package org.geoserver.security;

import java.io.IOException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import java.util.logging.Logger;
import org.geoserver.security.impl.GeoServerUser;
import org.geoserver.security.validation.FilterConfigException;
import org.geotools.util.logging.Logging;
import org.springframework.util.StringUtils;

/* loaded from: input_file:org/geoserver/security/AbstractAuthenticationKeyMapper.class */
public abstract class AbstractAuthenticationKeyMapper implements AuthenticationKeyMapper {
    protected static Logger LOGGER = Logging.getLogger("org.geoserver.security");
    private String beanName;
    private String userGroupServiceName;
    private String authenticationFilterName;
    private GeoServerSecurityManager securityManager;
    private Map<String, String> parameters = new HashMap();
    private final ConcurrentHashMap<String, CacheEntry> userCache = new ConcurrentHashMap<>();
    private long cacheTtlSeconds = 300;
    private final ScheduledExecutorService cacheCleanupExecutor = Executors.newSingleThreadScheduledExecutor();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/geoserver/security/AbstractAuthenticationKeyMapper$CacheEntry.class */
    public static class CacheEntry {
        private final GeoServerUser user;
        private final long expiryTime;

        CacheEntry(GeoServerUser geoServerUser, long j) {
            this.user = geoServerUser;
            this.expiryTime = j;
        }

        public GeoServerUser getUser() {
            return this.user;
        }

        public boolean isExpired() {
            return System.currentTimeMillis() > this.expiryTime;
        }
    }

    public AbstractAuthenticationKeyMapper() {
        fillDefaultParameters();
        startCacheCleanupTask();
    }

    public void setBeanName(String str) {
        this.beanName = str;
    }

    @Override // org.geoserver.security.AuthenticationKeyMapper
    public String getBeanName() {
        return this.beanName;
    }

    @Override // org.geoserver.security.AuthenticationKeyMapper
    public String getUserGroupServiceName() {
        return this.userGroupServiceName;
    }

    @Override // org.geoserver.security.AuthenticationKeyMapper
    public void setUserGroupServiceName(String str) {
        this.userGroupServiceName = str;
    }

    @Override // org.geoserver.security.AuthenticationKeyMapper
    public GeoServerSecurityManager getSecurityManager() {
        return this.securityManager;
    }

    @Override // org.geoserver.security.AuthenticationKeyMapper
    public void setSecurityManager(GeoServerSecurityManager geoServerSecurityManager) {
        this.securityManager = geoServerSecurityManager;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public GeoServerUserGroupService getUserGroupService() throws IOException {
        GeoServerUserGroupService loadUserGroupService = getSecurityManager().loadUserGroupService(getUserGroupServiceName());
        if (loadUserGroupService == null) {
            throw new IOException("Unknown user/group service: " + getUserGroupServiceName());
        }
        return loadUserGroupService;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkProperties() throws IOException {
        if (!StringUtils.hasLength(getUserGroupServiceName())) {
            throw new IOException("User/Group Service Name is unset");
        }
        if (getSecurityManager() == null) {
            throw new IOException("Security manager is unset");
        }
        checkPropertiesInternal();
    }

    protected abstract void checkPropertiesInternal() throws IOException;

    /* JADX INFO: Access modifiers changed from: protected */
    public String createAuthKey() {
        return UUID.randomUUID().toString();
    }

    @Override // org.geoserver.security.AuthenticationKeyMapper
    public Set<String> getAvailableParameters() {
        return new HashSet();
    }

    @Override // org.geoserver.security.AuthenticationKeyMapper
    public void configureMapper(Map<String, String> map) {
        this.parameters = map;
        fillDefaultParameters();
        if (map.containsKey("cacheTtlSeconds")) {
            try {
                this.cacheTtlSeconds = Long.parseLong(map.get("cacheTtlSeconds"));
            } catch (NumberFormatException e) {
                LOGGER.warning("Invalid cacheTtlSeconds value. Using default.");
            }
        }
    }

    private void fillDefaultParameters() {
        for (String str : getAvailableParameters()) {
            if (!this.parameters.containsKey(str)) {
                this.parameters.put(str, getDefaultParamValue(str));
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getDefaultParamValue(String str) {
        return "";
    }

    @Override // org.geoserver.security.AuthenticationKeyMapper
    public Map<String, String> getMapperConfiguration() {
        return this.parameters;
    }

    @Override // org.geoserver.security.AuthenticationKeyMapper
    public void validateParameter(String str, String str2) throws FilterConfigException {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthenticationKeyFilterConfigException createFilterException(String str, Object... objArr) {
        return new AuthenticationKeyFilterConfigException(str, objArr);
    }

    public String getAuthenticationFilterName() {
        return this.authenticationFilterName;
    }

    @Override // org.geoserver.security.AuthenticationKeyMapper
    public void setAuthenticationFilterName(String str) {
        this.authenticationFilterName = str;
    }

    @Override // org.geoserver.security.AuthenticationKeyMapper
    public GeoServerUser getUser(String str) throws IOException {
        checkProperties();
        CacheEntry cacheEntry = this.userCache.get(str);
        if (cacheEntry != null && !cacheEntry.isExpired()) {
            return cacheEntry.getUser();
        }
        GeoServerUser userInternal = getUserInternal(str);
        if (str != null && userInternal != null) {
            this.userCache.put(str, new CacheEntry(userInternal, System.currentTimeMillis() + (this.cacheTtlSeconds * 1000)));
        }
        return userInternal;
    }

    protected abstract GeoServerUser getUserInternal(String str) throws IOException;

    public void resetUserCache() {
        this.userCache.clear();
    }

    @Override // org.geoserver.security.AuthenticationKeyMapper
    public void setCacheTtlSeconds(long j) {
        this.cacheTtlSeconds = j;
    }

    @Override // org.geoserver.security.AuthenticationKeyMapper
    public long getCacheTtlSeconds() {
        return this.cacheTtlSeconds;
    }

    private void startCacheCleanupTask() {
        this.cacheCleanupExecutor.scheduleAtFixedRate(() -> {
            this.userCache.entrySet().removeIf(entry -> {
                return ((CacheEntry) entry.getValue()).isExpired();
            });
        }, this.cacheTtlSeconds, this.cacheTtlSeconds, TimeUnit.SECONDS);
    }

    public void shutdown() {
        this.cacheCleanupExecutor.shutdownNow();
    }
}
