package org.xdi.oxauth.service;

import com.unboundid.ldap.sdk.ResultCode;
import java.lang.annotation.Annotation;
import java.lang.reflect.Type;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.annotation.PostConstruct;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.context.BeforeDestroyed;
import javax.enterprise.context.Initialized;
import javax.enterprise.event.Event;
import javax.enterprise.event.Observes;
import javax.enterprise.inject.Instance;
import javax.enterprise.inject.Produces;
import javax.enterprise.inject.spi.BeanManager;
import javax.inject.Inject;
import javax.inject.Named;
import javax.servlet.ServletContext;
import org.codehaus.jackson.map.ObjectMapper;
import org.gluu.site.ldap.OperationsFacade;
import org.gluu.site.ldap.persistence.LdapEntryManager;
import org.gluu.site.ldap.persistence.exception.LdapMappingException;
import org.jboss.weld.util.reflection.ParameterizedTypeImpl;
import org.slf4j.Logger;
import org.xdi.exception.ConfigurationException;
import org.xdi.model.SimpleProperty;
import org.xdi.model.custom.script.CustomScriptType;
import org.xdi.model.ldap.GluuLdapConfiguration;
import org.xdi.oxauth.model.appliance.GluuAppliance;
import org.xdi.oxauth.model.auth.AuthenticationMode;
import org.xdi.oxauth.model.config.ConfigurationFactory;
import org.xdi.oxauth.model.config.oxIDPAuthConf;
import org.xdi.oxauth.model.util.SecurityProviderUtility;
import org.xdi.oxauth.service.cdi.event.AuthConfigurationEvent;
import org.xdi.oxauth.service.cdi.event.ReloadAuthScript;
import org.xdi.oxauth.service.external.ExternalAuthenticationService;
import org.xdi.oxauth.service.logger.LoggerService;
import org.xdi.oxauth.service.status.ldap.LdapStatusTimer;
import org.xdi.service.PythonService;
import org.xdi.service.cdi.async.Asynchronous;
import org.xdi.service.cdi.event.LdapConfigurationReload;
import org.xdi.service.cdi.event.Scheduled;
import org.xdi.service.cdi.util.CdiUtil;
import org.xdi.service.custom.lib.CustomLibrariesLoader;
import org.xdi.service.custom.script.CustomScriptManager;
import org.xdi.service.ldap.LdapConnectionService;
import org.xdi.service.timer.QuartzSchedulerManager;
import org.xdi.service.timer.event.TimerEvent;
import org.xdi.service.timer.schedule.TimerSchedule;
import org.xdi.util.StringHelper;
import org.xdi.util.properties.FileConfiguration;
import org.xdi.util.security.StringEncrypter;

@ApplicationScoped
@Named
/* loaded from: input_file:org/xdi/oxauth/service/AppInitializer.class */
public class AppInitializer {
    private static final String EVENT_TYPE = "AppInitializerTimerEvent";
    private static final int DEFAULT_INTERVAL = 30;
    public static final String LDAP_AUTH_CONFIG_NAME = "ldapAuthConfig";
    public static final String LDAP_ENTRY_MANAGER_NAME = "ldapEntryManager";
    public static final String LDAP_AUTH_ENTRY_MANAGER_NAME = "ldapAuthEntryManager";

    @Inject
    private Logger log;

    @Inject
    private BeanManager beanManager;

    @Inject
    private Event<String> event;

    @Inject
    private Event<TimerEvent> timerEvent;

    @Inject
    @Named(LDAP_ENTRY_MANAGER_NAME)
    private Instance<LdapEntryManager> ldapEntryManagerInstance;

    @Inject
    @Named(LDAP_AUTH_ENTRY_MANAGER_NAME)
    private Instance<List<LdapEntryManager>> ldapAuthEntryManagerInstance;

    @Inject
    @Named(LDAP_AUTH_CONFIG_NAME)
    private Instance<List<GluuLdapConfiguration>> ldapAuthConfigInstance;

    @Inject
    private Instance<AuthenticationMode> authenticationModeInstance;

