package org.geoserver.security.validation;

import java.io.IOException;
import org.geoserver.security.GeoServerSecurityManager;
import org.geoserver.security.config.AnonymousAuthenticationFilterConfig;
import org.geoserver.security.config.BasicAuthenticationFilterConfig;
import org.geoserver.security.config.DigestAuthenticationFilterConfig;
import org.geoserver.security.config.ExceptionTranslationFilterConfig;
import org.geoserver.security.config.J2eeAuthenticationBaseFilterConfig;
import org.geoserver.security.config.J2eeAuthenticationFilterConfig;
import org.geoserver.security.config.LogoutFilterConfig;
import org.geoserver.security.config.PreAuthenticatedUserNameFilterConfig;
import org.geoserver.security.config.RememberMeAuthenticationFilterConfig;
import org.geoserver.security.config.RequestHeaderAuthenticationFilterConfig;
import org.geoserver.security.config.RoleFilterConfig;
import org.geoserver.security.config.RoleSource;
import org.geoserver.security.config.SecurityContextPersistenceFilterConfig;
import org.geoserver.security.config.SecurityFilterConfig;
import org.geoserver.security.config.SecurityInterceptorFilterConfig;
import org.geoserver.security.config.SecurityNamedServiceConfig;
import org.geoserver.security.config.UsernamePasswordAuthenticationFilterConfig;
import org.geoserver.security.config.X509CertificateAuthenticationFilterConfig;
import org.springframework.beans.factory.NoSuchBeanDefinitionException;

/* loaded from: input_file:WEB-INF/lib/gs-main-2.15.1.jar:org/geoserver/security/validation/FilterConfigValidator.class */
public class FilterConfigValidator extends SecurityConfigValidator {
    public FilterConfigValidator(GeoServerSecurityManager geoServerSecurityManager) {
        super(geoServerSecurityManager);
    }

    protected FilterConfigException createFilterException(String str, Object... objArr) {
        return new FilterConfigException(str, objArr);
    }

    @Override // org.geoserver.security.validation.SecurityConfigValidator
    public void validateAddFilter(SecurityNamedServiceConfig securityNamedServiceConfig) throws SecurityConfigException {
        super.validateAddFilter(securityNamedServiceConfig);
        validateFilterConfig(securityNamedServiceConfig);
    }

    @Override // org.geoserver.security.validation.SecurityConfigValidator
    public void validateModifiedFilter(SecurityNamedServiceConfig securityNamedServiceConfig, SecurityNamedServiceConfig securityNamedServiceConfig2) throws SecurityConfigException {
        super.validateModifiedFilter(securityNamedServiceConfig, securityNamedServiceConfig2);
        validateFilterConfig(securityNamedServiceConfig);
    }

    @Override // org.geoserver.security.validation.SecurityConfigValidator
    public void validateRemoveFilter(SecurityNamedServiceConfig securityNamedServiceConfig) throws SecurityConfigException {
        super.validateRemoveFilter(securityNamedServiceConfig);
    }

    public void validateFilterConfig(SecurityNamedServiceConfig securityNamedServiceConfig) throws FilterConfigException {
        if (securityNamedServiceConfig instanceof BasicAuthenticationFilterConfig) {
            validateFilterConfig((BasicAuthenticationFilterConfig) securityNamedServiceConfig);
        }
        if (securityNamedServiceConfig instanceof DigestAuthenticationFilterConfig) {
            validateFilterConfig((DigestAuthenticationFilterConfig) securityNamedServiceConfig);
        }
        if (securityNamedServiceConfig instanceof RoleFilterConfig) {
            validateFilterConfig((RoleFilterConfig) securityNamedServiceConfig);
        }
        if (securityNamedServiceConfig instanceof X509CertificateAuthenticationFilterConfig) {
            validateFilterConfig((X509CertificateAuthenticationFilterConfig) securityNamedServiceConfig);
        }
        if (securityNamedServiceConfig instanceof UsernamePasswordAuthenticationFilterConfig) {
            validateFilterConfig((UsernamePasswordAuthenticationFilterConfig) securityNamedServiceConfig);
        }
        if (securityNamedServiceConfig instanceof RequestHeaderAuthenticationFilterConfig) {
            validateFilterConfig((RequestHeaderAuthenticationFilterConfig) securityNamedServiceConfig);
        }
        if (securityNamedServiceConfig instanceof J2eeAuthenticationFilterConfig) {
            validateFilterConfig((J2eeAuthenticationFilterConfig) securityNamedServiceConfig);
        }
        if (securityNamedServiceConfig instanceof ExceptionTranslationFilterConfig) {
            validateFilterConfig((ExceptionTranslationFilterConfig) securityNamedServiceConfig);
        }
        if (securityNamedServiceConfig instanceof SecurityContextPersistenceFilterConfig) {
            validateFilterConfig((SecurityContextPersistenceFilterConfig) securityNamedServiceConfig);
        }
        if (securityNamedServiceConfig instanceof RememberMeAuthenticationFilterConfig) {
            validateFilterConfig((RememberMeAuthenticationFilterConfig) securityNamedServiceConfig);
        }
        if (securityNamedServiceConfig instanceof AnonymousAuthenticationFilterConfig) {
            validateFilterConfig((AnonymousAuthenticationFilterConfig) securityNamedServiceConfig);
        }
        if (securityNamedServiceConfig instanceof SecurityInterceptorFilterConfig) {
            validateFilterConfig((SecurityInterceptorFilterConfig) securityNamedServiceConfig);
        }
        if (securityNamedServiceConfig instanceof LogoutFilterConfig) {
            validateFilterConfig((LogoutFilterConfig) securityNamedServiceConfig);
        }
    }

