package com.ibm.ws.security.fat.common.social.oidc.certification;

import com.gargoylesoftware.htmlunit.Page;
import com.gargoylesoftware.htmlunit.WebRequest;
import com.ibm.websphere.simplicity.RemoteFile;
import com.ibm.websphere.simplicity.config.ConfigElementList;
import com.ibm.websphere.simplicity.config.ServerConfiguration;
import com.ibm.websphere.simplicity.config.Variable;
import com.ibm.websphere.simplicity.log.Log;
import com.ibm.ws.security.fat.common.CommonSecurityFat;
import com.ibm.ws.security.fat.common.Constants;
import com.ibm.ws.security.fat.common.actions.TestActions;
import com.ibm.ws.security.fat.common.expectations.Expectations;
import com.ibm.ws.security.fat.common.expectations.ResponseFullExpectation;
import com.ibm.ws.security.fat.common.expectations.ResponseStatusExpectation;
import com.ibm.ws.security.fat.common.expectations.ResponseUrlExpectation;
import com.ibm.ws.security.fat.common.expectations.ServerMessageExpectation;
import com.ibm.ws.security.fat.common.social.MessageConstants;
import com.ibm.ws.security.fat.common.social.expectations.UserInfoJsonExpectation;
import com.ibm.ws.security.fat.common.utils.FatStringUtils;
import com.ibm.ws.security.fat.common.validation.TestValidationUtils;
import com.ibm.ws.security.fat.common.web.WebResponseUtils;
import componenttest.annotation.AllowedFFDC;
import componenttest.custom.junit.runner.FATRunner;
import componenttest.custom.junit.runner.Mode;
import componenttest.topology.impl.LibertyServer;
import java.io.StringReader;
import java.net.MalformedURLException;
import java.util.HashMap;
import java.util.Map;
import javax.json.Json;
import javax.json.JsonArray;
import javax.json.JsonArrayBuilder;
import javax.json.JsonObject;
import javax.json.JsonObjectBuilder;
import javax.json.JsonValue;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;

@Mode(Mode.TestMode.FULL)
@RunWith(FATRunner.class)
/* loaded from: input_file:com/ibm/ws/security/fat/common/social/oidc/certification/OidcCertificationRPBasicProfileTests.class */
public abstract class OidcCertificationRPBasicProfileTests extends CommonSecurityFat {
    public static final String CERTIFICATION_HOST_AND_PORT = "https://rp.certification.openid.net:8080";
    protected final String clientRegistrationContact = "oidc_certification_contact@us.ibm.com";
    protected final String defaultScope = "openid";
    protected final String defaultSignatureAlgorithm = "RS256";
    protected static LibertyServer server;
    public static Class<?> thisClass = OidcCertificationRPBasicProfileTests.class;
    protected static TestActions actions = new TestActions();
    protected static TestValidationUtils validationUtils = new TestValidationUtils();
    protected static String protectedUrl = null;
    protected static String certificationBaseUrl = null;
    protected static String rpId = null;
    protected static String clientId = null;
    protected static String defaultTokenEndpointAuthMethod = "client_secret_post";

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:com/ibm/ws/security/fat/common/social/oidc/certification/OidcCertificationRPBasicProfileTests$UserInfo.class */
    public enum UserInfo {
        DISABLED,
        ENABLED
    }

    @BeforeClass
    public static void commonBeforeClass() {
        verifyCertificationEndpointIsResponding();
    }

    protected static void verifyCertificationEndpointIsResponding() {
        Expectations expectations = new Expectations();
        expectations.addExpectation(new ResponseStatusExpectation("verifyCertificationEndpointIsResponding", 200));
        try {
            validationUtils.validateResult(actions.invokeUrl("verifyCertificationEndpointIsResponding", CERTIFICATION_HOST_AND_PORT), "verifyCertificationEndpointIsResponding", expectations);
        } catch (Exception e) {
            Assert.fail("Failed to properly access the RP certification endpoint [" + CERTIFICATION_HOST_AND_PORT + "]. No tests will run in this class. The exception was: " + e);
        }
    }

