package org.xdi.oxauth.service;

import com.unboundid.ldap.sdk.ResultCode;
import java.security.Provider;
import java.security.Security;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import java.util.concurrent.atomic.AtomicBoolean;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.codehaus.jackson.map.ObjectMapper;
import org.gluu.site.ldap.OperationsFacade;
import org.gluu.site.ldap.persistence.LdapEntryManager;
import org.gluu.site.ldap.persistence.exception.LdapMappingException;
import org.jboss.seam.Component;
import org.jboss.seam.ScopeType;
import org.jboss.seam.annotations.Create;
import org.jboss.seam.annotations.Factory;
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Logger;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Observer;
import org.jboss.seam.annotations.Scope;
import org.jboss.seam.annotations.Startup;
import org.jboss.seam.annotations.async.Asynchronous;
import org.jboss.seam.async.TimerSchedule;
import org.jboss.seam.contexts.Context;
import org.jboss.seam.contexts.Contexts;
import org.jboss.seam.core.Events;
import org.jboss.seam.log.Log;
import org.xdi.exception.ConfigurationException;
import org.xdi.model.SimpleProperty;
import org.xdi.model.SmtpConfiguration;
import org.xdi.model.custom.script.CustomScriptType;
import org.xdi.model.ldap.GluuLdapConfiguration;
import org.xdi.oxauth.model.appliance.GluuAppliance;
import org.xdi.oxauth.model.config.ConfigurationFactory;
import org.xdi.oxauth.model.config.oxIDPAuthConf;
import org.xdi.oxauth.service.custom.CustomScriptManagerMigrator;
import org.xdi.oxauth.util.FileConfiguration;
import org.xdi.oxauth.util.ServerUtil;
import org.xdi.service.PythonService;
import org.xdi.service.custom.script.CustomScriptManager;
import org.xdi.service.ldap.LdapConnectionService;
import org.xdi.util.StringHelper;
import org.xdi.util.security.StringEncrypter;

@Name("appInitializer")
@Startup
@Scope(ScopeType.APPLICATION)
/* loaded from: input_file:org/xdi/oxauth/service/AppInitializer.class */
public class AppInitializer {
    private static final String EVENT_TYPE = "AppInitializerTimerEvent";
    private static final int DEFAULT_INTERVAL = 30;
    public static final String LDAP_AUTH_CONFIG_NAME = "ldapAuthConfig";
    public static final String LDAP_ENTRY_MANAGER_NAME = "ldapEntryManager";
    public static final String LDAP_AUTH_ENTRY_MANAGER_NAME = "ldapAuthEntryManager";

    @Logger
    private Log log;

    @In
    private ApplianceService applianceService;
    private FileConfiguration ldapConfig;
    private List<GluuLdapConfiguration> ldapAuthConfigs;
    private LdapConnectionService connectionProvider;
    private LdapConnectionService bindConnectionProvider;
    private List<LdapConnectionService> authConnectionProviders;
    private List<LdapConnectionService> authBindConnectionProviders;
    private AtomicBoolean isActive;
    private long lastFinishedTime;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/xdi/oxauth/service/AppInitializer$LdapConnectionProviders.class */
    public class LdapConnectionProviders {
        private LdapConnectionService connectionProvider;
        private LdapConnectionService connectionBindProvider;

        public LdapConnectionProviders(LdapConnectionService ldapConnectionService, LdapConnectionService ldapConnectionService2) {
            this.connectionProvider = ldapConnectionService;
            this.connectionBindProvider = ldapConnectionService2;
        }

        public LdapConnectionService getConnectionProvider() {
            return this.connectionProvider;
        }

        public LdapConnectionService getConnectionBindProvider() {
            return this.connectionBindProvider;
        }
    }

    @Create
    public void createApplicationComponents() {
        installBCProvider();
        createStringEncrypter();
        createConnectionProvider();
        ConfigurationFactory.create();
        List<GluuLdapConfiguration> loadLdapAuthConfigs = loadLdapAuthConfigs((LdapEntryManager) Component.getInstance(LDAP_ENTRY_MANAGER_NAME, true));
        reloadConfigurationImpl(loadLdapAuthConfigs);
        createAuthConnectionProviders(loadLdapAuthConfigs);
        addSecurityProviders();
        PythonService.instance().initPythonInterpreter();
        CustomScriptManager.instance().init(Arrays.asList(CustomScriptType.PERSON_AUTHENTICATION, CustomScriptType.CLIENT_REGISTRATION, CustomScriptType.ID_GENERATOR, CustomScriptType.UMA_AUTHORIZATION_POLICY, CustomScriptType.APPLICATION_SESSION));
        CustomScriptManagerMigrator.instance().migrateOldConfigurations();
    }

