package pl.edu.icm.unity.engine.server;

import com.google.common.collect.Lists;
import eu.unicore.util.configuration.ConfigurationException;
import java.io.File;
import java.io.IOException;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import org.apache.commons.io.FileUtils;
import org.apache.logging.log4j.Logger;
import org.eclipse.jetty.servlet.FilterHolder;
import org.eclipse.jetty.servlet.ServletHolder;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;
import pl.edu.icm.unity.JsonUtil;
import pl.edu.icm.unity.MessageSource;
import pl.edu.icm.unity.base.event.PersistableEvent;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.engine.api.AttributesManagement;
import pl.edu.icm.unity.engine.api.AuthenticationFlowManagement;
import pl.edu.icm.unity.engine.api.AuthenticatorManagement;
import pl.edu.icm.unity.engine.api.CredentialManagement;
import pl.edu.icm.unity.engine.api.CredentialRequirementManagement;
import pl.edu.icm.unity.engine.api.EndpointManagement;
import pl.edu.icm.unity.engine.api.EntityCredentialManagement;
import pl.edu.icm.unity.engine.api.EntityManagement;
import pl.edu.icm.unity.engine.api.GroupsManagement;
import pl.edu.icm.unity.engine.api.PKIManagement;
import pl.edu.icm.unity.engine.api.RealmsManagement;
import pl.edu.icm.unity.engine.api.TranslationProfileManagement;
import pl.edu.icm.unity.engine.api.attributes.SystemAttributesProvider;
import pl.edu.icm.unity.engine.api.config.UnityServerConfiguration;
import pl.edu.icm.unity.engine.api.confirmation.EmailConfirmationServletProvider;
import pl.edu.icm.unity.engine.api.endpoint.ServletProvider;
import pl.edu.icm.unity.engine.api.event.EventCategory;
import pl.edu.icm.unity.engine.api.identity.IdentityTypeDefinition;
import pl.edu.icm.unity.engine.api.identity.IdentityTypesRegistry;
import pl.edu.icm.unity.engine.api.server.ServerInitializer;
import pl.edu.icm.unity.engine.api.utils.ExecutorsService;
import pl.edu.icm.unity.engine.api.wellknown.AttributesContentPublicServletProvider;
import pl.edu.icm.unity.engine.api.wellknown.PublicWellKnownURLServletProvider;
import pl.edu.icm.unity.engine.attribute.AttributeTypeHelper;
import pl.edu.icm.unity.engine.audit.AuditEventListener;
import pl.edu.icm.unity.engine.authz.InternalAuthorizationManagerImpl;
import pl.edu.icm.unity.engine.authz.RoleAttributeTypeProvider;
import pl.edu.icm.unity.engine.bulkops.BulkOperationsUpdater;
import pl.edu.icm.unity.engine.credential.CredentialRepository;
import pl.edu.icm.unity.engine.credential.EntityCredentialsHelper;
import pl.edu.icm.unity.engine.endpoint.EndpointsUpdater;
import pl.edu.icm.unity.engine.endpoint.InternalEndpointManagement;
import pl.edu.icm.unity.engine.endpoint.SharedEndpointManagementImpl;
import pl.edu.icm.unity.engine.events.EventProcessor;
import pl.edu.icm.unity.engine.group.AttributeStatementsCleaner;
import pl.edu.icm.unity.engine.identity.EntitiesScheduledUpdater;
import pl.edu.icm.unity.engine.identity.IdentityCleaner;
import pl.edu.icm.unity.engine.msg.MessageRepository;
import pl.edu.icm.unity.engine.msgtemplate.MessageTemplateInitializatior;
import pl.edu.icm.unity.engine.scripts.ScriptTriggeringEventListener;
import pl.edu.icm.unity.engine.translation.TranslationProfileChecker;
import pl.edu.icm.unity.engine.translation.in.SystemInputTranslationProfileProvider;
import pl.edu.icm.unity.engine.translation.out.SystemOutputTranslationProfileProvider;
import pl.edu.icm.unity.engine.utils.LifecycleBase;
import pl.edu.icm.unity.exceptions.EngineException;
import pl.edu.icm.unity.exceptions.InternalException;
import pl.edu.icm.unity.exceptions.SchemaConsistencyException;
import pl.edu.icm.unity.exceptions.UnknownIdentityException;
import pl.edu.icm.unity.stdext.attr.EnumAttribute;
import pl.edu.icm.unity.stdext.credential.pass.PasswordToken;
import pl.edu.icm.unity.store.api.AttributeTypeDAO;
import pl.edu.icm.unity.store.api.IdentityTypeDAO;
import pl.edu.icm.unity.store.api.generic.AuthenticationFlowDB;
import pl.edu.icm.unity.store.api.generic.AuthenticatorConfigurationDB;
import pl.edu.icm.unity.store.api.tx.TransactionalRunner;
import pl.edu.icm.unity.types.I18nString;
import pl.edu.icm.unity.types.authn.AuthenticationFlowDefinition;
import pl.edu.icm.unity.types.authn.AuthenticationRealm;
import pl.edu.icm.unity.types.authn.AuthenticatorInfo;
import pl.edu.icm.unity.types.authn.CredentialDefinition;
import pl.edu.icm.unity.types.authn.CredentialRequirements;
import pl.edu.icm.unity.types.authn.LocalCredentialState;
import pl.edu.icm.unity.types.authn.RememberMePolicy;
import pl.edu.icm.unity.types.basic.AttributeType;
import pl.edu.icm.unity.types.basic.EntityParam;
import pl.edu.icm.unity.types.basic.EntityState;
import pl.edu.icm.unity.types.basic.GroupContents;
import pl.edu.icm.unity.types.basic.Identity;
import pl.edu.icm.unity.types.basic.IdentityParam;
import pl.edu.icm.unity.types.basic.IdentityType;
import pl.edu.icm.unity.types.endpoint.EndpointConfiguration;
import pl.edu.icm.unity.types.endpoint.ResolvedEndpoint;
import pl.edu.icm.unity.types.translation.ProfileMode;
import pl.edu.icm.unity.types.translation.ProfileType;
import pl.edu.icm.unity.types.translation.TranslationProfile;

