package org.keycloak.testsuite.docker;

import java.io.File;
import java.io.PrintWriter;
import java.util.HashMap;
import java.util.List;
import java.util.Optional;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.BeforeClass;
import org.junit.Test;
import org.keycloak.common.Profile;
import org.keycloak.representations.idm.KeysMetadataRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
import org.keycloak.testsuite.util.ServerURLs;
import org.keycloak.testsuite.util.WaitUtils;
import org.slf4j.LoggerFactory;
import org.testcontainers.containers.BindMode;
import org.testcontainers.containers.Container;
import org.testcontainers.containers.GenericContainer;
import org.testcontainers.containers.output.Slf4jLogConsumer;

@AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
/* loaded from: input_file:org/keycloak/testsuite/docker/DockerClientTest.class */
public class DockerClientTest extends AbstractKeycloakTest {
    public static final String REALM_ID = "docker-test-realm";
    public static final String CLIENT_ID = "docker-test-client";
    public static final String DOCKER_USER = "docker-user";
    public static final String DOCKER_USER_PASSWORD = "password";
    public static final String REGISTRY_HOSTNAME = "localhost";
    public static final Integer REGISTRY_PORT = 5000;
    public static final String MINIMUM_DOCKER_VERSION = "1.8.0";
    private GenericContainer dockerRegistryContainer = null;
    private GenericContainer dockerClientContainer = null;
    private static String hostIp;
    private static String authServerPort;

    @BeforeClass
    public static void verifyEnvironment() {
        ProfileAssume.assumeFeatureEnabled(Profile.Feature.DOCKER);
        Optional<DockerVersion> optional = new DockerHostVersionSupplier().get();
        Assume.assumeTrue("Could not determine docker version for host machine.  It either is not present or accessible to the JVM running the test harness.", optional.isPresent());
        Assume.assumeTrue("Docker client on host machine is not a supported version.  Please upgrade and try again.", DockerVersion.COMPARATOR.compare(optional.get(), DockerVersion.parseVersionString(MINIMUM_DOCKER_VERSION)) >= 0);
        hostIp = System.getProperty("host.ip");
        if (hostIp == null) {
            Optional<String> optional2 = new DockerHostIpSupplier().get();
            if (optional2.isPresent()) {
                hostIp = optional2.get();
            }
        }
        Assert.assertNotNull("Could not resolve host machine's IP address for docker adapter, and 'host.ip' system poperty not set. Client will not be able to authenticate against the keycloak server!", hostIp);
        authServerPort = ServerURLs.AUTH_SERVER_PORT;
    }

    @Override // org.keycloak.testsuite.AbstractKeycloakTest
    public void addTestRealms(List<RealmRepresentation> list) {
        RealmRepresentation createRealm = DockerTestRealmSetup.createRealm(REALM_ID);
        DockerTestRealmSetup.configureDockerRegistryClient(createRealm, CLIENT_ID);
        DockerTestRealmSetup.configureUser(createRealm, DOCKER_USER, "password");
        list.add(createRealm);
    }

    @Override // org.keycloak.testsuite.AbstractKeycloakTest
    public void beforeAbstractKeycloakTest() throws Exception {
        super.beforeAbstractKeycloakTest();
        String str = null;
        for (KeysMetadataRepresentation.KeyMetadataRepresentation keyMetadataRepresentation : this.adminClient.realm(REALM_ID).keys().getKeyMetadata().getKeys()) {
            if (keyMetadataRepresentation.getType().equals("RSA")) {
                str = keyMetadataRepresentation.getCertificate();
            }
        }
        if (str == null) {
            throw new IllegalStateException("Cannot find public realm cert");
        }
        File createTempFile = File.createTempFile("keycloak-docker-realm-cert-", ".pem");
        createTempFile.deleteOnExit();
        PrintWriter printWriter = new PrintWriter(createTempFile);
        printWriter.println("-----BEGIN CERTIFICATE-----");
        printWriter.println(str);
        printWriter.println("-----END CERTIFICATE-----");
        printWriter.close();
        HashMap hashMap = new HashMap();
        hashMap.put("REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY", "/tmp");
        hashMap.put("REGISTRY_AUTH_TOKEN_REALM", "http://" + hostIp + ":" + authServerPort + "/auth/realms/" + REALM_ID + "/protocol/docker-v2/auth");
        hashMap.put("REGISTRY_AUTH_TOKEN_SERVICE", CLIENT_ID);
        hashMap.put("REGISTRY_AUTH_TOKEN_ISSUER", "http://" + hostIp + ":" + authServerPort + "/auth/realms/" + REALM_ID);
        hashMap.put("REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE", "/opt/kc-certs/" + createTempFile.getCanonicalFile().getName());
        hashMap.put("INSECURE_REGISTRY", "--insecure-registry localhost:" + REGISTRY_PORT);
        String str2 = Boolean.parseBoolean(System.getProperty("docker.io-prefix-explicit")) ? "docker.io/" : "";
        this.dockerRegistryContainer = new GenericContainer(str2 + "registry:2").withFileSystemBind(createTempFile.getCanonicalPath(), "/opt/kc-certs/" + createTempFile.getCanonicalFile().getName(), BindMode.READ_ONLY).withEnv(hashMap).withLogConsumer(new Slf4jLogConsumer(LoggerFactory.getLogger("dockerRegistryContainer"))).withNetworkMode("host").withPrivilegedMode(true);
        this.dockerRegistryContainer.start();
        this.dockerClientContainer = new GenericContainer(str2 + "docker:dind").withLogConsumer(new Slf4jLogConsumer(LoggerFactory.getLogger("dockerClientContainer"))).withNetworkMode("host").withPrivilegedMode(true);
        this.dockerClientContainer.start();
    }

    @Override // org.keycloak.testsuite.AbstractKeycloakTest
    public void afterAbstractKeycloakTest() throws Exception {
        super.afterAbstractKeycloakTest();
        WaitUtils.pause(5000L);
        this.dockerClientContainer.close();
        this.dockerRegistryContainer.close();
    }

    @Test
    public void shouldPerformDockerAuthAgainstRegistry() throws Exception {
        this.log.info("Starting the attempt for login...");
        Container.ExecResult execInContainer = this.dockerClientContainer.execInContainer(new String[]{"docker", "login", "-u", DOCKER_USER, "-p", "password", "localhost:" + REGISTRY_PORT});
        printCommandResult(execInContainer);
        MatcherAssert.assertThat(execInContainer.getStdout(), Matchers.containsString("Login Succeeded"));
    }

    private void printCommandResult(Container.ExecResult execResult) {
        this.log.infof("Command executed. Output follows:\nSTDOUT: %s\n---\nSTDERR: %s", execResult.getStdout(), execResult.getStderr());
    }
}
