package io.quarkus.oidc.deployment.devservices.keycloak;

import io.quarkus.deployment.IsNormal;
import io.quarkus.deployment.annotations.BuildProducer;
import io.quarkus.deployment.annotations.BuildStep;
import io.quarkus.deployment.annotations.BuildSteps;
import io.quarkus.deployment.builditem.CuratedApplicationShutdownBuildItem;
import io.quarkus.deployment.builditem.DevServicesResultBuildItem;
import io.quarkus.deployment.builditem.DevServicesSharedNetworkBuildItem;
import io.quarkus.deployment.builditem.DockerStatusBuildItem;
import io.quarkus.deployment.builditem.LaunchModeBuildItem;
import io.quarkus.deployment.console.ConsoleInstalledBuildItem;
import io.quarkus.deployment.console.StartupLogCompressor;
import io.quarkus.deployment.dev.devservices.GlobalDevServicesConfig;
import io.quarkus.deployment.logging.LoggingSetupBuildItem;
import io.quarkus.devservices.common.ConfigureUtil;
import io.quarkus.devservices.common.ContainerAddress;
import io.quarkus.devservices.common.ContainerLocator;
import io.quarkus.oidc.deployment.OidcBuildStep;
import io.quarkus.oidc.deployment.OidcBuildTimeConfig;
import io.quarkus.oidc.deployment.devservices.OidcDevServicesBuildItem;
import io.quarkus.oidc.runtime.devui.OidcDevServicesUtils;
import io.quarkus.runtime.LaunchMode;
import io.quarkus.runtime.configuration.ConfigUtils;
import io.smallrye.mutiny.TimeoutException;
import io.vertx.core.Vertx;
import io.vertx.core.http.HttpHeaders;
import io.vertx.mutiny.core.buffer.Buffer;
import io.vertx.mutiny.ext.web.client.HttpResponse;
import io.vertx.mutiny.ext.web.client.WebClient;
import java.io.Closeable;
import java.io.IOException;
import java.io.InputStream;
import java.io.UncheckedIOException;
import java.net.ConnectException;
import java.net.MalformedURLException;
import java.net.ServerSocket;
import java.net.URI;
import java.net.URL;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.attribute.FileTime;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.OptionalInt;
import java.util.Set;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import org.eclipse.microprofile.config.ConfigProvider;
import org.jboss.logging.Logger;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.RolesRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.util.JsonSerialization;
import org.testcontainers.containers.BindMode;
import org.testcontainers.containers.GenericContainer;
import org.testcontainers.containers.wait.strategy.Wait;
import org.testcontainers.utility.DockerImageName;

@BuildSteps(onlyIfNot = {IsNormal.class}, onlyIf = {OidcBuildStep.IsEnabled.class, GlobalDevServicesConfig.Enabled.class})
/* loaded from: input_file:io/quarkus/oidc/deployment/devservices/keycloak/KeycloakDevServicesProcessor.class */
public class KeycloakDevServicesProcessor {
    static volatile Vertx vertxInstance;
    private static final String CONFIG_PREFIX = "quarkus.oidc.";
    private static final String TENANT_ENABLED_CONFIG_KEY = "quarkus.oidc.tenant-enabled";
    private static final String AUTH_SERVER_URL_CONFIG_KEY = "quarkus.oidc.auth-server-url";
    private static final String PROVIDER_CONFIG_KEY = "quarkus.oidc.provider";
    private static final String CLIENT_AUTH_SERVER_URL_CONFIG_KEY = "client.quarkus.oidc.auth-server-url";
    private static final String APPLICATION_TYPE_CONFIG_KEY = "quarkus.oidc.application-type";
    private static final String CLIENT_ID_CONFIG_KEY = "quarkus.oidc.client-id";
    private static final String CLIENT_SECRET_CONFIG_KEY = "quarkus.oidc.credentials.secret";
    private static final String KEYCLOAK_URL_KEY = "keycloak.url";
    private static final String KEYCLOAK_CONTAINER_NAME = "keycloak";
    private static final String KEYCLOAK_LEGACY_IMAGE_VERSION_PART = "-legacy";
    private static final String KEYCLOAK_ADMIN_USER = "admin";
    private static final String KEYCLOAK_ADMIN_PASSWORD = "admin";
    private static final String KEYCLOAK_WILDFLY_FRONTEND_URL = "KEYCLOAK_FRONTEND_URL";
    private static final String KEYCLOAK_WILDFLY_USER_PROP = "KEYCLOAK_USER";
    private static final String KEYCLOAK_WILDFLY_PASSWORD_PROP = "KEYCLOAK_PASSWORD";
    private static final String KEYCLOAK_WILDFLY_DB_VENDOR = "H2";
    private static final String KEYCLOAK_WILDFLY_VENDOR_PROP = "DB_VENDOR";
    private static final String KEYCLOAK_QUARKUS_HOSTNAME = "KC_HOSTNAME";
    private static final String KEYCLOAK_QUARKUS_ADMIN_PROP = "KEYCLOAK_ADMIN";
    private static final String KEYCLOAK_QUARKUS_ADMIN_PASSWORD_PROP = "KEYCLOAK_ADMIN_PASSWORD";
    private static final String KEYCLOAK_QUARKUS_START_CMD = "start --http-enabled=true --hostname-strict=false --spi-user-profile-declarative-user-profile-config-file=/opt/keycloak/upconfig.json";
    private static final String JAVA_OPTS = "JAVA_OPTS";
    private static final String OIDC_USERS = "oidc.users";
    private static final String KEYCLOAK_REALMS = "keycloak.realms";
    private static volatile DevServicesResultBuildItem.RunningDevService devService;
    static volatile DevServicesConfig capturedDevServicesConfiguration;
    private static volatile Set<FileTime> capturedRealmFileLastModifiedDate;
    OidcBuildTimeConfig oidcConfig;
    private static final Logger LOG = Logger.getLogger(KeycloakDevServicesProcessor.class);
    private static final String DEV_SERVICE_LABEL = "quarkus-dev-service-keycloak";
    private static final int KEYCLOAK_PORT = 8080;
    private static final ContainerLocator keycloakDevModeContainerLocator = new ContainerLocator(DEV_SERVICE_LABEL, KEYCLOAK_PORT);
    private static volatile boolean first = true;

