package org.keycloak.quarkus.runtime.configuration.mappers;

import com.google.common.base.CaseFormat;
import io.smallrye.config.ConfigSourceInterceptorContext;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Paths;
import java.util.ArrayList;
import java.util.List;
import java.util.Optional;
import java.util.function.BooleanSupplier;
import org.keycloak.common.Profile;
import org.keycloak.config.CachingOptions;
import org.keycloak.config.Option;
import org.keycloak.infinispan.util.InfinispanUtils;
import org.keycloak.quarkus.runtime.Environment;
import org.keycloak.quarkus.runtime.cli.PropertyException;
import org.keycloak.quarkus.runtime.configuration.Configuration;
import org.keycloak.quarkus.runtime.vault.FilesPlainTextVaultProviderFactory;
import org.keycloak.utils.StringUtil;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/keycloak/quarkus/runtime/configuration/mappers/CachingPropertyMappers.class */
public final class CachingPropertyMappers {
    private static final String REMOTE_HOST_SET = "remote host is set";
    private static final String MULTI_SITE_OR_EMBEDDED_REMOTE_FEATURE_SET = "feature '%s' or '%s' is set".formatted(Profile.Feature.MULTI_SITE.getKey(), Profile.Feature.CLUSTERLESS.getKey());
    private static final String MULTI_SITE_FEATURE_SET = "feature '%s' or '%s' is set".formatted(Profile.Feature.MULTI_SITE.getKey(), Profile.Feature.CLUSTERLESS.getKey());
    private static final String CACHE_STACK_SET_TO_ISPN = "'cache' type is set to '" + CachingOptions.Mechanism.ispn.name() + "'";

