package org.gluu.radius;

import java.io.File;
import java.io.FileWriter;
import java.security.Security;
import java.util.Arrays;
import java.util.List;
import java.util.Properties;
import org.apache.commons.cli.CommandLine;
import org.apache.commons.cli.DefaultParser;
import org.apache.commons.cli.HelpFormatter;
import org.apache.commons.cli.Options;
import org.apache.commons.cli.ParseException;
import org.apache.log4j.Logger;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.gluu.oxauth.model.jwk.Algorithm;
import org.gluu.oxauth.model.jwk.JSONWebKeySet;
import org.gluu.persist.PersistenceEntryManager;
import org.gluu.persist.PersistenceEntryManagerFactory;
import org.gluu.persist.model.PersistenceConfiguration;
import org.gluu.persist.service.StandalonePersistanceFactoryService;
import org.gluu.radius.exception.GenericPersistenceException;
import org.gluu.radius.exception.ServerException;
import org.gluu.radius.exception.ServerFactoryException;
import org.gluu.radius.exception.ServiceException;
import org.gluu.radius.model.Client;
import org.gluu.radius.model.ServerConfiguration;
import org.gluu.radius.server.GluuRadiusServer;
import org.gluu.radius.server.lifecycle.Runner;
import org.gluu.radius.server.lifecycle.ShutdownHook;
import org.gluu.radius.service.BootstrapConfigService;
import org.gluu.radius.service.CryptoService;
import org.gluu.radius.service.OpenIdConfigurationService;
import org.gluu.radius.service.RadiusClientService;
import org.gluu.radius.service.ServerConfigService;

/* loaded from: input_file:org/gluu/radius/ServerEntry.class */
public class ServerEntry {
    private static final Integer DEFAULT_CERT_EXPIRY_TIME = 365;
    private static final List<Algorithm> authSignatureAlgorithms = Arrays.asList(Algorithm.RS256, Algorithm.RS384, Algorithm.RS512);
    private static final Logger log = Logger.getLogger(ServerEntry.class);
    private static StandalonePersistanceFactoryService standalonePfService = null;
    private static PersistenceEntryManagerFactory persistenceEntryManagerFactory = null;
    private static PersistenceEntryManager persistenceEntryManager = null;
    private static GluuRadiusServer serverInstance = null;
    private static final String SERVER_OPT = "server";
    private static final String CRYPTOGEN_OPT = "cryptogen";
    private static final String CONFIG_FILE_OPT = "config_file";
    private static final String PRIVATE_KEY_OUT_OPT = "private_key_out";
    private static final String RADIATOR_CONFIG_OUT_OPT = "radiator_config_out";
    private static final String HELP_OPT = "help";
    private static final String PRIVATE_KEY_JWT_AUTH = "private_key_jwt";

