package org.geoserver.security;

import java.io.IOException;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.SortedSet;
import org.geoserver.security.impl.GeoServerUser;
import org.geoserver.security.validation.PasswordPolicyException;
import org.springframework.util.StringUtils;

/* loaded from: input_file:org/geoserver/security/UserPropertyAuthenticationKeyMapper.class */
public class UserPropertyAuthenticationKeyMapper extends AbstractAuthenticationKeyMapper {
    private String userPropertyName;

    public String getUserPropertyName() {
        return this.userPropertyName;
    }

    public void setUserPropertyName(String str) {
        this.userPropertyName = str;
    }

    @Override // org.geoserver.security.AbstractAuthenticationKeyMapper
    protected void checkPropertiesInternal() throws IOException {
        if (!StringUtils.hasLength(getUserPropertyName())) {
            throw new IOException("User property name is unset");
        }
    }

    @Override // org.geoserver.security.AuthenticationKeyMapper
    public boolean supportsReadOnlyUserGroupService() {
        return false;
    }

    @Override // org.geoserver.security.AbstractAuthenticationKeyMapper, org.geoserver.security.AuthenticationKeyMapper
    public Set<String> getAvailableParameters() {
        return new HashSet(List.of("cacheTtlSeconds"));
    }

    @Override // org.geoserver.security.AbstractAuthenticationKeyMapper
    public GeoServerUser getUserInternal(String str) throws IOException {
        SortedSet usersHavingPropertyValue = getUserGroupService().getUsersHavingPropertyValue(getUserPropertyName(), str);
        if (usersHavingPropertyValue.isEmpty()) {
            return null;
        }
        if (usersHavingPropertyValue.size() <= 1) {
            GeoServerUser geoServerUser = (GeoServerUser) usersHavingPropertyValue.first();
            if (geoServerUser.isEnabled()) {
                return getUserGroupService().loadUserByUsername(geoServerUser.getUsername());
            }
            LOGGER.info("Found user " + geoServerUser.getUsername() + " for key " + str + ", but this user is disabled");
            return null;
        }
        StringBuilder sb = new StringBuilder();
        Iterator it = usersHavingPropertyValue.iterator();
        while (it.hasNext()) {
            sb.append(((GeoServerUser) it.next()).getUsername()).append(",");
        }
        sb.setLength(sb.length() - 1);
        throw new IOException("More than one user have auth key: " + str + ". Problematic users :" + sb.toString());
    }

    @Override // org.geoserver.security.AuthenticationKeyMapper
    public synchronized int synchronize() throws IOException {
        checkProperties();
        GeoServerUserGroupService userGroupService = getUserGroupService();
        if (!userGroupService.canCreateStore()) {
            throw new IOException("Cannot synchronize a read only user group service");
        }
        resetUserCache();
        int i = 0;
        GeoServerUserGroupStore createStore = userGroupService.createStore();
        createStore.load();
        for (GeoServerUser geoServerUser : createStore.getUsers()) {
            if (!StringUtils.hasLength(geoServerUser.getProperties().getProperty(getUserPropertyName()))) {
                geoServerUser.getProperties().put(getUserPropertyName(), createAuthKey());
                try {
                    createStore.updateUser(geoServerUser);
                    i++;
                } catch (PasswordPolicyException e) {
                    throw new IOException("Never should reach this point", e);
                }
            }
        }
        createStore.store();
        return i;
    }
}
