package hudson.security.csrf;

import hudson.DescriptorExtensionList;
import hudson.ExtensionPoint;
import hudson.init.Initializer;
import hudson.model.Api;
import hudson.model.Describable;
import hudson.model.Descriptor;
import hudson.util.MultipartFormDataParser;
import java.io.IOException;
import java.io.OutputStream;
import java.nio.charset.StandardCharsets;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import jenkins.model.Jenkins;
import jenkins.security.stapler.StaplerAccessibleType;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.Stapler;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.StaplerResponse;
import org.kohsuke.stapler.WebApp;
import org.kohsuke.stapler.export.Exported;
import org.kohsuke.stapler.export.ExportedBean;

@ExportedBean
@StaplerAccessibleType
/* loaded from: input_file:WEB-INF/lib/jenkins-core-2.357-rc32483.8e9665e00551.jar:hudson/security/csrf/CrumbIssuer.class */
public abstract class CrumbIssuer implements Describable<CrumbIssuer>, ExtensionPoint {
    private static final String CRUMB_ATTRIBUTE = CrumbIssuer.class.getName() + "_crumb";

    @Restricted({NoExternalUse.class})
    public static final String DEFAULT_CRUMB_NAME = "Jenkins-Crumb";

    @Restricted({NoExternalUse.class})
    /* loaded from: input_file:WEB-INF/lib/jenkins-core-2.357-rc32483.8e9665e00551.jar:hudson/security/csrf/CrumbIssuer$RestrictedApi.class */
    public static class RestrictedApi extends Api {
        RestrictedApi(CrumbIssuer crumbIssuer) {
            super(crumbIssuer);
        }

        @Override // hudson.model.Api
        public void doXml(StaplerRequest staplerRequest, StaplerResponse staplerResponse, @QueryParameter String str, @QueryParameter String str2, @QueryParameter String str3, @QueryParameter int i) throws IOException, ServletException {
            setHeaders(staplerResponse);
            CrumbIssuer crumbIssuer = (CrumbIssuer) this.bean;
            String crumbRequestField = "/*/crumbRequestField/text()".equals(str) ? crumbIssuer.getCrumbRequestField() : "/*/crumb/text()".equals(str) ? crumbIssuer.getCrumb() : "concat(//crumbRequestField,\":\",//crumb)".equals(str) ? crumbIssuer.getCrumbRequestField() + ":" + crumbIssuer.getCrumb() : "concat(//crumbRequestField,'=',//crumb)".equals(str) ? (crumbIssuer.getCrumbRequestField().startsWith(".") || crumbIssuer.getCrumbRequestField().contains("-")) ? crumbIssuer.getCrumbRequestField() + "=" + crumbIssuer.getCrumb() : null : null;
            if (crumbRequestField == null) {
                super.doXml(staplerRequest, staplerResponse, str, str2, str3, i);
                return;
            }
            OutputStream compressedOutputStream = staplerResponse.getCompressedOutputStream(staplerRequest);
            try {
                staplerResponse.setContentType("text/plain;charset=UTF-8");
                compressedOutputStream.write(crumbRequestField.getBytes(StandardCharsets.UTF_8));
                if (compressedOutputStream != null) {
                    compressedOutputStream.close();
                }
            } catch (Throwable th) {
                if (compressedOutputStream != null) {
                    try {
                        compressedOutputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [hudson.security.csrf.CrumbIssuerDescriptor] */
    @Exported
    public String getCrumbRequestField() {
        return getDescriptor2().getCrumbRequestField();
    }

    @Exported
    public String getCrumb() {
        return getCrumb(Stapler.getCurrentRequest());
    }

    /* JADX WARN: Type inference failed for: r2v1, types: [hudson.security.csrf.CrumbIssuerDescriptor] */
    public String getCrumb(ServletRequest servletRequest) {
        String str = null;
        if (servletRequest != null) {
            str = (String) servletRequest.getAttribute(CRUMB_ATTRIBUTE);
        }
        if (str == null) {
            str = issueCrumb(servletRequest, getDescriptor2().getCrumbSalt());
            if (servletRequest != null) {
                if (str == null || str.length() <= 0) {
                    servletRequest.removeAttribute(CRUMB_ATTRIBUTE);
                } else {
                    servletRequest.setAttribute(CRUMB_ATTRIBUTE, str);
                }
            }
        }
        return str;
    }

    protected abstract String issueCrumb(ServletRequest servletRequest, String str);

    /* JADX WARN: Type inference failed for: r0v1, types: [hudson.security.csrf.CrumbIssuerDescriptor] */
    public boolean validateCrumb(ServletRequest servletRequest) {
        ?? descriptor2 = getDescriptor2();
        return validateCrumb(servletRequest, descriptor2.getCrumbSalt(), servletRequest.getParameter(descriptor2.getCrumbRequestField()));
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [hudson.security.csrf.CrumbIssuerDescriptor] */
    public boolean validateCrumb(ServletRequest servletRequest, MultipartFormDataParser multipartFormDataParser) {
        ?? descriptor2 = getDescriptor2();
        return validateCrumb(servletRequest, descriptor2.getCrumbSalt(), multipartFormDataParser.get(descriptor2.getCrumbRequestField()));
    }

    public abstract boolean validateCrumb(ServletRequest servletRequest, String str, String str2);

    /* JADX WARN: Multi-variable type inference failed */
    @Override // hudson.model.Describable
    /* renamed from: getDescriptor */
    public Descriptor<CrumbIssuer> getDescriptor2() {
        return (CrumbIssuerDescriptor) Jenkins.get().getDescriptorOrDie(getClass());
    }

    public static DescriptorExtensionList<CrumbIssuer, Descriptor<CrumbIssuer>> all() {
        return Jenkins.get().getDescriptorList(CrumbIssuer.class);
    }

    public Api getApi() {
        return new RestrictedApi(this);
    }

    @Initializer
    public static void initStaplerCrumbIssuer() {
        WebApp.get(Jenkins.get().servletContext).setCrumbIssuer(new org.kohsuke.stapler.CrumbIssuer() { // from class: hudson.security.csrf.CrumbIssuer.1
            @Override // org.kohsuke.stapler.CrumbIssuer
            public String issueCrumb(StaplerRequest staplerRequest) {
                CrumbIssuer crumbIssuer = Jenkins.get().getCrumbIssuer();
                return crumbIssuer != null ? crumbIssuer.getCrumb(staplerRequest) : DEFAULT.issueCrumb(staplerRequest);
            }

            /* JADX WARN: Type inference failed for: r2v1, types: [hudson.security.csrf.CrumbIssuerDescriptor] */
            @Override // org.kohsuke.stapler.CrumbIssuer
            public void validateCrumb(StaplerRequest staplerRequest, String str) {
                CrumbIssuer crumbIssuer = Jenkins.get().getCrumbIssuer();
                if (crumbIssuer == null) {
                    DEFAULT.validateCrumb(staplerRequest, str);
                } else if (!crumbIssuer.validateCrumb(staplerRequest, crumbIssuer.getDescriptor2().getCrumbSalt(), str)) {
                    throw new SecurityException("Crumb didn't match");
                }
            }
        });
    }
}