    @Test
    @Mode(Mode.TestMode.LITE)
    public void test_responseType_code() throws Exception {
        registerClientAndUpdateSystemProperties(getOpConfigurationForConformanceTest("rp-response_type-code"), clientId);
        Page invokeUrl = actions.invokeUrl(this.testName.getMethodName(), protectedUrl);
        String extractAssignedUserNameFromResponse = extractAssignedUserNameFromResponse(invokeUrl);
        Log.info(thisClass, this._testName, "Extracted remote user: [" + extractAssignedUserNameFromResponse + "]");
        validationUtils.validateResult(invokeUrl, getTestExpectations_rp_response_type_code("rp-response_type-code", extractAssignedUserNameFromResponse));
    }

    protected Expectations getTestExpectations_rp_response_type_code(String str, String str2) {
        return getSuccessfulConformanceTestExpectations(str, str2, UserInfo.DISABLED);
    }

    @Test
    public void test_idTokenIssuerMismatch() throws Exception {
        Expectations testExpectations_rp_id_token_issuer_mismatch = getTestExpectations_rp_id_token_issuer_mismatch(registerClientAndUpdateSystemProperties(getOpConfigurationForConformanceTest("rp-id_token-issuer-mismatch"), clientId));
        validationUtils.validateResult(actions.invokeUrl(this.testName.getMethodName(), protectedUrl), testExpectations_rp_id_token_issuer_mismatch);
    }

    protected Expectations getTestExpectations_rp_id_token_issuer_mismatch(JsonObject jsonObject) {
        String string = jsonObject.getString(Constants.RP_KEY_CLIENT_ID);
        Expectations unauthorizedResponseExpectations = getUnauthorizedResponseExpectations();
        unauthorizedResponseExpectations.addExpectation(new ServerMessageExpectation(server, "CWWKS1751E.+" + string));
        unauthorizedResponseExpectations.addExpectation(new ServerMessageExpectation(server, "CWWKS1706E.+" + string));
        return unauthorizedResponseExpectations;
    }

    @Test
    @AllowedFFDC({"org.jose4j.jwt.consumer.InvalidJwtException"})
    public void test_idTokenMissingSub() throws Exception {
        Expectations testExpectations_rp_id_token_sub = getTestExpectations_rp_id_token_sub(registerClientAndUpdateSystemProperties(getOpConfigurationForConformanceTest("rp-id_token-sub"), clientId));
        validationUtils.validateResult(actions.invokeUrl(this.testName.getMethodName(), protectedUrl), testExpectations_rp_id_token_sub);
    }

    protected Expectations getTestExpectations_rp_id_token_sub(JsonObject jsonObject) {
        String string = jsonObject.getString(Constants.RP_KEY_CLIENT_ID);
        Expectations unauthorizedResponseExpectations = getUnauthorizedResponseExpectations();
        unauthorizedResponseExpectations.addExpectation(new ServerMessageExpectation(server, "CWWKS1706E.+" + string + ".+No Subject.+claim"));
        return unauthorizedResponseExpectations;
    }

    @Test
    public void test_idTokenInvalidAud() throws Exception {
        Expectations testExpectations_rp_id_token_aud = getTestExpectations_rp_id_token_aud(registerClientAndUpdateSystemProperties(getOpConfigurationForConformanceTest("rp-id_token-aud"), clientId));
        validationUtils.validateResult(actions.invokeUrl(this.testName.getMethodName(), protectedUrl), testExpectations_rp_id_token_aud);
    }

    protected Expectations getTestExpectations_rp_id_token_aud(JsonObject jsonObject) {
        String string = jsonObject.getString(Constants.RP_KEY_CLIENT_ID);
        Expectations unauthorizedResponseExpectations = getUnauthorizedResponseExpectations();
        unauthorizedResponseExpectations.addExpectation(new ServerMessageExpectation(server, "CWWKS1706E.+" + string + ".+" + MessageConstants.CWWKS1754E_OIDC_IDTOKEN_VERIFY_AUD_ERR));
        return unauthorizedResponseExpectations;
    }

