package io.quarkiverse.kerberos.deployment.devservices;

import io.quarkiverse.kerberos.deployment.KerberosBuildStep;
import io.quarkiverse.kerberos.deployment.KerberosBuildTimeConfig;
import io.quarkus.deployment.IsDockerWorking;
import io.quarkus.deployment.IsNormal;
import io.quarkus.deployment.annotations.BuildProducer;
import io.quarkus.deployment.annotations.BuildStep;
import io.quarkus.deployment.builditem.DevServicesConfigResultBuildItem;
import io.quarkus.deployment.builditem.DevServicesSharedNetworkBuildItem;
import io.quarkus.deployment.builditem.LaunchModeBuildItem;
import io.quarkus.deployment.dev.devservices.GlobalDevServicesConfig;
import io.quarkus.deployment.logging.LoggingSetupBuildItem;
import io.quarkus.devservices.common.ContainerAddress;
import io.quarkus.devservices.common.ContainerLocator;
import io.quarkus.runtime.LaunchMode;
import java.io.BufferedReader;
import java.io.Closeable;
import java.io.StringReader;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.time.Duration;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import org.eclipse.microprofile.config.ConfigProvider;
import org.jboss.logging.Logger;
import org.testcontainers.containers.GenericContainer;
import org.testcontainers.containers.Network;
import org.testcontainers.containers.wait.strategy.Wait;
import org.testcontainers.utility.Base58;
import org.testcontainers.utility.DockerImageName;

/* loaded from: input_file:io/quarkiverse/kerberos/deployment/devservices/KerberosDevServicesProcessor.class */
public class KerberosDevServicesProcessor {
    private static final String JAVA_OPTS = "JAVA_OPTS";
    private static final int KERBEROS_KDC_PORT_2 = 464;
    private static final String CONFIG_PREFIX = "quarkus.kerberos.";
    private static final String KERBEROS_LOGIN_CONTEXT_NAME_PROP = "quarkus.kerberos.login-context-name";
    private static final String KERBEROS_SERVICE_PRINC_NAME_PROP = "quarkus.kerberos.service-principal-name";
    private static final String DEFAULT_KERBEROS_SERVICE_PRINC_NAME = "HTTP/localhost";
    private static final String KERBEROS_SERVICE_PRINC_REALM_PROP = "quarkus.kerberos.service-principal-realm";
    private static final String DEFAULT_KERBEROS_SERVICE_PRINC_REALM = "EXAMPLE.COM";
    private static final String KERBEROS_SERVICE_PRINC_PWD_PROP = "quarkus.kerberos.service-principal-password";
    private static final String DEFAULT_KERBEROS_SERVICE_PRINC_PWD = "servicepwd";
    private static volatile List<Closeable> closeables;
    private final IsDockerWorking isDockerWorking = new IsDockerWorking(true);
    private static volatile DevServicesConfig capturedDevServicesConfiguration;
    private static volatile KerberosDevServicesConfigBuildItem existingDevServiceConfig;
    private static final Logger LOG = Logger.getLogger(KerberosDevServicesProcessor.class);
    private static final String DEV_SERVICE_LABEL = "quarkus-dev-service-kerberos";
    private static final int KERBEROS_KDC_PORT = 88;
    private static final ContainerLocator kerberosDevModeContainerLocator = new ContainerLocator(DEV_SERVICE_LABEL, KERBEROS_KDC_PORT);
    private static final int KERBEROS_ADMIN_SERVER_PORT = 749;
    private static final ContainerLocator kerberosDevModeAdminServerContainerLocator = new ContainerLocator(DEV_SERVICE_LABEL, KERBEROS_ADMIN_SERVER_PORT);
    private static volatile boolean first = true;

