package io.quarkus.test.oidc.server;

import com.github.tomakehurst.wiremock.WireMockServer;
import com.github.tomakehurst.wiremock.client.WireMock;
import com.github.tomakehurst.wiremock.core.WireMockConfiguration;
import com.github.tomakehurst.wiremock.extension.Extension;
import com.github.tomakehurst.wiremock.extension.responsetemplating.ResponseTemplateTransformer;
import com.google.common.collect.ImmutableSet;
import io.quarkus.test.common.QuarkusTestResourceLifecycleManager;
import io.smallrye.jwt.build.Jwt;
import jakarta.json.Json;
import jakarta.json.JsonObject;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import org.jboss.logging.Logger;
import org.jose4j.keys.X509Util;

/* loaded from: input_file:io/quarkus/test/oidc/server/OidcWiremockTestResource.class */
public class OidcWiremockTestResource implements QuarkusTestResourceLifecycleManager {
    private static final Logger LOG = Logger.getLogger(OidcWiremockTestResource.class);
    private static final String TOKEN_ISSUER = System.getProperty("quarkus.test.oidc.token.issuer", "https://server.example.com");
    private static final String TOKEN_AUDIENCE = System.getProperty("quarkus.test.oidc.token.audience", "https://server.example.com");
    private static final String TOKEN_USER_ROLES = System.getProperty("quarkus.test.oidc.token.user-roles", "user");
    private static final String TOKEN_ADMIN_ROLES = System.getProperty("quarkus.test.oidc.token.admin-roles", "user,admin");
    private static final String ENCODED_X5C = "MIIC+zCCAeOgAwIBAgIGAXx/E9rgMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yMTEwMTQxMzUzMDBaFw0yMjEwMTQxMzUzMDBaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIicN95dXlQLBqEZUsqPhQopnjnPgGmW80NohEgNzZLqN0xW9cyJJrdJM5Z1lRrePHZGiJdd1XXn4fYasP6/cjRfMWal9X6dD5wlnOTP01/4beX5vctE6W4lZrI3kTFmZ+I69w7BaLsUPWgV1CYrtuldL3dr6xAnngK3hU+JraB2Ndw9llXib26HOZhCXKedCTYcUQieVJGPI0f8H1JNk88+PnwI+cUGgXHF56iTLv9QujI6AhIgextXdd21T0XiHgBkSlSSBeqIKAjfCW6zoXP+PJU+Lso24J3duG3mrbilqHZlmIWnLRaG0RmKOeedXIDHvAaMaVUOLaN9HBgNKo0CAwEAAaNTMFEwHQYDVR0OBBYEFMYGoBNHBTMvMT4DwClVHVVwn+5VMB8GA1UdIwQYMBaAFMYGoBNHBTMvMT4DwClVHVVwn+5VMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFulB0DKhykXGbGPIBPcj63ItLNilgl1i8i43my8fYdV6OBWLIhZ4InhpX1+XmYCNPNtu94Jy1csS00K2/Hhn4ByBd+6nd5DSr0W0VdVQyhLz3GW1nf0J3X2N+tD818O0KtKKPTq4p9reg/XtV+DNv7DeDAGzlfgRL4E4fQx6OYeuu35kGrPvAddIA70leJMELJRylCLfEcl2ne/Bht8cZVp7ZCxnfXnsc+7hCW84mhzGjJycA3E6TnZPD3pD+q9FoIAQMxMQqUCH71u9vTvz1Q5JdokuJJY2eTHSUKyHA9MwSFq8DFDICJFBoQuFyDlK5yxSUcQpR3mBwKdimj6oA0=";
    private WireMockServer server;

