package io.trino.tests.product.launcher.env.common;

import com.google.inject.Inject;
import io.trino.testing.containers.wait.strategy.SelectedPortWaitStrategy;
import io.trino.tests.product.launcher.docker.DockerFiles;
import io.trino.tests.product.launcher.env.DockerContainer;
import io.trino.tests.product.launcher.env.Environment;
import io.trino.tests.product.launcher.env.EnvironmentContainers;
import io.trino.tests.product.launcher.testcontainers.PortBinder;
import java.util.Objects;
import org.testcontainers.containers.startupcheck.OneShotStartupCheckStrategy;
import org.testcontainers.containers.wait.strategy.Wait;
import org.testcontainers.containers.wait.strategy.WaitAllStrategy;
import org.testcontainers.lifecycle.Startable;
import org.testcontainers.utility.MountableFile;

/* loaded from: input_file:io/trino/tests/product/launcher/env/common/HydraIdentityProvider.class */
public class HydraIdentityProvider implements EnvironmentExtender {
    private static final int TTL_ACCESS_TOKEN_IN_SECONDS = 5;
    private static final int TTL_REFRESH_TOKEN_IN_SECONDS = 15;
    private static final String HYDRA_IMAGE = "oryd/hydra:v1.10.6";
    private static final String DSN = "postgres://hydra:mysecretpassword@hydra-db:5432/hydra?sslmode=disable";
    private final PortBinder binder;
    private final DockerFiles.ResourceProvider configDir;

    @Inject
    public HydraIdentityProvider(PortBinder portBinder, DockerFiles dockerFiles) {
        this.binder = (PortBinder) Objects.requireNonNull(portBinder, "binder is null");
        Objects.requireNonNull(dockerFiles, "dockerFiles is null");
        this.configDir = dockerFiles.getDockerFilesHostDirectory("common/hydra-identity-provider");
    }

    @Override // io.trino.tests.product.launcher.env.common.EnvironmentExtender
    public void extendEnvironment(Environment.Builder builder) {
        Startable startable = (DockerContainer) new DockerContainer("postgres:14.0", "hydra-db").withEnv("POSTGRES_USER", "hydra").withEnv("POSTGRES_PASSWORD", "mysecretpassword").withEnv("POSTGRES_DB", "hydra").withExposedPorts(new Integer[]{5432}).waitingFor(new SelectedPortWaitStrategy(new int[]{5432}));
        DockerContainer temporary = new DockerContainer(HYDRA_IMAGE, "hydra-db-migration").withCommand(new String[]{"migrate", "sql", "--yes", DSN}).dependsOn(new Startable[]{startable}).withStartupCheckStrategy(new OneShotStartupCheckStrategy()).setTemporary(true);
        DockerContainer dockerContainer = (DockerContainer) new DockerContainer("python:3.10.1-alpine", "hydra-consent").withCopyFileToContainer(MountableFile.forHostPath(this.configDir.getPath("login_and_consent_server.py")), "/").withCommand(new String[]{"python", "/login_and_consent_server.py"}).withExposedPorts(new Integer[]{3000}).waitingFor(Wait.forHttp("/healthz").forPort(3000).forStatusCode(200));
        this.binder.exposePort(dockerContainer, 3000);
        DockerContainer dockerContainer2 = (DockerContainer) new DockerContainer(HYDRA_IMAGE, "hydra").withEnv("LOG_LEVEL", "debug").withEnv("LOG_LEAK_SENSITIVE_VALUES", Environment.PRODUCT_TEST_LAUNCHER_STARTED_LABEL_VALUE).withEnv("OAUTH2_EXPOSE_INTERNAL_ERRORS", "1").withEnv("GODEBUG", "http2debug=1").withEnv("DSN", DSN).withEnv("URLS_SELF_ISSUER", "http://hydra:4444/").withEnv("URLS_CONSENT", "http://hydra-consent:3000/consent").withEnv("URLS_LOGIN", "http://hydra-consent:3000/login").withEnv("SERVE_TLS_KEY_PATH", "/tmp/certs/hydra.pem").withEnv("SERVE_TLS_CERT_PATH", "/tmp/certs/hydra.pem").withEnv("STRATEGIES_ACCESS_TOKEN", "jwt").withEnv("TTL_ACCESS_TOKEN", "5s").withEnv("TTL_REFRESH_TOKEN", "15s").withEnv("OAUTH2_ALLOWED_TOP_LEVEL_CLAIMS", "groups").withCommand(new String[]{"serve", "all", "--dangerous-force-http"}).withCopyFileToContainer(MountableFile.forHostPath(this.configDir.getPath("cert/hydra.pem")), "/tmp/certs/hydra.pem").waitingFor(new WaitAllStrategy().withStrategy(Wait.forLogMessage(".*Setting up http server on :4444.*", 1)).withStrategy(Wait.forLogMessage(".*Setting up http server on :4445.*", 1)));
        this.binder.exposePort(dockerContainer2, 4444);
        this.binder.exposePort(dockerContainer2, 4445);
        builder.addContainers(startable, temporary, dockerContainer, dockerContainer2);
        builder.containerDependsOn(dockerContainer2.getLogicalName(), dockerContainer.getLogicalName());
        builder.containerDependsOn(dockerContainer2.getLogicalName(), temporary.getLogicalName());
        builder.containerDependsOn(dockerContainer2.getLogicalName(), startable.getLogicalName());
        builder.configureContainers(dockerContainer3 -> {
            if (EnvironmentContainers.isTrinoContainer(dockerContainer3.getLogicalName())) {
                dockerContainer3.withCopyFileToContainer(MountableFile.forHostPath(this.configDir.getPath("cert/trino.pem")), "/docker/presto-product-tests/conf/presto/etc/trino.pem").withCopyFileToContainer(MountableFile.forHostPath(this.configDir.getPath("cert/hydra.pem")), "/docker/presto-product-tests/conf/presto/etc/hydra.pem");
            }
        });
        builder.configureContainer(EnvironmentContainers.TESTS, dockerContainer4 -> {
            dockerContainer4.withCopyFileToContainer(MountableFile.forHostPath(this.configDir.getPath("tempto-configuration-for-docker-oauth2.yaml")), Standard.CONTAINER_TEMPTO_PROFILE_CONFIG).withCopyFileToContainer(MountableFile.forHostPath(this.configDir.getPath("cert/truststore.jks")), "/docker/presto-product-tests/truststore.jks");
        });
    }

    public DockerContainer createClient(Environment.Builder builder, String str, String str2, String str3, String str4, String str5) {
        DockerContainer temporary = new DockerContainer(HYDRA_IMAGE, "hydra-client-preparation").withCommand(new String[]{"clients", "create", "--endpoint", "http://hydra:4445", "--skip-tls-verify", "--id", str, "--secret", str2, "--audience", str4, "-g", "authorization_code,refresh_token,client_credentials", "-r", "token,code,id_token", "--scope", "openid,offline", "--token-endpoint-auth-method", str3, "--callbacks", str5}).setTemporary(true);
        builder.addContainer(temporary);
        builder.containerDependsOn(temporary.getLogicalName(), "hydra");
        return temporary;
    }
}
