package org.xdi.oxauth.service;

import java.lang.annotation.Annotation;
import java.lang.reflect.Type;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.annotation.PostConstruct;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.context.BeforeDestroyed;
import javax.enterprise.context.Initialized;
import javax.enterprise.event.Event;
import javax.enterprise.event.Observes;
import javax.enterprise.inject.Instance;
import javax.enterprise.inject.Produces;
import javax.enterprise.inject.spi.BeanManager;
import javax.inject.Inject;
import javax.inject.Named;
import javax.servlet.ServletContext;
import org.apache.logging.log4j.Level;
import org.apache.logging.log4j.core.LoggerContext;
import org.gluu.persist.PersistenceEntryManager;
import org.gluu.persist.PersistenceEntryManagerFactory;
import org.gluu.persist.exception.BasePersistenceException;
import org.jboss.weld.util.reflection.ParameterizedTypeImpl;
import org.slf4j.Logger;
import org.xdi.exception.ConfigurationException;
import org.xdi.model.SimpleProperty;
import org.xdi.model.custom.script.CustomScriptType;
import org.xdi.model.ldap.GluuLdapConfiguration;
import org.xdi.oxauth.model.appliance.GluuAppliance;
import org.xdi.oxauth.model.auth.AuthenticationMode;
import org.xdi.oxauth.model.config.ConfigurationFactory;
import org.xdi.oxauth.model.config.oxIDPAuthConf;
import org.xdi.oxauth.model.configuration.AppConfiguration;
import org.xdi.oxauth.model.util.SecurityProviderUtility;
import org.xdi.oxauth.service.cdi.event.AuthConfigurationEvent;
import org.xdi.oxauth.service.cdi.event.ReloadAuthScript;
import org.xdi.oxauth.service.external.ExternalAuthenticationService;
import org.xdi.oxauth.service.logger.LoggerService;
import org.xdi.oxauth.service.status.ldap.LdapStatusTimer;
import org.xdi.service.JsonService;
import org.xdi.service.PythonService;
import org.xdi.service.cdi.async.Asynchronous;
import org.xdi.service.cdi.event.ConfigurationUpdate;
import org.xdi.service.cdi.event.LdapConfigurationReload;
import org.xdi.service.cdi.event.Scheduled;
import org.xdi.service.cdi.util.CdiUtil;
import org.xdi.service.custom.lib.CustomLibrariesLoader;
import org.xdi.service.custom.script.CustomScriptManager;
import org.xdi.service.timer.QuartzSchedulerManager;
import org.xdi.service.timer.event.TimerEvent;
import org.xdi.service.timer.schedule.TimerSchedule;
import org.xdi.util.StringHelper;
import org.xdi.util.security.StringEncrypter;

@ApplicationScoped
@Named
/* loaded from: input_file:org/xdi/oxauth/service/AppInitializer.class */
public class AppInitializer {
    private static final String EVENT_TYPE = "AppInitializerTimerEvent";
    private static final int DEFAULT_INTERVAL = 30;
    public static final String PERSISTENCE_AUTH_CONFIG_NAME = "persistenceAuthConfig";
    public static final String PERSISTENCE_ENTRY_MANAGER_NAME = "persistenceEntryManager";
    public static final String PERSISTENCE_AUTH_ENTRY_MANAGER_NAME = "persistenceAuthEntryManager";

    @Inject
    private Logger log;

    @Inject
    private BeanManager beanManager;

    @Inject
    private Event<String> event;

    @Inject
    private Event<TimerEvent> timerEvent;

    @Inject
    private Instance<PersistenceEntryManagerFactory> persistenceEntryManagerFactoryInstance;

    @Inject
    @Named(PERSISTENCE_ENTRY_MANAGER_NAME)
    private Instance<PersistenceEntryManager> persistenceEntryManagerInstance;

