package org.geoserver.security;

import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import com.jayway.jsonpath.JsonPath;
import com.jayway.jsonpath.PathNotFoundException;
import com.jayway.jsonpath.Predicate;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.SortedSet;
import java.util.TreeSet;
import java.util.concurrent.Callable;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;
import net.minidev.json.JSONArray;
import org.geoserver.security.config.SecurityNamedServiceConfig;
import org.geoserver.security.event.RoleLoadedListener;
import org.geoserver.security.impl.AbstractGeoServerSecurityService;
import org.geoserver.security.impl.GeoServerRole;
import org.springframework.http.HttpMethod;
import org.springframework.http.client.ClientHttpRequestFactory;
import org.springframework.http.client.ClientHttpResponse;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.web.client.RestTemplate;

/* loaded from: input_file:org/geoserver/security/GeoServerRestRoleService.class */
public class GeoServerRestRoleService extends AbstractGeoServerSecurityService implements GeoServerRoleService {
    static Cache<String, String> cachedResponses;
    private static final int CONN_TIMEOUT = 30000;
    private static final int READ_TIMEOUT = 30000;
    private RestTemplate restTemplate;
    GeoServerRestRoleServiceConfig restRoleServiceConfig;
    private String adminGroup;
    private String groupAdminGroup;
    static final SortedSet<String> emptyStringSet = Collections.unmodifiableSortedSet(new TreeSet());
    static final Map<String, String> emptyMap = Collections.emptyMap();
    private static String rolePrefix = "ROLE_";
    private boolean convertToUpperCase = true;
    protected Set<RoleLoadedListener> listeners = Collections.synchronizedSet(new HashSet());

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/geoserver/security/GeoServerRestRoleService$RestEndpointConnectionCallback.class */
    public interface RestEndpointConnectionCallback {
        Object executeWithContext(String str) throws Exception;
    }

    static boolean isEmpty(String str) {
        return str == null || str.isEmpty();
    }

    public GeoServerRestRoleService(SecurityNamedServiceConfig securityNamedServiceConfig) throws IOException {
        initializeFromConfig(securityNamedServiceConfig);
    }

    public void initializeFromConfig(SecurityNamedServiceConfig securityNamedServiceConfig) throws IOException {
        super.initializeFromConfig(securityNamedServiceConfig);
        this.restRoleServiceConfig = (GeoServerRestRoleServiceConfig) securityNamedServiceConfig;
        if (!isEmpty(this.restRoleServiceConfig.getAdminRoleName())) {
            this.adminGroup = this.restRoleServiceConfig.getAdminRoleName();
        }
        if (!isEmpty(this.restRoleServiceConfig.getGroupAdminRoleName())) {
            this.groupAdminGroup = this.restRoleServiceConfig.getGroupAdminRoleName();
        }
        cachedResponses = CacheBuilder.newBuilder().concurrencyLevel(this.restRoleServiceConfig.getCacheConcurrencyLevel()).maximumSize(this.restRoleServiceConfig.getCacheMaximumSize()).expireAfterWrite(this.restRoleServiceConfig.getCacheExpirationTime(), TimeUnit.MILLISECONDS).build();
    }

    public boolean canCreateStore() {
        return false;
    }

    public GeoServerRoleStore createStore() throws IOException {
        return null;
    }

    public void registerRoleLoadedListener(RoleLoadedListener roleLoadedListener) {
        this.listeners.add(roleLoadedListener);
    }

    public void unregisterRoleLoadedListener(RoleLoadedListener roleLoadedListener) {
        this.listeners.remove(roleLoadedListener);
    }

    public SortedSet<String> getGroupNamesForRole(GeoServerRole geoServerRole) throws IOException {
        return emptyStringSet;
    }

    public SortedSet<String> getUserNamesForRole(GeoServerRole geoServerRole) throws IOException {
        return Collections.unmodifiableSortedSet(new TreeSet());
    }