    @Inject
    private Instance<EncryptionService> encryptionServiceInstance;

    @Inject
    private ApplianceService applianceService;

    @Inject
    private PythonService pythonService;

    @Inject
    private MetricService metricService;

    @Inject
    private CustomScriptManager customScriptManager;

    @Inject
    private ConfigurationFactory configurationFactory;

    @Inject
    private CleanerTimer cleanerTimer;

    @Inject
    private KeyGeneratorTimer keyGeneratorTimer;

    @Inject
    private CustomLibrariesLoader customLibrariesLoader;

    @Inject
    private LdapStatusTimer ldapStatusTimer;

    @Inject
    private QuartzSchedulerManager quartzSchedulerManager;

    @Inject
    private LoggerService loggerService;
    private FileConfiguration ldapConfig;
    private List<GluuLdapConfiguration> ldapAuthConfigs;
    private LdapConnectionService connectionProvider;
    private LdapConnectionService bindConnectionProvider;
    private List<LdapConnectionService> authConnectionProviders;
    private List<LdapConnectionService> authBindConnectionProviders;
    private AtomicBoolean isActive;
    private long lastFinishedTime;
    private AuthenticationMode authenticationMode;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/xdi/oxauth/service/AppInitializer$LdapConnectionProviders.class */
    public class LdapConnectionProviders {
        private LdapConnectionService connectionProvider;
        private LdapConnectionService connectionBindProvider;

        public LdapConnectionProviders(LdapConnectionService ldapConnectionService, LdapConnectionService ldapConnectionService2) {
            this.connectionProvider = ldapConnectionService;
            this.connectionBindProvider = ldapConnectionService2;
        }

        public LdapConnectionService getConnectionProvider() {
            return this.connectionProvider;
        }

        public LdapConnectionService getConnectionBindProvider() {
            return this.connectionBindProvider;
        }
    }

    @PostConstruct
    public void createApplicationComponents() {
        SecurityProviderUtility.installBCProvider();
    }

    public void applicationInitialized(@Observes @Initialized(ApplicationScoped.class) Object obj) {
        this.customLibrariesLoader.init();
        createConnectionProvider();
        this.configurationFactory.create();
        LdapEntryManager ldapEntryManager = (LdapEntryManager) this.ldapEntryManagerInstance.get();
        createAuthConnectionProviders(loadLdapAuthConfigs(ldapEntryManager));
        setDefaultAuthenticationMethod(ldapEntryManager);
        this.pythonService.initPythonInterpreter(this.configurationFactory.getLdapConfiguration().getString("pythonModulesDir", (String) null));
        List asList = Arrays.asList(CustomScriptType.PERSON_AUTHENTICATION, CustomScriptType.CONSENT_GATHERING, CustomScriptType.CLIENT_REGISTRATION, CustomScriptType.ID_GENERATOR, CustomScriptType.UMA_RPT_POLICY, CustomScriptType.UMA_CLAIMS_GATHERING, CustomScriptType.APPLICATION_SESSION, CustomScriptType.DYNAMIC_SCOPE);
        initSchedulerService();
        this.metricService.initTimer();
        this.configurationFactory.initTimer();
        this.loggerService.initTimer();
        this.ldapStatusTimer.initTimer();
        this.cleanerTimer.initTimer();
        this.customScriptManager.initTimer(asList);
        this.keyGeneratorTimer.initTimer();
        initTimer();
    }

    protected void initSchedulerService() {
        this.quartzSchedulerManager.start();
        String property = System.getProperties().getProperty("gluu.disable.scheduler");
        if (property == null || !Boolean.valueOf(property).booleanValue()) {
            return;
        }
        this.log.warn("Suspending Quartz Scheduler Service...");
        this.quartzSchedulerManager.standby();
    }

