package org.cloudfoundry.identity.uaa.test;

import java.io.IOException;
import java.net.HttpURLConnection;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.oauth.client.ClientDetailsModification;
import org.cloudfoundry.identity.uaa.user.UaaUser;
import org.junit.Assert;
import org.junit.rules.TestWatchman;
import org.junit.runners.model.FrameworkMethod;
import org.junit.runners.model.Statement;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.http.client.ClientHttpResponse;
import org.springframework.http.client.SimpleClientHttpRequestFactory;
import org.springframework.http.converter.StringHttpMessageConverter;
import org.springframework.http.converter.json.MappingJacksonHttpMessageConverter;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.oauth2.client.DefaultOAuth2ClientContext;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
import org.springframework.security.oauth2.client.token.AccessTokenRequest;
import org.springframework.security.oauth2.client.token.DefaultAccessTokenRequest;
import org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsResourceDetails;
import org.springframework.security.oauth2.provider.BaseClientDetails;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.web.client.ResponseErrorHandler;
import org.springframework.web.client.RestOperations;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-common-1.6.5.jar:org/cloudfoundry/identity/uaa/test/TestAccountSetup.class */
public class TestAccountSetup extends TestWatchman {
    private final UrlHelper serverRunning;
    private final UaaTestAccounts testAccounts;
    private UaaUser user;
    private static Log logger = LogFactory.getLog(TestAccountSetup.class);
    private static boolean initialized = false;

    private TestAccountSetup(UrlHelper urlHelper, UaaTestAccounts uaaTestAccounts) {
        this.serverRunning = urlHelper;
        this.testAccounts = uaaTestAccounts;
    }

    public static TestAccountSetup standard(UrlHelper urlHelper, UaaTestAccounts uaaTestAccounts) {
        return new TestAccountSetup(urlHelper, uaaTestAccounts);
    }

    public Statement apply(Statement statement, FrameworkMethod frameworkMethod, Object obj) {
        initializeIfNecessary(frameworkMethod, obj);
        return super.apply(statement, frameworkMethod, obj);
    }

    public UaaUser getUser() {
        return this.user;
    }

    private void initializeIfNecessary(FrameworkMethod frameworkMethod, Object obj) {
        ClientCredentialsResourceDetails adminClientCredentialsResource = this.testAccounts.getAdminClientCredentialsResource();
        OAuth2RestTemplate createRestTemplate = createRestTemplate(adminClientCredentialsResource, new DefaultAccessTokenRequest());
        if (!initialized) {
            logger.info("Checking user account context for server=" + adminClientCredentialsResource.getAccessTokenUri());
            if (!scimClientExists(createRestTemplate)) {
                createScimClient(createRestTemplate);
            }
            if (!appClientExists(createRestTemplate)) {
                createAppClient(createRestTemplate);
            }
            if (!vmcClientExists(createRestTemplate)) {
                createVmcClient(createRestTemplate);
            }
            initialized = true;
        }
        initializeUserAccount(createRestTemplate(this.testAccounts.getClientCredentialsResource("oauth.clients.scim", "scim", "scimsecret"), new DefaultAccessTokenRequest()));
    }

    private void createVmcClient(RestOperations restOperations) {
        createClient(restOperations, this.testAccounts.getClientDetails("oauth.clients.vmc", new BaseClientDetails("vmc", "cloud_controller,openid,password", "openid,cloud_controller.read,cloud_controller_service_permissions.read,password.write,scim.userids", "implicit", "uaa.none", "https://uaa.cloudfoundry.com/redirect/vmc")));
    }

    private void createScimClient(RestOperations restOperations) {
        BaseClientDetails baseClientDetails = new BaseClientDetails("scim", "oauth", "uaa.none", "client_credentials", "scim.read,scim.write,password.write,oauth.approvals");
        baseClientDetails.setClientSecret("scimsecret");
        createClient(restOperations, this.testAccounts.getClientDetails("oauth.clients.scim", baseClientDetails));
    }

    private void createAppClient(RestOperations restOperations) {
        BaseClientDetails baseClientDetails = new BaseClientDetails("app", ClientDetailsModification.NONE, "cloud_controller.read,cloud_controller_service_permissions.read,openid,password.write", "password,authorization_code,refresh_token", "uaa.resource");
        baseClientDetails.setClientSecret("appclientsecret");
        createClient(restOperations, this.testAccounts.getClientDetails("oauth.clients.app", baseClientDetails));
    }

    private void createClient(RestOperations restOperations, ClientDetails clientDetails) {
        Assert.assertEquals(HttpStatus.CREATED, restOperations.postForEntity(this.serverRunning.getClientsUri(), clientDetails, String.class, new Object[0]).getStatusCode());
    }

    private boolean clientExists(RestOperations restOperations, OAuth2ProtectedResourceDetails oAuth2ProtectedResourceDetails) {
        ResponseEntity forEntity = restOperations.getForEntity(this.serverRunning.getClientsUri() + "/" + oAuth2ProtectedResourceDetails.getClientId(), String.class, new Object[0]);
        return forEntity != null && forEntity.getStatusCode() == HttpStatus.OK;
    }

    private boolean vmcClientExists(RestOperations restOperations) {
        return clientExists(restOperations, this.testAccounts.getImplicitResource("oauth.clients.vmc", "vmc", null));
    }