@Component
/* loaded from: input_file:pl/edu/icm/unity/engine/server/EngineInitialization.class */
public class EngineInitialization extends LifecycleBase {
    private static final Logger log = Log.getLogger("unity.server.config", UnityServerConfiguration.class);
    public static final int ENGINE_INITIALIZATION_MOMENT = 0;
    public static final String DEFAULT_CREDENTIAL = "sys:password";
    public static final String DEFAULT_CREDENTIAL_REQUIREMENT = "sys:all";

    @Autowired
    private MessageSource msg;

    @Autowired
    private InternalEndpointManagement internalEndpointManager;

    @Autowired
    @Qualifier("insecure")
    private EndpointManagement endpointManager;

    @Autowired
    private UnityServerConfiguration config;

    @Autowired
    private TransactionalRunner tx;

    @Autowired
    private AttributeTypeDAO attributeTypeDAO;

    @Autowired
    private AttributeTypeHelper atHelper;

    @Autowired
    private IdentityTypeDAO dbIdentities;

    @Autowired
    @Qualifier("insecure")
    private EntityManagement idManagement;

    @Autowired
    @Qualifier("insecure")
    private EntityCredentialManagement idCredManagement;

    @Autowired
    @Qualifier("insecure")
    private GroupsManagement groupManagement;

    @Autowired
    @Qualifier("insecure")
    private CredentialRequirementManagement credReqMan;

    @Autowired
    @Qualifier("insecure")
    private CredentialManagement credMan;

    @Autowired
    private IdentityCleaner identityCleaner;

    @Autowired
    @Qualifier("insecure")
    private AuthenticatorManagement authnManagement;

    @Autowired
    private AuthenticatorConfigurationDB authenticatorDAO;

    @Autowired
    private AuthenticationFlowDB authenticationFlowDAO;

    @Autowired
    @Qualifier("insecure")
    private AttributesManagement attrManagement;

    @Autowired
    private List<SystemAttributesProvider> sysTypeProviders;

    @Autowired
    private IdentityTypesRegistry idTypesReg;

    @Autowired
    private ExecutorsService executors;

    @Autowired
    private EndpointsUpdater endpointsUpdater;

    @Autowired
    private BulkOperationsUpdater bulkOperationsUpdater;

    @Autowired
    private EntitiesScheduledUpdater entitiesUpdater;

    @Autowired
    private AttributeStatementsCleaner attributeStatementsCleaner;

    @Autowired
    private NotificationChannelsLoader notificationChannelLoader;

    @Autowired
    private MessageTemplateInitializatior msgTemplateLoader;

    @Autowired
    private Optional<List<ServerInitializer>> initializers;

    @Autowired
    @Qualifier("insecure")
    private RealmsManagement realmManagement;

    @Autowired
    @Qualifier("insecure")
    private TranslationProfileManagement profilesManagement;

    @Autowired
    private SharedEndpointManagementImpl sharedEndpointManagement;

    @Autowired(required = false)
    private EmailConfirmationServletProvider confirmationServletFactory;

    @Autowired
    private EventProcessor eventsProcessor;

    @Autowired
    private ScriptTriggeringEventListener scriptEventsConsumer;

    @Autowired
    private AuditEventListener auditEventListener;

    @Autowired(required = false)
    private PublicWellKnownURLServletProvider publicWellKnownURLServlet;

    @Autowired
    TranslationProfileChecker profileHelper;

    @Autowired
    private SystemInputTranslationProfileProvider systemInputProfileProvider;