    protected void checkExistingUGService(String str) throws FilterConfigException {
        if (!isNotEmpty(str)) {
            throw createFilterException(FilterConfigException.USER_GROUP_SERVICE_NEEDED, new Object[0]);
        }
        try {
            if (this.manager.listUserGroupServices().contains(str)) {
            } else {
                throw createFilterException(FilterConfigException.UNKNOWN_USER_GROUP_SERVICE, str);
            }
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    protected void checkExistingRoleService(String str) throws FilterConfigException {
        if (isNotEmpty(str)) {
            try {
                if (this.manager.listRoleServices().contains(str)) {
                } else {
                    throw createFilterException(FilterConfigException.UNKNOWN_ROLE_SERVICE, str);
                }
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        }
    }

    public void validateFilterConfig(LogoutFilterConfig logoutFilterConfig) throws FilterConfigException {
    }

    public void validateFilterConfig(BasicAuthenticationFilterConfig basicAuthenticationFilterConfig) throws FilterConfigException {
    }

    public void validateFilterConfig(SecurityContextPersistenceFilterConfig securityContextPersistenceFilterConfig) throws FilterConfigException {
    }

    public void validateFilterConfig(RememberMeAuthenticationFilterConfig rememberMeAuthenticationFilterConfig) throws FilterConfigException {
    }

    public void validateFilterConfig(AnonymousAuthenticationFilterConfig anonymousAuthenticationFilterConfig) throws FilterConfigException {
    }

    public void validateFilterConfig(SecurityInterceptorFilterConfig securityInterceptorFilterConfig) throws FilterConfigException {
        if (!isNotEmpty(securityInterceptorFilterConfig.getSecurityMetadataSource())) {
            throw createFilterException(FilterConfigException.SECURITY_METADATA_SOURCE_NEEDED, new Object[0]);
        }
        try {
            lookupBean(securityInterceptorFilterConfig.getSecurityMetadataSource());
        } catch (NoSuchBeanDefinitionException e) {
            throw createFilterException(FilterConfigException.UNKNOWN_SECURITY_METADATA_SOURCE, securityInterceptorFilterConfig.getSecurityMetadataSource());
        }
    }

    public void validateFilterConfig(DigestAuthenticationFilterConfig digestAuthenticationFilterConfig) throws FilterConfigException {
        checkExistingUGService(digestAuthenticationFilterConfig.getUserGroupServiceName());
        if (digestAuthenticationFilterConfig.getNonceValiditySeconds() < 0) {
            throw createFilterException(FilterConfigException.INVALID_SECONDS, new Object[0]);
        }
    }

    public void validateFilterConfig(RoleFilterConfig roleFilterConfig) throws FilterConfigException {
        if (!isNotEmpty(roleFilterConfig.getHttpResponseHeaderAttrForIncludedRoles())) {
            throw createFilterException(FilterConfigException.HEADER_ATTRIBUTE_NAME_REQUIRED, new Object[0]);
        }
        if (isNotEmpty(roleFilterConfig.getRoleConverterName())) {
            try {
                lookupBean(roleFilterConfig.getRoleConverterName());
            } catch (NoSuchBeanDefinitionException e) {
                throw createFilterException(FilterConfigException.UNKNOWN_ROLE_CONVERTER, roleFilterConfig.getRoleConverterName());
            }
        }
    }

    public void validateFilterConfig(X509CertificateAuthenticationFilterConfig x509CertificateAuthenticationFilterConfig) throws FilterConfigException {
        validateFilterConfig((J2eeAuthenticationBaseFilterConfig) x509CertificateAuthenticationFilterConfig);
    }

