package org.geoserver.security.validation;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
import java.util.SortedSet;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.geoserver.security.GeoServerRoleService;
import org.geoserver.security.GeoServerRoleStore;
import org.geoserver.security.GeoServerSecurityManager;
import org.geoserver.security.GeoServerUserGroupService;
import org.geoserver.security.config.SecurityNamedServiceConfig;
import org.geoserver.security.event.RoleLoadedListener;
import org.geoserver.security.impl.DataAccessRule;
import org.geoserver.security.impl.DataAccessRuleDAO;
import org.geoserver.security.impl.GeoServerRole;
import org.geoserver.security.impl.ServiceAccessRule;
import org.geoserver.security.impl.ServiceAccessRuleDAO;
import org.geotools.util.logging.Logging;
import org.springframework.util.StringUtils;

/* loaded from: input_file:org/geoserver/security/validation/RoleServiceValidationWrapper.class */
public class RoleServiceValidationWrapper extends AbstractSecurityValidator implements GeoServerRoleService {
    static Logger LOGGER = Logging.getLogger("org.geoserver.security");
    protected GeoServerRoleService service;
    protected GeoServerUserGroupService[] services;
    protected boolean checkAgainstRules;

    public RoleServiceValidationWrapper(GeoServerRoleService geoServerRoleService, boolean z, GeoServerUserGroupService... geoServerUserGroupServiceArr) {
        super(geoServerRoleService.getSecurityManager());
        this.service = geoServerRoleService;
        this.services = geoServerUserGroupServiceArr;
        this.checkAgainstRules = z;
    }

    public RoleServiceValidationWrapper(GeoServerRoleService geoServerRoleService, GeoServerUserGroupService... geoServerUserGroupServiceArr) {
        this(geoServerRoleService, false, geoServerUserGroupServiceArr);
    }

    public GeoServerRoleService getWrappedService() {
        return this.service;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkValidUserName(String str) throws IOException {
        if (!isNotEmpty(str)) {
            throw createSecurityException("USERNAME_REQUIRED", new Object[0]);
        }
        if (this.services.length == 0) {
            return;
        }
        for (GeoServerUserGroupService geoServerUserGroupService : this.services) {
            if (geoServerUserGroupService.getUserByUsername(str) != null) {
                return;
            }
        }
        throw createSecurityException(RoleServiceException.USERNAME_NOT_FOUND_$1, str);
    }

    public void checkRoleIsUsed(GeoServerRole geoServerRole) throws IOException {
        if (this.checkAgainstRules) {
            ArrayList arrayList = new ArrayList();
            Iterator<ServiceAccessRule> it = ServiceAccessRuleDAO.get().getRulesAssociatedWithRole(geoServerRole.getAuthority()).iterator();
            while (it.hasNext()) {
                arrayList.add(it.next().getKey());
            }
            Iterator<DataAccessRule> it2 = DataAccessRuleDAO.get().getRulesAssociatedWithRole(geoServerRole.getAuthority()).iterator();
            while (it2.hasNext()) {
                arrayList.add(it2.next().getKey());
            }
            if (arrayList.size() > 0) {
                throw createSecurityException(RoleServiceException.ROLE_IN_USE_$2, geoServerRole.getAuthority(), StringUtils.collectionToCommaDelimitedString(arrayList));
            }
        }
    }

    public void checkRoleIsMapped(GeoServerRole geoServerRole) throws IOException {
        GeoServerRole adminRole = this.service.getAdminRole();
        if (adminRole != null && adminRole.equals(geoServerRole)) {
            throw createSecurityException(RoleServiceException.ADMIN_ROLE_NOT_REMOVABLE_$1, geoServerRole.getAuthority());
        }
        GeoServerRole groupAdminRole = this.service.getGroupAdminRole();
        if (groupAdminRole != null && groupAdminRole.equals(geoServerRole)) {
            throw createSecurityException(RoleServiceException.GROUP_ADMIN_ROLE_NOT_REMOVABLE_$1, geoServerRole.getAuthority());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkValidGroupName(String str) throws IOException {
        if (!isNotEmpty(str)) {
            throw createSecurityException("GROUPNAME_REQUIRED", new Object[0]);
        }
        if (this.services.length == 0) {
            return;
        }
        for (GeoServerUserGroupService geoServerUserGroupService : this.services) {
            if (geoServerUserGroupService.getGroupByGroupname(str) != null) {
                return;
            }
        }
        throw createSecurityException(RoleServiceException.GROUPNAME_NOT_FOUND_$1, str);
    }

    protected void checkRoleName(String str) throws IOException {
        if (!isNotEmpty(str)) {
            throw createSecurityException("NAME_REQUIRED", new Object[0]);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkExistingRoleName(String str) throws IOException {
        checkRoleName(str);
        if (this.service.getRoleByName(str) == null) {
            throw createSecurityException(RoleServiceException.NOT_FOUND, str);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkReservedNames(String str) throws IOException {
        for (GeoServerRole geoServerRole : GeoServerRole.SystemRoles) {
            if (geoServerRole.getAuthority().equals(str)) {
                throw createSecurityException(RoleServiceException.RESERVED_NAME, str);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkNotExistingInOtherServices(String str) throws IOException {
        checkRoleName(str);
        for (String str2 : this.service.getSecurityManager().listRoleServices()) {
            if (!this.service.getName().equals(str2)) {
                try {
                    if (this.service.getSecurityManager().loadRoleService(str2).getRoleByName(str) != null) {
                        throw createSecurityException(RoleServiceException.ALREADY_EXISTS_IN, str, str2);
                    }
                } catch (IOException e) {
                    LOGGER.log(Level.WARNING, e.getMessage(), (Throwable) e);
                    throw createSecurityException(RoleServiceException.CANNOT_CHECK_ROLE_IN_SERVICE, str, str2);
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkNotExistingRoleName(String str) throws IOException {
        checkRoleName(str);
        if (this.service.getRoleByName(str) != null) {
            throw createSecurityException(RoleServiceException.ALREADY_EXISTS, str);
        }
    }