    @Autowired
    private SystemOutputTranslationProfileProvider systemOutputProfileProvider;

    @Autowired
    private CredentialRepository credRepo;

    @Autowired
    private EntityCredentialsHelper entityCredHelper;

    @Autowired
    @Qualifier("insecure")
    private AuthenticationFlowManagement authnFlowManagement;

    @Autowired(required = false)
    private AttributesContentPublicServletProvider attributesContentServletFactory;

    @Autowired
    @Qualifier("insecure")
    private PKIManagement pkiManagement;

    @Autowired
    private MessageRepository messageRepository;
    private long endpointsLoadTime;

    @Override // pl.edu.icm.unity.engine.utils.LifecycleBase
    public void start() {
        try {
            initializeMessageRepository();
            installEventListeners();
            this.endpointsLoadTime = System.currentTimeMillis();
            if (this.config.getBooleanValue("ignoreContentsReloadingFromConfiguration").booleanValue()) {
                log.info("Unity is configured to SKIP DATABASE LOADING FROM CONFIGURATION");
            } else {
                initializeDatabaseContents();
            }
            initializeBackgroundTasks();
            deployConfirmationServlet();
            deployAttributeContentPublicServlet();
            deployPublicWellKnownURLServlet();
            super.start();
        } catch (Exception e) {
            log.error("Fatal error initializating server.", e);
            throw e;
        }
    }

    private void initializeMessageRepository() {
        this.tx.runInTransaction(() -> {
            this.messageRepository.reload();
        });
    }

    public int getPhase() {
        return 0;
    }

    private void initializeBackgroundTasks() {
        int intValue = this.config.getIntValue("asyncStateUpdateInterval").intValue();
        this.endpointsUpdater.setInitialUpdate(this.endpointsLoadTime);
        this.executors.getScheduledService().scheduleWithFixedDelay(this.endpointsUpdater, intValue + (intValue / 10), intValue, TimeUnit.SECONDS);
        this.executors.getScheduledService().scheduleWithFixedDelay(this.bulkOperationsUpdater, intValue + 10, intValue, TimeUnit.SECONDS);
        this.executors.getScheduledService().scheduleWithFixedDelay(new Runnable() { // from class: pl.edu.icm.unity.engine.server.EngineInitialization.1
            @Override // java.lang.Runnable
            public void run() {
                try {
                    EngineInitialization.this.attributeStatementsCleaner.updateGroups();
                } catch (Exception e) {
                    EngineInitialization.log.error("Can't update groups attribute statements", e);
                }
            }
        }, intValue * 10, intValue * 10, TimeUnit.SECONDS);
        this.executors.getScheduledService().scheduleWithFixedDelay(new Runnable() { // from class: pl.edu.icm.unity.engine.server.EngineInitialization.2
            @Override // java.lang.Runnable
            public void run() {
                EngineInitialization.log.debug("Clearing expired identities");
                try {
                    EngineInitialization.this.tx.runInTransaction(() -> {
                        EngineInitialization.this.identityCleaner.removeExpiredIdentities();
                    });
                } catch (Exception e) {
                    EngineInitialization.log.error("Can't clean expired identities", e);
                }
            }
        }, intValue * 100, intValue * 100, TimeUnit.SECONDS);
        this.executors.getScheduledService().schedule(new Runnable() { // from class: pl.edu.icm.unity.engine.server.EngineInitialization.3
            @Override // java.lang.Runnable
            public void run() {
                try {
                    EngineInitialization.this.executors.getScheduledService().schedule(this, EngineInitialization.this.entitiesUpdater.updateEntities().getTime() - System.currentTimeMillis(), TimeUnit.MILLISECONDS);
                } catch (Exception e) {
                    EngineInitialization.log.error("Can't perform the scheduled entity operations", e);
                }
            }
        }, (int) (intValue * 0.5d), TimeUnit.SECONDS);
        try {
            Thread.sleep(1000 - (System.currentTimeMillis() - this.endpointsLoadTime));
        } catch (InterruptedException e) {
        }
    }

    public void initializeDatabaseContents() {
        boolean determineIfColdStart = determineIfColdStart();
        if (determineIfColdStart || !this.config.getBooleanValue("useConfiguredContentsOnFreshStartOnly").booleanValue()) {
            initializeSystemContentsFromConfigFile(determineIfColdStart);
        } else {
            initializeSystemContentsFromDBOnly();
        }
        this.eventsProcessor.fireEvent(new PersistableEvent(EventCategory.POST_INIT, Boolean.toString(determineIfColdStart)));
    }