    /* loaded from: input_file:io/quarkus/oidc/deployment/devservices/keycloak/KeycloakDevServicesProcessor$QuarkusOidcContainer.class */
    private static class QuarkusOidcContainer extends GenericContainer<QuarkusOidcContainer> {
        private final OptionalInt fixedExposedPort;
        private final boolean useSharedNetwork;
        private final List<String> realmPaths;
        private final Map<String, String> resources;
        private final String containerLabelValue;
        private final Optional<String> javaOpts;
        private final boolean sharedContainer;
        private String hostName;
        private final boolean keycloakX;
        private List<RealmRepresentation> realmReps;
        private final Optional<String> startCommand;
        private final boolean showLogs;
        private final List<String> errors;

        public QuarkusOidcContainer(DockerImageName dockerImageName, OptionalInt optionalInt, boolean z, List<String> list, Map<String, String> map, String str, boolean z2, Optional<String> optional, Optional<String> optional2, boolean z3, List<String> list2) {
            super(dockerImageName);
            this.realmReps = new LinkedList();
            this.useSharedNetwork = z;
            this.realmPaths = list;
            this.resources = map;
            this.containerLabelValue = str;
            this.sharedContainer = z2;
            this.javaOpts = optional;
            this.keycloakX = KeycloakDevServicesProcessor.isKeycloakX(dockerImageName);
            if (z && optionalInt.isEmpty()) {
                optionalInt = OptionalInt.of(findRandomPort().intValue());
            }
            this.fixedExposedPort = optionalInt;
            this.startCommand = optional2;
            this.showLogs = z3;
            this.errors = list2;
            super.setWaitStrategy(Wait.forLogMessage(".*Keycloak.*started.*", 1));
        }