    public Map<String, String> start() {
        this.server = new WireMockServer(WireMockConfiguration.wireMockConfig().extensions(new Extension[]{new ResponseTemplateTransformer(false)}).dynamicPort());
        this.server.start();
        this.server.stubFor(WireMock.get(WireMock.urlEqualTo("/auth/realms/quarkus/.well-known/openid-configuration")).willReturn(WireMock.aResponse().withHeader("Content-Type", new String[]{"application/json"}).withBody("{\n    \"jwks_uri\": \"" + this.server.baseUrl() + "/auth/realms/quarkus/protocol/openid-connect/certs\",\n    \"token_introspection_endpoint\": \"" + this.server.baseUrl() + "/auth/realms/quarkus/protocol/openid-connect/token/introspect\",\n    \"authorization_endpoint\": \"" + this.server.baseUrl() + "/auth/realms/quarkus\",    \"userinfo_endpoint\": \"" + this.server.baseUrl() + "/auth/realms/quarkus/protocol/openid-connect/userinfo\",    \"token_endpoint\": \"" + this.server.baseUrl() + "/auth/realms/quarkus/token\",    \"issuer\" : \"" + TOKEN_ISSUER + "\",    \"introspection_endpoint\": \"" + this.server.baseUrl() + "/auth/realms/quarkus/protocol/openid-connect/token/introspect\",    \"end_session_endpoint\": \"" + this.server.baseUrl() + "/auth/realms/quarkus/protocol/openid-connect/end-session\"}")));
        this.server.stubFor(WireMock.get(WireMock.urlEqualTo("/auth/realms/quarkus/protocol/openid-connect/certs")).willReturn(WireMock.aResponse().withHeader("Content-Type", new String[]{"application/json"}).withBody("{\n  \"keys\" : [\n    {\n      \"kid\": \"1\",\n      \"kty\":\"RSA\",\n      \"n\":\"iJw33l1eVAsGoRlSyo-FCimeOc-AaZbzQ2iESA3Nkuo3TFb1zIkmt0kzlnWVGt48dkaIl13Vdefh9hqw_r9yNF8xZqX1fp0PnCWc5M_TX_ht5fm9y0TpbiVmsjeRMWZn4jr3DsFouxQ9aBXUJiu26V0vd2vrECeeAreFT4mtoHY13D2WVeJvboc5mEJcp50JNhxRCJ5UkY8jR_wfUk2Tzz4-fAj5xQaBccXnqJMu_1C6MjoCEiB7G1d13bVPReIeAGRKVJIF6ogoCN8JbrOhc_48lT4uyjbgnd24beatuKWodmWYhactFobRGYo5551cgMe8BoxpVQ4to30cGA0qjQ\",\n      \"e\":\"AQAB\"\n    },\n    {      \"kty\": \"RSA\",      \"alg\": \"RS256\",      \"n\":\"iJw33l1eVAsGoRlSyo-FCimeOc-AaZbzQ2iESA3Nkuo3TFb1zIkmt0kzlnWVGt48dkaIl13Vdefh9hqw_r9yNF8xZqX1fp0PnCWc5M_TX_ht5fm9y0TpbiVmsjeRMWZn4jr3DsFouxQ9aBXUJiu26V0vd2vrECeeAreFT4mtoHY13D2WVeJvboc5mEJcp50JNhxRCJ5UkY8jR_wfUk2Tzz4-fAj5xQaBccXnqJMu_1C6MjoCEiB7G1d13bVPReIeAGRKVJIF6ogoCN8JbrOhc_48lT4uyjbgnd24beatuKWodmWYhactFobRGYo5551cgMe8BoxpVQ4to30cGA0qjQ\",\n      \"e\":\"AQAB\",\n      \"x5c\": [          \"MIIC+zCCAeOgAwIBAgIGAXx/E9rgMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yMTEwMTQxMzUzMDBaFw0yMjEwMTQxMzUzMDBaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIicN95dXlQLBqEZUsqPhQopnjnPgGmW80NohEgNzZLqN0xW9cyJJrdJM5Z1lRrePHZGiJdd1XXn4fYasP6/cjRfMWal9X6dD5wlnOTP01/4beX5vctE6W4lZrI3kTFmZ+I69w7BaLsUPWgV1CYrtuldL3dr6xAnngK3hU+JraB2Ndw9llXib26HOZhCXKedCTYcUQieVJGPI0f8H1JNk88+PnwI+cUGgXHF56iTLv9QujI6AhIgextXdd21T0XiHgBkSlSSBeqIKAjfCW6zoXP+PJU+Lso24J3duG3mrbilqHZlmIWnLRaG0RmKOeedXIDHvAaMaVUOLaN9HBgNKo0CAwEAAaNTMFEwHQYDVR0OBBYEFMYGoBNHBTMvMT4DwClVHVVwn+5VMB8GA1UdIwQYMBaAFMYGoBNHBTMvMT4DwClVHVVwn+5VMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFulB0DKhykXGbGPIBPcj63ItLNilgl1i8i43my8fYdV6OBWLIhZ4InhpX1+XmYCNPNtu94Jy1csS00K2/Hhn4ByBd+6nd5DSr0W0VdVQyhLz3GW1nf0J3X2N+tD818O0KtKKPTq4p9reg/XtV+DNv7DeDAGzlfgRL4E4fQx6OYeuu35kGrPvAddIA70leJMELJRylCLfEcl2ne/Bht8cZVp7ZCxnfXnsc+7hCW84mhzGjJycA3E6TnZPD3pD+q9FoIAQMxMQqUCH71u9vTvz1Q5JdokuJJY2eTHSUKyHA9MwSFq8DFDICJFBoQuFyDlK5yxSUcQpR3mBwKdimj6oA0=\"      ]    }  ]\n}")));