    @ApplicationScoped
    @Produces
    public StringEncrypter getStringEncrypter() {
        String cryptoConfigurationSalt = this.configurationFactory.getCryptoConfigurationSalt();
        if (StringHelper.isEmpty(cryptoConfigurationSalt)) {
            throw new ConfigurationException("Encode salt isn't defined");
        }
        try {
            return StringEncrypter.instance(cryptoConfigurationSalt);
        } catch (StringEncrypter.EncryptionException e) {
            throw new ConfigurationException("Failed to create StringEncrypter instance");
        }
    }

    public void initTimer() {
        this.isActive = new AtomicBoolean(false);
        this.lastFinishedTime = System.currentTimeMillis();
        this.timerEvent.fire(new TimerEvent(new TimerSchedule(60, DEFAULT_INTERVAL), new AuthConfigurationEvent(), new Annotation[]{Scheduled.Literal.INSTANCE}));
    }

    public void destroy(@Observes @BeforeDestroyed(ApplicationScoped.class) ServletContext servletContext) {
        this.log.info("Closing LDAP connection at server shutdown...");
        closeLdapEntryManager((LdapEntryManager) this.ldapEntryManagerInstance.get());
        closeLdapAuthEntryManagers((List) this.ldapAuthEntryManagerInstance.get());
    }

    @Asynchronous
    public void reloadConfigurationTimerEvent(@Observes @Scheduled AuthConfigurationEvent authConfigurationEvent) {
        if (!this.isActive.get() && this.isActive.compareAndSet(false, true)) {
            try {
                reloadConfiguration();
            } catch (Throwable th) {
                this.log.error("Exception happened while reloading application configuration", th);
            } finally {
                this.isActive.set(false);
                this.lastFinishedTime = System.currentTimeMillis();
            }
        }
    }

    private void reloadConfiguration() {
        LdapEntryManager ldapEntryManager = (LdapEntryManager) this.ldapEntryManagerInstance.get();
        this.log.trace("Attempting to use {}: {}", LDAP_ENTRY_MANAGER_NAME, ldapEntryManager.getLdapOperationService());
        List<GluuLdapConfiguration> loadLdapAuthConfigs = loadLdapAuthConfigs(ldapEntryManager);
        if (!this.ldapAuthConfigs.equals(loadLdapAuthConfigs)) {
            recreateLdapAuthEntryManagers(loadLdapAuthConfigs);
            this.event.select(new Annotation[]{ReloadAuthScript.Literal.INSTANCE}).fire(ExternalAuthenticationService.MODIFIED_INTERNAL_TYPES_EVENT_TYPE);
        }
        setDefaultAuthenticationMethod(ldapEntryManager);
    }

    public LdapEntryManager createLdapAuthEntryManager(GluuLdapConfiguration gluuLdapConfiguration) {
        LdapConnectionProviders createAuthConnectionProviders = createAuthConnectionProviders(gluuLdapConfiguration);
        LdapEntryManager ldapEntryManager = new LdapEntryManager(new OperationsFacade(createAuthConnectionProviders.getConnectionProvider(), createAuthConnectionProviders.getConnectionBindProvider()));
        this.log.debug("Created custom authentication LdapEntryManager: {}", ldapEntryManager);
        return ldapEntryManager;
    }

    @ApplicationScoped
    @Produces
    @Named(LDAP_ENTRY_MANAGER_NAME)
    public LdapEntryManager getLdapEntryManager() {
        LdapEntryManager ldapEntryManager = new LdapEntryManager(new OperationsFacade(this.connectionProvider, this.bindConnectionProvider));
        this.log.info("Created {}: {}", new Object[]{LDAP_ENTRY_MANAGER_NAME, ldapEntryManager.getLdapOperationService()});
        return ldapEntryManager;
    }

    @ApplicationScoped
    @Produces
    @Named(LDAP_AUTH_CONFIG_NAME)
    public List<GluuLdapConfiguration> createLdapAuthConfigs() {
        return this.ldapAuthConfigs;
    }

