package org.keycloak.adapters.saml.elytron;

import jakarta.servlet.ServletContext;
import jakarta.servlet.ServletContextEvent;
import jakarta.servlet.ServletContextListener;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.InputStream;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Objects;
import org.jboss.logging.Logger;
import org.keycloak.adapters.saml.DefaultSamlDeployment;
import org.keycloak.adapters.saml.SamlConfigResolver;
import org.keycloak.adapters.saml.SamlDeployment;
import org.keycloak.adapters.saml.SamlDeploymentContext;
import org.keycloak.adapters.saml.config.parsers.DeploymentBuilder;
import org.keycloak.adapters.saml.config.parsers.ResourceLoader;
import org.keycloak.adapters.saml.elytron.infinispan.InfinispanSessionCacheIdMapperUpdater;
import org.keycloak.adapters.spi.InMemorySessionIdMapper;
import org.keycloak.adapters.spi.SessionIdMapper;
import org.keycloak.adapters.spi.SessionIdMapperUpdater;
import org.keycloak.saml.common.exceptions.ParsingException;

/* loaded from: input_file:org/keycloak/adapters/saml/elytron/KeycloakConfigurationServletListener.class */
public class KeycloakConfigurationServletListener implements ServletContextListener {
    protected static Logger log = Logger.getLogger(KeycloakConfigurationServletListener.class);
    public static final String ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE = SamlDeploymentContext.class.getName();
    public static final String ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE_ELYTRON = SamlDeploymentContext.class.getName() + ".elytron";
    public static final String ADAPTER_SESSION_ID_MAPPER_ATTRIBUTE_ELYTRON = SessionIdMapper.class.getName() + ".elytron";
    public static final String ADAPTER_SESSION_ID_MAPPER_UPDATER_ATTRIBUTE_ELYTRON = SessionIdMapperUpdater.class.getName() + ".elytron";
    private final SessionIdMapper idMapper = new InMemorySessionIdMapper();
    private SessionIdMapperUpdater idMapperUpdater = SessionIdMapperUpdater.DIRECT;
    private Collection<AutoCloseable> toClose = new LinkedList();

    public void contextInitialized(ServletContextEvent servletContextEvent) {
        DefaultSamlDeployment build;
        final ServletContext servletContext = servletContextEvent.getServletContext();
        String initParameter = servletContext.getInitParameter("keycloak.config.resolver");
        SamlDeploymentContext samlDeploymentContext = (SamlDeploymentContext) servletContext.getAttribute(SamlDeployment.class.getName());
        if (samlDeploymentContext == null) {
            if (initParameter != null) {
                try {
                    samlDeploymentContext = new SamlDeploymentContext((SamlConfigResolver) servletContext.getClassLoader().loadClass(initParameter).newInstance());
                    log.infov("Using {0} to resolve Keycloak configuration on a per-request basis.", initParameter);
                } catch (Exception e) {
                    log.errorv("The specified resolver {0} could NOT be loaded. Keycloak is unconfigured and will deny all requests. Reason: {1}", new Object[]{initParameter, e.getMessage()});
                    samlDeploymentContext = new SamlDeploymentContext(new DefaultSamlDeployment());
                }
            } else {
                InputStream configInputStream = getConfigInputStream(servletContext);
                if (configInputStream == null) {
                    log.warn("No adapter configuration.  Keycloak is unconfigured and will deny all requests.");
                    build = new DefaultSamlDeployment();
                } else {
                    try {
                        build = new DeploymentBuilder().build(configInputStream, new ResourceLoader() { // from class: org.keycloak.adapters.saml.elytron.KeycloakConfigurationServletListener.1
                            public InputStream getResourceAsStream(String str) {
                                return servletContext.getResourceAsStream(str);
                            }
                        });
                    } catch (ParsingException e2) {
                        throw new RuntimeException((Throwable) e2);
                    }
                }
                samlDeploymentContext = new SamlDeploymentContext(build);
                log.debug("Keycloak is using a per-deployment configuration.");
            }
        }
        addTokenStoreUpdaters(servletContext);
        servletContext.setAttribute(ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE, samlDeploymentContext);
        servletContext.setAttribute(ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE_ELYTRON, samlDeploymentContext);
        servletContext.setAttribute(ADAPTER_SESSION_ID_MAPPER_ATTRIBUTE_ELYTRON, this.idMapper);
        servletContext.setAttribute(ADAPTER_SESSION_ID_MAPPER_UPDATER_ATTRIBUTE_ELYTRON, this.idMapperUpdater);
    }

