package org.geoserver.security.impl;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.StringReader;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.SortedSet;
import java.util.TreeSet;
import java.util.logging.Logger;
import javax.xml.parsers.SAXParserFactory;
import org.geoserver.platform.GeoServerExtensions;
import org.geoserver.platform.resource.Resource;
import org.geoserver.security.GeoServerRoleService;
import org.geoserver.security.GeoServerRoleStore;
import org.geoserver.security.config.SecurityNamedServiceConfig;
import org.geoserver.security.config.SecurityRoleServiceConfig;
import org.geoserver.security.event.RoleLoadedEvent;
import org.geoserver.security.event.RoleLoadedListener;
import org.geotools.util.logging.Logging;
import org.springframework.util.StringUtils;
import org.xml.sax.Attributes;
import org.xml.sax.ContentHandler;
import org.xml.sax.EntityResolver;
import org.xml.sax.InputSource;
import org.xml.sax.Locator;
import org.xml.sax.SAXException;
import org.xml.sax.XMLReader;

/* loaded from: input_file:WEB-INF/lib/gs-main-2.18.7-georchestra.jar:org/geoserver/security/impl/GeoServerJ2eeRoleService.class */
public class GeoServerJ2eeRoleService extends AbstractGeoServerSecurityService implements GeoServerRoleService {
    protected static Logger LOGGER = Logging.getLogger("org.geoserver.security");
    protected String adminRoleName;
    protected String groupAdminRoleName;
    protected HashMap<String, GeoServerRole> roleMap;
    protected SortedSet<GeoServerRole> roleSet;
    protected Set<RoleLoadedListener> listeners = Collections.synchronizedSet(new HashSet());
    protected SortedSet<GeoServerRole> emptySet = Collections.unmodifiableSortedSet(new TreeSet());
    protected SortedSet<String> emptyStringSet = Collections.unmodifiableSortedSet(new TreeSet());
    protected Map<String, String> parentMappings = new HashMap();

    /* loaded from: input_file:WEB-INF/lib/gs-main-2.18.7-georchestra.jar:org/geoserver/security/impl/GeoServerJ2eeRoleService$WebXMLContentHandler.class */
    public class WebXMLContentHandler implements ContentHandler {
        public static final String SECURITY_ROLE_REF = "security-role-ref";
        public static final String AUTH_CONSTRAINT = "auth-constraint";
        public static final String SECURITY_ROLE = "security-role";
        public static final String ROLE_NAME = "role-name";
        public static final String ROLE_LINK = "role-link";
        private String currentValue;
        private String roleName;
        private boolean inSecRoleRef;
        private boolean inAuthConstraint;
        private boolean inSecRole;
        private Map<String, String> inSecRoleRefRoles = new HashMap();
        private List<String> inAuthConstraintRoles = new ArrayList();
        private List<String> inSecRoleRoles = new ArrayList();

        public WebXMLContentHandler() {
        }

        @Override // org.xml.sax.ContentHandler
        public void characters(char[] cArr, int i, int i2) throws SAXException {
            this.currentValue = new String(cArr, i, i2);
        }

        @Override // org.xml.sax.ContentHandler
        public void endDocument() throws SAXException {
        }

        @Override // org.xml.sax.ContentHandler
        public void endElement(String str, String str2, String str3) throws SAXException {
            if (SECURITY_ROLE_REF.equals(str2)) {
                this.inSecRoleRef = false;
            }
            if (AUTH_CONSTRAINT.equals(str2)) {
                this.inAuthConstraint = false;
            }
            if (SECURITY_ROLE.equals(str2)) {
                this.inSecRole = false;
            }
            if (ROLE_NAME.endsWith(str2)) {
                if (this.inSecRoleRef) {
                    this.roleName = this.currentValue.trim();
                }
                if (this.inAuthConstraint) {
                    this.inAuthConstraintRoles.add(this.currentValue.trim());
                }
                if (this.inSecRole) {
                    this.inSecRoleRoles.add(this.currentValue.trim());
                }
            }
            if (ROLE_LINK.endsWith(str2)) {
                this.inSecRoleRefRoles.put(this.roleName, this.currentValue.trim());
            }
        }