    public static void main(String[] strArr) {
        Options createCliOptions = createCliOptions();
        CommandLine commandLine = null;
        try {
            commandLine = new DefaultParser().parse(createCliOptions, strArr);
        } catch (ParseException e) {
            log.error("Failed to start application", e);
            e.printStackTrace();
            printHelpMsg(createCliOptions);
            System.exit(-1);
        }
        validateCmdlineOptions(commandLine, createCliOptions);
        if (commandLine.hasOption(HELP_OPT)) {
            printHelpMsg(createCliOptions);
            System.exit(0);
        }
        printStartupMessage();
        String optionValue = commandLine.getOptionValue(CONFIG_FILE_OPT);
        Object obj = SERVER_OPT;
        if (commandLine.hasOption(CRYPTOGEN_OPT)) {
            obj = "cryptographic generation";
        }
        log.info(String.format("Starting application in %s mode. Configuration file: %s", obj, optionValue));
        log.info("Initializing security components");
        if (!initSecurity()) {
            log.error("Security components initialization failed");
            System.exit(-1);
        }
        log.info("Security components initialization successful");
        log.info("Registering bootstrap configuration service");
        if (!registerBootstrapConfigService(optionValue)) {
            log.error("Bootstrap configuration service registration failed");
            System.exit(-1);
        }
        log.info("Bootstrap configuration service registered");
        log.info("Initializing persistence layer");
        try {
            persistenceEntryManager = createPersistenceEntryManager();
            if (persistenceEntryManager == null) {
                log.error("Persistence layer initialization failed");
                System.exit(-1);
            }
        } catch (GenericPersistenceException e2) {
            log.error("Persistence layer initialization failed", e2);
            System.exit(-1);
        } catch (Exception e3) {
            log.error("Persistence layer initialization failed", e3);
            System.exit(-1);
        }
        log.info("Persistence layer initialization successful");
        log.info("Registering clients service");
        if (!registerRadiusClientService()) {
            log.error("Clients service registration failed");
            System.exit(-1);
        }
        log.info("Clients service registration successful");
        log.info("Registering server configuration service");
        if (!registerServerConfigService()) {
            log.error("Server configuration service registration failed");
            System.exit(-1);
        }
        log.info("Server configuration service registration failed");
        log.info("Registering OpenID configuration service");
        if (!registerOpenIdConfigurationService()) {
            log.error("OpenID configuration service registration failed");
            System.exit(-1);
        }
        log.info("OpenID configuration service registration successful");
        log.info("Registering cryptographic service");
        if (!registerCryptoService()) {
            log.error("Cryptographic service registration failed");
            System.exit(-1);
        }
        log.info("Cryptographic service registration successful");
        if (commandLine.hasOption(SERVER_OPT)) {
            runServer(commandLine);
        } else if (commandLine.hasOption(CRYPTOGEN_OPT)) {
            runCryptoGenerator(commandLine);
        }
    }

    private static final Options createCliOptions() {
        Options options = new Options();
        options.addOption(CONFIG_FILE_OPT, true, "Configuration file. Non-optional.");
        options.addOption(SERVER_OPT, false, "Run Gluu Radius as a server. This option and -cryptogen are mutually exclusive.");
        options.addOption(CRYPTOGEN_OPT, false, "Use Gluu Radius to (re-)generate cryptographic material used for authentication and token signing/verification. This option and -server are mutually exclusive.");
        options.addOption(PRIVATE_KEY_OUT_OPT, true, "Path to file where the private key used by GluuRadiator for authentication will be stored.Mandatory if -cryptogen is specified.");
        options.addOption(RADIATOR_CONFIG_OUT_OPT, true, "Path to file where the radiator configuration (auth module) will be stored. Used only when -cryptogen is specified. Optional.");
        options.addOption(HELP_OPT, false, "Prints this help message.");
        options.getOption(CONFIG_FILE_OPT).setArgs(1);
        options.getOption(PRIVATE_KEY_OUT_OPT).setArgs(1);
        return options;
    }

    private static final void validateCmdlineOptions(CommandLine commandLine, Options options) {
        if (!commandLine.hasOption(CONFIG_FILE_OPT)) {
            log.error("Use the -config_file option to specify a configuration file.");
            printHelpMsg(options);
            System.exit(-1);
        }
        if (commandLine.hasOption(SERVER_OPT) && commandLine.hasOption(CRYPTOGEN_OPT)) {
            log.error("The options -server and -cryptogen cannot be specified simultaneously.");
            printHelpMsg(options);
            System.exit(-1);
        }
        if (commandLine.hasOption(SERVER_OPT) || commandLine.hasOption(CRYPTOGEN_OPT)) {
            return;
        }
        log.error("Please specify -server or -cryptogen as arguments.");
        printHelpMsg(options);
        System.exit(-1);
    }

    private static final void printHelpMsg(Options options) {
        new HelpFormatter().printHelp("gluu-radius -config_file file_path [-server] [-cryptogen -private_key_out path]", options);
    }

    private static final void printStartupMessage() {
        log.info(" ");
        log.info(" ");
        log.info("+---------------------------------------------------------+");
        log.info("+ Gluu Radius Server                                      +");
        log.info("+ Copyright (c) Gluu Inc.                                 +");
        log.info("+---------------------------------------------------------+");
    }

