package dasniko.testcontainers.keycloak;

import dasniko.testcontainers.keycloak.ExtendableKeycloakContainer;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.UncheckedIOException;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.nio.file.attribute.FileAttribute;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.atomic.AtomicInteger;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.apache.commons.io.FilenameUtils;
import org.jboss.shrinkwrap.api.ShrinkWrap;
import org.jboss.shrinkwrap.api.exporter.ZipExporter;
import org.jboss.shrinkwrap.api.importer.ExplodedImporter;
import org.jboss.shrinkwrap.api.spec.JavaArchive;
import org.jetbrains.annotations.NotNull;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.resource.ClientsResource;
import org.keycloak.representations.idm.ClientRepresentation;
import org.testcontainers.containers.GenericContainer;
import org.testcontainers.containers.output.Slf4jLogConsumer;
import org.testcontainers.containers.wait.strategy.HttpWaitStrategy;
import org.testcontainers.containers.wait.strategy.Wait;
import org.testcontainers.containers.wait.strategy.WaitStrategy;
import org.testcontainers.utility.MountableFile;

/* loaded from: input_file:dasniko/testcontainers/keycloak/ExtendableKeycloakContainer.class */
public abstract class ExtendableKeycloakContainer<SELF extends ExtendableKeycloakContainer<SELF>> extends GenericContainer<SELF> {
    public static final String MASTER_REALM = "master";
    public static final String ADMIN_CLI_CLIENT = "admin-cli";
    private static final String KEYCLOAK_IMAGE = "quay.io/keycloak/keycloak";
    private static final String KEYCLOAK_VERSION = "26.1";
    private static final int KEYCLOAK_PORT_HTTP = 8080;
    private static final int KEYCLOAK_PORT_HTTPS = 8443;
    private static final int KEYCLOAK_PORT_DEBUG = 8787;
    private static final int KEYCLOAK_PORT_MGMT = 9000;
    private static final int DEFAULT_MAX_RAM_PERCENTAGE = 5;
    private static final String KEYCLOAK_START_DEV_COMMAND = "start-dev";
    private static final String KEYCLOAK_START_PRODUCTION_COMMAND = "start";
    private static final String KEYCLOAK_ADMIN_USER = "admin";
    private static final String KEYCLOAK_ADMIN_PASSWORD = "admin";
    private static final String KEYCLOAK_CONTEXT_PATH = "";
    private static final String KEYCLOAK_HOME_DIR = "/opt/keycloak";
    private static final String KEYCLOAK_CONF_DIR = "/opt/keycloak/conf";
    private static final String DEFAULT_KEYCLOAK_PROVIDERS_NAME = "providers.jar";
    private static final String DEFAULT_KEYCLOAK_PROVIDERS_LOCATION = "/opt/keycloak/providers";
    private static final String DEFAULT_REALM_IMPORT_FILES_LOCATION = "/opt/keycloak/data/import/";
    private static final String KEYSTORE_FILE_IN_CONTAINER = "/opt/keycloak/conf/server.keystore";
    private static final String TRUSTSTORE_FILE_IN_CONTAINER = "/opt/keycloak/conf/server.truststore";
    private String startupCommand;
    private String adminUsername;
    private String adminPassword;
    private String contextPath;
    private int initialRamPercentage;
    private int maxRamPercentage;
    private final Set<String> importFiles;
    private String tlsCertificateFilename;
    private String tlsCertificateKeyFilename;
    private String tlsKeystoreFilename;
    private String tlsKeystorePassword;
    private String tlsTruststoreFilename;
    private String tlsTruststorePassword;
    private List<String> tlsTrustedCertificateFilenames;
    private boolean useTls;
    private boolean disabledCaching;
    private boolean metricsEnabled;
    private boolean debugEnabled;
    private int debugHostPort;
    private boolean debugSuspend;
    private HttpsClientAuth httpsClientAuth;
    private boolean useVerbose;
    private String[] featuresEnabled;
    private String[] featuresDisabled;
    private Duration startupTimeout;
    private boolean customWaitStrategySet;
    private List<String> providerClassLocations;
    private List<File> providerLibsLocations;
    private List<String> customCommandParts;
    private boolean bootstrapAdmin;
    private static final int DEFAULT_INITIAL_RAM_PERCENTAGE = 1;
    public static final WaitStrategy LOG_WAIT_STRATEGY = Wait.forLogMessage(".*Running the server in development mode\\. DO NOT use this configuration in production.*\\n", DEFAULT_INITIAL_RAM_PERCENTAGE);
    private static final Duration DEFAULT_STARTUP_TIMEOUT = Duration.ofMinutes(2);