    @ApplicationScoped
    @Produces
    @Named(LDAP_AUTH_ENTRY_MANAGER_NAME)
    public List<LdapEntryManager> createLdapAuthEntryManager() {
        ArrayList arrayList = new ArrayList();
        if (this.ldapAuthConfigs.size() == 0) {
            return arrayList;
        }
        for (int i = 0; i < this.ldapAuthConfigs.size(); i++) {
            LdapEntryManager ldapEntryManager = new LdapEntryManager(new OperationsFacade(this.authConnectionProviders.get(i), this.authBindConnectionProviders.get(i)));
            this.log.debug("Created {}#{}: {}", new Object[]{LDAP_AUTH_ENTRY_MANAGER_NAME, Integer.valueOf(i), ldapEntryManager});
            arrayList.add(ldapEntryManager);
        }
        return arrayList;
    }

    public void recreateLdapEntryManager(@Observes @LdapConfigurationReload String str) {
        LdapEntryManager ldapEntryManager = (LdapEntryManager) CdiUtil.getContextBean(this.beanManager, LdapEntryManager.class, LDAP_ENTRY_MANAGER_NAME);
        createConnectionProvider();
        closeLdapEntryManager(ldapEntryManager);
        LdapEntryManager ldapEntryManager2 = (LdapEntryManager) this.ldapEntryManagerInstance.get();
        this.ldapEntryManagerInstance.destroy(ldapEntryManager2);
        this.log.info("Recreated instance {}: {}", LDAP_ENTRY_MANAGER_NAME, ldapEntryManager2);
    }

    private void createConnectionProvider() {
        this.ldapConfig = this.configurationFactory.getLdapConfiguration();
        Properties properties = this.ldapConfig.getProperties();
        this.connectionProvider = createConnectionProvider(properties);
        if (!ResultCode.SUCCESS.equals(this.connectionProvider.getCreationResultCode())) {
            throw new ConfigurationException("Failed to create LDAP connection pool!");
        }
        this.log.debug("Created connectionProvider: {}", this.connectionProvider);
        this.bindConnectionProvider = createBindConnectionProvider(prepareBindConnectionProperties(properties), properties);
        if (!ResultCode.SUCCESS.equals(this.bindConnectionProvider.getCreationResultCode())) {
            throw new ConfigurationException("Failed to create LDAP connection pool!");
        }
        this.log.debug("Created bindConnectionProvider: {}", this.bindConnectionProvider);
    }

    private void closeLdapEntryManager(LdapEntryManager ldapEntryManager) {
        this.log.debug("Attempting to destroy {}: {}", LDAP_ENTRY_MANAGER_NAME, ldapEntryManager);
        ldapEntryManager.destroy();
        this.log.debug("Destroyed {}: {}", LDAP_ENTRY_MANAGER_NAME, ldapEntryManager);
    }

    public void recreateLdapAuthEntryManagers(List<GluuLdapConfiguration> list) {
        List<LdapEntryManager> list2 = (List) CdiUtil.getContextBean(this.beanManager, new ParameterizedTypeImpl(List.class, new Type[]{LdapEntryManager.class}), LDAP_AUTH_ENTRY_MANAGER_NAME);
        createAuthConnectionProviders(list);
        closeLdapAuthEntryManagers(list2);
        for (LdapEntryManager ldapEntryManager : list2) {
            this.log.debug("Attempting to destroy {}: {}", LDAP_AUTH_ENTRY_MANAGER_NAME, ldapEntryManager);
            ldapEntryManager.destroy();
            this.log.debug("Destroyed {}: {}", LDAP_AUTH_ENTRY_MANAGER_NAME, ldapEntryManager);
        }
        List list3 = (List) this.ldapAuthEntryManagerInstance.get();
        this.ldapAuthEntryManagerInstance.destroy(list3);
        this.log.info("Recreated instance {}: {}", LDAP_AUTH_ENTRY_MANAGER_NAME, list3);
    }

