package org.keycloak.keys.infinispan;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.FutureTask;
import org.infinispan.Cache;
import org.jboss.logging.Logger;
import org.keycloak.Config;
import org.keycloak.connections.infinispan.InfinispanConnectionProvider;
import org.keycloak.jose.jwk.JWK;
import org.keycloak.keys.PublicKeyStorageProvider;
import org.keycloak.keys.PublicKeyStorageProviderFactory;
import org.keycloak.keys.PublicKeyStorageUtils;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.RealmModel;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.provider.ProviderConfigurationBuilder;
import org.keycloak.provider.ProviderEvent;
import org.keycloak.provider.ProviderEventListener;

/* loaded from: input_file:org/keycloak/keys/infinispan/InfinispanPublicKeyStorageProviderFactory.class */
public class InfinispanPublicKeyStorageProviderFactory implements PublicKeyStorageProviderFactory {
    private static final Logger log = Logger.getLogger(InfinispanPublicKeyStorageProviderFactory.class);
    public static final String PROVIDER_ID = "infinispan";
    private volatile Cache<String, PublicKeysEntry> keysCache;
    private final Map<String, FutureTask<PublicKeysEntry>> tasksInProgress = new ConcurrentHashMap();
    private int minTimeBetweenRequests;
    private int maxCacheTime;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/keycloak/keys/infinispan/InfinispanPublicKeyStorageProviderFactory$SessionAndKeyHolder.class */
    public static class SessionAndKeyHolder {
        private final KeycloakSession session;
        private final ArrayList<String> cacheKeys;

        public SessionAndKeyHolder(KeycloakSession keycloakSession, ArrayList<String> arrayList) {
            this.session = keycloakSession;
            this.cacheKeys = arrayList;
        }
    }

    /* renamed from: create, reason: merged with bridge method [inline-methods] */
    public PublicKeyStorageProvider m39create(KeycloakSession keycloakSession) {
        lazyInit(keycloakSession);
        return new InfinispanPublicKeyStorageProvider(keycloakSession, this.keysCache, this.tasksInProgress, this.minTimeBetweenRequests, this.maxCacheTime);
    }

    public List<ProviderConfigProperty> getConfigMetadata() {
        return ProviderConfigurationBuilder.create().property().name("minTimeBetweenRequests").type("int").helpText("Minimum interval in seconds between two requests to retrieve the new public keys. The server will always try to download new public keys when a single key is requested and not found. However it will avoid the download if the previous refresh was done less than 10 seconds ago (by default). This behavior is used to avoid DoS attacks against the external keys endpoint.").defaultValue(10).add().property().name("maxCacheTime").type("int").helpText("Maximum interval in seconds that keys are cached when they are retrieved via all keys methods. When all keys for the entry are retrieved there is no way to detect if a key is missing (different to the case when the key is retrieved via ID for example). In that situation this option forces a refresh from time to time. Default 24 hours.").defaultValue(86400).add().build();
    }

    private void lazyInit(KeycloakSession keycloakSession) {
        if (this.keysCache == null) {
            synchronized (this) {
                if (this.keysCache == null) {
                    this.keysCache = ((InfinispanConnectionProvider) keycloakSession.getProvider(InfinispanConnectionProvider.class)).getCache(InfinispanConnectionProvider.KEYS_CACHE_NAME);
                }
            }
        }
    }

    public void init(Config.Scope scope) {
        this.minTimeBetweenRequests = scope.getInt("minTimeBetweenRequests", 10).intValue();
        this.maxCacheTime = scope.getInt("maxCacheTime", 86400).intValue();
        log.debugf("minTimeBetweenRequests is %d maxCacheTime is %d", this.minTimeBetweenRequests, this.maxCacheTime);
    }

