package io.quarkus.test.keycloak.client;

import io.quarkus.runtime.configuration.ConfigurationException;
import io.quarkus.test.common.DevServicesContext;
import io.restassured.RestAssured;
import io.restassured.specification.RequestSpecification;
import java.io.IOException;
import java.io.InputStream;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.nio.file.Path;
import java.util.List;
import org.eclipse.microprofile.config.ConfigProvider;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.util.JsonSerialization;

/* loaded from: input_file:io/quarkus/test/keycloak/client/KeycloakTestClient.class */
public class KeycloakTestClient implements DevServicesContext.ContextAware {
    private static final String CLIENT_AUTH_SERVER_URL_PROP = "client.quarkus.oidc.auth-server-url";
    private static final String AUTH_SERVER_URL_PROP = "quarkus.oidc.auth-server-url";
    private static final String CLIENT_ID_PROP = "quarkus.oidc.client-id";
    private static final String CLIENT_SECRET_PROP = "quarkus.oidc.credentials.secret";
    private DevServicesContext testContext;
    private final String authServerUrl;
    private final Tls tls;

    /* loaded from: input_file:io/quarkus/test/keycloak/client/KeycloakTestClient$Tls.class */
    public static final class Tls extends Record {
        private final String keystore;
        private final String keystorePassword;
        private final String truststore;
        private final String truststorePassword;

        public Tls() {
            this("client-keystore.p12", "password", "client-truststore.p12", "password");
        }

        public Tls(String str, String str2, String str3, String str4) {
            this.keystore = str;
            this.keystorePassword = str2;
            this.truststore = str3;
            this.truststorePassword = str4;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, Tls.class), Tls.class, "keystore;keystorePassword;truststore;truststorePassword", "FIELD:Lio/quarkus/test/keycloak/client/KeycloakTestClient$Tls;->keystore:Ljava/lang/String;", "FIELD:Lio/quarkus/test/keycloak/client/KeycloakTestClient$Tls;->keystorePassword:Ljava/lang/String;", "FIELD:Lio/quarkus/test/keycloak/client/KeycloakTestClient$Tls;->truststore:Ljava/lang/String;", "FIELD:Lio/quarkus/test/keycloak/client/KeycloakTestClient$Tls;->truststorePassword:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, Tls.class), Tls.class, "keystore;keystorePassword;truststore;truststorePassword", "FIELD:Lio/quarkus/test/keycloak/client/KeycloakTestClient$Tls;->keystore:Ljava/lang/String;", "FIELD:Lio/quarkus/test/keycloak/client/KeycloakTestClient$Tls;->keystorePassword:Ljava/lang/String;", "FIELD:Lio/quarkus/test/keycloak/client/KeycloakTestClient$Tls;->truststore:Ljava/lang/String;", "FIELD:Lio/quarkus/test/keycloak/client/KeycloakTestClient$Tls;->truststorePassword:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, Tls.class, Object.class), Tls.class, "keystore;keystorePassword;truststore;truststorePassword", "FIELD:Lio/quarkus/test/keycloak/client/KeycloakTestClient$Tls;->keystore:Ljava/lang/String;", "FIELD:Lio/quarkus/test/keycloak/client/KeycloakTestClient$Tls;->keystorePassword:Ljava/lang/String;", "FIELD:Lio/quarkus/test/keycloak/client/KeycloakTestClient$Tls;->truststore:Ljava/lang/String;", "FIELD:Lio/quarkus/test/keycloak/client/KeycloakTestClient$Tls;->truststorePassword:Ljava/lang/String;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public String keystore() {
            return this.keystore;
        }

        public String keystorePassword() {
            return this.keystorePassword;
        }

        public String truststore() {
            return this.truststore;
        }

        public String truststorePassword() {
            return this.truststorePassword;
        }
    }

    public KeycloakTestClient() {
        this(null, null);
    }

    public KeycloakTestClient(Tls tls) {
        this(null, tls);
    }

    public KeycloakTestClient(String str) {
        this(str, null);
    }

    public KeycloakTestClient(String str, Tls tls) {
        this.authServerUrl = str;
        this.tls = tls;
    }

    public String getClientAccessToken() {
        return getClientAccessToken(getClientId());
    }

    public String getClientAccessToken(String str) {
        return getClientAccessToken(str, getClientSecret());
    }

