package org.geoserver.rest.security;

import java.io.IOException;
import java.util.Iterator;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.commons.lang3.StringUtils;
import org.geoserver.platform.GeoServerExtensions;
import org.geoserver.rest.RestBaseController;
import org.geoserver.rest.RestException;
import org.geoserver.security.GeoServerSecurityManager;
import org.geoserver.security.GeoServerUserGroupService;
import org.geoserver.security.impl.GeoServerRole;
import org.geoserver.security.impl.GeoServerUser;
import org.geoserver.security.validation.PasswordPolicyException;
import org.geoserver.security.validation.UserGroupStoreValidationWrapper;
import org.geotools.util.logging.Logging;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PutMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RequestMapping(path = {"/rest/security/self/password"})
@RestController
/* loaded from: input_file:org/geoserver/rest/security/UserPasswordController.class */
public class UserPasswordController extends RestBaseController {
    static final Logger LOGGER = Logging.getLogger("org.geoserver.rest");
    static final String UP_NEW_PW = "newPassword";
    static final String XML_ROOT_ELEM = "userPassword";

    @GetMapping
    public void passwordGet() {
        throw new RestException("You can not request the password!", HttpStatus.METHOD_NOT_ALLOWED);
    }

    @PutMapping(consumes = {"application/json", "application/xml", "text/xml", "text/json"})
    public void passwordPut(@RequestBody Map<String, String> map) {
        if (!getManager().checkAuthenticationForRole(SecurityContextHolder.getContext().getAuthentication(), GeoServerRole.AUTHENTICATED_ROLE)) {
            throw new RestException("Administrative privileges required", HttpStatus.METHOD_NOT_ALLOWED);
        }
        try {
            String name = SecurityContextHolder.getContext().getAuthentication().getName();
            GeoServerUserGroupService geoServerUserGroupService = null;
            Iterator it = getManager().loadUserGroupServices().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                GeoServerUserGroupService geoServerUserGroupService2 = (GeoServerUserGroupService) it.next();
                if (geoServerUserGroupService2.getUserByUsername(name) != null) {
                    geoServerUserGroupService = geoServerUserGroupService2;
                    break;
                }
            }
            if (geoServerUserGroupService == null) {
                throw new RestException("Cannot calculate if PUT is allowed (service not found)", HttpStatus.UNPROCESSABLE_ENTITY);
            }
            String str = map.get(UP_NEW_PW);
            if (StringUtils.isBlank(str)) {
                throw new RestException("Missing 'newPassword'", HttpStatus.BAD_REQUEST);
            }
            GeoServerUser geoServerUser = null;
            GeoServerUserGroupService geoServerUserGroupService3 = null;
            try {
                String name2 = SecurityContextHolder.getContext().getAuthentication().getName();
                Iterator it2 = getManager().loadUserGroupServices().iterator();
                while (true) {
                    if (!it2.hasNext()) {
                        break;
                    }
                    GeoServerUserGroupService geoServerUserGroupService4 = (GeoServerUserGroupService) it2.next();
                    geoServerUser = geoServerUserGroupService4.getUserByUsername(name2);
                    if (geoServerUser != null) {
                        geoServerUserGroupService3 = geoServerUserGroupService4;
                        break;
                    }
                }
                if (geoServerUserGroupService3 == null) {
                    throw new RestException("User service not found", HttpStatus.FAILED_DEPENDENCY);
                }
                if (!geoServerUserGroupService3.canCreateStore()) {
                    throw new RestException("User service does not support changing pw", HttpStatus.FAILED_DEPENDENCY);
                }
                try {
                    UserGroupStoreValidationWrapper userGroupStoreValidationWrapper = new UserGroupStoreValidationWrapper(geoServerUserGroupService3.createStore());
                    geoServerUser.setPassword(str);
                    userGroupStoreValidationWrapper.updateUser(geoServerUser);
                    userGroupStoreValidationWrapper.store();
                    geoServerUserGroupService3.load();
                    LOGGER.log(Level.INFO, "Changed password for user {0}", geoServerUser.getUsername());
                } catch (PasswordPolicyException e) {
                    throw new RestException("Bad password", HttpStatus.UNPROCESSABLE_ENTITY, e);
                } catch (IOException e2) {
                    throw new RestException("Internal IO error", HttpStatus.INTERNAL_SERVER_ERROR, e2);
                }
            } catch (IOException e3) {
                throw new RestException("Cannot retrieve user service", HttpStatus.FAILED_DEPENDENCY, e3);
            }
        } catch (IOException e4) {
            throw new RestException("Cannot calculate if PUT is allowed (" + e4.getMessage() + ")", HttpStatus.UNPROCESSABLE_ENTITY, e4);
        }
    }

    GeoServerSecurityManager getManager() {
        return (GeoServerSecurityManager) GeoServerExtensions.bean(GeoServerSecurityManager.class);
    }
}
