package org.geoserver.security.filter;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.logging.Level;
import javax.servlet.http.HttpServletRequest;
import org.geoserver.platform.GeoServerExtensions;
import org.geoserver.security.GeoServerRoleConverter;
import org.geoserver.security.config.PreAuthenticatedUserNameFilterConfig;
import org.geoserver.security.config.RoleSource;
import org.geoserver.security.config.SecurityNamedServiceConfig;
import org.geoserver.security.impl.GeoServerRole;
import org.geoserver.security.impl.GeoServerUser;
import org.geoserver.security.impl.RoleCalculator;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.util.StringUtils;

/* loaded from: input_file:WEB-INF/lib/gs-main-2.15.1.jar:org/geoserver/security/filter/GeoServerPreAuthenticatedUserNameFilter.class */
public abstract class GeoServerPreAuthenticatedUserNameFilter extends GeoServerPreAuthenticationFilter {
    private RoleSource roleSource;
    private String rolesHeaderAttribute;
    private String userGroupServiceName;
    private String roleConverterName;
    private String roleServiceName;
    private GeoServerRoleConverter converter;
    protected static final String UserNameAlreadyRetrieved = "org.geoserver.security.filter.usernameAlreadyRetrieved";
    protected static final String UserName = "org.geoserver.security.filter.username";

    public RoleSource getRoleSource() {
        return this.roleSource;
    }

    public void setRoleSource(RoleSource roleSource) {
        this.roleSource = roleSource;
    }

    public String getRolesHeaderAttribute() {
        return this.rolesHeaderAttribute;
    }

    public void setRolesHeaderAttribute(String str) {
        this.rolesHeaderAttribute = str;
    }

    public String getUserGroupServiceName() {
        return this.userGroupServiceName;
    }

    public void setUserGroupServiceName(String str) {
        this.userGroupServiceName = str;
    }

    public String getRoleConverterName() {
        return this.roleConverterName;
    }

    public void setRoleConverterName(String str) {
        this.roleConverterName = str;
    }

    public String getRoleServiceName() {
        return this.roleServiceName;
    }

    public void setRoleServiceName(String str) {
        this.roleServiceName = str;
    }

    @Override // org.geoserver.security.filter.GeoServerPreAuthenticationFilter, org.geoserver.security.impl.AbstractGeoServerSecurityService, org.geoserver.security.GeoServerSecurityService
    public void initializeFromConfig(SecurityNamedServiceConfig securityNamedServiceConfig) throws IOException {
        super.initializeFromConfig(securityNamedServiceConfig);
        PreAuthenticatedUserNameFilterConfig preAuthenticatedUserNameFilterConfig = (PreAuthenticatedUserNameFilterConfig) securityNamedServiceConfig;
        this.roleSource = preAuthenticatedUserNameFilterConfig.getRoleSource();
        this.rolesHeaderAttribute = preAuthenticatedUserNameFilterConfig.getRolesHeaderAttribute();
        this.userGroupServiceName = preAuthenticatedUserNameFilterConfig.getUserGroupServiceName();
        this.roleConverterName = preAuthenticatedUserNameFilterConfig.getRoleConverterName();
        this.roleServiceName = preAuthenticatedUserNameFilterConfig.getRoleServiceName();
        if (PreAuthenticatedUserNameFilterConfig.PreAuthenticatedUserNameRoleSource.Header.equals(getRoleSource())) {
            String roleConverterName = preAuthenticatedUserNameFilterConfig.getRoleConverterName();
            if (roleConverterName == null || roleConverterName.length() == 0) {
                setConverter((GeoServerRoleConverter) GeoServerExtensions.bean(GeoServerRoleConverter.class));
            } else {
                setConverter((GeoServerRoleConverter) GeoServerExtensions.bean(roleConverterName));
            }
        }
    }

    @Override // org.geoserver.security.filter.GeoServerPreAuthenticationFilter
    protected String getPreAuthenticatedPrincipal(HttpServletRequest httpServletRequest) {
        GeoServerUser userByUsername;
        if (httpServletRequest.getAttribute(UserNameAlreadyRetrieved) != null) {
            return (String) httpServletRequest.getAttribute(UserName);
        }
        String preAuthenticatedPrincipalName = getPreAuthenticatedPrincipalName(httpServletRequest);
        if (preAuthenticatedPrincipalName != null && preAuthenticatedPrincipalName.trim().length() == 0) {
            preAuthenticatedPrincipalName = null;
        }
        if (preAuthenticatedPrincipalName != null) {
            try {
                if (PreAuthenticatedUserNameFilterConfig.PreAuthenticatedUserNameRoleSource.UserGroupService.equals(getRoleSource()) && (userByUsername = getSecurityManager().loadUserGroupService(getUserGroupServiceName()).getUserByUsername(preAuthenticatedPrincipalName)) != null && !userByUsername.isEnabled()) {
                    preAuthenticatedPrincipalName = null;
                    handleDisabledUser(userByUsername, httpServletRequest);
                }
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        }
        httpServletRequest.setAttribute(UserNameAlreadyRetrieved, Boolean.TRUE);
        if (preAuthenticatedPrincipalName != null) {
            httpServletRequest.setAttribute(UserName, preAuthenticatedPrincipalName);
        }
        return preAuthenticatedPrincipalName;
    }