    public String getClientAccessToken(String str, String str2) {
        return getClientAccessToken(str, str2, null);
    }

    public String getClientAccessToken(String str, String str2, List<String> list) {
        return getClientAccessTokenInternal(str, str2, list, getAuthServerUrl());
    }

    public String getRealmClientAccessToken(String str) {
        return getRealmClientAccessToken(str, getClientId());
    }

    public String getRealmClientAccessToken(String str, String str2) {
        return getRealmClientAccessToken(str, str2, getClientSecret());
    }

    public String getRealmClientAccessToken(String str, String str2, String str3) {
        return getRealmClientAccessToken(str, str2, str3, null);
    }

    public String getRealmClientAccessToken(String str, String str2, String str3, List<String> list) {
        return getClientAccessTokenInternal(str2, str3, list, getAuthServerBaseUrl() + "/realms/" + str);
    }

    public String getAccessToken(String str) {
        return getAccessToken(str, getClientId());
    }

    public String getAccessToken(String str, String str2) {
        return getAccessToken(str, str, str2);
    }

    public String getAccessToken(String str, String str2, String str3) {
        return getAccessToken(str, str2, str3, getClientSecret());
    }

    public String getAccessToken(String str, String str2, String str3, String str4) {
        return getAccessToken(str, str2, str3, str4, null);
    }

    public String getAccessToken(String str, String str2, String str3, String str4, List<String> list) {
        return getAccessTokenInternal(str, str2, str3, str4, list, getAuthServerUrl());
    }

    public String getRefreshToken(String str) {
        return getRefreshToken(str, getClientId());
    }

    public String getRefreshToken(String str, String str2) {
        return getRefreshToken(str, str, str2);
    }

    public String getRefreshToken(String str, String str2, String str3) {
        return getRefreshToken(str, str2, str3, getClientSecret());
    }

    public String getRefreshToken(String str, String str2, String str3, String str4) {
        return getRefreshToken(str, str2, str3, str4, null);
    }

    public String getRefreshToken(String str, String str2, String str3, String str4, List<String> list) {
        return getRefreshTokenInternal(str, str2, str3, str4, list, getAuthServerUrl());
    }

    public String getRealmAccessToken(String str, String str2) {
        return getRealmAccessToken(str, str2, getClientId());
    }

    public String getRealmAccessToken(String str, String str2, String str3) {
        return getRealmAccessToken(str, str2, str2, str3);
    }

    public String getRealmAccessToken(String str, String str2, String str3, String str4) {
        return getRealmAccessToken(str, str2, str3, str4, getClientSecret());
    }

    public String getRealmAccessToken(String str, String str2, String str3, String str4, String str5) {
        return getRealmAccessToken(str, str2, str3, str4, str5, null);
    }

    public String getRealmAccessToken(String str, String str2, String str3, String str4, String str5, List<String> list) {
        return getAccessTokenInternal(str2, str3, str4, str5, list, getAuthServerBaseUrl() + "/realms/" + str);
    }

    private String getAccessTokenInternal(String str, String str2, String str3, String str4, List<String> list, String str5) {
        return getAccessTokenResponse(str, str2, str3, str4, list, str5).getToken();
    }

    private String getRefreshTokenInternal(String str, String str2, String str3, String str4, List<String> list, String str5) {
        return getAccessTokenResponse(str, str2, str3, str4, list, str5).getRefreshToken();
    }

    private AccessTokenResponse getAccessTokenResponse(String str, String str2, String str3, String str4, List<String> list, String str5) {
        RequestSpecification param = getSpec().param("grant_type", new Object[]{"password"}).param("username", new Object[]{str}).param("password", new Object[]{str2}).param("client_id", new Object[]{str3});
        if (str4 != null && !str4.isBlank()) {
            param = param.param("client_secret", new Object[]{str4});
        }
        if (list != null && !list.isEmpty()) {
            param = param.param("scope", new Object[]{urlEncode(String.join(" ", list))});
        }
        return (AccessTokenResponse) param.when().post(str5 + "/protocol/openid-connect/token", new Object[0]).as(AccessTokenResponse.class);
    }

