package org.geoserver.rest.security;

import java.io.IOException;
import java.util.Map;
import java.util.logging.Logger;
import org.apache.commons.lang.StringUtils;
import org.geoserver.platform.GeoServerExtensions;
import org.geoserver.rest.RestBaseController;
import org.geoserver.rest.RestException;
import org.geoserver.rest.catalog.NamedMap;
import org.geoserver.security.GeoServerSecurityManager;
import org.geotools.util.logging.Logging;
import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PutMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RequestMapping(path = {"/rest/security/masterpw"})
@RestController
/* loaded from: input_file:org/geoserver/rest/security/MasterPasswordController.class */
public class MasterPasswordController extends RestBaseController {
    private static final Logger LOGGER = Logging.getLogger(MasterPasswordController.class);
    static final String MP_CURRENT_KEY = "oldMasterPassword";
    static final String MP_NEW_KEY = "newMasterPassword";
    static final String XML_ROOT_ELEM = "masterPassword";

    GeoServerSecurityManager getManager() {
        return (GeoServerSecurityManager) GeoServerExtensions.bean(GeoServerSecurityManager.class);
    }

    @GetMapping(produces = {"application/json", "text/json", "application/xml", "text/xml"})
    public NamedMap<String, String> masterPasswordGet() throws IOException {
        if (!getManager().checkAuthenticationForAdminRole()) {
            throw new RestException("Amdinistrative privelges required", HttpStatus.FORBIDDEN);
        }
        char[] masterPasswordForREST = getManager().getMasterPasswordForREST();
        NamedMap<String, String> namedMap = new NamedMap<>(XML_ROOT_ELEM);
        namedMap.put(MP_CURRENT_KEY, new String(masterPasswordForREST));
        getManager().disposePassword(masterPasswordForREST);
        return namedMap;
    }

    @PutMapping(consumes = {"application/json", "text/json", "application/xml", "text/xml"})
    public void masterPasswordPut(@RequestBody Map<String, String> map) throws IOException {
        if (!getManager().checkAuthenticationForAdminRole()) {
            throw new RestException("Amdinistrative privelges required", HttpStatus.METHOD_NOT_ALLOWED);
        }
        try {
            if (getManager().loadMasterPassswordProviderConfig(getManager().loadMasterPasswordConfig().getProviderName()).isReadOnly()) {
                throw new RestException("Master password provider does not allow writes", HttpStatus.METHOD_NOT_ALLOWED);
            }
            String str = map.get(MP_CURRENT_KEY);
            String str2 = map.get(MP_NEW_KEY);
            if (!StringUtils.isNotBlank(str)) {
                throw new RestException("no master password", HttpStatus.BAD_REQUEST);
            }
            if (!StringUtils.isNotBlank(str2)) {
                throw new RestException("no master password", HttpStatus.BAD_REQUEST);
            }
            char[] charArray = str.trim().toCharArray();
            char[] charArray2 = str2.trim().toCharArray();
            GeoServerSecurityManager manager = getManager();
            try {
                try {
                    manager.saveMasterPasswordConfig(manager.loadMasterPasswordConfig(), charArray, charArray2, charArray2);
                } catch (Exception e) {
                    throw new RestException("Cannot change master password", HttpStatus.UNPROCESSABLE_ENTITY, e);
                }
            } finally {
                manager.disposePassword(charArray);
                manager.disposePassword(charArray2);
            }
        } catch (IOException e2) {
            throw new RestException("Master password provider does not allow writes", HttpStatus.METHOD_NOT_ALLOWED);
        }
    }
}