    private void installBCProvider() {
        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) != null) {
            this.log.info("Bouncy Castle Provider was added already", new Object[0]);
        } else {
            this.log.info("Adding Bouncy Castle Provider", new Object[0]);
            Security.addProvider(new BouncyCastleProvider());
        }
    }

    private void createStringEncrypter() {
        String loadCryptoConfigurationSalt = ConfigurationFactory.loadCryptoConfigurationSalt();
        if (StringHelper.isEmpty(loadCryptoConfigurationSalt)) {
            throw new ConfigurationException("Encode salt isn't defined in " + ConfigurationFactory.CONFIGURATION_FILE_CRYPTO_PROPERTIES_FILE);
        }
        try {
            Contexts.getApplicationContext().set("stringEncrypter", StringEncrypter.instance(loadCryptoConfigurationSalt));
        } catch (StringEncrypter.EncryptionException e) {
            throw new ConfigurationException("Failed to create StringEncrypter instance");
        }
    }

    @Observer({"org.jboss.seam.postInitialization"})
    public void initReloadTimer() {
        this.isActive = new AtomicBoolean(false);
        this.lastFinishedTime = System.currentTimeMillis();
        Events.instance().raiseTimedEvent(EVENT_TYPE, new TimerSchedule(60000L, 30000L), new Object[0]);
    }

    @Observer({EVENT_TYPE})
    @Asynchronous
    public void reloadConfigurationTimerEvent() {
        if (this.isActive.get()) {
            return;
        }
        try {
            if (this.isActive.compareAndSet(false, true)) {
                try {
                    reloadConfiguration();
                    this.isActive.set(false);
                    this.lastFinishedTime = System.currentTimeMillis();
                } catch (Throwable th) {
                    this.log.error("Exception happened while reloading application configuration", th, new Object[0]);
                    this.isActive.set(false);
                    this.lastFinishedTime = System.currentTimeMillis();
                }
            }
        } catch (Throwable th2) {
            this.isActive.set(false);
            this.lastFinishedTime = System.currentTimeMillis();
            throw th2;
        }
    }

    private void reloadConfiguration() {
        reloadConfigurationImpl(loadLdapAuthConfigs((LdapEntryManager) Component.getInstance(LDAP_ENTRY_MANAGER_NAME, true)));
    }

    private void reloadConfigurationImpl(List<GluuLdapConfiguration> list) {
        List<GluuLdapConfiguration> list2 = null;
        if (list.size() > 0) {
            list2 = list;
        }
        this.ldapAuthConfigs = list2;
        Context applicationContext = Contexts.getApplicationContext();
        if (list2 != null) {
            applicationContext.set(LDAP_AUTH_CONFIG_NAME, list2);
        } else if (applicationContext.isSet(LDAP_AUTH_CONFIG_NAME)) {
            applicationContext.remove(LDAP_AUTH_CONFIG_NAME);
        }
    }

    private void addSecurityProviders() {
        try {
            Provider[] providers = Security.getProviders();
            if (providers != null) {
                boolean z = false;
                for (Provider provider : providers) {
                    if (provider.getName().equalsIgnoreCase("BC")) {
                        z = true;
                    }
                }
                if (!z) {
                    Security.addProvider(new BouncyCastleProvider());
                }
            }
        } catch (Exception e) {
            this.log.trace(e.getMessage(), e, new Object[0]);
        }
    }

    @Factory(value = LDAP_ENTRY_MANAGER_NAME, scope = ScopeType.APPLICATION, autoCreate = true)
    public LdapEntryManager createLdapEntryManager() {
        LdapEntryManager ldapEntryManager = new LdapEntryManager(new OperationsFacade(this.connectionProvider, this.bindConnectionProvider));
        this.log.debug("Created {0}: {1}", new Object[]{LDAP_ENTRY_MANAGER_NAME, ldapEntryManager});
        return ldapEntryManager;
    }

    @Factory(value = LDAP_AUTH_ENTRY_MANAGER_NAME, scope = ScopeType.APPLICATION, autoCreate = true)
    public List<LdapEntryManager> createLdapAuthEntryManager() {
        ArrayList arrayList = new ArrayList();
        if (this.ldapAuthConfigs == null) {
            return arrayList;
        }
        for (int i = 0; i < this.ldapAuthConfigs.size(); i++) {
            LdapEntryManager ldapEntryManager = new LdapEntryManager(new OperationsFacade(this.authConnectionProviders.get(i), this.authBindConnectionProviders.get(i)));
            this.log.debug("Created {0}#{1}: {2}", new Object[]{LDAP_AUTH_ENTRY_MANAGER_NAME, Integer.valueOf(i), ldapEntryManager});
            arrayList.add(ldapEntryManager);
        }
        return arrayList;
    }

    public LdapEntryManager createLdapAuthEntryManager(GluuLdapConfiguration gluuLdapConfiguration) {
        LdapConnectionProviders createAuthConnectionProviders = createAuthConnectionProviders(gluuLdapConfiguration);
        LdapEntryManager ldapEntryManager = new LdapEntryManager(new OperationsFacade(createAuthConnectionProviders.getConnectionProvider(), createAuthConnectionProviders.getConnectionBindProvider()));
        this.log.debug("Created authentication LdapEntryManager: {0}", new Object[]{ldapEntryManager});
        return ldapEntryManager;
    }

