package org.jenkinsci.plugins.cas.spring.security;

import jakarta.servlet.http.HttpServletRequest;
import java.io.BufferedWriter;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStreamWriter;
import java.io.UnsupportedEncodingException;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLEncoder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.cas.authentication.CasServiceTicketAuthenticationToken;
import org.springframework.security.cas.authentication.ServiceAuthenticationDetails;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.util.Assert;

/* loaded from: input_file:org/jenkinsci/plugins/cas/spring/security/CasRestAuthenticator.class */
public final class CasRestAuthenticator implements InitializingBean, AuthenticationManager {
    private static final String CAS_V1_TICKETS = "v1/tickets";
    private static final String ENCODING = "UTF-8";
    private static final Logger LOG = LoggerFactory.getLogger(CasRestAuthenticator.class);
    private String casServerUrl;
    private AuthenticationManager authenticationManager;
    private AuthenticationDetailsSource<HttpServletRequest, ServiceAuthenticationDetails> authenticationDetailsSource;

    public void afterPropertiesSet() throws Exception {
        Assert.notNull(this.casServerUrl, "casServerUrl cannot be null");
        Assert.notNull(this.authenticationManager, "authenticationManager cannot be null");
        Assert.notNull(this.authenticationDetailsSource, "authenticationDetailsSource cannot be null");
    }

    public String getCasServerUrl() {
        return this.casServerUrl;
    }

    public void setCasServerUrl(String str) {
        this.casServerUrl = str;
    }

    public AuthenticationManager getAuthenticationManager() {
        return this.authenticationManager;
    }

    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    public AuthenticationDetailsSource<HttpServletRequest, ServiceAuthenticationDetails> getAuthenticationDetailsSource() {
        return this.authenticationDetailsSource;
    }

    public void setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ServiceAuthenticationDetails> authenticationDetailsSource) {
        this.authenticationDetailsSource = authenticationDetailsSource;
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        if (authentication instanceof UsernamePasswordAuthenticationToken) {
            return authenticate((UsernamePasswordAuthenticationToken) authentication);
        }
        throw new BadCredentialsException("Unexpected authentication type: " + String.valueOf(authentication));
    }

    public Authentication authenticate(UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) {
        return authenticate(usernamePasswordAuthenticationToken.getPrincipal().toString(), usernamePasswordAuthenticationToken.getCredentials().toString());
    }

    public Authentication authenticate(String str, String str2) throws AuthenticationException {
        String fetchGrantingTicket = fetchGrantingTicket(str, str2);
        if (fetchGrantingTicket == null) {
            throw new AuthenticationServiceException("Could not fetch granting ticket from CAS");
        }
        try {
            String fetchServiceTicket = fetchServiceTicket(fetchGrantingTicket);
            if (fetchServiceTicket == null) {
                throw new AuthenticationServiceException("Could not fetch service ticket from CAS");
            }
            Authentication validateServiceTicket = validateServiceTicket(fetchServiceTicket);
            destroyGrantingTicket(fetchGrantingTicket);
            return validateServiceTicket;
        } catch (Throwable th) {
            destroyGrantingTicket(fetchGrantingTicket);
            throw th;
        }
    }

    private String createGrantingTicketUrl() {
        return this.casServerUrl + CAS_V1_TICKETS;
    }

    private String createGrantingTicketPostContent(String str, String str2) throws UnsupportedEncodingException {
        StringBuilder sb = new StringBuilder();
        sb.append("username=").append(encode(str));
        sb.append("&password=").append(encode(str2));
        return sb.toString();
    }

    private String fetchGrantingTicket(String str, String str2) {
        String str3 = null;
        HttpURLConnection httpURLConnection = null;
        try {
            try {
                LOG.debug("Fetching ticket granting ticket from CAS REST API");
                httpURLConnection = openConnection(createGrantingTicketUrl());
                writeContent(httpURLConnection, createGrantingTicketPostContent(str, str2));
                str3 = extractGrantingTicket(httpURLConnection);
                if (httpURLConnection != null) {
                    httpURLConnection.disconnect();
                }
            } catch (IOException e) {
                LOG.error("Failed to obtain a ticket granting ticket from CAS", e);
                if (httpURLConnection != null) {
                    httpURLConnection.disconnect();
                }
            }
            return str3;
        } catch (Throwable th) {
            if (httpURLConnection != null) {
                httpURLConnection.disconnect();
            }
            throw th;
        }
    }

    private String extractGrantingTicket(HttpURLConnection httpURLConnection) throws IOException {
        String str = null;
        int responseCode = httpURLConnection.getResponseCode();
        if (responseCode == 201) {
            String headerField = httpURLConnection.getHeaderField("location");
            if (headerField == null || headerField.length() <= 0) {
                LOG.warn("CAS did not return a location header");
            } else if (headerField.lastIndexOf(47) > 0) {
                str = headerField.substring(headerField.lastIndexOf(47) + 1);
            } else {
                LOG.warn("CAS returned invalid location header");
            }
        } else {
            LOG.warn("CAS returned status code {}, during granting ticket extraction", Integer.valueOf(responseCode));
        }
        return str;
    }