    public void contextDestroyed(ServletContextEvent servletContextEvent) {
        Iterator<AutoCloseable> it = this.toClose.iterator();
        while (it.hasNext()) {
            try {
                it.next().close();
            } catch (Exception e) {
                log.warnf(e, "Exception while destroying servlet context", new Object[0]);
            }
        }
    }

    private static InputStream getConfigInputStream(ServletContext servletContext) {
        InputStream xMLFromServletContext = getXMLFromServletContext(servletContext);
        if (xMLFromServletContext == null) {
            String initParameter = servletContext.getInitParameter("keycloak.config.file");
            if (initParameter == null) {
                log.debug("using /WEB-INF/keycloak-saml.xml");
                xMLFromServletContext = servletContext.getResourceAsStream("/WEB-INF/keycloak-saml.xml");
            } else {
                try {
                    xMLFromServletContext = new FileInputStream(initParameter);
                } catch (FileNotFoundException e) {
                    throw new RuntimeException(e);
                }
            }
        }
        return xMLFromServletContext;
    }

    private static InputStream getXMLFromServletContext(ServletContext servletContext) {
        String initParameter = servletContext.getInitParameter("org.keycloak.saml.xml.adapterConfig");
        if (initParameter == null) {
            return null;
        }
        return new ByteArrayInputStream(initParameter.getBytes());
    }

    public void addTokenStoreUpdaters(ServletContext servletContext) {
        AutoCloseable autoCloseable = this.idMapperUpdater;
        servletContext.addListener(new IdMapperUpdaterSessionListener(this.idMapper));
        try {
            String initParameter = servletContext.getInitParameter("keycloak.sessionIdMapperUpdater.classes");
            if (initParameter == null) {
                setIdMapperUpdater(autoCloseable);
                return;
            }
            autoCloseable = SessionIdMapperUpdater.DIRECT;
            for (String str : initParameter.split("\\s*,\\s*")) {
                if (!str.isEmpty()) {
                    if (Objects.equals("org.keycloak.adapters.saml.wildfly.infinispan.InfinispanSessionCacheIdMapperUpdater", str)) {
                        str = InfinispanSessionCacheIdMapperUpdater.class.getName();
                    }
                    autoCloseable = invokeAddTokenStoreUpdaterMethod(str, servletContext, autoCloseable);
                    if (autoCloseable instanceof AutoCloseable) {
                        this.toClose.add(autoCloseable);
                    }
                }
            }
        } finally {
            setIdMapperUpdater(autoCloseable);
        }
    }

    private SessionIdMapperUpdater invokeAddTokenStoreUpdaterMethod(String str, ServletContext servletContext, SessionIdMapperUpdater sessionIdMapperUpdater) {
        try {
            Method method = servletContext.getClassLoader().loadClass(str).getMethod("addTokenStoreUpdaters", ServletContext.class, SessionIdMapper.class, SessionIdMapperUpdater.class);
            if (Modifier.isStatic(method.getModifiers()) && Modifier.isPublic(method.getModifiers()) && SessionIdMapperUpdater.class.isAssignableFrom(method.getReturnType())) {
                log.debugv("Initializing sessionIdMapperUpdater class {0}", str);
                return (SessionIdMapperUpdater) method.invoke(null, servletContext, this.idMapper, sessionIdMapperUpdater);
            }
            log.errorv("addTokenStoreUpdaters method in class {0} has to be public static. Ignoring class.", str);
            return sessionIdMapperUpdater;
        } catch (ClassNotFoundException | NoSuchMethodException | SecurityException e) {
            log.warnv(e, "Cannot use sessionIdMapperUpdater class {0}", str);
            return sessionIdMapperUpdater;
        } catch (IllegalAccessException | IllegalArgumentException | InvocationTargetException e2) {
            log.warnv(e2, "Cannot use {0}.addTokenStoreUpdaters(DeploymentInfo, SessionIdMapper) method", str);
            return sessionIdMapperUpdater;
        }
    }

    public SessionIdMapperUpdater getIdMapperUpdater() {
        return this.idMapperUpdater;
    }

    protected void setIdMapperUpdater(SessionIdMapperUpdater sessionIdMapperUpdater) {
        this.idMapperUpdater = sessionIdMapperUpdater;
    }
}