    public ExtendableKeycloakContainer() {
        this("quay.io/keycloak/keycloak:26.1");
    }

    public ExtendableKeycloakContainer(String str) {
        super(str);
        this.startupCommand = KEYCLOAK_START_DEV_COMMAND;
        this.adminUsername = "admin";
        this.adminPassword = "admin";
        this.contextPath = KEYCLOAK_CONTEXT_PATH;
        this.initialRamPercentage = DEFAULT_INITIAL_RAM_PERCENTAGE;
        this.maxRamPercentage = DEFAULT_MAX_RAM_PERCENTAGE;
        this.useTls = false;
        this.disabledCaching = false;
        this.metricsEnabled = false;
        this.debugEnabled = false;
        this.debugSuspend = false;
        this.httpsClientAuth = HttpsClientAuth.NONE;
        this.useVerbose = false;
        this.featuresEnabled = null;
        this.featuresDisabled = null;
        this.startupTimeout = DEFAULT_STARTUP_TIMEOUT;
        this.customWaitStrategySet = false;
        this.bootstrapAdmin = true;
        withExposedPorts(new Integer[]{Integer.valueOf(KEYCLOAK_PORT_HTTP), Integer.valueOf(KEYCLOAK_PORT_HTTPS), Integer.valueOf(KEYCLOAK_PORT_MGMT)});
        this.importFiles = new HashSet();
        withLogConsumer(new Slf4jLogConsumer(logger()));
    }

