package cf.pgmann.plugins.urlauth;

import hudson.Extension;
import hudson.model.Descriptor;
import hudson.model.User;
import hudson.security.SecurityRealm;
import hudson.tasks.Mailer;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import jenkins.model.Jenkins;
import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationManager;
import org.acegisecurity.context.SecurityContext;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.UserDetailsService;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.Header;
import org.kohsuke.stapler.HttpRedirect;
import org.kohsuke.stapler.HttpResponse;
import org.kohsuke.stapler.StaplerRequest;
import org.springframework.dao.DataAccessException;

/* loaded from: input_file:cf/pgmann/plugins/urlauth/UrlSecurityRealm.class */
public class UrlSecurityRealm extends SecurityRealm implements UserDetailsService {
    public final String targetUrl;
    public final String ssoLoginUrl;
    public final String userNameKey;
    public final String displayNameKey;
    public final String emailKey;
    public static final String DEFAULT_USERNAME_KEY = "user_name";
    public static final String DEFAULT_DISPLAYNAME_KEY = "display_name";
    public static final String DEFAULT_EMAIL_KEY = "public_email";
    public static final String REFERER_KEY = UrlSecurityRealm.class.getName() + ".referer";

    @Extension
    /* loaded from: input_file:cf/pgmann/plugins/urlauth/UrlSecurityRealm$DescriptorImpl.class */
    public static final class DescriptorImpl extends Descriptor<SecurityRealm> {
        public String getDisplayName() {
            return "URL Auth Plugin";
        }

        public String getDefaultUserNameKey() {
            return UrlSecurityRealm.DEFAULT_USERNAME_KEY;
        }

        public String getDefaultDisplayNameKey() {
            return UrlSecurityRealm.DEFAULT_DISPLAYNAME_KEY;
        }

        public String getDefaultEmailKey() {
            return UrlSecurityRealm.DEFAULT_EMAIL_KEY;
        }

        public DescriptorImpl() {
        }

        public DescriptorImpl(Class<? extends SecurityRealm> cls) {
            super(cls);
        }
    }

    @DataBoundConstructor
    public UrlSecurityRealm(String str, String str2, String str3, String str4, String str5) {
        this.targetUrl = str;
        this.ssoLoginUrl = str2;
        this.userNameKey = str3;
        this.displayNameKey = str4;
        this.emailKey = str5;
    }

    public SecurityRealm.SecurityComponents createSecurityComponents() {
        return new SecurityRealm.SecurityComponents(new AuthenticationManager() { // from class: cf.pgmann.plugins.urlauth.UrlSecurityRealm.1
            public Authentication authenticate(Authentication authentication) throws AuthenticationException {
                return authentication;
            }
        }, new UserDetailsService() { // from class: cf.pgmann.plugins.urlauth.UrlSecurityRealm.2
            public UserDetails loadUserByUsername(String str) throws UsernameNotFoundException, DataAccessException {
                UrlAuthToken authentication = SecurityContextHolder.getContext().getAuthentication();
                return authentication instanceof UrlAuthToken ? authentication.getUserDetails() : new UrlAuthUserDetails(str, str, "");
            }
        });
    }

    public Filter createFilter(FilterConfig filterConfig) {
        super.createFilter(filterConfig);
        return new Filter() { // from class: cf.pgmann.plugins.urlauth.UrlSecurityRealm.3
            public void init(FilterConfig filterConfig2) throws ServletException {
            }

            public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
                SecurityContext context = SecurityContextHolder.getContext();
                HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
                if (httpServletRequest.getCookies() == null || UrlSecurityRealm.this.targetUrl == null || UrlSecurityRealm.this.targetUrl.isEmpty()) {
                    context.setAuthentication(Jenkins.ANONYMOUS);
                } else {
                    UrlAuthToken urlAuthToken = new UrlAuthToken(httpServletRequest.getHeader("Cookie"), UrlSecurityRealm.this);
                    if (urlAuthToken.isAuthenticated()) {
                        context.setAuthentication(urlAuthToken);
                        User current = User.current();
                        if (current != null) {
                            current.setFullName(urlAuthToken.getUserDetails().getDisplayName());
                            if (!urlAuthToken.getUserDetails().getEmail().isEmpty()) {
                                current.addProperty(new Mailer.UserProperty(urlAuthToken.getUserDetails().getEmail()));
                            }
                        }
                    } else {
                        context.setAuthentication(Jenkins.ANONYMOUS);
                    }
                }
                filterChain.doFilter(servletRequest, servletResponse);
            }

            public void destroy() {
            }
        };
    }

    public boolean allowsSignup() {
        return false;
    }

    public boolean canLogOut() {
        return false;
    }

    public String getLoginUrl() {
        return "securityRealm/login";
    }

    public HttpResponse doLogin(StaplerRequest staplerRequest, @Header("Referer") String str, @Header("Cookie") String str2) throws IOException {
        if (!SecurityContextHolder.getContext().getAuthentication().equals(Jenkins.ANONYMOUS)) {
            Object attribute = staplerRequest.getSession().getAttribute(REFERER_KEY);
            return (!(attribute instanceof String) || ((String) attribute).isEmpty()) ? (str == null || str.isEmpty()) ? HttpRedirect.CONTEXT_ROOT : new HttpRedirect(str) : new HttpRedirect((String) attribute);
        }
        if (this.ssoLoginUrl == null || this.ssoLoginUrl.isEmpty()) {
            throw new IllegalArgumentException("Please set the authentication Login URL in Jenkins global security configuration.");
        }
        staplerRequest.getSession().setAttribute(REFERER_KEY, str);
        return new HttpRedirect(this.ssoLoginUrl);
    }
}
