package io.quarkus.test.security.oidc;

import io.quarkus.oidc.AccessTokenCredential;
import io.quarkus.oidc.IdTokenCredential;
import io.quarkus.oidc.OidcConfigurationMetadata;
import io.quarkus.oidc.RefreshToken;
import io.quarkus.oidc.runtime.OidcJwtCallerPrincipal;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.security.runtime.QuarkusSecurityIdentity;
import io.quarkus.test.security.TestSecurityIdentityAugmentor;
import io.smallrye.jwt.build.Jwt;
import io.smallrye.jwt.util.KeyUtils;
import jakarta.json.Json;
import jakarta.json.JsonArray;
import jakarta.json.JsonObject;
import jakarta.json.JsonObjectBuilder;
import java.lang.annotation.Annotation;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.util.Collection;
import java.util.Map;
import java.util.Optional;
import java.util.UUID;
import java.util.stream.Collectors;
import org.eclipse.microprofile.jwt.Claims;
import org.jose4j.jwt.JwtClaims;

/* loaded from: input_file:io/quarkus/test/security/oidc/OidcTestSecurityIdentityAugmentor.class */
public class OidcTestSecurityIdentityAugmentor implements TestSecurityIdentityAugmentor {
    private static Map<String, ClaimType> standardClaimTypes = Map.of(Claims.exp.name(), ClaimType.LONG, Claims.iat.name(), ClaimType.LONG, Claims.nbf.name(), ClaimType.LONG, Claims.auth_time.name(), ClaimType.LONG, Claims.email_verified.name(), ClaimType.BOOLEAN);
    private static final PrivateKey privateKey;
    private Optional<String> issuer;

    public OidcTestSecurityIdentityAugmentor(Optional<String> optional) {
        this.issuer = optional;
    }

    public SecurityIdentity augment(SecurityIdentity securityIdentity, Annotation[] annotationArr) {
        QuarkusSecurityIdentity.Builder builder = QuarkusSecurityIdentity.builder(securityIdentity);
        OidcSecurity findOidcSecurity = findOidcSecurity(annotationArr);
        if (findOidcSecurity != null && findOidcSecurity.introspectionRequired()) {
            JsonObjectBuilder createObjectBuilder = Json.createObjectBuilder();
            createObjectBuilder.add("active", true);
            createObjectBuilder.add("username", securityIdentity.getPrincipal().getName());
            createObjectBuilder.add("scope", (String) securityIdentity.getRoles().stream().collect(Collectors.joining(" ")));
            if (findOidcSecurity != null && findOidcSecurity.introspection() != null) {
                for (TokenIntrospection tokenIntrospection : findOidcSecurity.introspection()) {
                    createObjectBuilder.add(tokenIntrospection.key(), tokenIntrospection.value());
                }
            }
            builder.addAttribute("introspection", new io.quarkus.oidc.TokenIntrospection(createObjectBuilder.build()));
            builder.addCredential(new AccessTokenCredential(UUID.randomUUID().toString(), (RefreshToken) null));
        } else {
            JsonObjectBuilder createObjectBuilder2 = Json.createObjectBuilder();
            createObjectBuilder2.add(Claims.preferred_username.name(), securityIdentity.getPrincipal().getName());
            createObjectBuilder2.add(Claims.groups.name(), Json.createArrayBuilder((Collection) securityIdentity.getRoles().stream().collect(Collectors.toList())).build());
            if (findOidcSecurity != null && findOidcSecurity.claims() != null) {
                for (Claim claim : findOidcSecurity.claims()) {
                    Object convertClaimValue = convertClaimValue(claim);
                    if (convertClaimValue instanceof String) {
                        createObjectBuilder2.add(claim.key(), (String) convertClaimValue);
                    } else if (convertClaimValue instanceof Long) {
                        createObjectBuilder2.add(claim.key(), ((Long) convertClaimValue).longValue());
                    } else if (convertClaimValue instanceof Integer) {
                        createObjectBuilder2.add(claim.key(), ((Integer) convertClaimValue).intValue());
                    } else if (convertClaimValue instanceof Boolean) {
                        createObjectBuilder2.add(claim.key(), ((Boolean) convertClaimValue).booleanValue());
                    } else if (convertClaimValue instanceof JsonArray) {
                        createObjectBuilder2.add(claim.key(), (JsonArray) convertClaimValue);
                    } else if (convertClaimValue instanceof JsonObject) {
                        createObjectBuilder2.add(claim.key(), (JsonObject) convertClaimValue);
                    }
                }
            }
            JsonObject build = createObjectBuilder2.build();
            String generateToken = generateToken(build);
            IdTokenCredential idTokenCredential = new IdTokenCredential(generateToken);
            AccessTokenCredential accessTokenCredential = new AccessTokenCredential(generateToken);
            try {
                builder.setPrincipal(new OidcJwtCallerPrincipal(JwtClaims.parse(build.toString()), idTokenCredential));
                builder.addCredential(idTokenCredential);
                builder.addCredential(accessTokenCredential);
            } catch (Exception e) {
                throw new RuntimeException();
            }
        }
        if (findOidcSecurity != null && findOidcSecurity.userinfo() != null) {
            JsonObjectBuilder createObjectBuilder3 = Json.createObjectBuilder();
            for (UserInfo userInfo : findOidcSecurity.userinfo()) {
                createObjectBuilder3.add(userInfo.key(), userInfo.value());
            }
            builder.addAttribute("userinfo", new io.quarkus.oidc.UserInfo(createObjectBuilder3.build()));
        }
        io.vertx.core.json.JsonObject jsonObject = new io.vertx.core.json.JsonObject();
        if (this.issuer.isPresent()) {
            jsonObject.put("issuer", this.issuer.get());
        }
        if (findOidcSecurity != null && findOidcSecurity.config() != null) {
            for (ConfigMetadata configMetadata : findOidcSecurity.config()) {
                jsonObject.put(configMetadata.key(), configMetadata.value());
            }
        }
        builder.addAttribute("configuration-metadata", new OidcConfigurationMetadata(jsonObject));
        return builder.build();
    }

    private String generateToken(JsonObject jsonObject) {
        try {
            return Jwt.claims(jsonObject).sign(privateKey);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private static OidcSecurity findOidcSecurity(Annotation[] annotationArr) {
        for (Annotation annotation : annotationArr) {
            if (annotation instanceof OidcSecurity) {
                return (OidcSecurity) annotation;
            }
        }
        return null;
    }

    private Object convertClaimValue(Claim claim) {
        ClaimType type = claim.type();
        if (type == ClaimType.DEFAULT && standardClaimTypes.containsKey(claim.key())) {
            type = standardClaimTypes.get(claim.key());
        }
        return type.convert(claim.value());
    }

    static {
        try {
            privateKey = KeyUtils.generateKeyPair(2048).getPrivate();
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }
}
