package org.miniorange.saml;

import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.Extension;
import hudson.Util;
import hudson.model.Descriptor;
import hudson.model.User;
import hudson.security.HudsonPrivateSecurityRealm;
import hudson.security.SecurityRealm;
import hudson.security.captcha.CaptchaSupport;
import hudson.tasks.Mailer;
import hudson.util.FormValidation;
import java.io.File;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.ServletException;
import javax.servlet.http.HttpSession;
import jenkins.model.Jenkins;
import jenkins.security.SecurityListener;
import net.sf.json.JSONObject;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang3.BooleanUtils;
import org.json.JSONException;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.Header;
import org.kohsuke.stapler.HttpResponse;
import org.kohsuke.stapler.HttpResponses;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.StaplerResponse;
import org.kohsuke.stapler.interceptor.RequirePOST;
import org.kohsuke.stapler.verb.POST;
import org.miniorange.saml.MoSAMLException;
import org.miniorange.saml.MoSAMLuserProperty;
import org.opensaml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml2.metadata.ContactPerson;
import org.opensaml.saml2.metadata.ContactPersonTypeEnumeration;
import org.opensaml.saml2.metadata.EmailAddress;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.GivenName;
import org.opensaml.saml2.metadata.KeyDescriptor;
import org.opensaml.saml2.metadata.LocalizedString;
import org.opensaml.saml2.metadata.NameIDFormat;
import org.opensaml.saml2.metadata.Organization;
import org.opensaml.saml2.metadata.OrganizationDisplayName;
import org.opensaml.saml2.metadata.OrganizationName;
import org.opensaml.saml2.metadata.OrganizationURL;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml2.metadata.SingleLogoutService;
import org.opensaml.saml2.metadata.impl.AssertionConsumerServiceBuilder;
import org.opensaml.saml2.metadata.impl.ContactPersonBuilder;
import org.opensaml.saml2.metadata.impl.EmailAddressBuilder;
import org.opensaml.saml2.metadata.impl.EntityDescriptorBuilder;
import org.opensaml.saml2.metadata.impl.GivenNameBuilder;
import org.opensaml.saml2.metadata.impl.KeyDescriptorBuilder;
import org.opensaml.saml2.metadata.impl.NameIDFormatBuilder;
import org.opensaml.saml2.metadata.impl.OrganizationBuilder;
import org.opensaml.saml2.metadata.impl.OrganizationDisplayNameBuilder;
import org.opensaml.saml2.metadata.impl.OrganizationNameBuilder;
import org.opensaml.saml2.metadata.impl.OrganizationURLBuilder;
import org.opensaml.saml2.metadata.impl.SPSSODescriptorBuilder;
import org.opensaml.saml2.metadata.impl.SingleLogoutServiceBuilder;
import org.opensaml.xml.Configuration;
import org.opensaml.xml.security.credential.UsageType;
import org.opensaml.xml.signature.KeyInfo;
import org.opensaml.xml.signature.X509Certificate;
import org.opensaml.xml.signature.X509Data;
import org.opensaml.xml.signature.impl.KeyInfoBuilder;
import org.opensaml.xml.signature.impl.X509CertificateBuilder;
import org.opensaml.xml.signature.impl.X509DataBuilder;
import org.opensaml.xml.util.XMLHelper;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;

/* loaded from: input_file:org/miniorange/saml/MoSAMLAddIdp.class */
public class MoSAMLAddIdp extends SecurityRealm {
    public static final String MO_SAML_SP_AUTH_URL = "securityRealm/moSamlAuth";
    public static final String DEFAULT_CUSTOMER_KEY = "16555";
    public static final String DEFAULT_API_KEY = "fFd2XcvTGDemZvbw1bcUesNJWEqKbbUq";
    public static final String AUTH_BASE_URL = "https://auth.miniorange.com/moas";
    public static final String NOTIFY_API = "https://auth.miniorange.com/moas/api/notify/send";
    public static final String MO_SAML_JENKINS_LOGIN_ACTION = "securityRealm/moLoginAction";
    public static final String MO_SAML_SSO_FORCE_STOP = "securityRealm/moSAMLSingleSignOnForceStop";
    public static final String MO_SAML_SP_METADATA_URL = "securityRealm/mospmetadata";
    public static final String MO_SAML_SP_CERTIFCATE_DOWNLOAD = "securityRealm/downloadCertificate";
    public static final String MO_SAML_SSO_LOGIN_ACTION = "securityRealm/moSamlLogin";
    private static final String LOGIN_TEMPLATE_PATH = "/templates/mosaml_login_page_template.html";
    private static final String AUTO_REDIRECT_TO_IDP_TEMPLATE_PATH = "/templates/AutoRedirectToIDPTemplate.html";
    private final String idpEntityId;
    private final String ssoUrl;
    private final String metadataUrl;
    private final String metadataFilePath;
    private final String publicx509Certificate;
    private final String usernameAttribute;
    private final String fullnameAttribute;
    private final String usernameCaseConversion;
    private final Boolean userAttributeUpdate;
    private final String emailAttribute;
    private final String nameIDFormat;
    private final String sslUrl;
    private final String loginType;
    private final String regexPattern;
    private final Boolean enableRegexPattern;
    private final Boolean signedRequest;
    private final Boolean splitnameAttribute;
    private final Boolean userCreate;
    private final Boolean forceAuthn;
    private final String ssoBindingType;
    private final String sloBindingType;
    private List<MoAttributeEntry> samlCustomAttributes;
    private String newUserGroup;
    private String authnContextClass;
    private static final Logger LOGGER = Logger.getLogger(MoSAMLAddIdp.class.getName());
    private static final String REFERER_ATTRIBUTE = MoSAMLAddIdp.class.getName() + ".referer";
    private static Set<String> nonceSet = new HashSet();
    public static final DescriptorImpl DESCRIPTOR = new DescriptorImpl();

    @Extension
    /* loaded from: input_file:org/miniorange/saml/MoSAMLAddIdp$DescriptorImpl.class */
    public static final class DescriptorImpl extends Descriptor<SecurityRealm> {
        public DescriptorImpl() {
        }

        public DescriptorImpl(Class<? extends SecurityRealm> cls) {
            super(cls);
        }

        public String getDisplayName() {
            return "miniOrange SAML 2.0";
        }

        public Boolean checkFormHasData(JSONObject jSONObject) {
            return Boolean.valueOf(jSONObject.has("idpEntityId") && jSONObject.has("ssoUrl") && jSONObject.has("metadataUrl") && jSONObject.has("metadataFilePath") && jSONObject.has("publicx509Certificate") && jSONObject.has("usernameCaseConversion") && jSONObject.has("usernameAttribute") && jSONObject.has("emailAttribute") && jSONObject.has("fullnameAttribute") && jSONObject.has("nameIDFormat") && jSONObject.has("sslUrl") && jSONObject.has("loginType") && jSONObject.has("regexPattern") && jSONObject.has("enableRegexPattern") && jSONObject.has("signedRequest") && jSONObject.has("splitnameAttribute") && jSONObject.has("userCreate") && jSONObject.has("forceAuthn") && jSONObject.has("ssoBindingType") && jSONObject.has("sloBindingType") && jSONObject.has("userAttributeUpdate") && jSONObject.has("newUserGroup") && jSONObject.has("authnContextClass"));
        }

