package hudson.plugins.openid;

import com.cloudbees.openid4java.team.TeamExtensionFactory;
import hudson.Extension;
import hudson.model.Descriptor;
import hudson.model.Failure;
import hudson.model.Hudson;
import hudson.model.User;
import hudson.security.SecurityRealm;
import hudson.util.FormValidation;
import java.io.IOException;
import jenkins.model.Jenkins;
import jenkins.security.SecurityListener;
import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationManager;
import org.acegisecurity.BadCredentialsException;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.HttpRedirect;
import org.kohsuke.stapler.HttpResponse;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.Stapler;
import org.kohsuke.stapler.StaplerRequest;
import org.openid4java.OpenIDException;
import org.openid4java.consumer.ConsumerException;
import org.openid4java.consumer.ConsumerManager;
import org.openid4java.consumer.InMemoryConsumerAssociationStore;
import org.openid4java.consumer.InMemoryNonceVerifier;
import org.openid4java.discovery.Discovery;
import org.openid4java.discovery.DiscoveryException;
import org.openid4java.server.RealmVerifierFactory;
import org.openid4java.util.HttpClientFactory;
import org.openid4java.util.HttpFetcherFactory;
import org.openid4java.util.ProxyProperties;

/* loaded from: input_file:WEB-INF/lib/openid.jar:hudson/plugins/openid/OpenIdSsoSecurityRealm.class */
public class OpenIdSsoSecurityRealm extends SecurityRealm {
    private volatile transient ConsumerManager manager;
    public final String endpoint;

    @Extension
    /* loaded from: input_file:WEB-INF/lib/openid.jar:hudson/plugins/openid/OpenIdSsoSecurityRealm$DescriptorImpl.class */
    public static class DescriptorImpl extends Descriptor<SecurityRealm> {
        public String getDisplayName() {
            return "OpenID SSO";
        }

        public FormValidation doValidate(@QueryParameter String str) {
            try {
                new Discovery().discover(str);
                return FormValidation.ok("OK");
            } catch (DiscoveryException e) {
                return FormValidation.error(e, "Invalid provider URL: " + str);
            }
        }

        static {
            TeamExtensionFactory.install();
        }
    }

    @DataBoundConstructor
    public OpenIdSsoSecurityRealm(String str) throws IOException, OpenIDException {
        this.endpoint = str;
        addProxyPropertiesToHttpClient();
    }

    private ConsumerManager getManager() throws ConsumerException {
        if (this.manager != null) {
            return this.manager;
        }
        synchronized (this) {
            if (this.manager == null) {
                ConsumerManager createManager = createManager();
                createManager.setAssociations(new InMemoryConsumerAssociationStore());
                createManager.setNonceVerifier(new InMemoryNonceVerifier(5000));
                this.manager = createManager;
            }
        }
        return this.manager;
    }

    protected ConsumerManager createManager() throws ConsumerException {
        HttpFetcherFactory httpFetcherFactory = new HttpFetcherFactory();
        YadisResolver2 yadisResolver2 = new YadisResolver2(httpFetcherFactory);
        ConsumerManager consumerManager = new ConsumerManager(new RealmVerifierFactory(yadisResolver2), new Discovery(), httpFetcherFactory);
        consumerManager.setAssociations(new InMemoryConsumerAssociationStore());
        consumerManager.setNonceVerifier(new InMemoryNonceVerifier(5000));
        consumerManager.getDiscovery().setYadisResolver(yadisResolver2);
        return consumerManager;
    }

    protected void addProxyPropertiesToHttpClient() {
        Hudson hudson2 = Hudson.getInstance();
        if (hudson2.proxy != null) {
            ProxyProperties proxyProperties = new ProxyProperties();
            proxyProperties.setProxyHostName(hudson2.proxy.name);
            proxyProperties.setProxyPort(hudson2.proxy.port);
            if (hudson2.proxy.getUserName() != null) {
                proxyProperties.setUserName(hudson2.proxy.getUserName());
                proxyProperties.setPassword(hudson2.proxy.getPassword());
            }
            HttpClientFactory.setProxyProperties(proxyProperties);
        }
    }

    public String getLoginUrl() {
        return "securityRealm/commenceLogin";
    }

    public SecurityRealm.SecurityComponents createSecurityComponents() {
        return new SecurityRealm.SecurityComponents(new AuthenticationManager() { // from class: hudson.plugins.openid.OpenIdSsoSecurityRealm.1
            public Authentication authenticate(Authentication authentication) throws AuthenticationException {
                if (authentication instanceof AnonymousAuthenticationToken) {
                    return authentication;
                }
                throw new BadCredentialsException("Unexpected authentication type: " + authentication);
            }
        });
    }

    public HttpResponse doCommenceLogin(@QueryParameter String str) throws IOException, OpenIDException {
        if (str == null || !str.startsWith("/")) {
            str = Stapler.getCurrentRequest().getHeader("Referer") != null ? Stapler.getCurrentRequest().getHeader("Referer") : Jenkins.getActiveInstance().getRootUrl();
        }
        final String str2 = str;
        return new OpenIdSession(getManager(), this.endpoint, "securityRealm/finishLogin") { // from class: hudson.plugins.openid.OpenIdSsoSecurityRealm.2
            @Override // hudson.plugins.openid.OpenIdSession
            protected HttpResponse onSuccess(Identity identity) throws IOException {
                User user = User.get(identity.getEffectiveNick());
                identity.updateProfile(user);
                OpenIdUserProperty property = user.getProperty(OpenIdUserProperty.class);
                if (property != null) {
                    property.addIdentifier(identity.getOpenId());
                }
                GrantedAuthority[] grantedAuthorityArr = (GrantedAuthority[]) identity.getGrantedAuthorities().toArray(new GrantedAuthority[0]);
                SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(user.getId(), "", grantedAuthorityArr));
                SecurityListener.fireAuthenticated(new OpenIdSsoUserDetails(user.getId(), grantedAuthorityArr));
                return new HttpRedirect(str2);
            }
        }.doCommenceLogin();
    }

    public HttpResponse doFinishLogin(StaplerRequest staplerRequest) throws IOException, OpenIDException {
        OpenIdSession current = OpenIdSession.getCurrent();
        if (current == null) {
            throw new Failure(Messages.OpenIdLoginService_SessionNotFound());
        }
        return current.doFinishLogin(staplerRequest);
    }

    public boolean isApplicable(OpenIdExtension openIdExtension) {
        return true;
    }
}
