package io.confluent.security.fixtures;

import com.fasterxml.jackson.jaxrs.json.JacksonJaxbJsonProvider;
import io.confluent.security.authentication.http.HttpClient;
import io.confluent.security.authentication.oauthbearer.ProviderMetadata;
import io.confluent.security.authentication.oauthbearer.SignatureAlgorithm;
import io.confluent.security.authentication.utils.JacksonSerde;
import io.confluent.security.fixtures.OpenId.ClientRegistration;
import io.confluent.security.fixtures.OpenId.ContainerResponseInterceptor;
import io.confluent.security.fixtures.OpenId.HydraAdminImpl;
import io.confluent.security.fixtures.OpenId.ProviderAdmin;
import java.net.URI;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.core.MediaType;
import org.testcontainers.containers.Container;
import org.testcontainers.containers.wait.strategy.Wait;

/* loaded from: input_file:io/confluent/security/fixtures/OpenIdProvider.class */
public class OpenIdProvider extends ContainerService {
    private final HttpClient httpClient;
    private static final String DEFAULT_IMAGE = "oryd/hydra:v1.10.6-sqlite";
    private static final int PUBLIC_PORT = 4444;
    private static final int ADMIN_PORT = 4445;
    private static final Map<String, String> DEFAULT_CONFIG = new HashMap<String, String>() { // from class: io.confluent.security.fixtures.OpenIdProvider.1
        {
            put("DSN", "memory");
            put("STRATEGIES_ACCESS_TOKEN", "jwt");
            put("HYDRA_URL", "http://127.0.0.1:" + OpenIdProvider.PUBLIC_PORT);
            put("HYDRA_ADMIN_URL", "http://127.0.0.1:" + OpenIdProvider.ADMIN_PORT);
            put("LOG_LEVEL", "debug");
            put("OAUTH2_EXPOSE_INTERNAL_ERRORS", "1");
            put("LOG_LEAK_SENSITIVE_VALUES", "true");
        }
    };

    public OpenIdProvider() {
        super(DEFAULT_IMAGE, new Integer[]{Integer.valueOf(PUBLIC_PORT), Integer.valueOf(ADMIN_PORT)}, DEFAULT_CONFIG);
        start();
        this.httpClient = new HttpClient(ClientBuilder.newClient().register(new ContainerResponseInterceptor(issuerUri(PUBLIC_PORT))).register(new JacksonJaxbJsonProvider(JacksonSerde.jsonMapper(), JacksonJaxbJsonProvider.DEFAULT_ANNOTATIONS)));
    }

    @Override // io.confluent.security.fixtures.ContainerService
    public void start() {
        this.container.waitingFor(Wait.forHttp("/health/ready").forStatusCode(200)).withCommand("serve all --dangerous-force-http").start();
    }

    @Override // io.confluent.security.fixtures.ContainerService, java.lang.AutoCloseable
    public void close() {
        super.close();
        this.httpClient.close();
    }

    public ProviderMetadata providerMetadata() {
        return (ProviderMetadata) this.httpClient.target(discoveryUri()).request(new MediaType[]{MediaType.APPLICATION_JSON_TYPE}).get(ProviderMetadata.class);
    }

    public ClientRegistration registerClient() {
        return adminClient().registerClient(ClientRegistration.builder().clientId(randomString()).build());
    }

    public void rotateJwk() {
        adminClient().createJsonWebKey(SignatureAlgorithm.RS256, randomString());
    }

    public String clientCredentialsGrant(ClientRegistration clientRegistration) {
        Container.ExecResult exec = command("hydra").argument("token").argument("client").param("--client-id", clientRegistration.clientId()).param("--client-secret", clientRegistration.clientSecret()).exec();
        if (exec.getExitCode() != 0) {
            throw new RuntimeException("Unable to obtain access token for " + clientRegistration.clientId());
        }
        return exec.getStdout();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public HttpClient httpClient() {
        return new HttpClient(ClientBuilder.newClient().register(new ContainerResponseInterceptor(issuerUri(PUBLIC_PORT))).register(new JacksonJaxbJsonProvider(JacksonSerde.jsonMapper(), JacksonJaxbJsonProvider.DEFAULT_ANNOTATIONS)));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ProviderAdmin adminClient() {
        return HydraAdminImpl.newClient(this.httpClient, issuerUri(ADMIN_PORT));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public URI discoveryUri() {
        return issuerUri(PUBLIC_PORT).resolve("/.well-known/openid-configuration");
    }

    private URI issuerUri(int i) {
        return URI.create(String.format("http://%s", connectionString(i)));
    }

    private String randomString() {
        return UUID.randomUUID().toString();
    }
}
