package org.geoserver.security;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.regex.PatternSyntaxException;
import org.geoserver.security.impl.GeoServerUser;
import org.geoserver.security.validation.FilterConfigException;
import org.geotools.data.ows.HTTPClient;
import org.geotools.data.ows.SimpleHttpClient;
import org.springframework.util.StringUtils;

/* loaded from: input_file:org/geoserver/security/WebServiceAuthenticationKeyMapper.class */
public class WebServiceAuthenticationKeyMapper extends AbstractAuthenticationKeyMapper {
    public static final ThreadLocal<String> RECORDED_RESPONSE = new ThreadLocal<>();
    public static final String AUTH_KEY_WEBSERVICE_PLACEHOLDER_REQUIRED = "AUTH_KEY_WEBSERVICE_PLACEHOLDER_REQUIRED";
    public static final String AUTH_KEY_WEBSERVICE_MALFORMED_REGEX = "AUTH_KEY_WEBSERVICE_MALFORMED_REGEX";
    public static final String AUTH_KEY_WEBSERVICE_WRONG_TIMEOUT = "AUTH_KEY_WEBSERVICE_WRONG_TIMEOUT";
    private String webServiceUrl;
    private String searchUser;
    Pattern searchUserRegex = null;
    int connectTimeout = 5;
    int readTimeout = 10;
    private HTTPClient httpClient = null;

    private HTTPClient getHttpClient() {
        if (this.httpClient == null) {
            this.httpClient = new SimpleHttpClient();
        }
        return this.httpClient;
    }

    public int getConnectTimeout() {
        return this.connectTimeout;
    }

    public void setConnectTimeout(int i) {
        this.connectTimeout = i;
    }

    public int getReadTimeout() {
        return this.readTimeout;
    }

    public void setReadTimeout(int i) {
        this.readTimeout = i;
    }

    public String getWebServiceUrl() {
        return this.webServiceUrl;
    }

    public void setWebServiceUrl(String str) {
        this.webServiceUrl = str;
    }

    public String getSearchUser() {
        return this.searchUser;
    }

    public void setSearchUser(String str) {
        this.searchUser = str;
        this.searchUserRegex = Pattern.compile(str);
    }

    public void setHttpClient(HTTPClient hTTPClient) {
        this.httpClient = hTTPClient;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.geoserver.security.AbstractAuthenticationKeyMapper
    public void checkProperties() throws IOException {
        super.checkProperties();
        if (!StringUtils.hasLength(this.webServiceUrl)) {
            throw new IOException("Web service url is unset");
        }
        if (StringUtils.hasLength(this.searchUser)) {
            try {
                Pattern.compile(this.searchUser);
            } catch (PatternSyntaxException e) {
                throw new IOException("Search User regex is malformed");
            }
        }
    }

    @Override // org.geoserver.security.AuthenticationKeyMapper
    public boolean supportsReadOnlyUserGroupService() {
        return true;
    }

    @Override // org.geoserver.security.AuthenticationKeyMapper
    public GeoServerUser getUser(String str) throws IOException {
        checkProperties();
        String callWebService = callWebService(str);
        if (callWebService == null) {
            LOGGER.log(Level.WARNING, "Could not find any user associated to webservice url [" + this.webServiceUrl + "] with authkey: " + str);
            RECORDED_RESPONSE.remove();
            return null;
        }
        RECORDED_RESPONSE.set(callWebService);
        if (getUserGroupService() != null) {
            String str2 = null;
            if (this.searchUserRegex == null) {
                str2 = callWebService;
            } else {
                Matcher matcher = this.searchUserRegex.matcher(callWebService);
                if (matcher.find()) {
                    str2 = matcher.group(1);
                } else {
                    LOGGER.log(Level.WARNING, "Error in WebServiceAuthenticationKeyMapper, cannot find userName in response");
                }
            }
            if (str2 != null) {
                return getUserGroupService().loadUserByUsername(str2);
            }
        }
        LOGGER.log(Level.WARNING, "No User Group Service configured for webservice url [" + this.webServiceUrl + "] with authkey: " + str);
        return null;
    }