    public SortedSet<GeoServerRole> getRolesForUser(final String str) throws IOException {
        final TreeSet treeSet = new TreeSet();
        try {
            return (SortedSet) connectToRESTEndpoint(this.restRoleServiceConfig.getBaseUrl(), this.restRoleServiceConfig.getUsersRESTEndpoint() + "/" + str, this.restRoleServiceConfig.getUsersJSONPath().replace("${username}", str), new RestEndpointConnectionCallback() { // from class: org.geoserver.security.GeoServerRestRoleService.1
                @Override // org.geoserver.security.GeoServerRestRoleService.RestEndpointConnectionCallback
                public Object executeWithContext(String str2) throws Exception {
                    try {
                        for (Object obj : (List) JsonPath.read(str2, GeoServerRestRoleService.this.restRoleServiceConfig.getUsersJSONPath().replace("${username}", str), new Predicate[0])) {
                            if (obj instanceof String) {
                                populateRoles((String) obj, treeSet);
                            } else if (obj instanceof JSONArray) {
                                Iterator it = ((JSONArray) obj).iterator();
                                while (it.hasNext()) {
                                    populateRoles((String) it.next(), treeSet);
                                }
                            }
                        }
                    } catch (PathNotFoundException e) {
                        Logger.getLogger(getClass().getName()).log(Level.FINEST, (String) null, e);
                        treeSet.clear();
                        treeSet.add(GeoServerRole.AUTHENTICATED_ROLE);
                    }
                    SortedSet unmodifiableSortedSet = Collections.unmodifiableSortedSet(GeoServerRestRoleService.this.fixGeoServerRoles(treeSet));
                    if (GeoServerRestRoleService.LOGGER.isLoggable(Level.FINE)) {
                        GeoServerRestRoleService.LOGGER.fine("Setting ROLES for User [" + str + "] to " + unmodifiableSortedSet);
                    }
                    return unmodifiableSortedSet;
                }

                private void populateRoles(String str2, SortedSet<GeoServerRole> sortedSet) throws IOException {
                    if (str2.startsWith(GeoServerRestRoleService.rolePrefix)) {
                        str2 = str2.substring(GeoServerRestRoleService.rolePrefix.length());
                    }
                    sortedSet.add(GeoServerRestRoleService.this.createRoleObject(str2));
                }
            });
        } catch (Exception e) {
            Logger.getLogger(getClass().getName()).log(Level.FINEST, (String) null, (Throwable) e);
            return Collections.unmodifiableSortedSet(treeSet);
        }
    }

    protected SortedSet<GeoServerRole> fixGeoServerRoles(SortedSet<GeoServerRole> sortedSet) {
        GeoServerRole adminRole = getAdminRole();
        if (sortedSet.contains(GeoServerRole.ADMIN_ROLE) || sortedSet.contains(adminRole)) {
            sortedSet.clear();
            sortedSet.add(GeoServerRole.ADMIN_ROLE);
        }
        if (sortedSet.size() > 1 && sortedSet.contains(GeoServerRole.ANONYMOUS_ROLE)) {
            sortedSet.remove(GeoServerRole.ANONYMOUS_ROLE);
        }
        return sortedSet;
    }

    public SortedSet<GeoServerRole> getRolesForGroup(String str) throws IOException {
        TreeSet treeSet = new TreeSet();
        GeoServerRole roleByName = getRoleByName(str);
        if (roleByName != null) {
            treeSet.add(roleByName);
        }
        return Collections.unmodifiableSortedSet(treeSet);
    }

    public SortedSet<GeoServerRole> getRoles() throws IOException {
        final TreeSet treeSet = new TreeSet();
        try {
            return (SortedSet) connectToRESTEndpoint(this.restRoleServiceConfig.getBaseUrl(), this.restRoleServiceConfig.getRolesRESTEndpoint(), this.restRoleServiceConfig.getRolesJSONPath(), new RestEndpointConnectionCallback() { // from class: org.geoserver.security.GeoServerRestRoleService.2
                @Override // org.geoserver.security.GeoServerRestRoleService.RestEndpointConnectionCallback
                public Object executeWithContext(String str) throws Exception {
                    try {
                        for (String str2 : (List) JsonPath.read(str, GeoServerRestRoleService.this.restRoleServiceConfig.getRolesJSONPath(), new Predicate[0])) {
                            if (str2.startsWith(GeoServerRestRoleService.rolePrefix)) {
                                str2 = str2.substring(GeoServerRestRoleService.rolePrefix.length());
                            }
                            treeSet.add(GeoServerRestRoleService.this.createRoleObject(str2));
                        }
                    } catch (PathNotFoundException e) {
                        Logger.getLogger(getClass().getName()).log(Level.FINEST, (String) null, e);
                    }
                    return Collections.unmodifiableSortedSet(treeSet);
                }
            });
        } catch (Exception e) {
            Logger.getLogger(getClass().getName()).log(Level.FINEST, (String) null, (Throwable) e);
            return Collections.unmodifiableSortedSet(treeSet);
        }
    }

    public Map<String, String> getParentMappings() throws IOException {
        return emptyMap;
    }

