package pl.edu.icm.unity.engine.endpoint;

import eu.unicore.util.configuration.ConfigurationException;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.engine.api.authn.AuthenticationFlow;
import pl.edu.icm.unity.engine.api.authn.AuthenticatorInstance;
import pl.edu.icm.unity.engine.api.endpoint.EndpointInstance;
import pl.edu.icm.unity.engine.utils.ScheduledUpdaterBase;
import pl.edu.icm.unity.exceptions.EngineException;
import pl.edu.icm.unity.store.api.generic.AuthenticationFlowDB;
import pl.edu.icm.unity.store.api.generic.AuthenticatorConfigurationDB;
import pl.edu.icm.unity.store.api.generic.EndpointDB;
import pl.edu.icm.unity.store.api.generic.RealmDB;
import pl.edu.icm.unity.store.api.tx.TransactionalRunner;
import pl.edu.icm.unity.store.types.AuthenticatorConfiguration;
import pl.edu.icm.unity.types.authn.AuthenticationFlowDefinition;
import pl.edu.icm.unity.types.authn.AuthenticationRealm;
import pl.edu.icm.unity.types.endpoint.Endpoint;

@Component
/* loaded from: input_file:pl/edu/icm/unity/engine/endpoint/EndpointsUpdater.class */
public class EndpointsUpdater extends ScheduledUpdaterBase {
    private static final Logger log = Log.getLogger("unity.server.core", EndpointsUpdater.class);
    private InternalEndpointManagement endpointMan;
    private EndpointDB endpointDB;
    private RealmDB realmDB;
    private AuthenticatorConfigurationDB authnDB;
    private AuthenticationFlowDB authnFlowDB;
    private EndpointInstanceLoader loader;
    private TransactionalRunner tx;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:pl/edu/icm/unity/engine/endpoint/EndpointsUpdater$EndpointConfigurationException.class */
    public static class EndpointConfigurationException extends EngineException {
        final Endpoint endpoint;
        final ConfigurationException exception;

        EndpointConfigurationException(Endpoint endpoint, ConfigurationException configurationException) {
            this.endpoint = endpoint;
            this.exception = configurationException;
        }
    }

    @Autowired
    public EndpointsUpdater(TransactionalRunner transactionalRunner, InternalEndpointManagement internalEndpointManagement, EndpointDB endpointDB, AuthenticatorConfigurationDB authenticatorConfigurationDB, AuthenticationFlowDB authenticationFlowDB, EndpointInstanceLoader endpointInstanceLoader, RealmDB realmDB) {
        super("endpoints");
        this.tx = transactionalRunner;
        this.endpointMan = internalEndpointManagement;
        this.endpointDB = endpointDB;
        this.authnDB = authenticatorConfigurationDB;
        this.loader = endpointInstanceLoader;
        this.authnFlowDB = authenticationFlowDB;
        this.realmDB = realmDB;
    }

    /* JADX WARN: Type inference failed for: r10v1, types: [java.lang.Throwable, pl.edu.icm.unity.engine.endpoint.EndpointsUpdater$EndpointConfigurationException] */
    @Override // pl.edu.icm.unity.engine.utils.ScheduledUpdaterBase
    protected void updateInternal() throws EngineException {
        List<EndpointInstance> deployedEndpoints = this.endpointMan.getDeployedEndpoints();
        HashSet hashSet = new HashSet();
        HashMap hashMap = new HashMap();
        for (EndpointInstance endpointInstance : deployedEndpoints) {
            hashMap.put(endpointInstance.getEndpointDescription().getName(), endpointInstance);
        }
        log.debug("Running periodic endpoints update task. There are " + deployedEndpoints.size() + " deployed endpoints.");
        try {
            this.tx.runInTransactionThrowing(() -> {
                Map<String, AuthenticationRealm> allAsMap = this.realmDB.getAllAsMap();
                long roundToS = roundToS(System.currentTimeMillis());
                List<Endpoint> all = this.endpointDB.getAll();
                log.debug("There are " + all.size() + " endpoints in DB.");
                for (Endpoint endpoint : all) {
                    if (!endpoint.getState().equals(Endpoint.EndpointState.UNDEPLOYED)) {
                        hashSet.add(updateEndpoint(endpoint, hashMap, allAsMap).getEndpointDescription().getName());
                    }
                }
                setLastUpdate(roundToS);
                undeployInactive(hashSet, deployedEndpoints);
            });
        } catch (EndpointConfigurationException e) {
            log.error("Can not update endpoint", (Throwable) e);
            undeployAndChangeStateToUndeployedWhenInvalidConfiguration(e.endpoint);
            throw e.exception;
        }
    }