        protected void configure() {
            super.configure();
            if (this.useSharedNetwork) {
                this.hostName = ConfigureUtil.configureSharedNetwork(this, KeycloakDevServicesProcessor.KEYCLOAK_CONTAINER_NAME);
                if (this.keycloakX) {
                    addEnv(KeycloakDevServicesProcessor.KEYCLOAK_QUARKUS_HOSTNAME, "localhost");
                } else {
                    addEnv(KeycloakDevServicesProcessor.KEYCLOAK_WILDFLY_FRONTEND_URL, "http://localhost:" + this.fixedExposedPort.getAsInt());
                }
            }
            if (this.fixedExposedPort.isPresent()) {
                addFixedExposedPort(this.fixedExposedPort.getAsInt(), KeycloakDevServicesProcessor.KEYCLOAK_PORT);
                if (this.useSharedNetwork) {
                    addExposedPort(Integer.valueOf(KeycloakDevServicesProcessor.KEYCLOAK_PORT));
                }
            } else {
                addExposedPort(Integer.valueOf(KeycloakDevServicesProcessor.KEYCLOAK_PORT));
            }
            if (this.sharedContainer && LaunchMode.current() == LaunchMode.DEVELOPMENT) {
                withLabel(KeycloakDevServicesProcessor.DEV_SERVICE_LABEL, this.containerLabelValue);
            }
            if (this.javaOpts.isPresent()) {
                addEnv(KeycloakDevServicesProcessor.JAVA_OPTS, this.javaOpts.get());
            }
            if (this.keycloakX) {
                addEnv(KeycloakDevServicesProcessor.KEYCLOAK_QUARKUS_ADMIN_PROP, "admin");
                addEnv(KeycloakDevServicesProcessor.KEYCLOAK_QUARKUS_ADMIN_PASSWORD_PROP, "admin");
                withCommand(this.startCommand.orElse(KeycloakDevServicesProcessor.KEYCLOAK_QUARKUS_START_CMD) + (this.useSharedNetwork ? " --hostname-port=" + this.fixedExposedPort.getAsInt() : ""));
                addUpConfigResource();
            } else {
                addEnv(KeycloakDevServicesProcessor.KEYCLOAK_WILDFLY_USER_PROP, "admin");
                addEnv(KeycloakDevServicesProcessor.KEYCLOAK_WILDFLY_PASSWORD_PROP, "admin");
                addEnv(KeycloakDevServicesProcessor.KEYCLOAK_WILDFLY_VENDOR_PROP, KeycloakDevServicesProcessor.KEYCLOAK_WILDFLY_DB_VENDOR);
            }
            for (String str : this.realmPaths) {
                URL resource = Thread.currentThread().getContextClassLoader().getResource(str);
                if (resource != null) {
                    readRealmFile(resource, str, this.errors).ifPresent(realmRepresentation -> {
                        this.realmReps.add(realmRepresentation);
                    });
                } else {
                    Path path = Paths.get(str, new String[0]);
                    if (Files.exists(path, new LinkOption[0])) {
                        readRealmFile(path.toUri(), str, this.errors).ifPresent(realmRepresentation2 -> {
                            this.realmReps.add(realmRepresentation2);
                        });
                    } else {
                        this.errors.add(String.format("Realm %s resource is not available", str));
                        KeycloakDevServicesProcessor.LOG.debugf("Realm %s resource is not available", str);
                    }
                }
            }
            for (Map.Entry<String, String> entry : this.resources.entrySet()) {
                mapResource(entry.getKey(), entry.getValue());
            }
            if (this.showLogs) {
                super.withLogConsumer(outputFrame -> {
                    KeycloakDevServicesProcessor.LOG.info("Keycloak: " + outputFrame.getUtf8StringWithoutLineEnding());
                });
            }
            KeycloakDevServicesProcessor.LOG.infof("Using %s powered Keycloak distribution", this.keycloakX ? "Quarkus" : "WildFly");
        }

        private void mapResource(String str, String str2) {
            if (Thread.currentThread().getContextClassLoader().getResource(str) != null) {
                KeycloakDevServicesProcessor.LOG.debugf("Mapping the classpath %s resource to %s", str, str2);
                withClasspathResourceMapping(str, str2, BindMode.READ_ONLY);
            } else if (Files.exists(Paths.get(str, new String[0]), new LinkOption[0])) {
                KeycloakDevServicesProcessor.LOG.debugf("Mapping the file system %s resource to %s", str, str2);
                withFileSystemBind(str, str2, BindMode.READ_ONLY);
            } else {
                this.errors.add(String.format("%s resource can not be mapped to %s because it is not available on the classpath and file system", str, str2));
                KeycloakDevServicesProcessor.LOG.errorf("%s resource can not be mapped to %s because it is not available on the classpath and file system", str, str2);
            }
        }

        private void addUpConfigResource() {
            if (Thread.currentThread().getContextClassLoader().getResource("/dev-service/upconfig.json") != null) {
                KeycloakDevServicesProcessor.LOG.debug("Mapping the classpath /dev-service/upconfig.json resource to /opt/keycloak/upconfig.json");
                withClasspathResourceMapping("/dev-service/upconfig.json", "/opt/keycloak/upconfig.json", BindMode.READ_ONLY);
            }
        }

        private Integer findRandomPort() {
            try {
                ServerSocket serverSocket = new ServerSocket(0);
                try {
                    Integer valueOf = Integer.valueOf(serverSocket.getLocalPort());
                    serverSocket.close();
                    return valueOf;
                } finally {
                }
            } catch (IOException e) {
                throw new UncheckedIOException(e);
            }
        }

        private Optional<RealmRepresentation> readRealmFile(URI uri, String str, List<String> list) {
            try {
                return readRealmFile(uri.toURL(), str, list);
            } catch (MalformedURLException e) {
                throw new RuntimeException(e);
            }
        }

