package com.github.farmgeek4life.jenkins.negotiatesso;

import hudson.Extension;
import hudson.model.Descriptor;
import hudson.util.ListBoxModel;
import hudson.util.PluginServletFilter;
import jakarta.servlet.ServletException;
import java.util.logging.Level;
import java.util.logging.Logger;
import jenkins.model.GlobalConfiguration;
import jenkins.model.GlobalConfigurationCategory;
import jenkins.model.Jenkins;
import jenkins.util.SetContextClassLoader;
import net.sf.json.JSONObject;
import org.kohsuke.stapler.StaplerRequest2;
import waffle.servlet.spi.BasicSecurityFilterProvider;
import waffle.servlet.spi.NegotiateSecurityFilterProvider;
import waffle.util.cache.CacheSupplier;

@Extension
/* loaded from: input_file:com/github/farmgeek4life/jenkins/negotiatesso/NegotiateSSO.class */
public final class NegotiateSSO extends GlobalConfiguration {
    private static final Logger LOGGER = Logger.getLogger(NegotiateSSO.class.getName());
    private boolean enabled;
    private boolean redirectEnabled = false;
    private String redirect = "yourdomain.com";
    private boolean allowLocalhost = true;
    private boolean allowImpersonate = false;
    private String principalFormat = "fqn";
    private String roleFormat = "fqn";
    private String protocols = "Negotiate NTLM";
    private String providers = NegotiateSecurityFilterProvider.class.getName() + " " + BasicSecurityFilterProvider.class.getName();
    private transient NegSecFilter filter;
    private transient NegSecUserSeedFilter userSeedFilter;

    public static NegotiateSSO getInstance() {
        return Jenkins.get().getDescriptorByType(NegotiateSSO.class);
    }

    public GlobalConfigurationCategory getCategory() {
        return GlobalConfigurationCategory.get(GlobalConfigurationCategory.Security.class);
    }

    public String getDisplayName() {
        return "NegotiateSSO";
    }

    public NegotiateSSO() {
        this.enabled = false;
        try {
            start();
        } catch (ServletException e) {
            LOGGER.log(Level.SEVERE, "Failed initialize plugin due to faulty config.", e);
            this.enabled = false;
        }
    }

    public void start() throws ServletException {
        load();
        try {
            if (this.enabled) {
                startFilter();
            }
        } catch (ServletException e) {
            LOGGER.log(Level.SEVERE, "Failed initialize plugin due to faulty config.", e);
            this.enabled = false;
            removeFilter();
        }
    }

    private void startFilter() throws ServletException {
        if (!System.getProperty("os.name").toLowerCase().contains("win")) {
            LOGGER.log(Level.SEVERE, "Not a Windows OS. NegotiateSSO will not work. Plugin Disabled.");
            this.enabled = false;
            return;
        }
        LOGGER.log(Level.INFO, "Starting Security Filter");
        this.filter = new NegSecFilter();
        this.filter.setImpersonate(this.allowImpersonate);
        this.filter.setPrincipalFormat(this.principalFormat);
        this.filter.setRoleFormat(this.roleFormat);
        this.filter.setAllowLocalhost(this.allowLocalhost);
        this.filter.setRedirect(this.redirectEnabled, this.redirect);
        SecurityFilterConfig securityFilterConfig = new SecurityFilterConfig();
        securityFilterConfig.setParameter("roleFormat", this.roleFormat);
        securityFilterConfig.setParameter("principalFormat", this.principalFormat);
        securityFilterConfig.setParameter("impersonate", String.valueOf(this.allowImpersonate));
        securityFilterConfig.setParameter("allowGuestLogin", String.valueOf(Boolean.FALSE));
        securityFilterConfig.setParameter("securityFilterProviders", this.providers);
        if (this.providers.contains("NegotiateSecurityFilterProvider")) {
            securityFilterConfig.setParameter("waffle.servlet.spi.NegotiateSecurityFilterProvider/protocols", this.protocols);
        }
        SetContextClassLoader setContextClassLoader = new SetContextClassLoader(CacheSupplier.class);
        try {
            this.filter.init(securityFilterConfig);
            setContextClassLoader.close();
            this.userSeedFilter = new NegSecUserSeedFilter();
            this.userSeedFilter.init(null);
            PluginServletFilter.addFilter(this.filter);
            PluginServletFilter.addFilter(this.userSeedFilter);
        } catch (Throwable th) {
            try {
                setContextClassLoader.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private void removeFilter() throws ServletException {
        if (this.filter != null) {
            PluginServletFilter.removeFilter(this.filter);
            this.filter.destroy();
            this.filter = null;
        }
        if (this.userSeedFilter != null) {
            PluginServletFilter.removeFilter(this.userSeedFilter);
            this.userSeedFilter.destroy();
            this.userSeedFilter = null;
        }
    }