        /* renamed from: newInstance, reason: merged with bridge method [inline-methods] */
        public SecurityRealm m5newInstance(StaplerRequest staplerRequest, JSONObject jSONObject) {
            MoSAMLAddIdp moSAMLAddIdp;
            SecurityRealm securityRealm = Jenkins.get().getSecurityRealm();
            if (checkFormHasData(jSONObject).booleanValue() && (securityRealm instanceof MoSAMLAddIdp)) {
                MoSAMLAddIdp.LOGGER.log(Level.FINE, "form has existing data");
                ArrayList arrayList = new ArrayList();
                try {
                    String defaultIfBlank = jSONObject.get("samlCustomAttribute") != null ? StringUtils.defaultIfBlank(jSONObject.get("samlCustomAttribute").toString(), "") : "";
                    if (defaultIfBlank.startsWith("[")) {
                        Iterator it = jSONObject.getJSONArray("samlCustomAttribute").iterator();
                        while (it.hasNext()) {
                            JSONObject jSONObject2 = (JSONObject) it.next();
                            arrayList.add(new MoAttribute(jSONObject2.getString("name"), jSONObject2.getString("displayName")));
                        }
                    } else if (defaultIfBlank.startsWith("{")) {
                        JSONObject jSONObject3 = jSONObject.getJSONObject("samlCustomAttribute");
                        arrayList.add(new MoAttribute(jSONObject3.getString("name"), jSONObject3.getString("displayName")));
                    }
                } catch (Exception e) {
                    MoSAMLAddIdp.LOGGER.fine("Error is  " + e.getMessage());
                }
                try {
                    moSAMLAddIdp = new MoSAMLAddIdp(StringUtils.defaultIfBlank(jSONObject.get("idpEntityId").toString(), ""), StringUtils.defaultIfBlank(jSONObject.get("ssoUrl").toString(), ""), StringUtils.defaultIfBlank(jSONObject.get("metadataUrl").toString(), ""), StringUtils.defaultIfBlank(jSONObject.get("metadataFilePath").toString(), ""), StringUtils.defaultIfBlank(jSONObject.get("publicx509Certificate").toString(), ""), StringUtils.defaultIfBlank(jSONObject.get("usernameCaseConversion").toString(), ""), StringUtils.defaultIfBlank(jSONObject.get("usernameAttribute").toString(), ""), StringUtils.defaultIfBlank(jSONObject.get("emailAttribute").toString(), ""), StringUtils.defaultIfBlank(jSONObject.get("fullnameAttribute").toString(), ""), StringUtils.defaultIfBlank(jSONObject.get("nameIDFormat").toString(), ""), StringUtils.defaultIfBlank(jSONObject.get("sslUrl").toString(), ""), StringUtils.defaultIfBlank(jSONObject.get("loginType").toString(), ""), StringUtils.defaultIfBlank(jSONObject.get("regexPattern").toString(), ""), Boolean.valueOf(Boolean.parseBoolean(jSONObject.get("enableRegexPattern").toString())), Boolean.valueOf(Boolean.parseBoolean(jSONObject.get("signedRequest").toString())), Boolean.valueOf(Boolean.parseBoolean(jSONObject.get("splitnameAttribute").toString())), Boolean.valueOf(Boolean.parseBoolean(jSONObject.get("userCreate").toString())), Boolean.valueOf(Boolean.parseBoolean(jSONObject.get("forceAuthn").toString())), StringUtils.defaultIfBlank(jSONObject.get("ssoBindingType").toString(), ""), StringUtils.defaultIfBlank(jSONObject.get("sloBindingType").toString(), ""), arrayList, Boolean.valueOf(Boolean.parseBoolean(jSONObject.get("userAttributeUpdate").toString())), StringUtils.defaultIfBlank(jSONObject.get("newUserGroup").toString(), ""), StringUtils.defaultIfBlank(jSONObject.get("authnContextClass").toString(), ""));
                } catch (Exception e2) {
                    MoSAMLAddIdp.LOGGER.fine(" Error in loading security realm : " + e2.getMessage());
                    throw new RuntimeException(e2);
                }
            } else if (securityRealm instanceof MoSAMLAddIdp) {
                MoSAMLAddIdp.LOGGER.log(Level.FINE, " Loading old Realm ");
                moSAMLAddIdp = (MoSAMLAddIdp) securityRealm;
            } else {
                MoSAMLAddIdp.LOGGER.fine("Creating empty realm");
                try {
                    moSAMLAddIdp = new MoSAMLAddIdp("", "", "", "", "", "", "", "", "", "", "", "", "", false, false, false, true, false, "", "", null, false, "", "");
                } catch (Exception e3) {
                    MoSAMLAddIdp.LOGGER.fine("Unable to create Security realm object , error is " + e3.getMessage());
                    throw new RuntimeException(e3);
                }
            }
            return moSAMLAddIdp;
        }

        private static void checkAdminPermission() {
            Jenkins.get().checkPermission(Jenkins.ADMINISTER);
        }

        private static void persistChanges() throws IOException {
            Jenkins.get().save();
        }

        @RequirePOST
        @Restricted({NoExternalUse.class})
        public void doRealmSubmit(StaplerRequest staplerRequest, StaplerResponse staplerResponse) throws ServletException, IOException, ServletException {
            MoSAMLAddIdp.LOGGER.log(Level.FINE, "Submitting the realm");
            checkAdminPermission();
            staplerRequest.setCharacterEncoding("UTF-8");
            JSONObject submittedForm = staplerRequest.getSubmittedForm();
            MoSAMLAddIdp.LOGGER.log(Level.FINE, "Saving realm values : " + submittedForm.toString());
            Jenkins.get().setSecurityRealm(m5newInstance(staplerRequest, submittedForm));
            persistChanges();
        }

        @POST
        public FormValidation doCheckIdpEntityId(@QueryParameter String str) {
            checkAdminPermission();
            return StringUtils.isEmpty(str) ? FormValidation.error("The Entity ID Can not be kept blank.") : FormValidation.ok();
        }

        @POST
        public FormValidation doCheckSsoUrl(@QueryParameter String str) {
            checkAdminPermission();
            if (StringUtils.isEmpty(str)) {
                return FormValidation.error("The Single Sign On URL Can not be kept blank.");
            }
            try {
                new URL(str);
                return FormValidation.ok();
            } catch (MalformedURLException e) {
                return FormValidation.error("The URL is malformed.", new Object[]{e});
            }
        }

        @POST
        public FormValidation doCheckUsernameAttribute(@QueryParameter String str, @QueryParameter String str2) {
            checkAdminPermission();
            return (StringUtils.isEmpty(str) && str2.equals("usernameLogin")) ? FormValidation.warning("Username Can not kept blank") : FormValidation.ok();
        }

        @POST
        public FormValidation doCheckEmailAttribute(@QueryParameter String str, @QueryParameter String str2) {
            checkAdminPermission();
            return (StringUtils.isEmpty(str) && str2.equals("emailLogin")) ? FormValidation.warning("Email Address Can not kept blank") : FormValidation.ok();
        }

        @POST
        public FormValidation doCheckPublicx509Certificate(@QueryParameter String str) {
            checkAdminPermission();
            if (StringUtils.isEmpty(str)) {
                return FormValidation.error("Certificate cannot be kept blank.");
            }
            if (!StringUtils.isNotBlank(str)) {
                return FormValidation.error("Certificate validation failed.");
            }
            Boolean isValidPublicCertificate = MoSAMLUtils.isValidPublicCertificate(str);
            MoSAMLAddIdp.LOGGER.fine("is certificate valid:" + isValidPublicCertificate);
            return isValidPublicCertificate.booleanValue() ? FormValidation.ok() : FormValidation.error("Invalid Certificate");
        }

        @POST
        public FormValidation doCheckRegexPattern(@QueryParameter Boolean bool, @QueryParameter String str) {
            checkAdminPermission();
            return (bool.booleanValue() && StringUtils.isEmpty(str)) ? FormValidation.error("The Regex Pattern is not Valid") : FormValidation.ok();
        }