    @Test
    public void test_idTokenMissingIat() throws Exception {
        Expectations testExpectations_rp_id_token_iat = getTestExpectations_rp_id_token_iat(registerClientAndUpdateSystemProperties(getOpConfigurationForConformanceTest("rp-id_token-iat"), clientId));
        validationUtils.validateResult(actions.invokeUrl(this.testName.getMethodName(), protectedUrl), testExpectations_rp_id_token_iat);
    }

    protected Expectations getTestExpectations_rp_id_token_iat(JsonObject jsonObject) {
        String string = jsonObject.getString(Constants.RP_KEY_CLIENT_ID);
        Expectations unauthorizedResponseExpectations = getUnauthorizedResponseExpectations();
        unauthorizedResponseExpectations.addExpectation(new ServerMessageExpectation(server, "CWWKS1775E.+" + string));
        unauthorizedResponseExpectations.addExpectation(new ServerMessageExpectation(server, "CWWKS1706E.+" + string));
        return unauthorizedResponseExpectations;
    }

    @Test
    public void test_idTokenMissingKid_oneJwkReturnedFromJwksUri() throws Exception {
        registerClientAndUpdateSystemProperties(getOpConfigurationForConformanceTest("rp-id_token-kid-absent-single-jwks"), clientId);
        Page invokeUrl = actions.invokeUrl(this.testName.getMethodName(), protectedUrl);
        String extractAssignedUserNameFromResponse = extractAssignedUserNameFromResponse(invokeUrl);
        Log.info(thisClass, this._testName, "Extracted remote user: [" + extractAssignedUserNameFromResponse + "]");
        validationUtils.validateResult(invokeUrl, getTestExpectations_rp_id_token_kid_absent_single_jwks("rp-id_token-kid-absent-single-jwks", extractAssignedUserNameFromResponse));
    }

    protected Expectations getTestExpectations_rp_id_token_kid_absent_single_jwks(String str, String str2) {
        return getSuccessfulConformanceTestExpectations(str, str2, UserInfo.DISABLED);
    }

    @Test
    public void test_idTokenMissingKid_multipleJwksReturnedFromJwksUri() throws Exception {
        Expectations testExpectations_rp_id_token_kid_absent_multiple_jwks = getTestExpectations_rp_id_token_kid_absent_multiple_jwks(registerClientAndUpdateSystemProperties(getOpConfigurationForConformanceTest("rp-id_token-kid-absent-multiple-jwks"), clientId));
        validationUtils.validateResult(actions.invokeUrl(this.testName.getMethodName(), protectedUrl), testExpectations_rp_id_token_kid_absent_multiple_jwks);
    }

    protected Expectations getTestExpectations_rp_id_token_kid_absent_multiple_jwks(JsonObject jsonObject) {
        String string = jsonObject.getString(Constants.RP_KEY_CLIENT_ID);
        Expectations unauthorizedResponseExpectations = getUnauthorizedResponseExpectations();
        unauthorizedResponseExpectations.addExpectation(new ServerMessageExpectation(server, MessageConstants.CWWKS1739E_OIDC_CLIENT_NO_VERIFYING_KEY));
        unauthorizedResponseExpectations.addExpectation(new ServerMessageExpectation(server, "CWWKS1706E.+" + string));
        return unauthorizedResponseExpectations;
    }

    @Test
    public void test_idTokenValidSignature_rs256() throws Exception {
        registerClientAndUpdateSystemProperties(getOpConfigurationForConformanceTest("rp-id_token-sig-rs256"), clientId);
        Page invokeUrl = actions.invokeUrl(this.testName.getMethodName(), protectedUrl);
        String extractAssignedUserNameFromResponse = extractAssignedUserNameFromResponse(invokeUrl);
        Log.info(thisClass, this._testName, "Extracted remote user: [" + extractAssignedUserNameFromResponse + "]");
        validationUtils.validateResult(invokeUrl, getTestExpectations_rp_id_token_sig_rs256("rp-id_token-sig-rs256", extractAssignedUserNameFromResponse));
    }

    protected Expectations getTestExpectations_rp_id_token_sig_rs256(String str, String str2) {
        return getSuccessfulConformanceTestExpectations(str, str2, UserInfo.DISABLED);
    }

