package org.geoserver.security.password;

import java.io.IOException;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.geoserver.catalog.Catalog;
import org.geoserver.catalog.DataStoreInfo;
import org.geoserver.catalog.StoreInfo;
import org.geoserver.platform.GeoServerExtensions;
import org.geoserver.security.GeoServerSecurityManager;
import org.geotools.data.DataAccessFactory;
import org.geotools.util.logging.Logging;

/* loaded from: input_file:org/geoserver/security/password/ConfigurationPasswordEncryptionHelper.class */
public class ConfigurationPasswordEncryptionHelper {
    protected static Logger LOGGER = Logging.getLogger("org.geoserver.security");
    protected static Map<Class<? extends DataAccessFactory>, Set<String>> CACHE = new HashMap();
    GeoServerSecurityManager securityManager;

    public ConfigurationPasswordEncryptionHelper(GeoServerSecurityManager geoServerSecurityManager) {
        this.securityManager = geoServerSecurityManager;
    }

    public Catalog getCatalog() {
        return (Catalog) GeoServerExtensions.bean("rawCatalog");
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v15, types: [java.lang.Throwable, java.util.Map<java.lang.Class<? extends org.geotools.data.DataAccessFactory>, java.util.Set<java.lang.String>>] */
    public Set<String> getEncryptedFields(StoreInfo storeInfo) {
        if (!(storeInfo instanceof DataStoreInfo)) {
            return Collections.emptySet();
        }
        try {
            DataAccessFactory dataStoreFactory = getCatalog().getResourcePool().getDataStoreFactory((DataStoreInfo) storeInfo);
            if (dataStoreFactory == null) {
                LOGGER.warning("Could not find factory for store : " + storeInfo + ". Unable to encrypt connection parameters.");
                return Collections.emptySet();
            }
            if (dataStoreFactory.getParametersInfo() == null) {
                return Collections.emptySet();
            }
            Set<String> set = CACHE.get(dataStoreFactory.getClass());
            if (set != null) {
                return set;
            }
            synchronized (CACHE) {
                Set<String> set2 = CACHE.get(storeInfo.getClass());
                if (set2 != null) {
                    return set2;
                }
                Set<String> emptySet = Collections.emptySet();
                if (storeInfo != null && storeInfo.getConnectionParameters() != null) {
                    emptySet = new HashSet(3);
                    for (DataAccessFactory.Param param : dataStoreFactory.getParametersInfo()) {
                        if (param.isPassword()) {
                            emptySet.add(param.getName());
                        }
                    }
                }
                CACHE.put(dataStoreFactory.getClass(), emptySet);
                return emptySet;
            }
        } catch (IOException e) {
            LOGGER.log(Level.WARNING, "Error looking up factory for store : " + storeInfo + ". Unable to encrypt connection parameters.", (Throwable) e);
            return Collections.emptySet();
        }
    }

    public String encode(String str) {
        String configPasswordEncrypterName = this.securityManager.getSecurityConfig().getConfigPasswordEncrypterName();
        if (configPasswordEncrypterName != null) {
            GeoServerPasswordEncoder loadPasswordEncoder = this.securityManager.loadPasswordEncoder(configPasswordEncrypterName);
            if (loadPasswordEncoder != null) {
                String prefix = loadPasswordEncoder.getPrefix();
                if (str.startsWith(String.valueOf(prefix) + GeoServerPasswordEncoder.PREFIX_DELIMTER)) {
                    throw new RuntimeException("Cannot encode a password with prefix: " + prefix + GeoServerPasswordEncoder.PREFIX_DELIMTER);
                }
                str = loadPasswordEncoder.encodePassword(str, (Object) null);
            }
        } else {
            LOGGER.warning("Encryption disabled, no password encoder set");
        }
        return str;
    }

    public void decode(StoreInfo storeInfo) {
        String str;
        List<GeoServerPasswordEncoder> loadPasswordEncoders = this.securityManager.loadPasswordEncoders(null, true, null);
        Set<String> encryptedFields = getEncryptedFields(storeInfo);
        if (storeInfo.getConnectionParameters() != null) {
            for (String str2 : storeInfo.getConnectionParameters().keySet()) {
                if (encryptedFields.contains(str2) && (str = (String) storeInfo.getConnectionParameters().get(str2)) != null) {
                    storeInfo.getConnectionParameters().put(str2, decode(str, loadPasswordEncoders));
                }
            }
        }
    }

    public String decode(String str) {
        return decode(str, this.securityManager.loadPasswordEncoders(null, true, null));
    }

    String decode(String str, List<GeoServerPasswordEncoder> list) {
        for (GeoServerPasswordEncoder geoServerPasswordEncoder : list) {
            if (geoServerPasswordEncoder.isReversible() && geoServerPasswordEncoder.isResponsibleForEncoding(str)) {
                return geoServerPasswordEncoder.decode(str);
            }
        }
        return str;
    }
}