    @Factory(value = "smtpConfiguration", scope = ScopeType.APPLICATION, autoCreate = true)
    public SmtpConfiguration createSmtpConfiguration() {
        SmtpConfiguration smtpConfiguration = this.applianceService.getAppliance().getSmtpConfiguration();
        if (smtpConfiguration == null) {
            return null;
        }
        String password = smtpConfiguration.getPassword();
        if (StringHelper.isNotEmpty(password)) {
            try {
                smtpConfiguration.setPasswordDecrypted(EncryptionService.instance().decrypt(password));
            } catch (StringEncrypter.EncryptionException e) {
                this.log.error("Failed to decript SMTP user password", e, new Object[0]);
            }
        }
        return smtpConfiguration;
    }

    private void createConnectionProvider() {
        this.ldapConfig = ConfigurationFactory.getLdapConfiguration();
        Properties properties = this.ldapConfig.getProperties();
        this.connectionProvider = createConnectionProvider(properties);
        this.bindConnectionProvider = createBindConnectionProvider(prepareBindConnectionProperties(properties), properties);
    }

    private void createAuthConnectionProviders(List<GluuLdapConfiguration> list) {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        Iterator<GluuLdapConfiguration> it = list.iterator();
        while (it.hasNext()) {
            LdapConnectionProviders createAuthConnectionProviders = createAuthConnectionProviders(it.next());
            arrayList.add(createAuthConnectionProviders.getConnectionProvider());
            arrayList2.add(createAuthConnectionProviders.getConnectionBindProvider());
        }
        this.authConnectionProviders = arrayList;
        this.authBindConnectionProviders = arrayList2;
    }

    public LdapConnectionProviders createAuthConnectionProviders(GluuLdapConfiguration gluuLdapConfiguration) {
        Properties prepareAuthConnectionProperties = prepareAuthConnectionProperties(gluuLdapConfiguration);
        return new LdapConnectionProviders(createConnectionProvider(prepareAuthConnectionProperties), createBindConnectionProvider(prepareBindConnectionProperties(prepareAuthConnectionProperties), prepareAuthConnectionProperties));
    }

    private Properties prepareAuthConnectionProperties(GluuLdapConfiguration gluuLdapConfiguration) {
        Properties properties = (Properties) ConfigurationFactory.getLdapConfiguration().getProperties().clone();
        if (gluuLdapConfiguration != null) {
            properties.setProperty("servers", buildServersString(gluuLdapConfiguration.getServers()));
            String bindDN = gluuLdapConfiguration.getBindDN();
            if (StringHelper.isNotEmpty(bindDN)) {
                properties.setProperty("bindDN", bindDN);
                properties.setProperty("bindPassword", gluuLdapConfiguration.getBindPassword());
            }
            properties.setProperty("useSSL", Boolean.toString(gluuLdapConfiguration.isUseSSL()));
            properties.setProperty("maxconnections", Integer.toString(gluuLdapConfiguration.getMaxConnections()));
        }
        return properties;
    }

    private Properties prepareBindConnectionProperties(Properties properties) {
        Properties properties2 = (Properties) properties.clone();
        properties2.remove("bindDN");
        properties2.remove("bindPassword");
        return properties2;
    }

    private LdapConnectionService createConnectionProvider(Properties properties) {
        return new LdapConnectionService(EncryptionService.instance().decryptProperties(properties));
    }

    private LdapConnectionService createBindConnectionProvider(Properties properties, Properties properties2) {
        LdapConnectionService createConnectionProvider = createConnectionProvider(properties);
        if (ResultCode.INAPPROPRIATE_AUTHENTICATION.equals(createConnectionProvider.getCreationResultCode())) {
            this.log.warn("It's not possible to create authentication LDAP connection pool using anonymous bind. Attempting to create it using binDN/bindPassword", new Object[0]);
            createConnectionProvider = createConnectionProvider(properties2);
        }
        return createConnectionProvider;
    }

    private String buildServersString(List<?> list) {
        StringBuilder sb = new StringBuilder();
        if (list == null) {
            return sb.toString();
        }
        boolean z = true;
        for (Object obj : list) {
            if (z) {
                z = false;
            } else {
                sb.append(",");
            }
            if (obj instanceof SimpleProperty) {
                sb.append(((SimpleProperty) obj).getValue());
            } else {
                sb.append(obj);
            }
        }
        return sb.toString();
    }

