package com.google.api.client.json.webtoken;

import com.google.api.client.json.webtoken.JsonWebSignature;
import com.google.api.client.json.webtoken.JsonWebToken;
import com.google.api.client.testing.json.MockJsonFactory;
import com.google.api.client.testing.json.webtoken.TestCertificates;
import com.google.api.client.testing.util.SecurityTestUtils;
import com.google.api.client.util.Base64;
import com.google.api.client.util.StringUtils;
import java.io.IOException;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.util.ArrayList;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:com/google/api/client/json/webtoken/JsonWebSignatureTest.class */
public class JsonWebSignatureTest {
    private static final String ES256_CONTENT = "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6Im1wZjBEQSJ9.eyJhdWQiOiIvcHJvamVjdHMvNjUyNTYyNzc2Nzk4L2FwcHMvY2xvdWQtc2FtcGxlcy10ZXN0cy1waHAtaWFwIiwiZW1haWwiOiJjaGluZ29yQGdvb2dsZS5jb20iLCJleHAiOjE1ODQwNDc2MTcsImdvb2dsZSI6eyJhY2Nlc3NfbGV2ZWxzIjpbImFjY2Vzc1BvbGljaWVzLzUxODU1MTI4MDkyNC9hY2Nlc3NMZXZlbHMvcmVjZW50U2VjdXJlQ29ubmVjdERhdGEiLCJhY2Nlc3NQb2xpY2llcy81MTg1NTEyODA5MjQvYWNjZXNzTGV2ZWxzL3Rlc3ROb09wIiwiYWNjZXNzUG9saWNpZXMvNTE4NTUxMjgwOTI0L2FjY2Vzc0xldmVscy9ldmFwb3JhdGlvblFhRGF0YUZ1bGx5VHJ1c3RlZCJdfSwiaGQiOiJnb29nbGUuY29tIiwiaWF0IjoxNTg0MDQ3MDE3LCJpc3MiOiJodHRwczovL2Nsb3VkLmdvb2dsZS5jb20vaWFwIiwic3ViIjoiYWNjb3VudHMuZ29vZ2xlLmNvbToxMTIxODE3MTI3NzEyMDE5NzI4OTEifQ";
    private static final String ES256_SIGNATURE = "yKNtdFY5EKkRboYNexBdfugzLhC3VuGyFcuFYA8kgpxMqfyxa41zkML68hYKrWu2kOBTUW95UnbGpsIi_u1fiA";
    private static final String GOOGLE_ES256_X = "fHEdeT3a6KaC1kbwov73ZwB_SiUHEyKQwUUtMCEn0aI";
    private static final String GOOGLE_ES256_Y = "QWOjwPhInNuPlqjxLQyhveXpWqOFcQPhZ3t-koMNbZI";

    @Test
    public void testSign() throws Exception {
        JsonWebSignature.Header header = new JsonWebSignature.Header();
        header.setAlgorithm("RS256");
        header.setType("JWT");
        JsonWebToken.Payload payload = new JsonWebToken.Payload();
        payload.setIssuer("issuer").setAudience("audience").setIssuedAtTimeSeconds(0L).setExpirationTimeSeconds(3600L);
        Assert.assertEquals("..kDmKaHNYByLmqAi9ROeLcFmZM7W_emsceKvDZiEGAo-ineCunC6_Nb0HEpAuzIidV-LYTMHS3BvI49KFz9gi6hI3ZndDL5EzplpFJo1ZclVk1_hLn94P2OTAkZ4ydsTfus6Bl98EbCkInpF_2t5Fr8OaHxCZCDdDU7W5DSnOsx4", JsonWebSignature.signUsingRsaSha256(SecurityTestUtils.newRsaPrivateKey(), new MockJsonFactory(), header, payload));
    }

    private X509Certificate verifyX509WithCaCert(TestCertificates.CertData certData) throws IOException, GeneralSecurityException {
        return TestCertificates.getJsonWebSignature().verifySignature(certData.getTrustManager());
    }

    @Test
    public void testImmutableSignatureBytes() throws IOException {
        byte[] signatureBytes = TestCertificates.getJsonWebSignature().getSignatureBytes();
        signatureBytes[0] = (byte) (signatureBytes[0] + 1);
        Assert.assertNotEquals(r0.getSignatureBytes()[0], signatureBytes[0]);
    }

    @Test
    public void testImmutableSignedContentBytes() throws IOException {
        byte[] signedContentBytes = TestCertificates.getJsonWebSignature().getSignedContentBytes();
        signedContentBytes[0] = (byte) (signedContentBytes[0] + 1);
        Assert.assertNotEquals(r0.getSignedContentBytes()[0], signedContentBytes[0]);
    }

    @Test
    public void testImmutableCertificates() throws IOException {
        JsonWebSignature jsonWebSignature = TestCertificates.getJsonWebSignature();
        jsonWebSignature.getHeader().getX509Certificates().set(0, "foo");
        Assert.assertNotEquals("foo", jsonWebSignature.getHeader().getX509Certificates().get(0));
    }

    @Test
    public void testImmutableCritical() throws IOException {
        JsonWebSignature jsonWebSignature = TestCertificates.getJsonWebSignature();
        ArrayList arrayList = new ArrayList();
        jsonWebSignature.getHeader().setCritical(arrayList);
        arrayList.add("bar");
        Assert.assertNull(jsonWebSignature.getHeader().getCritical());
    }

    @Test
    public void testCriticalNullForNone() throws IOException {
        Assert.assertNull(TestCertificates.getJsonWebSignature().getHeader().getCritical());
    }

    @Test
    public void testVerifyX509() throws Exception {
        X509Certificate verifyX509WithCaCert = verifyX509WithCaCert(TestCertificates.CA_CERT);
        Assert.assertNotNull(verifyX509WithCaCert);
        Assert.assertTrue(verifyX509WithCaCert.getSubjectDN().getName().startsWith("CN=foo.bar.com"));
    }

    @Test
    public void testVerifyX509WrongCa() throws Exception {
        Assert.assertNull(verifyX509WithCaCert(TestCertificates.BOGUS_CA_CERT));
    }

    private PublicKey buildEs256PublicKey(String str, String str2) throws NoSuchAlgorithmException, InvalidParameterSpecException, InvalidKeySpecException {
        AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("EC");
        algorithmParameters.init(new ECGenParameterSpec("secp256r1"));
        return KeyFactory.getInstance("EC").generatePublic(new ECPublicKeySpec(new ECPoint(new BigInteger(1, Base64.decodeBase64(str)), new BigInteger(1, Base64.decodeBase64(str2))), (ECParameterSpec) algorithmParameters.getParameterSpec(ECParameterSpec.class)));
    }

    @Test
    public void testVerifyES256() throws Exception {
        PublicKey buildEs256PublicKey = buildEs256PublicKey(GOOGLE_ES256_X, GOOGLE_ES256_Y);
        JsonWebSignature.Header header = new JsonWebSignature.Header();
        header.setAlgorithm("ES256");
        Assert.assertTrue(new JsonWebSignature(header, new JsonWebToken.Payload(), Base64.decodeBase64(ES256_SIGNATURE), StringUtils.getBytesUtf8(ES256_CONTENT)).verifySignature(buildEs256PublicKey));
    }
}