    private static final void runServer(CommandLine commandLine) {
        if (isListenEnabled()) {
            log.info("Starting radius server");
            if (!startServer()) {
                log.error("Radius server startup failed");
                System.exit(-1);
            }
            log.info("Radius server started");
        }
        log.info("Registering server shutdown hook");
        registerServerShutdownHook();
        log.info("Server shutdown hook registered");
        log.info("Server initialization complete");
    }

    private static final void runCryptoGenerator(CommandLine commandLine) {
        log.info("Generating cryptographic material");
        try {
            CryptoService cryptoService = (CryptoService) ServiceLocator.getService(KnownService.Crypto);
            ServerConfigService serverConfigService = (ServerConfigService) ServiceLocator.getService(KnownService.ServerConfig);
            BootstrapConfigService bootstrapConfigService = (BootstrapConfigService) ServiceLocator.getService(KnownService.BootstrapConfig);
            OpenIdConfigurationService openIdConfigurationService = (OpenIdConfigurationService) ServiceLocator.getService(KnownService.OpenIdConfig);
            JSONWebKeySet generateKeys = cryptoService.generateKeys();
            Client loadOpenIdClient = openIdConfigurationService.loadOpenIdClient(serverConfigService.getServerConfiguration().getOpenidUsername());
            loadOpenIdClient.setTokenEndpointAuthMethod(PRIVATE_KEY_JWT_AUTH);
            loadOpenIdClient.setTokenEndpointAuthSigningAlg(bootstrapConfigService.getJwtAuthSignAlgo().name());
            loadOpenIdClient.setJwks(generateKeys.toString());
            openIdConfigurationService.saveOpenIdClient(loadOpenIdClient);
            if (commandLine.hasOption(PRIVATE_KEY_OUT_OPT)) {
                File file = new File(commandLine.getOptionValue(PRIVATE_KEY_OUT_OPT));
                cryptoService.exportAuthPrivateKeyToPem(file);
                if (commandLine.hasOption(RADIATOR_CONFIG_OUT_OPT)) {
                    String generateRadiatorConfiguration = generateRadiatorConfiguration(serverConfigService, bootstrapConfigService, cryptoService, file);
                    FileWriter fileWriter = new FileWriter(commandLine.getOptionValue(RADIATOR_CONFIG_OUT_OPT));
                    fileWriter.write(generateRadiatorConfiguration);
                    fileWriter.close();
                }
            } else {
                if (!commandLine.hasOption(RADIATOR_CONFIG_OUT_OPT)) {
                    log.warn("radiator configuration file specified without pem output file");
                }
                log.info("Skipping private key export and radiator configuration generation");
            }
        } catch (Exception e) {
            log.error("Cryptographic material generation failed", e);
            System.exit(-1);
        }
        log.info("Cryptographic material generation complete");
    }

    private static final String generateRadiatorConfiguration(ServerConfigService serverConfigService, BootstrapConfigService bootstrapConfigService, CryptoService cryptoService, File file) {
        StringBuilder sb = new StringBuilder();
        ServerConfiguration serverConfiguration = serverConfigService.getServerConfiguration();
        sb.append("<AuthBy GLUU>\r\n");
        sb.append(String.format("    gluuServerUrl %s\r\n", serverConfiguration.getOpenidBaseUrl()));
        sb.append(String.format("    clientId %s\r\n", serverConfiguration.getOpenidUsername()));
        sb.append(String.format("    signaturePkeyPassword %s\r\n", bootstrapConfigService.getJwtKeyStorePin()));
        sb.append(String.format("    signaturePkey file:\"/%s\"\r\n", file.getAbsolutePath()));
        sb.append(String.format("    signaturePkeyId %s\r\n", cryptoService.getAuthSigningKeyId()));
        sb.append(String.format("    signatureAlgorithm %s\r\n", bootstrapConfigService.getJwtAuthSignAlgo().name()));
        sb.append(String.format("    sslVerifyCert %s\r\n", "yes"));
        sb.append(String.format("    authScheme %s", "twostep\r\n"));
        sb.append("</AuthBy>\r\n");
        return sb.toString();
    }

