package org.apache.camel.quarkus.kafka.oauth.it;

import io.quarkus.test.common.QuarkusTestResourceLifecycleManager;
import io.quarkus.test.keycloak.client.KeycloakTestClient;
import io.quarkus.test.keycloak.server.KeycloakContainer;
import io.strimzi.test.container.StrimziKafkaContainer;
import java.io.IOException;
import java.net.URL;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.time.Duration;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.io.IOUtils;
import org.eclipse.microprofile.config.ConfigProvider;
import org.jboss.logging.Logger;
import org.testcontainers.utility.MountableFile;

/* loaded from: input_file:org/apache/camel/quarkus/kafka/oauth/it/KafkaKeycloakTestResource.class */
public class KafkaKeycloakTestResource implements QuarkusTestResourceLifecycleManager {
    private static final Logger LOG = Logger.getLogger(KafkaKeycloakTestResource.class);
    private static final String REALM_JSON = "keycloak/realms/kafka-authz-realm.json";
    private StrimziKafkaContainer kafka;
    private KeycloakContainer keycloak;

    public Map<String, String> start() {
        HashMap hashMap = new HashMap();
        this.keycloak = new KeycloakContainer();
        this.keycloak.withStartupTimeout(Duration.ofMinutes(5L));
        this.keycloak.start();
        LOG.info(this.keycloak.getLogs());
        try {
            try {
                URL resource = Thread.currentThread().getContextClassLoader().getResource(REALM_JSON);
                if (resource == null) {
                    throw new RuntimeException("Unable to load keycloak/realms/kafka-authz-realm.json");
                }
                Path createTempFile = Files.createTempFile("keycloak-auth", ".json", new FileAttribute[0]);
                IOUtils.copy(resource, createTempFile.toFile());
                new KeycloakTestClient(this.keycloak.getServerUrl()).createRealmFromPath(createTempFile.toAbsolutePath().toString());
                if (createTempFile != null) {
                    try {
                        Files.deleteIfExists(createTempFile);
                    } catch (IOException e) {
                    }
                }
                this.kafka = new StrimziKafkaContainer((String) ConfigProvider.getConfig().getValue("kafka-oauth.container.image", String.class)).withBrokerId(1).withKafkaConfigurationMap(Map.of("listener.security.protocol.map", "JWT:SASL_PLAINTEXT,BROKER1:PLAINTEXT", "listener.name.jwt.oauthbearer.sasl.jaas.config", getOauthSaslJaasConfig(this.keycloak.getInternalUrl(), this.keycloak.getServerUrl()), "listener.name.jwt.plain.sasl.jaas.config", getPlainSaslJaasConfig(this.keycloak.getInternalUrl(), this.keycloak.getServerUrl()))).withNetworkAliases(new String[]{"kafka"}).withServerProperties(MountableFile.forClasspathResource("kafkaServer.properties")).withBootstrapServers(strimziKafkaContainer -> {
                    return String.format("JWT://%s:%s", strimziKafkaContainer.getHost(), strimziKafkaContainer.getMappedPort(9092));
                });
                this.kafka.start();
                LOG.info(this.kafka.getLogs());
                hashMap.put("kafka.bootstrap.servers", this.kafka.getBootstrapServers());
                hashMap.put("camel.component.kafka.brokers", this.kafka.getBootstrapServers());
                hashMap.put("camel.component.kafka.security-protocol", "SASL_PLAINTEXT");
                hashMap.put("camel.component.kafka.sasl-mechanism", "OAUTHBEARER");
                hashMap.put("camel.component.kafka.additional-properties[sasl.login.callback.handler.class]", "io.strimzi.kafka.oauth.client.JaasClientOauthLoginCallbackHandler");
                hashMap.put("camel.component.kafka.sasl-jaas-config", getClientSaslJaasConfig(this.keycloak.getServerUrl()));
                return hashMap;
            } catch (IOException e2) {
                throw new RuntimeException(e2);
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    Files.deleteIfExists(null);
                } catch (IOException e3) {
                }
            }
            throw th;
        }
    }

    public void stop() {
        if (this.kafka != null) {
            this.kafka.stop();
        }
        if (this.keycloak != null) {
            this.keycloak.stop();
        }
    }

    private String getClientSaslJaasConfig(String str) {
        return "org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required oauth.client.id=\"kafka-client\" oauth.client.secret=\"kafka-client-secret\" oauth.token.endpoint.uri=\"" + str + "/realms/kafka-authz/protocol/openid-connect/token\";";
    }

    private String getPlainSaslJaasConfig(String str, String str2) {
        return "'org.apache.kafka.common.security.plain.PlainLoginModule required oauth.jwks.endpoint.uri=\"" + str + "/realms/kafka-authz/protocol/openid-connect/certs\" oauth.valid.issuer.uri=\"" + str2 + "/realms/kafka-authz\" oauth.token.endpoint.uri=\"" + str + "/realms/kafka-authz/protocol/openid-connect/token\" oauth.client.id=\"kafka\" oauth.client.secret=\"kafka-secret\" unsecuredLoginStringClaim_sub=\"admin\";'";
    }

    private String getOauthSaslJaasConfig(String str, String str2) {
        return "'org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required oauth.jwks.endpoint.uri=\"" + str + "/realms/kafka-authz/protocol/openid-connect/certs\" oauth.valid.issuer.uri=\"" + str2 + "/realms/kafka-authz\" oauth.token.endpoint.uri=\"" + str + "/realms/kafka-authz/protocol/openid-connect/token\" oauth.client.id=\"kafka\" oauth.client.secret=\"kafka-secret\";'";
    }
}