    @Inject
    @Named(PERSISTENCE_AUTH_ENTRY_MANAGER_NAME)
    private Instance<List<PersistenceEntryManager>> persistenceAuthEntryManagerInstance;

    @Inject
    @Named(PERSISTENCE_AUTH_CONFIG_NAME)
    private Instance<List<GluuLdapConfiguration>> persistenceAuthConfigInstance;

    @Inject
    private Instance<AuthenticationMode> authenticationModeInstance;

    @Inject
    private Instance<EncryptionService> encryptionServiceInstance;

    @Inject
    private PythonService pythonService;

    @Inject
    private MetricService metricService;

    @Inject
    private CustomScriptManager customScriptManager;

    @Inject
    private ConfigurationFactory configurationFactory;

    @Inject
    private CleanerTimer cleanerTimer;

    @Inject
    private KeyGeneratorTimer keyGeneratorTimer;

    @Inject
    private CustomLibrariesLoader customLibrariesLoader;

    @Inject
    private LdapStatusTimer ldapStatusTimer;

    @Inject
    private QuartzSchedulerManager quartzSchedulerManager;

    @Inject
    private LoggerService loggerService;

    @Inject
    private JsonService jsonService;
    private AtomicBoolean isActive;
    private long lastFinishedTime;
    private AuthenticationMode authenticationMode;
    private List<GluuLdapConfiguration> persistenceAuthConfigs;

    @PostConstruct
    public void createApplicationComponents() {
        SecurityProviderUtility.installBCProvider();
    }

    public void applicationInitialized(@Observes @Initialized(ApplicationScoped.class) Object obj) {
        this.log.debug("Initializing application services");
        this.customLibrariesLoader.init();
        this.configurationFactory.create();
        this.loggerService.configure();
        PersistenceEntryManager persistenceEntryManager = (PersistenceEntryManager) this.persistenceEntryManagerInstance.get();
        this.persistenceAuthConfigs = loadPersistenceAuthConfigs(persistenceEntryManager);
        setDefaultAuthenticationMethod(persistenceEntryManager);
        this.pythonService.initPythonInterpreter(this.configurationFactory.getPersistenceConfiguration().getConfiguration().getString("pythonModulesDir", (String) null));
        List asList = Arrays.asList(CustomScriptType.PERSON_AUTHENTICATION, CustomScriptType.CONSENT_GATHERING, CustomScriptType.CLIENT_REGISTRATION, CustomScriptType.ID_GENERATOR, CustomScriptType.UMA_RPT_POLICY, CustomScriptType.UMA_CLAIMS_GATHERING, CustomScriptType.APPLICATION_SESSION, CustomScriptType.DYNAMIC_SCOPE);
        this.quartzSchedulerManager.start();
        this.metricService.initTimer();
        this.configurationFactory.initTimer();
        this.ldapStatusTimer.initTimer();
        this.cleanerTimer.initTimer();
        this.customScriptManager.initTimer(asList);
        this.keyGeneratorTimer.initTimer();
        initTimer();
    }

    @ApplicationScoped
    @Produces
    public StringEncrypter getStringEncrypter() {
        String cryptoConfigurationSalt = this.configurationFactory.getCryptoConfigurationSalt();
        if (StringHelper.isEmpty(cryptoConfigurationSalt)) {
            throw new ConfigurationException("Encode salt isn't defined");
        }
        try {
            return StringEncrypter.instance(cryptoConfigurationSalt);
        } catch (StringEncrypter.EncryptionException e) {
            throw new ConfigurationException("Failed to create StringEncrypter instance");
        }
    }

    public void initTimer() {
        this.isActive = new AtomicBoolean(false);
        this.lastFinishedTime = System.currentTimeMillis();
        this.timerEvent.fire(new TimerEvent(new TimerSchedule(60, DEFAULT_INTERVAL), new AuthConfigurationEvent(), new Annotation[]{Scheduled.Literal.INSTANCE}));
    }