        @Override // org.xml.sax.ContentHandler
        public void startElement(String str, String str2, String str3, Attributes attributes) throws SAXException {
            if (SECURITY_ROLE_REF.equals(str2)) {
                this.inSecRoleRef = true;
            }
            if (AUTH_CONSTRAINT.equals(str2)) {
                this.inAuthConstraint = true;
            }
            if (SECURITY_ROLE.equals(str2)) {
                this.inSecRole = true;
            }
        }

        @Override // org.xml.sax.ContentHandler
        public void endPrefixMapping(String str) throws SAXException {
        }

        @Override // org.xml.sax.ContentHandler
        public void ignorableWhitespace(char[] cArr, int i, int i2) throws SAXException {
        }

        @Override // org.xml.sax.ContentHandler
        public void processingInstruction(String str, String str2) throws SAXException {
        }

        @Override // org.xml.sax.ContentHandler
        public void setDocumentLocator(Locator locator) {
        }

        @Override // org.xml.sax.ContentHandler
        public void skippedEntity(String str) throws SAXException {
        }

        @Override // org.xml.sax.ContentHandler
        public void startDocument() throws SAXException {
        }

        @Override // org.xml.sax.ContentHandler
        public void startPrefixMapping(String str, String str2) throws SAXException {
        }

        public Map<String, String> getInSecRoleRefRoles() {
            return this.inSecRoleRefRoles;
        }

        public List<String> getInAuthConstraintRoles() {
            return this.inAuthConstraintRoles;
        }

        public List<String> getInSecRoleRoles() {
            return this.inSecRoleRoles;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public GeoServerJ2eeRoleService() throws IOException {
        load();
    }

    @Override // org.geoserver.security.impl.AbstractGeoServerSecurityService, org.geoserver.security.GeoServerSecurityService
    public void initializeFromConfig(SecurityNamedServiceConfig securityNamedServiceConfig) throws IOException {
        super.initializeFromConfig(securityNamedServiceConfig);
        this.adminRoleName = ((SecurityRoleServiceConfig) securityNamedServiceConfig).getAdminRoleName();
        this.groupAdminRoleName = ((SecurityRoleServiceConfig) securityNamedServiceConfig).getGroupAdminRoleName();
        load();
    }

    @Override // org.geoserver.security.GeoServerRoleService
    public GeoServerRole getAdminRole() {
        if (!StringUtils.hasLength(this.adminRoleName)) {
            return null;
        }
        try {
            return getRoleByName(this.adminRoleName);
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // org.geoserver.security.GeoServerRoleService
    public GeoServerRole getGroupAdminRole() {
        if (!StringUtils.hasLength(this.groupAdminRoleName)) {
            return null;
        }
        try {
            return getRoleByName(this.groupAdminRoleName);
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // org.geoserver.security.GeoServerRoleService
    public GeoServerRoleStore createStore() throws IOException {
        return null;
    }

    @Override // org.geoserver.security.GeoServerRoleService
    public void registerRoleLoadedListener(RoleLoadedListener roleLoadedListener) {
        this.listeners.add(roleLoadedListener);
    }

    @Override // org.geoserver.security.GeoServerRoleService
    public void unregisterRoleLoadedListener(RoleLoadedListener roleLoadedListener) {
        this.listeners.remove(roleLoadedListener);
    }

    @Override // org.geoserver.security.GeoServerRoleService
    public SortedSet<GeoServerRole> getRoles() throws IOException {
        return this.roleSet != null ? this.roleSet : this.emptySet;
    }