    private String getClientAccessTokenInternal(String str, String str2, List<String> list, String str3) {
        RequestSpecification param = getSpec().param("grant_type", new Object[]{"client_credentials"}).param("client_id", new Object[]{str});
        if (str2 != null && !str2.isBlank()) {
            param = param.param("client_secret", new Object[]{str2});
        }
        if (list != null && !list.isEmpty()) {
            param = param.param("scope", new Object[]{urlEncode(String.join(" ", list))});
        }
        return ((AccessTokenResponse) param.when().post(str3 + "/protocol/openid-connect/token", new Object[0]).as(AccessTokenResponse.class)).getToken();
    }

    private String getClientId() {
        return getPropertyValue(CLIENT_ID_PROP, "quarkus-app");
    }

    private String getClientSecret() {
        return getPropertyValue(CLIENT_SECRET_PROP, "secret");
    }

    public String getAdminAccessToken() {
        return getAccessTokenInternal("admin", "admin", "admin-cli", null, null, getAuthServerBaseUrl() + "/realms/master");
    }

    public String getAuthServerBaseUrl() {
        try {
            URI uri = new URI(getAuthServerUrl());
            return new URI(uri.getScheme(), uri.getUserInfo(), uri.getHost(), uri.getPort(), uri.getPath().startsWith("/auth") ? "/auth" : null, null, null).toString();
        } catch (URISyntaxException e) {
            throw new RuntimeException(e);
        }
    }

    public String getAuthServerUrl() {
        if (this.authServerUrl != null) {
            return this.authServerUrl;
        }
        String propertyValue = getPropertyValue(CLIENT_AUTH_SERVER_URL_PROP, null);
        if (propertyValue == null) {
            propertyValue = getPropertyValue(AUTH_SERVER_URL_PROP, null);
        }
        if (propertyValue == null) {
            throw new ConfigurationException(String.format("Unable to obtain the Auth Server URL as neither '%s' or '%s' is set", CLIENT_AUTH_SERVER_URL_PROP, AUTH_SERVER_URL_PROP));
        }
        return propertyValue;
    }

    public void createRealm(RealmRepresentation realmRepresentation) {
        try {
            getSpec().auth().oauth2(getAdminAccessToken()).contentType("application/json").body(JsonSerialization.writeValueAsBytes(realmRepresentation)).when().post(getAuthServerBaseUrl() + "/admin/realms", new Object[0]).then().statusCode(201);
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    public void deleteRealm(String str) {
        getSpec().auth().oauth2(getAdminAccessToken()).when().delete(getAuthServerBaseUrl() + "/admin/realms/" + str, new Object[0]).then().statusCode(204);
    }

    public void deleteRealm(RealmRepresentation realmRepresentation) {
        deleteRealm(realmRepresentation.getRealm());
    }

    public void createRealmFromPath(String str) {
        createRealm(readRealmFile(str));
    }

    public RealmRepresentation readRealmFile(String str) {
        try {
            return readRealmFile(Path.of(str, new String[0]).toUri().toURL(), str);
        } catch (MalformedURLException e) {
            throw new RuntimeException(e);
        }
    }

    public RealmRepresentation readRealmFile(URL url, String str) {
        try {
            InputStream openStream = url.openStream();
            try {
                RealmRepresentation realmRepresentation = (RealmRepresentation) JsonSerialization.readValue(openStream, RealmRepresentation.class);
                if (openStream != null) {
                    openStream.close();
                }
                return realmRepresentation;
            } finally {
            }
        } catch (IOException e) {
            throw new RuntimeException("Realm " + str + " resource can not be opened", e);
        }
    }

    private String getPropertyValue(String str, String str2) {
        return (String) ConfigProvider.getConfig().getOptionalValue(str, String.class).orElseGet(() -> {
            return getDevProperty(str, str2);
        });
    }

    private String getDevProperty(String str, String str2) {
        String str3 = this.testContext == null ? null : (String) this.testContext.devServicesProperties().get(str);
        return str3 == null ? str2 : str3;
    }

    public void setIntegrationTestContext(DevServicesContext devServicesContext) {
        this.testContext = devServicesContext;
    }

    private static String urlEncode(String str) {
        try {
            return URLEncoder.encode(str, StandardCharsets.UTF_8.name());
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private RequestSpecification getSpec() {
        RequestSpecification given = RestAssured.given();
        return this.tls != null ? given.keyStore(this.tls.keystore(), this.tls.keystorePassword()).trustStore(this.tls.truststore(), this.tls.truststorePassword()) : given.relaxedHTTPSValidation();
    }
}
