package com.liferay.portal.security.sso.openid.connect.internal;

import com.liferay.petra.string.StringBundler;
import com.liferay.portal.configuration.metatype.bnd.util.ConfigurableUtil;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.service.CompanyLocalService;
import com.liferay.portal.kernel.util.ArrayUtil;
import com.liferay.portal.kernel.util.GetterUtil;
import com.liferay.portal.kernel.util.Validator;
import com.liferay.portal.security.sso.openid.connect.OpenIdConnectProvider;
import com.liferay.portal.security.sso.openid.connect.OpenIdConnectProviderRegistry;
import com.liferay.portal.security.sso.openid.connect.OpenIdConnectServiceException;
import com.liferay.portal.security.sso.openid.connect.internal.configuration.OpenIdConnectProviderConfiguration;
import com.liferay.portal.security.sso.openid.connect.persistence.service.OpenIdConnectSessionLocalService;
import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata;
import com.nimbusds.openid.connect.sdk.rp.OIDCClientMetadata;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Dictionary;
import java.util.HashMap;
import java.util.Map;
import java.util.TreeMap;
import java.util.concurrent.ConcurrentHashMap;
import org.apache.commons.lang3.StringUtils;
import org.osgi.service.cm.ConfigurationException;
import org.osgi.service.cm.ManagedServiceFactory;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;

@Component(immediate = true, property = {"service.pid=com.liferay.portal.security.sso.openid.connect.internal.configuration.OpenIdConnectProviderConfiguration"}, service = {ManagedServiceFactory.class, OpenIdConnectProviderRegistry.class})
/* loaded from: input_file:com/liferay/portal/security/sso/openid/connect/internal/OpenIdConnectProviderRegistryImpl.class */
public class OpenIdConnectProviderRegistryImpl implements ManagedServiceFactory, OpenIdConnectProviderRegistry<OIDCClientMetadata, OIDCProviderMetadata> {
    private static final Log _log = LogFactoryUtil.getLog(OpenIdConnectProviderRegistryImpl.class);

    @Reference
    private CompanyLocalService _companyLocalService;

    @Reference
    private OpenIdConnectSessionLocalService _openIdConnectSessionLocalService;
    private final Map<Long, Map<String, OpenIdConnectProvider<OIDCClientMetadata, OIDCProviderMetadata>>> _companyIdProviderNameOpenIdConnectProviders = new ConcurrentHashMap();
    private final Map<String, Dictionary<String, ?>> _configurationPidsProperties = new ConcurrentHashMap();

    public void deleted(String str) {
        Dictionary<String, ?> remove = this._configurationPidsProperties.remove(str);
        this._openIdConnectSessionLocalService.deleteOpenIdConnectSessions(str);
        long j = GetterUtil.getLong(remove.get("companyId"));
        if (j == 0) {
            _rebuild();
        } else {
            _rebuild(j);
        }
    }

    public OpenIdConnectProvider<OIDCClientMetadata, OIDCProviderMetadata> findOpenIdConnectProvider(long j, String str) throws OpenIdConnectServiceException.ProviderException {
        OpenIdConnectProvider<OIDCClientMetadata, OIDCProviderMetadata> openIdConnectProvider = getOpenIdConnectProvider(j, str);
        if (openIdConnectProvider == null) {
            throw new OpenIdConnectServiceException.ProviderException("Unable to find an OpenId Connect provider with name \"" + str + "\"");
        }
        return openIdConnectProvider;
    }

    public String getName() {
        return "OpenId Connect Provider Factory";
    }

    public OpenIdConnectProvider<OIDCClientMetadata, OIDCProviderMetadata> getOpenIdConnectProvider(long j, String str) {
        Map<String, OpenIdConnectProvider<OIDCClientMetadata, OIDCProviderMetadata>> map = this._companyIdProviderNameOpenIdConnectProviders.get(Long.valueOf(j));
        if (map == null) {
            map = this._companyIdProviderNameOpenIdConnectProviders.get(0L);
        }
        return map.get(str);
    }

    public Collection<String> getOpenIdConnectProviderNames(long j) {
        Map<String, OpenIdConnectProvider<OIDCClientMetadata, OIDCProviderMetadata>> map = this._companyIdProviderNameOpenIdConnectProviders.get(Long.valueOf(j));
        if (map == null) {
            map = this._companyIdProviderNameOpenIdConnectProviders.get(0L);
        }
        return Collections.unmodifiableSet(map.keySet());
    }

    public void updated(String str, Dictionary<String, ?> dictionary) {
        Dictionary<String, ?> put = this._configurationPidsProperties.put(str, dictionary);
        long j = GetterUtil.getLong(dictionary.get("companyId"));
        if (j == 0) {
            _rebuild();
            return;
        }
        if (put != null) {
            long j2 = GetterUtil.getLong(put.get("companyId"));
            if (j2 == 0) {
                _rebuild();
                return;
            } else if (j2 != j) {
                _rebuild(j2);
            }
        }
        _rebuild(j);
    }