    private void createAuthConnectionProviders(List<GluuLdapConfiguration> list) {
        List list2 = (List) this.ldapAuthConfigInstance.get();
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        Iterator<GluuLdapConfiguration> it = list.iterator();
        while (it.hasNext()) {
            LdapConnectionProviders createAuthConnectionProviders = createAuthConnectionProviders(it.next());
            arrayList.add(createAuthConnectionProviders.getConnectionProvider());
            arrayList2.add(createAuthConnectionProviders.getConnectionBindProvider());
        }
        this.ldapAuthConfigs = list;
        this.authConnectionProviders = arrayList;
        this.authBindConnectionProviders = arrayList2;
        this.ldapAuthConfigInstance.destroy(list2);
    }

    private void closeLdapAuthEntryManagers(List<LdapEntryManager> list) {
        for (LdapEntryManager ldapEntryManager : list) {
            this.log.debug("Attempting to destroy {}: {}", LDAP_AUTH_ENTRY_MANAGER_NAME, ldapEntryManager);
            ldapEntryManager.destroy();
            this.log.debug("Destroyed {}: {}", LDAP_AUTH_ENTRY_MANAGER_NAME, ldapEntryManager);
        }
    }

    public LdapConnectionProviders createAuthConnectionProviders(GluuLdapConfiguration gluuLdapConfiguration) {
        Properties prepareAuthConnectionProperties = prepareAuthConnectionProperties(gluuLdapConfiguration);
        return new LdapConnectionProviders(createConnectionProvider(prepareAuthConnectionProperties), createBindConnectionProvider(prepareBindConnectionProperties(prepareAuthConnectionProperties), prepareAuthConnectionProperties));
    }

    private Properties prepareAuthConnectionProperties(GluuLdapConfiguration gluuLdapConfiguration) {
        Properties properties = (Properties) this.configurationFactory.getLdapConfiguration().getProperties().clone();
        if (gluuLdapConfiguration != null) {
            properties.setProperty("servers", buildServersString(gluuLdapConfiguration.getServers()));
            String bindDN = gluuLdapConfiguration.getBindDN();
            if (StringHelper.isNotEmpty(bindDN)) {
                properties.setProperty("bindDN", bindDN);
                properties.setProperty("bindPassword", gluuLdapConfiguration.getBindPassword());
            }
            properties.setProperty("useSSL", Boolean.toString(gluuLdapConfiguration.isUseSSL()));
            properties.setProperty("maxconnections", Integer.toString(gluuLdapConfiguration.getMaxConnections()));
        }
        return properties;
    }

    private Properties prepareBindConnectionProperties(Properties properties) {
        Properties properties2 = (Properties) properties.clone();
        properties2.remove("bindDN");
        properties2.remove("bindPassword");
        return properties2;
    }

    private LdapConnectionService createConnectionProvider(Properties properties) {
        return new LdapConnectionService(((EncryptionService) this.encryptionServiceInstance.get()).decryptProperties(properties));
    }

    private LdapConnectionService createBindConnectionProvider(Properties properties, Properties properties2) {
        LdapConnectionService createConnectionProvider = createConnectionProvider(properties);
        if (ResultCode.INAPPROPRIATE_AUTHENTICATION.equals(createConnectionProvider.getCreationResultCode())) {
            this.log.warn("It's not possible to create authentication LDAP connection pool using anonymous bind. Attempting to create it using binDN/bindPassword");
            createConnectionProvider = createConnectionProvider(properties2);
        }
        return createConnectionProvider;
    }

    private String buildServersString(List<?> list) {
        StringBuilder sb = new StringBuilder();
        if (list == null) {
            return sb.toString();
        }
        boolean z = true;
        for (Object obj : list) {
            if (z) {
                z = false;
            } else {
                sb.append(",");
            }
            if (obj instanceof SimpleProperty) {
                sb.append(((SimpleProperty) obj).getValue());
            } else {
                sb.append(obj);
            }
        }
        return sb.toString();
    }