    @Test
    public void test_idTokenNoSignature() throws Exception {
        registerClientAndUpdateSystemProperties(getOpConfigurationForConformanceTest("rp-id_token-sig-none"), clientId);
        HashMap hashMap = new HashMap();
        hashMap.put(Constants.CONFIG_VAR_SIGNATURE_ALGORITHM, "none");
        setServerConfigurationVariables(hashMap);
        Page invokeUrl = actions.invokeUrl(this.testName.getMethodName(), protectedUrl);
        String extractAssignedUserNameFromResponse = extractAssignedUserNameFromResponse(invokeUrl);
        Log.info(thisClass, this._testName, "Extracted remote user: [" + extractAssignedUserNameFromResponse + "]");
        validationUtils.validateResult(invokeUrl, getTestExpectations_rp_id_token_sig_none("rp-id_token-sig-none", extractAssignedUserNameFromResponse));
    }

    protected Expectations getTestExpectations_rp_id_token_sig_none(String str, String str2) {
        return getSuccessfulConformanceTestExpectations(str, str2, UserInfo.DISABLED);
    }

    @Test
    public void test_idTokenInvalidSignature_rs256() throws Exception {
        Expectations testExpectations_rp_id_token_bad_sig_rs256 = getTestExpectations_rp_id_token_bad_sig_rs256(registerClientAndUpdateSystemProperties(getOpConfigurationForConformanceTest("rp-id_token-bad-sig-rs256"), clientId));
        validationUtils.validateResult(actions.invokeUrl(this.testName.getMethodName(), protectedUrl), testExpectations_rp_id_token_bad_sig_rs256);
    }

    protected Expectations getTestExpectations_rp_id_token_bad_sig_rs256(JsonObject jsonObject) {
        String string = jsonObject.getString(Constants.RP_KEY_CLIENT_ID);
        Expectations unauthorizedResponseExpectations = getUnauthorizedResponseExpectations();
        unauthorizedResponseExpectations.addExpectation(new ServerMessageExpectation(server, "CWWKS1756E.+" + string));
        unauthorizedResponseExpectations.addExpectation(new ServerMessageExpectation(server, "CWWKS1706E.+" + string));
        return unauthorizedResponseExpectations;
    }

    @Test
    public void test_idTokenInvalidNonce() throws Exception {
        Expectations testExpectations_rp_nonce_invalid = getTestExpectations_rp_nonce_invalid(registerClientAndUpdateSystemProperties(getOpConfigurationForConformanceTest("rp-nonce-invalid"), clientId));
        validationUtils.validateResult(actions.invokeUrl(this.testName.getMethodName(), protectedUrl), testExpectations_rp_nonce_invalid);
    }

    protected Expectations getTestExpectations_rp_nonce_invalid(JsonObject jsonObject) {
        String string = jsonObject.getString(Constants.RP_KEY_CLIENT_ID);
        Expectations unauthorizedResponseExpectations = getUnauthorizedResponseExpectations();
        unauthorizedResponseExpectations.addExpectation(new ServerMessageExpectation(server, "CWWKS1714E.+" + string));
        return unauthorizedResponseExpectations;
    }

    @Test
    public void test_tokenEndpoint_clientSecretBasic() throws Exception {
        registerClientAndUpdateSystemProperties(getOpConfigurationForConformanceTest("rp-token_endpoint-client_secret_basic"), clientId);
        setServerConfigurationVariables(getUpdatedConfigVariables_rp_token_endpoint_client_secret_basic());
        Page invokeUrl = actions.invokeUrl(this.testName.getMethodName(), protectedUrl);
        String extractAssignedUserNameFromResponse = extractAssignedUserNameFromResponse(invokeUrl);
        Log.info(thisClass, this._testName, "Extracted remote user: [" + extractAssignedUserNameFromResponse + "]");
        validationUtils.validateResult(invokeUrl, getTestExpectations_rp_token_endpoint_client_secret_basic("rp-token_endpoint-client_secret_basic", extractAssignedUserNameFromResponse));
    }

    protected Map<String, String> getUpdatedConfigVariables_rp_token_endpoint_client_secret_basic() {
        HashMap hashMap = new HashMap();
        hashMap.put(Constants.CONFIG_VAR_TOKEN_ENDPOINT_AUTH_METHOD, "client_secret_basic");
        return hashMap;
    }

    protected Expectations getTestExpectations_rp_token_endpoint_client_secret_basic(String str, String str2) {
        return getSuccessfulConformanceTestExpectations(str, str2, UserInfo.DISABLED);
    }