        private Optional<RealmRepresentation> readRealmFile(URL url, String str, List<String> list) {
            try {
                InputStream openStream = url.openStream();
                try {
                    Optional<RealmRepresentation> of = Optional.of((RealmRepresentation) JsonSerialization.readValue(openStream, RealmRepresentation.class));
                    if (openStream != null) {
                        openStream.close();
                    }
                    return of;
                } finally {
                }
            } catch (IOException e) {
                list.add(String.format("Realm %s resource can not be opened: %s", str, e.getMessage()));
                KeycloakDevServicesProcessor.LOG.errorf("Realm %s resource can not be opened: %s", str, e.getMessage());
                return Optional.empty();
            }
        }

        public String getHost() {
            return this.useSharedNetwork ? this.hostName : super.getHost();
        }

        private String getSharedNetworkExternalHost() {
            return super.getHost();
        }

        private int getSharedNetworkExternalPort() {
            return getFirstMappedPort().intValue();
        }

        public int getPort() {
            return this.useSharedNetwork ? KeycloakDevServicesProcessor.KEYCLOAK_PORT : this.fixedExposedPort.isPresent() ? this.fixedExposedPort.getAsInt() : getFirstMappedPort().intValue();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:io/quarkus/oidc/deployment/devservices/keycloak/KeycloakDevServicesProcessor$RealmEndpointAccessException.class */
    public static class RealmEndpointAccessException extends RuntimeException {
        private final int errorStatus;

        public RealmEndpointAccessException(int i) {
            this.errorStatus = i;
        }

        public int getErrorStatus() {
            return this.errorStatus;
        }
    }

    @BuildStep
    public DevServicesResultBuildItem startKeycloakContainer(DockerStatusBuildItem dockerStatusBuildItem, BuildProducer<KeycloakDevServicesConfigBuildItem> buildProducer, List<DevServicesSharedNetworkBuildItem> list, Optional<OidcDevServicesBuildItem> optional, KeycloakBuildTimeConfig keycloakBuildTimeConfig, CuratedApplicationShutdownBuildItem curatedApplicationShutdownBuildItem, LaunchModeBuildItem launchModeBuildItem, Optional<ConsoleInstalledBuildItem> optional2, LoggingSetupBuildItem loggingSetupBuildItem, GlobalDevServicesConfig globalDevServicesConfig) {
        Set<FileTime> realmFileLastModifiedDate;
        if (optional.isPresent()) {
            return null;
        }
        DevServicesConfig devServicesConfig = keycloakBuildTimeConfig.devservices;
        if (devService != null) {
            boolean z = !devServicesConfig.equals(capturedDevServicesConfiguration);
            if (!z && (realmFileLastModifiedDate = getRealmFileLastModifiedDate(devServicesConfig.realmPath)) != null && !realmFileLastModifiedDate.equals(capturedRealmFileLastModifiedDate)) {
                z = true;
                capturedRealmFileLastModifiedDate = realmFileLastModifiedDate;
            }
            if (!z) {
                DevServicesResultBuildItem buildItem = devService.toBuildItem();
                String str = (String) buildItem.getConfig().get(OIDC_USERS);
                Map of = (str == null || str.isBlank()) ? Map.of() : (Map) Arrays.stream(str.split(",")).map(str2 -> {
                    return str2.split("=");
                }).collect(Collectors.toMap(strArr -> {
                    return strArr[0];
                }, strArr2 -> {
                    return strArr2[1];
                }));
                String str3 = (String) buildItem.getConfig().get(KEYCLOAK_REALMS);
                buildProducer.produce(new KeycloakDevServicesConfigBuildItem(buildItem.getConfig(), Map.of(OIDC_USERS, of, KEYCLOAK_REALMS, (str3 == null || str3.isBlank()) ? List.of() : (List) Arrays.stream(str3.split(",")).collect(Collectors.toList())), false));
                return buildItem;
            }
            try {
                devService.close();
            } catch (Throwable th) {
                LOG.error("Failed to stop Keycloak container", th);
            }
            devService = null;
            capturedDevServicesConfiguration = null;
        }
        capturedDevServicesConfiguration = devServicesConfig;
        StartupLogCompressor startupLogCompressor = new StartupLogCompressor((launchModeBuildItem.isTest() ? "(test) " : "") + "Keycloak Dev Services Starting:", optional2, loggingSetupBuildItem);
        try {
            ArrayList arrayList = new ArrayList();
            DevServicesResultBuildItem.RunningDevService startContainer = startContainer(dockerStatusBuildItem, buildProducer, DevServicesSharedNetworkBuildItem.isSharedNetworkRequired(globalDevServicesConfig, list), globalDevServicesConfig.timeout, arrayList);
            if (startContainer == null) {
                if (arrayList.isEmpty()) {
                    startupLogCompressor.close();
                    return null;
                }
                startupLogCompressor.closeAndDumpCaptured();
                return null;
            }
            devService = startContainer;
            if (first) {
                first = false;
                curatedApplicationShutdownBuildItem.addCloseTask(new Runnable() { // from class: io.quarkus.oidc.deployment.devservices.keycloak.KeycloakDevServicesProcessor.1
                    @Override // java.lang.Runnable
                    public void run() {
                        if (KeycloakDevServicesProcessor.devService != null) {
                            try {
                                KeycloakDevServicesProcessor.devService.close();
                            } catch (Throwable th2) {
                                KeycloakDevServicesProcessor.LOG.error("Failed to stop Keycloak container", th2);
                            }
                        }
                        if (KeycloakDevServicesProcessor.vertxInstance != null) {
                            try {
                                KeycloakDevServicesProcessor.vertxInstance.close();
                            } catch (Throwable th3) {
                                KeycloakDevServicesProcessor.LOG.error("Failed to close Vertx instance", th3);
                            }
                        }
                        KeycloakDevServicesProcessor.first = true;
                        KeycloakDevServicesProcessor.devService = null;
                        KeycloakDevServicesProcessor.capturedDevServicesConfiguration = null;
                        KeycloakDevServicesProcessor.vertxInstance = null;
                        KeycloakDevServicesProcessor.capturedRealmFileLastModifiedDate = null;
                    }
                }, true);
            }
            capturedRealmFileLastModifiedDate = getRealmFileLastModifiedDate(capturedDevServicesConfiguration.realmPath);
            if (devService == null || !arrayList.isEmpty()) {
                startupLogCompressor.closeAndDumpCaptured();
            } else {
                startupLogCompressor.close();
            }
            LOG.info("Dev Services for Keycloak started.");
            return devService.toBuildItem();
        } catch (Throwable th2) {
            startupLogCompressor.closeAndDumpCaptured();
            throw new RuntimeException(th2);
        }
    }