    public List<oxIDPAuthConf> loadLdapIdpAuthConfigs(LdapEntryManager ldapEntryManager) {
        String appliance = ConfigurationFactory.getBaseDn().getAppliance();
        String applianceInum = ConfigurationFactory.getConfiguration().getApplianceInum();
        if (StringHelper.isEmpty(appliance) || StringHelper.isEmpty(applianceInum)) {
            return null;
        }
        try {
            GluuAppliance gluuAppliance = (GluuAppliance) ldapEntryManager.find(GluuAppliance.class, String.format("inum=%s,%s", applianceInum, appliance));
            if (gluuAppliance == null || gluuAppliance.getOxIDPAuthentication() == null) {
                return null;
            }
            ArrayList arrayList = new ArrayList();
            for (String str : gluuAppliance.getOxIDPAuthentication()) {
                try {
                    oxIDPAuthConf oxidpauthconf = (oxIDPAuthConf) jsonToObject(str, oxIDPAuthConf.class);
                    if (oxidpauthconf.getType().equalsIgnoreCase("ldap") || oxidpauthconf.getType().equalsIgnoreCase("auth")) {
                        arrayList.add(oxidpauthconf);
                    }
                } catch (Exception e) {
                    this.log.error("Failed to create object by json: '{0}'", e, new Object[]{str});
                }
            }
            return arrayList;
        } catch (LdapMappingException e2) {
            this.log.error("Failed to load appliance entry from Ldap", e2, new Object[0]);
            return null;
        }
    }

    public GluuLdapConfiguration loadLdapAuthConfig(oxIDPAuthConf oxidpauthconf) {
        if (oxidpauthconf == null) {
            return null;
        }
        try {
            if (oxidpauthconf.getType().equalsIgnoreCase("ldap")) {
                return mapOldLdapConfig(oxidpauthconf);
            }
            if (oxidpauthconf.getType().equalsIgnoreCase("auth")) {
                return mapLdapConfig(oxidpauthconf.getConfig());
            }
            return null;
        } catch (Exception e) {
            this.log.error("Failed to create object by oxIDPAuthConf: '{0}'", e, new Object[]{oxidpauthconf});
            return null;
        }
    }

    public List<GluuLdapConfiguration> loadLdapAuthConfigs(LdapEntryManager ldapEntryManager) {
        ArrayList arrayList = new ArrayList();
        List<oxIDPAuthConf> loadLdapIdpAuthConfigs = loadLdapIdpAuthConfigs(ldapEntryManager);
        if (loadLdapIdpAuthConfigs == null) {
            return arrayList;
        }
        Iterator<oxIDPAuthConf> it = loadLdapIdpAuthConfigs.iterator();
        while (it.hasNext()) {
            GluuLdapConfiguration loadLdapAuthConfig = loadLdapAuthConfig(it.next());
            if (loadLdapAuthConfig != null) {
                arrayList.add(loadLdapAuthConfig);
            }
        }
        return arrayList;
    }

    @Deprecated
    private GluuLdapConfiguration mapOldLdapConfig(oxIDPAuthConf oxidpauthconf) {
        GluuLdapConfiguration gluuLdapConfiguration = new GluuLdapConfiguration();
        gluuLdapConfiguration.setServers(Arrays.asList(new SimpleProperty(oxidpauthconf.getFields().get(0).getValues().get(0) + ":" + oxidpauthconf.getFields().get(1).getValues().get(0))));
        gluuLdapConfiguration.setBindDN(oxidpauthconf.getFields().get(2).getValues().get(0));
        gluuLdapConfiguration.setBindPassword(oxidpauthconf.getFields().get(3).getValues().get(0));
        gluuLdapConfiguration.setUseSSL(Boolean.valueOf(oxidpauthconf.getFields().get(4).getValues().get(0)).booleanValue());
        gluuLdapConfiguration.setMaxConnections(3);
        gluuLdapConfiguration.setConfigId("auth_ldap_server");
        gluuLdapConfiguration.setEnabled(oxidpauthconf.getEnabled());
        return gluuLdapConfiguration;
    }

    private GluuLdapConfiguration mapLdapConfig(String str) throws Exception {
        return (GluuLdapConfiguration) jsonToObject(str, GluuLdapConfiguration.class);
    }

    private Object jsonToObject(String str, Class<?> cls) throws Exception {
        return new ObjectMapper().readValue(str, cls);
    }

    public static AppInitializer instance() {
        return (AppInitializer) ServerUtil.instance(AppInitializer.class);
    }
}