    protected void configure() {
        ArrayList arrayList = new ArrayList();
        if (this.useVerbose) {
            arrayList.add("--verbose");
        }
        arrayList.add(this.startupCommand);
        if (!this.contextPath.equals(KEYCLOAK_CONTEXT_PATH)) {
            withEnv("KC_HTTP_RELATIVE_PATH", this.contextPath);
        }
        if (this.featuresEnabled != null) {
            withEnv("KC_FEATURES", String.join(",", this.featuresEnabled));
        }
        if (this.featuresDisabled != null) {
            withEnv("KC_FEATURES_DISABLED", String.join(",", this.featuresDisabled));
        }
        if (this.bootstrapAdmin) {
            withEnv("KC_BOOTSTRAP_ADMIN_USERNAME", this.adminUsername);
            withEnv("KC_BOOTSTRAP_ADMIN_PASSWORD", this.adminPassword);
        }
        withEnv("JAVA_OPTS_KC_HEAP", "-XX:InitialRAMPercentage=%d -XX:MaxRAMPercentage=%d".formatted(Integer.valueOf(this.initialRamPercentage), Integer.valueOf(this.maxRamPercentage)));
        if (this.useTls && isNotBlank(this.tlsCertificateFilename)) {
            withCopyFileToContainer(MountableFile.forClasspathResource(this.tlsCertificateFilename), "/opt/keycloak/conf/tls.crt");
            withCopyFileToContainer(MountableFile.forClasspathResource(this.tlsCertificateKeyFilename), "/opt/keycloak/conf/tls.key");
            withEnv("KC_HTTPS_CERTIFICATE_FILE", "/opt/keycloak/conf/tls.crt");
            withEnv("KC_HTTPS_CERTIFICATE_KEY_FILE", "/opt/keycloak/conf/tls.key");
        } else if (this.useTls && isNotBlank(this.tlsKeystoreFilename)) {
            withCopyFileToContainer(MountableFile.forClasspathResource(this.tlsKeystoreFilename), KEYSTORE_FILE_IN_CONTAINER);
            withEnv("KC_HTTPS_KEY_STORE_FILE", KEYSTORE_FILE_IN_CONTAINER);
            withEnv("KC_HTTPS_KEY_STORE_PASSWORD", this.tlsKeystorePassword);
        }
        if (this.useTls && isNotBlank(this.tlsTruststoreFilename)) {
            withCopyFileToContainer(MountableFile.forClasspathResource(this.tlsTruststoreFilename), TRUSTSTORE_FILE_IN_CONTAINER);
            withEnv("KC_HTTPS_TRUST_STORE_FILE", TRUSTSTORE_FILE_IN_CONTAINER);
            withEnv("KC_HTTPS_TRUST_STORE_PASSWORD", this.tlsTruststorePassword);
        }
        if (isNotEmpty(this.tlsTrustedCertificateFilenames)) {
            ArrayList arrayList2 = new ArrayList();
            this.tlsTrustedCertificateFilenames.forEach(str -> {
                String str = "/opt/keycloak/conf" + (str.startsWith("/") ? KEYCLOAK_CONTEXT_PATH : "/") + str;
                withCopyFileToContainer(MountableFile.forClasspathResource(str), str);
                arrayList2.add(str);
            });
            withEnv("KC_TRUSTSTORE_PATHS", String.join(",", arrayList2));
        }
        withEnv("KC_HTTPS_CLIENT_AUTH", this.httpsClientAuth.toString());
        withEnv("KC_HTTPS_MANAGEMENT_CLIENT_AUTH", HttpsClientAuth.NONE.toString());
        withEnv("KC_METRICS_ENABLED", Boolean.toString(this.metricsEnabled));
        withEnv("KC_HEALTH_ENABLED", Boolean.toString(Boolean.TRUE.booleanValue()));
        if (!this.customWaitStrategySet) {
            HttpWaitStrategy forPort = Wait.forHttp(this.contextPath + "/health/started").forPort(KEYCLOAK_PORT_MGMT);
            if (this.useTls) {
                forPort = forPort.usingTls().allowInsecure();
            }
            setWaitStrategy(forPort.withStartupTimeout(this.startupTimeout));
        }
        if (this.providerClassLocations != null && !this.providerClassLocations.isEmpty()) {
            AtomicInteger atomicInteger = new AtomicInteger(0);
            this.providerClassLocations.forEach(str2 -> {
                createKeycloakExtensionDeployment(DEFAULT_KEYCLOAK_PROVIDERS_LOCATION, atomicInteger.getAndIncrement() + "_providers.jar", str2);
            });
        }
        if (this.providerLibsLocations != null) {
            this.providerLibsLocations.forEach(file -> {
                withCopyFileToContainer(MountableFile.forHostPath(file.getAbsolutePath()), "/opt/keycloak/providers/" + file.getName());
            });
        }
        arrayList.add("--import-realm");
        if (!this.importFiles.isEmpty()) {
            for (String str3 : this.importFiles) {
                withCopyFileToContainer(MountableFile.forClasspathResource(str3, 420), "/opt/keycloak/data/import/" + FilenameUtils.getName(str3));
            }
        }
        if (!this.disabledCaching) {
            withEnv("KC_SPI_THEME_CACHE_THEMES", String.valueOf(true));
            withEnv("KC_SPI_THEME_CACHE_TEMPLATES", String.valueOf(true));
            withEnv("KC_SPI_THEME_STATIC_MAX_AGE", String.valueOf(2592000));
        }
        if (this.debugEnabled) {
            withEnv("DEBUG", Boolean.toString(Boolean.TRUE.booleanValue()));
            withEnv("DEBUG_PORT", "*:8787");
            if (this.debugHostPort > 0) {
                addFixedExposedPort(this.debugHostPort, KEYCLOAK_PORT_DEBUG);
            } else {
                addExposedPort(Integer.valueOf(KEYCLOAK_PORT_DEBUG));
            }
            if (this.debugSuspend) {
                withEnv("DEBUG_SUSPEND", "y");
            }
        }
        if (this.customCommandParts != null) {
            logger().warn("You are using custom command parts. Container behavior and configuration may be corrupted. You are self responsible for proper behavior and functionality!\nCustomCommandParts: {}", this.customCommandParts);
            arrayList.addAll(this.customCommandParts);
        }
        setCommand((String[]) arrayList.toArray(new String[0]));
    }