    public GeoServerRole createRoleObject(String str) throws IOException {
        return new GeoServerRole(rolePrefix + (this.convertToUpperCase ? str.toUpperCase() : str));
    }

    public GeoServerRole getParentRole(GeoServerRole geoServerRole) throws IOException {
        return null;
    }

    public GeoServerRole getRoleByName(String str) throws IOException {
        if (str.startsWith(rolePrefix)) {
            str = str.substring(rolePrefix.length());
        }
        final String str2 = str;
        try {
            return (GeoServerRole) connectToRESTEndpoint(this.restRoleServiceConfig.getBaseUrl(), this.restRoleServiceConfig.getRolesRESTEndpoint(), this.restRoleServiceConfig.getRolesJSONPath(), new RestEndpointConnectionCallback() { // from class: org.geoserver.security.GeoServerRestRoleService.3
                @Override // org.geoserver.security.GeoServerRestRoleService.RestEndpointConnectionCallback
                public Object executeWithContext(String str3) throws Exception {
                    try {
                        for (String str4 : (List) JsonPath.read(str3, GeoServerRestRoleService.this.restRoleServiceConfig.getRolesJSONPath(), new Predicate[0])) {
                            if (str4.startsWith(GeoServerRestRoleService.rolePrefix)) {
                                str4 = str4.substring(GeoServerRestRoleService.rolePrefix.length());
                            }
                            if (str2.equalsIgnoreCase(str4)) {
                                return GeoServerRestRoleService.this.createRoleObject(str2);
                            }
                        }
                        return null;
                    } catch (PathNotFoundException e) {
                        Logger.getLogger(getClass().getName()).log(Level.FINEST, (String) null, e);
                        return null;
                    }
                }
            });
        } catch (Exception e) {
            Logger.getLogger(getClass().getName()).log(Level.FINEST, (String) null, (Throwable) e);
            return null;
        }
    }

    public void load() throws IOException {
    }

    public Properties personalizeRoleParams(String str, Properties properties, String str2, Properties properties2) throws IOException {
        return null;
    }

    public GeoServerRole getAdminRole() {
        if (this.adminGroup == null) {
            try {
                return (GeoServerRole) connectToRESTEndpoint(this.restRoleServiceConfig.getBaseUrl(), this.restRoleServiceConfig.getAdminRoleRESTEndpoint(), this.restRoleServiceConfig.getAdminRoleJSONPath(), new RestEndpointConnectionCallback() { // from class: org.geoserver.security.GeoServerRestRoleService.4
                    @Override // org.geoserver.security.GeoServerRestRoleService.RestEndpointConnectionCallback
                    public Object executeWithContext(String str) throws Exception {
                        try {
                            String str2 = (String) JsonPath.read(str, GeoServerRestRoleService.this.restRoleServiceConfig.getAdminRoleJSONPath(), new Predicate[0]);
                            if (str2.startsWith(GeoServerRestRoleService.rolePrefix)) {
                                str2 = str2.substring(GeoServerRestRoleService.rolePrefix.length());
                            }
                            return GeoServerRestRoleService.this.createRoleObject(str2);
                        } catch (PathNotFoundException e) {
                            Logger.getLogger(getClass().getName()).log(Level.FINEST, (String) null, e);
                            return null;
                        }
                    }
                });
            } catch (Exception e) {
                Logger.getLogger(getClass().getName()).log(Level.FINEST, (String) null, (Throwable) e);
            }
        }
        try {
            return getRoleByName(this.adminGroup);
        } catch (IOException e2) {
            throw new RuntimeException(e2);
        }
    }

    public GeoServerRole getGroupAdminRole() {
        if (this.groupAdminGroup == null) {
            return getAdminRole();
        }
        try {
            return getRoleByName(this.groupAdminGroup);
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    public int getRoleCount() throws IOException {
        return getRoles().size();
    }

    public RestTemplate getRestTemplate() {
        if (this.restTemplate == null) {
            this.restTemplate = restTemplate();
        }
        return this.restTemplate;
    }

    public void setRestTemplate(RestTemplate restTemplate) {
        this.restTemplate = restTemplate;
    }

    private RestTemplate restTemplate() {
        return new RestTemplate(clientHttpRequestFactory());
    }

    private ClientHttpRequestFactory clientHttpRequestFactory() {
        HttpComponentsClientHttpRequestFactory httpComponentsClientHttpRequestFactory = new HttpComponentsClientHttpRequestFactory();
        httpComponentsClientHttpRequestFactory.setReadTimeout(30000);
        httpComponentsClientHttpRequestFactory.setConnectTimeout(30000);
        return httpComponentsClientHttpRequestFactory;
    }