    @Asynchronous
    public void reloadConfigurationTimerEvent(@Observes @Scheduled AuthConfigurationEvent authConfigurationEvent) {
        if (!this.isActive.get() && this.isActive.compareAndSet(false, true)) {
            try {
                reloadConfiguration();
            } catch (Throwable th) {
                this.log.error("Exception happened while reloading application configuration", th);
            } finally {
                this.isActive.set(false);
                this.lastFinishedTime = System.currentTimeMillis();
            }
        }
    }

    private void reloadConfiguration() {
        PersistenceEntryManager persistenceEntryManager = (PersistenceEntryManager) this.persistenceEntryManagerInstance.get();
        this.log.trace("Attempting to use {}: {}", PERSISTENCE_ENTRY_MANAGER_NAME, persistenceEntryManager.getOperationService());
        List<GluuLdapConfiguration> loadPersistenceAuthConfigs = loadPersistenceAuthConfigs(persistenceEntryManager);
        if (!this.persistenceAuthConfigs.equals(loadPersistenceAuthConfigs)) {
            recreatePersistenceAuthEntryManagers(loadPersistenceAuthConfigs);
            this.persistenceAuthConfigs = loadPersistenceAuthConfigs;
            this.event.select(new Annotation[]{ReloadAuthScript.Literal.INSTANCE}).fire(ExternalAuthenticationService.MODIFIED_INTERNAL_TYPES_EVENT_TYPE);
        }
        setDefaultAuthenticationMethod(persistenceEntryManager);
    }

    public PersistenceEntryManager createPersistenceAuthEntryManager(GluuLdapConfiguration gluuLdapConfiguration) {
        Properties prepareAuthConnectionProperties = prepareAuthConnectionProperties(gluuLdapConfiguration);
        PersistenceEntryManagerFactory persistenceEntryManagerFactory = getPersistenceEntryManagerFactory();
        try {
            PersistenceEntryManager createEntryManager = persistenceEntryManagerFactory.createEntryManager(prepareAuthConnectionProperties);
            this.log.debug("Created custom authentication PersistenceEntryManager: {}", createEntryManager);
            this.persistenceEntryManagerFactoryInstance.destroy(persistenceEntryManagerFactory);
            return createEntryManager;
        } catch (Throwable th) {
            this.persistenceEntryManagerFactoryInstance.destroy(persistenceEntryManagerFactory);
            throw th;
        }
    }

    @ApplicationScoped
    @Produces
    @Named(PERSISTENCE_ENTRY_MANAGER_NAME)
    public PersistenceEntryManager createPersistenceEntryManager() {
        Properties decryptAllProperties = ((EncryptionService) this.encryptionServiceInstance.get()).decryptAllProperties(this.configurationFactory.getPersistenceConfiguration().getConfiguration().getProperties());
        PersistenceEntryManagerFactory persistenceEntryManagerFactory = getPersistenceEntryManagerFactory();
        try {
            PersistenceEntryManager createEntryManager = persistenceEntryManagerFactory.createEntryManager(decryptAllProperties);
            this.log.info("Created {}: {}", new Object[]{PERSISTENCE_ENTRY_MANAGER_NAME, createEntryManager});
            this.persistenceEntryManagerFactoryInstance.destroy(persistenceEntryManagerFactory);
            return createEntryManager;
        } catch (Throwable th) {
            this.persistenceEntryManagerFactoryInstance.destroy(persistenceEntryManagerFactory);
            throw th;
        }
    }

    @ApplicationScoped
    @Produces
    @Named(PERSISTENCE_AUTH_CONFIG_NAME)
    public List<GluuLdapConfiguration> createPersistenceAuthConfigs() {
        return this.persistenceAuthConfigs;
    }