        this.server.stubFor(WireMock.get(WireMock.urlEqualTo("/auth/realms/quarkus/single-key-without-kid-thumbprint")).willReturn(WireMock.aResponse().withHeader("Content-Type", new String[]{"application/json"}).withBody("{\n  \"keys\" : [\n    {\n      \"kty\":\"RSA\",\n      \"n\":\"iJw33l1eVAsGoRlSyo-FCimeOc-AaZbzQ2iESA3Nkuo3TFb1zIkmt0kzlnWVGt48dkaIl13Vdefh9hqw_r9yNF8xZqX1fp0PnCWc5M_TX_ht5fm9y0TpbiVmsjeRMWZn4jr3DsFouxQ9aBXUJiu26V0vd2vrECeeAreFT4mtoHY13D2WVeJvboc5mEJcp50JNhxRCJ5UkY8jR_wfUk2Tzz4-fAj5xQaBccXnqJMu_1C6MjoCEiB7G1d13bVPReIeAGRKVJIF6ogoCN8JbrOhc_48lT4uyjbgnd24beatuKWodmWYhactFobRGYo5551cgMe8BoxpVQ4to30cGA0qjQ\",\n      \"e\":\"AQAB\"\n    }  ]\n}")));
        defineUserInfoStubForOpaqueToken("alice");
        defineUserInfoStubForOpaqueToken("admin");
        defineUserInfoStubForJwt();
        defineValidIntrospectionMockTokenStubForUserWithRoles("alice", ImmutableSet.copyOf(getUserRoles()));
        defineValidIntrospectionMockTokenStubForUserWithRoles("admin", ImmutableSet.copyOf(getAdminRoles()));
        defineInvalidIntrospectionMockTokenStubForUserWithRoles("expired", Collections.emptySet());
        defineCodeFlowAuthorizationMockTokenStub();
        defineCodeFlowAuthorizationMockEncryptedTokenStub();
        defineJwtBearerGrantTokenStub();
        this.server.stubFor(WireMock.get(WireMock.urlPathMatching("/auth/realms/quarkus[/]?")).willReturn(WireMock.aResponse().withHeader("Content-Type", new String[]{"text/html"}).withBody("<html>\n<body>\n <form action=\"/login\" name=\"form\">\n  <input type=\"text\" id=\"username\" name=\"username\"/>\n  <input type=\"password\" id=\"password\" name=\"password\"/>\n  <input type=\"hidden\" id=\"state\" name=\"state\" value=\"{{request.query.state}}\"/>\n  <input type=\"hidden\" id=\"redirect_uri\" name=\"redirect_uri\" value=\"{{request.query.redirect_uri}}\"/>\n  <input type=\"submit\" id=\"login\" value=\"login\"/>\n</form>\n</body>\n</html> ").withTransformers(new String[]{"response-template"})));
        this.server.stubFor(WireMock.get(WireMock.urlPathMatching("/auth/realms/quarkus-form-post[/]?")).willReturn(WireMock.aResponse().withHeader("Content-Type", new String[]{"text/html"}).withBody("<html>\n<body>\n <form action=\"/login-form-post\" name=\"form\">\n  <input type=\"text\" id=\"username\" name=\"username\"/>\n  <input type=\"password\" id=\"password\" name=\"password\"/>\n  <input type=\"hidden\" id=\"state\" name=\"state\" value=\"{{request.query.state}}\"/>\n  <input type=\"hidden\" id=\"redirect_uri\" name=\"redirect_uri\" value=\"{{request.query.redirect_uri}}\"/>\n  <input type=\"submit\" id=\"login\" value=\"login\"/>\n</form>\n</body>\n</html> ").withTransformers(new String[]{"response-template"})));
        this.server.stubFor(WireMock.get(WireMock.urlPathMatching("/login")).willReturn(WireMock.aResponse().withHeader("Location", new String[]{"{{request.query.redirect_uri}}?state={{request.query.state}}&code=58af24f2-9093-4674-a431-4a9d66be719c.50437113-cd78-48a2-838e-b936fe458c5d.0ac5df91-e044-4051-bd03-106a3a5fb9cc"}).withStatus(302).withTransformers(new String[]{"response-template"})));
        this.server.stubFor(WireMock.get(WireMock.urlPathMatching("/login-form-post")).willReturn(WireMock.aResponse().withBody("<html>\n   <head><title>Submit This Form</title></head>\n   <body onload=\"javascript:document.forms[0].submit()\">\n    <form method=\"post\" action=\"{{request.query.redirect_uri}}\">\n      <input type=\"hidden\" name=\"state\"\n       value=\"{{request.query.state}}\"/>\n      <input type=\"hidden\" name=\"code\"\n       value=\"58af24f2-9093-4674-a431-4a9d66be719c.50437113-cd78-48a2-838e-b936fe458c5d.0ac5df91-e044-4051-bd03-106a3a5fb9cc\"/>\n    </form>\n   </body>\n  </html>\n").withTransformers(new String[]{"response-template"})));
        LOG.infof("Keycloak started in mock mode: %s", this.server.baseUrl());
        HashMap hashMap = new HashMap();
        hashMap.put("keycloak.url", this.server.baseUrl() + "/auth");
        hashMap.put("smallrye.jwt.sign.key.location", "privateKey.jwk");
        return hashMap;
    }