    protected Object connectToRESTEndpoint(final String str, final String str2, String str3, RestEndpointConnectionCallback restEndpointConnectionCallback) throws Exception {
        final String str4 = str + str2 + str3;
        try {
            return restEndpointConnectionCallback.executeWithContext((String) cachedResponses.get(getHash(str4), new Callable<String>() { // from class: org.geoserver.security.GeoServerRestRoleService.5
                /* JADX WARN: Can't rename method to resolve collision */
                /* JADX WARN: Failed to find 'out' block for switch in B:4:0x0067. Please report as an issue. */
                @Override // java.util.concurrent.Callable
                public String call() throws Exception {
                    GeoServerRestRoleService.LOGGER.fine("GeoServer REST Role Service CACHE MISS for '" + str4 + "'");
                    ClientHttpResponse clientHttpResponse = null;
                    try {
                        try {
                            try {
                                try {
                                    clientHttpResponse = GeoServerRestRoleService.this.getRestTemplate().getRequestFactory().createRequest(new URI(str).resolve(str2).toURL().toURI(), HttpMethod.GET).execute();
                                    switch (clientHttpResponse.getRawStatusCode()) {
                                        case 200:
                                        case 201:
                                            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(clientHttpResponse.getBody()));
                                            StringBuilder sb = new StringBuilder();
                                            while (true) {
                                                String readLine = bufferedReader.readLine();
                                                if (readLine == null) {
                                                    bufferedReader.close();
                                                    String sb2 = sb.toString();
                                                    if (clientHttpResponse != null) {
                                                        try {
                                                            clientHttpResponse.close();
                                                        } catch (Exception e) {
                                                            Logger.getLogger(getClass().getName()).log(Level.SEVERE, (String) null, (Throwable) e);
                                                        }
                                                    }
                                                    return sb2;
                                                }
                                                sb.append(readLine + "\n");
                                            }
                                        default:
                                            if (clientHttpResponse == null) {
                                                return null;
                                            }
                                            try {
                                                clientHttpResponse.close();
                                                return null;
                                            } catch (Exception e2) {
                                                Logger.getLogger(getClass().getName()).log(Level.SEVERE, (String) null, (Throwable) e2);
                                                return null;
                                            }
                                    }
                                } catch (URISyntaxException e3) {
                                    Logger.getLogger(getClass().getName()).log(Level.FINEST, (String) null, (Throwable) e3);
                                    if (clientHttpResponse == null) {
                                        return null;
                                    }
                                    try {
                                        clientHttpResponse.close();
                                        return null;
                                    } catch (Exception e4) {
                                        Logger.getLogger(getClass().getName()).log(Level.SEVERE, (String) null, (Throwable) e4);
                                        return null;
                                    }
                                }
                            } catch (IOException e5) {
                                Logger.getLogger(getClass().getName()).log(Level.FINEST, (String) null, (Throwable) e5);
                                if (clientHttpResponse == null) {
                                    return null;
                                }
                                try {
                                    clientHttpResponse.close();
                                    return null;
                                } catch (Exception e6) {
                                    Logger.getLogger(getClass().getName()).log(Level.SEVERE, (String) null, (Throwable) e6);
                                    return null;
                                }
                            }
                        } catch (MalformedURLException e7) {
                            Logger.getLogger(getClass().getName()).log(Level.FINEST, (String) null, (Throwable) e7);
                            if (clientHttpResponse == null) {
                                return null;
                            }
                            try {
                                clientHttpResponse.close();
                                return null;
                            } catch (Exception e8) {
                                Logger.getLogger(getClass().getName()).log(Level.SEVERE, (String) null, (Throwable) e8);
                                return null;
                            }
                        }
                    } catch (Throwable th) {
                        if (clientHttpResponse != null) {
                            try {
                                clientHttpResponse.close();
                            } catch (Exception e9) {
                                Logger.getLogger(getClass().getName()).log(Level.SEVERE, (String) null, (Throwable) e9);
                            }
                        }
                        throw th;
                    }
                }
            }));
        } catch (ExecutionException e) {
            LOGGER.log(Level.FINEST, e.getMessage(), (Throwable) e);
            return null;
        }
    }

    private static String getHash(String str) throws NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
        messageDigest.update(str.getBytes());
        return new String(messageDigest.digest());
    }
}
