package io.jenkins.plugin.auth.jwt.impl;

import hudson.Extension;
import hudson.security.AccessDeniedException2;
import io.jenkins.plugin.auth.jwt.JwtAuthenticationService;
import io.jenkins.plugin.auth.jwt.JwtAuthenticationStore;
import io.jenkins.plugin.auth.jwt.JwtAuthenticationStoreFactory;
import io.jenkins.plugin.auth.jwt.commons.JsonConverter;
import io.jenkins.plugin.auth.jwt.tokens.JwtGenerator;
import java.io.IOException;
import java.util.Iterator;
import javax.annotation.Nullable;
import jenkins.model.Jenkins;
import org.acegisecurity.Authentication;
import org.kohsuke.stapler.HttpResponse;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.StaplerResponse;

@Extension
/* loaded from: input_file:io/jenkins/plugin/auth/jwt/impl/JwtAuthenticationServiceImpl.class */
public class JwtAuthenticationServiceImpl extends JwtAuthenticationService {

    /* loaded from: input_file:io/jenkins/plugin/auth/jwt/impl/JwtAuthenticationServiceImpl$JwtResponse.class */
    public static class JwtResponse implements HttpResponse {
        private final JwtGenerator.OAuthAccessTokenResponse payload;

        public JwtResponse(JwtGenerator.OAuthAccessTokenResponse oAuthAccessTokenResponse) {
            this.payload = oAuthAccessTokenResponse;
        }

        public void generateResponse(StaplerRequest staplerRequest, StaplerResponse staplerResponse, Object obj) throws IOException {
            staplerResponse.setContentType("application/json");
            staplerResponse.getWriter().write(JsonConverter.toJson(this.payload));
        }
    }

    @Override // io.jenkins.plugin.auth.jwt.JwtAuthenticationService
    public JwtResponse getToken(@Nullable @QueryParameter("expiryTimeInMins") Integer num, @Nullable @QueryParameter("maxExpiryTimeInMins") Integer num2) {
        Authentication authentication = Jenkins.getAuthentication();
        if (Jenkins.getInstance().getACL().hasPermission(authentication, Jenkins.READ)) {
            return new JwtResponse((JwtGenerator.OAuthAccessTokenResponse) JwtGenerator.all().stream().findFirst().map(jwtGenerator -> {
                return jwtGenerator.getToken(authentication, num, num2);
            }).orElseThrow(() -> {
                return new RuntimeException("No JwtGenerators found");
            }));
        }
        throw new AccessDeniedException2(authentication, Jenkins.READ);
    }

    public String getIconFileName() {
        return null;
    }

    public String getDisplayName() {
        return "BlueOcean Jwt endpoint";
    }

    public static JwtAuthenticationStore getJwtStore(Authentication authentication) {
        JwtAuthenticationStore jwtAuthenticationStore = null;
        Iterator it = JwtAuthenticationStoreFactory.all().iterator();
        while (it.hasNext()) {
            JwtAuthenticationStoreFactory jwtAuthenticationStoreFactory = (JwtAuthenticationStoreFactory) it.next();
            if (jwtAuthenticationStoreFactory instanceof SimpleJwtAuthenticationStore) {
                jwtAuthenticationStore = jwtAuthenticationStoreFactory.getJwtAuthenticationStore(authentication);
            } else {
                JwtAuthenticationStore jwtAuthenticationStore2 = jwtAuthenticationStoreFactory.getJwtAuthenticationStore(authentication);
                if (jwtAuthenticationStore2 != null) {
                    return jwtAuthenticationStore2;
                }
            }
        }
        return jwtAuthenticationStore;
    }
}
