package cz.integsoft.mule.security.internal.config;

import cz.integsoft.mule.security.api.TokenCacheManager;
import cz.integsoft.mule.security.internal.operation.AuthenticationOperations;
import java.util.Collection;
import java.util.concurrent.TimeUnit;
import javax.inject.Inject;
import javax.inject.Named;
import org.infinispan.configuration.cache.ConfigurationBuilder;
import org.infinispan.configuration.cache.StorageType;
import org.infinispan.manager.EmbeddedCacheManager;
import org.infinispan.spring.embedded.provider.SpringEmbeddedCacheManager;
import org.keycloak.adapters.AdapterDeploymentContext;
import org.keycloak.adapters.springsecurity.filter.KeycloakAuthenticationProcessingFilter;
import org.mule.runtime.api.artifact.Registry;
import org.mule.runtime.api.i18n.I18nMessageFactory;
import org.mule.runtime.api.lifecycle.Initialisable;
import org.mule.runtime.api.lifecycle.InitialisationException;
import org.mule.runtime.api.meta.ExpressionSupport;
import org.mule.runtime.api.meta.ExternalLibraryType;
import org.mule.runtime.core.api.security.SecurityManager;
import org.mule.runtime.core.api.security.SecurityProvider;
import org.mule.runtime.extension.api.annotation.Alias;
import org.mule.runtime.extension.api.annotation.Configuration;
import org.mule.runtime.extension.api.annotation.Expression;
import org.mule.runtime.extension.api.annotation.ExternalLib;
import org.mule.runtime.extension.api.annotation.ExternalLibs;
import org.mule.runtime.extension.api.annotation.Ignore;
import org.mule.runtime.extension.api.annotation.Operations;
import org.mule.runtime.extension.api.annotation.param.Optional;
import org.mule.runtime.extension.api.annotation.param.Parameter;
import org.mule.runtime.extension.api.annotation.param.RefName;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.cache.CacheManager;

@ExternalLibs({@ExternalLib(name = "Keycloak Spring Security Adapter", coordinates = "org.keycloak:keycloak-spring-security-adapter:4.8.3.Final", type = ExternalLibraryType.DEPENDENCY), @ExternalLib(name = "Keycloak Admin Client", coordinates = "org.keycloak:keycloak-admin-client:4.8.3.Final", type = ExternalLibraryType.DEPENDENCY), @ExternalLib(name = "Keycloak Adapter SPI", coordinates = "org.keycloak:keycloak-adapter-spi:4.8.3.Final", type = ExternalLibraryType.DEPENDENCY)})
@Configuration(name = "authentication-config")
@Operations({AuthenticationOperations.class})
/* loaded from: input_file:cz/integsoft/mule/security/internal/config/AuthenticationConfig.class */
public class AuthenticationConfig implements Initialisable {
    private static final String bf = "muleKeycloakSecurityProvider";
    private static final String bg = "sso-parent-cache-configuration";
    private static final int bh = 100000;

    @Inject
    private Registry bi;

    @Inject
    @Named("ismSsoTokenCacheManager")
    private TokenCacheManager as;
    private static final Logger bj = LoggerFactory.getLogger(AuthenticationConfig.class);

    @RefName
    private String bk;

    @Optional(defaultValue = "authProvider")
    @Parameter
    @Expression(ExpressionSupport.NOT_SUPPORTED)
    @Alias(value = "security-provider-name", description = "The name of delegated security provider defined in delegate-security-provider element")
    private String bl;

    @Optional(defaultValue = "keycloakAuthenticationProcessingFilter")
    @Parameter
    @Expression(ExpressionSupport.NOT_SUPPORTED)
    @Alias(value = "keycloak-filter-name", description = "The name of Spring bean of Keycloak authentication processing filter")
    private String bm;

    @Optional(defaultValue = "adapterDeploymentContextBean")
    @Parameter
    @Expression(ExpressionSupport.NOT_SUPPORTED)
    @Alias(value = "keycloak-deployment-context-name", description = "The name of Spring bean of Keycloak deployment context factory.")
    private String bn;

    @Optional(defaultValue = "Mule")
    @Parameter
    @Expression(ExpressionSupport.NOT_SUPPORTED)
    @Alias(value = "security-realm-name", description = "The security realm name")
    private String bo;

    @Optional(defaultValue = "false")
    @Parameter
    @Expression(ExpressionSupport.NOT_SUPPORTED)
    @Alias(value = "enable-token-cache", description = "Enables SSO token cache for basic authentication.")
    private boolean bp;

    @Optional(defaultValue = "cacheManager")
    @Parameter
    @Expression(ExpressionSupport.NOT_SUPPORTED)
    @Alias(value = "cache-manager-name", description = "Cache manager name for lookup.")
    private String bq;

    @Optional(defaultValue = "3600")
    @Parameter
    @Expression(ExpressionSupport.NOT_SUPPORTED)
    @Alias(value = "token-cache-timeout", description = "Positive number representing SSO token cache timeout [in seconds].")
    private int br;

    @Optional(defaultValue = "15000")
    @Parameter
    @Expression(ExpressionSupport.NOT_SUPPORTED)
    @Alias(value = "connection-timeout", description = "Positive number representing Keycloak connection timeout [in milliseconds].")
    private int bs;