    public void postInit(KeycloakSessionFactory keycloakSessionFactory) {
        keycloakSessionFactory.register(new ProviderEventListener() { // from class: org.keycloak.keys.infinispan.InfinispanPublicKeyStorageProviderFactory.1
            public void onEvent(ProviderEvent providerEvent) {
                SessionAndKeyHolder cacheKeyToInvalidate;
                if (InfinispanPublicKeyStorageProviderFactory.this.keysCache == null || (cacheKeyToInvalidate = InfinispanPublicKeyStorageProviderFactory.this.getCacheKeyToInvalidate(providerEvent)) == null) {
                    return;
                }
                InfinispanPublicKeyStorageProviderFactory.log.debugf("Invalidating %s from keysCache", cacheKeyToInvalidate);
                InfinispanPublicKeyStorageProvider provider = cacheKeyToInvalidate.session.getProvider(PublicKeyStorageProvider.class, InfinispanPublicKeyStorageProviderFactory.this.getId());
                Iterator<String> it = cacheKeyToInvalidate.cacheKeys.iterator();
                while (it.hasNext()) {
                    provider.addInvalidation(it.next());
                }
            }
        });
    }

    private SessionAndKeyHolder getCacheKeyToInvalidate(ProviderEvent providerEvent) {
        ArrayList arrayList = new ArrayList();
        if (providerEvent instanceof ClientModel.ClientUpdatedEvent) {
            ClientModel.ClientUpdatedEvent clientUpdatedEvent = (ClientModel.ClientUpdatedEvent) providerEvent;
            arrayList.add(PublicKeyStorageUtils.getClientModelCacheKey(clientUpdatedEvent.getUpdatedClient().getRealm().getId(), clientUpdatedEvent.getUpdatedClient().getId(), JWK.Use.SIG));
            arrayList.add(PublicKeyStorageUtils.getClientModelCacheKey(clientUpdatedEvent.getUpdatedClient().getRealm().getId(), clientUpdatedEvent.getUpdatedClient().getId(), JWK.Use.ENCRYPTION));
            return new SessionAndKeyHolder(clientUpdatedEvent.getKeycloakSession(), arrayList);
        }
        if (providerEvent instanceof ClientModel.ClientRemovedEvent) {
            ClientModel.ClientRemovedEvent clientRemovedEvent = (ClientModel.ClientRemovedEvent) providerEvent;
            arrayList.add(PublicKeyStorageUtils.getClientModelCacheKey(clientRemovedEvent.getClient().getRealm().getId(), clientRemovedEvent.getClient().getId(), JWK.Use.SIG));
            arrayList.add(PublicKeyStorageUtils.getClientModelCacheKey(clientRemovedEvent.getClient().getRealm().getId(), clientRemovedEvent.getClient().getId(), JWK.Use.ENCRYPTION));
            return new SessionAndKeyHolder(clientRemovedEvent.getKeycloakSession(), arrayList);
        }
        if (providerEvent instanceof RealmModel.IdentityProviderUpdatedEvent) {
            RealmModel.IdentityProviderUpdatedEvent identityProviderUpdatedEvent = (RealmModel.IdentityProviderUpdatedEvent) providerEvent;
            arrayList.add(PublicKeyStorageUtils.getIdpModelCacheKey(identityProviderUpdatedEvent.getRealm().getId(), identityProviderUpdatedEvent.getUpdatedIdentityProvider().getInternalId()));
            return new SessionAndKeyHolder(identityProviderUpdatedEvent.getKeycloakSession(), arrayList);
        }
        if (!(providerEvent instanceof RealmModel.IdentityProviderRemovedEvent)) {
            return null;
        }
        RealmModel.IdentityProviderRemovedEvent identityProviderRemovedEvent = (RealmModel.IdentityProviderRemovedEvent) providerEvent;
        arrayList.add(PublicKeyStorageUtils.getIdpModelCacheKey(identityProviderRemovedEvent.getRealm().getId(), identityProviderRemovedEvent.getRemovedIdentityProvider().getInternalId()));
        return new SessionAndKeyHolder(identityProviderRemovedEvent.getKeycloakSession(), arrayList);
    }

    public void close() {
    }

    public String getId() {
        return "infinispan";
    }
}