    private CachingPropertyMappers() {
    }

    public static PropertyMapper<?>[] getClusteringPropertyMappers() {
        List of = List.of((Object[]) new PropertyMapper[]{PropertyMapper.fromOption(CachingOptions.CACHE).paramLabel("type").build(), PropertyMapper.fromOption(CachingOptions.CACHE_STACK).isEnabled(CachingPropertyMappers::cacheSetToInfinispan, CACHE_STACK_SET_TO_ISPN).to("kc.spi-cache--embedded--default-stack").paramLabel("stack").build(), PropertyMapper.fromOption(CachingOptions.CACHE_CONFIG_FILE).mapFrom(CachingOptions.CACHE, (str, configSourceInterceptorContext) -> {
            if (CachingOptions.Mechanism.local.name().equals(str)) {
                return "cache-local.xml";
            }
            if (CachingOptions.Mechanism.ispn.name().equals(str)) {
                return resolveConfigFile("cache-ispn.xml", null);
            }
            return null;
        }).to("kc.spi-cache-embedded--default--config-file").transformer(CachingPropertyMappers::resolveConfigFile).validator(str2 -> {
            if (!Files.exists(Paths.get(resolveConfigFile(str2, null), new String[0]), new LinkOption[0])) {
                throw new PropertyException("Cache config file '%s' does not exist in the conf directory".formatted(str2));
            }
        }).paramLabel(FilesPlainTextVaultProviderFactory.ID).build(), PropertyMapper.fromOption(CachingOptions.CACHE_EMBEDDED_MTLS_ENABLED).to("kc.spi-jgroups-mtls--default--enabled").isEnabled(CachingPropertyMappers::getDefaultMtlsEnabled, "a TCP based cache-stack is used").build(), PropertyMapper.fromOption(CachingOptions.CACHE_EMBEDDED_MTLS_KEYSTORE.withRuntimeSpecificDefault(getDefaultKeystorePathValue())).paramLabel(FilesPlainTextVaultProviderFactory.ID).to("kc.spi-jgroups-mtls--default--keystore-file").isEnabled(() -> {
            return Configuration.isTrue((Option<Boolean>) CachingOptions.CACHE_EMBEDDED_MTLS_ENABLED);
        }, "property '%s' is enabled".formatted(CachingOptions.CACHE_EMBEDDED_MTLS_ENABLED.getKey())).validator(str3 -> {
            checkValidKeystore(str3, CachingOptions.CACHE_EMBEDDED_MTLS_KEYSTORE, CachingOptions.CACHE_EMBEDDED_MTLS_KEYSTORE_PASSWORD);
        }).build(), PropertyMapper.fromOption(CachingOptions.CACHE_EMBEDDED_MTLS_KEYSTORE_PASSWORD).paramLabel("password").isMasked(true).to("kc.spi-jgroups-mtls--default--keystore-password").isEnabled(() -> {
            return Configuration.isTrue((Option<Boolean>) CachingOptions.CACHE_EMBEDDED_MTLS_ENABLED);
        }, "property '%s' is enabled".formatted(CachingOptions.CACHE_EMBEDDED_MTLS_ENABLED.getKey())).validator(str4 -> {
            checkOptionPresent(CachingOptions.CACHE_EMBEDDED_MTLS_KEYSTORE_PASSWORD, CachingOptions.CACHE_EMBEDDED_MTLS_KEYSTORE);
        }).build(), PropertyMapper.fromOption(CachingOptions.CACHE_EMBEDDED_MTLS_TRUSTSTORE.withRuntimeSpecificDefault(getDefaultTruststorePathValue())).paramLabel(FilesPlainTextVaultProviderFactory.ID).to("kc.spi-jgroups-mtls--default--truststore-file").isEnabled(() -> {
            return Configuration.isTrue((Option<Boolean>) CachingOptions.CACHE_EMBEDDED_MTLS_ENABLED);
        }, "property '%s' is enabled".formatted(CachingOptions.CACHE_EMBEDDED_MTLS_ENABLED.getKey())).validator(str5 -> {
            checkValidKeystore(str5, CachingOptions.CACHE_EMBEDDED_MTLS_TRUSTSTORE, CachingOptions.CACHE_EMBEDDED_MTLS_TRUSTSTORE_PASSWORD);
        }).build(), PropertyMapper.fromOption(CachingOptions.CACHE_EMBEDDED_MTLS_TRUSTSTORE_PASSWORD).paramLabel("password").isMasked(true).to("kc.spi-jgroups-mtls--default--truststore-password").isEnabled(() -> {
            return Configuration.isTrue((Option<Boolean>) CachingOptions.CACHE_EMBEDDED_MTLS_ENABLED);
        }, "property '%s' is enabled".formatted(CachingOptions.CACHE_EMBEDDED_MTLS_ENABLED.getKey())).validator(str6 -> {
            checkOptionPresent(CachingOptions.CACHE_EMBEDDED_MTLS_TRUSTSTORE_PASSWORD, CachingOptions.CACHE_EMBEDDED_MTLS_TRUSTSTORE);
        }).build(), PropertyMapper.fromOption(CachingOptions.CACHE_EMBEDDED_MTLS_ROTATION).paramLabel("days").to("kc.spi-jgroups-mtls--default--rotation").isEnabled(() -> {
            return Configuration.isTrue((Option<Boolean>) CachingOptions.CACHE_EMBEDDED_MTLS_ENABLED);
        }, "property '%s' is enabled".formatted(CachingOptions.CACHE_EMBEDDED_MTLS_ENABLED.getKey())).validator(CachingPropertyMappers::validateCertificateRotationIsPositive).build(), PropertyMapper.fromOption(CachingOptions.CACHE_REMOTE_HOST).paramLabel("hostname").to("kc.spi-cache-remote--default--hostname").addValidateEnabled(CachingPropertyMappers::isRemoteCacheHostEnabled, MULTI_SITE_OR_EMBEDDED_REMOTE_FEATURE_SET).isRequired(InfinispanUtils::isRemoteInfinispan, MULTI_SITE_FEATURE_SET).build(), PropertyMapper.fromOption(CachingOptions.CACHE_REMOTE_PORT).isEnabled(CachingPropertyMappers::remoteHostSet, REMOTE_HOST_SET).to("kc.spi-cache-remote--default--port").paramLabel("port").build(), PropertyMapper.fromOption(CachingOptions.CACHE_REMOTE_TLS_ENABLED).isEnabled(CachingPropertyMappers::remoteHostSet, REMOTE_HOST_SET).to("kc.spi-cache-remote--default--tls-enabled").build(), PropertyMapper.fromOption(CachingOptions.CACHE_REMOTE_USERNAME).isEnabled(CachingPropertyMappers::remoteHostSet, REMOTE_HOST_SET).to("kc.spi-cache-remote--default--username").validator(str7 -> {
            validateCachingOptionIsPresent(CachingOptions.CACHE_REMOTE_USERNAME, CachingOptions.CACHE_REMOTE_PASSWORD);
        }).paramLabel("username").build(), PropertyMapper.fromOption(CachingOptions.CACHE_REMOTE_PASSWORD).isEnabled(CachingPropertyMappers::remoteHostSet, REMOTE_HOST_SET).to("kc.spi-cache-remote--default--password").validator(str8 -> {
            validateCachingOptionIsPresent(CachingOptions.CACHE_REMOTE_PASSWORD, CachingOptions.CACHE_REMOTE_USERNAME);
        }).paramLabel("password").isMasked(true).build(), PropertyMapper.fromOption(CachingOptions.CACHE_METRICS_HISTOGRAMS_ENABLED).isEnabled(MetricsPropertyMappers::metricsEnabled, MetricsPropertyMappers.METRICS_ENABLED_MSG).to("kc.spi-cache-embedded--default--metrics-histograms-enabled").build()});
        ArrayList arrayList = new ArrayList(of.size() + CachingOptions.LOCAL_MAX_COUNT_CACHES.length + CachingOptions.CLUSTERED_MAX_COUNT_CACHES.length);
        arrayList.addAll(of);
        for (String str9 : CachingOptions.LOCAL_MAX_COUNT_CACHES) {
            arrayList.add(maxCountOpt(str9, () -> {
                return true;
            }, ""));
        }
        for (String str10 : CachingOptions.CLUSTERED_MAX_COUNT_CACHES) {
            arrayList.add(maxCountOpt(str10, InfinispanUtils::isEmbeddedInfinispan, "embedded Infinispan clusters configured"));
        }
        return (PropertyMapper[]) arrayList.toArray(new PropertyMapper[0]);
    }

