package org.geoserver.security;

import java.nio.charset.Charset;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Collection;
import org.geoserver.security.impl.GeoServerRole;
import org.geoserver.security.impl.GeoServerUser;
import org.geoserver.security.impl.UserDetailsWrapper;
import org.geoserver.security.password.GeoServerMultiplexingPasswordEncoder;
import org.geoserver.security.password.UserDetailsPasswordWrapper;
import org.springframework.dao.DataAccessException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.codec.Hex;

/* loaded from: input_file:WEB-INF/lib/gs-main-2.18.7-georchestra.jar:org/geoserver/security/HttpDigestUserDetailsServiceWrapper.class */
public class HttpDigestUserDetailsServiceWrapper implements UserDetailsService {
    private GeoServerSecurityManager manager;
    protected GeoServerUserGroupService service;
    protected Charset charSet;
    protected final char[] delimArray = {':'};
    protected MessageDigest digest;
    protected GeoServerMultiplexingPasswordEncoder enc;

    /* loaded from: input_file:WEB-INF/lib/gs-main-2.18.7-georchestra.jar:org/geoserver/security/HttpDigestUserDetailsServiceWrapper$DigestUserDetails.class */
    public static class DigestUserDetails extends UserDetailsWrapper {
        private static final long serialVersionUID = 1;
        private String password;
        private Collection<GrantedAuthority> roles;

        public DigestUserDetails(UserDetails userDetails, String str, Collection<GrantedAuthority> collection) {
            super(userDetails);
            this.password = str;
            this.roles = collection;
        }

        @Override // org.geoserver.security.impl.UserDetailsWrapper, org.springframework.security.core.userdetails.UserDetails
        public Collection<GrantedAuthority> getAuthorities() {
            return this.roles;
        }

        @Override // org.geoserver.security.impl.UserDetailsWrapper, org.springframework.security.core.userdetails.UserDetails
        public String getPassword() {
            return this.password;
        }
    }

    public HttpDigestUserDetailsServiceWrapper(GeoServerUserGroupService geoServerUserGroupService, Charset charset) {
        this.service = geoServerUserGroupService;
        this.charSet = charset;
        this.manager = geoServerUserGroupService.getSecurityManager();
        this.enc = new GeoServerMultiplexingPasswordEncoder(geoServerUserGroupService.getSecurityManager(), geoServerUserGroupService);
        try {
            this.digest = MessageDigest.getInstance("MD5");
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException("No MD5 algorithm available!");
        }
    }

    @Override // org.springframework.security.core.userdetails.UserDetailsService
    public UserDetails loadUserByUsername(String str) throws UsernameNotFoundException, DataAccessException {
        return "root".equals(str) ? prepareForRootUser() : prepareForUser((GeoServerUser) this.service.loadUserByUsername(str));
    }

    UserDetails prepareForUser(GeoServerUser geoServerUser) {
        char[] charArray;
        try {
            charArray = this.enc.decodeToCharArray(geoServerUser.getPassword());
        } catch (UnsupportedOperationException e) {
            charArray = geoServerUser.getPassword().toCharArray();
        }
        String encodePasswordInA1Format = encodePasswordInA1Format(geoServerUser.getUsername(), GeoServerSecurityManager.REALM, charArray);
        this.manager.disposePassword(charArray);
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(geoServerUser.getAuthorities());
        arrayList.add(GeoServerRole.AUTHENTICATED_ROLE);
        return new DigestUserDetails(geoServerUser, encodePasswordInA1Format, arrayList);
    }

    UserDetails prepareForRootUser() {
        char[] cArr = null;
        try {
            cArr = this.manager.getMasterPassword();
            UserDetailsPasswordWrapper userDetailsPasswordWrapper = new UserDetailsPasswordWrapper(GeoServerUser.createRoot(), encodePasswordInA1Format("root", GeoServerSecurityManager.REALM, cArr));
            if (cArr != null) {
                this.manager.disposePassword(cArr);
            }
            return userDetailsPasswordWrapper;
        } catch (Throwable th) {
            if (cArr != null) {
                this.manager.disposePassword(cArr);
            }
            throw th;
        }
    }

    String encodePasswordInA1Format(String str, String str2, char[] cArr) {
        char[] cArr2 = null;
        try {
            char[] charArray = str.toCharArray();
            char[] charArray2 = str2.toCharArray();
            cArr2 = new char[charArray.length + charArray2.length + cArr.length + 2];
            System.arraycopy(charArray, 0, cArr2, 0, charArray.length);
            int length = 0 + charArray.length;
            System.arraycopy(this.delimArray, 0, cArr2, length, 1);
            int i = length + 1;
            System.arraycopy(charArray2, 0, cArr2, i, charArray2.length);
            int length2 = i + charArray2.length;
            System.arraycopy(this.delimArray, 0, cArr2, length2, 1);
            System.arraycopy(cArr, 0, cArr2, length2 + 1, cArr.length);
            try {
                String str3 = new String(Hex.encode(((MessageDigest) this.digest.clone()).digest(SecurityUtils.toBytes(cArr2, this.charSet))));
                if (cArr2 != null) {
                    this.manager.disposePassword(cArr2);
                }
                return str3;
            } catch (CloneNotSupportedException e) {
                throw new RuntimeException(e);
            }
        } catch (Throwable th) {
            if (cArr2 != null) {
                this.manager.disposePassword(cArr2);
            }
            throw th;
        }
    }
}
