package org.geoserver.security.onelogin;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.http.HttpServletRequest;
import org.geoserver.security.GeoServerRoleConverter;
import org.geoserver.security.GeoServerSecurityManager;
import org.geoserver.security.config.PreAuthenticatedUserNameFilterConfig;
import org.geoserver.security.config.RoleSource;
import org.geoserver.security.impl.GeoServerRole;
import org.geoserver.security.impl.RoleCalculator;
import org.geotools.util.logging.Logging;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.saml.SAMLCredential;
import org.springframework.security.saml.userdetails.SAMLUserDetailsService;
import org.springframework.util.StringUtils;

/* loaded from: input_file:org/geoserver/security/onelogin/SAMLUserDetailsServiceImpl.class */
public class SAMLUserDetailsServiceImpl implements SAMLUserDetailsService {
    static final Logger LOGGER = Logging.getLogger(SAMLUserDetailsServiceImpl.class);
    private RoleSource roleSource;
    private String rolesHeaderAttribute;
    private String userGroupServiceName;
    private String roleServiceName;
    private GeoServerRoleConverter converter;
    private GeoServerSecurityManager securityManager;
    private HttpServletRequest request;

    public Object loadUserBySAML(SAMLCredential sAMLCredential) throws UsernameNotFoundException {
        Collection<GeoServerRole> roles;
        String value = sAMLCredential.getNameID().getValue();
        if ("root".equals(value)) {
            roles = Collections.singleton(GeoServerRole.ADMIN_ROLE);
        } else {
            try {
                roles = getRoles(value);
                if (!roles.contains(GeoServerRole.AUTHENTICATED_ROLE)) {
                    roles.add(GeoServerRole.AUTHENTICATED_ROLE);
                }
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        }
        return new User(value, "", true, true, true, true, roles);
    }

    protected Collection<GeoServerRole> getRoles(String str) throws IOException {
        if (PreAuthenticatedUserNameFilterConfig.PreAuthenticatedUserNameRoleSource.RoleService.equals(this.roleSource)) {
            return getRolesFromRoleService(str);
        }
        if (PreAuthenticatedUserNameFilterConfig.PreAuthenticatedUserNameRoleSource.UserGroupService.equals(this.roleSource)) {
            return getRolesFromUserGroupService(str);
        }
        if (PreAuthenticatedUserNameFilterConfig.PreAuthenticatedUserNameRoleSource.Header.equals(this.roleSource)) {
            return getRolesFromHttpAttribute(str);
        }
        throw new RuntimeException("Never should reach this point");
    }

    protected Collection<GeoServerRole> getRolesFromRoleService(String str) throws IOException {
        return new RoleCalculator(this.roleServiceName == null || this.roleServiceName.trim().length() == 0 ? this.securityManager.getActiveRoleService() : this.securityManager.loadRoleService(this.roleServiceName)).calculateRoles(str);
    }

    protected Collection<GeoServerRole> getRolesFromUserGroupService(String str) throws IOException {
        ArrayList arrayList = new ArrayList();
        UserDetails userDetails = null;
        try {
            userDetails = this.securityManager.loadUserGroupService(this.userGroupServiceName).loadUserByUsername(str);
        } catch (UsernameNotFoundException e) {
            LOGGER.log(Level.WARNING, "User " + str + " not found in " + this.userGroupServiceName);
        }
        if (userDetails != null) {
            Iterator it = userDetails.getAuthorities().iterator();
            while (it.hasNext()) {
                arrayList.add((GrantedAuthority) it.next());
            }
        }
        return arrayList;
    }

    protected Collection<GeoServerRole> getRolesFromHttpAttribute(String str) throws IOException {
        ArrayList arrayList = new ArrayList();
        if (this.request != null) {
            String header = this.request.getHeader(this.rolesHeaderAttribute);
            if (header == null || header.trim().length() == 0) {
                LOGGER.log(Level.WARNING, "No roles in header attribute: " + this.rolesHeaderAttribute);
                return arrayList;
            }
            arrayList.addAll(this.converter.convertRolesFromString(header, str));
            LOGGER.log(Level.FINE, "for principal " + str + " found roles " + StringUtils.collectionToCommaDelimitedString(arrayList) + " in header " + this.rolesHeaderAttribute);
        }
        return arrayList;
    }

    public void setRoleSource(RoleSource roleSource) {
        this.roleSource = roleSource;
    }

    public void setRolesHeaderAttribute(String str) {
        this.rolesHeaderAttribute = str;
    }

    public void setUserGroupServiceName(String str) {
        this.userGroupServiceName = str;
    }

    public void setRoleServiceName(String str) {
        this.roleServiceName = str;
    }

    public void setConverter(GeoServerRoleConverter geoServerRoleConverter) {
        this.converter = geoServerRoleConverter;
    }

    public void setSecurityManager(GeoServerSecurityManager geoServerSecurityManager) {
        this.securityManager = geoServerSecurityManager;
    }

    public void setRequest(HttpServletRequest httpServletRequest) {
        this.request = httpServletRequest;
    }
}
