package com.infullmobile.jenkins.plugin.restrictedregister.security.hudson;

import com.infullmobile.jenkins.plugin.restrictedregister.API;
import com.infullmobile.jenkins.plugin.restrictedregister.PluginModule;
import com.infullmobile.jenkins.plugin.restrictedregister.RegistrationException;
import com.infullmobile.jenkins.plugin.restrictedregister.form.BaseFormField;
import com.infullmobile.jenkins.plugin.restrictedregister.form.IFormValidator;
import com.infullmobile.jenkins.plugin.restrictedregister.mail.MailException;
import com.infullmobile.jenkins.plugin.restrictedregister.mail.data.LocalVariables;
import com.infullmobile.jenkins.plugin.restrictedregister.security.InvalidSecurityRealmException;
import com.infullmobile.jenkins.plugin.restrictedregister.security.SecurityRealmRegistration;
import com.infullmobile.jenkins.plugin.restrictedregister.security.hudson.form.ActivateFormFieldsValidator;
import com.infullmobile.jenkins.plugin.restrictedregister.security.hudson.form.ActivationCodeFormValidator;
import com.infullmobile.jenkins.plugin.restrictedregister.security.hudson.form.ExistingUserFormValidator;
import com.infullmobile.jenkins.plugin.restrictedregister.security.hudson.form.HudsonFormField;
import com.infullmobile.jenkins.plugin.restrictedregister.security.hudson.form.RegisterFormFieldsValidator;
import com.infullmobile.jenkins.plugin.restrictedregister.security.hudson.mail.AdminNotificationEmail;
import com.infullmobile.jenkins.plugin.restrictedregister.security.hudson.mail.ConfirmationEmail;
import com.infullmobile.jenkins.plugin.restrictedregister.security.hudson.mail.WelcomeEmail;
import com.infullmobile.jenkins.plugin.restrictedregister.settings.RegistrationRulesSet;
import com.infullmobile.jenkins.plugin.restrictedregister.util.AuthCodeGenerator;
import com.infullmobile.jenkins.plugin.restrictedregister.util.SecretKeyChecker;
import com.infullmobile.jenkins.plugin.restrictedregister.util.Utils;
import hudson.Extension;
import hudson.model.Describable;
import hudson.model.Descriptor;
import hudson.model.User;
import hudson.model.UserProperty;
import hudson.security.HudsonPrivateSecurityRealm;
import hudson.security.SecurityRealm;
import hudson.tasks.Mailer;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import javax.annotation.Nonnull;
import net.sf.json.JSONException;
import net.sf.json.JSONObject;
import org.apache.commons.lang.StringUtils;
import org.kohsuke.stapler.Stapler;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.bind.JavaScriptMethod;

@Extension
/* loaded from: input_file:com/infullmobile/jenkins/plugin/restrictedregister/security/hudson/HudsonSecurityRealmRegistration.class */
public class HudsonSecurityRealmRegistration extends SecurityRealmRegistration<HudsonPrivateSecurityRealm> implements Describable<HudsonSecurityRealmRegistration> {
    private final List<IFormValidator<HudsonSecurityRealmRegistration>> registerFormValidators = new ArrayList();
    private final List<IFormValidator<HudsonSecurityRealmRegistration>> activateFormValidators = new ArrayList();
    static final /* synthetic */ boolean $assertionsDisabled;

    @Extension
    /* loaded from: input_file:com/infullmobile/jenkins/plugin/restrictedregister/security/hudson/HudsonSecurityRealmRegistration$HudsonSecurityRealmRegistrationDescriptor.class */
    public static class HudsonSecurityRealmRegistrationDescriptor extends Descriptor<HudsonSecurityRealmRegistration> {
        private static final String DISPLAY_NAME = "Hudson security realm registration";

        @Nonnull
        public String getDisplayName() {
            return DISPLAY_NAME;
        }
    }

    public HudsonSecurityRealmRegistration() {
        this.registerFormValidators.add(new ExistingUserFormValidator());
        this.registerFormValidators.add(new RegisterFormFieldsValidator());
        this.activateFormValidators.add(new ActivateFormFieldsValidator());
        this.activateFormValidators.add(new ActivationCodeFormValidator());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isActive() {
        return HudsonPrivateSecurityRealm.class.isInstance(PluginModule.getDefault().getJenkinsDescriptor().getSecurityRealm());
    }

