package org.crue.hercules.sgi.framework.test.security;

import com.github.tomakehurst.wiremock.WireMockServer;
import com.github.tomakehurst.wiremock.client.WireMock;
import com.github.tomakehurst.wiremock.core.WireMockConfiguration;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.RSASSASigner;
import com.nimbusds.jose.jwk.KeyUse;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jose.jwk.gen.RSAKeyGenerator;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.UUID;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.test.util.TestPropertyValues;
import org.springframework.context.ApplicationContextInitializer;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.event.ContextClosedEvent;

/* loaded from: input_file:BOOT-INF/lib/sgi-framework-spring-0.1.1-SNAPSHOT.jar:org/crue/hercules/sgi/framework/test/security/Oauth2WireMockInitializer.class */
public class Oauth2WireMockInitializer implements ApplicationContextInitializer<ConfigurableApplicationContext> {

    @Generated
    private static final Logger log = LoggerFactory.getLogger((Class<?>) Oauth2WireMockInitializer.class);

    /* loaded from: input_file:BOOT-INF/lib/sgi-framework-spring-0.1.1-SNAPSHOT.jar:org/crue/hercules/sgi/framework/test/security/Oauth2WireMockInitializer$BuildException.class */
    public class BuildException extends Exception {
        public BuildException(Throwable th) {
            super(th);
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/sgi-framework-spring-0.1.1-SNAPSHOT.jar:org/crue/hercules/sgi/framework/test/security/Oauth2WireMockInitializer$Oauth2WireMockInitializationEsception.class */
    public class Oauth2WireMockInitializationEsception extends RuntimeException {
        public Oauth2WireMockInitializationEsception(Throwable th) {
            super(th);
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/sgi-framework-spring-0.1.1-SNAPSHOT.jar:org/crue/hercules/sgi/framework/test/security/Oauth2WireMockInitializer$TokenBuilder.class */
    public interface TokenBuilder {
        String buildToken(String str, String... strArr) throws BuildException;
    }

    @Override // org.springframework.context.ApplicationContextInitializer
    public void initialize(ConfigurableApplicationContext configurableApplicationContext) {
        log.debug("initialize(ConfigurableApplicationContext configurableApplicationContext) - start");
        try {
            final RSAKey generate = new RSAKeyGenerator(2048).keyID("someId").keyUse(KeyUse.SIGNATURE).generate();
            configurableApplicationContext.getBeanFactory().registerSingleton("tokenBuilder", new TokenBuilder() { // from class: org.crue.hercules.sgi.framework.test.security.Oauth2WireMockInitializer.1
                @Override // org.crue.hercules.sgi.framework.test.security.Oauth2WireMockInitializer.TokenBuilder
                public String buildToken(String str, String... strArr) throws BuildException {
                    try {
                        Oauth2WireMockInitializer.log.debug("buildToken(String username, String... roles) - start");
                        RSASSASigner rSASSASigner = new RSASSASigner(generate);
                        SignedJWT signedJWT = new SignedJWT(new JWSHeader.Builder(JWSAlgorithm.RS256).keyID(generate.getKeyID()).build(), new JWTClaimsSet.Builder().subject(str).jwtID(UUID.randomUUID().toString()).audience("someAudience").issuer("someIssuer").expirationTime(Date.from(Instant.now().plus((TemporalAmount) Duration.ofMinutes(1L)))).claim("preferred_username", str).claim("realm_access", Collections.singletonMap("roles", Arrays.asList(strArr))).build());
                        signedJWT.sign(rSASSASigner);
                        String serialize = signedJWT.serialize();
                        Oauth2WireMockInitializer.log.debug("buildToken(String username, String... roles) - end");
                        return serialize;
                    } catch (JOSEException e) {
                        throw new BuildException(e);
                    }
                }
            });
            String jSONObject = generate.toPublicJWK().toJSONObject().toString();
            WireMockServer wireMockServer = new WireMockServer(new WireMockConfiguration().dynamicPort());
            wireMockServer.start();
            wireMockServer.stubFor(WireMock.get("/auth/realms/DEMO/protocol/openid-connect/certs").willReturn(WireMock.aResponse().withHeader("Content-Type", "application/json").withBody("{\"keys\":[" + jSONObject + "]}")));
            configurableApplicationContext.getBeanFactory().registerSingleton("wireMockServer", wireMockServer);
            configurableApplicationContext.addApplicationListener(applicationEvent -> {
                if (applicationEvent instanceof ContextClosedEvent) {
                    wireMockServer.stop();
                }
            });
            TestPropertyValues.of("spring.security.oauth2.resourceserver.jwt.jwk-set-uri:http://localhost:" + wireMockServer.port() + "/auth/realms/DEMO/protocol/openid-connect/certs").applyTo(configurableApplicationContext);
            log.debug("initialize(ConfigurableApplicationContext configurableApplicationContext) - end");
        } catch (JOSEException e) {
            log.error("Error intializing WireMock", (Throwable) e);
            throw new Oauth2WireMockInitializationEsception(e);
        }
    }
}