    @Activate
    protected void activate() {
        this._companyIdProviderNameOpenIdConnectProviders.putIfAbsent(0L, Collections.emptyMap());
    }

    private <U, V> void _addDefaults(Map<U, V> map, Map<U, V> map2) {
        if (map2 != null) {
            map.getClass();
            map2.forEach(map::putIfAbsent);
        }
    }

    private OpenIdConnectProvider<OIDCClientMetadata, OIDCProviderMetadata> _createOpenIdConnectProvider(String str, OpenIdConnectProviderConfiguration openIdConnectProviderConfiguration) throws ConfigurationException {
        try {
            HashMap hashMap = new HashMap();
            for (String str2 : openIdConnectProviderConfiguration.customAuthorizationRequestParameters()) {
                if (!Validator.isNull(str2)) {
                    String[] split = str2.split("=");
                    hashMap.put(split[0], Arrays.asList(split[1].split(StringUtils.SPACE)));
                }
            }
            HashMap hashMap2 = new HashMap();
            for (String str3 : openIdConnectProviderConfiguration.customTokenRequestParameters()) {
                if (!Validator.isNull(str3)) {
                    String[] split2 = str3.split("=");
                    hashMap2.put(split2[0], Arrays.asList(split2[1].split(StringUtils.SPACE)));
                }
            }
            return new OpenIdConnectProviderImpl(openIdConnectProviderConfiguration.providerName(), openIdConnectProviderConfiguration.openIdConnectClientId(), openIdConnectProviderConfiguration.openIdConnectClientSecret(), str, openIdConnectProviderConfiguration.scopes(), hashMap, hashMap2, _getOpenIdConnectMetadataFactory(openIdConnectProviderConfiguration), openIdConnectProviderConfiguration.tokenConnectionTimeout());
        } catch (Exception e) {
            throw new ConfigurationException((String) null, StringBundler.concat(new String[]{"Unable to instantiate provider metadata factory for \"", openIdConnectProviderConfiguration.providerName(), "\": ", e.getMessage()}), e);
        }
    }

    private OpenIdConnectMetadataFactory _getOpenIdConnectMetadataFactory(OpenIdConnectProviderConfiguration openIdConnectProviderConfiguration) throws MalformedURLException, OpenIdConnectServiceException.ProviderException {
        return Validator.isNotNull(openIdConnectProviderConfiguration.discoveryEndPoint()) ? new OpenIdConnectMetadataFactoryImpl(openIdConnectProviderConfiguration.providerName(), new URL(openIdConnectProviderConfiguration.discoveryEndPoint()), openIdConnectProviderConfiguration.discoveryEndPointCacheInMillis(), openIdConnectProviderConfiguration.registeredIdTokenSigningAlg()) : new OpenIdConnectMetadataFactoryImpl(openIdConnectProviderConfiguration.providerName(), openIdConnectProviderConfiguration.registeredIdTokenSigningAlg(), openIdConnectProviderConfiguration.idTokenSigningAlgValues(), openIdConnectProviderConfiguration.issuerURL(), openIdConnectProviderConfiguration.subjectTypes(), openIdConnectProviderConfiguration.jwksURI(), openIdConnectProviderConfiguration.authorizationEndPoint(), openIdConnectProviderConfiguration.tokenEndPoint(), openIdConnectProviderConfiguration.userInfoEndPoint());
    }

    private void _rebuild() {
        _rebuild(0L);
        this._companyLocalService.forEachCompanyId(l -> {
            if (l.longValue() != 0) {
                _rebuild(l.longValue());
            }
        }, ArrayUtil.toLongArray(this._companyIdProviderNameOpenIdConnectProviders.keySet()));
    }

    private void _rebuild(long j) {
        TreeMap treeMap = new TreeMap();
        this._configurationPidsProperties.forEach((str, dictionary) -> {
            if (j != GetterUtil.getLong(dictionary.get("companyId"))) {
                return;
            }
            try {
                OpenIdConnectProvider<OIDCClientMetadata, OIDCProviderMetadata> _createOpenIdConnectProvider = _createOpenIdConnectProvider(str, (OpenIdConnectProviderConfiguration) ConfigurableUtil.createConfigurable(OpenIdConnectProviderConfiguration.class, dictionary));
                if (treeMap.containsKey(_createOpenIdConnectProvider.getName())) {
                    _log.error("Duplicate OpenId Connect provider name \"" + _createOpenIdConnectProvider.getName() + "\"");
                } else {
                    treeMap.put(_createOpenIdConnectProvider.getName(), _createOpenIdConnectProvider);
                }
            } catch (ConfigurationException e) {
                _log.error(e);
            }
        });
        if (j != 0) {
            _addDefaults(treeMap, this._companyIdProviderNameOpenIdConnectProviders.get(0L));
        }
        this._companyIdProviderNameOpenIdConnectProviders.put(Long.valueOf(j), treeMap);
    }
}