    private void initializeSystemContentsFromConfigFile(boolean z) {
        initializeIdentityTypes();
        initializeSystemAttributeTypes();
        initializeAdminUser();
        initializeCredentials();
        initializeCredentialReqirements();
        this.notificationChannelLoader.initialize();
        this.msgTemplateLoader.initializeMsgTemplates();
        this.pkiManagement.loadCertificatesFromConfigFile();
        runInitializers();
        this.eventsProcessor.fireEvent(new PersistableEvent(EventCategory.PRE_INIT, Boolean.toString(z)));
        boolean booleanValue = this.config.getBooleanValue("fullyRecreateEndpointsAROnStartup").booleanValue();
        initializeTranslationProfiles(booleanValue);
        checkSystemTranslationProfiles();
        if (booleanValue) {
            removeERA();
        }
        initializeAuthenticators();
        initializeAuthenticationFlows();
        initializeRealms();
        initializeEndpoints();
    }

    private void initializeSystemContentsFromDBOnly() {
        loadCertificatesFromFileAfterMigration();
        initializeIdentityTypes();
        initializeSystemAttributeTypes();
        initializeAdminUser();
        this.notificationChannelLoader.initialize();
        runInitializers();
        this.eventsProcessor.fireEvent(new PersistableEvent(EventCategory.PRE_INIT, Boolean.toString(false)));
        deployPersistedEndpoints();
    }

    private void loadCertificatesFromFileAfterMigration() {
        try {
            if (this.pkiManagement.getAllCertificateNames().isEmpty()) {
                log.info("Loading certificates configured in files despite useConfiguredContentsOnFreshStartOnly as no certificates are present");
                this.pkiManagement.loadCertificatesFromConfigFile();
            }
        } catch (EngineException e) {
            throw new InternalException("Initialization problem: can't populate DB with trusted certificates", e);
        }
    }

    private void deployPersistedEndpoints() {
        try {
            this.internalEndpointManager.loadPersistedEndpoints();
            logEndpoints();
        } catch (EngineException e) {
            throw new InternalException("Initialization problem: can't deploy endpoints stored in DB", e);
        }
    }

    private boolean determineIfColdStart() {
        try {
            return ((List) this.tx.runInTransactionRet(() -> {
                return this.dbIdentities.getAll();
            })).isEmpty();
        } catch (Exception e) {
            throw new InternalException("Initialization problem when checking identity types.", e);
        }
    }

    private void installEventListeners() {
        this.eventsProcessor.addEventListener(this.scriptEventsConsumer);
        this.eventsProcessor.addEventListener(this.auditEventListener);
    }

    private void deployPublicWellKnownURLServlet() {
        deploySharedEndpointServletWithVaadinSupport(this.publicWellKnownURLServlet, "/pub", "public well-known URL");
    }

    private void deployConfirmationServlet() {
        deploySharedEndpointServletWithVaadinSupport(this.confirmationServletFactory, "/confirmation", "confirmation");
    }

    private void deployAttributeContentPublicServlet() {
        deploySharedEndpointServletWithoutVaadinSupport(this.attributesContentServletFactory, "/content", "public attribute exposure");
    }

    private void deploySharedEndpointServletWithVaadinSupport(ServletProvider servletProvider, String str, String str2) {
        deploySharedEndpointServlet(servletProvider, str, str2, true);
    }

    private void deploySharedEndpointServletWithoutVaadinSupport(ServletProvider servletProvider, String str, String str2) {
        deploySharedEndpointServlet(servletProvider, str, str2, false);
    }

    private void deploySharedEndpointServlet(ServletProvider servletProvider, String str, String str2, boolean z) {
        if (servletProvider == null) {
            log.info("{} servlet factory is not available, skipping its deploymnet", str2);
            return;
        }
        log.info("Deploing {} servlet", str2);
        ServletHolder serviceServlet = servletProvider.getServiceServlet();
        List serviceFilters = servletProvider.getServiceFilters();
        try {
            this.sharedEndpointManagement.deployInternalEndpointServlet(str, serviceServlet, z);
            Iterator it = serviceFilters.iterator();
            while (it.hasNext()) {
                this.sharedEndpointManagement.deployInternalEndpointFilter(str, (FilterHolder) it.next());
            }
        } catch (EngineException e) {
            throw new InternalException("Can not deploy " + str2 + " servlet", e);
        }
    }

    private void initializeIdentityTypes() {
        log.info("Checking if all identity types are defined");
        Collection all = this.idTypesReg.getAll();
        this.tx.runInTransaction(() -> {
            Map allAsMap = this.dbIdentities.getAllAsMap();
            Iterator it = all.iterator();
            while (it.hasNext()) {
                IdentityTypeDefinition identityTypeDefinition = (IdentityTypeDefinition) it.next();
                if (!allAsMap.containsKey(identityTypeDefinition.getId())) {
                    log.info("Adding identity type " + identityTypeDefinition.getId());
                    IdentityType identityType = new IdentityType(identityTypeDefinition.getId(), identityTypeDefinition.getId());
                    identityType.setDescription(this.msg.getMessage(identityTypeDefinition.getDefaultDescriptionKey(), new Object[0]));
                    this.dbIdentities.create(identityType);
                }
            }
        });
    }

