package org.keycloak.quarkus.runtime.storage.legacy.infinispan;

import io.micrometer.core.instrument.Metrics;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.Future;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import java.util.stream.Stream;
import javax.net.ssl.SSLContext;
import org.infinispan.client.hotrod.DefaultTemplate;
import org.infinispan.client.hotrod.RemoteCacheManager;
import org.infinispan.client.hotrod.configuration.ConfigurationBuilder;
import org.infinispan.client.hotrod.configuration.ExhaustedAction;
import org.infinispan.commons.api.Lifecycle;
import org.infinispan.commons.util.concurrent.CompletableFutures;
import org.infinispan.configuration.cache.HashConfiguration;
import org.infinispan.configuration.cache.PersistenceConfigurationBuilder;
import org.infinispan.configuration.global.GlobalConfiguration;
import org.infinispan.configuration.global.TransportConfigurationBuilder;
import org.infinispan.configuration.parsing.ConfigurationBuilderHolder;
import org.infinispan.configuration.parsing.ParserRegistry;
import org.infinispan.manager.DefaultCacheManager;
import org.infinispan.metrics.config.MicrometerMeterRegisterConfigurationBuilder;
import org.infinispan.persistence.remote.configuration.RemoteStoreConfigurationBuilder;
import org.jboss.logging.Logger;
import org.jgroups.conf.ProtocolConfiguration;
import org.jgroups.protocols.TCP_NIO2;
import org.jgroups.protocols.UDP;
import org.jgroups.util.TLS;
import org.jgroups.util.TLSClientAuth;
import org.keycloak.common.Profile;
import org.keycloak.config.CachingOptions;
import org.keycloak.config.MetricsOptions;
import org.keycloak.config.Option;
import org.keycloak.connections.infinispan.InfinispanConnectionProvider;
import org.keycloak.infinispan.util.InfinispanUtils;
import org.keycloak.marshalling.Marshalling;
import org.keycloak.quarkus.runtime.configuration.Configuration;

/* loaded from: input_file:org/keycloak/quarkus/runtime/storage/legacy/infinispan/CacheManagerFactory.class */
public class CacheManagerFactory {
    private static final Logger logger = Logger.getLogger(CacheManagerFactory.class);
    private final CompletableFuture<DefaultCacheManager> cacheManagerFuture;
    private final CompletableFuture<RemoteCacheManager> remoteCacheManagerFuture;

    public CacheManagerFactory(String str) {
        this.cacheManagerFuture = startEmbeddedCacheManager(str);
        if (InfinispanUtils.isRemoteInfinispan()) {
            logger.debug("Remote Cache feature is enabled");
            this.remoteCacheManagerFuture = CompletableFuture.supplyAsync(this::startRemoteCacheManager);
        } else {
            logger.debug("Remote Cache feature is disabled");
            this.remoteCacheManagerFuture = CompletableFutures.completedNull();
        }
    }

    public DefaultCacheManager getOrCreateEmbeddedCacheManager() {
        return (DefaultCacheManager) join(this.cacheManagerFuture);
    }

    public RemoteCacheManager getOrCreateRemoteCacheManager() {
        return (RemoteCacheManager) join(this.remoteCacheManagerFuture);
    }

    public void shutdown() {
        logger.debug("Shutdown embedded and remote cache managers");
        this.cacheManagerFuture.thenAccept((v0) -> {
            close(v0);
        });
        this.remoteCacheManagerFuture.thenAccept((v0) -> {
            close(v0);
        });
    }

    private static <T> T join(Future<T> future) {
        try {
            return future.get(getStartTimeout(), TimeUnit.SECONDS);
        } catch (InterruptedException e) {
            Thread.currentThread().interrupt();
            return null;
        } catch (ExecutionException | TimeoutException e2) {
            throw new RuntimeException("Failed to start embedded or remote cache manager", e2);
        }
    }

    private static void close(Lifecycle lifecycle) {
        if (lifecycle != null) {
            lifecycle.stop();
        }
    }

