package org.apache.geode.tools.pulse.internal.data;

import java.time.Instant;
import java.util.HashMap;
import java.util.Locale;
import java.util.Objects;
import java.util.Properties;
import java.util.ResourceBundle;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
import org.springframework.security.oauth2.client.endpoint.DefaultRefreshTokenTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.OAuth2RefreshTokenGrantRequest;
import org.springframework.security.oauth2.core.AbstractOAuth2Token;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.core.OAuth2RefreshToken;
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:WEB-INF/classes/org/apache/geode/tools/pulse/internal/data/Repository.class */
public class Repository {
    private static final Logger logger = LogManager.getLogger();
    private static final Locale LOCALE = new Locale(PulseConstants.APPLICATION_LANGUAGE, PulseConstants.APPLICATION_COUNTRY);
    private final OAuth2AuthorizedClientService authorizedClientService;
    private final ClusterFactory clusterFactory;
    private final HashMap<String, Cluster> clusterMap;
    private Boolean jmxUseLocator;
    private String host;
    private String port;
    private boolean useSSLLocator;
    private boolean useSSLManager;
    private Properties javaSslProperties;
    private final ResourceBundle resourceBundle;
    private final PulseConfig pulseConfig;

    @Autowired(required = false)
    public Repository() {
        this(null);
    }

    @Autowired(required = false)
    public Repository(OAuth2AuthorizedClientService oAuth2AuthorizedClientService) {
        this(oAuth2AuthorizedClientService, Cluster::new);
    }

    public Repository(OAuth2AuthorizedClientService oAuth2AuthorizedClientService, ClusterFactory clusterFactory) {
        this.clusterMap = new HashMap<>();
        this.useSSLLocator = false;
        this.useSSLManager = false;
        this.resourceBundle = ResourceBundle.getBundle(PulseConstants.LOG_MESSAGES_FILE, LOCALE);
        this.pulseConfig = new PulseConfig();
        this.authorizedClientService = oAuth2AuthorizedClientService;
        this.clusterFactory = clusterFactory;
    }

    public Cluster getCluster() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null) {
            return null;
        }
        return authentication instanceof OAuth2AuthenticationToken ? getClusterWithAuthenticationToken((OAuth2AuthenticationToken) authentication) : getClusterWithUserNameAndPassword(authentication.getName(), null);
    }

    public Cluster getClusterWithUserNameAndPassword(String str, String str2) {
        return getClusterWithCredentials(str, new String[]{str, str2});
    }

    public Cluster getClusterWithCredentials(String str, Object obj) {
        Cluster cluster;
        synchronized (this.clusterMap) {
            Cluster cluster2 = this.clusterMap.get(str);
            if (cluster2 == null) {
                logger.info(this.resourceBundle.getString("LOG_MSG_CREATE_NEW_THREAD") + " : " + str);
                cluster2 = this.clusterFactory.create(this.host, this.port, str, this.resourceBundle, this);
                cluster2.setName("PULSE-" + this.host + ":" + this.port + ":" + str);
                cluster2.connectToGemFire(obj);
                if (cluster2.isConnectedFlag()) {
                    this.clusterMap.put(str, cluster2);
                }
            }
            cluster = cluster2;
        }
        return cluster;
    }

    private Cluster getClusterWithAuthenticationToken(OAuth2AuthenticationToken oAuth2AuthenticationToken) {
        OAuth2AuthorizedClient authorizedClient = getAuthorizedClient(oAuth2AuthenticationToken);
        if (isExpired(authorizedClient.getAccessToken())) {
            return reconnectedClusterForExpiredClient(oAuth2AuthenticationToken, authorizedClient);
        }
        return getClusterWithCredentials(getSubject(oAuth2AuthenticationToken), authorizedClient.getAccessToken().getTokenValue());
    }

    private static String getSubject(Authentication authentication) {
        return ((OidcUser) ((OAuth2AuthenticationToken) authentication).getPrincipal()).getIdToken().getSubject();
    }

    public void logoutUser(String str) {
        Cluster remove = this.clusterMap.remove(str);
        if (remove != null) {
            try {
                remove.setStopUpdates(true);
                remove.getJMXConnector().close();
            } catch (Exception e) {
            }
        }
    }

    public void removeAllClusters() {
        for (String str : this.clusterMap.keySet()) {
            this.clusterMap.get(str).stopThread();
            this.clusterMap.remove(str);
            logger.info("{} : {}", this.resourceBundle.getString("LOG_MSG_REMOVE_THREAD"), str);
        }
    }