    private void initializeSystemAttributeTypes() {
        log.info("Checking if all system attribute types are defined");
        this.tx.runInTransaction(() -> {
            Map allAsMap = this.attributeTypeDAO.getAllAsMap();
            for (SystemAttributesProvider systemAttributesProvider : this.sysTypeProviders) {
                for (AttributeType attributeType : systemAttributesProvider.getSystemAttributes()) {
                    AttributeType attributeType2 = (AttributeType) allAsMap.get(attributeType.getName());
                    if (attributeType2 == null) {
                        log.info("Adding a system attribute type: " + attributeType.getName());
                        this.atHelper.setDefaultSyntaxConfiguration(attributeType);
                        this.attributeTypeDAO.create(attributeType);
                    } else if (systemAttributesProvider.requiresUpdate(attributeType2)) {
                        log.info("Updating a system attribute type: " + attributeType.getName());
                        this.attributeTypeDAO.update(attributeType);
                    }
                }
            }
        });
    }

    private void initializeAdminUser() {
        try {
            String value = this.config.getValue("initialAdminUsername");
            if (value == null) {
                return;
            }
            String value2 = this.config.getValue("initialAdminPassword");
            IdentityParam identityParam = new IdentityParam("userName", value);
            try {
                this.idManagement.getEntity(new EntityParam(identityParam));
                log.info("There is a user " + value + " in the database, admin account will not be created. It is a good idea to remove or comment the initialAdminUsername setting from the main configuration file to disable this message and use it only to add a default user in case of locked access.");
            } catch (UnknownIdentityException e) {
                log.info("Database contains no admin user, creating the configured admin user");
                CredentialDefinition credentialDefinition = this.credRepo.get(DEFAULT_CREDENTIAL);
                EntityParam entityParam = new EntityParam(Long.valueOf(createAdminSafe(identityParam, "sys:all").getEntityId()));
                PasswordToken passwordToken = new PasswordToken(value2);
                this.tx.runInTransactionThrowing(() -> {
                    this.entityCredHelper.setEntityCredentialInternalWithoutVerify(entityParam.getEntityId().longValue(), credentialDefinition.getName(), passwordToken.toJson());
                });
                if (this.config.getBooleanValue("initialAdminOutdated").booleanValue()) {
                    this.idCredManagement.setEntityCredentialStatus(entityParam, credentialDefinition.getName(), LocalCredentialState.outdated);
                }
                this.attrManagement.createAttribute(entityParam, EnumAttribute.of(RoleAttributeTypeProvider.AUTHORIZATION_ROLE, "/", Lists.newArrayList(new String[]{InternalAuthorizationManagerImpl.SYSTEM_MANAGER_ROLE})));
                log.warn("IMPORTANT:\nDatabase was initialized with a default admin user and password. Log in and change the admin's password immediatelly! U: " + value + " P: " + value2 + "\nThe credential used for this user is named: '" + credentialDefinition.getName() + "' make sure that this credential is enabled for the admin UI endpoint. If not add an authenticator using this credential to the admin endpoint.");
            }
        } catch (EngineException e2) {
            throw new InternalException("Initialization problem when creating admin user", e2);
        }
    }

    private Identity createAdminSafe(IdentityParam identityParam, String str) throws EngineException {
        try {
            return this.idManagement.addEntity(identityParam, str, EntityState.valid);
        } catch (SchemaConsistencyException e) {
            log.warn("There was a schema consistency error adding the admin user. All attribute classes of the '/' group will be removed. Error: " + e.toString());
            GroupContents contents = this.groupManagement.getContents("/", 8);
            log.info("Removing ACs: " + contents.getGroup().getAttributesClasses());
            contents.getGroup().setAttributesClasses(new HashSet());
            this.groupManagement.updateGroup("/", contents.getGroup(), "reset root group attributes", "");
            return this.idManagement.addEntity(identityParam, str, EntityState.valid);
        }
    }

    private void removeERA() {
        try {
            log.info("Removing all persisted endpoints");
            this.internalEndpointManager.removeAllPersistedEndpoints();
            try {
                log.info("Removing all persisted realms");
                Iterator it = this.realmManagement.getRealms().iterator();
                while (it.hasNext()) {
                    this.realmManagement.removeRealm(((AuthenticationRealm) it.next()).getName());
                }
                log.info("Removing all persisted authenticators");
                this.tx.runInTransaction(() -> {
                    this.authenticatorDAO.deleteAll();
                });
                log.info("Removing all persisted authentication flows");
                this.tx.runInTransaction(() -> {
                    this.authenticationFlowDAO.deleteAll();
                });
            } catch (EngineException e) {
                log.fatal("Can't remove realms which are stored in database", e);
                throw new InternalException("Can't remove realms which are stored in database", e);
            }
        } catch (EngineException e2) {
            log.fatal("Can't remove endpoints which are stored in database", e2);
            throw new InternalException("Can't restore endpoints which are stored in database", e2);
        }
    }

