package com.wwpass.wwpassauth;

import hudson.Extension;
import hudson.model.Descriptor;
import hudson.model.Failure;
import hudson.model.User;
import hudson.security.AuthorizationStrategy;
import hudson.security.FederatedLoginService;
import hudson.security.GroupDetails;
import hudson.security.PermissionAdder;
import hudson.security.SecurityRealm;
import hudson.util.PluginServletFilter;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Logger;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import jenkins.model.Jenkins;
import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationManager;
import org.acegisecurity.BadCredentialsException;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.HttpRedirect;
import org.kohsuke.stapler.HttpResponse;
import org.kohsuke.stapler.HttpResponses;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.StaplerResponse;
import org.springframework.dao.DataAccessException;

/* loaded from: input_file:com/wwpass/wwpassauth/WwpassSecurityRealm.class */
public class WwpassSecurityRealm extends SecurityRealm {
    private final String certFile;
    private final String keyFile;
    private final String name;
    private final boolean disableSignup;
    private static final Logger LOGGER = Logger.getLogger(WwpassSecurityRealm.class.getName());
    private static final Filter CREATE_FIRST_USER_FILTER = new Filter() { // from class: com.wwpass.wwpassauth.WwpassSecurityRealm.2
        public void init(FilterConfig filterConfig) throws ServletException {
        }

        public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            if (!httpServletRequest.getRequestURI().equals(httpServletRequest.getContextPath() + "/")) {
                filterChain.doFilter(servletRequest, servletResponse);
            } else if (needsToCreateFirstUser()) {
                ((HttpServletResponse) servletResponse).sendRedirect("securityRealm/firstUser");
            } else {
                PluginServletFilter.removeFilter(this);
                filterChain.doFilter(servletRequest, servletResponse);
            }
        }

        private boolean needsToCreateFirstUser() {
            return !WwpassSecurityRealm.access$000() && (Jenkins.getInstance().getSecurityRealm() instanceof WwpassSecurityRealm);
        }

        public void destroy() {
        }
    };

    @Extension
    /* loaded from: input_file:com/wwpass/wwpassauth/WwpassSecurityRealm$DescriptorImpl.class */
    public static class DescriptorImpl extends Descriptor<SecurityRealm> {
        public String getDisplayName() {
            return "WWPass Authentication";
        }
    }

    /* loaded from: input_file:com/wwpass/wwpassauth/WwpassSecurityRealm$SignupInfo.class */
    public static final class SignupInfo {
        public String nickname;
        public String fullname;
        public String email;
        public String ticket;
        public List<String> errorMessages = new ArrayList();

        public SignupInfo() {
        }

        public SignupInfo(StaplerRequest staplerRequest) {
            staplerRequest.bindParameters(this);
        }

        public SignupInfo(FederatedLoginService.FederatedIdentity federatedIdentity) {
            this.fullname = federatedIdentity.getFullName();
            this.email = federatedIdentity.getEmailAddress();
        }
    }

    @DataBoundConstructor
    public WwpassSecurityRealm(String str, String str2, String str3, boolean z) {
        this.disableSignup = !z;
        this.name = str3;
        if (str != null && !str.isEmpty() && str2 != null && !str2.isEmpty()) {
            this.certFile = str;
            this.keyFile = str2;
        } else if (System.getProperty("os.name").startsWith("Windows")) {
            this.certFile = WwpassUtils.DEFAULT_CERT_FILE_WINDOWS;
            this.keyFile = WwpassUtils.DEFAULT_KEY_FILE_WINDOWS;
        } else {
            if (!System.getProperty("os.name").startsWith("Linux")) {
                LOGGER.severe(Messages.WwpassSession_UnsupportedOsError());
                throw new Failure(Messages.WwpassSession_AuthError());
            }
            this.certFile = WwpassUtils.DEFAULT_CERT_FILE_LINUX;
            this.keyFile = WwpassUtils.DEFAULT_KEY_FILE_LINUX;
        }
        if (hasSomeUser()) {
            return;
        }
        try {
            PluginServletFilter.addFilter(CREATE_FIRST_USER_FILTER);
        } catch (ServletException e) {
            throw new AssertionError(e);
        }
    }

    public SecurityRealm.SecurityComponents createSecurityComponents() {
        return new SecurityRealm.SecurityComponents(new AuthenticationManager() { // from class: com.wwpass.wwpassauth.WwpassSecurityRealm.1
            public Authentication authenticate(Authentication authentication) throws AuthenticationException {
                if (authentication instanceof WwpassAuthenticationToken) {
                    return authentication;
                }
                throw new BadCredentialsException("Unexpected authentication type: " + authentication);
            }
        });
    }

