package io.quarkus.test.security.oidc;

import io.quarkus.arc.Unremovable;
import io.quarkus.oidc.AccessTokenCredential;
import io.quarkus.oidc.IdTokenCredential;
import io.quarkus.oidc.runtime.OidcJwtCallerPrincipal;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.security.runtime.QuarkusSecurityIdentity;
import io.quarkus.test.security.TestSecurityIdentityAugmentor;
import io.smallrye.jwt.build.Jwt;
import io.smallrye.jwt.util.KeyUtils;
import io.vertx.ext.web.RoutingContext;
import java.util.Map;
import java.util.stream.Collectors;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.inject.Produces;
import org.eclipse.microprofile.jwt.Claims;
import org.jose4j.jwt.JwtClaims;

@ApplicationScoped
/* loaded from: input_file:io/quarkus/test/security/oidc/OidcTestSecurityIdentityAugmentorProducer.class */
public class OidcTestSecurityIdentityAugmentorProducer {

    /* loaded from: input_file:io/quarkus/test/security/oidc/OidcTestSecurityIdentityAugmentorProducer$OidcTestSecurityIdentityAugmentor.class */
    private static class OidcTestSecurityIdentityAugmentor implements TestSecurityIdentityAugmentor {
        private OidcTestSecurityIdentityAugmentor() {
        }

        public SecurityIdentity augment(SecurityIdentity securityIdentity) {
            QuarkusSecurityIdentity.Builder builder = QuarkusSecurityIdentity.builder(securityIdentity);
            JwtClaims jwtClaims = new JwtClaims();
            jwtClaims.setClaim(Claims.preferred_username.name(), securityIdentity.getPrincipal().getName());
            jwtClaims.setClaim(Claims.groups.name(), securityIdentity.getRoles().stream().collect(Collectors.toList()));
            for (Map.Entry entry : securityIdentity.getAttributes().entrySet()) {
                if (((String) entry.getKey()).startsWith("claim.")) {
                    jwtClaims.setClaim(((String) entry.getKey()).substring("claim.".length()), entry.getValue());
                }
            }
            String generateToken = generateToken(jwtClaims);
            IdTokenCredential idTokenCredential = new IdTokenCredential(generateToken, (RoutingContext) null);
            AccessTokenCredential accessTokenCredential = new AccessTokenCredential(generateToken, (RoutingContext) null);
            builder.setPrincipal(new OidcJwtCallerPrincipal(jwtClaims, idTokenCredential));
            builder.addCredential(idTokenCredential);
            builder.addCredential(accessTokenCredential);
            return builder.build();
        }

        private String generateToken(JwtClaims jwtClaims) {
            try {
                return Jwt.claims(jwtClaims.getClaimsMap()).sign(KeyUtils.generateKeyPair(2048).getPrivate());
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
    }

    @Unremovable
    @Produces
    public TestSecurityIdentityAugmentor produce() {
        return new OidcTestSecurityIdentityAugmentor();
    }
}