    @Override // com.infullmobile.jenkins.plugin.restrictedregister.security.SecurityRealmRegistration
    public boolean isRegistrationForSecurityRealm(SecurityRealm securityRealm) {
        return HudsonPrivateSecurityRealm.class.isInstance(securityRealm);
    }

    @JavaScriptMethod
    public JSONObject register(JSONObject jSONObject) {
        JSONObject errorWithException;
        RegistrationRulesSet findMatchingConfigRules;
        try {
            try {
                validateRegisterFormData(jSONObject);
                findMatchingConfigRules = findMatchingConfigRules(jSONObject);
            } catch (JSONException e) {
                Utils.logError((Throwable) e);
                throw new RegistrationException(Messages.RRError_Hudson_InvalidEntity());
            }
        } catch (InvalidSecurityRealmException e2) {
            errorWithException = API.errorWithMessage(Messages.RRError_SecurityRealmNotApplicable());
        } catch (Exception e3) {
            errorWithException = API.errorWithException(e3);
            Utils.logError(e3);
        }
        if (findMatchingConfigRules == null) {
            throw new RegistrationException(Messages.RRError_NoMatchingRules());
        }
        initiateAccount(jSONObject, findMatchingConfigRules);
        errorWithException = API.success();
        return errorWithException;
    }

    private void initiateAccount(JSONObject jSONObject, RegistrationRulesSet registrationRulesSet) throws RegistrationException {
        User user = User.get(jSONObject.getString(BaseFormField.USERNAME.getFieldName()));
        RRHudsonUserProperty obtainPropertyForUser = RRHudsonUserProperty.obtainPropertyForUser(user);
        if (obtainPropertyForUser.getActivated()) {
            throw new RegistrationException(Messages.RRError_Hudson_UserIsActivated());
        }
        if (StringUtils.isEmpty(obtainPropertyForUser.getActivationCode())) {
            obtainPropertyForUser.setActivationCode(getNewUniqueAuthCode());
        }
        obtainPropertyForUser.setRuleName(registrationRulesSet.getRuleName());
        UserProperty userProperty = (Mailer.UserProperty) user.getProperty(Mailer.UserProperty.class);
        String string = jSONObject.getString(BaseFormField.EMAIL.getFieldName());
        if (userProperty == null || !string.equals(userProperty.getAddress())) {
            userProperty = new Mailer.UserProperty(jSONObject.getString(BaseFormField.EMAIL.getFieldName()));
        }
        try {
            user.addProperty(obtainPropertyForUser);
            user.addProperty(userProperty);
            user.setFullName((String) BaseFormField.DISPLAY_NAME.fromJSON(jSONObject));
            user.save();
            try {
                ConfirmationEmail.create(createLocalVariables(jSONObject, user), string).send();
            } catch (MailException e) {
                throw new RegistrationException(Messages.RRError_Hudson_EmailAfterInitiation(string));
            }
        } catch (IOException e2) {
            throw new RegistrationException(Messages.RRError_Hudson_UserIO());
        }
    }

    private String getNewUniqueAuthCode() {
        String genUniqueAuthCode;
        do {
            genUniqueAuthCode = AuthCodeGenerator.genUniqueAuthCode();
        } while (RRHudsonUserProperty.getUserForActivationCode(genUniqueAuthCode) != null);
        return genUniqueAuthCode;
    }

    private void validateRegisterFormData(JSONObject jSONObject) throws RegistrationException, InvalidSecurityRealmException {
        Iterator<IFormValidator<HudsonSecurityRealmRegistration>> it = this.registerFormValidators.iterator();
        while (it.hasNext()) {
            it.next().verifyFormData(this, jSONObject);
        }
    }

    @JavaScriptMethod
    public JSONObject checkSecret(String str) {
        return SecretKeyChecker.isSecretKeyValid(str) ? API.success() : API.errorWithException(new RegistrationException(Messages.RRError_Hudson_Unauthorized()));
    }