    private static boolean getDefaultMtlsEnabled() {
        if (!cacheSetToInfinispan()) {
            return false;
        }
        Optional<String> optionalKcValue = Configuration.getOptionalKcValue((Option<?>) CachingOptions.CACHE_STACK);
        if (optionalKcValue.isEmpty()) {
            return true;
        }
        String str = optionalKcValue.get();
        return (str.equals("udp") || str.equals("jdbc-ping-udp")) ? false : true;
    }

    private static boolean remoteHostSet() {
        return Configuration.getOptionalKcValue("cache-remote-host").isPresent();
    }

    private static boolean cacheSetToInfinispan() {
        if (InfinispanUtils.isRemoteInfinispan()) {
            return false;
        }
        Optional<String> optionalKcValue = Configuration.getOptionalKcValue((Option<?>) CachingOptions.CACHE);
        if (!optionalKcValue.isEmpty() || Environment.isDevMode()) {
            return optionalKcValue.isPresent() && optionalKcValue.get().equals(CachingOptions.Mechanism.ispn.name());
        }
        return true;
    }

    private static String resolveConfigFile(String str, ConfigSourceInterceptorContext configSourceInterceptorContext) {
        String homeDir = Environment.getHomeDir();
        return homeDir == null ? str : homeDir + File.separator + "conf" + File.separator + str;
    }

    private static String getDefaultKeystorePathValue() {
        String homeDir = Environment.getHomeDir();
        if (homeDir == null) {
            return null;
        }
        File file = Paths.get(homeDir, "conf", "cache-mtls-keystore.p12").toFile();
        if (file.exists()) {
            return file.getAbsolutePath();
        }
        return null;
    }

    private static String getDefaultTruststorePathValue() {
        String homeDir = Environment.getHomeDir();
        if (homeDir == null) {
            return null;
        }
        File file = Paths.get(homeDir, "conf", "cache-mtls-truststore.p12").toFile();
        if (file.exists()) {
            return file.getAbsolutePath();
        }
        return null;
    }

    private static PropertyMapper<?> maxCountOpt(String str, BooleanSupplier booleanSupplier, String str2) {
        return PropertyMapper.fromOption(CachingOptions.maxCountOption(str)).isEnabled(booleanSupplier, str2).paramLabel("max-count").to("kc.spi-cache-embedded--default--%s-max-count".formatted(CaseFormat.LOWER_CAMEL.to(CaseFormat.LOWER_HYPHEN, str))).build();
    }

    private static boolean isRemoteCacheHostEnabled() {
        return InfinispanUtils.isRemoteInfinispan();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void validateCachingOptionIsPresent(Option<?> option, Option<?> option2) {
        if (Configuration.getOptionalKcValue(option2).isEmpty()) {
            throw new PropertyException("The option '%s' is required when '%s' is set.".formatted(option2.getKey(), option.getKey()));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void checkValidKeystore(String str, Option<String> option, Option<String> option2) {
        checkOptionPresent(option, option2);
        if (!new File(str).exists()) {
            throw new IllegalArgumentException("The '%s' file '%s' does not exist.".formatted(option.getKey(), str));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void checkOptionPresent(Option<String> option, Option<String> option2) {
        if (!Configuration.getOptionalKcValue(option2).isPresent()) {
            throw new PropertyException("The option '%s' requires '%s' to be enabled.".formatted(option.getKey(), option2.getKey()));
        }
    }

    private static void validateCertificateRotationIsPositive(String str) {
        String trim = str.trim();
        if (StringUtil.isBlank(trim)) {
            throw new PropertyException("Option '%s' must not be empty.".formatted(CachingOptions.CACHE_EMBEDDED_MTLS_ROTATION.getKey()));
        }
        try {
            if (Integer.parseInt(trim) <= 0) {
                throw new NumberFormatException();
            }
        } catch (NumberFormatException e) {
            throw new PropertyException("JGroups MTLS certificate rotation in '%s' option must positive.".formatted(CachingOptions.CACHE_EMBEDDED_MTLS_ROTATION.getKey()));
        }
    }
}