    @Test
    public void test_userInfoEndpoint_includeBearerToken_header() throws Exception {
        registerClientAndUpdateSystemProperties(getOpConfigurationForConformanceTest("rp-userinfo-bearer-header"), clientId);
        setServerConfigurationVariables(getUpdatedConfigVariables_rp_userinfo_bearer_header());
        Page invokeUrl = actions.invokeUrl(this.testName.getMethodName(), protectedUrl);
        String extractAssignedUserNameFromResponse = extractAssignedUserNameFromResponse(invokeUrl);
        Log.info(thisClass, this._testName, "Extracted remote user: [" + extractAssignedUserNameFromResponse + "]");
        validationUtils.validateResult(invokeUrl, getTestExpectations_rp_userinfo_bearer_header("rp-userinfo-bearer-header", extractAssignedUserNameFromResponse));
    }

    protected Map<String, String> getUpdatedConfigVariables_rp_userinfo_bearer_header() {
        HashMap hashMap = new HashMap();
        hashMap.put(Constants.CONFIG_VAR_USER_INFO_ENDPOINT_ENABLED, "true");
        return hashMap;
    }

    protected Expectations getTestExpectations_rp_userinfo_bearer_header(String str, String str2) {
        Expectations successfulConformanceTestExpectations = getSuccessfulConformanceTestExpectations(str, str2, UserInfo.ENABLED);
        successfulConformanceTestExpectations.addExpectation(new UserInfoJsonExpectation("sub", (Constants.CheckType) Constants.StringCheckType.EQUALS, (Object) str2));
        successfulConformanceTestExpectations.addExpectation(new UserInfoJsonExpectation("name", (Constants.CheckType) Constants.JsonCheckType.KEY_DOES_NOT_EXIST, (Object) null));
        successfulConformanceTestExpectations.addExpectation(new UserInfoJsonExpectation("address", (Constants.CheckType) Constants.JsonCheckType.KEY_DOES_NOT_EXIST, (Object) null));
        successfulConformanceTestExpectations.addExpectation(new UserInfoJsonExpectation("email", (Constants.CheckType) Constants.JsonCheckType.KEY_DOES_NOT_EXIST, (Object) null));
        successfulConformanceTestExpectations.addExpectation(new UserInfoJsonExpectation("phone_number", (Constants.CheckType) Constants.JsonCheckType.KEY_DOES_NOT_EXIST, (Object) null));
        return successfulConformanceTestExpectations;
    }

    @Test
    public void test_userInfoEndpoint_invalidSub() throws Exception {
        registerClientAndUpdateSystemProperties(getOpConfigurationForConformanceTest("rp-userinfo-bad-sub-claim"), clientId);
        setServerConfigurationVariables(getUpdatedConfigVariables_rp_userinfo_bad_sub_claim());
        Page invokeUrl = actions.invokeUrl(this.testName.getMethodName(), protectedUrl);
        String extractAssignedUserNameFromResponse = extractAssignedUserNameFromResponse(invokeUrl);
        Log.info(thisClass, this._testName, "Extracted remote user: [" + extractAssignedUserNameFromResponse + "]");
        validationUtils.validateResult(invokeUrl, getTestExpectations_rp_userinfo_bad_sub_claim("rp-userinfo-bad-sub-claim", extractAssignedUserNameFromResponse));
    }

    protected Map<String, String> getUpdatedConfigVariables_rp_userinfo_bad_sub_claim() {
        HashMap hashMap = new HashMap();
        hashMap.put(Constants.CONFIG_VAR_USER_INFO_ENDPOINT_ENABLED, "true");
        return hashMap;
    }

    protected Expectations getTestExpectations_rp_userinfo_bad_sub_claim(String str, String str2) {
        Expectations successfulConformanceTestExpectations = getSuccessfulConformanceTestExpectations(str, str2, UserInfo.DISABLED);
        successfulConformanceTestExpectations.addExpectation(new ServerMessageExpectation(server, MessageConstants.CWWKS1749E_USERINFO_INVALID));
        return successfulConformanceTestExpectations;
    }