    private String startURL(String str, Integer num, boolean z) {
        return "http://" + str + ":" + num + (z ? "" : "/auth");
    }

    private Map<String, String> prepareConfiguration(BuildProducer<KeycloakDevServicesConfigBuildItem> buildProducer, String str, String str2, List<RealmRepresentation> list, boolean z, List<String> list2) {
        String defaultRealmName = (list == null || list.isEmpty()) ? getDefaultRealmName() : list.iterator().next().getRealm();
        String realmsURL = realmsURL(str, defaultRealmName);
        String str3 = str2 != null ? str2 : str;
        String realmsURL2 = realmsURL(str3, defaultRealmName);
        boolean z2 = (list == null || list.isEmpty()) && capturedDevServicesConfiguration.createRealm;
        String oidcClientId = getOidcClientId(z2);
        String oidcClientSecret = getOidcClientSecret(z2);
        String oidcApplicationType = getOidcApplicationType();
        Map<String, String> users = getUsers(capturedDevServicesConfiguration.users, z2);
        LinkedList linkedList = new LinkedList();
        if (vertxInstance == null) {
            vertxInstance = Vertx.vertx();
        }
        WebClient createWebClient = OidcDevServicesUtils.createWebClient(vertxInstance);
        try {
            String adminToken = getAdminToken(createWebClient, str3);
            if (z2) {
                createDefaultRealm(createWebClient, adminToken, str3, users, oidcClientId, oidcClientSecret, list2);
                linkedList.add(defaultRealmName);
            } else if (list != null) {
                for (RealmRepresentation realmRepresentation : list) {
                    createRealm(createWebClient, adminToken, str3, realmRepresentation, list2);
                    linkedList.add(realmRepresentation.getRealm());
                }
            }
            HashMap hashMap = new HashMap();
            hashMap.put(KEYCLOAK_URL_KEY, str);
            hashMap.put(AUTH_SERVER_URL_CONFIG_KEY, realmsURL);
            hashMap.put(CLIENT_AUTH_SERVER_URL_CONFIG_KEY, realmsURL2);
            hashMap.put(APPLICATION_TYPE_CONFIG_KEY, oidcApplicationType);
            hashMap.put(CLIENT_ID_CONFIG_KEY, oidcClientId);
            hashMap.put(CLIENT_SECRET_CONFIG_KEY, oidcClientSecret);
            hashMap.put(OIDC_USERS, (String) users.entrySet().stream().map(entry -> {
                return entry.toString();
            }).collect(Collectors.joining(",")));
            hashMap.put(KEYCLOAK_REALMS, (String) linkedList.stream().collect(Collectors.joining(",")));
            buildProducer.produce(new KeycloakDevServicesConfigBuildItem(hashMap, Map.of(OIDC_USERS, users, KEYCLOAK_REALMS, linkedList), true));
            return hashMap;
        } finally {
            createWebClient.close();
        }
    }