        @POST
        public FormValidation doUserCreate(@QueryParameter Boolean bool, @QueryParameter String str, @QueryParameter String str2) {
            checkAdminPermission();
            return (bool.booleanValue() && StringUtils.isEmpty(str) && StringUtils.isEmpty(str2)) ? FormValidation.error("Email and Username Attributes are required.") : FormValidation.ok();
        }

        public String getBaseUrl() {
            String rootUrl = Jenkins.get().getRootUrl();
            if (rootUrl.endsWith("/")) {
                rootUrl = rootUrl.substring(0, rootUrl.length() - 1);
            }
            return rootUrl;
        }

        @POST
        public FormValidation doCheckUserAttributeUpdate(@QueryParameter Boolean bool) {
            checkAdminPermission();
            return !bool.booleanValue() ? FormValidation.warning("Available in premium version") : FormValidation.ok();
        }

        @POST
        public FormValidation doCheckSignedRequest(@QueryParameter Boolean bool) {
            checkAdminPermission();
            return !bool.booleanValue() ? FormValidation.warning("Available in premium version") : FormValidation.ok();
        }

        @POST
        public FormValidation doCheckSplitnameAttribute(@QueryParameter Boolean bool) {
            checkAdminPermission();
            return FormValidation.warning("Available in premium version");
        }

        @POST
        public FormValidation doCheckDisableDefaultLogin(@QueryParameter Boolean bool) {
            checkAdminPermission();
            return !bool.booleanValue() ? FormValidation.warning("Available in premium version") : FormValidation.ok();
        }

        @POST
        public FormValidation doPerformTestConfiguration(@QueryParameter String str, @QueryParameter String str2, @QueryParameter String str3) {
            checkAdminPermission();
            if (!StringUtils.isEmpty(str) && !StringUtils.isEmpty(str2) && !StringUtils.isEmpty(str3)) {
                MoSAMLAddIdp.LOGGER.fine("Test config called..");
                return FormValidation.okWithMarkup("Click <a href='" + (getBaseUrl() + "/securityRealm/moSamlLogin?from=testidpconfiguration") + "' target='_blank' >here</a> to see the test configurations result.");
            }
            MoSAMLAddIdp.LOGGER.fine("Entity ID is " + str);
            MoSAMLAddIdp.LOGGER.fine("ssoUrl is " + str2);
            MoSAMLAddIdp.LOGGER.fine("publicx509Certificate is " + str3);
            return FormValidation.error("Save the idp configurations first. Could not perform test config");
        }

        @POST
        public FormValidation doValidateMetadataUrl(@QueryParameter String str) throws Exception {
            checkAdminPermission();
            try {
                MoSAMLAddIdp.configureFromMetadata(MoHttpUtils.sendGetRequest(str, null));
                return FormValidation.okWithMarkup("Valid metadata Url, please hit save button");
            } catch (Exception e) {
                MoSAMLAddIdp.LOGGER.fine("Invalid metadata Url" + e);
                return FormValidation.error("Invalid metadata Url");
            }
        }

        @POST
        public FormValidation doValidateMetadataFile(@QueryParameter String str) throws Exception {
            checkAdminPermission();
            try {
                MoSAMLAddIdp.configureFromMetadata(MoSAMLAddIdp.getMetadataFromFile(str));
                return FormValidation.okWithMarkup("Validation successful, please hit save button");
            } catch (Exception e) {
                MoSAMLAddIdp.LOGGER.fine("File not found or wrong file extension");
                return FormValidation.error("File not found or wrong file extension");
            }
        }
    }

    @DataBoundConstructor
    public MoSAMLAddIdp(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8, String str9, String str10, String str11, String str12, String str13, Boolean bool, Boolean bool2, Boolean bool3, Boolean bool4, Boolean bool5, String str14, String str15, List<MoAttributeEntry> list, Boolean bool6, String str16, String str17) throws Exception {
        this.metadataUrl = str3;
        this.metadataFilePath = str4;
        if (StringUtils.isEmpty(str3) && StringUtils.isEmpty(str4)) {
            this.idpEntityId = str;
            this.ssoUrl = str2;
            this.nameIDFormat = str10;
            this.sslUrl = str11;
            this.publicx509Certificate = str5;
        } else {
            List<String> configureFromMetadata = configureFromMetadata(!StringUtils.isEmpty(str3) ? MoHttpUtils.sendGetRequest(str3, null) : getMetadataFromFile(str4));
            if (configureFromMetadata.size() != 0) {
                this.idpEntityId = configureFromMetadata.get(0);
                this.nameIDFormat = configureFromMetadata.get(1);
                this.ssoUrl = configureFromMetadata.get(2);
                this.sslUrl = "";
                this.publicx509Certificate = configureFromMetadata.get(4);
            } else {
                this.idpEntityId = str;
                this.ssoUrl = str2;
                this.nameIDFormat = str10;
                this.sslUrl = str11;
                this.publicx509Certificate = str5;
            }
        }
        this.usernameCaseConversion = str6 != null ? str6 : "none";
        this.usernameAttribute = (str7 == null || str7.trim().equals("")) ? "NameID" : str7;
        this.emailAttribute = (str8 == null || str8.trim().equals("")) ? "NameID" : str8;
        this.loginType = str12 != null ? str12 : "usernameLogin";
        this.regexPattern = str13;
        this.enableRegexPattern = Boolean.valueOf(bool != null ? bool.booleanValue() : false);
        this.signedRequest = Boolean.valueOf(bool2 != null ? bool2.booleanValue() : false);
        this.splitnameAttribute = Boolean.valueOf(bool3 != null ? bool3.booleanValue() : false);
        this.userCreate = Boolean.valueOf(bool4 != null ? bool4.booleanValue() : true);
        this.forceAuthn = Boolean.valueOf(bool5 != null ? bool5.booleanValue() : false);
        this.ssoBindingType = str14 != null ? str14 : "HttpRedirect";
        this.sloBindingType = str15 != null ? str15 : "HttpRedirect";
        this.samlCustomAttributes = list;
        this.userAttributeUpdate = Boolean.valueOf(bool6 != null ? bool6.booleanValue() : false);
        this.fullnameAttribute = str9;
        this.newUserGroup = str16;
        this.authnContextClass = str17 != null ? str17 : "None";
    }

    public String toString() {
        return "{\"spEntityId:\": \"" + getBaseUrl() + "\", \"audienceURI:\": \"" + getBaseUrl() + "\", \"acsURL:\": \"" + getBaseUrl() + MO_SAML_SP_AUTH_URL + "\", \"spLogoutURL:\": \"" + getBaseUrl() + "securityRealm/logout\", \"idpEntityId\": \"" + this.idpEntityId + "\", \"ssoUrl\": \"" + this.ssoUrl + "\", \"metadataUrl\": \"" + this.metadataUrl + "\", \"metadataFilePath\": \"" + this.metadataFilePath + "\", \"publicx509Certificate\": \"" + this.publicx509Certificate + "\", \"usernameAttribute\": \"" + this.usernameAttribute + "\", \"fullnameAttribute\": \"" + this.fullnameAttribute + "\", \"usernameCaseConversion\": \"" + this.usernameCaseConversion + "\", \"userAttributeUpdate\": \"" + this.userAttributeUpdate + "\", \"emailAttribute\": \"" + this.emailAttribute + "\", \"nameIDFormat\": \"" + this.nameIDFormat + "\", \"sslUrl\": \"" + this.sslUrl + "\", \"loginType\": \"" + this.loginType + "\", \"regexPattern\": \"" + this.regexPattern + "\", \"enableRegexPattern\": \"" + this.enableRegexPattern + "\", \"signedRequest\": \"" + this.signedRequest + "\", \"splitnameAttribute\": \"" + this.splitnameAttribute + "\", \"userCreate\": \"" + this.userCreate + "\", \"forceAuthn\": \"" + this.forceAuthn + "\", \"ssoBindingType\": \"" + this.ssoBindingType + "\", \"sloBindingType\": \"" + this.sloBindingType + "\", \"samlCustomAttributes\": \"" + this.samlCustomAttributes + "\", \"newUserGroup\": \"" + this.newUserGroup + "\", \"authnContextClass\": \"" + this.authnContextClass + "\", \"disableDefaultLogin\": \"false\"}";
    }