    @Test
    public void test_userInfoEndpoint_useScopeValuesToRequestClaims() throws Exception {
        JsonObject opConfigurationForConformanceTest = getOpConfigurationForConformanceTest("rp-scope-userinfo-claims");
        registerClientAndUpdateSystemProperties(opConfigurationForConformanceTest, clientId);
        setServerConfigurationVariables(getUpdatedConfigVariables_rp_scope_userinfo_claims(createScopeStringBasedOnOpSupportedScopes(opConfigurationForConformanceTest)));
        Page invokeUrl = actions.invokeUrl(this.testName.getMethodName(), protectedUrl);
        String extractAssignedUserNameFromResponse = extractAssignedUserNameFromResponse(invokeUrl);
        Log.info(thisClass, this._testName, "Extracted remote user: [" + extractAssignedUserNameFromResponse + "]");
        validationUtils.validateResult(invokeUrl, getTestExpectations_rp_scope_userinfo_claims("rp-scope-userinfo-claims", extractAssignedUserNameFromResponse));
    }

    protected Map<String, String> getUpdatedConfigVariables_rp_scope_userinfo_claims(String str) {
        HashMap hashMap = new HashMap();
        hashMap.put(Constants.CONFIG_VAR_USER_INFO_ENDPOINT_ENABLED, "true");
        hashMap.put(Constants.CONFIG_VAR_SCOPE, str.trim());
        return hashMap;
    }

    protected Expectations getTestExpectations_rp_scope_userinfo_claims(String str, String str2) {
        Expectations successfulConformanceTestExpectations = getSuccessfulConformanceTestExpectations(str, str2, UserInfo.ENABLED);
        successfulConformanceTestExpectations.addExpectation(new UserInfoJsonExpectation("sub", (Constants.CheckType) Constants.StringCheckType.EQUALS, (Object) str2));
        successfulConformanceTestExpectations.addExpectation(new UserInfoJsonExpectation("name"));
        successfulConformanceTestExpectations.addExpectation(new UserInfoJsonExpectation("address", JsonValue.ValueType.OBJECT));
        successfulConformanceTestExpectations.addExpectation(new UserInfoJsonExpectation("email"));
        successfulConformanceTestExpectations.addExpectation(new UserInfoJsonExpectation("phone_number"));
        return successfulConformanceTestExpectations;
    }

    protected abstract String getRedirectUriForClient(String str);

    protected JsonObject getOpConfigurationForConformanceTest(String str) throws Exception {
        try {
            JsonObject readObject = Json.createReader(new StringReader(WebResponseUtils.getResponseText(actions.invokeUrl("getOpConfigurationForConformanceTest", certificationBaseUrl + "/" + str + "/.well-known/openid-configuration")))).readObject();
            Log.info(thisClass, "getOpConfigurationForConformanceTest", "Received OP config for test [" + str + "]: " + readObject);
            return readObject;
        } catch (Exception e) {
            throw new Exception("Failed to obtain OP configuration for test [" + str + "]. Exception was: " + e);
        }
    }

    protected JsonObject registerClientAndUpdateSystemProperties(JsonObject jsonObject, String str) throws Exception {
        try {
            JsonObject parseClientConfigFromResponse = parseClientConfigFromResponse(submitAndValidateRegistrationRequest(str, jsonObject.getString(Constants.OP_KEY_REGISTRATION_ENDPOINT)));
            setServerConfigurationVariables(parseClientConfigFromResponse, jsonObject);
            return parseClientConfigFromResponse;
        } catch (Exception e) {
            throw new Exception("An error occurred attempting to register the client. Exception was: " + e);
        }
    }