    /* renamed from: withCommand, reason: merged with bridge method [inline-methods] and merged with bridge method [inline-methods] */
    public SELF m7withCommand(String str) {
        throw new IllegalStateException("You are trying to set custom container commands, which is not supported by this Testcontainer. Try using the withCustomCommand() method.");
    }

    /* renamed from: withCommand, reason: merged with bridge method [inline-methods] and merged with bridge method [inline-methods] */
    public SELF m6withCommand(String... strArr) {
        throw new IllegalStateException("You are trying to set custom container commands, which is not supported by this Testcontainer. Try using the withCustomCommand() method.");
    }

    /* renamed from: waitingFor, reason: merged with bridge method [inline-methods] and merged with bridge method [inline-methods] */
    public SELF m8waitingFor(@NotNull WaitStrategy waitStrategy) {
        this.customWaitStrategySet = true;
        return (SELF) super.waitingFor(waitStrategy);
    }

    public SELF withCustomCommand(String str) {
        if (this.customCommandParts == null) {
            this.customCommandParts = new ArrayList();
        }
        this.customCommandParts.add(str);
        return self();
    }

    public void createKeycloakExtensionProvider(String str) {
        createKeycloakExtensionDeployment(DEFAULT_KEYCLOAK_PROVIDERS_LOCATION, DEFAULT_KEYCLOAK_PROVIDERS_NAME, str);
    }

    protected void createKeycloakExtensionDeployment(String str, String str2, String str3) {
        Objects.requireNonNull(str, "deploymentLocation must not be null");
        Objects.requireNonNull(str2, "extensionName must not be null");
        Objects.requireNonNull(str3, "extensionClassFolder must not be null");
        String resolveExtensionClassLocation = resolveExtensionClassLocation(str3);
        if (new File(resolveExtensionClassLocation).exists()) {
            try {
                File file = Files.createTempFile("keycloak", ".jar", new FileAttribute[0]).toFile();
                file.setReadable(true, false);
                file.deleteOnExit();
                ShrinkWrap.create(JavaArchive.class, str2).as(ExplodedImporter.class).importDirectory(resolveExtensionClassLocation).as(ZipExporter.class).exportTo(file, true);
                withCopyFileToContainer(MountableFile.forHostPath(file.getAbsolutePath()), str + "/" + str2);
            } catch (IOException e) {
                throw new UncheckedIOException(e);
            }
        }
    }

    protected String resolveExtensionClassLocation(String str) {
        return Paths.get(MountableFile.forClasspathResource(".").getResolvedPath(), new String[0]).getParent().getParent().resolve(str).toString();
    }

    public SELF withProductionMode() {
        this.startupCommand = KEYCLOAK_START_PRODUCTION_COMMAND;
        return self();
    }

    public SELF withRealmImportFile(String str) {
        this.importFiles.add(str);
        return self();
    }

    public SELF withRealmImportFiles(String... strArr) {
        Arrays.stream(strArr).forEach(this::withRealmImportFile);
        return self();
    }

    public SELF withAdminUsername(String str) {
        this.adminUsername = str;
        return self();
    }