    /* loaded from: input_file:io/quarkiverse/kerberos/deployment/devservices/KerberosDevServicesProcessor$QuarkusKerberosContainer.class */
    private static class QuarkusKerberosContainer extends GenericContainer {
        private final boolean useSharedNetwork;
        private final String containerLabelValue;
        private final Optional<String> javaOpts;
        private final boolean sharedContainer;
        private String hostName;

        public QuarkusKerberosContainer(DockerImageName dockerImageName, boolean z, String str, boolean z2, Optional<String> optional) {
            super(dockerImageName);
            this.hostName = null;
            this.useSharedNetwork = z;
            this.containerLabelValue = str;
            this.sharedContainer = z2;
            this.javaOpts = optional;
        }

        protected void configure() {
            super.configure();
            if (this.sharedContainer && LaunchMode.current() == LaunchMode.DEVELOPMENT) {
                withLabel(KerberosDevServicesProcessor.DEV_SERVICE_LABEL, this.containerLabelValue);
            }
            if (this.useSharedNetwork) {
                setNetwork(Network.SHARED);
                this.hostName = "kerberos-" + Base58.randomString(5);
                setNetworkAliases(Collections.singletonList(this.hostName));
            } else {
                withExposedPorts(new Integer[]{Integer.valueOf(KerberosDevServicesProcessor.KERBEROS_KDC_PORT), Integer.valueOf(KerberosDevServicesProcessor.KERBEROS_KDC_PORT_2), Integer.valueOf(KerberosDevServicesProcessor.KERBEROS_ADMIN_SERVER_PORT)});
            }
            withStartupTimeout(Duration.ofMillis(20000L));
            withEnv("KRB5_REALM", KerberosDevServicesProcessor.getRealm());
            withEnv("KRB5_KDC", "localhost");
            withEnv("KRB5_PASS", "mypass");
            waitingFor(Wait.forLogMessage("Principal \"admin/admin@" + KerberosDevServicesProcessor.getRealm() + "\" created.*", 1));
            if (this.javaOpts.isPresent()) {
                addEnv(KerberosDevServicesProcessor.JAVA_OPTS, this.javaOpts.get());
            }
        }

        public void createTestPrincipals(Map<String, String> map) {
            try {
                execInContainer(new String[]{"kadmin.local", "-q", "addprinc -pw " + KerberosDevServicesProcessor.getServicePrincipalPassword() + " " + KerberosDevServicesProcessor.getServicePrincipalName()});
                for (Map.Entry<String, String> entry : map.entrySet()) {
                    execInContainer(new String[]{"kadmin.local", "-q", "addprinc -pw " + entry.getValue() + " " + entry.getKey()});
                }
            } catch (Exception e) {
                e.printStackTrace();
                throw new RuntimeException(e);
            }
        }

        public String createKrb5File() {
            return KerberosDevServicesProcessor.createKrb5Config(getHost(), getMappedPort(KerberosDevServicesProcessor.KERBEROS_KDC_PORT).toString(), getMappedPort(KerberosDevServicesProcessor.KERBEROS_ADMIN_SERVER_PORT).toString());
        }

        public String getHost() {
            return this.useSharedNetwork ? this.hostName : super.getHost();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/quarkiverse/kerberos/deployment/devservices/KerberosDevServicesProcessor$StartResult.class */
    public static class StartResult {
        private final Closeable closeable;
        private final String krb5CfgPath;
        private final boolean shared;

        public StartResult(Closeable closeable, String str, boolean z) {
            this.closeable = closeable;
            this.krb5CfgPath = str;
            this.shared = z;
        }
    }

