.key");
        registeredService.getProperties().put(RegisteredServiceProperty.RegisteredServiceProperties.TOKEN_SECRET_SIGNING.getPropertyName(), defaultRegisteredServiceProperty);
        DefaultRegisteredServiceProperty defaultRegisteredServiceProperty2 = new DefaultRegisteredServiceProperty();
        defaultRegisteredServiceProperty2.addValue(JWSAlgorithm.RS512.getName());
        registeredService.getProperties().put(RegisteredServiceProperty.RegisteredServiceProperties.TOKEN_SECRET_SIGNING_ALG.getPropertyName(), defaultRegisteredServiceProperty2);
        DefaultRegisteredServiceProperty defaultRegisteredServiceProperty3 = new DefaultRegisteredServiceProperty();
        defaultRegisteredServiceProperty3.addValue("classpath:/RSA4096Public.key");
        registeredService.getProperties().put(RegisteredServiceProperty.RegisteredServiceProperties.TOKEN_SECRET_ENCRYPTION.getPropertyName(), defaultRegisteredServiceProperty3);
        DefaultRegisteredServiceProperty defaultRegisteredServiceProperty4 = new DefaultRegisteredServiceProperty();
        defaultRegisteredServiceProperty4.addValue(JWEAlgorithm.RSA_OAEP_256.getName());
        registeredService.getProperties().put(RegisteredServiceProperty.RegisteredServiceProperties.TOKEN_SECRET_ENCRYPTION_ALG.getPropertyName(), defaultRegisteredServiceProperty4);
        DefaultRegisteredServiceProperty defaultRegisteredServiceProperty5 = new DefaultRegisteredServiceProperty();
        defaultRegisteredServiceProperty5.addValue(EncryptionMethod.A256CBC_HS512.getName());
        registeredService.getProperties().put(RegisteredServiceProperty.RegisteredServiceProperties.TOKEN_SECRET_ENCRYPTION_METHOD.getPropertyName(), defaultRegisteredServiceProperty5);
        TokenAuthenticationSecurity forRegisteredService = TokenAuthenticationSecurity.forRegisteredService(registeredService);
        Assertions.assertTrue(forRegisteredService.toAuthenticator().validateToken(forRegisteredService.toGenerator().generate(Map.of("sub", "casuser", "cn", "CAS"))).containsAttribute("cn"));
    }
}