    public SELF withAdminPassword(String str) {
        this.adminPassword = str;
        return self();
    }

    public SELF withContextPath(String str) {
        this.contextPath = str;
        return self();
    }

    public SELF withRamPercentage(int i, int i2) {
        this.initialRamPercentage = i;
        this.maxRamPercentage = i2;
        return self();
    }

    public SELF withProviderClassesFrom(String... strArr) {
        this.providerClassLocations = Arrays.asList(strArr);
        return self();
    }

    public SELF withDefaultProviderClasses() {
        return withProviderClassesFrom("target/classes");
    }

    public SELF withProviderLibsFrom(List<File> list) {
        this.providerLibsLocations = list;
        return self();
    }

    /* renamed from: withStartupTimeout, reason: merged with bridge method [inline-methods] and merged with bridge method [inline-methods] */
    public SELF m5withStartupTimeout(Duration duration) {
        this.startupTimeout = duration;
        return self();
    }

    public SELF useTls() {
        return useTlsKeystore("tls.jks", "changeit");
    }

    public SELF useTls(String str, String str2) {
        Objects.requireNonNull(str, "tlsCertificateFilename must not be null");
        Objects.requireNonNull(str2, "tlsCertificateKeyFilename must not be null");
        this.tlsCertificateFilename = str;
        this.tlsCertificateKeyFilename = str2;
        this.useTls = true;
        return self();
    }

    public SELF useTlsKeystore(String str, String str2) {
        Objects.requireNonNull(str, "tlsKeystoreFilename must not be null");
        Objects.requireNonNull(str2, "tlsKeystorePassword must not be null");
        this.tlsKeystoreFilename = str;
        this.tlsKeystorePassword = str2;
        this.useTls = true;
        return self();
    }

    @Deprecated(forRemoval = true)
    public SELF useMutualTls(String str, String str2, HttpsClientAuth httpsClientAuth) {
        Objects.requireNonNull(str, "tlsTruststoreFilename must not be null");
        Objects.requireNonNull(str2, "tlsTruststorePassword must not be null");
        Objects.requireNonNull(httpsClientAuth, "httpsClientAuth must not be null");
        this.tlsTruststoreFilename = str;
        this.tlsTruststorePassword = str2;
        this.httpsClientAuth = httpsClientAuth;
        this.useTls = true;
        return self();
    }

    public SELF withTrustedCertificates(List<String> list) {
        Objects.requireNonNull(list, "tlsTrustCertificateFilenames must not be null");
        this.tlsTrustedCertificateFilenames = list;
        return self();
    }

    public SELF withHttpsClientAuth(HttpsClientAuth httpsClientAuth) {
        Objects.requireNonNull(httpsClientAuth, "httpsClientAuth must not be null");
        this.httpsClientAuth = httpsClientAuth;
        this.useTls = true;
        return self();
    }

    public SELF withVerboseOutput() {
        this.useVerbose = true;
        return self();
    }

    public SELF withFeaturesEnabled(String... strArr) {
        this.featuresEnabled = strArr;
        return self();
    }

    public SELF withFeaturesDisabled(String... strArr) {
        this.featuresDisabled = strArr;
        return self();
    }

    public SELF withDisabledCaching() {
        this.disabledCaching = true;
        return self();
    }

    public SELF withEnabledMetrics() {
        this.metricsEnabled = true;
        return self();
    }

    public SELF withDebug() {
        return withDebugFixedPort(0, false);
    }

    public SELF withDebugFixedPort(int i, boolean z) {
        return withDebug(i, z);
    }

    private SELF withDebug(int i, boolean z) {
        this.debugEnabled = true;
        this.debugHostPort = i;
        this.debugSuspend = z;
        return self();
    }

    public SELF withBootstrapAdminDisabled() {
        this.bootstrapAdmin = false;
        return self();
    }