    private static final boolean initSecurity() {
        Security.addProvider(new BouncyCastleProvider());
        return true;
    }

    private static final boolean registerBootstrapConfigService(String str) {
        boolean z = false;
        try {
            ServiceLocator.registerService(KnownService.BootstrapConfig, new BootstrapConfigService(str));
            z = true;
        } catch (ServiceException e) {
            log.error(e.getMessage(), e);
        }
        return z;
    }

    private static final boolean isListenEnabled() {
        return ((BootstrapConfigService) ServiceLocator.getService(KnownService.BootstrapConfig)).isListenEnabled();
    }

    private static final boolean registerRadiusClientService() {
        ServiceLocator.registerService(KnownService.RadiusClient, new RadiusClientService(persistenceEntryManager, ((BootstrapConfigService) ServiceLocator.getService(KnownService.BootstrapConfig)).getRadiusClientConfigDN()));
        return true;
    }

    private static final boolean registerServerConfigService() {
        ServiceLocator.registerService(KnownService.ServerConfig, new ServerConfigService(persistenceEntryManager, ((BootstrapConfigService) ServiceLocator.getService(KnownService.BootstrapConfig)).getRadiusConfigDN()));
        return true;
    }

    private static final boolean registerOpenIdConfigurationService() {
        try {
            ServiceLocator.registerService(KnownService.OpenIdConfig, new OpenIdConfigurationService((ServerConfigService) ServiceLocator.getService(KnownService.ServerConfig), persistenceEntryManager, ((BootstrapConfigService) ServiceLocator.getService(KnownService.BootstrapConfig)).getOpenidClientsDN()));
            return true;
        } catch (ServiceException e) {
            log.error(e.getMessage(), e);
            return false;
        }
    }

    private static final boolean registerCryptoService() {
        boolean z = false;
        try {
            CryptoService cryptoService = new CryptoService((BootstrapConfigService) ServiceLocator.getService(KnownService.BootstrapConfig), authSignatureAlgorithms, DEFAULT_CERT_EXPIRY_TIME.intValue(), 0);
            cryptoService.exportAuthPrivateKeyToPem();
            ServiceLocator.registerService(KnownService.Crypto, cryptoService);
            z = true;
        } catch (ServiceException e) {
            log.error(e.getMessage(), e);
        } catch (Exception e2) {
            log.error(e2.getMessage(), e2);
        }
        return z;
    }

    private static final PersistenceEntryManager createPersistenceEntryManager() {
        BootstrapConfigService bootstrapConfigService = (BootstrapConfigService) ServiceLocator.getService(KnownService.BootstrapConfig);
        standalonePfService = new StandalonePersistanceFactoryService();
        PersistenceConfiguration loadPersistenceConfiguration = standalonePfService.loadPersistenceConfiguration((String) null);
        Properties preparePersistenceProperties = bootstrapConfigService.preparePersistenceProperties(loadPersistenceConfiguration);
        persistenceEntryManagerFactory = standalonePfService.getPersistenceEntryManagerFactory(loadPersistenceConfiguration);
        return persistenceEntryManagerFactory.createEntryManager(preparePersistenceProperties);
    }

    private static final boolean startServer() {
        boolean z = false;
        try {
            GluuRadiusServer createServer = ServerFactory.createServer();
            createServer.run();
            z = true;
            serverInstance = createServer;
        } catch (ServerException e) {
            log.error("Error running radius server", e);
        } catch (ServerFactoryException e2) {
            log.error("Error running radius server", e2);
        }
        return z;
    }

    private static final void registerServerShutdownHook() {
        Runner runner = new Runner(serverInstance);
        runner.start();
        Runtime.getRuntime().addShutdownHook(new ShutdownHook(runner));
    }
}
