package io.quarkus.test.security.oidc;

import io.quarkus.arc.Unremovable;
import io.quarkus.oidc.AccessTokenCredential;
import io.quarkus.oidc.IdTokenCredential;
import io.quarkus.oidc.OidcConfigurationMetadata;
import io.quarkus.oidc.RefreshToken;
import io.quarkus.oidc.runtime.OidcJwtCallerPrincipal;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.security.runtime.QuarkusSecurityIdentity;
import io.quarkus.test.security.TestSecurityIdentityAugmentor;
import io.smallrye.jwt.build.Jwt;
import io.smallrye.jwt.util.KeyUtils;
import io.vertx.core.json.JsonObject;
import jakarta.annotation.PostConstruct;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.enterprise.inject.Produces;
import jakarta.inject.Inject;
import jakarta.json.Json;
import jakarta.json.JsonObjectBuilder;
import java.lang.annotation.Annotation;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.util.Optional;
import java.util.UUID;
import java.util.stream.Collectors;
import org.eclipse.microprofile.config.inject.ConfigProperty;
import org.eclipse.microprofile.jwt.Claims;
import org.jose4j.jwt.JwtClaims;

@ApplicationScoped
/* loaded from: input_file:io/quarkus/test/security/oidc/OidcTestSecurityIdentityAugmentorProducer.class */
public class OidcTestSecurityIdentityAugmentorProducer {

    @Inject
    @ConfigProperty(name = "quarkus.oidc.token.issuer")
    Optional<String> issuer;
    PrivateKey privateKey;

    /* loaded from: input_file:io/quarkus/test/security/oidc/OidcTestSecurityIdentityAugmentorProducer$OidcTestSecurityIdentityAugmentor.class */
    private class OidcTestSecurityIdentityAugmentor implements TestSecurityIdentityAugmentor {
        private OidcTestSecurityIdentityAugmentor() {
        }

        public SecurityIdentity augment(SecurityIdentity securityIdentity, Annotation[] annotationArr) {
            QuarkusSecurityIdentity.Builder builder = QuarkusSecurityIdentity.builder(securityIdentity);
            OidcSecurity findOidcSecurity = findOidcSecurity(annotationArr);
            if (findOidcSecurity != null && findOidcSecurity.introspectionRequired()) {
                JsonObjectBuilder createObjectBuilder = Json.createObjectBuilder();
                createObjectBuilder.add("active", true);
                createObjectBuilder.add("username", securityIdentity.getPrincipal().getName());
                createObjectBuilder.add("scope", (String) securityIdentity.getRoles().stream().collect(Collectors.joining(" ")));
                if (findOidcSecurity != null && findOidcSecurity.introspection() != null) {
                    for (TokenIntrospection tokenIntrospection : findOidcSecurity.introspection()) {
                        createObjectBuilder.add(tokenIntrospection.key(), tokenIntrospection.value());
                    }
                }
                builder.addAttribute("introspection", new io.quarkus.oidc.TokenIntrospection(createObjectBuilder.build()));
                builder.addCredential(new AccessTokenCredential(UUID.randomUUID().toString(), (RefreshToken) null));
            } else {
                JwtClaims jwtClaims = new JwtClaims();
                jwtClaims.setClaim(Claims.preferred_username.name(), securityIdentity.getPrincipal().getName());
                jwtClaims.setClaim(Claims.groups.name(), securityIdentity.getRoles().stream().collect(Collectors.toList()));
                if (findOidcSecurity != null && findOidcSecurity.claims() != null) {
                    for (Claim claim : findOidcSecurity.claims()) {
                        jwtClaims.setClaim(claim.key(), claim.value());
                    }
                }
                String generateToken = generateToken(jwtClaims);
                IdTokenCredential idTokenCredential = new IdTokenCredential(generateToken);
                AccessTokenCredential accessTokenCredential = new AccessTokenCredential(generateToken);
                builder.setPrincipal(new OidcJwtCallerPrincipal(jwtClaims, idTokenCredential));
                builder.addCredential(idTokenCredential);
                builder.addCredential(accessTokenCredential);
            }
            if (findOidcSecurity != null && findOidcSecurity.userinfo() != null) {
                JsonObjectBuilder createObjectBuilder2 = Json.createObjectBuilder();
                for (UserInfo userInfo : findOidcSecurity.userinfo()) {
                    createObjectBuilder2.add(userInfo.key(), userInfo.value());
                }
                builder.addAttribute("userinfo", new io.quarkus.oidc.UserInfo(createObjectBuilder2.build()));
            }
            JsonObject jsonObject = new JsonObject();
            if (OidcTestSecurityIdentityAugmentorProducer.this.issuer.isPresent()) {
                jsonObject.put("issuer", OidcTestSecurityIdentityAugmentorProducer.this.issuer.get());
            }
            if (findOidcSecurity != null && findOidcSecurity.config() != null) {
                for (ConfigMetadata configMetadata : findOidcSecurity.config()) {
                    jsonObject.put(configMetadata.key(), configMetadata.value());
                }
            }
            builder.addAttribute("configuration-metadata", new OidcConfigurationMetadata(jsonObject));
            return builder.build();
        }

        private String generateToken(JwtClaims jwtClaims) {
            try {
                return Jwt.claims(jwtClaims.getClaimsMap()).sign(OidcTestSecurityIdentityAugmentorProducer.this.privateKey);
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }

        private OidcSecurity findOidcSecurity(Annotation[] annotationArr) {
            for (Annotation annotation : annotationArr) {
                if (annotation instanceof OidcSecurity) {
                    return (OidcSecurity) annotation;
                }
            }
            return null;
        }
    }

    @PostConstruct
    public void init() {
        try {
            this.privateKey = KeyUtils.generateKeyPair(2048).getPrivate();
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    @Unremovable
    @Produces
    public TestSecurityIdentityAugmentor produce() {
        return new OidcTestSecurityIdentityAugmentor();
    }
}
