package cz.integsoft.mule.security.internal.config;

import cz.integsoft.mule.security.api.TokenCacheManager;
import cz.integsoft.mule.security.internal.operation.AuthenticationOperations;
import java.util.Collection;
import java.util.concurrent.TimeUnit;
import javax.inject.Inject;
import javax.inject.Named;
import org.infinispan.configuration.cache.ConfigurationBuilder;
import org.infinispan.configuration.cache.StorageType;
import org.infinispan.manager.EmbeddedCacheManager;
import org.infinispan.spring.embedded.provider.SpringEmbeddedCacheManager;
import org.keycloak.adapters.AdapterDeploymentContext;
import org.keycloak.adapters.springsecurity.filter.KeycloakAuthenticationProcessingFilter;
import org.mule.runtime.api.artifact.Registry;
import org.mule.runtime.api.i18n.I18nMessageFactory;
import org.mule.runtime.api.lifecycle.Initialisable;
import org.mule.runtime.api.lifecycle.InitialisationException;
import org.mule.runtime.api.meta.ExpressionSupport;
import org.mule.runtime.api.meta.ExternalLibraryType;
import org.mule.runtime.core.api.security.SecurityManager;
import org.mule.runtime.core.api.security.SecurityProvider;
import org.mule.runtime.extension.api.annotation.Alias;
import org.mule.runtime.extension.api.annotation.Configuration;
import org.mule.runtime.extension.api.annotation.Expression;
import org.mule.runtime.extension.api.annotation.ExternalLib;
import org.mule.runtime.extension.api.annotation.ExternalLibs;
import org.mule.runtime.extension.api.annotation.Ignore;
import org.mule.runtime.extension.api.annotation.Operations;
import org.mule.runtime.extension.api.annotation.param.Optional;
import org.mule.runtime.extension.api.annotation.param.Parameter;
import org.mule.runtime.extension.api.annotation.param.RefName;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.cache.CacheManager;

@ExternalLibs({@ExternalLib(name = "Keycloak Spring Security Adapter", coordinates = "org.keycloak:keycloak-spring-security-adapter:4.8.3.Final", type = ExternalLibraryType.DEPENDENCY), @ExternalLib(name = "Keycloak Admin Client", coordinates = "org.keycloak:keycloak-admin-client:4.8.3.Final", type = ExternalLibraryType.DEPENDENCY), @ExternalLib(name = "Keycloak Adapter SPI", coordinates = "org.keycloak:keycloak-adapter-spi:4.8.3.Final", type = ExternalLibraryType.DEPENDENCY)})
@Configuration(name = "authentication-config")
@Operations({AuthenticationOperations.class})
/* loaded from: input_file:cz/integsoft/mule/security/internal/config/AuthenticationConfig.class */
public class AuthenticationConfig implements Initialisable {
    private static final String az = "muleKeycloakSecurityProvider";
    private static final String aA = "sso-parent-cache-configuration";
    private static final int aB = 100000;

    @Inject
    private Registry aC;

    @Inject
    @Named("ismSsoTokenCacheManager")
    private TokenCacheManager W;
    private static final Logger a = LoggerFactory.getLogger(AuthenticationConfig.class);

    @RefName
    private String aD;

    @Optional(defaultValue = "authProvider")
    @Parameter
    @Expression(ExpressionSupport.NOT_SUPPORTED)
    @Alias(value = "security-provider-name", description = "The name of delegated security provider defined in delegate-security-provider element")
    private String aE;

    @Optional(defaultValue = "keycloakAuthenticationProcessingFilter")
    @Parameter
    @Expression(ExpressionSupport.NOT_SUPPORTED)
    @Alias(value = "keycloak-filter-name", description = "The name of Spring bean of Keycloak authentication processing filter")
    private String aF;

    @Optional(defaultValue = "adapterDeploymentContextBean")
    @Parameter
    @Expression(ExpressionSupport.NOT_SUPPORTED)
    @Alias(value = "keycloak-deployment-context-name", description = "The name of Spring bean of Keycloak deployment context factory.")
    private String aG;

    @Optional(defaultValue = "Mule")
    @Parameter
    @Expression(ExpressionSupport.NOT_SUPPORTED)
    @Alias(value = "security-realm-name", description = "The security realm name")
    private String aH;

    @Optional(defaultValue = "false")
    @Parameter
    @Expression(ExpressionSupport.NOT_SUPPORTED)
    @Alias(value = "enable-token-cache", description = "Enables SSO token cache for basic authentication.")
    private boolean aI;

    @Optional(defaultValue = "cacheManager")
    @Parameter
    @Expression(ExpressionSupport.NOT_SUPPORTED)
    @Alias(value = "cache-manager-name", description = "Cache manager name for lookup.")
    private String aJ;

    @Optional(defaultValue = "3600")
    @Parameter
    @Expression(ExpressionSupport.NOT_SUPPORTED)
    @Alias(value = "token-cache-timeout", description = "Positive number representing SSO token cache timeout [in seconds].")
    private int aK;

    @Optional(defaultValue = "15000")
    @Parameter
    @Expression(ExpressionSupport.NOT_SUPPORTED)
    @Alias(value = "connection-timeout", description = "Positive number representing Keycloak connection timeout [in milliseconds].")
    private int aL;

