package org.gluu.radius.server.lifecycle;

import java.io.File;
import java.io.IOException;
import org.apache.log4j.Logger;
import org.gluu.oxauth.client.JwkClient;
import org.gluu.oxauth.client.JwkResponse;
import org.gluu.oxauth.model.crypto.signature.SignatureAlgorithm;
import org.gluu.oxauth.model.jwk.JSONWebKeySet;
import org.gluu.radius.KnownService;
import org.gluu.radius.ServiceLocator;
import org.gluu.radius.exception.ServerException;
import org.gluu.radius.model.Client;
import org.gluu.radius.server.GluuRadiusServer;
import org.gluu.radius.service.BootstrapConfigService;
import org.gluu.radius.service.CryptoService;
import org.gluu.radius.service.OpenIdConfigurationService;
import org.gluu.radius.service.ServerConfigService;

/* loaded from: input_file:org/gluu/radius/server/lifecycle/Runner.class */
public class Runner extends Thread {
    private static final Logger log = Logger.getLogger(Runner.class);
    private static final long sleeptimeout = 2000;
    private static final String PRIVATE_KEY_JWT_AUTH = "private_key_jwt";
    private static final long DEFAULT_JWKS_DOWNLOAD_INTERVAL = 5;
    private static final String HEALTH_STATUS_FILE = "/tmp/gluu-radius-health";
    private GluuRadiusServer server;
    private JSONWebKeySet currentKeyset;
    private boolean stop = false;
    private long keygenLastRun = System.currentTimeMillis();
    private long jwksDownloadLastRun = System.currentTimeMillis();
    private boolean forceJwksDownload = true;

    public Runner(GluuRadiusServer gluuRadiusServer) {
        this.server = gluuRadiusServer;
    }

    @Override // java.lang.Thread, java.lang.Runnable
    public void run() {
        try {
            if (!createHealthStatusFile()) {
                log.warn("Could not create the health status check file");
            }
            while (!this.stop) {
                log.debug("Performing background operations");
                performBackgroundOperations();
                log.debug("Background operations complete");
                Thread.sleep(sleeptimeout);
            }
            if (this.server != null) {
                this.server.stop();
            }
        } catch (InterruptedException e) {
        } catch (ServerException e2) {
            log.error("Error while shutting down the server", e2);
        }
    }

    public void stopRunning() {
        this.stop = true;
    }

    private final void performBackgroundOperations() {
        CryptoService cryptoService = (CryptoService) ServiceLocator.getService(KnownService.Crypto);
        try {
            try {
                cryptoService.beginWriteOpts();
                BootstrapConfigService bootstrapConfigService = (BootstrapConfigService) ServiceLocator.getService(KnownService.BootstrapConfig);
                long currentTimeMillis = System.currentTimeMillis() - this.keygenLastRun;
                long keygenInterval = bootstrapConfigService.getKeygenInterval() * 86400 * 1000;
                if (bootstrapConfigService.getKeygenInterval() != 0 && currentTimeMillis >= keygenInterval) {
                    this.currentKeyset = generateKeys(cryptoService);
                    cryptoService.exportAuthPrivateKeyToPem();
                    this.keygenLastRun = System.currentTimeMillis();
                }
                if (this.currentKeyset != null) {
                    saveOpenIdClientConfig(((ServerConfigService) ServiceLocator.getService(KnownService.ServerConfig)).getServerConfiguration().getOpenidUsername(), this.currentKeyset, bootstrapConfigService.getJwtAuthSignAlgo());
                    this.currentKeyset = null;
                }
                long currentTimeMillis2 = System.currentTimeMillis() - this.jwksDownloadLastRun;
                if (this.forceJwksDownload || currentTimeMillis2 >= 300000) {
                    if (downloadJwksServerKeys()) {
                        this.jwksDownloadLastRun = System.currentTimeMillis();
                    }
                    this.forceJwksDownload = false;
                }
            } catch (Exception e) {
                log.error("Error while performing background operations", e);
                cryptoService.endWriteOpts();
            }
        } finally {
            cryptoService.endWriteOpts();
        }
    }

    private final JSONWebKeySet generateKeys(CryptoService cryptoService) throws Exception {
        return cryptoService.generateKeys();
    }

    private final void saveOpenIdClientConfig(String str, JSONWebKeySet jSONWebKeySet, SignatureAlgorithm signatureAlgorithm) {
        OpenIdConfigurationService openIdConfigurationService = (OpenIdConfigurationService) ServiceLocator.getService(KnownService.OpenIdConfig);
        Client loadOpenIdClient = openIdConfigurationService.loadOpenIdClient(str);
        loadOpenIdClient.setJwks(jSONWebKeySet.toString());
        loadOpenIdClient.setTokenEndpointAuthMethod(PRIVATE_KEY_JWT_AUTH);
        loadOpenIdClient.setTokenEndpointAuthSigningAlg(signatureAlgorithm.name());
        openIdConfigurationService.saveOpenIdClient(loadOpenIdClient);
    }

    private final boolean downloadJwksServerKeys() {
        JwkResponse exec = new JwkClient(((OpenIdConfigurationService) ServiceLocator.getService(KnownService.OpenIdConfig)).getJwksUri()).exec();
        if (exec == null || !(exec == null || exec.getStatus() == 200)) {
            log.error("JWKS download failed");
            return false;
        }
        ((CryptoService) ServiceLocator.getService(KnownService.Crypto)).setServerKeyset(exec.getJwks().toJSONObject());
        return true;
    }

    private final boolean createHealthStatusFile() {
        try {
            File file = new File(HEALTH_STATUS_FILE);
            if (file.exists()) {
                file.delete();
            }
            return file.createNewFile();
        } catch (IOException e) {
            log.error("Error creating health status file", e);
            return false;
        }
    }
}