    @BuildStep(onlyIfNot = {IsNormal.class}, onlyIf = {KerberosBuildStep.IsEnabled.class, GlobalDevServicesConfig.Enabled.class})
    public KerberosDevServicesConfigBuildItem startKerberosContainer(List<DevServicesSharedNetworkBuildItem> list, BuildProducer<DevServicesConfigResultBuildItem> buildProducer, KerberosBuildTimeConfig kerberosBuildTimeConfig, LaunchModeBuildItem launchModeBuildItem, LoggingSetupBuildItem loggingSetupBuildItem) {
        DevServicesConfig devServicesConfig = kerberosBuildTimeConfig.devservices;
        boolean z = !devServicesConfig.equals(capturedDevServicesConfiguration);
        if (!z) {
            return existingDevServiceConfig;
        }
        if (closeables != null) {
            Iterator<Closeable> it = closeables.iterator();
            while (it.hasNext()) {
                try {
                    it.next().close();
                } catch (Throwable th) {
                    LOG.error("Failed to stop Kerberos container", th);
                }
            }
            closeables = null;
            capturedDevServicesConfiguration = null;
            existingDevServiceConfig = null;
        }
        capturedDevServicesConfiguration = devServicesConfig;
        try {
            StartResult startContainer = startContainer(!list.isEmpty(), z);
            if (startContainer == null) {
                return null;
            }
            closeables = startContainer.closeable != null ? Collections.singletonList(startContainer.closeable) : null;
            if (first) {
                first = false;
                Thread.currentThread().getContextClassLoader().parent().addCloseTask(new Runnable() { // from class: io.quarkiverse.kerberos.deployment.devservices.KerberosDevServicesProcessor.1
                    @Override // java.lang.Runnable
                    public void run() {
                        if (KerberosDevServicesProcessor.closeables != null) {
                            Iterator<Closeable> it2 = KerberosDevServicesProcessor.closeables.iterator();
                            while (it2.hasNext()) {
                                try {
                                    it2.next().close();
                                } catch (Throwable th2) {
                                    KerberosDevServicesProcessor.LOG.error("Failed to stop Kerberos container", th2);
                                }
                            }
                        }
                        KerberosDevServicesProcessor.first = true;
                        KerberosDevServicesProcessor.closeables = null;
                        KerberosDevServicesProcessor.capturedDevServicesConfiguration = null;
                    }
                });
            }
            LOG.info("Dev Services for Kerberos started.");
            return prepareConfiguration(buildProducer, startContainer.krb5CfgPath, startContainer.shared);
        } catch (Throwable th2) {
            throw new RuntimeException(th2);
        }
    }

    private KerberosDevServicesConfigBuildItem prepareConfiguration(BuildProducer<DevServicesConfigResultBuildItem> buildProducer, String str, boolean z) {
        System.setProperty("java.security.krb5.conf", str);
        buildProducer.produce(new DevServicesConfigResultBuildItem(KERBEROS_SERVICE_PRINC_PWD_PROP, getServicePrincipalPassword()));
        existingDevServiceConfig = new KerberosDevServicesConfigBuildItem(Collections.emptyMap());
        return existingDevServiceConfig;
    }

    private StartResult startContainer(boolean z, boolean z2) {
        if (!capturedDevServicesConfiguration.enabled) {
            LOG.debug("Not starting Dev Services for Kerberos as it has been disabled in the config");
            return null;
        }
        if (System.getProperty("java.security.krb5.conf") != null && !z2) {
            LOG.debug("Not starting Dev Services for Kerberos as the java.security.krb5.conf system property is already set");
            return null;
        }
        if (System.getenv("KRB5_CONFIG") != null) {
            LOG.debug("Not starting Dev Services for Kerberos as the KRB5_CONFIG environment variable already exists");
            return null;
        }
        if (isLoginContextNameConfigured()) {
            LOG.debug("Not starting Dev Services for Kerberos as the JAAS login context name is already configured");
            return null;
        }
        if (!this.isDockerWorking.getAsBoolean()) {
            LOG.warn("Please get a working docker instance");
            return null;
        }
        Optional locateContainer = kerberosDevModeContainerLocator.locateContainer(capturedDevServicesConfiguration.serviceName, capturedDevServicesConfiguration.shared, LaunchMode.current());
        return (StartResult) locateContainer.map(containerAddress -> {
            return new StartResult(null, getSharedKrb5CfgPath(containerAddress), true);
        }).orElseGet(() -> {
            String str = capturedDevServicesConfiguration.imageName;
            final QuarkusKerberosContainer quarkusKerberosContainer = new QuarkusKerberosContainer(DockerImageName.parse(str).asCompatibleSubstituteFor(str), z, capturedDevServicesConfiguration.serviceName, capturedDevServicesConfiguration.shared, capturedDevServicesConfiguration.javaOpts);
            quarkusKerberosContainer.start();
            LOG.info(quarkusKerberosContainer.getLogs());
            quarkusKerberosContainer.createTestPrincipals(getUserPrincipals());
            return new StartResult(new Closeable() { // from class: io.quarkiverse.kerberos.deployment.devservices.KerberosDevServicesProcessor.2
                @Override // java.io.Closeable, java.lang.AutoCloseable
                public void close() {
                    quarkusKerberosContainer.close();
                    KerberosDevServicesProcessor.LOG.info("Dev Services for Kerberos shut down.");
                }
            }, quarkusKerberosContainer.createKrb5File(), false);
        });
    }