    public Boolean getJmxUseLocator() {
        return this.jmxUseLocator;
    }

    public void setJmxUseLocator(Boolean bool) {
        Objects.requireNonNull(bool, "jmxUseLocat == null");
        this.jmxUseLocator = bool;
    }

    public String getHost() {
        return this.host;
    }

    public void setHost(String str) {
        this.host = str;
    }

    public String getPort() {
        return this.port;
    }

    public void setPort(String str) {
        this.port = str;
    }

    public boolean isUseSSLLocator() {
        return this.useSSLLocator;
    }

    public void setUseSSLLocator(boolean z) {
        this.useSSLLocator = z;
    }

    public boolean isUseSSLManager() {
        return this.useSSLManager;
    }

    public void setUseSSLManager(boolean z) {
        this.useSSLManager = z;
    }

    public PulseConfig getPulseConfig() {
        return this.pulseConfig;
    }

    public Properties getJavaSslProperties() {
        return this.javaSslProperties;
    }

    public void setJavaSslProperties(Properties properties) {
        this.javaSslProperties = properties;
    }

    public ResourceBundle getResourceBundle() {
        return this.resourceBundle;
    }

    private OAuth2AuthorizedClient getAuthorizedClient(OAuth2AuthenticationToken oAuth2AuthenticationToken) {
        return this.authorizedClientService.loadAuthorizedClient(oAuth2AuthenticationToken.getAuthorizedClientRegistrationId(), oAuth2AuthenticationToken.getName());
    }

    private static boolean isExpired(AbstractOAuth2Token abstractOAuth2Token) {
        Instant expiresAt = abstractOAuth2Token.getExpiresAt();
        return expiresAt != null && expiresAt.isBefore(Instant.now());
    }

    private OAuth2AuthorizedClient refreshExpiredClient(Authentication authentication, OAuth2AuthorizedClient oAuth2AuthorizedClient) {
        OAuth2RefreshToken refreshToken = oAuth2AuthorizedClient.getRefreshToken();
        String subject = getSubject(authentication);
        if (refreshToken == null) {
            throw new OAuth2AuthenticationException(new OAuth2Error("401"), "User " + subject + " has no refresh token.");
        }
        if (isExpired(refreshToken)) {
            throw new OAuth2AuthenticationException(new OAuth2Error("401"), "The refresh token for " + subject + " has expired.");
        }
        OAuth2AccessTokenResponse freshToken = getFreshToken(oAuth2AuthorizedClient);
        OAuth2AuthorizedClient oAuth2AuthorizedClient2 = new OAuth2AuthorizedClient(oAuth2AuthorizedClient.getClientRegistration(), oAuth2AuthorizedClient.getPrincipalName(), freshToken.getAccessToken(), freshToken.getRefreshToken());
        this.authorizedClientService.saveAuthorizedClient(oAuth2AuthorizedClient2, authentication);
        return oAuth2AuthorizedClient2;
    }

    private Cluster reconnectedClusterForExpiredClient(OAuth2AuthenticationToken oAuth2AuthenticationToken, OAuth2AuthorizedClient oAuth2AuthorizedClient) {
        Cluster cluster;
        String subject = getSubject(oAuth2AuthenticationToken);
        logger.info("Attempting to refresh the expired access token for {}.", subject);
        try {
            OAuth2AuthorizedClient refreshExpiredClient = refreshExpiredClient(oAuth2AuthenticationToken, oAuth2AuthorizedClient);
            logger.info("Refreshed the access token for {}. Reconnecting the user's cluster.", subject);
            synchronized (this.clusterMap) {
                cluster = this.clusterMap.get(subject);
                if (cluster != null) {
                    cluster.reconnectToGemFire(refreshExpiredClient.getAccessToken().getTokenValue());
                }
            }
            return cluster;
        } catch (OAuth2AuthenticationException | OAuth2AuthorizationException e) {
            logger.info("Failed to refresh the access token for " + subject + ". Disconnecting and removing the user's cluster.");
            logoutUser(subject);
            throw e;
        }
    }

    private static OAuth2AccessTokenResponse getFreshToken(OAuth2AuthorizedClient oAuth2AuthorizedClient) {
        return new DefaultRefreshTokenTokenResponseClient().getTokenResponse(new OAuth2RefreshTokenGrantRequest(oAuth2AuthorizedClient.getClientRegistration(), oAuth2AuthorizedClient.getAccessToken(), oAuth2AuthorizedClient.getRefreshToken()));
    }
}