    private RemoteCacheManager startRemoteCacheManager() {
        logger.info("Starting Infinispan remote cache manager (Hot Rod Client)");
        String requiredStringProperty = requiredStringProperty("cache-remote-host");
        Integer num = (Integer) Configuration.getOptionalKcValue("cache-remote-port").map(Integer::parseInt).orElse(11222);
        String requiredStringProperty2 = requiredStringProperty("cache-remote-username");
        String requiredStringProperty3 = requiredStringProperty("cache-remote-password");
        ConfigurationBuilder configurationBuilder = new ConfigurationBuilder();
        configurationBuilder.addServer().host(requiredStringProperty).port(num.intValue());
        configurationBuilder.connectionPool().maxActive(16).exhaustedAction(ExhaustedAction.CREATE_NEW);
        if (isRemoteTLSEnabled()) {
            configurationBuilder.security().ssl().enable().sslContext(createSSLContext()).sniHostName(requiredStringProperty);
        }
        if (isRemoteAuthenticationEnabled()) {
            configurationBuilder.security().authentication().enable().username(requiredStringProperty2).password(requiredStringProperty3).realm("default").saslMechanism("SCRAM-SHA-512");
        }
        Marshalling.configure(configurationBuilder);
        if (createRemoteCaches()) {
            logger.warn("Creating remote cache in external Infinispan server. It should not be used in production!");
            for (String str : InfinispanConnectionProvider.CLUSTERED_CACHE_NAMES) {
                configurationBuilder.remoteCache(str).templateName(DefaultTemplate.DIST_SYNC);
            }
        }
        RemoteCacheManager remoteCacheManager = new RemoteCacheManager(configurationBuilder.build());
        if (isStartEagerly()) {
            Stream stream = Arrays.stream(InfinispanConnectionProvider.CLUSTERED_CACHE_NAMES);
            Objects.requireNonNull(remoteCacheManager);
            stream.forEach(remoteCacheManager::getCache);
        }
        return remoteCacheManager;
    }

    private CompletableFuture<DefaultCacheManager> startEmbeddedCacheManager(String str) {
        logger.info("Starting Infinispan embedded cache manager");
        ConfigurationBuilderHolder parse = new ParserRegistry().parse(str);
        if (parse.getNamedConfigurationBuilders().entrySet().stream().anyMatch(entry -> {
            return ((org.infinispan.configuration.cache.ConfigurationBuilder) entry.getValue()).clustering().cacheMode().isClustered();
        })) {
            configureTransportStack(parse);
            configureRemoteStores(parse);
        }
        Arrays.stream(InfinispanConnectionProvider.CLUSTERED_CACHE_NAMES).forEach(str2 -> {
            if (str2.equals("sessions") || str2.equals("clientSessions") || str2.equals("offlineSessions") || str2.equals("offlineClientSessions")) {
                org.infinispan.configuration.cache.ConfigurationBuilder configurationBuilder = (org.infinispan.configuration.cache.ConfigurationBuilder) parse.getNamedConfigurationBuilders().get(str2);
                if (Profile.isFeatureEnabled(Profile.Feature.PERSISTENT_USER_SESSIONS)) {
                    if (configurationBuilder.memory().maxCount() == -1) {
                        logger.infof("Persistent user sessions enabled and no memory limit found in configuration. Setting max entries for %s to 10000 entries.", str2);
                        configurationBuilder.memory().maxCount(10000L);
                    }
                    configurationBuilder.clustering().hash().numOwners(1);
                    return;
                }
                if (configurationBuilder.memory().maxCount() != -1) {
                    logger.warnf("Persistent user sessions NOT enabled and memory limit found in configuration for cache %s. This might be a misconfiguration!", str2);
                }
                if (((Integer) configurationBuilder.clustering().hash().attributes().attribute(HashConfiguration.NUM_OWNERS).get()).intValue() == 1 && configurationBuilder.persistence().stores().isEmpty()) {
                    logger.warnf("Number of owners is one for cache %s, and no persistence is configured. This might be a misconfiguration as you will lose data when a single node is restarted!", str2);
                }
            }
        });
        if (Configuration.isTrue((Option<Boolean>) MetricsOptions.METRICS_ENABLED)) {
            parse.getGlobalConfigurationBuilder().addModule(MicrometerMeterRegisterConfigurationBuilder.class);
            ((MicrometerMeterRegisterConfigurationBuilder) parse.getGlobalConfigurationBuilder().module(MicrometerMeterRegisterConfigurationBuilder.class)).meterRegistry(Metrics.globalRegistry);
            parse.getGlobalConfigurationBuilder().cacheContainer().statistics(true);
            parse.getGlobalConfigurationBuilder().metrics().namesAsTags(true);
            if (Configuration.isTrue((Option<Boolean>) CachingOptions.CACHE_METRICS_HISTOGRAMS_ENABLED)) {
                parse.getGlobalConfigurationBuilder().metrics().histograms(true);
            }
            parse.getNamedConfigurationBuilders().forEach((str3, configurationBuilder) -> {
                configurationBuilder.statistics().enabled(true);
            });
        }
        Marshalling.configure(parse.getGlobalConfigurationBuilder());
        if (InfinispanUtils.isRemoteInfinispan()) {
            Map namedConfigurationBuilders = parse.getNamedConfigurationBuilders();
            logger.debug("Removing all distributed caches.");
            Stream stream = Arrays.stream(InfinispanConnectionProvider.CLUSTERED_CACHE_NAMES);
            Objects.requireNonNull(namedConfigurationBuilders);
            stream.forEach((v1) -> {
                r1.remove(v1);
            });
        }
        boolean isStartEagerly = isStartEagerly();
        return CompletableFuture.supplyAsync(() -> {
            return new DefaultCacheManager(parse, isStartEagerly);
        });
    }