    @JavaScriptMethod
    public JSONObject checkActivationCode(String str, String str2) {
        try {
            if (!SecretKeyChecker.isSecretKeyValid(str)) {
                throw new RegistrationException(Messages.RRError_Hudson_Unauthorized());
            }
            validateActivationCode(str2);
            return API.success();
        } catch (Exception e) {
            return API.errorWithException(e);
        }
    }

    private void validateActivationCode(String str) throws RegistrationException {
        User userForActivationCode = getUserForActivationCode(str);
        if (userForActivationCode == null) {
            throw new RegistrationException(Messages.RRError_Hudson_ActiviationCodeInvalid());
        }
        if (RRHudsonUserProperty.isUserActivated(userForActivationCode)) {
            throw new RegistrationException(Messages.RRError_Hudson_UserIsActivated());
        }
    }

    public String getUsernameFromAuthCode() {
        User userForActivationCode;
        StaplerRequest currentRequest = Stapler.getCurrentRequest();
        return (!currentRequest.hasParameter(getCodeParamKey()) || (userForActivationCode = getUserForActivationCode(currentRequest.getParameter(getCodeParamKey()))) == null) ? "" : userForActivationCode.getId();
    }

    public User getUserForActivationCode(String str) {
        return RRHudsonUserProperty.getUserForActivationCode(str);
    }

    @JavaScriptMethod
    public JSONObject activate(JSONObject jSONObject) {
        JSONObject errorWithException;
        try {
            try {
                validateActivateFormData(jSONObject);
                activateAccount(jSONObject);
                errorWithException = API.success();
            } catch (JSONException e) {
                Utils.logError((Throwable) e);
                throw new RegistrationException(Messages.RRError_Hudson_InvalidEntity());
            }
        } catch (InvalidSecurityRealmException e2) {
            errorWithException = API.errorWithMessage(Messages.RRError_SecurityRealmNotApplicable());
        } catch (Exception e3) {
            errorWithException = API.errorWithException(e3);
            Utils.logError(e3);
        }
        return errorWithException;
    }

    private void validateActivateFormData(JSONObject jSONObject) throws RegistrationException, InvalidSecurityRealmException {
        Iterator<IFormValidator<HudsonSecurityRealmRegistration>> it = this.activateFormValidators.iterator();
        while (it.hasNext()) {
            it.next().verifyFormData(this, jSONObject);
        }
    }

    private void activateAccount(JSONObject jSONObject) throws InvalidSecurityRealmException, RegistrationException {
        String str = (String) BaseFormField.ACTIVATION_CODE.fromJSON(jSONObject);
        User userForActivationCode = RRHudsonUserProperty.getUserForActivationCode(str);
        RRHudsonUserProperty propertyForUser = RRHudsonUserProperty.getPropertyForUser(userForActivationCode);
        String str2 = (String) HudsonFormField.PASSWORD.fromJSON(jSONObject);
        if (!$assertionsDisabled && userForActivationCode == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && propertyForUser == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && str2 == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && str == null) {
            throw new AssertionError();
        }
        try {
            getSecurityRealm().createAccount(userForActivationCode.getId(), str2);
            propertyForUser.setActivated(true);
            propertyForUser.setActivatedAt(Utils.getFormattedTimestamp(new Date()));
            userForActivationCode.addProperty(propertyForUser);
            String address = userForActivationCode.getProperty(Mailer.UserProperty.class).getAddress();
            try {
                WelcomeEmail.create(createLocalVariables(jSONObject, userForActivationCode), address).send();
                try {
                    AdminNotificationEmail.create(createLocalVariables(jSONObject, userForActivationCode)).send();
                } catch (MailException e) {
                    Utils.logError("Failed to send e-mail notification to administrator");
                    Utils.logError(e);
                }
            } catch (MailException e2) {
                Utils.logError(e2);
                throw new RegistrationException(Messages.RRError_Hudson_EmailErrorAfterActivation(address));
            }
        } catch (IOException e3) {
            Utils.logError(e3);
            throw new RegistrationException(Messages.RRError_Hudson_UserIO());
        }
    }

    public String getCodeParamKey() {
        return BaseFormField.ACTIVATION_CODE.getFieldName();
    }

    private LocalVariables createLocalVariables(JSONObject jSONObject, User user) {
        return LocalVariablesBuilder.start().user(user).payload(jSONObject).build();
    }

    public Descriptor<HudsonSecurityRealmRegistration> getDescriptor() {
        return PluginModule.getDefault().getJenkinsDescriptor().getDescriptorForType(this);
    }

    static {
        $assertionsDisabled = !HudsonSecurityRealmRegistration.class.desiredAssertionStatus();
    }
}