    private void initializeRealms() {
        try {
            log.info("Loading configured realms");
            Collection realms = this.realmManagement.getRealms();
            for (String str : this.config.getStructuredListKeys("realms.")) {
                String value = this.config.getValue(str + "realmName");
                String value2 = this.config.getValue(str + "realmDescription");
                int intValue = this.config.getIntValue(str + "blockAfterUnsuccessfulLogins").intValue();
                int intValue2 = this.config.getIntValue(str + "blockFor").intValue();
                RememberMePolicy enumValue = this.config.getEnumValue(str + "machineRememberPolicy", RememberMePolicy.class);
                int intValue3 = this.config.getIntValue(str + "enableRememberMeFor").intValue();
                int intValue4 = this.config.getIntValue(str + "maxInactivity").intValue();
                AuthenticationRealm authenticationRealm = new AuthenticationRealm(value, value2, intValue, intValue2, enumValue, intValue3, intValue4);
                if (realms.stream().filter(authenticationRealm2 -> {
                    return authenticationRealm2.getName().equals(value);
                }).findAny().isPresent()) {
                    this.realmManagement.updateRealm(authenticationRealm);
                } else {
                    this.realmManagement.addRealm(authenticationRealm);
                }
                log.info(" - " + value + ": " + (value2 == null ? "" : value2) + " [blockAfter " + intValue + ", blockFor " + intValue2 + ", rememberMePolicy " + enumValue.toString() + ", rememberMeFor " + intValue3 + ", maxInactive " + intValue4);
            }
        } catch (EngineException e) {
            log.fatal("Can't add realms which are defined in configuration", e);
            throw new InternalException("Can't add realms which are defined in configuration", e);
        }
    }

    private void initializeEndpoints() {
        try {
            loadEndpointsFromConfiguration();
            logEndpoints();
        } catch (Exception e) {
            log.fatal("Can't load endpoints which are configured", e);
            throw new InternalException("Can't load endpoints which are configured", e);
        }
    }

    private void logEndpoints() {
        try {
            List<ResolvedEndpoint> deployedEndpoints = this.endpointManager.getDeployedEndpoints();
            log.info("Initialized the following endpoints:");
            for (ResolvedEndpoint resolvedEndpoint : deployedEndpoints) {
                log.info(" - " + resolvedEndpoint.getName() + ": " + resolvedEndpoint.getType().getName() + " " + resolvedEndpoint.getEndpoint().getConfiguration().getDescription() + " at " + resolvedEndpoint.getEndpoint().getContextAddress() + (resolvedEndpoint.getRealm() == null ? "" : " in realm " + resolvedEndpoint.getRealm().getName()));
            }
            this.endpointsLoadTime = System.currentTimeMillis();
        } catch (Exception e) {
            log.fatal("Can't list loaded endpoints", e);
            throw new InternalException("Can't list loaded endpoints", e);
        }
    }

    private void loadEndpointsFromConfiguration() throws IOException, EngineException {
        log.info("Loading all configured endpoints");
        List deployedEndpoints = this.endpointManager.getDeployedEndpoints();
        for (String str : this.config.getStructuredListKeys("endpoints.")) {
            String value = this.config.getValue(str + "endpointDescription");
            String value2 = this.config.getValue(str + "endpointType");
            File fileValue = this.config.getFileValue(str + "endpointConfigurationFile", false);
            String value3 = this.config.getValue(str + "contextPath");
            String value4 = this.config.getValue(str + "endpointName");
            if (deployedEndpoints.stream().filter(resolvedEndpoint -> {
                return resolvedEndpoint.getName().equals(value4);
            }).findAny().isPresent()) {
                log.info("Endpoint " + value4 + " is present in database, will be updated from configuration");
                this.endpointManager.undeploy(value4);
            }
            I18nString localizedString = this.config.getLocalizedString(this.msg, str + "endpointDisplayedName");
            if (localizedString.isEmpty()) {
                localizedString.setDefaultValue(value4);
            }
            String value5 = this.config.getValue(str + "endpointRealm");
            List endpointAuth = this.config.getEndpointAuth(str);
            String readFileToString = FileUtils.readFileToString(fileValue, Charset.defaultCharset());
            log.info(" - " + value4 + ": " + value2 + " " + value);
            EndpointConfiguration endpointConfiguration = new EndpointConfiguration(localizedString, value, endpointAuth, readFileToString, value5);
            endpointConfiguration.setTag(this.config.getValue(str + "endpointConfigurationFile"));
            this.endpointManager.deploy(value2, value4, value3, endpointConfiguration);
        }
    }