    @ApplicationScoped
    @Produces
    @Named(PERSISTENCE_AUTH_ENTRY_MANAGER_NAME)
    public List<PersistenceEntryManager> createPersistenceAuthEntryManager() {
        ArrayList arrayList = new ArrayList();
        if (this.persistenceAuthConfigs.size() == 0) {
            return arrayList;
        }
        List<Properties> prepareAuthConnectionProperties = prepareAuthConnectionProperties(this.persistenceAuthConfigs);
        PersistenceEntryManagerFactory persistenceEntryManagerFactory = getPersistenceEntryManagerFactory();
        for (int i = 0; i < prepareAuthConnectionProperties.size(); i++) {
            try {
                PersistenceEntryManager createEntryManager = persistenceEntryManagerFactory.createEntryManager(prepareAuthConnectionProperties.get(i));
                this.log.debug("Created {}#{}: {}", new Object[]{PERSISTENCE_AUTH_ENTRY_MANAGER_NAME, Integer.valueOf(i), createEntryManager});
                arrayList.add(createEntryManager);
            } finally {
                this.persistenceEntryManagerFactoryInstance.destroy(persistenceEntryManagerFactory);
            }
        }
        return arrayList;
    }

    protected PersistenceEntryManagerFactory getPersistenceEntryManagerFactory() {
        return (PersistenceEntryManagerFactory) this.persistenceEntryManagerFactoryInstance.select(this.configurationFactory.getPersistenceConfiguration().getEntryManagerFactoryType(), new Annotation[0]).get();
    }

    public void recreatePersistenceEntryManager(@Observes @LdapConfigurationReload String str) {
        closePersistenceEntryManager((PersistenceEntryManager) CdiUtil.getContextBean(this.beanManager, PersistenceEntryManager.class, PERSISTENCE_ENTRY_MANAGER_NAME));
        PersistenceEntryManager persistenceEntryManager = (PersistenceEntryManager) this.persistenceEntryManagerInstance.get();
        this.persistenceEntryManagerInstance.destroy(persistenceEntryManager);
        this.log.info("Recreated instance {}: {}", PERSISTENCE_ENTRY_MANAGER_NAME, persistenceEntryManager);
    }

    private void closePersistenceEntryManager(PersistenceEntryManager persistenceEntryManager) {
        this.log.debug("Attempting to destroy {}: {}", PERSISTENCE_ENTRY_MANAGER_NAME, persistenceEntryManager);
        persistenceEntryManager.destroy();
        this.log.debug("Destroyed {}: {}", PERSISTENCE_ENTRY_MANAGER_NAME, persistenceEntryManager);
    }

    private void closePersistenceEntryManagers(List<PersistenceEntryManager> list) {
        for (PersistenceEntryManager persistenceEntryManager : list) {
            this.log.debug("Attempting to destroy {}: {}", PERSISTENCE_AUTH_ENTRY_MANAGER_NAME, persistenceEntryManager);
            persistenceEntryManager.destroy();
            this.log.debug("Destroyed {}: {}", PERSISTENCE_AUTH_ENTRY_MANAGER_NAME, persistenceEntryManager);
        }
    }

    public void recreatePersistenceAuthEntryManagers(List<GluuLdapConfiguration> list) {
        List<PersistenceEntryManager> list2 = (List) CdiUtil.getContextBean(this.beanManager, new ParameterizedTypeImpl(List.class, new Type[]{PersistenceEntryManager.class}), PERSISTENCE_AUTH_ENTRY_MANAGER_NAME);
        this.persistenceAuthConfigs = list;
        closePersistenceEntryManagers(list2);
        for (PersistenceEntryManager persistenceEntryManager : list2) {
            this.log.debug("Attempting to destroy {}: {}", PERSISTENCE_AUTH_ENTRY_MANAGER_NAME, persistenceEntryManager);
            persistenceEntryManager.destroy();
            this.log.debug("Destroyed {}: {}", PERSISTENCE_AUTH_ENTRY_MANAGER_NAME, persistenceEntryManager);
        }
        List list3 = (List) this.persistenceAuthEntryManagerInstance.get();
        this.persistenceAuthEntryManagerInstance.destroy(list3);
        this.log.info("Recreated instance {}: {}", PERSISTENCE_AUTH_ENTRY_MANAGER_NAME, list3);
        this.persistenceAuthConfigInstance.destroy((List) this.persistenceAuthConfigInstance.get());
    }