    @Optional(defaultValue = "-1")
    @Parameter
    @Expression(ExpressionSupport.NOT_SUPPORTED)
    @Alias(value = "read-timeout", description = "Positive number representing read timeout from keycloak [in milliseconds].")
    private int bt;

    @Ignore
    private KeycloakSecurityHolder bu;
    private SecurityManager ar;

    public String getSecurityProviderName() {
        return this.bl;
    }

    public void setSecurityProviderName(String str) {
        this.bl = str;
    }

    public String getKeycloakAuthFilterName() {
        return this.bm;
    }

    public void setKeycloakAuthFilterName(String str) {
        this.bm = str;
    }

    public String getKeycloakDeploymentContextName() {
        return this.bn;
    }

    public void setKeycloakDeploymentContextName(String str) {
        this.bn = str;
    }

    public String getRealmName() {
        return this.bo;
    }

    public void setRealmName(String str) {
        this.bo = str;
    }

    public SecurityManager getSecurityManager() {
        return this.ar;
    }

    public void setSecurityManager(SecurityManager securityManager) {
        this.ar = securityManager;
    }

    public boolean isEnableTokenCache() {
        return this.bp;
    }

    public TokenCacheManager getTokenCacheManager() {
        return this.as;
    }

    public String getConfigName() {
        return this.bk;
    }

    public String getCacheManagerName() {
        return this.bq;
    }

    @Ignore
    public String getCacheName() {
        return "sso-token-cache-" + this.bk;
    }

    public int getConnectionTimeout() {
        return this.bs;
    }

    public int getReadTimeout() {
        return this.bt;
    }

    @Ignore
    public KeycloakSecurityHolder getKeycloakSecurity() {
        return this.bu;
    }

    public void initialise() throws InitialisationException {
        bj.info("Initializing config with name " + this.bk);
        Object obj = this.bi.lookupByName(this.bm).get();
        Object obj2 = this.bi.lookupByName(this.bn).get();
        bj.debug("Looking up for {}: {}", KeycloakAuthenticationProcessingFilter.class.getName(), obj);
        bj.debug("Looking up for {}: {}", AdapterDeploymentContext.class.getName(), obj2);
        this.bu = new KeycloakSecurityHolder((KeycloakAuthenticationProcessingFilter) obj, (AdapterDeploymentContext) obj2);
        Collection lookupAllByType = this.bi.lookupAllByType(SecurityManager.class);
        java.util.Optional findFirst = lookupAllByType.stream().filter(securityManager -> {
            return securityManager.getProvider(this.bl) != null;
        }).findFirst();
        if (findFirst.isPresent()) {
            bj.info("Found security manager with provider name {}: {}", this.bl, findFirst.get());
            this.ar = (SecurityManager) findFirst.get();
        } else {
            if (lookupAllByType.isEmpty()) {
                throw new InitialisationException(I18nMessageFactory.createStaticMessage("Failed to get security manager! Something wrong happened!"), this);
            }
            SecurityManager securityManager2 = (SecurityManager) lookupAllByType.iterator().next();
            SecurityProvider securityProvider = (SecurityProvider) this.bi.lookupByName(bf).get();
            bj.info("Setting up security provider in the default security manager: {}", securityProvider);
            securityManager2.addProvider(securityProvider);
            this.ar = securityManager2;
            bj.info("Not found security manager with provider name {}, so selecting the default: {}", this.bl, securityManager2);
        }
        if (this.bp) {
            SpringEmbeddedCacheManager springEmbeddedCacheManager = (CacheManager) this.bi.lookupByName(this.bq).get();
            if (springEmbeddedCacheManager instanceof SpringEmbeddedCacheManager) {
                bj.info("{}: Initializing dynamic SSO token cache {} with timeout {}.", new Object[]{this.bk, getCacheName(), Integer.valueOf(this.br)});
                EmbeddedCacheManager nativeCacheManager = springEmbeddedCacheManager.getNativeCacheManager();
                if (nativeCacheManager.cacheExists(getCacheName())) {
                    bj.warn("{}: Cache {} already exists, so using it. Please check if the defined cache is suitable for this purpose. Cache: {}", new Object[]{this.bk, getCacheName(), springEmbeddedCacheManager.getCache(getCacheName())});
                } else {
                    bj.info("{}: Creating new dynamic SSO token cache {} with timeout {}.", new Object[]{this.bk, getCacheName(), Integer.valueOf(this.br)});
                    nativeCacheManager.defineConfiguration(getCacheName(), new ConfigurationBuilder().read(nativeCacheManager.getCacheConfiguration(bg)).template(false).expiration().maxIdle(this.br, TimeUnit.SECONDS).lifespan(this.br, TimeUnit.SECONDS).memory().storage(StorageType.HEAP).maxCount(100000L).build());
                }
                this.as.register(getCacheName(), springEmbeddedCacheManager.getCache(getCacheName()));
            }
        }
        bj.info("Initializing config with name " + this.bk + " done");
    }

    public String toString() {
        return "AuthenticationConfig [securityProviderName=" + this.bl + ", keycloakAuthFilterName=" + this.bm + ", keycloakDeploymentContextName=" + this.bn + ", realmName=" + this.bo + ", enableTokenCache=" + this.bp + ", cacheManagerName=" + this.bq + ", configName=" + this.bk + "]";
    }
}