    private static boolean isRemoteTLSEnabled() {
        return Configuration.isTrue((Option<Boolean>) CachingOptions.CACHE_REMOTE_TLS_ENABLED);
    }

    private static boolean isRemoteAuthenticationEnabled() {
        return Configuration.getOptionalKcValue("cache-remote-username").isPresent() || Configuration.getOptionalKcValue("cache-remote-password").isPresent();
    }

    private static boolean createRemoteCaches() {
        return Boolean.getBoolean("kc.cache-remote-create-caches");
    }

    private static SSLContext createSSLContext() {
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, null, null);
            return sSLContext;
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    private static boolean isStartEagerly() {
        return Boolean.parseBoolean(System.getProperty("kc.cache-ispn-start-eagerly", Boolean.TRUE.toString()));
    }

    private static int getStartTimeout() {
        return Integer.getInteger("kc.cache-ispn-start-timeout", 120).intValue();
    }

    private void configureTransportStack(ConfigurationBuilderHolder configurationBuilderHolder) {
        String rawValue = Configuration.getRawValue("kc.cache-stack");
        TransportConfigurationBuilder transport = configurationBuilderHolder.getGlobalConfigurationBuilder().transport();
        if (rawValue != null && !rawValue.isBlank()) {
            transport.defaultTransport().stack(rawValue);
        }
        if (Configuration.isTrue("cache-embedded-mtls-enabled")) {
            validateTlsAvailable(transport.build());
            transport.addProperty("socketFactory", new TLS().enabled(true).setKeystorePath(requiredStringProperty("cache-embedded-mtls-key-store-file")).setKeystorePassword(requiredStringProperty("cache-embedded-mtls-key-store-password")).setKeystoreType("pkcs12").setTruststorePath(requiredStringProperty("cache-embedded-mtls-trust-store-file")).setTruststorePassword(requiredStringProperty("cache-embedded-mtls-trust-store-password")).setTruststoreType("pkcs12").setClientAuth(TLSClientAuth.NEED).setProtocols(new String[]{"TLSv1.3"}).createSocketFactory());
            Logger.getLogger(CacheManagerFactory.class).info("MTLS enabled for communications for embedded caches");
        }
    }

    private void validateTlsAvailable(GlobalConfiguration globalConfiguration) {
        String stack = globalConfiguration.transport().stack();
        if (stack == null) {
            return;
        }
        Iterator it = globalConfiguration.transport().jgroups().configurator(stack).getProtocolStack().iterator();
        while (it.hasNext()) {
            String protocolName = ((ProtocolConfiguration) it.next()).getProtocolName();
            if (protocolName.equals(UDP.class.getSimpleName()) || protocolName.equals(UDP.class.getName()) || protocolName.equals(TCP_NIO2.class.getSimpleName()) || protocolName.equals(TCP_NIO2.class.getName())) {
                throw new RuntimeException("Cache TLS is not available with protocol " + protocolName);
            }
        }
    }

    private void configureRemoteStores(ConfigurationBuilderHolder configurationBuilderHolder) {
        if (Configuration.getOptionalKcValue("cache-remote-host").isPresent()) {
            String requiredStringProperty = requiredStringProperty("cache-remote-host");
            Integer num = (Integer) Configuration.getOptionalKcValue("cache-remote-port").map(Integer::parseInt).orElse(11222);
            SSLContext createSSLContext = createSSLContext();
            Arrays.stream(InfinispanConnectionProvider.CLUSTERED_CACHE_NAMES).forEach(str -> {
                PersistenceConfigurationBuilder persistence = ((org.infinispan.configuration.cache.ConfigurationBuilder) configurationBuilderHolder.getNamedConfigurationBuilders().get(str)).persistence();
                if (!persistence.stores().isEmpty()) {
                    throw new RuntimeException(String.format("Remote store for cache '%s' is already configured via CLI parameters. It should not be present in the XML file.", str));
                }
                RemoteStoreConfigurationBuilder addStore = persistence.addStore(RemoteStoreConfigurationBuilder.class);
                addStore.rawValues(true).shared(true).segmented(false).remoteCacheName(str).connectionPool().maxActive(16).exhaustedAction(org.infinispan.persistence.remote.configuration.ExhaustedAction.CREATE_NEW).addServer().host(requiredStringProperty).port(num.intValue());
                if (isRemoteTLSEnabled()) {
                    addStore.remoteSecurity().ssl().enable().sslContext(createSSLContext).sniHostName(requiredStringProperty);
                }
                if (isRemoteAuthenticationEnabled()) {
                    addStore.remoteSecurity().authentication().enable().username(requiredStringProperty("cache-remote-username")).password(requiredStringProperty("cache-remote-password")).realm("default").saslMechanism("SCRAM-SHA-512");
                }
            });
        }
    }

    private static String requiredStringProperty(String str) {
        return Configuration.getOptionalKcValue(str).orElseThrow(() -> {
            return new RuntimeException("Property " + str + " required but not specified");
        });
    }
}