    @Override // org.geoserver.security.GeoServerRoleService
    public synchronized void load() throws IOException {
        if (this.roleMap != null) {
            return;
        }
        LOGGER.info("Start reloading roles for service named " + getName());
        File file = GeoServerExtensions.file("WEB-INF/web.xml");
        if (file == null) {
            throw new IOException("Cannot open /WEB-INF/web.xml");
        }
        LOGGER.info("Extracting roles from: " + file.getCanonicalPath());
        Set<String> parseWebXML = parseWebXML(file);
        this.roleMap = new HashMap<>();
        for (String str : parseWebXML) {
            this.roleMap.put(str, createRoleObject(str));
            this.parentMappings.put(str, null);
        }
        this.roleSet = new TreeSet();
        this.roleSet.addAll(this.roleMap.values());
        LOGGER.info("Reloading roles successful for service named " + getName());
        fireRoleLoadedEvent();
    }

    protected Set<String> parseWebXML(File file) throws IOException {
        WebXMLContentHandler webXMLContentHandler = new WebXMLContentHandler();
        HashSet hashSet = new HashSet();
        try {
            SAXParserFactory newInstance = SAXParserFactory.newInstance();
            newInstance.setNamespaceAware(true);
            XMLReader xMLReader = newInstance.newSAXParser().getXMLReader();
            InputSource inputSource = new InputSource(new FileInputStream(file));
            xMLReader.setContentHandler(webXMLContentHandler);
            xMLReader.setEntityResolver(new EntityResolver() { // from class: org.geoserver.security.impl.GeoServerJ2eeRoleService.1
                @Override // org.xml.sax.EntityResolver
                public InputSource resolveEntity(String str, String str2) throws SAXException, IOException {
                    return new InputSource(new StringReader(""));
                }
            });
            xMLReader.parse(inputSource);
            hashSet.addAll(webXMLContentHandler.getInAuthConstraintRoles());
            hashSet.addAll(webXMLContentHandler.getInSecRoleRoles());
            hashSet.addAll(webXMLContentHandler.getInSecRoleRefRoles().keySet());
            hashSet.addAll(webXMLContentHandler.getInSecRoleRefRoles().values());
            return hashSet;
        } catch (Exception e) {
            throw new IOException(e);
        }
    }

    @Override // org.geoserver.security.GeoServerRoleService
    public SortedSet<GeoServerRole> getRolesForUser(String str) throws IOException {
        return this.emptySet;
    }

    @Override // org.geoserver.security.GeoServerRoleService
    public SortedSet<GeoServerRole> getRolesForGroup(String str) throws IOException {
        return this.emptySet;
    }

    @Override // org.geoserver.security.GeoServerRoleService
    public GeoServerRole createRoleObject(String str) throws IOException {
        return new GeoServerRole(str);
    }

    @Override // org.geoserver.security.GeoServerRoleService
    public GeoServerRole getParentRole(GeoServerRole geoServerRole) throws IOException {
        return null;
    }

    @Override // org.geoserver.security.GeoServerRoleService
    public GeoServerRole getRoleByName(String str) throws IOException {
        if (this.roleMap != null) {
            return this.roleMap.get(str);
        }
        return null;
    }

    protected void fireRoleLoadedEvent() {
        RoleLoadedEvent roleLoadedEvent = new RoleLoadedEvent(this);
        Iterator<RoleLoadedListener> it2 = this.listeners.iterator();
        while (it2.hasNext()) {
            it2.next().rolesChanged(roleLoadedEvent);
        }
    }

    @Override // org.geoserver.security.GeoServerRoleService
    public SortedSet<String> getGroupNamesForRole(GeoServerRole geoServerRole) throws IOException {
        return this.emptyStringSet;
    }

    @Override // org.geoserver.security.GeoServerRoleService
    public SortedSet<String> getUserNamesForRole(GeoServerRole geoServerRole) throws IOException {
        return this.emptyStringSet;
    }

    @Override // org.geoserver.security.GeoServerRoleService
    public Map<String, String> getParentMappings() throws IOException {
        return this.parentMappings;
    }

    @Override // org.geoserver.security.GeoServerRoleService
    public Properties personalizeRoleParams(String str, Properties properties, String str2, Properties properties2) throws IOException {
        return null;
    }

    public Resource getConfigRoot() throws IOException {
        return getSecurityManager().role().get(getName());
    }

    @Override // org.geoserver.security.GeoServerRoleService
    public int getRoleCount() throws IOException {
        if (this.roleSet != null) {
            return this.roleSet.size();
        }
        return 0;
    }
}