    private void defineUserInfoStubForOpaqueToken(String str) {
        this.server.stubFor(WireMock.get(WireMock.urlEqualTo("/auth/realms/quarkus/protocol/openid-connect/userinfo")).withHeader("Authorization", WireMock.matching("Bearer " + str)).willReturn(WireMock.aResponse().withHeader("Content-Type", new String[]{"application/json"}).withBody("{\n      \"preferred_username\": \"" + str + "\"}")));
    }

    private void defineUserInfoStubForJwt() {
        this.server.stubFor(WireMock.get(WireMock.urlEqualTo("/auth/realms/quarkus/protocol/openid-connect/userinfo")).withHeader("Authorization", WireMock.containing("Bearer ey")).willReturn(WireMock.aResponse().withHeader("Content-Type", new String[]{"application/json"}).withBody("{\n      \"preferred_username\": \"alice\"}")));
    }

    private void defineValidIntrospectionMockTokenStubForUserWithRoles(String str, Set<String> set) {
        long now = now() + 300;
        WireMockServer wireMockServer = this.server;
        wireMockServer.stubFor(WireMock.post("/auth/realms/quarkus/protocol/openid-connect/token/introspect").withRequestBody(WireMock.matching("token=" + str + "&token_type_hint=access_token")).willReturn(WireMock.aResponse().withHeader("Content-Type", new String[]{"application/json"}).withBody("{\"active\":true,\"scope\":\"" + ((String) set.stream().collect(Collectors.joining(" "))) + "\",\"username\":\"" + str + "\",\"iat\":1,\"exp\":" + now + ",\"expires_in\":" + wireMockServer + ",\"client_id\":\"my_client_id\"}")));
    }

    private static final long now() {
        return System.currentTimeMillis();
    }

    private void defineInvalidIntrospectionMockTokenStubForUserWithRoles(String str, Set<String> set) {
        this.server.stubFor(WireMock.post("/auth/realms/quarkus/protocol/openid-connect/token/introspect").withRequestBody(WireMock.matching("token=" + str + "&token_type_hint=access_token")).willReturn(WireMock.aResponse().withHeader("Content-Type", new String[]{"application/json"}).withBody("{\"active\":true,\"scope\":\"" + ((String) set.stream().collect(Collectors.joining(" "))) + "\",\"username\":\"" + str + "\",\"iat\":1562315654,\"exp\":1,\"expires_in\":1,\"client_id\":\"my_client_id\"}")));
    }

