package org.jenkinsci.plugins;

import com.thoughtworks.xstream.converters.ConversionException;
import com.thoughtworks.xstream.converters.Converter;
import com.thoughtworks.xstream.converters.MarshallingContext;
import com.thoughtworks.xstream.converters.UnmarshallingContext;
import com.thoughtworks.xstream.io.HierarchicalStreamReader;
import com.thoughtworks.xstream.io.HierarchicalStreamWriter;
import hudson.Extension;
import hudson.Util;
import hudson.model.Descriptor;
import hudson.model.Hudson;
import hudson.model.User;
import hudson.security.GroupDetails;
import hudson.security.SecurityRealm;
import java.io.IOException;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationManager;
import org.acegisecurity.BadCredentialsException;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.UserDetailsService;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.apache.commons.lang.StringUtils;
import org.jenkinsci.plugins.api.BitbucketApiService;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.Header;
import org.kohsuke.stapler.HttpRedirect;
import org.kohsuke.stapler.HttpResponse;
import org.kohsuke.stapler.HttpResponses;
import org.kohsuke.stapler.StaplerRequest;
import org.scribe.model.OAuthConstants;
import org.scribe.model.Token;
import org.springframework.dao.DataAccessException;

/* loaded from: input_file:WEB-INF/classes/org/jenkinsci/plugins/BitbucketSecurityRealm.class */
public class BitbucketSecurityRealm extends SecurityRealm {
    private static final String REFERER_ATTRIBUTE = BitbucketSecurityRealm.class.getName() + ".referer";
    private static final String ACCESS_TOKEN_ATTRIBUTE = BitbucketSecurityRealm.class.getName() + ".access_token";
    private static final Logger LOGGER = Logger.getLogger(BitbucketSecurityRealm.class.getName());
    private String clientID;
    private String clientSecret;

    /* loaded from: input_file:WEB-INF/classes/org/jenkinsci/plugins/BitbucketSecurityRealm$ConverterImpl.class */
    public static final class ConverterImpl implements Converter {
        public boolean canConvert(Class cls) {
            return cls == BitbucketSecurityRealm.class;
        }

        public void marshal(Object obj, HierarchicalStreamWriter hierarchicalStreamWriter, MarshallingContext marshallingContext) {
            BitbucketSecurityRealm bitbucketSecurityRealm = (BitbucketSecurityRealm) obj;
            hierarchicalStreamWriter.startNode("clientID");
            hierarchicalStreamWriter.setValue(bitbucketSecurityRealm.getClientID());
            hierarchicalStreamWriter.endNode();
            hierarchicalStreamWriter.startNode("clientSecret");
            hierarchicalStreamWriter.setValue(bitbucketSecurityRealm.getClientSecret());
            hierarchicalStreamWriter.endNode();
        }

        public Object unmarshal(HierarchicalStreamReader hierarchicalStreamReader, UnmarshallingContext unmarshallingContext) {
            hierarchicalStreamReader.getNodeName();
            hierarchicalStreamReader.moveDown();
            BitbucketSecurityRealm bitbucketSecurityRealm = new BitbucketSecurityRealm();
            setValue(bitbucketSecurityRealm, hierarchicalStreamReader.getNodeName(), hierarchicalStreamReader.getValue());
            hierarchicalStreamReader.moveUp();
            hierarchicalStreamReader.moveDown();
            setValue(bitbucketSecurityRealm, hierarchicalStreamReader.getNodeName(), hierarchicalStreamReader.getValue());
            hierarchicalStreamReader.moveUp();
            if (hierarchicalStreamReader.hasMoreChildren()) {
                hierarchicalStreamReader.moveDown();
                setValue(bitbucketSecurityRealm, hierarchicalStreamReader.getNodeName(), hierarchicalStreamReader.getValue());
                hierarchicalStreamReader.moveUp();
            }
            return bitbucketSecurityRealm;
        }

        private void setValue(BitbucketSecurityRealm bitbucketSecurityRealm, String str, String str2) {
            if (str.equalsIgnoreCase("clientid")) {
                bitbucketSecurityRealm.setClientID(str2);
            } else {
                if (!str.equalsIgnoreCase("clientsecret")) {
                    throw new ConversionException("invalid node value = " + str);
                }
                bitbucketSecurityRealm.setClientSecret(str2);
            }
        }
    }

    @Extension
    /* loaded from: input_file:WEB-INF/classes/org/jenkinsci/plugins/BitbucketSecurityRealm$DescriptorImpl.class */
    public static final class DescriptorImpl extends Descriptor<SecurityRealm> {
        public String getHelpFile() {
            return "/plugin/bitbucket-oauth/help/help-security-realm.html";
        }

        public String getDisplayName() {
            return "Bitbucket OAuth Plugin";
        }

        public DescriptorImpl() {
        }

        public DescriptorImpl(Class<? extends SecurityRealm> cls) {
            super(cls);
        }
    }

