package oracle.kv.impl.admin;

import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import java.util.logging.Logger;
import oracle.kv.impl.admin.param.AdminParams;
import oracle.kv.impl.admin.param.GlobalParams;
import oracle.kv.impl.admin.param.Parameters;
import oracle.kv.impl.admin.param.SecurityParams;
import oracle.kv.impl.admin.param.StorageNodeParams;
import oracle.kv.impl.param.ParameterMap;
import oracle.kv.impl.security.AccessChecker;
import oracle.kv.impl.security.AccessCheckerImpl;
import oracle.kv.impl.security.Authenticator;
import oracle.kv.impl.security.AuthenticatorManager;
import oracle.kv.impl.security.RoleInstance;
import oracle.kv.impl.security.RoleResolver;
import oracle.kv.impl.security.login.InternalLoginManager;
import oracle.kv.impl.security.login.LoginUpdater;
import oracle.kv.impl.security.login.ParamTopoResolver;
import oracle.kv.impl.security.login.TokenResolverImpl;
import oracle.kv.impl.security.login.TokenVerifier;
import oracle.kv.impl.security.metadata.KVStoreUser;
import oracle.kv.impl.security.metadata.SecurityMDChange;
import oracle.kv.impl.security.metadata.SecurityMDUpdater;
import oracle.kv.impl.security.oauth.IDCSOAuthAuthenticator;
import oracle.kv.impl.security.util.CacheBuilder;

/* loaded from: input_file:oracle/kv/impl/admin/AdminSecurity.class */
public class AdminSecurity implements LoginUpdater.GlobalParamsUpdater, LoginUpdater.ServiceParamsUpdater, SecurityMDUpdater.UserChangeUpdater, SecurityMDUpdater.RoleChangeUpdater {
    private final AdminService adminService;
    private final AccessCheckerImpl accessChecker;
    private final TokenResolverImpl tokenResolver;
    private final AdminParamsHandle paramsHandle;
    private final ParamTopoResolver topoResolver;
    private final TokenVerifier tokenVerifier;
    private Logger logger;
    private InternalLoginManager loginMgr;
    private final AdminRoleResolver roleResolver;
    private final Map<String, Authenticator> authenticators;
    private static final int CHECKER_SUBJECT_CACHE_SIZE = 50;
    private static final long CHECKER_SUBJECT_CACHE_TIMEOUT = TimeUnit.MILLISECONDS.convert(30, TimeUnit.MINUTES);

    /* loaded from: input_file:oracle/kv/impl/admin/AdminSecurity$AdminParamsHandle.class */
    private class AdminParamsHandle implements ParamTopoResolver.ParamsHandle {
        private AdminParamsHandle() {
        }

        @Override // oracle.kv.impl.security.login.ParamTopoResolver.ParamsHandle
        public Parameters getParameters() {
            Admin admin = AdminSecurity.this.adminService.getAdmin();
            if (admin == null) {
                return null;
            }
            return admin.getCurrentParameters();
        }
    }

    public AdminSecurity(AdminService adminService, Logger logger) {
        this.logger = logger;
        this.adminService = adminService;
        AdminServiceParams params = adminService.getParams();
        SecurityParams securityParams = params.getSecurityParams();
        String kVStoreName = params.getGlobalParams().getKVStoreName();
        if (!securityParams.isSecure()) {
            this.paramsHandle = null;
            this.topoResolver = null;
            this.tokenResolver = null;
            this.accessChecker = null;
            this.loginMgr = null;
            this.tokenVerifier = null;
            this.roleResolver = null;
            this.authenticators = null;
            return;
        }
        StorageNodeParams storageNodeParams = params.getStorageNodeParams();
        String hostname = storageNodeParams.getHostname();
        int registryPort = storageNodeParams.getRegistryPort();
        this.paramsHandle = new AdminParamsHandle();
        this.topoResolver = new ParamTopoResolver(this.paramsHandle, logger);
        this.loginMgr = new InternalLoginManager(this.topoResolver);
        this.tokenResolver = new TokenResolverImpl(hostname, registryPort, kVStoreName, this.topoResolver, this.loginMgr, logger);
        this.roleResolver = new AdminRoleResolver(adminService, new CacheBuilder.CacheConfig().capacity(100).entryLifetime(TimeUnit.MILLISECONDS.convert(5L, TimeUnit.MINUTES)));
        int loginCacheSize = params.getAdminParams().getLoginCacheSize();
        GlobalParams globalParams = params.getGlobalParams();
        this.tokenVerifier = new TokenVerifier(new CacheBuilder.CacheConfig().capacity(loginCacheSize).entryLifetime(globalParams.getLoginCacheTimeoutUnit().toMillis(globalParams.getLoginCacheTimeout())), this.tokenResolver);
        this.accessChecker = new AccessCheckerImpl(this.tokenVerifier, this.roleResolver, new CacheBuilder.CacheConfig().capacity(50).entryLifetime(CHECKER_SUBJECT_CACHE_TIMEOUT), logger);
        this.authenticators = new HashMap();
        for (AuthenticatorManager.SystemAuthMethod systemAuthMethod : AuthenticatorManager.SystemAuthMethod.values()) {
            Authenticator createAuthenticator = createAuthenticator(systemAuthMethod, securityParams, globalParams);
            if (createAuthenticator != null) {
                logger.info("AdminSecurity: " + systemAuthMethod + " authenticator is initialized");
                this.authenticators.put(systemAuthMethod.name(), createAuthenticator);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void configure(String str) {
        if (this.loginMgr == null) {
            return;
        }
        this.loginMgr.logout();
        this.loginMgr = new InternalLoginManager(this.topoResolver);
        this.logger = this.adminService.getLogger();
        this.topoResolver.setLogger(this.logger);
        this.tokenResolver.setLogger(this.logger);
        this.tokenResolver.setStoreName(str);
        this.accessChecker.setLogger(this.logger);
    }