    private void defineJwtBearerGrantTokenStub() {
        this.server.stubFor(WireMock.post("/auth/realms/quarkus/jwt-bearer-token").withRequestBody(WireMock.containing("client_id=quarkus-app")).withRequestBody(WireMock.containing("client_secret=secret")).withRequestBody(WireMock.containing("grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer")).withRequestBody(WireMock.containing("scope=https%3A%2F%2Fgraph.microsoft.com%2Fuser.read+offline_access")).withRequestBody(WireMock.containing("requested_token_use=on_behalf_of")).withRequestBody(WireMock.containing("assertion")).willReturn(WireMock.aResponse().withHeader("Content-Type", new String[]{"application/json"}).withBody("{\n  \"access_token\": \"" + getAccessToken("bob", getUserRoles()) + "\"}")));
    }

    private void defineCodeFlowAuthorizationMockTokenStub() {
        this.server.stubFor(WireMock.post("/auth/realms/quarkus/token").withRequestBody(WireMock.containing("authorization_code")).willReturn(WireMock.aResponse().withHeader("Content-Type", new String[]{"application/json"}).withBody("{\n  \"access_token\": \"" + getAccessToken("alice", getAdminRoles()) + "\",\n  \"refresh_token\": \"07e08903-1263-4dd1-9fd1-4a59b0db5283\",\n  \"id_token\": \"" + getIdToken("alice", getAdminRoles()) + "\"\n}")));
    }

    private void defineCodeFlowAuthorizationMockEncryptedTokenStub() {
        this.server.stubFor(WireMock.post("/auth/realms/quarkus/encrypted-id-token").withRequestBody(WireMock.containing("authorization_code")).willReturn(WireMock.aResponse().withHeader("Content-Type", new String[]{"application/json"}).withBody("{\n  \"access_token\": \"" + getAccessToken("alice", getAdminRoles()) + "\",\n  \"refresh_token\": \"07e08903-1263-4dd1-9fd1-4a59b0db5283\",\n  \"id_token\": \"" + getEncryptedIdToken("alice", getAdminRoles()) + "\"\n}")));
    }

    public static String getEncryptedIdToken(String str, Set<String> set) {
        return Jwt.preferredUserName(str).groups(set).issuer(TOKEN_ISSUER).audience(TOKEN_AUDIENCE).subject("123456").jws().keyId("1").innerSign("privateKey.jwk").encrypt("publicKey.jwk");
    }

    public static X509Certificate getCertificate() {
        try {
            return new X509Util().fromBase64Der(ENCODED_X5C);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private Set<String> getAdminRoles() {
        return new HashSet(Arrays.asList(TOKEN_ADMIN_ROLES.split(",")));
    }

    private Set<String> getUserRoles() {
        return new HashSet(Arrays.asList(TOKEN_USER_ROLES.split(",")));
    }

    public static String getAccessToken(String str, Set<String> set) {
        return generateJwtToken(str, set);
    }

    public static String getIdToken(String str, Set<String> set) {
        return generateJwtToken(str, set);
    }

    public static String generateJwtToken(String str, Set<String> set) {
        return Jwt.preferredUserName(str).groups(set).issuer(TOKEN_ISSUER).audience(TOKEN_AUDIENCE).claim("sid", "session-id").subject("123456").jws().keyId("1").sign("privateKey.jwk");
    }

    public static String getLogoutToken() {
        return Jwt.issuer(TOKEN_ISSUER).audience(TOKEN_AUDIENCE).subject("123456").claim("events", createEventsClaim()).claim("sid", "session-id").jws().keyId("1").sign("privateKey.jwk");
    }

    public static String getLogoutToken(String str) {
        return Jwt.issuer(TOKEN_ISSUER).audience(TOKEN_AUDIENCE).subject(str).claim("events", createEventsClaim()).claim("sid", "session-id").jws().keyId("1").sign("privateKey.jwk");
    }

    private static JsonObject createEventsClaim() {
        return Json.createObjectBuilder().add("http://schemas.openid.net/event/backchannel-logout", Json.createObjectBuilder().build()).build();
    }

    public void inject(QuarkusTestResourceLifecycleManager.TestInjector testInjector) {
        testInjector.injectIntoFields(this.server, new QuarkusTestResourceLifecycleManager.TestInjector.AnnotatedAndMatchesType(OidcWireMock.class, WireMockServer.class));
    }

    public synchronized void stop() {
        if (this.server != null) {
            this.server.stop();
            LOG.info("Keycloak was shut down");
            this.server = null;
        }
    }
}