    public String getLoginUrl() {
        return "securityRealm/moLogin";
    }

    public void doLogout(StaplerRequest staplerRequest, StaplerResponse staplerResponse) {
        try {
            LOGGER.fine(" in doLogout");
            super.doLogout(staplerRequest, staplerResponse);
        } catch (Exception e) {
            LOGGER.fine("error Occurred while generating logout request " + e.getMessage());
        }
    }

    public String getPostLogOutUrl2(StaplerRequest staplerRequest, Authentication authentication) {
        return staplerRequest.getContextPath() + "/securityRealm/moLogin?from=" + staplerRequest.getContextPath();
    }

    public HttpResponse doMoLogin(StaplerRequest staplerRequest, StaplerResponse staplerResponse, String str) {
        staplerRequest.getSession().setAttribute(REFERER_ATTRIBUTE, calculateSafeRedirect(staplerRequest.getReferer()));
        return (staplerRequest2, staplerResponse2, obj) -> {
            staplerResponse2.setContentType("text/html;charset=UTF-8");
            String iOUtils = IOUtils.toString(MoSAMLAddIdp.class.getResourceAsStream(LOGIN_TEMPLATE_PATH), "UTF-8");
            String rootUrl = Jenkins.get().getRootUrl();
            if (rootUrl.endsWith("/")) {
                rootUrl = rootUrl.substring(0, rootUrl.length() - 1);
            }
            String replace = iOUtils.replace("$$resURL$$", rootUrl);
            if (StringUtils.isNotBlank(str)) {
                replace = replace.replace("<input type=\"hidden\" />", str);
            }
            staplerResponse2.getWriter().println(replace);
        };
    }

    @RequirePOST
    public void doMoLoginAction(StaplerRequest staplerRequest, StaplerResponse staplerResponse) {
        Boolean bool;
        String calculateSafeRedirect = calculateSafeRedirect((String) staplerRequest.getSession().getAttribute(REFERER_ATTRIBUTE));
        recreateSession(staplerRequest);
        try {
            String sanitizeText = MoSAMLUtils.sanitizeText(staplerRequest.getParameter("j_username"));
            String sanitizeText2 = MoSAMLUtils.sanitizeText(staplerRequest.getParameter("j_password"));
            Boolean bool2 = Boolean.FALSE;
            String str = "";
            if (StringUtils.isNotBlank(sanitizeText)) {
                User byId = User.getById(sanitizeText, false);
                if (byId != null) {
                    LOGGER.fine("User exist with username = " + sanitizeText);
                    try {
                        bool = Boolean.valueOf(byId.getProperty(HudsonPrivateSecurityRealm.Details.class).isPasswordCorrect(sanitizeText2));
                        LOGGER.fine("Valid User Password");
                    } catch (Exception e) {
                        LOGGER.fine("InValid User Password" + e.getMessage());
                        bool = Boolean.FALSE;
                    }
                    if (bool.booleanValue()) {
                        HttpSession session = staplerRequest.getSession(false);
                        if (session != null) {
                            session.invalidate();
                        }
                        staplerRequest.getSession(true);
                        MoSAMLUserInfo moSAMLUserInfo = new MoSAMLUserInfo(sanitizeText, Collections.singleton(AUTHENTICATED_AUTHORITY2));
                        SecurityContextHolder.getContext().setAuthentication(new MoSAMLAuthenticationTokenInfo(moSAMLUserInfo));
                        SecurityListener.fireAuthenticated2(moSAMLUserInfo);
                        SecurityListener.fireLoggedIn(byId.getId());
                        staplerResponse.sendRedirect(calculateSafeRedirect);
                        return;
                    }
                }
                str = "INVALID USER OR PASSWORD";
            }
            staplerResponse.getWriter().println(customLoginTemplate(staplerResponse, StringUtils.isNotBlank(str) ? "<div class=\"alert alert-danger\">Invalid username or password</div><br>" : ""));
        } catch (Exception e2) {
            e2.printStackTrace();
        }
    }

    private String calculateSafeRedirect(String str) {
        String baseUrl = getBaseUrl();
        String str2 = (str == null || !(str.startsWith(baseUrl) || Util.isSafeToRedirectTo(str))) ? baseUrl : str;
        LOGGER.fine("Safe URL redirection: " + str2);
        return str2;
    }

    private String customLoginTemplate(StaplerResponse staplerResponse, String str) throws IOException {
        staplerResponse.setContentType("text/html;charset=UTF-8");
        String iOUtils = IOUtils.toString(MoSAMLAddIdp.class.getResourceAsStream(LOGIN_TEMPLATE_PATH), "UTF-8");
        String rootUrl = Jenkins.get().getRootUrl();
        if (rootUrl.endsWith("/")) {
            rootUrl = rootUrl.substring(0, rootUrl.length() - 1);
        }
        String replace = iOUtils.replace("$$resURL$$", rootUrl);
        if (StringUtils.isNotBlank(str)) {
            LOGGER.fine(str);
            replace = replace.replace("<input type=\"hidden\" />", str);
        }
        return replace;
    }

    private String createNonce() {
        return UUID.randomUUID().toString();
    }

    public void doMoSamlLogin(StaplerRequest staplerRequest, StaplerResponse staplerResponse, @Header("Referer") String str) {
        recreateSession(staplerRequest);
        String calculateSafeRedirect = StringUtils.isEmpty(staplerRequest.getQueryString()) ? calculateSafeRedirect(str) : staplerRequest.getQueryString();
        HttpSession session = staplerRequest.getSession();
        LOGGER.fine("relay state " + calculateSafeRedirect);
        String createNonce = createNonce();
        nonceSet.add(createNonce);
        session.setAttribute(MoSAMLUtils.RELAY_STATE_PARAM, StringUtils.substringAfter(calculateSafeRedirect(calculateSafeRedirect), "from="));
        LOGGER.fine("in doMoSamlLogin");
        new MoSAMLManager(getMoSAMLPluginSettings()).createAuthnRequestAndRedirect(staplerRequest, staplerResponse, createNonce, getMoSAMLPluginSettings());
    }

    public String getBaseUrl() {
        return Jenkins.get().getRootUrl();
    }

    private String getErrorUrl() {
        return Jenkins.get().getRootUrl() + MO_SAML_JENKINS_LOGIN_ACTION;
    }

    public String spMetadataURL() {
        return Jenkins.get().getRootUrl() + MO_SAML_SP_METADATA_URL;
    }