    private Map<String, String> getUserPrincipals() {
        if (!capturedDevServicesConfiguration.principals.isEmpty()) {
            return capturedDevServicesConfiguration.principals;
        }
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("alice", "alice");
        linkedHashMap.put("bob", "bob");
        return linkedHashMap;
    }

    private static String getSharedKrb5CfgPath(ContainerAddress containerAddress) {
        return createKrb5Config("0.0.0.0".equals(containerAddress.getHost()) ? "localhost" : containerAddress.getHost(), String.valueOf(containerAddress.getPort()), String.valueOf(((ContainerAddress) kerberosDevModeAdminServerContainerLocator.locateContainer(capturedDevServicesConfiguration.serviceName, capturedDevServicesConfiguration.shared, LaunchMode.current()).get()).getPort()));
    }

    private static String createKrb5Config(String str, String str2, String str3) {
        try {
            BufferedReader bufferedReader = new BufferedReader(new StringReader(new String(Thread.currentThread().getContextClassLoader().getResourceAsStream("/krb5ClientTemplate.conf").readAllBytes())));
            try {
                String replaceAll = ((String) bufferedReader.lines().collect(Collectors.joining(System.lineSeparator()))).replaceAll("<host>", str).replaceAll("<kdc_port>", str2).replaceAll("<admin_server_port>", str3).replaceAll("<realm>", getRealm());
                Path createTempFile = Files.createTempFile("devservices-krb5", ".conf", new FileAttribute[0]);
                Files.write(createTempFile, replaceAll.getBytes(), new OpenOption[0]);
                String path = createTempFile.toAbsolutePath().toString();
                LOG.infof("Kerberos configuration file path: %s, mapped KDC port: %s, mapped admin server port: %s", path, str2, str3);
                bufferedReader.close();
                return path;
            } finally {
            }
        } catch (Exception e) {
            e.printStackTrace();
            throw new RuntimeException(e);
        }
    }

    private static String getRealm() {
        return capturedDevServicesConfiguration.realm.isPresent() ? capturedDevServicesConfiguration.realm.get() : (String) ConfigProvider.getConfig().getOptionalValue(KERBEROS_SERVICE_PRINC_REALM_PROP, String.class).orElse(DEFAULT_KERBEROS_SERVICE_PRINC_REALM);
    }

    private static String getServicePrincipalPassword() {
        return (String) ConfigProvider.getConfig().getOptionalValue(KERBEROS_SERVICE_PRINC_PWD_PROP, String.class).orElse(DEFAULT_KERBEROS_SERVICE_PRINC_PWD);
    }

    private static String getServicePrincipalName() {
        return (String) ConfigProvider.getConfig().getOptionalValue(KERBEROS_SERVICE_PRINC_NAME_PROP, String.class).orElse(DEFAULT_KERBEROS_SERVICE_PRINC_NAME);
    }

    private static boolean isLoginContextNameConfigured() {
        return ConfigProvider.getConfig().getOptionalValue(KERBEROS_LOGIN_CONTEXT_NAME_PROP, String.class).isPresent();
    }
}