    private List<Properties> prepareAuthConnectionProperties(List<GluuLdapConfiguration> list) {
        ArrayList arrayList = new ArrayList();
        Iterator<GluuLdapConfiguration> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(prepareAuthConnectionProperties(it.next()));
        }
        return arrayList;
    }

    private Properties prepareAuthConnectionProperties(GluuLdapConfiguration gluuLdapConfiguration) {
        Properties properties = (Properties) this.configurationFactory.getPersistenceConfiguration().getConfiguration().getProperties().clone();
        if (gluuLdapConfiguration != null) {
            properties.setProperty("servers", buildServersString(gluuLdapConfiguration.getServers()));
            String bindDN = gluuLdapConfiguration.getBindDN();
            if (StringHelper.isNotEmpty(bindDN)) {
                properties.setProperty("bindDN", bindDN);
                properties.setProperty("bindPassword", gluuLdapConfiguration.getBindPassword());
            }
            properties.setProperty("useSSL", Boolean.toString(gluuLdapConfiguration.isUseSSL()));
            properties.setProperty("maxconnections", Integer.toString(gluuLdapConfiguration.getMaxConnections()));
        }
        return ((EncryptionService) this.encryptionServiceInstance.get()).decryptAllProperties(properties);
    }

    private String buildServersString(List<?> list) {
        StringBuilder sb = new StringBuilder();
        if (list == null) {
            return sb.toString();
        }
        boolean z = true;
        for (Object obj : list) {
            if (z) {
                z = false;
            } else {
                sb.append(",");
            }
            if (obj instanceof SimpleProperty) {
                sb.append(((SimpleProperty) obj).getValue());
            } else {
                sb.append(obj);
            }
        }
        return sb.toString();
    }

    private void setDefaultAuthenticationMethod(PersistenceEntryManager persistenceEntryManager) {
        String str = null;
        if (this.authenticationMode != null) {
            str = this.authenticationMode.getName();
        }
        String actualDefaultAuthenticationMethod = getActualDefaultAuthenticationMethod(persistenceEntryManager);
        if (StringHelper.equals(str, actualDefaultAuthenticationMethod)) {
            return;
        }
        this.authenticationMode = null;
        if (actualDefaultAuthenticationMethod != null) {
            this.authenticationMode = new AuthenticationMode(actualDefaultAuthenticationMethod);
        }
        this.authenticationModeInstance.destroy(this.authenticationModeInstance.get());
    }

    private String getActualDefaultAuthenticationMethod(PersistenceEntryManager persistenceEntryManager) {
        GluuAppliance loadAppliance = loadAppliance(persistenceEntryManager, "oxAuthenticationMode");
        if (loadAppliance == null) {
            return null;
        }
        return loadAppliance.getAuthenticationMode();
    }

    @ApplicationScoped
    @Produces
    public AuthenticationMode getDefaultAuthenticationMode() {
        return this.authenticationMode;
    }

    private GluuAppliance loadAppliance(PersistenceEntryManager persistenceEntryManager, String... strArr) {
        String appliance = this.configurationFactory.getBaseDn().getAppliance();
        String applianceInum = this.configurationFactory.getAppConfiguration().getApplianceInum();
        if (StringHelper.isEmpty(appliance) || StringHelper.isEmpty(applianceInum)) {
            return null;
        }
        try {
            return (GluuAppliance) persistenceEntryManager.find(GluuAppliance.class, String.format("inum=%s,%s", applianceInum, appliance), strArr);
        } catch (BasePersistenceException e) {
            this.log.error("Failed to load appliance entry from Ldap", e);
            return null;
        }
    }