    @RequirePOST
    public void doMoSAMLSingleSignOnForceStop(StaplerRequest staplerRequest, StaplerResponse staplerResponse) {
        HttpSession session = staplerRequest.getSession(false);
        if (session != null) {
            session.invalidate();
        }
        LOGGER.fine("Enable doMoSAMLSingleSignOnForceStop from doPost");
        String sanitizeText = MoSAMLUtils.sanitizeText(staplerRequest.getParameter("username"));
        String sanitizeText2 = MoSAMLUtils.sanitizeText(staplerRequest.getParameter("password"));
        LOGGER.fine("Parameters submitted for backdoor: username: " + sanitizeText + " Password: " + sanitizeText2);
        if (StringUtils.isBlank(sanitizeText) && StringUtils.isBlank(sanitizeText2)) {
            sendError(staplerResponse, 401, "Authorization parameters are Missing");
            return;
        }
        User byId = User.getById(sanitizeText, false);
        try {
            if (byId != null) {
                Boolean valueOf = Boolean.valueOf(byId.getProperty(HudsonPrivateSecurityRealm.Details.class).isPasswordCorrect(sanitizeText2));
                Jenkins instanceOrNull = Jenkins.getInstanceOrNull();
                if (instanceOrNull != null && valueOf.booleanValue()) {
                    instanceOrNull.setSecurityRealm(new HudsonPrivateSecurityRealm(false, false, (CaptchaSupport) null));
                }
                org.json.JSONObject jSONObject = new org.json.JSONObject();
                org.json.JSONObject jSONObject2 = new org.json.JSONObject();
                jSONObject2.put("Status", "SUCCESS");
                jSONObject2.put("Message", "Successfully disabled SSO");
                jSONObject.put("Message", jSONObject2);
                staplerResponse.setContentType(MoHttpUtils.CONTENT_TYPE_JSON);
                staplerResponse.setStatus(200);
                staplerResponse.getOutputStream().write(jSONObject.toString().getBytes(StandardCharsets.UTF_8));
                staplerResponse.getOutputStream().close();
            } else {
                LOGGER.fine("User validation failed.");
                sendError(staplerResponse, 401, "UnAuthorize User");
            }
        } catch (IOException e) {
            LOGGER.fine(e.getMessage());
        }
    }

    private void sendError(StaplerResponse staplerResponse, int i, String str) {
        try {
            org.json.JSONObject jSONObject = new org.json.JSONObject();
            org.json.JSONObject jSONObject2 = new org.json.JSONObject();
            jSONObject2.put("Status", "ERROR");
            jSONObject2.put("Message", str);
            jSONObject.put("error", jSONObject2);
            staplerResponse.setContentType(MoHttpUtils.CONTENT_TYPE_JSON);
            staplerResponse.setStatus(i);
            staplerResponse.getOutputStream().write(jSONObject.toString().getBytes(StandardCharsets.UTF_8));
            staplerResponse.getOutputStream().close();
        } catch (IOException | JSONException e) {
            LOGGER.fine("An error occurred while sending json response" + e);
        }
    }

    public void doMospmetadata(StaplerRequest staplerRequest, StaplerResponse staplerResponse) {
        LOGGER.fine("Printing SP Metadata");
        if (staplerRequest.getSession(false) == null) {
            LOGGER.fine("Invalid Request");
            return;
        }
        String metadata = getMetadata(getMoSAMLPluginSettings());
        LOGGER.fine(metadata);
        try {
            staplerResponse.setHeader("Content-Disposition", "attachment; filename=\"sp_metadata.xml\"");
            staplerResponse.setHeader("Cache-Control", "max-age=0");
            staplerResponse.setHeader("Pragma", "");
            staplerResponse.setContentType("application/xml");
            staplerResponse.getOutputStream().write(metadata.getBytes(StandardCharsets.UTF_8));
        } catch (Exception e) {
            LOGGER.fine("An error occurred while downloading the metadata." + e);
        }
    }

    public void doDownloadCertificate(StaplerRequest staplerRequest, StaplerResponse staplerResponse) throws Exception {
        LOGGER.fine("Downloading SP Certificate.");
        try {
            String publicSPCertificate = getMoSAMLPluginSettings().getPublicSPCertificate();
            staplerResponse.setHeader("Content-Disposition", "attachment; filename=\"sp-certificate.crt\"");
            staplerResponse.setHeader("Cache-Control", "max-age=0");
            staplerResponse.setHeader("Pragma", "");
            staplerResponse.setContentType("application/octet-stream");
            staplerResponse.getOutputStream().write(publicSPCertificate.getBytes(StandardCharsets.UTF_8));
        } catch (Exception e) {
            LOGGER.fine("An error occurred while downloading the certificate." + e);
        }
    }

    public String getMetadata(MoSAMLPluginSettings moSAMLPluginSettings) {
        LOGGER.fine("Generating SP Metadata.");
        MoSAMLUtils.doBootstrap();
        EntityDescriptorBuilder entityDescriptorBuilder = new EntityDescriptorBuilder();
        SPSSODescriptorBuilder sPSSODescriptorBuilder = new SPSSODescriptorBuilder();
        KeyDescriptorBuilder keyDescriptorBuilder = new KeyDescriptorBuilder();
        KeyInfoBuilder keyInfoBuilder = new KeyInfoBuilder();
        X509DataBuilder x509DataBuilder = new X509DataBuilder();
        X509CertificateBuilder x509CertificateBuilder = new X509CertificateBuilder();
        NameIDFormatBuilder nameIDFormatBuilder = new NameIDFormatBuilder();
        AssertionConsumerServiceBuilder assertionConsumerServiceBuilder = new AssertionConsumerServiceBuilder();
        SingleLogoutServiceBuilder singleLogoutServiceBuilder = new SingleLogoutServiceBuilder();
        OrganizationBuilder organizationBuilder = new OrganizationBuilder();
        OrganizationNameBuilder organizationNameBuilder = new OrganizationNameBuilder();
        OrganizationDisplayNameBuilder organizationDisplayNameBuilder = new OrganizationDisplayNameBuilder();
        OrganizationURLBuilder organizationURLBuilder = new OrganizationURLBuilder();
        ContactPersonBuilder contactPersonBuilder = new ContactPersonBuilder();
        GivenNameBuilder givenNameBuilder = new GivenNameBuilder();
        EmailAddressBuilder emailAddressBuilder = new EmailAddressBuilder();
        EntityDescriptor buildObject = entityDescriptorBuilder.buildObject();
        SPSSODescriptor buildObject2 = sPSSODescriptorBuilder.buildObject();
        AssertionConsumerService buildObject3 = assertionConsumerServiceBuilder.buildObject();
        Organization buildObject4 = organizationBuilder.buildObject();
        ContactPerson buildObject5 = contactPersonBuilder.buildObject();
        ContactPerson buildObject6 = contactPersonBuilder.buildObject();
        buildObject.setEntityID(moSAMLPluginSettings.getSPEntityID());
        buildObject2.setWantAssertionsSigned(true);
        buildObject2.addSupportedProtocol("urn:oasis:names:tc:SAML:2.0:protocol");
        if (BooleanUtils.toBoolean(Boolean.valueOf(moSAMLPluginSettings.getSignedRequest()))) {
            buildObject2.setAuthnRequestsSigned(true);
            KeyDescriptor buildObject7 = keyDescriptorBuilder.buildObject();
            buildObject7.setUse(UsageType.SIGNING);
            KeyInfo buildObject8 = keyInfoBuilder.buildObject(KeyInfo.DEFAULT_ELEMENT_NAME);
            X509Data buildObject9 = x509DataBuilder.buildObject(X509Data.DEFAULT_ELEMENT_NAME);
            X509Certificate buildObject10 = x509CertificateBuilder.buildObject(X509Certificate.DEFAULT_ELEMENT_NAME);
            buildObject10.setValue(MoSAMLUtils.deserializePublicCertificate(moSAMLPluginSettings.getPublicSPCertificate()));
            buildObject9.getX509Certificates().add(buildObject10);
            buildObject8.getX509Datas().add(buildObject9);
            buildObject7.setKeyInfo(buildObject8);
            buildObject2.getKeyDescriptors().add(buildObject7);
        }
        SingleLogoutService buildObject11 = singleLogoutServiceBuilder.buildObject();
        buildObject11.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
        buildObject11.setLocation(moSAMLPluginSettings.getspSLOURL());
        buildObject2.getSingleLogoutServices().add(buildObject11);
        SingleLogoutService buildObject12 = singleLogoutServiceBuilder.buildObject();
        buildObject12.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
        buildObject12.setLocation(moSAMLPluginSettings.getspSLOURL());
        buildObject2.getSingleLogoutServices().add(buildObject12);
        ArrayList<String> arrayList = new ArrayList();
        arrayList.add("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
        arrayList.add("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
        arrayList.add("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
        arrayList.add("urn:oasis:names:tc:SAML:2.0:nameid-format:transient");
        for (String str : arrayList) {
            NameIDFormat buildObject13 = nameIDFormatBuilder.buildObject();
            buildObject13.setFormat(str);
            buildObject2.getNameIDFormats().add(buildObject13);
        }
        buildObject3.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
        buildObject3.setLocation(moSAMLPluginSettings.getSpAcsUrl());
        buildObject3.setIndex(1);
        buildObject2.getAssertionConsumerServices().add(buildObject3);
        buildObject.getRoleDescriptors().add(buildObject2);
        OrganizationName buildObject14 = organizationNameBuilder.buildObject();
        buildObject14.setName(new LocalizedString(moSAMLPluginSettings.getOrganizationName(), Locale.getDefault().getLanguage()));
        buildObject4.getOrganizationNames().add(buildObject14);
        OrganizationDisplayName buildObject15 = organizationDisplayNameBuilder.buildObject();
        buildObject15.setName(new LocalizedString(moSAMLPluginSettings.getOrganizationDisplayName(), Locale.getDefault().getLanguage()));
        buildObject4.getDisplayNames().add(buildObject15);
        OrganizationURL buildObject16 = organizationURLBuilder.buildObject();
        buildObject16.setURL(new LocalizedString(moSAMLPluginSettings.getOrganizationUrl(), Locale.getDefault().getLanguage()));
        buildObject4.getURLs().add(buildObject16);
        buildObject.setOrganization(buildObject4);
        buildObject5.setType(ContactPersonTypeEnumeration.TECHNICAL);
        GivenName buildObject17 = givenNameBuilder.buildObject();
        buildObject17.setName(moSAMLPluginSettings.getTechnicalContactName());
        buildObject5.setGivenName(buildObject17);
        EmailAddress buildObject18 = emailAddressBuilder.buildObject();
        buildObject18.setAddress(moSAMLPluginSettings.getTechnicalContactEmail());
        buildObject5.getEmailAddresses().add(buildObject18);
        buildObject6.setType(ContactPersonTypeEnumeration.SUPPORT);
        GivenName buildObject19 = givenNameBuilder.buildObject();
        buildObject19.setName(moSAMLPluginSettings.getSupportContactName());
        buildObject6.setGivenName(buildObject19);
        EmailAddress buildObject20 = emailAddressBuilder.buildObject();
        buildObject20.setAddress(moSAMLPluginSettings.getSupportContactEmail());
        buildObject6.getEmailAddresses().add(buildObject20);
        buildObject.getContactPersons().add(buildObject5);
        buildObject.getContactPersons().add(buildObject6);
        try {
            return XMLHelper.nodeToString(Configuration.getMarshallerFactory().getMarshaller(buildObject).marshall(buildObject));
        } catch (Exception e) {
            LOGGER.fine("Marshalling Exception:" + e);
            return null;
        }
    }

