package org.geoserver.rest.security;

import java.io.IOException;
import java.util.Iterator;
import javax.servlet.http.HttpServletResponse;
import org.geoserver.rest.RestException;
import org.geoserver.rest.catalog.SequentialExecutionController;
import org.geoserver.rest.security.xml.JaxbGroupList;
import org.geoserver.rest.security.xml.JaxbUser;
import org.geoserver.rest.security.xml.JaxbUserList;
import org.geoserver.security.GeoServerSecurityManager;
import org.geoserver.security.GeoServerUserGroupService;
import org.geoserver.security.GeoServerUserGroupStore;
import org.geoserver.security.impl.GeoServerUser;
import org.geoserver.security.impl.GeoServerUserGroup;
import org.geoserver.security.validation.PasswordPolicyException;
import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseStatus;
import org.springframework.web.bind.annotation.RestController;

@RequestMapping(path = {"/rest/security/usergroup"})
@RestController("usergroupRestController")
/* loaded from: input_file:WEB-INF/lib/gs-restconfig-2.25.3-georchestra.jar:org/geoserver/rest/security/UsersRestController.class */
public class UsersRestController implements SequentialExecutionController {
    protected GeoServerSecurityManager securityManager;
    private static final String DEFAULT_ROLE_SERVICE_NAME = "default";

    private String getDefaultServiceName() {
        String property = System.getProperty("org.geoserver.rest.DefaultUserGroupServiceName");
        return property == null ? "default" : property;
    }

    public UsersRestController(GeoServerSecurityManager geoServerSecurityManager) {
        this.securityManager = geoServerSecurityManager;
    }

    @ExceptionHandler({IllegalArgumentException.class})
    public void somethingNotFound(IllegalArgumentException illegalArgumentException, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.sendError(404, illegalArgumentException.getMessage());
    }

    @GetMapping(value = {"/users"}, produces = {"application/xml", "application/json"})
    public JaxbUserList getUsers() throws IOException {
        return getUsers(getDefaultServiceName());
    }

    @GetMapping(value = {"/groups"}, produces = {"application/xml", "application/json"})
    public JaxbGroupList getGroups() throws IOException {
        return getGroups(getDefaultServiceName());
    }

    @GetMapping(value = {"/group/{group}/users"}, produces = {"application/xml", "application/json"})
    public JaxbUserList getUsersFromGroup(@PathVariable("group") String str) throws IOException {
        return getUsersFromGroup(getDefaultServiceName(), str);
    }

    @GetMapping(value = {"/user/{user}/groups"}, produces = {"application/xml", "application/json"})
    public JaxbGroupList getGroupsFromUser(@PathVariable("user") String str) throws IOException {
        return getGroupsFromUser(getDefaultServiceName(), str);
    }

    @PostMapping({"/users"})
    @ResponseStatus(HttpStatus.CREATED)
    public void insertUser(@RequestBody JaxbUser jaxbUser) throws PasswordPolicyException, IOException {
        insertUser(getDefaultServiceName(), jaxbUser);
    }

    @PostMapping({"/user/{user}"})
    @ResponseStatus(HttpStatus.OK)
    public void updateUser(@PathVariable("user") String str, @RequestBody JaxbUser jaxbUser) throws PasswordPolicyException, IOException {
        updateUser(getDefaultServiceName(), str, jaxbUser);
    }

    @DeleteMapping({"/user/{user}"})
    @ResponseStatus(HttpStatus.OK)
    public void deleteUser(@PathVariable("user") String str) throws IOException {
        deleteUser(getDefaultServiceName(), str);
    }

    @PostMapping({"/group/{group}"})
    @ResponseStatus(HttpStatus.CREATED)
    public void insertGroup(@PathVariable("group") String str) throws PasswordPolicyException, IOException {
        insertGroup(getDefaultServiceName(), str);
    }

    @DeleteMapping({"/group/{group}"})
    @ResponseStatus(HttpStatus.OK)
    public void deleteGroup(@PathVariable("group") String str) throws IOException {
        deleteGroup(getDefaultServiceName(), str);
    }

    @PostMapping({"/user/{user}/group/{group}"})
    @ResponseStatus(HttpStatus.OK)
    public void associateUserToGroup(@PathVariable("user") String str, @PathVariable("group") String str2) throws IOException {
        associateUserToGroup(getDefaultServiceName(), str, str2);
    }

    @DeleteMapping({"/user/{user}/group/{group}"})
    @ResponseStatus(HttpStatus.OK)
    public void disassociateUserFromGroup(@PathVariable("user") String str, @PathVariable("group") String str2) throws IOException {
        disassociateUserFromGroup(getDefaultServiceName(), str, str2);
    }

    @GetMapping(value = {"/service/{serviceName}/users"}, produces = {"application/xml", "application/json"})
    public JaxbUserList getUsers(@PathVariable("serviceName") String str) throws IOException {
        return new JaxbUserList(getService(str).getUsers());
    }

    @GetMapping(value = {"/service/{serviceName}/groups"}, produces = {"application/xml", "application/json"})
    public JaxbGroupList getGroups(@PathVariable("serviceName") String str) throws IOException {
        return new JaxbGroupList(getService(str).getUserGroups());
    }

    @GetMapping(value = {"/service/{serviceName}/group/{group}/users"}, produces = {"application/xml", "application/json"})
    public JaxbUserList getUsersFromGroup(@PathVariable("serviceName") String str, @PathVariable("group") String str2) throws IOException {
        GeoServerUserGroupService service = getService(str);
        return new JaxbUserList(service.getUsersForGroup(getGroup(service, str2)));
    }