    private List<GluuLdapConfiguration> loadPersistenceAuthConfigs(PersistenceEntryManager persistenceEntryManager) {
        ArrayList arrayList = new ArrayList();
        List<oxIDPAuthConf> loadLdapIdpAuthConfigs = loadLdapIdpAuthConfigs(persistenceEntryManager);
        if (loadLdapIdpAuthConfigs == null) {
            return arrayList;
        }
        Iterator<oxIDPAuthConf> it = loadLdapIdpAuthConfigs.iterator();
        while (it.hasNext()) {
            GluuLdapConfiguration loadPersistenceAuthConfig = loadPersistenceAuthConfig(it.next());
            if (loadPersistenceAuthConfig != null && loadPersistenceAuthConfig.isEnabled()) {
                arrayList.add(loadPersistenceAuthConfig);
            }
        }
        return arrayList;
    }

    private List<oxIDPAuthConf> loadLdapIdpAuthConfigs(PersistenceEntryManager persistenceEntryManager) {
        GluuAppliance loadAppliance = loadAppliance(persistenceEntryManager, "oxIDPAuthentication");
        if (loadAppliance == null || loadAppliance.getOxIDPAuthentication() == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        for (String str : loadAppliance.getOxIDPAuthentication()) {
            try {
                oxIDPAuthConf oxidpauthconf = (oxIDPAuthConf) this.jsonService.jsonToObject(str, oxIDPAuthConf.class);
                if (oxidpauthconf.getType().equalsIgnoreCase("ldap") || oxidpauthconf.getType().equalsIgnoreCase("auth")) {
                    arrayList.add(oxidpauthconf);
                }
            } catch (Exception e) {
                this.log.error("Failed to create object by json: '{}'", str, e);
            }
        }
        return arrayList;
    }

    private GluuLdapConfiguration loadPersistenceAuthConfig(oxIDPAuthConf oxidpauthconf) {
        if (oxidpauthconf == null) {
            return null;
        }
        try {
            if (oxidpauthconf.getType().equalsIgnoreCase("auth")) {
                return (GluuLdapConfiguration) this.jsonService.jsonToObject(oxidpauthconf.getConfig(), GluuLdapConfiguration.class);
            }
            return null;
        } catch (Exception e) {
            this.log.error("Failed to create object by oxIDPAuthConf: '{}'", oxidpauthconf, e);
            return null;
        }
    }

    public void updateLoggingSeverity(@Observes @ConfigurationUpdate AppConfiguration appConfiguration) {
        String loggingLevel = appConfiguration.getLoggingLevel();
        if (StringHelper.isEmpty(loggingLevel)) {
            return;
        }
        this.log.info("Setting loggers level to: '{}'", loggingLevel);
        LoggerContext context = LoggerContext.getContext(false);
        if (StringHelper.equalsIgnoreCase("DEFAULT", loggingLevel)) {
            this.log.info("Reloading log4j configuration");
            context.reconfigure();
            return;
        }
        Level level = Level.toLevel(loggingLevel, Level.INFO);
        for (org.apache.logging.log4j.core.Logger logger : context.getLoggers()) {
            String name = logger.getName();
            if (name.startsWith("org.xdi.service") || name.startsWith("org.xdi.oxauth") || name.startsWith("org.gluu") || level == Level.OFF) {
                logger.setLevel(level);
            }
        }
    }

    public void destroy(@Observes @BeforeDestroyed(ApplicationScoped.class) ServletContext servletContext) {
        this.log.info("Closing LDAP connection at server shutdown...");
        closePersistenceEntryManager((PersistenceEntryManager) this.persistenceEntryManagerInstance.get());
        closePersistenceEntryManagers((List) this.persistenceAuthEntryManagerInstance.get());
    }
}