    private void initializeAuthenticationFlows() {
        try {
            loadAuthenticationFlowsFromConfiguration();
        } catch (Exception e) {
            log.fatal("Can't load authentication flows which are configured", e);
            throw new InternalException("Can't load authentication flows which are configured", e);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v62, types: [java.util.List] */
    private void loadAuthenticationFlowsFromConfiguration() throws EngineException {
        log.info("Loading all configured authentication flows");
        Set set = (Set) this.authnManagement.getAuthenticators((String) null).stream().map(authenticatorInfo -> {
            return authenticatorInfo.getId();
        }).collect(Collectors.toSet());
        Collection<AuthenticationFlowDefinition> authenticationFlows = this.authnFlowManagement.getAuthenticationFlows();
        HashMap hashMap = new HashMap();
        for (AuthenticationFlowDefinition authenticationFlowDefinition : authenticationFlows) {
            hashMap.put(authenticationFlowDefinition.getName(), authenticationFlowDefinition);
        }
        for (String str : this.config.getStructuredListKeys("authenticationFlow.")) {
            String value = this.config.getValue(str + "authenticationFlowName");
            if (set.contains(value)) {
                throw new InternalException("Can't add authentication flow which are defined in configuration. The authentication flow name: " + value + " is the same as one of authenticator name");
            }
            AuthenticationFlowDefinition.Policy enumValue = this.config.getEnumValue(str + "authenticationFlowPolicy", AuthenticationFlowDefinition.Policy.class);
            LinkedHashSet linkedHashSet = new LinkedHashSet(Arrays.asList(this.config.getValue(str + "firstFactorAuthenticators").split(",")));
            String value2 = this.config.getValue(str + "secondFactorAuthenticators");
            ArrayList arrayList = new ArrayList();
            if (value2 != null && !value2.isEmpty()) {
                arrayList = Arrays.asList(value2.split(","));
            }
            AuthenticationFlowDefinition authenticationFlowDefinition2 = new AuthenticationFlowDefinition(value, enumValue, linkedHashSet, arrayList);
            if (hashMap.containsKey(value)) {
                this.authnFlowManagement.updateAuthenticationFlow(authenticationFlowDefinition2);
                log.info(" - " + value + " [" + enumValue.toString() + "] (updated)");
            } else {
                this.authnFlowManagement.addAuthenticationFlow(authenticationFlowDefinition2);
                log.info(" - " + value + " [" + enumValue.toString() + "]");
            }
        }
    }

    private void initializeAuthenticators() {
        try {
            loadAuthenticatorsFromConfiguration();
        } catch (Exception e) {
            log.fatal("Can't load authenticators which are configured", e);
            throw new InternalException("Can't load authenticators which are configured", e);
        }
    }

    private void loadAuthenticatorsFromConfiguration() throws IOException, EngineException {
        log.info("Loading all configured authenticators");
        Collection<AuthenticatorInfo> authenticators = this.authnManagement.getAuthenticators((String) null);
        HashMap hashMap = new HashMap();
        for (AuthenticatorInfo authenticatorInfo : authenticators) {
            hashMap.put(authenticatorInfo.getId(), authenticatorInfo);
        }
        for (String str : this.config.getStructuredListKeys("authenticators.")) {
            String value = this.config.getValue(str + "authenticatorName");
            String value2 = this.config.getValue(str + "authenticatorType");
            File fileValue = this.config.getFileValue(str + "configurationFile", false);
            String value3 = this.config.getValue(str + "localCredential");
            String readFileToString = fileValue == null ? null : FileUtils.readFileToString(fileValue, StandardCharsets.UTF_8);
            if (hashMap.containsKey(value)) {
                this.authnManagement.updateAuthenticator(value, readFileToString, value3);
                log.info(" - " + value + " [" + value2 + "] (updated)");
            } else {
                this.authnManagement.createAuthenticator(value, value2, readFileToString, value3);
                log.info(" - " + value + " [" + value2 + "]");
            }
        }
    }

    private void initializeCredentials() {
        try {
            loadCredentialsFromConfiguration();
        } catch (Exception e) {
            log.fatal("Can't load credentials which are configured", e);
            throw new InternalException("Can't load credentials which are configured", e);
        }
    }

