package io.jenkins.blueocean.auth.jwt.impl;

import hudson.Extension;
import hudson.Plugin;
import hudson.model.User;
import hudson.tasks.Mailer;
import io.jenkins.blueocean.auth.jwt.JwtAuthenticationService;
import io.jenkins.blueocean.auth.jwt.JwtAuthenticationStore;
import io.jenkins.blueocean.auth.jwt.JwtAuthenticationStoreFactory;
import io.jenkins.blueocean.auth.jwt.JwtToken;
import io.jenkins.blueocean.auth.jwt.SigningPublicKey;
import io.jenkins.blueocean.commons.ServiceException;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalAmount;
import java.util.Collections;
import java.util.Iterator;
import java.util.Map;
import java.util.UUID;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.annotation.Nullable;
import jenkins.model.Jenkins;
import net.sf.json.JSONArray;
import net.sf.json.JSONObject;
import org.kohsuke.stapler.QueryParameter;
import org.springframework.security.core.Authentication;

@Extension
/* loaded from: input_file:io/jenkins/blueocean/auth/jwt/impl/JwtAuthenticationServiceImpl.class */
public class JwtAuthenticationServiceImpl extends JwtAuthenticationService {
    private static final Logger LOGGER = Logger.getLogger(JwtAuthenticationServiceImpl.class.getName());
    private static int DEFAULT_EXPIRY_IN_SEC = 1800;
    private static int DEFAULT_MAX_EXPIRY_TIME_IN_MIN = 480;
    private static int DEFAULT_NOT_BEFORE_IN_SEC = 30;

    @Override // io.jenkins.blueocean.auth.jwt.JwtAuthenticationService
    public JwtToken getToken(@Nullable @QueryParameter("expiryTimeInMins") Integer num, @Nullable @QueryParameter("maxExpiryTimeInMins") Integer num2) {
        long longValue = Long.getLong("EXPIRY_TIME_IN_MINS", DEFAULT_EXPIRY_IN_SEC).longValue();
        int intValue = Integer.getInteger("MAX_EXPIRY_TIME_IN_MINS", DEFAULT_MAX_EXPIRY_TIME_IN_MIN).intValue();
        if (num2 != null) {
            intValue = num2.intValue();
        }
        if (num != null) {
            if (num.intValue() > intValue) {
                throw new ServiceException.BadRequestException(String.format("expiryTimeInMins %s can't be greater than %s", num, Integer.valueOf(intValue)));
            }
            longValue = num.intValue() * 60;
        }
        Authentication authentication2 = Jenkins.getAuthentication2();
        String name = authentication2.getName();
        User user = User.get(name, false, Collections.emptyMap());
        String str = null;
        String str2 = null;
        if (user != null) {
            str2 = user.getFullName();
            name = user.getId();
            Mailer.UserProperty property = user.getProperty(Mailer.UserProperty.class);
            if (property != null) {
                str = property.getAddress();
            }
        }
        Plugin plugin = Jenkins.get().getPlugin("blueocean-jwt");
        String str3 = "blueocean-jwt:" + (plugin != null ? plugin.getWrapper().getVersion() : "");
        JwtToken jwtToken = new JwtToken();
        jwtToken.claim.put("jti", UUID.randomUUID().toString().replace("-", ""));
        jwtToken.claim.put("iss", str3);
        jwtToken.claim.put("sub", name);
        jwtToken.claim.put("name", str2);
        long currentTimeMillis = System.currentTimeMillis() / 1000;
        jwtToken.claim.put("iat", Long.valueOf(currentTimeMillis));
        jwtToken.claim.put("exp", Long.valueOf(currentTimeMillis + longValue));
        jwtToken.claim.put("nbf", Long.valueOf(currentTimeMillis - DEFAULT_NOT_BEFORE_IN_SEC));
        Map<String, Object> jSONObject = new JSONObject<>();
        JSONObject jSONObject2 = new JSONObject();
        jSONObject2.put("id", name);
        jSONObject2.put("fullName", str2);
        jSONObject2.put("email", str);
        getJwtStore(authentication2).store(authentication2, jSONObject);
        jSONObject.put("user", jSONObject2);
        jwtToken.claim.put("context", jSONObject);
        return jwtToken;
    }

    @Override // io.jenkins.blueocean.auth.jwt.JwtAuthenticationService
    public JSONObject getJwkSet() {
        JSONObject jSONObject = new JSONObject();
        JSONArray jSONArray = new JSONArray();
        for (int i = 0; i <= 12; i++) {
            String format = SigningKeyProviderImpl.DATE_FORMAT.format(Instant.now().minus((TemporalAmount) ChronoUnit.MONTHS.getDuration().multipliedBy(i)));
            try {
                SigningPublicKey jwks = getJwks(format);
                if (jwks != null) {
                    jSONArray.add(jwks.asJSON());
                }
            } catch (ServiceException e) {
                LOGGER.log(Level.WARNING, String.format("Error reading RSA key for id %s: %s", format, e.getMessage()), e);
            }
        }
        jSONObject.put("keys", jSONArray);
        return jSONObject;
    }

    public String getIconFileName() {
        return null;
    }

    public String getDisplayName() {
        return "BlueOcean Jwt endpoint";
    }

    public static JwtAuthenticationStore getJwtStore(Authentication authentication) {
        JwtAuthenticationStore jwtAuthenticationStore = null;
        Iterator it = JwtAuthenticationStoreFactory.all().iterator();
        while (it.hasNext()) {
            JwtAuthenticationStoreFactory jwtAuthenticationStoreFactory = (JwtAuthenticationStoreFactory) it.next();
            if (jwtAuthenticationStoreFactory instanceof SimpleJwtAuthenticationStore) {
                jwtAuthenticationStore = jwtAuthenticationStoreFactory.getJwtAuthenticationStore(authentication);
            } else {
                JwtAuthenticationStore jwtAuthenticationStore2 = jwtAuthenticationStoreFactory.getJwtAuthenticationStore(authentication);
                if (jwtAuthenticationStore2 != null) {
                    return jwtAuthenticationStore2;
                }
            }
        }
        return jwtAuthenticationStore;
    }
}