    /* renamed from: loadUserByUsername, reason: merged with bridge method [inline-methods] */
    public WwpassIdentity m5loadUserByUsername(String str) throws UsernameNotFoundException, DataAccessException {
        Iterator it = User.getAll().iterator();
        while (it.hasNext()) {
            WwpassIdentity wwpassIdentity = (WwpassIdentity) ((User) it.next()).getProperty(WwpassIdentity.class);
            if (str.equals(wwpassIdentity != null ? wwpassIdentity.getPuid() : null)) {
                return wwpassIdentity;
            }
        }
        throw new UsernameNotFoundException("There is no any user with: " + str);
    }

    public GroupDetails loadGroupByGroupname(String str) throws UsernameNotFoundException, DataAccessException {
        throw new UsernameNotFoundException(str);
    }

    public String getLoginUrl() {
        return "securityRealm/login";
    }

    public String getName() {
        String name = WwpassUtils.getName(this.certFile, this.keyFile);
        return (name == null || name.isEmpty()) ? this.name : name;
    }

    public String getKeyFile() {
        return this.keyFile;
    }

    public String getCertFile() {
        return this.certFile;
    }

    public HttpResponse doCommenceLogin(StaplerRequest staplerRequest, StaplerResponse staplerResponse, @QueryParameter String str, @QueryParameter String str2) throws ServletException, IOException {
        try {
            WwpassIdentity m5loadUserByUsername = m5loadUserByUsername(WwpassUtils.authenticateInWwpass(str2, this.certFile, this.keyFile));
            if (!m5loadUserByUsername.isAccountNonLocked() || !m5loadUserByUsername.isEnabled()) {
                throw new Failure(Messages.WwpassSecurityRealm_AccountNotActivated());
            }
            SecurityContextHolder.getContext().setAuthentication(getSecurityComponents().manager.authenticate(new WwpassAuthenticationToken(m5loadUserByUsername.getNickname())));
            return new HttpRedirect(Jenkins.getInstance().getRootUrl());
        } catch (UsernameNotFoundException e) {
            if (allowsSignup()) {
                staplerRequest.setAttribute("errorMessage", Messages.WwpassSecurityRealm_NoSuchUserAllowsSignup());
            } else {
                staplerRequest.setAttribute("errorMessage", Messages.WwpassSecurityRealm_NoSuchUserDisableSignup());
            }
            staplerRequest.getView(this, "login.jelly").forward(staplerRequest, staplerResponse);
            throw e;
        }
    }

    private void loginAndTakeBack(StaplerRequest staplerRequest, StaplerResponse staplerResponse, User user) throws ServletException, IOException {
        SecurityContextHolder.getContext().setAuthentication(getSecurityComponents().manager.authenticate(new WwpassAuthenticationToken(user.getId())));
        staplerRequest.getView(this, "success.jelly").forward(staplerRequest, staplerResponse);
    }