    @DataBoundConstructor
    public BitbucketSecurityRealm(String str, String str2) {
        this.clientID = Util.fixEmptyAndTrim(str);
        this.clientSecret = Util.fixEmptyAndTrim(str2);
    }

    public BitbucketSecurityRealm() {
        LOGGER.log(Level.FINE, "BitbucketSecurityRealm()");
    }

    public String getClientID() {
        return this.clientID;
    }

    public void setClientID(String str) {
        this.clientID = str;
    }

    public String getClientSecret() {
        return this.clientSecret;
    }

    public void setClientSecret(String str) {
        this.clientSecret = str;
    }

    public HttpResponse doCommenceLogin(StaplerRequest staplerRequest, @Header("Referer") String str) throws IOException {
        staplerRequest.getSession().setAttribute(REFERER_ATTRIBUTE, str);
        String rootUrl = Hudson.getInstance().getRootUrl();
        if (StringUtils.endsWith(rootUrl, "/")) {
            rootUrl = StringUtils.left(rootUrl, StringUtils.length(rootUrl) - 1);
        }
        BitbucketApiService bitbucketApiService = new BitbucketApiService(this.clientID, this.clientSecret, rootUrl + "/securityRealm/finishLogin");
        Token createRquestToken = bitbucketApiService.createRquestToken();
        staplerRequest.getSession().setAttribute(ACCESS_TOKEN_ATTRIBUTE, createRquestToken);
        return new HttpRedirect(bitbucketApiService.createAuthorizationCodeURL(createRquestToken));
    }

    public HttpResponse doFinishLogin(StaplerRequest staplerRequest) throws IOException {
        String parameter = staplerRequest.getParameter(OAuthConstants.VERIFIER);
        if (StringUtils.isBlank(parameter)) {
            LOGGER.log(Level.SEVERE, "doFinishLogin() code = null");
            return HttpResponses.redirectToContextRoot();
        }
        Token tokenByAuthorizationCode = new BitbucketApiService(this.clientID, this.clientSecret).getTokenByAuthorizationCode(parameter, (Token) staplerRequest.getSession().getAttribute(ACCESS_TOKEN_ATTRIBUTE));
        if (tokenByAuthorizationCode.isEmpty()) {
            LOGGER.log(Level.SEVERE, "doFinishLogin() accessToken = null");
        } else {
            BitbucketAuthenticationToken bitbucketAuthenticationToken = new BitbucketAuthenticationToken(tokenByAuthorizationCode, this.clientID, this.clientSecret);
            SecurityContextHolder.getContext().setAuthentication(bitbucketAuthenticationToken);
            User.current().setFullName(bitbucketAuthenticationToken.getName());
        }
        String str = (String) staplerRequest.getSession().getAttribute(REFERER_ATTRIBUTE);
        return str != null ? HttpResponses.redirectTo(str) : HttpResponses.redirectToContextRoot();
    }

    public SecurityRealm.SecurityComponents createSecurityComponents() {
        return new SecurityRealm.SecurityComponents(new AuthenticationManager() { // from class: org.jenkinsci.plugins.BitbucketSecurityRealm.1
            public Authentication authenticate(Authentication authentication) throws AuthenticationException {
                if (authentication instanceof BitbucketAuthenticationToken) {
                    return authentication;
                }
                throw new BadCredentialsException("Unexpected authentication type: " + authentication);
            }
        }, new UserDetailsService() { // from class: org.jenkinsci.plugins.BitbucketSecurityRealm.2
            public UserDetails loadUserByUsername(String str) throws UsernameNotFoundException, DataAccessException {
                throw new UsernameNotFoundException(str);
            }
        });
    }

    public UserDetails loadUserByUsername(String str) {
        if (SecurityContextHolder.getContext().getAuthentication() == null) {
            throw new UsernameNotFoundException("BitbucketAuthenticationToken = null, no known user: " + str);
        }
        UserDetails userByUsername = new BitbucketApiService(this.clientID, this.clientSecret).getUserByUsername(str);
        if (userByUsername == null) {
            throw new UsernameNotFoundException("User does not exist for login: " + str);
        }
        return userByUsername;
    }

    public GroupDetails loadGroupByGroupname(String str) {
        throw new UsernameNotFoundException("groups not supported");
    }

    public boolean allowsSignup() {
        return false;
    }

    public String getLoginUrl() {
        return "securityRealm/commenceLogin";
    }
}