    public AccessChecker getAccessChecker() {
        return this.accessChecker;
    }

    public InternalLoginManager getLoginManager() {
        return this.loginMgr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public RoleResolver getRoleResolver() {
        return this.roleResolver;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Map<String, Authenticator> getAuthenticators() {
        return this.authenticators;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public IDCSOAuthAuthenticator getIDCSOAuthAuthenticator() {
        if (this.authenticators == null) {
            return null;
        }
        return this.authenticators.get(AuthenticatorManager.SystemAuthMethod.IDCSOAUTH.name());
    }

    @Override // oracle.kv.impl.security.login.LoginUpdater.ServiceParamsUpdater
    public void newServiceParameters(ParameterMap parameterMap) {
        if (this.tokenVerifier == null) {
            return;
        }
        int loginCacheSize = new AdminParams(parameterMap).getLoginCacheSize();
        if (this.tokenVerifier.updateLoginCacheSize(loginCacheSize)) {
            this.logger.info(String.format("AdminSecurity: loginCacheSize has been updated to %d", Integer.valueOf(loginCacheSize)));
        }
    }

    @Override // oracle.kv.impl.security.login.LoginUpdater.GlobalParamsUpdater
    public void newGlobalParameters(ParameterMap parameterMap) {
        if (this.tokenVerifier == null) {
            return;
        }
        GlobalParams globalParams = new GlobalParams(parameterMap);
        long millis = globalParams.getLoginCacheTimeoutUnit().toMillis(globalParams.getLoginCacheTimeout());
        if (this.tokenVerifier.updateLoginCacheTimeout(millis)) {
            this.logger.info(String.format("AdminSecurity: loginCacheTimeout has been updated to %d ms", Long.valueOf(millis)));
        }
        if (this.authenticators == null) {
            return;
        }
        String[] userExternalAuthMethods = globalParams.getUserExternalAuthMethods();
        for (Map.Entry<String, Authenticator> entry : this.authenticators.entrySet()) {
            String key = entry.getKey();
            boolean z = false;
            int length = userExternalAuthMethods.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                if (key.equals(userExternalAuthMethods[i])) {
                    z = true;
                    break;
                }
                i++;
            }
            if (!z) {
                Authenticator value = entry.getValue();
                this.logger.info("AdminSecurity: disable authenticator " + key);
                value.resetAuthenticator();
            }
        }
    }

    @Override // oracle.kv.impl.security.metadata.SecurityMDUpdater.RoleChangeUpdater
    public void newRoleDefinition(SecurityMDChange securityMDChange) {
        if (!(securityMDChange.getElement() instanceof RoleInstance)) {
            throw new AssertionError();
        }
        RoleInstance roleInstance = (RoleInstance) securityMDChange.getElement();
        if (this.roleResolver == null) {
            return;
        }
        if (this.roleResolver.updateRoleCache(roleInstance)) {
            this.logger.fine(String.format("AdminSecurity: update role %s instance in role cache", roleInstance.name()));
        }
        if (this.accessChecker.updateRoleDefinition(roleInstance)) {
            this.logger.fine(String.format("AdminSecurity: update role %s definition in access checker privilege cache", roleInstance.name()));
        }
    }

    @Override // oracle.kv.impl.security.metadata.SecurityMDUpdater.UserChangeUpdater
    public void newUserDefinition(SecurityMDChange securityMDChange) {
        if (!(securityMDChange.getElement() instanceof KVStoreUser)) {
            throw new AssertionError();
        }
        KVStoreUser kVStoreUser = (KVStoreUser) securityMDChange.getElement();
        if (this.tokenVerifier == null) {
            return;
        }
        if (this.tokenVerifier.updateLoginCacheSessions(kVStoreUser)) {
            this.logger.info(String.format("AdminSecurity: update sessions in login cache with metadata %d", Integer.valueOf(securityMDChange.getSeqNum())));
        }
        if (this.accessChecker.updateUserDefinition(kVStoreUser)) {
            this.logger.fine(String.format("AdminSecurity: update user %s definition in access checker privilege cache", kVStoreUser.getName()));
        }
    }

    private Authenticator createAuthenticator(AuthenticatorManager.SystemAuthMethod systemAuthMethod, SecurityParams securityParams, GlobalParams globalParams) {
        try {
            return AuthenticatorManager.getAuthenticator(systemAuthMethod.name(), securityParams, globalParams);
        } catch (ClassNotFoundException e) {
            this.logger.info("AdminSecurity: authenticator " + systemAuthMethod + " is not initialized, no implementation found");
            return null;
        } catch (Exception e2) {
            this.logger.info("AdminSecurity: authenticator " + systemAuthMethod + " is not initialized, " + e2.getMessage());
            return null;
        }
    }
}