    private User createAccount(StaplerRequest staplerRequest, StaplerResponse staplerResponse, String str) throws ServletException, IOException {
        SignupInfo signupInfo = new SignupInfo(staplerRequest);
        String authenticateInWwpass = WwpassUtils.authenticateInWwpass(signupInfo.ticket, this.certFile, this.keyFile);
        try {
            if (m5loadUserByUsername(authenticateInWwpass) != null) {
                signupInfo.errorMessages.add(Messages.WwpassSecurityRealm_PuidIsAlreadyTaken());
            }
        } catch (UsernameNotFoundException e) {
        }
        if (signupInfo.nickname == null || signupInfo.nickname.length() == 0) {
            signupInfo.errorMessages.add(Messages.WwpassSecurityRealm_NicknameIsRequired());
        } else {
            User user = User.get(signupInfo.nickname, false);
            if (null != user && user.getProperty(WwpassIdentity.class) != null) {
                signupInfo.errorMessages.add(Messages.WwpassSecurityRealm_NicknameIsAlreadyTaken());
            }
        }
        if (signupInfo.fullname == null || signupInfo.fullname.length() == 0) {
            signupInfo.errorMessages.add(Messages.WwpassSecurityRealm_FullnameIsRequired());
        } else {
            User user2 = User.get(signupInfo.fullname, false);
            if (null != user2 && user2.getProperty(WwpassIdentity.class) != null) {
                signupInfo.errorMessages.add(Messages.WwpassSecurityRealm_FullnameIsAlreadyTaken());
            }
        }
        if (signupInfo.email == null || !signupInfo.email.contains("@")) {
            signupInfo.errorMessages.add(Messages.WwpassSecurityRealm_InvalidEmailAddress());
        }
        if (!signupInfo.errorMessages.isEmpty()) {
            staplerRequest.setAttribute("data", signupInfo);
            staplerRequest.getView(this, str).forward(staplerRequest, staplerResponse);
            return null;
        }
        WwpassIdentity wwpassIdentity = new WwpassIdentity(authenticateInWwpass);
        wwpassIdentity.populate(signupInfo);
        User createAccount = createAccount(wwpassIdentity);
        wwpassIdentity.updateProfile(createAccount);
        createAccount.save();
        return createAccount;
    }

    public User createAccount(WwpassIdentity wwpassIdentity) throws IOException {
        User user = User.get(wwpassIdentity.getNickname());
        user.addProperty(wwpassIdentity);
        return user;
    }

    public User doCreateAccount(StaplerRequest staplerRequest, StaplerResponse staplerResponse) throws IOException, ServletException {
        return _doCreateAccount(staplerRequest, staplerResponse, "signup.jelly");
    }

    private User _doCreateAccount(StaplerRequest staplerRequest, StaplerResponse staplerResponse, String str) throws ServletException, IOException {
        if (!allowsSignup()) {
            throw HttpResponses.error(401, new Exception("User sign up is prohibited"));
        }
        boolean z = !hasSomeUser();
        User createAccount = createAccount(staplerRequest, staplerResponse, str);
        if (createAccount != null) {
            if (z) {
                tryToMakeAdmin(createAccount);
            }
            loginAndTakeBack(staplerRequest, staplerResponse, createAccount);
        }
        return createAccount;
    }

    public void doCreateFirstAccount(StaplerRequest staplerRequest, StaplerResponse staplerResponse) throws IOException, ServletException {
        if (hasSomeUser()) {
            staplerResponse.sendError(401, "First user was already created");
            return;
        }
        User createAccount = createAccount(staplerRequest, staplerResponse, "firstUser.jelly");
        if (createAccount != null) {
            tryToMakeAdmin(createAccount);
            loginAndTakeBack(staplerRequest, staplerResponse, createAccount);
        }
    }

    private void tryToMakeAdmin(User user) throws IOException {
        ((WwpassIdentity) user.getProperty(WwpassIdentity.class)).activate();
        user.save();
        AuthorizationStrategy authorizationStrategy = Jenkins.getInstance().getAuthorizationStrategy();
        Iterator it = Jenkins.getInstance().getExtensionList(PermissionAdder.class).iterator();
        while (it.hasNext()) {
            if (((PermissionAdder) it.next()).add(authorizationStrategy, user, Jenkins.ADMINISTER)) {
                return;
            }
        }
        LOGGER.severe("Admin permission wasn't added for user: " + user.getFullName() + ", ID: " + user.getId());
    }

    public boolean allowsSignup() {
        return !this.disableSignup;
    }

    private static boolean hasSomeUser() {
        Iterator it = User.getAll().iterator();
        while (it.hasNext()) {
            if (((User) it.next()).getProperty(WwpassIdentity.class) != null) {
                return true;
            }
        }
        return false;
    }

    static /* synthetic */ boolean access$000() {
        return hasSomeUser();
    }
}