    public static String getMetadataFromFile(String str) {
        try {
            String readFileToString = FileUtils.readFileToString(new File(str.trim()), "UTF-8");
            LOGGER.fine("data from file is " + readFileToString);
            return readFileToString;
        } catch (IOException e) {
            LOGGER.fine("Error occurred in reading file " + e);
            return "";
        }
    }

    public static List<String> configureFromMetadata(String str) throws Exception {
        ArrayList arrayList = new ArrayList();
        MoIDPMetadata moIDPMetadata = new MoIDPMetadata(str.replaceAll("[^\\x20-\\x7e]", ""));
        try {
            String entityId = moIDPMetadata.getEntityId();
            String defaultIfBlank = StringUtils.defaultIfBlank(MoIDPMetadata.nameIdFormat, "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
            String str2 = moIDPMetadata.getSingleSignOnServices().containsKey("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect") ? moIDPMetadata.getSingleSignOnServices().get("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect") : moIDPMetadata.getSingleSignOnServices().get("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
            String str3 = moIDPMetadata.getSingleLogoutServices().size() > 0 ? moIDPMetadata.getSingleLogoutServices().containsKey("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect") ? moIDPMetadata.getSingleLogoutServices().get("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect") : moIDPMetadata.getSingleLogoutServices().get("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST") : "";
            arrayList.add(entityId);
            arrayList.add(defaultIfBlank);
            arrayList.add(str2);
            arrayList.add(str3);
            arrayList.add(moIDPMetadata.getSigningCertificates().get(0));
            return arrayList;
        } catch (Exception e) {
            LOGGER.fine("Error Occured while updating attributes" + e);
            throw new Exception("Can not save IDP configurations", e);
        }
    }