    protected Page submitAndValidateRegistrationRequest(String str, String str2) throws Exception {
        WebRequest createClientRegistrationRequest = createClientRegistrationRequest(str, str2);
        Expectations expectations = new Expectations();
        expectations.addExpectation(new ResponseStatusExpectation(201));
        Page submitRequest = actions.submitRequest("submitAndValidateRegistrationRequest", createClientRegistrationRequest);
        validationUtils.validateResult(submitRequest, expectations);
        return submitRequest;
    }

    protected WebRequest createClientRegistrationRequest(String str, String str2) throws MalformedURLException {
        WebRequest createPostRequest = actions.createPostRequest(str2, buildClientRegistrationRequestBody(str).toString());
        createPostRequest.setAdditionalHeader("Content-Type", "application/json");
        return createPostRequest;
    }

    protected JsonObject buildClientRegistrationRequestBody(String str) {
        JsonObjectBuilder createObjectBuilder = Json.createObjectBuilder();
        JsonArrayBuilder createArrayBuilder = Json.createArrayBuilder();
        createArrayBuilder.add(getRedirectUriForClient(str));
        createObjectBuilder.add(Constants.CLIENT_REGISTRATION_KEY_REDIRECT_URIS, createArrayBuilder.build());
        createObjectBuilder.add(Constants.CLIENT_REGISTRATION_KEY_CONTACTS, "oidc_certification_contact@us.ibm.com");
        if (!this._testName.contains("clientSecretBasic")) {
            createObjectBuilder.add(Constants.CLIENT_REGISTRATION_KEY_TOKEN_ENDPOINT_AUTH_METHOD, "client_secret_post");
        }
        return createObjectBuilder.build();
    }

    protected JsonObject parseClientConfigFromResponse(Page page) throws Exception {
        return Json.createReader(new StringReader(WebResponseUtils.getResponseText(page))).readObject();
    }

    protected void setServerConfigurationVariables(JsonObject jsonObject, JsonObject jsonObject2) throws Exception {
        setServerConfigurationVariables(getDefaultServerVariables(jsonObject, jsonObject2));
    }

    protected Map<String, String> getDefaultServerVariables(JsonObject jsonObject, JsonObject jsonObject2) {
        HashMap hashMap = new HashMap();
        hashMap.put(Constants.CONFIG_VAR_CLIENT_ID, jsonObject.getString(Constants.RP_KEY_CLIENT_ID));
        hashMap.put(Constants.CONFIG_VAR_CLIENT_SECRET, jsonObject.getString(Constants.RP_KEY_CLIENT_SECRET));
        hashMap.put(Constants.CONFIG_VAR_SCOPE, "openid");
        hashMap.put(Constants.CONFIG_VAR_AUTHORIZATION_ENDPOINT, jsonObject2.getString(Constants.OP_KEY_AUTHORIZATION_ENDPOINT));
        hashMap.put(Constants.CONFIG_VAR_TOKEN_ENDPOINT, jsonObject2.getString(Constants.OP_KEY_TOKEN_ENDPOINT));
        hashMap.put(Constants.CONFIG_VAR_USER_INFO_ENDPOINT, jsonObject2.getString(Constants.OP_KEY_USER_INFO_ENDPOINT));
        hashMap.put(Constants.CONFIG_VAR_JWKS_URI, jsonObject2.getString(Constants.OP_KEY_JWKS_URI));
        hashMap.put(Constants.CONFIG_VAR_SIGNATURE_ALGORITHM, "RS256");
        hashMap.put(Constants.CONFIG_VAR_TOKEN_ENDPOINT_AUTH_METHOD, defaultTokenEndpointAuthMethod);
        hashMap.put(Constants.CONFIG_VAR_USER_INFO_ENDPOINT_ENABLED, "false");
        return hashMap;
    }