    private String realmsURL(String str, String str2) {
        return str + "/realms/" + str2;
    }

    private String getDefaultRealmName() {
        return capturedDevServicesConfiguration.realmName.orElse("quarkus");
    }

    private DevServicesResultBuildItem.RunningDevService startContainer(DockerStatusBuildItem dockerStatusBuildItem, BuildProducer<KeycloakDevServicesConfigBuildItem> buildProducer, boolean z, Optional<Duration> optional, List<String> list) {
        if (!capturedDevServicesConfiguration.enabled) {
            LOG.debug("Not starting Dev Services for Keycloak as it has been disabled in the config");
            return null;
        }
        if (!isOidcTenantEnabled()) {
            LOG.debug("Not starting Dev Services for Keycloak as 'quarkus.oidc.tenant.enabled' is false");
            return null;
        }
        if (ConfigUtils.isPropertyNonEmpty(AUTH_SERVER_URL_CONFIG_KEY)) {
            LOG.debug("Not starting Dev Services for Keycloak as 'quarkus.oidc.auth-server-url' has been provided");
            return null;
        }
        if (ConfigUtils.isPropertyNonEmpty(PROVIDER_CONFIG_KEY)) {
            LOG.debug("Not starting Dev Services for Keycloak as 'quarkus.oidc.provider' has been provided");
            return null;
        }
        if (!dockerStatusBuildItem.isContainerRuntimeAvailable()) {
            LOG.warn("Please configure 'quarkus.oidc.auth-server-url' or get a working docker instance");
            return null;
        }
        Optional locateContainer = keycloakDevModeContainerLocator.locateContainer(capturedDevServicesConfiguration.serviceName, capturedDevServicesConfiguration.shared, LaunchMode.current());
        String str = capturedDevServicesConfiguration.imageName;
        DockerImageName asCompatibleSubstituteFor = DockerImageName.parse(str).asCompatibleSubstituteFor(str);
        return (DevServicesResultBuildItem.RunningDevService) locateContainer.map(containerAddress -> {
            return new DevServicesResultBuildItem.RunningDevService(KEYCLOAK_CONTAINER_NAME, containerAddress.getId(), (Closeable) null, prepareConfiguration(buildProducer, getSharedContainerUrl(containerAddress), getSharedContainerUrl(containerAddress), null, false, list));
        }).orElseGet(() -> {
            QuarkusOidcContainer quarkusOidcContainer = new QuarkusOidcContainer(asCompatibleSubstituteFor, capturedDevServicesConfiguration.port, z, capturedDevServicesConfiguration.realmPath.orElse(List.of()), resourcesMap(list), capturedDevServicesConfiguration.serviceName, capturedDevServicesConfiguration.shared, capturedDevServicesConfiguration.javaOpts, capturedDevServicesConfiguration.startCommand, capturedDevServicesConfiguration.showLogs, list);
            Objects.requireNonNull(quarkusOidcContainer);
            optional.ifPresent(quarkusOidcContainer::withStartupTimeout);
            quarkusOidcContainer.withEnv(capturedDevServicesConfiguration.containerEnv);
            quarkusOidcContainer.start();
            Map<String, String> prepareConfiguration = prepareConfiguration(buildProducer, startURL(quarkusOidcContainer.getHost(), Integer.valueOf(quarkusOidcContainer.getPort()), quarkusOidcContainer.keycloakX), quarkusOidcContainer.useSharedNetwork ? startURL(quarkusOidcContainer.getSharedNetworkExternalHost(), Integer.valueOf(quarkusOidcContainer.getSharedNetworkExternalPort()), quarkusOidcContainer.keycloakX) : null, quarkusOidcContainer.realmReps, quarkusOidcContainer.keycloakX, list);
            String containerId = quarkusOidcContainer.getContainerId();
            Objects.requireNonNull(quarkusOidcContainer);
            return new DevServicesResultBuildItem.RunningDevService(KEYCLOAK_CONTAINER_NAME, containerId, quarkusOidcContainer::close, prepareConfiguration);
        });
    }

    private Map<String, String> resourcesMap(List<String> list) {
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, String> entry : capturedDevServicesConfiguration.resourceAliases.entrySet()) {
            if (capturedDevServicesConfiguration.resourceMappings.containsKey(entry.getKey())) {
                hashMap.put(entry.getValue(), capturedDevServicesConfiguration.resourceMappings.get(entry.getKey()));
            } else {
                list.add(String.format("%s alias for the %s resource does not have a mapping", entry.getKey(), entry.getValue()));
                LOG.errorf("%s alias for the %s resource does not have a mapping", entry.getKey(), entry.getValue());
            }
        }
        return hashMap;
    }

