package org.primeframework.jwt;

import java.nio.file.Files;
import java.nio.file.Paths;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.util.HashMap;
import org.primeframework.jwt.domain.InvalidJWTException;
import org.primeframework.jwt.domain.InvalidJWTSignatureException;
import org.primeframework.jwt.domain.JWT;
import org.primeframework.jwt.domain.MissingSignatureException;
import org.primeframework.jwt.domain.MissingVerifierException;
import org.primeframework.jwt.domain.NoneNotAllowedException;
import org.primeframework.jwt.hmac.HMACSigner;
import org.primeframework.jwt.hmac.HMACVerifier;
import org.primeframework.jwt.rsa.RSAVerifier;
import org.testng.annotations.Test;

/* loaded from: input_file:org/primeframework/jwt/VulnerabilityTest.class */
public class VulnerabilityTest extends BaseTest {
    @Test
    public void test_SignedWithoutSignature() throws Exception {
        String encode = JWT.getEncoder().encode(new JWT().setSubject("123456789").setIssuedAt(ZonedDateTime.now(ZoneOffset.UTC)).setExpiration(ZonedDateTime.now(ZoneOffset.UTC).plusHours(2L)), HMACSigner.newSHA256Signer("secret"));
        String substring = encode.substring(0, encode.lastIndexOf(46) + 1);
        expectException(NoneNotAllowedException.class, () -> {
            JWT.getDecoder().decode(substring, new Verifier[]{HMACVerifier.newVerifier("secret")});
        });
        expectException(MissingSignatureException.class, () -> {
            JWT.getDecoder().decode(substring, new Verifier[0]);
        });
    }

    @Test
    public void test_encodedJwtWithSignatureRemoved() throws Exception {
        String encode = JWT.getEncoder().encode(new JWT().setSubject("art"), HMACSigner.newSHA256Signer("secret"));
        String substring = encode.substring(0, encode.lastIndexOf("."));
        expectException(InvalidJWTException.class, () -> {
            JWT.getDecoder().decode(substring, new Verifier[]{HMACVerifier.newVerifier("secret")});
        });
    }

    @Test
    public void test_noVerification() throws Exception {
        String encode = JWT.getEncoder().encode(new JWT().setSubject("art"), HMACSigner.newSHA256Signer("secret"));
        expectException(MissingVerifierException.class, () -> {
            JWT.getDecoder().decode(encode, new Verifier[0]);
        });
    }

    @Test
    public void test_unsecuredJWT_validation() throws Exception {
        JWT subject = new JWT().setSubject("123456789");
        UnsecuredSigner unsecuredSigner = new UnsecuredSigner();
        HMACVerifier newVerifier = HMACVerifier.newVerifier("too many secrets");
        String encode = JWTEncoder.getInstance().encode(subject, unsecuredSigner);
        expectException(NoneNotAllowedException.class, () -> {
            JWT.getDecoder().decode(encode, new Verifier[]{newVerifier});
        });
        String encode2 = JWTEncoder.getInstance().encode(subject, unsecuredSigner, header -> {
            header.set("kid", "abc");
        });
        String encode3 = JWTEncoder.getInstance().encode(subject, unsecuredSigner);
        HashMap hashMap = new HashMap();
        hashMap.put(null, newVerifier);
        hashMap.put("abc", newVerifier);
        expectException(NoneNotAllowedException.class, () -> {
            JWT.getDecoder().decode(encode2, hashMap);
        });
        expectException(NoneNotAllowedException.class, () -> {
            JWT.getDecoder().decode(encode3, hashMap);
        });
    }

    @Test
    public void test_vulnerability_HMAC_forgery() throws Exception {
        JWT subject = new JWT().setSubject("123456789");
        HMACSigner newSHA512Signer = HMACSigner.newSHA512Signer(new String(Files.readAllBytes(Paths.get("src/test/resources/rsa_public_key_2048.pem", new String[0]))));
        String encode = JWTEncoder.getInstance().encode(subject, newSHA512Signer, header -> {
            header.set("kid", "abc");
        });
        RSAVerifier newVerifier = RSAVerifier.newVerifier(new String(Files.readAllBytes(Paths.get("src/test/resources/rsa_public_key_2048.pem", new String[0]))));
        HMACVerifier newVerifier2 = HMACVerifier.newVerifier("secret");
        expectException(InvalidJWTSignatureException.class, () -> {
            JWTDecoder.getInstance().decode(encode, new Verifier[]{newVerifier, newVerifier2});
        });
        HashMap hashMap = new HashMap();
        hashMap.put("abc", newVerifier);
        hashMap.put("def", newVerifier2);
        expectException(MissingVerifierException.class, () -> {
            JWTDecoder.getInstance().decode(encode, hashMap);
        });
        String encode2 = JWTEncoder.getInstance().encode(subject, newSHA512Signer, header2 -> {
            header2.set("kid", "def");
        });
        expectException(InvalidJWTSignatureException.class, () -> {
            JWTDecoder.getInstance().decode(encode2, new Verifier[]{newVerifier, newVerifier2});
        });
        expectException(InvalidJWTSignatureException.class, () -> {
            JWTDecoder.getInstance().decode(encode2, hashMap);
        });
    }
}