    public boolean configure(StaplerRequest2 staplerRequest2, JSONObject jSONObject) throws Descriptor.FormException {
        try {
            if (!System.getProperty("os.name").toLowerCase().contains("win")) {
                LOGGER.log(Level.SEVERE, "Not a Windows OS. NegotiateSSO will not work. Plugin Disabled.");
                removeFilter();
                this.enabled = false;
            } else if (jSONObject.has("enabled")) {
                JSONObject jSONObject2 = jSONObject.getJSONObject("enabled");
                if (!jSONObject2.has("allowImpersonate") || !jSONObject2.has("roleFormat") || !jSONObject2.has("principalFormat") || !jSONObject2.has("protocols") || !jSONObject2.has("providers") || !jSONObject2.has("allowLocalhost")) {
                    throw new Descriptor.FormException("Malformed form recieved. Try again.", "enabled");
                }
                if (jSONObject2.has("redirectEnabled")) {
                    JSONObject jSONObject3 = jSONObject2.getJSONObject("redirectEnabled");
                    if (!jSONObject3.has("redirect")) {
                        throw new Descriptor.FormException("Malformed form recieved. Try again.", "redirect");
                    }
                    if (jSONObject3.getString("redirect").isEmpty()) {
                        throw new Descriptor.FormException("Cannot specify empty domain. Try again.", "redirect");
                    }
                    this.redirectEnabled = true;
                    this.redirect = jSONObject3.getString("redirect");
                } else {
                    this.redirectEnabled = false;
                }
                this.enabled = true;
                this.allowImpersonate = jSONObject2.getBoolean("allowImpersonate");
                this.roleFormat = jSONObject2.getString("roleFormat");
                this.principalFormat = jSONObject2.getString("principalFormat");
                this.protocols = jSONObject2.getString("protocols");
                this.providers = jSONObject2.getString("providers");
                this.allowLocalhost = jSONObject2.getBoolean("allowLocalhost");
                removeFilter();
                startFilter();
            } else {
                removeFilter();
                this.enabled = false;
            }
            save();
            return true;
        } catch (ServletException e) {
            LOGGER.log(Level.SEVERE, "Failed to initialize plugin due to faulty config.", e);
            try {
                removeFilter();
            } catch (ServletException e2) {
            }
            this.enabled = false;
            return false;
        }
    }

    public boolean getEnabled() {
        return this.enabled;
    }

    public String getRoleFormat() {
        return this.roleFormat;
    }

    public void setRoleFormat(String str) {
        this.roleFormat = str;
    }

    public String getPrincipalFormat() {
        return this.principalFormat;
    }

    public void setPrincipalFormat(String str) {
        this.principalFormat = str;
    }

    public String getProtocols() {
        return this.protocols;
    }

    public void setProtocols(String str) {
        this.protocols = str;
    }

    public String getProviders() {
        return this.providers;
    }

    public void setProviders(String str) {
        this.providers = str;
    }

    public boolean isAllowImpersonate() {
        return this.allowImpersonate;
    }

    public boolean isAllowLocalhost() {
        return this.allowLocalhost;
    }

    public boolean isRedirectEnabled() {
        return this.redirectEnabled;
    }

    public String getRedirect() {
        return this.redirect;
    }

    public void setRedirect(String str) {
        this.redirect = str;
    }

    public ListBoxModel doFillRoleFormatItems() {
        ListBoxModel listBoxModel = new ListBoxModel();
        listBoxModel.add("Fully Qualified Name, fallback on SID", "fqn");
        listBoxModel.add("SID", "sid");
        listBoxModel.add("Both FQN and SID", "both");
        listBoxModel.add("No Principal Name", "none");
        return listBoxModel;
    }

    public ListBoxModel doFillPrincipalFormatItems() {
        ListBoxModel listBoxModel = new ListBoxModel();
        listBoxModel.add("Fully Qualified Name, fallback on SID", "fqn");
        listBoxModel.add("SID", "sid");
        listBoxModel.add("Both FQN and SID", "both");
        return listBoxModel;
    }

    public ListBoxModel doFillProtocolsItems() {
        ListBoxModel listBoxModel = new ListBoxModel();
        listBoxModel.add("Negotiate, fallback on NTLM", "Negotiate NTLM");
        listBoxModel.add("NTLM, fallback on Negotiate", "NTLM Negotiate");
        listBoxModel.add("Negotiate only", "Negotiate");
        listBoxModel.add("NTLM only", "NTLM");
        return listBoxModel;
    }

    public ListBoxModel doFillProvidersItems() {
        ListBoxModel listBoxModel = new ListBoxModel();
        listBoxModel.add("Negotiate, then Basic", NegotiateSecurityFilterProvider.class.getName() + " " + BasicSecurityFilterProvider.class.getName());
        listBoxModel.add("Negotiate only", NegotiateSecurityFilterProvider.class.getName());
        listBoxModel.add("Basic (pop-up login) only", BasicSecurityFilterProvider.class.getName());
        return listBoxModel;
    }
}