    @GetMapping(value = {"/service/{serviceName}/user/{user}/groups"}, produces = {"application/xml", "application/json"})
    public JaxbGroupList getGroupsFromUser(@PathVariable("serviceName") String str, @PathVariable("user") String str2) throws IOException {
        GeoServerUserGroupService service = getService(str);
        return new JaxbGroupList(service.getGroupsForUser(getUser(service, str2)));
    }

    @PostMapping({"/service/{serviceName}/users"})
    @ResponseStatus(HttpStatus.CREATED)
    public void insertUser(@PathVariable("serviceName") String str, @RequestBody JaxbUser jaxbUser) throws PasswordPolicyException, IOException {
        GeoServerUserGroupStore store = getStore(str);
        try {
            store.addUser(jaxbUser.toUser(store));
            store.store();
        } catch (Throwable th) {
            store.store();
            throw th;
        }
    }

    @PostMapping({"/service/{serviceName}/user/{user}"})
    @ResponseStatus(HttpStatus.OK)
    public void updateUser(@PathVariable("serviceName") String str, @PathVariable("user") String str2, @RequestBody JaxbUser jaxbUser) throws PasswordPolicyException, IOException {
        GeoServerUserGroupStore store = getStore(str);
        try {
            store.updateUser(jaxbUser.toUser(getUser(store, str2)));
            store.store();
        } catch (Throwable th) {
            store.store();
            throw th;
        }
    }

    @DeleteMapping({"/service/{serviceName}/user/{user}"})
    @ResponseStatus(HttpStatus.OK)
    public void deleteUser(@PathVariable("serviceName") String str, @PathVariable("user") String str2) throws IOException {
        GeoServerUserGroupStore store = getStore(str);
        try {
            store.removeUser(getUser(store, str2));
            store.store();
        } catch (Throwable th) {
            store.store();
            throw th;
        }
    }

    @PostMapping({"/service/{serviceName}/group/{group}"})
    @ResponseStatus(HttpStatus.CREATED)
    public void insertGroup(@PathVariable("serviceName") String str, @PathVariable("group") String str2) throws PasswordPolicyException, IOException {
        GeoServerUserGroupStore store = getStore(str);
        try {
            store.addGroup(new GeoServerUserGroup(str2));
            store.store();
        } catch (Throwable th) {
            store.store();
            throw th;
        }
    }

    @DeleteMapping({"/service/{serviceName}/group/{group}"})
    @ResponseStatus(HttpStatus.OK)
    public void deleteGroup(@PathVariable("serviceName") String str, @PathVariable("group") String str2) throws IOException {
        GeoServerUserGroupStore store = getStore(str);
        try {
            store.removeGroup(getGroup(store, str2));
            store.store();
        } catch (Throwable th) {
            store.store();
            throw th;
        }
    }

    @PostMapping({"/service/{serviceName}/user/{user}/group/{group}"})
    @ResponseStatus(HttpStatus.OK)
    public void associateUserToGroup(@PathVariable("serviceName") String str, @PathVariable("user") String str2, @PathVariable("group") String str3) throws IOException {
        GeoServerUserGroupStore store = getStore(str);
        GeoServerUserGroupService service = getService(str);
        Iterator<GeoServerUserGroup> it2 = service.getGroupsForUser(getUser(service, str2)).iterator();
        while (it2.hasNext()) {
            if (str3.equals(it2.next().getGroupname())) {
                throw new RestException("Username already associated with this groupname", HttpStatus.OK);
            }
        }
        try {
            store.associateUserToGroup(getUser(store, str2), getGroup(store, str3));
            store.store();
        } catch (Throwable th) {
            store.store();
            throw th;
        }
    }

    @DeleteMapping({"/service/{serviceName}/user/{user}/group/{group}"})
    @ResponseStatus(HttpStatus.OK)
    public void disassociateUserFromGroup(@PathVariable("serviceName") String str, @PathVariable("user") String str2, @PathVariable("group") String str3) throws IOException {
        GeoServerUserGroupStore store = getStore(str);
        try {
            store.disAssociateUserFromGroup(getUser(store, str2), getGroup(store, str3));
            store.store();
        } catch (Throwable th) {
            store.store();
            throw th;
        }
    }

    protected GeoServerUserGroupService getService(String str) throws IOException {
        if (this.securityManager.loadUserGroupService(str) == null) {
            throw new IllegalArgumentException("Provided user/group service does not exist: " + str);
        }
        return this.securityManager.loadUserGroupService(str);
    }

    protected GeoServerUserGroupStore getStore(String str) throws IOException {
        GeoServerUserGroupService loadUserGroupService = this.securityManager.loadUserGroupService(str);
        if (loadUserGroupService == null) {
            throw new IllegalArgumentException("Provided user/group service does not exist: " + str);
        }
        if (loadUserGroupService.canCreateStore()) {
            return this.securityManager.loadUserGroupService(str).createStore();
        }
        throw new IOException("Provided UserGroupService is read-only.");
    }

    protected GeoServerUser getUser(GeoServerUserGroupService geoServerUserGroupService, String str) throws IOException {
        GeoServerUser userByUsername = geoServerUserGroupService.getUserByUsername(str);
        if (userByUsername == null) {
            throw new IllegalArgumentException("Provided username does not exist: " + str);
        }
        return userByUsername;
    }

    protected GeoServerUserGroup getGroup(GeoServerUserGroupService geoServerUserGroupService, String str) throws IOException {
        GeoServerUserGroup groupByGroupname = geoServerUserGroupService.getGroupByGroupname(str);
        if (groupByGroupname == null) {
            throw new IllegalArgumentException("Provided groupname does not exist: " + str);
        }
        return groupByGroupname;
    }
}
