package hudson.plugins.openid;

import com.google.inject.Inject;
import hudson.Extension;
import hudson.Plugin;
import hudson.model.Failure;
import hudson.security.FederatedLoginService;
import hudson.security.FederatedLoginServiceUserProperty;
import java.io.IOException;
import jenkins.model.GlobalConfiguration;
import jenkins.model.GlobalConfigurationCategory;
import jenkins.model.Jenkins;
import net.sf.json.JSONObject;
import org.apache.commons.lang.StringUtils;
import org.kohsuke.stapler.HttpRedirect;
import org.kohsuke.stapler.HttpResponse;
import org.kohsuke.stapler.HttpResponses;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.Stapler;
import org.kohsuke.stapler.StaplerRequest2;
import org.openid4java.OpenIDException;
import org.openid4java.consumer.ConsumerManager;
import org.openid4java.consumer.InMemoryConsumerAssociationStore;
import org.openid4java.consumer.InMemoryNonceVerifier;
import org.openid4java.discovery.Discovery;
import org.openid4java.server.RealmVerifierFactory;
import org.openid4java.util.HttpFetcherFactory;

@Extension
/* loaded from: input_file:hudson/plugins/openid/OpenIdLoginService.class */
public class OpenIdLoginService extends FederatedLoginService {

    @Inject
    private transient Jenkins jenkins;
    private final ConsumerManager manager;
    private static boolean disabled = Boolean.getBoolean(OpenIdLoginService.class.getName() + ".disabled");

    @Extension
    /* loaded from: input_file:hudson/plugins/openid/OpenIdLoginService$GlobalConfigurationImpl.class */
    public static class GlobalConfigurationImpl extends GlobalConfiguration {
        private boolean enabled;

        public GlobalConfigurationImpl() {
            if (getConfigFile().exists()) {
                load();
                return;
            }
            Plugin plugin = Jenkins.get().getPlugin("openid");
            if (plugin != null) {
                setEnabled(plugin.getWrapper().isDowngradable());
            }
        }

        public boolean isHidden() {
            return OpenIdLoginService.disabled;
        }

        public boolean isEnabled() {
            return this.enabled && !OpenIdLoginService.disabled;
        }

        public void setEnabled(boolean z) {
            this.enabled = z;
            save();
        }

        public boolean configure(StaplerRequest2 staplerRequest2, JSONObject jSONObject) {
            staplerRequest2.bindJSON(this, jSONObject);
            return true;
        }

        public GlobalConfigurationCategory getCategory() {
            return GlobalConfigurationCategory.get(GlobalConfigurationCategory.Security.class);
        }
    }

    /* loaded from: input_file:hudson/plugins/openid/OpenIdLoginService$IdentityImpl.class */
    public class IdentityImpl extends FederatedLoginService.FederatedIdentity {
        private final Identity id;

        public IdentityImpl(Identity identity) {
            super(OpenIdLoginService.this);
            this.id = identity;
        }

        public String getIdentifier() {
            return this.id.getOpenId();
        }

        public String getNickname() {
            return this.id.getEffectiveNick();
        }

        public String getFullName() {
            return this.id.getFullName();
        }

        public String getEmailAddress() {
            return this.id.getEmail();
        }

        public String getPronoun() {
            return "OpenID";
        }
    }

    public OpenIdLoginService() {
        HttpFetcherFactory httpFetcherFactory = new HttpFetcherFactory();
        YadisResolver2 yadisResolver2 = new YadisResolver2(httpFetcherFactory);
        this.manager = new ConsumerManager(new RealmVerifierFactory(yadisResolver2), new Discovery(), httpFetcherFactory);
        this.manager.setAssociations(new InMemoryConsumerAssociationStore());
        this.manager.setNonceVerifier(new InMemoryNonceVerifier(5000));
        this.manager.getDiscovery().setYadisResolver(yadisResolver2);
    }

    public boolean isDisabled() {
        return disabled || !this.jenkins.getDescriptorByType(GlobalConfigurationImpl.class).isEnabled() || (this.jenkins.getSecurityRealm() instanceof OpenIdSsoSecurityRealm);
    }

    @Deprecated
    public void setDisabled(boolean z) {
        setDisabledGlobal(z);
    }

    public static void setDisabledGlobal(boolean z) {
        disabled = z;
    }

    public String getUrlName() {
        return "openid";
    }

    public Class<? extends FederatedLoginServiceUserProperty> getUserPropertyClass() {
        return OpenIdUserProperty.class;
    }

    public HttpResponse doStartLogin(@QueryParameter String str, @QueryParameter String str2, @QueryParameter String str3) throws OpenIDException, IOException {
        if (isDisabled()) {
            return HttpResponses.notFound();
        }
        if (str == null) {
            str = str2;
        }
        return new OpenIdSession(this.manager, str, getFinishUrl()) { // from class: hudson.plugins.openid.OpenIdLoginService.1
            @Override // hudson.plugins.openid.OpenIdSession
            protected HttpResponse onSuccess(Identity identity) throws IOException {
                IdentityImpl identityImpl = new IdentityImpl(identity);
                identityImpl.id.updateProfile(identityImpl.signin());
                return HttpResponses.redirectToContextRoot();
            }
        }.doCommenceLogin();
    }

    private String getFinishUrl() {
        String contextPath = Stapler.getCurrentRequest2().getContextPath();
        return (StringUtils.isBlank(contextPath) || "/".equals(contextPath)) ? "federatedLoginService/openid/finish" : StringUtils.removeEnd(StringUtils.removeStart(contextPath, "/"), "/") + "/federatedLoginService/openid/finish";
    }

    public HttpResponse doFinish(StaplerRequest2 staplerRequest2) throws IOException, OpenIDException {
        if (isDisabled()) {
            return HttpResponses.notFound();
        }
        OpenIdSession current = OpenIdSession.getCurrent();
        if (current == null) {
            throw new Failure(Messages.OpenIdLoginService_SessionNotFound());
        }
        return current.doFinishLogin(staplerRequest2);
    }

    public HttpResponse doStartAssociate(@QueryParameter String str, @QueryParameter String str2) throws OpenIDException, IOException {
        if (isDisabled()) {
            return HttpResponses.notFound();
        }
        if (str == null) {
            str = str2;
        }
        return new OpenIdSession(this.manager, str, getFinishUrl()) { // from class: hudson.plugins.openid.OpenIdLoginService.2
            @Override // hudson.plugins.openid.OpenIdSession
            protected HttpResponse onSuccess(Identity identity) throws IOException {
                new IdentityImpl(identity).addToCurrentUser();
                return new HttpRedirect("onAssociationSuccess");
            }
        }.doCommenceLogin();
    }
}