    @Override // org.geoserver.security.GeoServerSecurityService
    public void initializeFromConfig(SecurityNamedServiceConfig securityNamedServiceConfig) throws IOException {
        this.service.initializeFromConfig(securityNamedServiceConfig);
    }

    @Override // org.geoserver.security.GeoServerSecurityService
    public boolean canCreateStore() {
        return this.service.canCreateStore();
    }

    @Override // org.geoserver.security.GeoServerRoleService
    public GeoServerRoleStore createStore() throws IOException {
        return this.service.createStore();
    }

    @Override // org.geoserver.security.GeoServerSecurityService
    public String getName() {
        return this.service.getName();
    }

    @Override // org.geoserver.security.GeoServerSecurityService
    public void setName(String str) {
        this.service.setName(str);
    }

    @Override // org.geoserver.security.GeoServerSecurityService
    public void setSecurityManager(GeoServerSecurityManager geoServerSecurityManager) {
        this.service.setSecurityManager(geoServerSecurityManager);
    }

    @Override // org.geoserver.security.GeoServerRoleService
    public void registerRoleLoadedListener(RoleLoadedListener roleLoadedListener) {
        this.service.registerRoleLoadedListener(roleLoadedListener);
    }

    @Override // org.geoserver.security.GeoServerSecurityService
    public GeoServerSecurityManager getSecurityManager() {
        return this.service.getSecurityManager();
    }

    @Override // org.geoserver.security.GeoServerRoleService
    public void unregisterRoleLoadedListener(RoleLoadedListener roleLoadedListener) {
        this.service.unregisterRoleLoadedListener(roleLoadedListener);
    }

    @Override // org.geoserver.security.GeoServerRoleService
    public SortedSet<String> getGroupNamesForRole(GeoServerRole geoServerRole) throws IOException {
        checkExistingRoleName(geoServerRole.getAuthority());
        return this.service.getGroupNamesForRole(geoServerRole);
    }

    @Override // org.geoserver.security.GeoServerRoleService
    public SortedSet<String> getUserNamesForRole(GeoServerRole geoServerRole) throws IOException {
        checkExistingRoleName(geoServerRole.getAuthority());
        return this.service.getUserNamesForRole(geoServerRole);
    }

    @Override // org.geoserver.security.GeoServerRoleService
    public SortedSet<GeoServerRole> getRolesForUser(String str) throws IOException {
        checkValidUserName(str);
        return this.service.getRolesForUser(str);
    }

    @Override // org.geoserver.security.GeoServerRoleService
    public SortedSet<GeoServerRole> getRolesForGroup(String str) throws IOException {
        checkValidGroupName(str);
        return this.service.getRolesForGroup(str);
    }

    @Override // org.geoserver.security.GeoServerRoleService
    public SortedSet<GeoServerRole> getRoles() throws IOException {
        return this.service.getRoles();
    }

    @Override // org.geoserver.security.GeoServerRoleService
    public Map<String, String> getParentMappings() throws IOException {
        return this.service.getParentMappings();
    }

    @Override // org.geoserver.security.GeoServerRoleService
    public GeoServerRole createRoleObject(String str) throws IOException {
        checkRoleName(str);
        return this.service.createRoleObject(str);
    }

    @Override // org.geoserver.security.GeoServerRoleService
    public GeoServerRole getParentRole(GeoServerRole geoServerRole) throws IOException {
        checkExistingRoleName(geoServerRole.getAuthority());
        return this.service.getParentRole(geoServerRole);
    }

    @Override // org.geoserver.security.GeoServerRoleService
    public GeoServerRole getRoleByName(String str) throws IOException {
        return this.service.getRoleByName(str);
    }

    @Override // org.geoserver.security.GeoServerRoleService
    public void load() throws IOException {
        this.service.load();
    }

    @Override // org.geoserver.security.GeoServerRoleService
    public Properties personalizeRoleParams(String str, Properties properties, String str2, Properties properties2) throws IOException {
        return this.service.personalizeRoleParams(str, properties, str2, properties2);
    }

    @Override // org.geoserver.security.GeoServerRoleService
    public GeoServerRole getAdminRole() {
        return this.service.getAdminRole();
    }

    @Override // org.geoserver.security.GeoServerRoleService
    public GeoServerRole getGroupAdminRole() {
        return this.service.getGroupAdminRole();
    }

    @Override // org.geoserver.security.GeoServerRoleService
    public int getRoleCount() throws IOException {
        return this.service.getRoleCount();
    }

    protected IOException createSecurityException(String str, Object... objArr) {
        return new IOException("Details are in the nested exception", new RoleServiceException(str, objArr));
    }
}
