package com.github.farmgeek4life.jenkins.negotiatesso;

import hudson.security.ACL;
import hudson.util.VersionNumber;
import java.util.logging.Level;
import java.util.logging.Logger;
import jenkins.model.Jenkins;
import jenkins.security.SecurityListener;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.acegisecurity.userdetails.UserDetails;
import waffle.windows.auth.IWindowsIdentity;
import waffle.windows.auth.IWindowsSecurityContext;
import waffle.windows.auth.impl.WindowsAuthProviderImpl;

/* loaded from: input_file:WEB-INF/lib/NegotiateSSO.jar:com/github/farmgeek4life/jenkins/negotiatesso/WindowAuthForJenkins.class */
public class WindowAuthForJenkins extends WindowsAuthProviderImpl {
    private static final Logger LOGGER = Logger.getLogger(NegotiateSSO.class.getName());

    @Override // waffle.windows.auth.impl.WindowsAuthProviderImpl, waffle.windows.auth.IWindowsAuthProvider
    public IWindowsIdentity logonUser(String str, String str2) {
        IWindowsIdentity logonUser = super.logonUser(str, str2);
        authenticateJenkins(logonUser);
        return logonUser;
    }

    @Override // waffle.windows.auth.impl.WindowsAuthProviderImpl, waffle.windows.auth.IWindowsAuthProvider
    public IWindowsSecurityContext acceptSecurityToken(String str, byte[] bArr, String str2) {
        IWindowsSecurityContext acceptSecurityToken = super.acceptSecurityToken(str, bArr, str2);
        authenticateJenkins(acceptSecurityToken.getIdentity());
        return acceptSecurityToken;
    }

    private void authenticateJenkins(IWindowsIdentity iWindowsIdentity) {
        String fqn = iWindowsIdentity.getFqn();
        if (fqn.contains("@")) {
            fqn = fqn.substring(0, fqn.indexOf("@"));
        }
        if (fqn.contains("\\")) {
            fqn = fqn.substring(fqn.indexOf("\\") + 1);
        }
        UserDetails loadUserByUsername = Jenkins.getInstance().getSecurityRealm().loadUserByUsername(fqn);
        ACL.impersonate(new UsernamePasswordAuthenticationToken(loadUserByUsername.getUsername(), loadUserByUsername.getPassword(), loadUserByUsername.getAuthorities()));
        if (Jenkins.getVersion().isNewerThan(new VersionNumber("1.568"))) {
            try {
                SecurityListener.class.getMethod("fireLoggedIn", String.class).invoke(null, loadUserByUsername.getUsername());
            } catch (Exception e) {
                LOGGER.log(Level.WARNING, "Failed to invoke fireLoggedIn method {0}", (Throwable) e);
            }
        }
    }
}