    private void destroyGrantingTicket(String str) {
        HttpURLConnection httpURLConnection = null;
        try {
            try {
                LOG.debug("Destroying ticket granting ticket from CAS REST API");
                httpURLConnection = openConnection(createServiceTicketUrl(str), "DELETE");
                int responseCode = httpURLConnection.getResponseCode();
                if (responseCode != 200) {
                    LOG.warn("CAS returned status code {}, during granting ticket destruction", Integer.valueOf(responseCode));
                }
                if (httpURLConnection != null) {
                    httpURLConnection.disconnect();
                }
            } catch (IOException e) {
                LOG.error("Failed to destroy granting ticket from CAS", e);
                if (httpURLConnection != null) {
                    httpURLConnection.disconnect();
                }
            }
        } catch (Throwable th) {
            if (httpURLConnection != null) {
                httpURLConnection.disconnect();
            }
            throw th;
        }
    }

    private String createServiceTicketUrl(String str) {
        return this.casServerUrl + CAS_V1_TICKETS + '/' + str;
    }

    private String createServiceTicketPostContent() throws UnsupportedEncodingException {
        return "service=".concat(encode(((ServiceAuthenticationDetails) this.authenticationDetailsSource.buildDetails((Object) null)).getServiceUrl()));
    }

    private String fetchServiceTicket(String str) {
        String str2 = null;
        HttpURLConnection httpURLConnection = null;
        try {
            try {
                LOG.debug("Fetching service ticket from CAS REST API");
                httpURLConnection = openConnection(createServiceTicketUrl(str));
                writeContent(httpURLConnection, createServiceTicketPostContent());
                str2 = extractServiceTicket(httpURLConnection);
                if (httpURLConnection != null) {
                    httpURLConnection.disconnect();
                }
            } catch (IOException e) {
                LOG.error("Failed to obtain a service ticket from CAS", e);
                if (httpURLConnection != null) {
                    httpURLConnection.disconnect();
                }
            }
            return str2;
        } catch (Throwable th) {
            if (httpURLConnection != null) {
                httpURLConnection.disconnect();
            }
            throw th;
        }
    }

    private String extractServiceTicket(HttpURLConnection httpURLConnection) throws IOException {
        String str = null;
        int responseCode = httpURLConnection.getResponseCode();
        if (responseCode == 200) {
            str = readContent(httpURLConnection);
            if (str != null) {
                str = str.trim();
            }
        } else {
            LOG.warn("CAS returned status code {}, during service ticket extraction", Integer.valueOf(responseCode));
        }
        return str;
    }

    private Authentication validateServiceTicket(String str) {
        LOG.debug("Validating service ticket from CAS REST API");
        CasServiceTicketAuthenticationToken stateful = CasServiceTicketAuthenticationToken.stateful(str);
        stateful.setDetails(this.authenticationDetailsSource.buildDetails((Object) null));
        return this.authenticationManager.authenticate(stateful);
    }

    private String readContent(HttpURLConnection httpURLConnection) throws IOException {
        InputStream inputStream = null;
        try {
            inputStream = httpURLConnection.getInputStream();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byte[] bArr = new byte[1024];
            while (true) {
                int read = inputStream.read(bArr);
                if (read == -1) {
                    break;
                }
                byteArrayOutputStream.write(bArr, 0, read);
            }
            String byteArrayOutputStream2 = byteArrayOutputStream.toString(ENCODING);
            if (inputStream != null) {
                inputStream.close();
            }
            return byteArrayOutputStream2;
        } catch (Throwable th) {
            if (inputStream != null) {
                inputStream.close();
            }
            throw th;
        }
    }

    private void writeContent(HttpURLConnection httpURLConnection, String str) throws IOException {
        BufferedWriter bufferedWriter = null;
        try {
            bufferedWriter = new BufferedWriter(new OutputStreamWriter(httpURLConnection.getOutputStream(), ENCODING));
            bufferedWriter.write(str);
            bufferedWriter.flush();
            if (bufferedWriter != null) {
                bufferedWriter.close();
            }
        } catch (Throwable th) {
            if (bufferedWriter != null) {
                bufferedWriter.close();
            }
            throw th;
        }
    }

    private String encode(String str) throws UnsupportedEncodingException {
        return URLEncoder.encode(str, ENCODING);
    }

    private HttpURLConnection openConnection(String str) throws IOException {
        return openConnection(str, "POST");
    }

    private HttpURLConnection openConnection(String str, String str2) throws IOException {
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
        httpURLConnection.setRequestMethod(str2);
        httpURLConnection.setDoInput(true);
        httpURLConnection.setDoOutput(true);
        return httpURLConnection;
    }
}
