package io.trino.server.security.oauth2;

import com.google.common.collect.ImmutableMap;
import com.google.common.io.Resources;
import io.trino.server.testing.TestingTrinoServer;
import io.trino.server.ui.WebUiModule;
import io.trino.util.AutoCloseableCloser;
import java.time.Duration;
import org.testcontainers.containers.FixedHostPortGenericContainer;
import org.testcontainers.containers.Network;
import org.testcontainers.containers.output.OutputFrame;
import org.testcontainers.containers.startupcheck.OneShotStartupCheckStrategy;
import org.testcontainers.containers.wait.strategy.Wait;
import org.testcontainers.containers.wait.strategy.WaitAllStrategy;
import org.testcontainers.utility.MountableFile;

/* loaded from: input_file:io/trino/server/security/oauth2/TestingHydraIdentityProvider.class */
public class TestingHydraIdentityProvider implements AutoCloseable {
    static final int TTL_ACCESS_TOKEN_IN_SECONDS = 5;
    private static final String HYDRA_IMAGE = "oryd/hydra:v1.9.0-sqlite";
    private final Network network = Network.newNetwork();
    private final FixedHostPortGenericContainer<?> consentContainer = new FixedHostPortGenericContainer("oryd/hydra-login-consent-node:v1.4.2").withNetwork(this.network).withNetworkAliases(new String[]{"consent"}).withExposedPorts(new Integer[]{3000}).withEnv("HYDRA_ADMIN_URL", "https://hydra:4445").withEnv("NODE_TLS_REJECT_UNAUTHORIZED", "0").waitingFor(Wait.forHttp("/").forStatusCode(200));
    private final FixedHostPortGenericContainer<?> hydraContainer = createHydraContainer().withNetworkAliases(new String[]{"hydra"}).withExposedPorts(new Integer[]{4444, 4445}).withEnv("DSN", "memory").withEnv("URLS_SELF_ISSUER", "https://hydra:4444/").withEnv("URLS_CONSENT", "http://consent:3000/consent").withEnv("URLS_LOGIN", "http://consent:3000/login").withEnv("SERVE_TLS_KEY_PATH", "/tmp/certs/localhost.pem").withEnv("SERVE_TLS_CERT_PATH", "/tmp/certs/localhost.pem").withEnv("STRATEGIES_ACCESS_TOKEN", "jwt").withEnv("TTL_ACCESS_TOKEN", "5s").withCommand(new String[]{"serve", "all"}).withCopyFileToContainer(MountableFile.forClasspathResource("/cert"), "/tmp/certs").waitingFor(new WaitAllStrategy().withStrategy(Wait.forLogMessage(".*Setting up http server on :4444.*", 1)).withStrategy(Wait.forLogMessage(".*Setting up http server on :4445.*", 1)));
    private final AutoCloseableCloser closer = AutoCloseableCloser.create();

    /* JADX INFO: Access modifiers changed from: package-private */
    public TestingHydraIdentityProvider() {
        this.closer.register(this.network);
        this.closer.register(this.consentContainer);
        this.closer.register(this.hydraContainer);
    }

    public void start() {
        this.consentContainer.start();
        this.hydraContainer.start();
    }

    public FixedHostPortGenericContainer<?> createHydraContainer() {
        return new FixedHostPortGenericContainer(HYDRA_IMAGE).withNetwork(this.network);
    }

    public void createClient(String str, String str2, TokenEndpointAuthMethod tokenEndpointAuthMethod, String str3, String str4) {
        createHydraContainer().withCommand(new String[]{"clients", "create", "--endpoint", "https://hydra:4445", "--skip-tls-verify", "--id", str, "--secret", str2, "--audience", str3, "-g", "authorization_code,refresh_token,client_credentials", "-r", "token,code,id_token", "--scope", "openid,offline", "--token-endpoint-auth-method", tokenEndpointAuthMethod.getValue(), "--callbacks", str4}).withStartupCheckStrategy(new OneShotStartupCheckStrategy().withTimeout(Duration.ofSeconds(30L))).start();
    }

    public String getToken(String str, String str2, String str3) {
        FixedHostPortGenericContainer withStartupCheckStrategy = createHydraContainer().withCommand(new String[]{"token", "client", "--endpoint", "https://hydra:4444", "--skip-tls-verify", "--client-id", str, "--client-secret", str2, "--audience", str3}).withStartupCheckStrategy(new OneShotStartupCheckStrategy().withTimeout(Duration.ofSeconds(30L)));
        withStartupCheckStrategy.start();
        return withStartupCheckStrategy.getLogs(new OutputFrame.OutputType[]{OutputFrame.OutputType.STDOUT}).replaceAll("\\s+", "");
    }

    public Network getNetwork() {
        return this.network;
    }

    public int getHydraPort() {
        return this.hydraContainer.getMappedPort(4444).intValue();
    }

    @Override // java.lang.AutoCloseable
    public void close() throws Exception {
        this.closer.close();
    }

    public static void main(String[] strArr) throws Exception {
        TestingHydraIdentityProvider testingHydraIdentityProvider = new TestingHydraIdentityProvider();
        try {
            testingHydraIdentityProvider.consentContainer.withFixedExposedPort(9020, 3000);
            testingHydraIdentityProvider.hydraContainer.withFixedExposedPort(9001, 4444).withFixedExposedPort(9002, 4445).withEnv("URLS_SELF_ISSUER", "https://localhost:9001/").withEnv("URLS_CONSENT", "http://localhost:9020/consent").withEnv("URLS_LOGIN", "http://localhost:9020/login").withEnv("TTL_ACCESS_TOKEN", "30m");
            testingHydraIdentityProvider.start();
            testingHydraIdentityProvider.createClient("trino-client", "trino-secret", TokenEndpointAuthMethod.CLIENT_SECRET_BASIC, "https://localhost:8443/ui", "https://localhost:8443/oauth2/callback");
            TestingTrinoServer build = TestingTrinoServer.builder().setCoordinator(true).setAdditionalModule(new WebUiModule()).setProperties(ImmutableMap.builder().put("web-ui.enabled", "true").put("web-ui.authentication.type", "oauth2").put("http-server.https.port", "8443").put("http-server.https.enabled", "true").put("http-server.https.keystore.path", Resources.getResource("cert/localhost.pem").getPath()).put("http-server.https.keystore.key", "").put("http-server.authentication.type", "oauth2").put("http-server.authentication.oauth2.auth-url", "https://localhost:9001/oauth2/auth").put("http-server.authentication.oauth2.token-url", "https://localhost:9001/oauth2/token").put("http-server.authentication.oauth2.jwks-url", "https://localhost:9001/.well-known/jwks.json").put("http-server.authentication.oauth2.client-id", "trino-client").put("http-server.authentication.oauth2.client-secret", "trino-secret").put("http-server.authentication.oauth2.audience", "https://localhost:8443/ui").put("http-server.authentication.oauth2.user-mapping.pattern", "(.*)@.*").put("oauth2-jwk.http-client.trust-store-path", Resources.getResource("cert/localhost.pem").getPath()).build()).build();
            try {
                Thread.sleep(Long.MAX_VALUE);
                if (build != null) {
                    build.close();
                }
                testingHydraIdentityProvider.close();
            } finally {
            }
        } catch (Throwable th) {
            try {
                testingHydraIdentityProvider.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }
}
