package org.geoserver.security.auth;

import java.io.IOException;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.commons.lang.StringUtils;
import org.geoserver.platform.GeoServerEnvironment;
import org.geoserver.security.GeoServerUserGroupService;
import org.geoserver.security.impl.GeoServerUser;
import org.geoserver.security.password.GeoServerPasswordEncoder;
import org.geotools.util.logging.Logging;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

/* loaded from: input_file:org/geoserver/security/auth/EnvironmentUserDetailService.class */
class EnvironmentUserDetailService implements UserDetailsService {
    private GeoServerUserGroupService delegate;
    private final GeoServerEnvironment environment;
    private static Logger LOGGER = Logging.getLogger(EnvironmentUserDetailService.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    public EnvironmentUserDetailService(GeoServerUserGroupService geoServerUserGroupService, GeoServerEnvironment geoServerEnvironment) {
        this.delegate = geoServerUserGroupService;
        this.environment = geoServerEnvironment;
    }

    public UserDetails loadUserByUsername(String str) throws UsernameNotFoundException {
        UserDetails loadUserByUsername = this.delegate.loadUserByUsername(str);
        if (!(loadUserByUsername instanceof GeoServerUser)) {
            return loadUserByUsername;
        }
        GeoServerUser geoServerUser = (GeoServerUser) loadUserByUsername;
        return resolvePassword(decode(geoServerUser.getPassword(), this.delegate.getSecurityManager().loadPasswordEncoders(null, true, null)), geoServerUser);
    }

    private GeoServerUser resolvePassword(String str, GeoServerUser geoServerUser) {
        if (isParametrized(str)) {
            String str2 = (String) this.environment.resolveValue(str);
            if (!str2.equals(str)) {
                geoServerUser = geoServerUser.copy();
                geoServerUser.setPassword(str2);
            }
        }
        return geoServerUser;
    }

    private boolean isParametrized(String str) {
        return StringUtils.isNotBlank(str) && str.startsWith("${") && str.endsWith("}");
    }

    private String decode(String str, List<GeoServerPasswordEncoder> list) {
        for (GeoServerPasswordEncoder geoServerPasswordEncoder : list) {
            if (geoServerPasswordEncoder.isReversible() && geoServerPasswordEncoder.isResponsibleForEncoding(str)) {
                try {
                    geoServerPasswordEncoder.initializeFor(this.delegate);
                    return geoServerPasswordEncoder.decode(str);
                } catch (IOException e) {
                    LOGGER.log(Level.WARNING, "Error initializing password encoder " + geoServerPasswordEncoder.getName() + ", in context of user pwd env resolution.", (Throwable) e);
                }
            }
        }
        return str;
    }
}