    private EndpointInstance updateEndpoint(Endpoint endpoint, Map<String, EndpointInstance> map, Map<String, AuthenticationRealm> map2) throws EngineException {
        String name = endpoint.getName();
        EndpointInstance endpointInstance = map.get(name);
        EndpointInstance endpointInstance2 = null;
        if (endpointInstance == null) {
            endpointInstance2 = createEndpointInstance(endpoint);
            log.info("Endpoint " + name + " will be deployed");
            this.endpointMan.deploy(endpointInstance2);
        } else if (endpoint.getRevision() > endpointInstance.getEndpointDescription().getEndpoint().getRevision() || hasChangedRealm(endpointInstance, map2)) {
            endpointInstance2 = createEndpointInstance(endpoint);
            log.info("Endpoint " + name + " will be re-deployed");
            this.endpointMan.undeploy(name);
            this.endpointMan.deploy(endpointInstance2);
        } else if (hasChangedAuthenticationFlow(endpointInstance)) {
            endpointInstance2 = createEndpointInstance(endpoint);
            updateEndpointAuthenticators(name, endpointInstance2, map);
        } else if (hasChangedAuthenticator(endpointInstance)) {
            endpointInstance2 = createEndpointInstance(endpoint);
            updateEndpointAuthenticators(name, endpointInstance2, map);
        }
        return endpointInstance2 == null ? endpointInstance : endpointInstance2;
    }

    private EndpointInstance createEndpointInstance(Endpoint endpoint) throws EndpointConfigurationException {
        try {
            return this.loader.createEndpointInstance(endpoint);
        } catch (ConfigurationException e) {
            throw new EndpointConfigurationException(endpoint, e);
        }
    }

    private void undeployAndChangeStateToUndeployedWhenInvalidConfiguration(Endpoint endpoint) throws EngineException {
        this.tx.runInTransactionThrowing(() -> {
            this.endpointMan.undeploy(endpoint.getName());
            this.endpointDB.update(new Endpoint(endpoint.getName(), endpoint.getTypeId(), endpoint.getContextAddress(), endpoint.getConfiguration(), endpoint.getRevision() + 1, Endpoint.EndpointState.UNDEPLOYED));
        });
    }

    private void updateEndpointAuthenticators(String str, EndpointInstance endpointInstance, Map<String, EndpointInstance> map) throws EngineException {
        log.info("Endpoint " + str + " will have its authenticators updated");
        try {
            map.get(str).updateAuthenticationFlows(endpointInstance.getAuthenticationFlows());
        } catch (UnsupportedOperationException e) {
            log.info("Endpoint " + str + " doesn't support authenticators update so will be redeployed");
            this.endpointMan.undeploy(endpointInstance.getEndpointDescription().getEndpoint().getName());
            this.endpointMan.deploy(endpointInstance);
        }
    }

    private boolean hasChangedRealm(EndpointInstance endpointInstance, Map<String, AuthenticationRealm> map) {
        AuthenticationRealm realm = endpointInstance.getEndpointDescription().getRealm();
        return (realm == null || map.get(realm.getName()).equals(realm)) ? false : true;
    }

    private boolean hasChangedAuthenticator(EndpointInstance endpointInstance) {
        HashMap hashMap = new HashMap();
        Iterator it = endpointInstance.getAuthenticationFlows().iterator();
        while (it.hasNext()) {
            for (AuthenticatorInstance authenticatorInstance : ((AuthenticationFlow) it.next()).getAllAuthenticators()) {
                hashMap.put(authenticatorInstance.getRetrieval().getAuthenticatorId(), Long.valueOf(authenticatorInstance.getRevision()));
            }
        }
        Map allAsMap = this.authnDB.getAllAsMap();
        for (String str : hashMap.keySet()) {
            AuthenticatorConfiguration authenticatorConfiguration = (AuthenticatorConfiguration) allAsMap.get(str);
            if (authenticatorConfiguration != null && authenticatorConfiguration.getRevision() > ((Long) hashMap.get(str)).longValue()) {
                return true;
            }
        }
        return false;
    }

    private boolean hasChangedAuthenticationFlow(EndpointInstance endpointInstance) {
        Map allAsMap = this.authnFlowDB.getAllAsMap();
        for (AuthenticationFlow authenticationFlow : endpointInstance.getAuthenticationFlows()) {
            AuthenticationFlowDefinition authenticationFlowDefinition = (AuthenticationFlowDefinition) allAsMap.get(authenticationFlow.getId());
            if (authenticationFlowDefinition != null && authenticationFlowDefinition.getRevision() > authenticationFlow.getRevision()) {
                return true;
            }
        }
        return false;
    }

    private void undeployInactive(Set<String> set, Collection<EndpointInstance> collection) throws EngineException {
        Iterator<EndpointInstance> it = collection.iterator();
        while (it.hasNext()) {
            String name = it.next().getEndpointDescription().getName();
            if (!set.contains(name)) {
                log.info("Undeploying endpoint: " + name);
                this.endpointMan.undeploy(name);
            }
        }
    }
}
