package io.quarkus.test.keycloak.server;

import io.quarkus.test.common.QuarkusTestResourceLifecycleManager;
import io.restassured.RestAssured;
import io.restassured.specification.RequestSpecification;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.RolesRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.util.JsonSerialization;

/* loaded from: input_file:io/quarkus/test/keycloak/server/KeycloakTestResourceLifecycleManager.class */
public class KeycloakTestResourceLifecycleManager implements QuarkusTestResourceLifecycleManager {
    private static KeycloakContainer keycloak;
    private static final String KEYCLOAK_REALM = System.getProperty("keycloak.realm", "quarkus");
    private static final String KEYCLOAK_SERVICE_CLIENT = System.getProperty("keycloak.service.client", "quarkus-service-app");
    private static final String KEYCLOAK_WEB_APP_CLIENT = System.getProperty("keycloak.web-app.client", "quarkus-web-app");
    private static final Boolean KEYCLOAK_USE_HTTPS = Boolean.valueOf(System.getProperty("keycloak.use.https", "true"));
    private static final String TOKEN_USER_ROLES = System.getProperty("keycloak.token.user-roles", "user");
    private static final String TOKEN_ADMIN_ROLES = System.getProperty("keycloak.token.admin-roles", "user,admin");

    public Map<String, String> start() {
        keycloak = new KeycloakContainer().withUseHttps(KEYCLOAK_USE_HTTPS.booleanValue());
        keycloak.start();
        postRealm(createRealm(KEYCLOAK_REALM));
        HashMap hashMap = new HashMap();
        hashMap.put("keycloak.url", keycloak.getServerUrl());
        hashMap.put("quarkus.oidc.auth-server-url", keycloak.getServerUrl() + "/realms/" + KEYCLOAK_REALM);
        return hashMap;
    }

    private static void postRealm(RealmRepresentation realmRepresentation) {
        try {
            createRequestSpec().auth().oauth2(getAdminAccessToken()).contentType("application/json").body(JsonSerialization.writeValueAsBytes(realmRepresentation)).when().post(keycloak.getServerUrl() + "/admin/realms", new Object[0]).then().statusCode(201);
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    private static RealmRepresentation createRealm(String str) {
        RealmRepresentation realmRepresentation = new RealmRepresentation();
        realmRepresentation.setRealm(str);
        realmRepresentation.setEnabled(true);
        realmRepresentation.setUsers(new ArrayList());
        realmRepresentation.setClients(new ArrayList());
        realmRepresentation.setAccessTokenLifespan(3);
        realmRepresentation.setSsoSessionMaxLifespan(3);
        RolesRepresentation rolesRepresentation = new RolesRepresentation();
        rolesRepresentation.setRealm(new ArrayList());
        realmRepresentation.setRoles(rolesRepresentation);
        realmRepresentation.getRoles().getRealm().add(new RoleRepresentation("user", (String) null, false));
        realmRepresentation.getRoles().getRealm().add(new RoleRepresentation("admin", (String) null, false));
        realmRepresentation.getRoles().getRealm().add(new RoleRepresentation("confidential", (String) null, false));
        realmRepresentation.getClients().add(createServiceClient(KEYCLOAK_SERVICE_CLIENT));
        realmRepresentation.getClients().add(createWebAppClient(KEYCLOAK_WEB_APP_CLIENT));
        realmRepresentation.getUsers().add(createUser("alice", getUserRoles()));
        realmRepresentation.getUsers().add(createUser("admin", getAdminRoles()));
        realmRepresentation.getUsers().add(createUser("jdoe", Arrays.asList("user", "confidential")));
        return realmRepresentation;
    }

    private static String getAdminAccessToken() {
        return ((AccessTokenResponse) createRequestSpec().param("grant_type", new Object[]{"password"}).param("username", new Object[]{"admin"}).param("password", new Object[]{"admin"}).param("client_id", new Object[]{"admin-cli"}).when().post(keycloak.getServerUrl() + "/realms/master/protocol/openid-connect/token", new Object[0]).as(AccessTokenResponse.class)).getToken();
    }

    private static ClientRepresentation createServiceClient(String str) {
        ClientRepresentation clientRepresentation = new ClientRepresentation();
        clientRepresentation.setClientId(str);
        clientRepresentation.setPublicClient(false);
        clientRepresentation.setSecret("secret");
        clientRepresentation.setDirectAccessGrantsEnabled(true);
        clientRepresentation.setServiceAccountsEnabled(true);
        clientRepresentation.setEnabled(true);
        return clientRepresentation;
    }

    private static ClientRepresentation createWebAppClient(String str) {
        ClientRepresentation clientRepresentation = new ClientRepresentation();
        clientRepresentation.setClientId(str);
        clientRepresentation.setPublicClient(false);
        clientRepresentation.setSecret("secret");
        clientRepresentation.setRedirectUris(Arrays.asList("*"));
        clientRepresentation.setEnabled(true);
        return clientRepresentation;
    }

    private static UserRepresentation createUser(String str, List<String> list) {
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setUsername(str);
        userRepresentation.setEnabled(true);
        userRepresentation.setCredentials(new ArrayList());
        userRepresentation.setRealmRoles(list);
        userRepresentation.setEmail(str + "@gmail.com");
        CredentialRepresentation credentialRepresentation = new CredentialRepresentation();
        credentialRepresentation.setType("password");
        credentialRepresentation.setValue(str);
        credentialRepresentation.setTemporary(false);
        userRepresentation.getCredentials().add(credentialRepresentation);
        return userRepresentation;
    }

    public static String getAccessToken(String str) {
        return ((AccessTokenResponse) createRequestSpec().param("grant_type", new Object[]{"password"}).param("username", new Object[]{str}).param("password", new Object[]{str}).param("client_id", new Object[]{KEYCLOAK_SERVICE_CLIENT}).param("client_secret", new Object[]{"secret"}).when().post(keycloak.getServerUrl() + "/realms/" + KEYCLOAK_REALM + "/protocol/openid-connect/token", new Object[0]).as(AccessTokenResponse.class)).getToken();
    }

    public static String getRefreshToken(String str) {
        return ((AccessTokenResponse) createRequestSpec().param("grant_type", new Object[]{"password"}).param("username", new Object[]{str}).param("password", new Object[]{str}).param("client_id", new Object[]{KEYCLOAK_SERVICE_CLIENT}).param("client_secret", new Object[]{"secret"}).when().post(keycloak.getServerUrl() + "/realms/" + KEYCLOAK_REALM + "/protocol/openid-connect/token", new Object[0]).as(AccessTokenResponse.class)).getRefreshToken();
    }

    public void stop() {
        createRequestSpec().auth().oauth2(getAdminAccessToken()).when().delete(keycloak.getServerUrl() + "/admin/realms/" + KEYCLOAK_REALM, new Object[0]).then().statusCode(204);
        keycloak.stop();
    }

    private static List<String> getAdminRoles() {
        return Arrays.asList(TOKEN_ADMIN_ROLES.split(","));
    }

    private static List<String> getUserRoles() {
        return Arrays.asList(TOKEN_USER_ROLES.split(","));
    }

    private static RequestSpecification createRequestSpec() {
        return RestAssured.given();
    }
}