    protected void setServerConfigurationVariables(Map<String, String> map) throws Exception {
        server.setMarkToEndOfLog(new RemoteFile[0]);
        ServerConfiguration serverConfiguration = server.getServerConfiguration();
        ConfigElementList<Variable> variables = serverConfiguration.getVariables();
        for (Map.Entry<String, String> entry : map.entrySet()) {
            addOrUpdateConfigVariable(variables, entry.getKey(), entry.getValue());
        }
        server.updateServerConfiguration(serverConfiguration);
        server.waitForConfigUpdateInLogUsingMark(server.listAllInstalledAppsForValidation(), new String[0]);
    }

    protected void addOrUpdateConfigVariable(ConfigElementList<Variable> configElementList, String str, String str2) {
        Variable by = configElementList.getBy("name", str);
        if (by == null) {
            configElementList.add(new Variable(str, str2));
        } else {
            by.setValue(str2);
        }
    }

    protected Expectations getUnauthorizedResponseExpectations() {
        Expectations expectations = new Expectations();
        expectations.addExpectation(new ResponseStatusExpectation(401));
        expectations.addExpectation(new ResponseUrlExpectation("equals", protectedUrl, "Did not reach the expected protected URL."));
        return expectations;
    }

    protected Expectations getSuccessfulConformanceTestExpectations(String str, String str2, UserInfo userInfo) {
        Expectations successfulAccessExpectations = getSuccessfulAccessExpectations(protectedUrl);
        successfulAccessExpectations.addExpectations(getResponseServletContentExpectations(str, str2, userInfo));
        return successfulAccessExpectations;
    }

    protected Expectations getSuccessfulAccessExpectations(String str) {
        Expectations expectations = new Expectations();
        expectations.addExpectation(new ResponseStatusExpectation(200));
        expectations.addExpectation(new ResponseUrlExpectation("equals", str, "Did not reach the expected protected URL."));
        return expectations;
    }

    protected Expectations getResponseServletContentExpectations(String str, String str2, UserInfo userInfo) {
        Expectations expectations = new Expectations();
        expectations.addExpectations(getServletOutputPublicCredentialExpectations(str, str2));
        expectations.addExpectations(getServletOutputUserInfoPresenceExpectations(userInfo));
        return expectations;
    }

    protected Expectations getServletOutputPublicCredentialExpectations(String str, String str2) {
        String expectedRealm = getExpectedRealm(str);
        Expectations expectations = new Expectations();
        expectations.addExpectation(new ResponseFullExpectation("contains", "uniqueSecurityName=" + str2, "Did not find the expected unique security name in the servlet output."));
        expectations.addExpectation(new ResponseFullExpectation("contains", "accessId=user:" + expectedRealm + "/" + str2, "Did not find the expected access ID in the servlet output."));
        expectations.addExpectation(new ResponseFullExpectation("contains", "realmName=" + expectedRealm, "Did not find the expected realm name in the servlet output."));
        return expectations;
    }

    protected String getExpectedRealm(String str) {
        return "https://rp.certification.openid.net:8080/" + rpId + "/" + str;
    }

    protected Expectations getServletOutputUserInfoPresenceExpectations(UserInfo userInfo) {
        Expectations expectations = new Expectations();
        if (userInfo == UserInfo.ENABLED) {
            expectations.addExpectation(new UserInfoJsonExpectation("sub"));
        } else {
            expectations.addExpectation(new ResponseFullExpectation("contains", "UserInfo: string: null", "UserInfo string in the subject's private credentials should have been null because the UserInfo endpoint is not enabled."));
        }
        return expectations;
    }

    protected String extractAssignedUserNameFromResponse(Page page) throws Exception {
        return FatStringUtils.extractRegexGroup(WebResponseUtils.getResponseText(page), "getRemoteUser: (.+)");
    }

    protected String createScopeStringBasedOnOpSupportedScopes(JsonObject jsonObject) {
        String str = "";
        JsonArray jsonArray = jsonObject.getJsonArray(Constants.OP_KEY_SCOPES_SUPPORTED);
        for (int i = 0; i < jsonArray.size(); i++) {
            String string = jsonArray.getString(i);
            if (!string.equals("offline_access")) {
                str = str + string + " ";
            }
        }
        return str;
    }
}