    public Keycloak getKeycloakAdminClient() {
        return this.useTls ? Keycloak.getInstance(getAuthServerUrl(), MASTER_REALM, getAdminUsername(), getAdminPassword(), ADMIN_CLI_CLIENT, buildSslContext()) : Keycloak.getInstance(getAuthServerUrl(), MASTER_REALM, getAdminUsername(), getAdminPassword(), ADMIN_CLI_CLIENT);
    }

    public void disableLightweightAccessTokenForAdminCliClient(String str) {
        ClientsResource clients = getKeycloakAdminClient().realm(str).clients();
        ClientRepresentation clientRepresentation = (ClientRepresentation) clients.findByClientId(ADMIN_CLI_CLIENT).get(0);
        Map attributes = clientRepresentation.getAttributes();
        attributes.put("client.use.lightweight.access.token.enabled", "false");
        clientRepresentation.setAttributes(attributes);
        clients.get(clientRepresentation.getId()).update(clientRepresentation);
    }

    private SSLContext buildSslContext() {
        SSLContext sSLContext;
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            if (this.tlsKeystoreFilename != null) {
                keyStore.load(loadResourceAsStream(this.tlsKeystoreFilename), this.tlsKeystorePassword.toCharArray());
            } else if (this.tlsCertificateFilename != null) {
                keyStore.load(null);
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(loadResourceAsStream(this.tlsCertificateFilename));
                keyStore.setCertificateEntry(x509Certificate.getSubjectX500Principal().getName(), x509Certificate);
            }
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, trustManagerFactory.getTrustManagers(), new SecureRandom());
        } catch (IOException | GeneralSecurityException e) {
            sSLContext = null;
        }
        return sSLContext;
    }

    private InputStream loadResourceAsStream(String str) {
        return ExtendableKeycloakContainer.class.getClassLoader().getResourceAsStream(str);
    }

    public String getProtocol() {
        Object[] objArr = new Object[DEFAULT_INITIAL_RAM_PERCENTAGE];
        objArr[0] = this.useTls ? "s" : KEYCLOAK_CONTEXT_PATH;
        return "http%s".formatted(objArr);
    }

    public String getAuthServerUrl() {
        Object[] objArr = new Object[4];
        objArr[0] = getProtocol();
        objArr[DEFAULT_INITIAL_RAM_PERCENTAGE] = getHost();
        objArr[2] = Integer.valueOf(this.useTls ? getHttpsPort() : getHttpPort());
        objArr[3] = getContextPath();
        return String.format("%s://%s:%s%s", objArr);
    }

    public String getMgmtServerUrl() {
        return String.format("%s://%s:%s%s", getProtocol(), getHost(), Integer.valueOf(getHttpMgmtPort()), getContextPath());
    }

    public String getAdminUsername() {
        return this.adminUsername;
    }

    public String getAdminPassword() {
        return this.adminPassword;
    }

    public int getHttpPort() {
        return getMappedPort(KEYCLOAK_PORT_HTTP).intValue();
    }

    public int getHttpsPort() {
        return getMappedPort(KEYCLOAK_PORT_HTTPS).intValue();
    }

    public int getHttpMgmtPort() {
        return getMappedPort(KEYCLOAK_PORT_MGMT).intValue();
    }

    public int getDebugPort() {
        if (this.debugEnabled) {
            return getMappedPort(KEYCLOAK_PORT_DEBUG).intValue();
        }
        return -1;
    }

    public String getContextPath() {
        return this.contextPath;
    }

    public Duration getStartupTimeout() {
        return this.startupTimeout;
    }

    public String getKeycloakDefaultVersion() {
        return KEYCLOAK_VERSION.equals("nightly") ? "999.0.0-SNAPSHOT" : KEYCLOAK_VERSION;
    }

    private boolean isNotBlank(String str) {
        return (str == null || str.trim().isEmpty()) ? false : true;
    }

    private boolean isNotEmpty(List<String> list) {
        return (list == null || list.isEmpty()) ? false : true;
    }
}