    private void loadCredentialsFromConfiguration() throws IOException, EngineException {
        log.info("Loading all configured credentials");
        Collection<CredentialDefinition> credentialDefinitions = this.credMan.getCredentialDefinitions();
        HashMap hashMap = new HashMap();
        for (CredentialDefinition credentialDefinition : credentialDefinitions) {
            hashMap.put(credentialDefinition.getName().toLowerCase(), credentialDefinition);
        }
        for (String str : this.config.getStructuredListKeys("credentials.")) {
            String value = this.config.getValue(str + "credentialName");
            String value2 = this.config.getValue(str + "credentialType");
            String value3 = this.config.getValue(str + "credentialDescription");
            String readFileToString = FileUtils.readFileToString(this.config.getFileValue(str + "credentialConfigurationFile", false), Charset.defaultCharset());
            CredentialDefinition credentialDefinition2 = new CredentialDefinition(value2, value, new I18nString(value), new I18nString(value3));
            credentialDefinition2.setConfiguration(readFileToString);
            if (!hashMap.containsKey(value.toLowerCase())) {
                this.credMan.addCredentialDefinition(credentialDefinition2);
                log.info(" - " + value + " [" + value2 + "]");
            }
        }
    }

    private void initializeCredentialReqirements() {
        try {
            loadCredentialRequirementsFromConfiguration();
        } catch (Exception e) {
            log.fatal("Can't load configured credential requirements", e);
            throw new InternalException("Can't load configured credential requirements", e);
        }
    }

    private void loadCredentialRequirementsFromConfiguration() throws IOException, EngineException {
        log.info("Loading all configured credential requirements");
        Collection<CredentialRequirements> credentialRequirements = this.credReqMan.getCredentialRequirements();
        HashMap hashMap = new HashMap();
        for (CredentialRequirements credentialRequirements2 : credentialRequirements) {
            hashMap.put(credentialRequirements2.getName(), credentialRequirements2);
        }
        for (String str : this.config.getStructuredListKeys("credentialRequirements.")) {
            String value = this.config.getValue(str + "credentialReqName");
            String value2 = this.config.getValue(str + "credentialReqDescription");
            List listOfValues = this.config.getListOfValues(str + "credentialReqContents.");
            HashSet hashSet = new HashSet();
            hashSet.addAll(listOfValues);
            CredentialRequirements credentialRequirements3 = new CredentialRequirements(value, value2, hashSet);
            if (!hashMap.containsKey(value)) {
                this.credReqMan.addCredentialRequirement(credentialRequirements3);
                log.info(" - " + value + " " + listOfValues.toString());
            }
        }
    }

    private void initializeTranslationProfiles(boolean z) {
        List<String> listOfValues = this.config.getListOfValues("translationProfiles.");
        try {
            Map listInputProfiles = this.profilesManagement.listInputProfiles();
            Map listOutputProfiles = this.profilesManagement.listOutputProfiles();
            log.info("Loading configured translation profiles");
            for (String str : listOfValues) {
                try {
                    TranslationProfile translationProfile = new TranslationProfile(JsonUtil.parse(FileUtils.readFileToString(new File(str), Charset.defaultCharset())));
                    try {
                        if ((translationProfile.getProfileType() != ProfileType.INPUT || !listInputProfiles.containsKey(translationProfile.getName())) && (translationProfile.getProfileType() != ProfileType.OUTPUT || !listOutputProfiles.containsKey(translationProfile.getName()))) {
                            this.profilesManagement.addProfile(translationProfile);
                            log.info(" - loaded translation profile: " + translationProfile.getName() + " from file: " + str);
                        } else if (z) {
                            this.profilesManagement.updateProfile(translationProfile);
                            log.info(" - updated the in-DB translation profile : " + translationProfile.getName() + " with file definition: " + str);
                        }
                    } catch (Exception e) {
                        throw new InternalException("Can't install the configured translation profile " + translationProfile.getName(), e);
                    }
                } catch (IOException e2) {
                    throw new ConfigurationException("Problem loading translation profile from file: " + str, e2);
                }
            }
        } catch (EngineException e3) {
            throw new InternalException("Can't list the existing translation profiles", e3);
        }
    }

    private void checkProfiles(Collection<TranslationProfile> collection) {
        for (TranslationProfile translationProfile : collection) {
            if (translationProfile.getProfileMode() != ProfileMode.READ_ONLY) {
                throw new IllegalArgumentException("System profile " + translationProfile + " is not in READ_ONLY mode");
            }
            this.profileHelper.checkBaseProfileContent(translationProfile);
        }
    }

    private void checkSystemTranslationProfiles() {
        checkProfiles(this.systemInputProfileProvider.getSystemProfiles().values());
        checkProfiles(this.systemOutputProfileProvider.getSystemProfiles().values());
    }

    private void runInitializers() {
        List<String> listOfValues = this.config.getListOfValues("initializers.");
        HashMap hashMap = new HashMap();
        for (ServerInitializer serverInitializer : this.initializers.orElseGet(ArrayList::new)) {
            hashMap.put(serverInitializer.getName(), serverInitializer);
        }
        for (String str : listOfValues) {
            log.info("Running initializer: " + str);
            if (((ServerInitializer) hashMap.get(str)) == null) {
                throw new ConfigurationException("There is no content intializer " + str + " defined in the system");
            }
            ((ServerInitializer) hashMap.get(str)).run();
        }
    }
}