    private static boolean isKeycloakX(DockerImageName dockerImageName) {
        return capturedDevServicesConfiguration.keycloakXImage.isPresent() ? capturedDevServicesConfiguration.keycloakXImage.get().booleanValue() : !dockerImageName.getVersionPart().endsWith(KEYCLOAK_LEGACY_IMAGE_VERSION_PART);
    }

    private String getSharedContainerUrl(ContainerAddress containerAddress) {
        return "http://" + ("0.0.0.0".equals(containerAddress.getHost()) ? "localhost" : containerAddress.getHost()) + ":" + containerAddress.getPort();
    }

    private Set<FileTime> getRealmFileLastModifiedDate(Optional<List<String>> optional) {
        if (!optional.isPresent()) {
            return null;
        }
        HashSet hashSet = new HashSet();
        Iterator<String> it = optional.get().iterator();
        while (it.hasNext()) {
            Path path = Paths.get(it.next(), new String[0]);
            try {
                hashSet.add(Files.getLastModifiedTime(path, new LinkOption[0]));
            } catch (IOException e) {
                LOG.tracef("Unable to get the last modified date of the realm file %s", path);
            }
        }
        return hashSet;
    }

    private void createDefaultRealm(WebClient webClient, String str, String str2, Map<String, String> map, String str3, String str4, List<String> list) {
        RealmRepresentation createDefaultRealmRep = createDefaultRealmRep();
        createDefaultRealmRep.getClients().add(createClient(str3, str4));
        for (Map.Entry<String, String> entry : map.entrySet()) {
            createDefaultRealmRep.getUsers().add(createUser(entry.getKey(), entry.getValue(), getUserRoles(entry.getKey())));
        }
        createRealm(webClient, str, str2, createDefaultRealmRep, list);
    }

    private String getAdminToken(WebClient webClient, String str) {
        try {
            LOG.tracef("Acquiring admin token", new Object[0]);
            return (String) OidcDevServicesUtils.getPasswordAccessToken(webClient, str + "/realms/master/protocol/openid-connect/token", "admin-cli", (String) null, "admin", "admin", (Map) null).await().atMost(this.oidcConfig.devui.webClientTimeout);
        } catch (TimeoutException e) {
            LOG.error("Admin token can not be acquired due to a client connection timeout. You may try increasing the `quarkus.oidc.devui.web-client-timeout` property.");
            return null;
        } catch (Throwable th) {
            LOG.error("Admin token can not be acquired", th);
            return null;
        }
    }

    private void createRealm(WebClient webClient, String str, String str2, RealmRepresentation realmRepresentation, List<String> list) {
        try {
            LOG.tracef("Creating the realm %s", realmRepresentation.getRealm());
            HttpResponse httpResponse = (HttpResponse) webClient.postAbs(str2 + "/admin/realms").putHeader(HttpHeaders.CONTENT_TYPE.toString(), "application/json").putHeader(HttpHeaders.AUTHORIZATION.toString(), "Bearer " + str).sendBuffer(Buffer.buffer().appendString(JsonSerialization.writeValueAsString(realmRepresentation))).await().atMost(this.oidcConfig.devui.webClientTimeout);
            if (httpResponse.statusCode() > 299) {
                list.add(String.format("Realm %s can not be created %d - %s ", realmRepresentation.getRealm(), Integer.valueOf(httpResponse.statusCode()), httpResponse.statusMessage()));
                LOG.errorf("Realm %s can not be created %d - %s ", realmRepresentation.getRealm(), Integer.valueOf(httpResponse.statusCode()), httpResponse.statusMessage());
            }
            webClient.getAbs(str2 + "/realms/" + realmRepresentation.getRealm()).send().onItem().transform(httpResponse2 -> {
                LOG.debugf("Realm status: %d", httpResponse2.statusCode());
                if (httpResponse2.statusCode() != 200) {
                    throw new RealmEndpointAccessException(httpResponse2.statusCode());
                }
                LOG.debugf("Realm %s has been created", realmRepresentation.getRealm());
                return 200;
            }).onFailure(realmEndpointNotAvailable()).retry().withBackOff(Duration.ofSeconds(2L), Duration.ofSeconds(2L)).expireIn(10000L).onFailure().transform(th -> {
                return new RuntimeException("Keycloak server is not available" + (th.getMessage() != null ? ": " + th.getMessage() : ""));
            }).await().atMost(Duration.ofSeconds(10L));
        } catch (Throwable th2) {
            list.add(String.format("Realm %s can not be created: %s", realmRepresentation.getRealm(), th2.getMessage()));
            LOG.errorf(th2, "Realm %s can not be created", realmRepresentation.getRealm());
        }
    }