    private List<oxIDPAuthConf> loadLdapIdpAuthConfigs(LdapEntryManager ldapEntryManager) {
        GluuAppliance loadAppliance = loadAppliance(ldapEntryManager, "oxIDPAuthentication");
        if (loadAppliance == null || loadAppliance.getOxIDPAuthentication() == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        for (String str : loadAppliance.getOxIDPAuthentication()) {
            try {
                oxIDPAuthConf oxidpauthconf = (oxIDPAuthConf) jsonToObject(str, oxIDPAuthConf.class);
                if (oxidpauthconf.getType().equalsIgnoreCase("ldap") || oxidpauthconf.getType().equalsIgnoreCase("auth")) {
                    arrayList.add(oxidpauthconf);
                }
            } catch (Exception e) {
                this.log.error("Failed to create object by json: '{}'", str, e);
            }
        }
        return arrayList;
    }

    private void setDefaultAuthenticationMethod(LdapEntryManager ldapEntryManager) {
        String str = null;
        if (this.authenticationMode != null) {
            str = this.authenticationMode.getName();
        }
        String actualDefaultAuthenticationMethod = getActualDefaultAuthenticationMethod(ldapEntryManager);
        if (StringHelper.equals(str, actualDefaultAuthenticationMethod)) {
            return;
        }
        this.authenticationMode = null;
        if (actualDefaultAuthenticationMethod != null) {
            this.authenticationMode = new AuthenticationMode(actualDefaultAuthenticationMethod);
        }
        this.authenticationModeInstance.destroy(this.authenticationModeInstance.get());
    }

    private String getActualDefaultAuthenticationMethod(LdapEntryManager ldapEntryManager) {
        GluuAppliance loadAppliance = loadAppliance(ldapEntryManager, "oxAuthenticationMode");
        if (loadAppliance == null) {
            return null;
        }
        return loadAppliance.getAuthenticationMode();
    }

    @ApplicationScoped
    @Produces
    public AuthenticationMode getDefaultAuthenticationMode() {
        return this.authenticationMode;
    }

    private GluuAppliance loadAppliance(LdapEntryManager ldapEntryManager, String... strArr) {
        String appliance = this.configurationFactory.getBaseDn().getAppliance();
        String applianceInum = this.configurationFactory.getAppConfiguration().getApplianceInum();
        if (StringHelper.isEmpty(appliance) || StringHelper.isEmpty(applianceInum)) {
            return null;
        }
        try {
            return (GluuAppliance) ldapEntryManager.find(GluuAppliance.class, String.format("inum=%s,%s", applianceInum, appliance), strArr);
        } catch (LdapMappingException e) {
            this.log.error("Failed to load appliance entry from Ldap", e);
            return null;
        }
    }

    public GluuLdapConfiguration loadLdapAuthConfig(oxIDPAuthConf oxidpauthconf) {
        if (oxidpauthconf == null) {
            return null;
        }
        try {
            if (oxidpauthconf.getType().equalsIgnoreCase("auth")) {
                return mapLdapConfig(oxidpauthconf.getConfig());
            }
            return null;
        } catch (Exception e) {
            this.log.error("Failed to create object by oxIDPAuthConf: '{}'", oxidpauthconf, e);
            return null;
        }
    }

    private List<GluuLdapConfiguration> loadLdapAuthConfigs(LdapEntryManager ldapEntryManager) {
        ArrayList arrayList = new ArrayList();
        List<oxIDPAuthConf> loadLdapIdpAuthConfigs = loadLdapIdpAuthConfigs(ldapEntryManager);
        if (loadLdapIdpAuthConfigs == null) {
            return arrayList;
        }
        Iterator<oxIDPAuthConf> it = loadLdapIdpAuthConfigs.iterator();
        while (it.hasNext()) {
            GluuLdapConfiguration loadLdapAuthConfig = loadLdapAuthConfig(it.next());
            if (loadLdapAuthConfig != null && loadLdapAuthConfig.isEnabled()) {
                arrayList.add(loadLdapAuthConfig);
            }
        }
        return arrayList;
    }

    private GluuLdapConfiguration mapLdapConfig(String str) throws Exception {
        return (GluuLdapConfiguration) jsonToObject(str, GluuLdapConfiguration.class);
    }

    private Object jsonToObject(String str, Class<?> cls) throws Exception {
        return new ObjectMapper().readValue(str, cls);
    }
}