    private boolean scimClientExists(RestOperations restOperations) {
        return clientExists(restOperations, this.testAccounts.getClientCredentialsResource("oauth.clients.scim", "scim", "scimsecret"));
    }

    private boolean appClientExists(RestOperations restOperations) {
        return clientExists(restOperations, this.testAccounts.getClientCredentialsResource("oauth.clients.app", "app", "appclientsecret"));
    }

    private void initializeUserAccount(RestOperations restOperations) {
        Map<String, ?> map;
        if (this.user == null) {
            UaaUser user = this.testAccounts.getUser();
            ResponseEntity forEntity = restOperations.getForEntity(this.serverRunning.getUserUri() + "?filter=userName eq '" + user.getUsername() + "'", Map.class, new Object[0]);
            Assert.assertEquals(HttpStatus.OK, forEntity.getStatusCode());
            List list = (List) ((Map) forEntity.getBody()).get("resources");
            if (list.isEmpty()) {
                ResponseEntity postForEntity = restOperations.postForEntity(this.serverRunning.getUserUri(), getUserAsMap(user), Map.class, new Object[0]);
                org.springframework.util.Assert.state(postForEntity.getStatusCode() == HttpStatus.CREATED, "User account not created: status was " + postForEntity.getStatusCode());
                map = (Map) postForEntity.getBody();
            } else {
                map = (Map) list.get(0);
            }
            this.user = getUserFromMap(map);
        }
    }

    private UaaUser getUserFromMap(Map<String, ?> map) {
        String str = (String) map.get("id");
        String str2 = (String) map.get("userName");
        String str3 = null;
        if (map.containsKey("emails")) {
            Collection collection = (Collection) map.get("emails");
            if (!collection.isEmpty()) {
                str3 = (String) ((Map) collection.iterator().next()).get("value");
            }
        }
        String str4 = null;
        String str5 = null;
        if (map.containsKey("name")) {
            Map map2 = (Map) map.get("name");
            str4 = (String) map2.get("givenName");
            str5 = (String) map2.get("familyName");
        }
        return new UaaUser(str, str2, "<N/A>", str3, extractAuthorities((Collection) map.get("groups")), str4, str5, new Date(), new Date());
    }

    private List<? extends GrantedAuthority> extractAuthorities(Collection<Map<String, String>> collection) {
        ArrayList arrayList = new ArrayList();
        for (Map<String, String> map : collection) {
            String str = map.get("display");
            org.springframework.util.Assert.state(str != null, "Role is null in this group: " + map);
            arrayList.add(new SimpleGrantedAuthority(str));
        }
        return arrayList;
    }

    private Map<String, ?> getUserAsMap(UaaUser uaaUser) {
        HashMap hashMap = new HashMap();
        if (uaaUser.getId() != null) {
            hashMap.put("id", uaaUser.getId());
        }
        if (uaaUser.getUsername() != null) {
            hashMap.put("userName", uaaUser.getUsername());
        }
        String email = uaaUser.getEmail();
        if (email != null) {
            hashMap.put("emails", Arrays.asList(Collections.singletonMap("value", email)));
        }
        String givenName = uaaUser.getGivenName();
        if (givenName != null) {
            HashMap hashMap2 = new HashMap();
            hashMap2.put("givenName", givenName);
            if (uaaUser.getFamilyName() != null) {
                hashMap2.put("familyName", uaaUser.getFamilyName());
            }
            hashMap.put("name", hashMap2);
        }
        return hashMap;
    }

    private OAuth2RestTemplate createRestTemplate(OAuth2ProtectedResourceDetails oAuth2ProtectedResourceDetails, AccessTokenRequest accessTokenRequest) {
        OAuth2RestTemplate oAuth2RestTemplate = new OAuth2RestTemplate(oAuth2ProtectedResourceDetails, new DefaultOAuth2ClientContext(accessTokenRequest));
        oAuth2RestTemplate.setRequestFactory(new SimpleClientHttpRequestFactory() { // from class: org.cloudfoundry.identity.uaa.test.TestAccountSetup.1
            /* JADX INFO: Access modifiers changed from: protected */
            @Override // org.springframework.http.client.SimpleClientHttpRequestFactory
            public void prepareConnection(HttpURLConnection httpURLConnection, String str) throws IOException {
                super.prepareConnection(httpURLConnection, str);
                httpURLConnection.setInstanceFollowRedirects(false);
            }
        });
        oAuth2RestTemplate.setErrorHandler(new ResponseErrorHandler() { // from class: org.cloudfoundry.identity.uaa.test.TestAccountSetup.2
            @Override // org.springframework.web.client.ResponseErrorHandler
            public boolean hasError(ClientHttpResponse clientHttpResponse) throws IOException {
                return false;
            }

            @Override // org.springframework.web.client.ResponseErrorHandler
            public void handleError(ClientHttpResponse clientHttpResponse) throws IOException {
            }
        });
        ArrayList arrayList = new ArrayList();
        arrayList.add(new StringHttpMessageConverter());
        arrayList.add(new MappingJacksonHttpMessageConverter());
        oAuth2RestTemplate.setMessageConverters(arrayList);
        return oAuth2RestTemplate;
    }
}