    @RequirePOST
    public HttpResponse doMoSamlAuth(StaplerRequest staplerRequest, StaplerResponse staplerResponse) throws IOException {
        boolean z = false;
        String parameter = staplerRequest.getParameter(MoSAMLUtils.RELAY_STATE_PARAM);
        if (nonceSet.contains(parameter)) {
            nonceSet.remove(parameter);
        } else {
            LOGGER.fine("Error in Nonce value, Repeated SAML response: ");
            z = true;
        }
        String str = (String) staplerRequest.getSession().getAttribute(MoSAMLUtils.RELAY_STATE_PARAM);
        String decode = StringUtils.isEmpty(str) ? "" : URLDecoder.decode(str, "UTF-8");
        if (StringUtils.isEmpty(decode)) {
            decode = getBaseUrl();
        }
        LOGGER.fine("Relay state is " + decode);
        recreateSession(staplerRequest);
        LOGGER.fine(" Reading SAML Response");
        String str2 = "";
        String str3 = "";
        MoSAMLPluginSettings moSAMLPluginSettings = getMoSAMLPluginSettings();
        MoSAMLManager moSAMLManager = new MoSAMLManager(getMoSAMLPluginSettings());
        MoSAMLTemplateManager moSAMLTemplateManager = new MoSAMLTemplateManager(getMoSAMLPluginSettings());
        try {
            MoSAMLResponse readSAMLResponse = moSAMLManager.readSAMLResponse(staplerRequest, staplerResponse, moSAMLPluginSettings);
            if (z && readSAMLResponse.getInResponseTo() != null) {
                throw new MoSAMLException("Invalid Response", MoSAMLException.SAMLErrorCode.RESPONDER);
            }
            if (StringUtils.contains(str, "testidpconfiguration")) {
                LOGGER.fine("Showing Test Configuration Result");
                moSAMLTemplateManager.showTestConfigurationResult(readSAMLResponse, staplerRequest, staplerResponse, null);
                return null;
            }
            LOGGER.fine("Not showing test config");
            if (readSAMLResponse.getAttributes().get(moSAMLPluginSettings.getUsernameAttribute()) != null && readSAMLResponse.getAttributes().get(moSAMLPluginSettings.getUsernameAttribute()).length == 1) {
                str2 = loadUserName(readSAMLResponse.getAttributes().get(moSAMLPluginSettings.getUsernameAttribute())[0]);
            }
            if (readSAMLResponse.getAttributes().get(moSAMLPluginSettings.getEmailAttribute()) != null && readSAMLResponse.getAttributes().get(moSAMLPluginSettings.getEmailAttribute()).length == 1) {
                str3 = readSAMLResponse.getAttributes().get(moSAMLPluginSettings.getEmailAttribute())[0];
            }
            LOGGER.fine("Username received: " + str2 + " email received = " + str3);
            LOGGER.fine("Login Method for Users is:" + moSAMLPluginSettings.getLoginType());
            if (moSAMLPluginSettings.getLoginType().equals("usernameLogin") && StringUtils.isNotBlank(str2)) {
                LOGGER.fine("User name Login Selected");
                String handleUsernameLogin = handleUsernameLogin(str2, moSAMLPluginSettings);
                User byId = User.getById(handleUsernameLogin, false);
                if (byId == null && !moSAMLPluginSettings.getUserCreate().booleanValue()) {
                    LOGGER.fine("User does not exist");
                    return doMoLogin(staplerRequest, staplerResponse, "<div class=\"alert alert-danger\">User does not Exist</div><br>");
                }
                if (byId != null || !moSAMLPluginSettings.getUserCreate().booleanValue()) {
                    return createSessionAndLoginUser(byId, staplerRequest, staplerResponse, false, moSAMLPluginSettings, decode);
                }
                User userCreateSAML = userCreateSAML(handleUsernameLogin(handleUsernameLogin, moSAMLPluginSettings), str3, moSAMLPluginSettings, readSAMLResponse);
                if (userCreateSAML != null) {
                    return createSessionAndLoginUser(userCreateSAML, staplerRequest, staplerResponse, true, moSAMLPluginSettings, decode);
                }
                LOGGER.fine("User creation Failed");
                return doMoLogin(staplerRequest, staplerResponse, "<div class=\"alert alert-danger\">User creation Failed. Please view logs for more information.<br>");
            }
            if (!moSAMLPluginSettings.getLoginType().equals("emailLogin") || !StringUtils.isNotBlank(str3)) {
                LOGGER.fine("Invalid login Attribute");
                return doMoLogin(staplerRequest, staplerResponse, "<div class=\"alert alert-danger\">Username not received in the SAML Response. Please check your configuration.</div><br>");
            }
            LOGGER.fine("Email Login Selected");
            ArrayList<String> handleEmailLogin = handleEmailLogin(staplerRequest, staplerResponse, str3, moSAMLPluginSettings, readSAMLResponse);
            if (handleEmailLogin.size() > 1) {
                LOGGER.fine("Multiple Mail Addresses");
                return doMoLogin(staplerRequest, staplerResponse, "<div class=\"alert alert-danger\">More than one user found with this email address.</div><br>");
            }
            if (handleEmailLogin.size() == 0 && !moSAMLPluginSettings.getUserCreate().booleanValue()) {
                LOGGER.fine("User does not exist and user creation is disabled");
                return doMoLogin(staplerRequest, staplerResponse, "<div class=\"alert alert-danger\">User does not Exist</div><br>");
            }
            if (handleEmailLogin.size() != 0 || !moSAMLPluginSettings.getUserCreate().booleanValue()) {
                return createSessionAndLoginUser(User.getById(handleEmailLogin.get(0), false), staplerRequest, staplerResponse, false, moSAMLPluginSettings, decode);
            }
            User userCreateSAML2 = userCreateSAML(str2, str3, moSAMLPluginSettings, readSAMLResponse);
            if (userCreateSAML2 != null) {
                return createSessionAndLoginUser(userCreateSAML2, staplerRequest, staplerResponse, true, moSAMLPluginSettings, decode);
            }
            LOGGER.fine("User creation Failed");
            return doMoLogin(staplerRequest, staplerResponse, "<div class=\"alert alert-danger\">User creation Failed.<br>");
        } catch (Exception e) {
            LOGGER.fine("Invalid response");
            return doMoLogin(staplerRequest, staplerResponse, "<div class=\"alert alert-danger\">Error occurred while reading response.</div><br>");
        }
    }

    private ArrayList<String> handleEmailLogin(StaplerRequest staplerRequest, StaplerResponse staplerResponse, String str, MoSAMLPluginSettings moSAMLPluginSettings, MoSAMLResponse moSAMLResponse) {
        ArrayList<String> arrayList = new ArrayList<>();
        try {
            for (User user : User.getAll()) {
                String address = user.getProperty(Mailer.UserProperty.class).getAddress();
                if (address != null && address.equals(str)) {
                    arrayList.add(user.getId());
                }
            }
            return arrayList;
        } catch (Exception e) {
            LOGGER.fine("Error Occurred while searching for user" + e);
            return arrayList;
        }
    }

    private User userCreateSAML(String str, String str2, MoSAMLPluginSettings moSAMLPluginSettings, MoSAMLResponse moSAMLResponse) {
        User user = null;
        try {
            user = User.getById(str, true);
            LOGGER.fine("Updating user attributes");
            attributeUpdate(moSAMLPluginSettings, user, moSAMLResponse, moSAMLPluginSettings.getLoginType());
            if (user != null) {
                user.addProperty(new Mailer.UserProperty(str2));
            }
            return user;
        } catch (IOException e) {
            e.printStackTrace();
            return user;
        }
    }

    public void attributeUpdate(MoSAMLPluginSettings moSAMLPluginSettings, User user, MoSAMLResponse moSAMLResponse, String str) {
        if (user != null) {
            try {
                LOGGER.fine("user is not null");
                modifyUserSamlCustomAttributes(user, moSAMLPluginSettings, moSAMLResponse);
            } catch (Exception e) {
                LOGGER.fine("Error occurred." + e);
            }
        }
    }

    private void modifyUserSamlCustomAttributes(User user, MoSAMLPluginSettings moSAMLPluginSettings, MoSAMLResponse moSAMLResponse) {
        LOGGER.fine("Adding custom Attributes");
        if (moSAMLPluginSettings.getSamlCustomAttributes().isEmpty() || user == null) {
            return;
        }
        MoSAMLuserProperty moSAMLuserProperty = new MoSAMLuserProperty(new ArrayList());
        Map<String, String[]> attributes = moSAMLResponse.getAttributes();
        for (String str : attributes.keySet()) {
            System.out.println(str.toString() + " " + Arrays.toString(attributes.get(str)));
        }
        for (MoAttributeEntry moAttributeEntry : getSamlCustomAttributes()) {
            LOGGER.fine("attributeEntry" + moAttributeEntry);
            if (moAttributeEntry instanceof MoAttribute) {
                MoAttribute moAttribute = (MoAttribute) moAttributeEntry;
                MoSAMLuserProperty.Attribute attribute = new MoSAMLuserProperty.Attribute(moAttribute.getName(), moAttribute.getDisplayName());
                LOGGER.fine(moAttribute.getName() + moAttribute.getDisplayName() + "sssS");
                if (attributes.containsKey(moAttribute.getName())) {
                    String str2 = attributes.get(moAttribute.getName())[0];
                    LOGGER.fine("AttributeVal" + str2);
                    attribute.setValue(str2);
                } else {
                    attribute.setValue("");
                }
                moSAMLuserProperty.getAttributes().add(attribute);
            }
        }
        try {
            user.addProperty(moSAMLuserProperty);
        } catch (IOException e) {
            LOGGER.fine("Error Occurred while updating attributes" + e);
        }
    }

    public SecurityRealm.SecurityComponents createSecurityComponents() {
        return new SecurityRealm.SecurityComponents(authentication -> {
            if (authentication instanceof MoSAMLAuthenticationTokenInfo) {
                return authentication;
            }
            throw new BadCredentialsException("Invalid Auth type " + authentication);
        });
    }

