package org.keycloak.connections.infinispan;

import java.io.IOException;
import java.lang.reflect.Field;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.RealmCallback;
import org.infinispan.client.hotrod.RemoteCache;
import org.infinispan.client.hotrod.RemoteCacheManager;
import org.infinispan.client.hotrod.configuration.Configuration;
import org.infinispan.client.hotrod.configuration.ConfigurationBuilder;
import org.infinispan.client.hotrod.exceptions.HotRodClientException;
import org.infinispan.commons.configuration.Combine;
import org.infinispan.manager.EmbeddedCacheManager;
import org.jboss.logging.Logger;
import org.keycloak.Config;
import org.keycloak.common.util.reflections.Reflections;

/* loaded from: input_file:org/keycloak/connections/infinispan/RemoteCacheProvider.class */
public class RemoteCacheProvider {
    public static final String SCRIPT_CACHE_NAME = "___script_cache";
    protected static final Logger logger = Logger.getLogger(RemoteCacheProvider.class);
    private final Config.Scope config;
    private final EmbeddedCacheManager cacheManager;
    private final Map<String, RemoteCache> availableCaches = new HashMap();
    private final Map<String, RemoteCacheManager> managedManagers = new HashMap();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/keycloak/connections/infinispan/RemoteCacheProvider$LoginHandler.class */
    public static class LoginHandler implements CallbackHandler {
        private final String login;
        private final char[] password;
        private final String realm;

        private LoginHandler(String str, char[] cArr, String str2) {
            this.login = str;
            this.password = cArr;
            this.realm = str2;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            for (Callback callback : callbackArr) {
                if (callback instanceof NameCallback) {
                    ((NameCallback) callback).setName(this.login);
                } else if (callback instanceof PasswordCallback) {
                    ((PasswordCallback) callback).setPassword(this.password);
                } else {
                    if (!(callback instanceof RealmCallback)) {
                        throw new UnsupportedCallbackException(callback);
                    }
                    ((RealmCallback) callback).setText(this.realm);
                }
            }
        }
    }

    public RemoteCacheProvider(Config.Scope scope, EmbeddedCacheManager embeddedCacheManager) {
        this.config = scope;
        this.cacheManager = embeddedCacheManager;
    }

    public RemoteCache getRemoteCache(String str) {
        if (this.availableCaches.get(str) == null) {
            synchronized (this) {
                if (this.availableCaches.get(str) == null) {
                    this.availableCaches.put(str, loadRemoteCache(str));
                }
            }
        }
        return this.availableCaches.get(str);
    }

    public void stop() {
        logger.debugf("Shutdown %d registered secured remoteCache managers", this.managedManagers.size());
        Iterator<RemoteCacheManager> it = this.managedManagers.values().iterator();
        while (it.hasNext()) {
            it.next().stop();
        }
    }

    protected synchronized RemoteCache loadRemoteCache(String str) {
        RemoteCache remoteCache = InfinispanUtil.getRemoteCache(this.cacheManager.getCache(str));
        if (remoteCache == null) {
            return null;
        }
        logger.infof("Hotrod version for remoteCache %s: %s", remoteCache.getName(), remoteCache.getRemoteCacheManager().getConfiguration().version());
        Boolean bool = this.config.getBoolean("remoteStoreSecurityEnabled");
        if (bool == null) {
            try {
                logger.debugf("Detecting remote security settings of HotRod server, cache %s. Disable by explicitly setting \"remoteStoreSecurityEnabled\" property in spi=connectionsInfinispan/provider=default", str);
                bool = false;
                RemoteCache cache = remoteCache.getRemoteCacheManager().getCache(SCRIPT_CACHE_NAME);
                if (cache == null) {
                    logger.debug("Cannot detect remote security settings of HotRod server, disabling.");
                } else {
                    cache.containsKey("");
                }
            } catch (HotRodClientException e) {
                logger.debug("Seems that HotRod server requires authentication, enabling.");
                bool = true;
            }
        }
        if (bool.booleanValue()) {
            logger.infof("Remote store security for cache %s is enabled. Disable by setting \"remoteStoreSecurityEnabled\" property to \"false\" in spi=connectionsInfinispan/provider=default", str);
            return getOrCreateSecuredRemoteCacheManager(this.config, str, remoteCache.getRemoteCacheManager()).getCache(remoteCache.getName());
        }
        logger.infof("Remote store security for cache %s is disabled. If server fails to connect to remote JDG server, enable it.", str);
        return remoteCache;
    }

    protected RemoteCacheManager getOrCreateSecuredRemoteCacheManager(Config.Scope scope, String str, RemoteCacheManager remoteCacheManager) {
        String str2 = scope.get("remoteStoreSecurityServerName", "keycloak-jdg-server");
        String str3 = scope.get("remoteStoreSecurityRealm", "AllowScriptManager");
        String str4 = scope.get("remoteStoreSecurityUsername", "___script_manager");
        String str5 = scope.get("remoteStoreSecurityPassword", "not-so-secret-password");
        Configuration configuration = remoteCacheManager.getConfiguration();
        ConfigurationBuilder read = new ConfigurationBuilder().read(configuration, Combine.DEFAULT);
        String str6 = (String) configuration.servers().stream().map(serverConfiguration -> {
            return serverConfiguration.host() + ":" + serverConfiguration.port();
        }).collect(Collectors.joining(";"));
        if (this.managedManagers.containsKey(str6)) {
            return this.managedManagers.get(str6);
        }
        logger.infof("Creating secured RemoteCacheManager for Server: '%s', Cache: '%s', Realm: '%s', Username: '%s', Secured HotRod endpoint: '%s'", new Object[]{str2, str, str3, str4, str6});
        try {
            Field declaredField = read.getClass().getDeclaredField("servers");
            Reflections.setAccessible(declaredField);
            ((List) Reflections.getFieldValue(declaredField, read, List.class)).clear();
            RemoteCacheManager remoteCacheManager2 = new RemoteCacheManager(read.addServers(str6).security().authentication().serverName(str2).saslMechanism("DIGEST-MD5").callbackHandler(new LoginHandler(str4, str5.toCharArray(), str3)).enable().build());
            this.managedManagers.put(str6, remoteCacheManager2);
            return remoteCacheManager2;
        } catch (NoSuchFieldException e) {
            throw new RuntimeException(e);
        }
    }
}
