package org.geoserver.security;

import java.io.IOException;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.ThreadFactory;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.geoserver.config.util.XStreamPersister;
import org.geoserver.platform.GeoServerExtensions;
import org.geoserver.security.config.SecurityNamedServiceConfig;
import org.geoserver.security.filter.AbstractFilterProvider;
import org.geoserver.security.filter.GeoServerSecurityFilter;
import org.geoserver.security.validation.SecurityConfigValidator;
import org.geotools.util.logging.Logging;
import org.springframework.beans.factory.DisposableBean;
import org.springframework.scheduling.concurrent.CustomizableThreadFactory;

/* loaded from: input_file:WEB-INF/lib/gs-authkey-2.25.3.jar:org/geoserver/security/GeoServerAuthenticationKeyProvider.class */
public class GeoServerAuthenticationKeyProvider extends AbstractFilterProvider implements DisposableBean {
    private static final AtomicInteger poolCounter = new AtomicInteger();
    static Logger LOGGER = Logging.getLogger("org.geoserver.security");
    private final GeoServerSecurityManager securityManager;
    private final ScheduledExecutorService scheduler = Executors.newScheduledThreadPool(1, getThreadFactory());
    private final int autoSyncDelaySeconds;

    /* loaded from: input_file:WEB-INF/lib/gs-authkey-2.25.3.jar:org/geoserver/security/GeoServerAuthenticationKeyProvider$AuthKeyMapperSyncRunnable.class */
    class AuthKeyMapperSyncRunnable implements Runnable {
        AuthKeyMapperSyncRunnable() {
        }

        @Override // java.lang.Runnable
        public void run() {
            if (GeoServerAuthenticationKeyProvider.LOGGER.isLoggable(Level.FINE)) {
                GeoServerAuthenticationKeyProvider.LOGGER.fine("AuthenticationKey Mapper Sync task running");
            }
            try {
                GeoServerAuthenticationKeyProvider.this.securityManager.listFilters(GeoServerAuthenticationKeyFilter.class).forEach(this::doSync);
                if (GeoServerAuthenticationKeyProvider.LOGGER.isLoggable(Level.FINE)) {
                    GeoServerAuthenticationKeyProvider.LOGGER.fine("AuthenticationKey Mapper Sync task completed");
                }
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        }

        private void doSync(String str) {
            try {
                AuthenticationKeyFilterConfig authenticationKeyFilterConfig = (AuthenticationKeyFilterConfig) GeoServerAuthenticationKeyProvider.this.securityManager.loadFilterConfig(str, true);
                if (authenticationKeyFilterConfig == null || !authenticationKeyFilterConfig.isAllowMapperKeysAutoSync()) {
                    return;
                }
                AuthenticationKeyMapper authenticationKeyMapper = (AuthenticationKeyMapper) GeoServerExtensions.bean(authenticationKeyFilterConfig.getAuthKeyMapperName());
                authenticationKeyMapper.setAuthenticationFilterName(str);
                authenticationKeyMapper.setSecurityManager(GeoServerAuthenticationKeyProvider.this.securityManager);
                authenticationKeyMapper.setUserGroupServiceName(authenticationKeyFilterConfig.getUserGroupServiceName());
                try {
                    int synchronize = authenticationKeyMapper.synchronize();
                    if (GeoServerAuthenticationKeyProvider.LOGGER.isLoggable(Level.FINE)) {
                        GeoServerAuthenticationKeyProvider.LOGGER.fine("AuthenticationKey Mapper Sync task completed with " + synchronize + " new keys");
                    }
                } catch (IOException e) {
                    GeoServerAuthenticationKeyProvider.LOGGER.log(Level.WARNING, "Authentication key error ", (Throwable) e);
                    throw new RuntimeException(e);
                }
            } catch (IOException e2) {
                GeoServerAuthenticationKeyProvider.LOGGER.log(Level.WARNING, "Authentication key error ", (Throwable) e2);
                throw new RuntimeException(e2);
            }
        }
    }

    public GeoServerAuthenticationKeyProvider(GeoServerSecurityManager geoServerSecurityManager, int i) {
        this.securityManager = geoServerSecurityManager;
        this.autoSyncDelaySeconds = i;
        this.scheduler.scheduleAtFixedRate(new AuthKeyMapperSyncRunnable(), i, i, TimeUnit.SECONDS);
    }

    private ThreadFactory getThreadFactory() {
        CustomizableThreadFactory customizableThreadFactory = new CustomizableThreadFactory(String.format("GeoServerAuthenticationKey-%d-", Integer.valueOf(poolCounter.getAndIncrement())));
        customizableThreadFactory.setDaemon(true);
        return customizableThreadFactory;
    }

    @Override // org.geoserver.security.GeoServerSecurityProvider
    public void configure(XStreamPersister xStreamPersister) {
        super.configure(xStreamPersister);
        xStreamPersister.getXStream().alias("authKeyAuthentication", AuthenticationKeyFilterConfig.class);
        xStreamPersister.getXStream().alias("authKeyRESTRoleService", GeoServerRestRoleServiceConfig.class);
    }

    @Override // org.geoserver.security.GeoServerSecurityProvider
    public Class<? extends GeoServerSecurityFilter> getFilterClass() {
        return GeoServerAuthenticationKeyFilter.class;
    }

    @Override // org.geoserver.security.GeoServerSecurityProvider
    public GeoServerSecurityFilter createFilter(SecurityNamedServiceConfig securityNamedServiceConfig) {
        return new GeoServerAuthenticationKeyFilter();
    }

    @Override // org.geoserver.security.filter.AbstractFilterProvider, org.geoserver.security.GeoServerSecurityProvider
    public SecurityConfigValidator createConfigurationValidator(GeoServerSecurityManager geoServerSecurityManager) {
        return new AuthenticationKeyFilterConfigValidator(geoServerSecurityManager);
    }

    @Override // org.geoserver.security.GeoServerSecurityProvider
    public GeoServerRoleService createRoleService(SecurityNamedServiceConfig securityNamedServiceConfig) throws IOException {
        return new GeoServerRestRoleService(securityNamedServiceConfig);
    }

    @Override // org.geoserver.security.GeoServerSecurityProvider
    public GeoServerUserGroupService createUserGroupService(SecurityNamedServiceConfig securityNamedServiceConfig) throws IOException {
        return super.createUserGroupService(securityNamedServiceConfig);
    }

    @Override // org.geoserver.security.GeoServerSecurityProvider
    public Class<? extends GeoServerRoleService> getRoleServiceClass() {
        return GeoServerRestRoleService.class;
    }

    @Override // org.geoserver.security.GeoServerSecurityProvider
    public Class<? extends GeoServerUserGroupService> getUserGroupServiceClass() {
        return super.getUserGroupServiceClass();
    }

    @Override // org.geoserver.security.GeoServerSecurityProvider
    public boolean roleServiceNeedsLockProtection() {
        return false;
    }

    @Override // org.geoserver.security.GeoServerSecurityProvider
    public boolean userGroupServiceNeedsLockProtection() {
        return super.userGroupServiceNeedsLockProtection();
    }

    public ScheduledExecutorService getScheduler() {
        return this.scheduler;
    }

    public int getAutoSyncDelaySeconds() {
        return this.autoSyncDelaySeconds;
    }

    @Override // org.springframework.beans.factory.DisposableBean
    public void destroy() {
        this.scheduler.shutdown();
    }
}