    private String handleUsernameLogin(String str, MoSAMLPluginSettings moSAMLPluginSettings) {
        if (StringUtils.isNotBlank(moSAMLPluginSettings.getRegexPattern()) && moSAMLPluginSettings.getEnableRegexPattern().booleanValue()) {
            LOGGER.fine("Regex Login for Username");
            try {
                Matcher matcher = Pattern.compile(StringUtils.trimToEmpty(moSAMLPluginSettings.getRegexPattern())).matcher(str);
                LOGGER.fine(String.valueOf(matcher));
                if (matcher.find()) {
                    if (matcher.groupCount() > 0) {
                        StringBuffer stringBuffer = new StringBuffer();
                        for (int i = 1; i <= matcher.groupCount(); i++) {
                            stringBuffer.append(matcher.group(i));
                        }
                        str = stringBuffer.toString();
                    } else {
                        str = matcher.group();
                    }
                }
            } catch (Exception e) {
                LOGGER.fine("Can't sign in regex pattern exception occured" + e);
                return str;
            }
        }
        return str;
    }

    public HttpResponse createSessionAndLoginUser(User user, StaplerRequest staplerRequest, StaplerResponse staplerResponse, Boolean bool, MoSAMLPluginSettings moSAMLPluginSettings, String str) {
        if (user == null) {
            LOGGER.fine("User does not exist.");
            return doMoLogin(staplerRequest, staplerResponse, "<div class=\"alert alert-danger\">User does not exist..</div><br>");
        }
        LOGGER.fine("User exists for Username: " + user.getId());
        HttpSession session = staplerRequest.getSession(false);
        if (session != null) {
            session.invalidate();
        }
        HttpSession session2 = staplerRequest.getSession(true);
        session2.setAttribute("sessionIndex", MoSAMLUtils.generateRandomAlphaNumericKey(16));
        session2.setAttribute("nameID", user.getId());
        UserDetails userDetailsForImpersonation2 = user.getUserDetailsForImpersonation2();
        LOGGER.fine("UserDetails" + userDetailsForImpersonation2);
        MoSAMLUserInfo moSAMLUserInfo = new MoSAMLUserInfo(user.getId(), userDetailsForImpersonation2.getAuthorities());
        SecurityContextHolder.getContext().setAuthentication(new MoSAMLAuthenticationTokenInfo(moSAMLUserInfo));
        SecurityListener.fireAuthenticated2(moSAMLUserInfo);
        SecurityListener.fireLoggedIn(user.getId());
        return HttpResponses.redirectTo(str);
    }

    public String getMetadataUrl() {
        return this.metadataUrl;
    }

    public String getMetadataFilePath() {
        return this.metadataFilePath;
    }

    public String getIdpEntityId() {
        return this.idpEntityId;
    }

    public String getSsoUrl() {
        return this.ssoUrl;
    }

    public String getPublicx509Certificate() {
        return this.publicx509Certificate;
    }

    public String getUsernameAttribute() {
        return StringUtils.isEmpty(this.usernameAttribute) ? "NameID" : this.usernameAttribute;
    }

    public String getEmailAttribute() {
        return StringUtils.isEmpty(this.emailAttribute) ? "NameID" : this.emailAttribute;
    }

    private void recreateSession(StaplerRequest staplerRequest) {
        HttpSession session = staplerRequest.getSession(false);
        if (session != null) {
            LOGGER.fine("Invalidate previous session");
            session.invalidate();
        }
        staplerRequest.getSession(true);
    }

    public String getNameIDFormat() {
        return this.nameIDFormat;
    }

    public Boolean getSignedRequest() {
        return Boolean.valueOf(BooleanUtils.toBooleanDefaultIfNull(this.signedRequest, true));
    }

    public Boolean getSplitnameAttribute() {
        return Boolean.valueOf(BooleanUtils.toBooleanDefaultIfNull(this.splitnameAttribute, false));
    }

    public Boolean getUserCreate() {
        return this.userCreate;
    }

    public Boolean getForceAuthn() {
        return this.forceAuthn;
    }

    public String getSslUrl() {
        return this.sslUrl;
    }

    public String getLoginType() {
        return this.loginType;
    }

    public String getRegexPattern() {
        return this.regexPattern;
    }

    public Boolean getEnableRegexPattern() {
        return this.enableRegexPattern;
    }

    public String getSsoBindingType() {
        return this.ssoBindingType;
    }

    public String getSloBindingType() {
        return this.sloBindingType;
    }

    public String getsPEntityID() {
        String rootUrl = Jenkins.get().getRootUrl();
        if (rootUrl.endsWith("/")) {
            rootUrl = rootUrl.substring(0, rootUrl.length() - 1);
        }
        return rootUrl;
    }

    public String getAudienceURI() {
        String rootUrl = Jenkins.get().getRootUrl();
        if (rootUrl.endsWith("/")) {
            rootUrl = rootUrl.substring(0, rootUrl.length() - 1);
        }
        return rootUrl;
    }

    public String getAcsURL() {
        String rootUrl = Jenkins.get().getRootUrl();
        if (rootUrl.endsWith("/")) {
            rootUrl = rootUrl.substring(0, rootUrl.length() - 1);
        }
        return rootUrl + "/securityRealm/moSamlAuth";
    }

    public String getSpLogoutURL() {
        String rootUrl = Jenkins.get().getRootUrl();
        if (rootUrl.endsWith("/")) {
            rootUrl = rootUrl.substring(0, rootUrl.length() - 1);
        }
        return rootUrl + "/securityRealm/logout";
    }

    public String getBackdoorURL() {
        String rootUrl = Jenkins.get().getRootUrl();
        if (rootUrl.endsWith("/")) {
            rootUrl = rootUrl.substring(0, rootUrl.length() - 1);
        }
        return rootUrl + "/securityRealm/moLoginAction";
    }

    public String getUsernameCaseConversion() {
        return this.usernameCaseConversion;
    }

    public String getFullnameAttribute() {
        return this.fullnameAttribute;
    }

    public Boolean getUserAttributeUpdate() {
        return this.userAttributeUpdate;
    }

    public String getNewUserGroup() {
        return this.newUserGroup;
    }

    public void setNewUserGroup(String str) {
        this.newUserGroup = str;
    }

    public String getAuthnContextClass() {
        return this.authnContextClass;
    }

    public void setAuthnContextClass(String str) {
        this.authnContextClass = str;
    }

    @NonNull
    public List<MoAttributeEntry> getSamlCustomAttributes() {
        return this.samlCustomAttributes == null ? Collections.emptyList() : this.samlCustomAttributes;
    }

    public void setSamlCustomAttribute(List<MoAttributeEntry> list) {
        this.samlCustomAttributes = list;
    }

    private MoSAMLPluginSettings getMoSAMLPluginSettings() {
        return new MoSAMLPluginSettings(this.idpEntityId, this.ssoUrl, this.metadataUrl, this.metadataFilePath, this.publicx509Certificate, this.usernameCaseConversion, this.usernameAttribute, this.emailAttribute, this.nameIDFormat, this.sslUrl, this.loginType, this.regexPattern, this.enableRegexPattern, this.signedRequest, this.userCreate, this.forceAuthn, this.ssoBindingType, this.sloBindingType, this.fullnameAttribute, this.samlCustomAttributes, this.userAttributeUpdate, this.newUserGroup, this.authnContextClass);
    }

    private MoSAMLManager getMoSAMLManager() {
        return new MoSAMLManager(getMoSAMLPluginSettings());
    }

    private String loadUserName(String str) {
        MoSAMLPluginSettings moSAMLPluginSettings = getMoSAMLPluginSettings();
        if ("lowercase".compareTo(moSAMLPluginSettings.getUsernameCaseConversion()) == 0) {
            str = str.toLowerCase();
        } else if ("uppercase".compareTo(moSAMLPluginSettings.getUsernameCaseConversion()) == 0) {
            str = str.toUpperCase();
        }
        return str;
    }
}