    public static Predicate<? super Throwable> realmEndpointNotAvailable() {
        return th -> {
            return (th instanceof ConnectException) || ((th instanceof RealmEndpointAccessException) && ((RealmEndpointAccessException) th).getErrorStatus() == 404);
        };
    }

    private Map<String, String> getUsers(Map<String, String> map, boolean z) {
        if (!map.isEmpty() || !z) {
            return map;
        }
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("alice", "alice");
        linkedHashMap.put("bob", "bob");
        return linkedHashMap;
    }

    private List<String> getUserRoles(String str) {
        List<String> list = capturedDevServicesConfiguration.roles.get(str);
        return list == null ? "alice".equals(str) ? List.of("admin", "user") : List.of("user") : list;
    }

    private RealmRepresentation createDefaultRealmRep() {
        RealmRepresentation realmRepresentation = new RealmRepresentation();
        realmRepresentation.setRealm(getDefaultRealmName());
        realmRepresentation.setEnabled(true);
        realmRepresentation.setUsers(new ArrayList());
        realmRepresentation.setClients(new ArrayList());
        realmRepresentation.setAccessTokenLifespan(600);
        realmRepresentation.setSsoSessionMaxLifespan(600);
        realmRepresentation.setRefreshTokenMaxReuse(10);
        RolesRepresentation rolesRepresentation = new RolesRepresentation();
        rolesRepresentation.setRealm(new ArrayList());
        realmRepresentation.setRoles(rolesRepresentation);
        if (capturedDevServicesConfiguration.roles.isEmpty()) {
            realmRepresentation.getRoles().getRealm().add(new RoleRepresentation("user", (String) null, false));
            realmRepresentation.getRoles().getRealm().add(new RoleRepresentation("admin", (String) null, false));
        } else {
            HashSet hashSet = new HashSet();
            Iterator<List<String>> it = capturedDevServicesConfiguration.roles.values().iterator();
            while (it.hasNext()) {
                for (String str : it.next()) {
                    if (!hashSet.contains(str)) {
                        hashSet.add(str);
                        realmRepresentation.getRoles().getRealm().add(new RoleRepresentation(str, (String) null, false));
                    }
                }
            }
        }
        return realmRepresentation;
    }

    private ClientRepresentation createClient(String str, String str2) {
        ClientRepresentation clientRepresentation = new ClientRepresentation();
        clientRepresentation.setClientId(str);
        clientRepresentation.setRedirectUris(List.of("*"));
        clientRepresentation.setPublicClient(false);
        clientRepresentation.setSecret(str2);
        clientRepresentation.setDirectAccessGrantsEnabled(true);
        clientRepresentation.setServiceAccountsEnabled(true);
        clientRepresentation.setImplicitFlowEnabled(true);
        clientRepresentation.setEnabled(true);
        clientRepresentation.setRedirectUris(List.of("*"));
        clientRepresentation.setDefaultClientScopes(List.of("microprofile-jwt"));
        return clientRepresentation;
    }

    private UserRepresentation createUser(String str, String str2, List<String> list) {
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setUsername(str);
        userRepresentation.setEnabled(true);
        userRepresentation.setCredentials(new ArrayList());
        userRepresentation.setRealmRoles(list);
        CredentialRepresentation credentialRepresentation = new CredentialRepresentation();
        credentialRepresentation.setType("password");
        credentialRepresentation.setValue(str2);
        credentialRepresentation.setTemporary(false);
        userRepresentation.getCredentials().add(credentialRepresentation);
        return userRepresentation;
    }

    private static boolean isOidcTenantEnabled() {
        return ((Boolean) ConfigProvider.getConfig().getOptionalValue(TENANT_ENABLED_CONFIG_KEY, Boolean.class).orElse(true)).booleanValue();
    }

    private static String getOidcApplicationType() {
        return (String) ConfigProvider.getConfig().getOptionalValue(APPLICATION_TYPE_CONFIG_KEY, String.class).orElse("service");
    }

    private static String getOidcClientId(boolean z) {
        return (String) ConfigProvider.getConfig().getOptionalValue(CLIENT_ID_CONFIG_KEY, String.class).orElse(z ? "quarkus-app" : "");
    }

    private static String getOidcClientSecret(boolean z) {
        return (String) ConfigProvider.getConfig().getOptionalValue(CLIENT_SECRET_CONFIG_KEY, String.class).orElse(z ? "secret" : "");
    }
}