    protected void handleDisabledUser(GeoServerUser geoServerUser, HttpServletRequest httpServletRequest) {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.geoserver.security.filter.GeoServerPreAuthenticationFilter
    public Collection<GeoServerRole> getRoles(HttpServletRequest httpServletRequest, String str) throws IOException {
        Collection<GeoServerRole> rolesFromHttpAttribute;
        if (PreAuthenticatedUserNameFilterConfig.PreAuthenticatedUserNameRoleSource.RoleService.equals(getRoleSource())) {
            rolesFromHttpAttribute = getRolesFromRoleService(httpServletRequest, str);
        } else if (PreAuthenticatedUserNameFilterConfig.PreAuthenticatedUserNameRoleSource.UserGroupService.equals(getRoleSource())) {
            rolesFromHttpAttribute = getRolesFromUserGroupService(httpServletRequest, str);
        } else {
            if (!PreAuthenticatedUserNameFilterConfig.PreAuthenticatedUserNameRoleSource.Header.equals(getRoleSource())) {
                throw new RuntimeException("Never should reach this point");
            }
            rolesFromHttpAttribute = getRolesFromHttpAttribute(httpServletRequest, str);
        }
        LOGGER.log(Level.FINE, "Got roles {0} from {1} for principal {2}", new Object[]{rolesFromHttpAttribute, getRoleSource(), str});
        return rolesFromHttpAttribute;
    }

    protected Collection<GeoServerRole> getRolesFromRoleService(HttpServletRequest httpServletRequest, String str) throws IOException {
        return new RoleCalculator(getRoleServiceName() == null || getRoleServiceName().trim().length() == 0 ? getSecurityManager().getActiveRoleService() : getSecurityManager().loadRoleService(getRoleServiceName())).calculateRoles(str);
    }

    protected Collection<GeoServerRole> getRolesFromUserGroupService(HttpServletRequest httpServletRequest, String str) throws IOException {
        ArrayList arrayList = new ArrayList();
        UserDetails userDetails = null;
        try {
            userDetails = getSecurityManager().loadUserGroupService(getUserGroupServiceName()).loadUserByUsername(str);
        } catch (UsernameNotFoundException e) {
            LOGGER.log(Level.WARNING, "User " + str + " not found in " + getUserGroupServiceName());
        }
        if (userDetails != null) {
            Iterator<? extends GrantedAuthority> it2 = userDetails.getAuthorities().iterator();
            while (it2.hasNext()) {
                arrayList.add((GeoServerRole) it2.next());
            }
        }
        return arrayList;
    }

    protected Collection<GeoServerRole> getRolesFromHttpAttribute(HttpServletRequest httpServletRequest, String str) throws IOException {
        ArrayList arrayList = new ArrayList();
        String header = httpServletRequest.getHeader(getRolesHeaderAttribute());
        if (header == null || header.trim().length() == 0) {
            LOGGER.log(Level.WARNING, "No roles in header attribute: " + getRolesHeaderAttribute());
            return arrayList;
        }
        arrayList.addAll(getConverter().convertRolesFromString(header, str));
        LOGGER.log(Level.FINE, "for principal " + str + " found roles " + StringUtils.collectionToCommaDelimitedString(arrayList) + " in header " + getRolesHeaderAttribute());
        return arrayList;
    }

    @Override // org.geoserver.security.filter.GeoServerPreAuthenticationFilter, org.geoserver.security.filter.AuthenticationCachingFilter
    public String getCacheKey(HttpServletRequest httpServletRequest) {
        if (PreAuthenticatedUserNameFilterConfig.PreAuthenticatedUserNameRoleSource.Header.equals(getRoleSource())) {
            return null;
        }
        return super.getCacheKey(httpServletRequest);
    }

    public GeoServerRoleConverter getConverter() {
        return this.converter;
    }

    public void setConverter(GeoServerRoleConverter geoServerRoleConverter) {
        this.converter = geoServerRoleConverter;
    }

    protected abstract String getPreAuthenticatedPrincipalName(HttpServletRequest httpServletRequest);
}