    public void validateFilterConfig(UsernamePasswordAuthenticationFilterConfig usernamePasswordAuthenticationFilterConfig) throws FilterConfigException {
        if (!isNotEmpty(usernamePasswordAuthenticationFilterConfig.getUsernameParameterName())) {
            throw createFilterException(FilterConfigException.USER_PARAMETER_NAME_NEEDED, new Object[0]);
        }
        if (!isNotEmpty(usernamePasswordAuthenticationFilterConfig.getPasswordParameterName())) {
            throw createFilterException(FilterConfigException.PASSWORD_PARAMETER_NAME_NEEDED, new Object[0]);
        }
    }

    public void validateFilterConfig(J2eeAuthenticationBaseFilterConfig j2eeAuthenticationBaseFilterConfig) throws FilterConfigException {
        validateFilterConfig((PreAuthenticatedUserNameFilterConfig) j2eeAuthenticationBaseFilterConfig);
        if (j2eeAuthenticationBaseFilterConfig.getRoleSource().equals((RoleSource) J2eeAuthenticationBaseFilterConfig.J2EERoleSource.J2EE)) {
            checkExistingRoleService(j2eeAuthenticationBaseFilterConfig.getRoleServiceName());
        }
    }

    public void validateFilterConfig(RequestHeaderAuthenticationFilterConfig requestHeaderAuthenticationFilterConfig) throws FilterConfigException {
        if (!isNotEmpty(requestHeaderAuthenticationFilterConfig.getPrincipalHeaderAttribute())) {
            throw createFilterException(FilterConfigException.PRINCIPAL_HEADER_ATTRIBUTE_NEEDED, new Object[0]);
        }
        validateFilterConfig((PreAuthenticatedUserNameFilterConfig) requestHeaderAuthenticationFilterConfig);
    }

    public void validateFilterConfig(PreAuthenticatedUserNameFilterConfig preAuthenticatedUserNameFilterConfig) throws FilterConfigException {
        if (preAuthenticatedUserNameFilterConfig.getRoleSource() == null) {
            throw createFilterException(FilterConfigException.ROLE_SOURCE_NEEDED, new Object[0]);
        }
        if (preAuthenticatedUserNameFilterConfig.getRoleSource().equals((RoleSource) PreAuthenticatedUserNameFilterConfig.PreAuthenticatedUserNameRoleSource.RoleService)) {
            checkExistingRoleService(preAuthenticatedUserNameFilterConfig.getRoleServiceName());
        }
        if (preAuthenticatedUserNameFilterConfig.getRoleSource().equals((RoleSource) PreAuthenticatedUserNameFilterConfig.PreAuthenticatedUserNameRoleSource.UserGroupService)) {
            checkExistingUGService(preAuthenticatedUserNameFilterConfig.getUserGroupServiceName());
        }
        if (preAuthenticatedUserNameFilterConfig.getRoleSource().equals((RoleSource) PreAuthenticatedUserNameFilterConfig.PreAuthenticatedUserNameRoleSource.Header)) {
            if (!isNotEmpty(preAuthenticatedUserNameFilterConfig.getRolesHeaderAttribute())) {
                throw createFilterException(FilterConfigException.ROLES_HEADER_ATTRIBUTE_NEEDED, new Object[0]);
            }
            if (isNotEmpty(preAuthenticatedUserNameFilterConfig.getRoleConverterName())) {
                try {
                    lookupBean(preAuthenticatedUserNameFilterConfig.getRoleConverterName());
                } catch (NoSuchBeanDefinitionException e) {
                    throw createFilterException(FilterConfigException.UNKNOWN_ROLE_CONVERTER, preAuthenticatedUserNameFilterConfig.getRoleConverterName());
                }
            }
        }
    }

    public void validateFilterConfig(J2eeAuthenticationFilterConfig j2eeAuthenticationFilterConfig) throws FilterConfigException {
        validateFilterConfig((J2eeAuthenticationBaseFilterConfig) j2eeAuthenticationFilterConfig);
    }

    public void validateFilterConfig(ExceptionTranslationFilterConfig exceptionTranslationFilterConfig) throws FilterConfigException {
        if (isNotEmpty(exceptionTranslationFilterConfig.getAuthenticationFilterName())) {
            try {
                SecurityFilterConfig loadFilterConfig = this.manager.loadFilterConfig(exceptionTranslationFilterConfig.getAuthenticationFilterName());
                if (loadFilterConfig == null) {
                    throw createFilterException(FilterConfigException.INVALID_ENTRY_POINT, exceptionTranslationFilterConfig.getAuthenticationFilterName());
                }
                boolean z = false;
                if ((loadFilterConfig instanceof SecurityFilterConfig) && loadFilterConfig.providesAuthenticationEntryPoint()) {
                    z = true;
                }
                if (!z) {
                    throw createFilterException(FilterConfigException.NO_AUTH_ENTRY_POINT, exceptionTranslationFilterConfig.getAuthenticationFilterName());
                }
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        }
    }
}