    @Optional(defaultValue = "-1")
    @Parameter
    @Expression(ExpressionSupport.NOT_SUPPORTED)
    @Alias(value = "read-timeout", description = "Positive number representing read timeout from keycloak [in milliseconds].")
    private int aM;

    @Ignore
    private KeycloakSecurityHolder aN;
    private SecurityManager V;

    public String getSecurityProviderName() {
        return this.aE;
    }

    public void setSecurityProviderName(String str) {
        this.aE = str;
    }

    public String getKeycloakAuthFilterName() {
        return this.aF;
    }

    public void setKeycloakAuthFilterName(String str) {
        this.aF = str;
    }

    public String getKeycloakDeploymentContextName() {
        return this.aG;
    }

    public void setKeycloakDeploymentContextName(String str) {
        this.aG = str;
    }

    public String getRealmName() {
        return this.aH;
    }

    public void setRealmName(String str) {
        this.aH = str;
    }

    public SecurityManager getSecurityManager() {
        return this.V;
    }

    public void setSecurityManager(SecurityManager securityManager) {
        this.V = securityManager;
    }

    public boolean isEnableTokenCache() {
        return this.aI;
    }

    public TokenCacheManager getTokenCacheManager() {
        return this.W;
    }

    public String getConfigName() {
        return this.aD;
    }

    public String getCacheManagerName() {
        return this.aJ;
    }

    @Ignore
    public String getCacheName() {
        return "sso-token-cache-" + this.aD;
    }

    public int getConnectionTimeout() {
        return this.aL;
    }

    public int getReadTimeout() {
        return this.aM;
    }

    @Ignore
    public KeycloakSecurityHolder getKeycloakSecurity() {
        return this.aN;
    }

    public void initialise() throws InitialisationException {
        a.info("Initializing config with name " + this.aD);
        Object obj = this.aC.lookupByName(this.aF).get();
        Object obj2 = this.aC.lookupByName(this.aG).get();
        a.debug("Looking up for {}: {}", KeycloakAuthenticationProcessingFilter.class.getName(), obj);
        a.debug("Looking up for {}: {}", AdapterDeploymentContext.class.getName(), obj2);
        this.aN = new KeycloakSecurityHolder((KeycloakAuthenticationProcessingFilter) obj, (AdapterDeploymentContext) obj2);
        Collection lookupAllByType = this.aC.lookupAllByType(SecurityManager.class);
        java.util.Optional findFirst = lookupAllByType.stream().filter(securityManager -> {
            return securityManager.getProvider(this.aE) != null;
        }).findFirst();
        if (findFirst.isPresent()) {
            a.info("Found security manager with provider name {}: {}", this.aE, findFirst.get());
            this.V = (SecurityManager) findFirst.get();
        } else {
            if (lookupAllByType.isEmpty()) {
                throw new InitialisationException(I18nMessageFactory.createStaticMessage("Failed to get security manager! Something wrong happened!"), this);
            }
            SecurityManager securityManager2 = (SecurityManager) lookupAllByType.iterator().next();
            SecurityProvider securityProvider = (SecurityProvider) this.aC.lookupByName(az).get();
            a.info("Setting up security provider in the default security manager: {}", securityProvider);
            securityManager2.addProvider(securityProvider);
            this.V = securityManager2;
            a.info("Not found security manager with provider name {}, so selecting the default: {}", this.aE, securityManager2);
        }
        if (this.aI) {
            SpringEmbeddedCacheManager springEmbeddedCacheManager = (CacheManager) this.aC.lookupByName(this.aJ).get();
            if (springEmbeddedCacheManager instanceof SpringEmbeddedCacheManager) {
                a.info("{}: Initializing dynamic SSO token cache {} with timeout {}.", new Object[]{this.aD, getCacheName(), Integer.valueOf(this.aK)});
                EmbeddedCacheManager nativeCacheManager = springEmbeddedCacheManager.getNativeCacheManager();
                if (nativeCacheManager.cacheExists(getCacheName())) {
                    a.warn("{}: Cache {} already exists, so using it. Please check if the defined cache is suitable for this purpose. Cache: {}", new Object[]{this.aD, getCacheName(), springEmbeddedCacheManager.getCache(getCacheName())});
                } else {
                    a.info("{}: Creating new dynamic SSO token cache {} with timeout {}.", new Object[]{this.aD, getCacheName(), Integer.valueOf(this.aK)});
                    nativeCacheManager.defineConfiguration(getCacheName(), new ConfigurationBuilder().read(nativeCacheManager.getCacheConfiguration(aA)).expiration().maxIdle(this.aK, TimeUnit.SECONDS).lifespan(this.aK, TimeUnit.SECONDS).memory().storageType(StorageType.OBJECT).size(100000L).build());
                }
                this.W.register(getCacheName(), springEmbeddedCacheManager.getCache(getCacheName()));
            }
        }
        a.info("Initializing config with name " + this.aD + " done");
    }

    public String toString() {
        return "AuthenticationConfig [securityProviderName=" + this.aE + ", keycloakAuthFilterName=" + this.aF + ", keycloakDeploymentContextName=" + this.aG + ", realmName=" + this.aH + ", enableTokenCache=" + this.aI + ", cacheManagerName=" + this.aJ + ", configName=" + this.aD + "]";
    }
}