    /* JADX WARN: Failed to calculate best type for var: r11v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r11v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Failed to calculate best type for var: r12v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r12v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
    	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 11, insn: 0x013f: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r11 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:57:0x013f */
    /* JADX WARN: Not initialized variable reg: 12, insn: 0x0144: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r12 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:59:0x0144 */
    /* JADX WARN: Type inference failed for: r11v0, types: [java.io.InputStream] */
    /* JADX WARN: Type inference failed for: r12v0, types: [java.lang.Throwable] */
    private String callWebService(String str) {
        ?? r11;
        ?? r12;
        String replace = this.webServiceUrl.replace("{key}", str);
        HTTPClient httpClient = getHttpClient();
        httpClient.setConnectTimeout(this.connectTimeout);
        httpClient.setReadTimeout(this.readTimeout);
        try {
            try {
                LOGGER.log(Level.FINE, "Issuing request to authkey webservice: " + replace);
                InputStream responseStream = httpClient.get(new URL(replace)).getResponseStream();
                Throwable th = null;
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(responseStream));
                Throwable th2 = null;
                try {
                    try {
                        StringBuilder sb = new StringBuilder();
                        while (true) {
                            String readLine = bufferedReader.readLine();
                            if (readLine == null) {
                                break;
                            }
                            sb.append(readLine);
                        }
                        LOGGER.log(Level.FINE, "Response received from authkey webservice: " + sb.toString());
                        String sb2 = sb.toString();
                        if (bufferedReader != null) {
                            if (0 != 0) {
                                try {
                                    bufferedReader.close();
                                } catch (Throwable th3) {
                                    th2.addSuppressed(th3);
                                }
                            } else {
                                bufferedReader.close();
                            }
                        }
                        if (responseStream != null) {
                            if (0 != 0) {
                                try {
                                    responseStream.close();
                                } catch (Throwable th4) {
                                    th.addSuppressed(th4);
                                }
                            } else {
                                responseStream.close();
                            }
                        }
                        return sb2;
                    } catch (Throwable th5) {
                        th2 = th5;
                        throw th5;
                    }
                } catch (Throwable th6) {
                    if (bufferedReader != null) {
                        if (th2 != null) {
                            try {
                                bufferedReader.close();
                            } catch (Throwable th7) {
                                th2.addSuppressed(th7);
                            }
                        } else {
                            bufferedReader.close();
                        }
                    }
                    throw th6;
                }
            } catch (Throwable th8) {
                if (r11 != 0) {
                    if (r12 != 0) {
                        try {
                            r11.close();
                        } catch (Throwable th9) {
                            r12.addSuppressed(th9);
                        }
                    } else {
                        r11.close();
                    }
                }
                throw th8;
            }
        } catch (MalformedURLException e) {
            LOGGER.log(Level.SEVERE, "Error in WebServiceAuthenticationKeyMapper, web service url is invalid: " + replace, (Throwable) e);
            return null;
        } catch (IOException e2) {
            LOGGER.log(Level.SEVERE, "Error in WebServiceAuthenticationKeyMapper, error in web service communication", (Throwable) e2);
            return null;
        }
    }

    @Override // org.geoserver.security.AbstractAuthenticationKeyMapper, org.geoserver.security.AuthenticationKeyMapper
    public void configureMapper(Map<String, String> map) {
        super.configureMapper(map);
        if (map != null) {
            if (map.containsKey("webServiceUrl")) {
                setWebServiceUrl(map.get("webServiceUrl"));
            }
            if (map.containsKey("searchUser")) {
                setSearchUser(map.get("searchUser"));
            }
            if (map.containsKey("connectTimeout")) {
                try {
                    this.connectTimeout = Integer.parseInt(map.get("connectTimeout"));
                } catch (NumberFormatException e) {
                    LOGGER.log(Level.SEVERE, "WebServiceAuthenticationKeyMapper connectTimeout wrong format", (Throwable) e);
                }
            }
            if (map.containsKey("readTimeout")) {
                try {
                    this.readTimeout = Integer.parseInt(map.get("readTimeout"));
                } catch (NumberFormatException e2) {
                    LOGGER.log(Level.SEVERE, "WebServiceAuthenticationKeyMapper readTimeout wrong format", (Throwable) e2);
                }
            }
        }
    }

    @Override // org.geoserver.security.AbstractAuthenticationKeyMapper, org.geoserver.security.AuthenticationKeyMapper
    public Set<String> getAvailableParameters() {
        return new HashSet(Arrays.asList("webServiceUrl", "searchUser", "connectTimeout", "readTimeout"));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.geoserver.security.AbstractAuthenticationKeyMapper
    public String getDefaultParamValue(String str) {
        return str.equalsIgnoreCase("searchUser") ? "^\\s*(.*)\\s*$" : str.equalsIgnoreCase("connectTimeout") ? "5" : str.equalsIgnoreCase("readTimeout") ? "10" : str.equalsIgnoreCase("webServiceUrl") ? "http://host:port/service?authkey={key}" : super.getDefaultParamValue(str);
    }

    @Override // org.geoserver.security.AbstractAuthenticationKeyMapper, org.geoserver.security.AuthenticationKeyMapper
    public void validateParameter(String str, String str2) throws FilterConfigException {
        if (str2 == null) {
            str2 = "";
        }
        if (str.equalsIgnoreCase("searchUser") && !str2.isEmpty()) {
            try {
                Pattern.compile(str2);
            } catch (PatternSyntaxException e) {
                throw createFilterException(AUTH_KEY_WEBSERVICE_MALFORMED_REGEX, str2);
            }
        }
        if (str.equalsIgnoreCase("connectTimeout")) {
            try {
                Integer.parseInt(str2);
            } catch (NumberFormatException e2) {
                throw createFilterException(AUTH_KEY_WEBSERVICE_WRONG_TIMEOUT, str2);
            }
        }
        if (str.equalsIgnoreCase("readTimeout")) {
            try {
                Integer.parseInt(str2);
            } catch (NumberFormatException e3) {
                throw createFilterException(AUTH_KEY_WEBSERVICE_WRONG_TIMEOUT, str2);
            }
        }
        if (str.equalsIgnoreCase("webServiceUrl") && !str2.contains("{key}")) {
            throw createFilterException(AUTH_KEY_WEBSERVICE_PLACEHOLDER_REQUIRED, str2);
        }
    }

    @Override // org.geoserver.security.AuthenticationKeyMapper
    public synchronized int synchronize() throws IOException {
        return 0;
    }
}
