package io.jenkins.plugins.twofactor.jenkins.tfaMethodsAuth;

import hudson.model.Action;
import hudson.model.User;
import hudson.util.FormApply;
import io.jenkins.plugins.twofactor.constants.MoGlobalConfigConstant;
import io.jenkins.plugins.twofactor.constants.MoPluginUrls;
import io.jenkins.plugins.twofactor.jenkins.MoFilter;
import io.jenkins.plugins.twofactor.jenkins.tfaMethodsConfig.MoSecurityQuestionConfig;
import java.util.HashMap;
import java.util.Map;
import java.util.Random;
import java.util.logging.Logger;
import javax.servlet.http.HttpSession;
import jenkins.model.Jenkins;
import net.sf.json.JSONObject;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.StaplerResponse;
import org.kohsuke.stapler.interceptor.RequirePOST;

/* loaded from: input_file:io/jenkins/plugins/twofactor/jenkins/tfaMethodsAuth/MoSecurityQuestionAuth.class */
public class MoSecurityQuestionAuth implements Action {
    private String[] securityQuestionArray;
    private String[] securityAnswerArray;
    private static final Logger LOGGER = Logger.getLogger(MoSecurityQuestionAuth.class.getName());
    private static final Random RANDOM = new Random();
    int firstRandomSecurityQuestionIndex = 0;
    int secondRandomSecurityQuestionIndex = 1;
    public Map<String, Boolean> showWrongCredentialWarning = new HashMap();
    private final User user = User.current();

    public MoSecurityQuestionAuth() {
        try {
            if (this.user != null) {
                MoSecurityQuestionConfig moSecurityQuestionConfig = (MoSecurityQuestionConfig) this.user.getProperty(MoSecurityQuestionConfig.class);
                this.securityQuestionArray = new String[]{moSecurityQuestionConfig.getFirstSecurityQuestion(this.user), moSecurityQuestionConfig.getSecondSecurityQuestion(this.user), moSecurityQuestionConfig.getCustomSecurityQuestion(this.user)};
                this.securityAnswerArray = new String[]{moSecurityQuestionConfig.getFirstSecurityQuestionAnswer(this.user), moSecurityQuestionConfig.getSecondSecurityQuestionAnswer(this.user), moSecurityQuestionConfig.getCustomSecurityQuestionAnswer(this.user)};
            }
        } catch (Exception e) {
            LOGGER.fine("Error in getting security questions and answers for user authentication " + e.getMessage());
        }
    }

    public String getIconFileName() {
        return "";
    }

    public String getDisplayName() {
        return MoPluginUrls.Urls.MO_SECURITY_QUESTION_AUTH.getUrl();
    }

    public String getUrlName() {
        return MoPluginUrls.Urls.MO_SECURITY_QUESTION_AUTH.getUrl();
    }

    public String getUserId() {
        return this.user != null ? this.user.getId() : "";
    }

    private void initializeRandomTwoIndex() {
        this.firstRandomSecurityQuestionIndex = RANDOM.nextInt(3);
        this.secondRandomSecurityQuestionIndex = RANDOM.nextInt(2);
        if (this.secondRandomSecurityQuestionIndex >= this.firstRandomSecurityQuestionIndex) {
            this.secondRandomSecurityQuestionIndex++;
        }
    }

    public String getFirstRandomSecurityQuestion() {
        initializeRandomTwoIndex();
        return this.securityQuestionArray[this.firstRandomSecurityQuestionIndex];
    }

    public String getSecondRandomSecurityQuestion() {
        return this.securityQuestionArray[this.secondRandomSecurityQuestionIndex];
    }

    private String getFirstRandomSecurityQuestionAnswer() {
        return this.securityAnswerArray[this.firstRandomSecurityQuestionIndex];
    }

    private String getSecondRandomSecurityQuestionAnswer() {
        return this.securityAnswerArray[this.secondRandomSecurityQuestionIndex];
    }

    public boolean getShowWrongCredentialWarning() {
        return this.showWrongCredentialWarning.getOrDefault(this.user.getId(), false).booleanValue();
    }

    private boolean validateUserAnswers(JSONObject jSONObject) {
        return jSONObject.get("userFirstAuthenticationAnswer").toString().equals(getFirstRandomSecurityQuestionAnswer()) && jSONObject.get("userSecondAuthenticationAnswer").toString().equals(getSecondRandomSecurityQuestionAnswer());
    }

    @RequirePOST
    public void doSecurityQuestionAuthenticate(StaplerRequest staplerRequest, StaplerResponse staplerResponse) throws Exception {
        Jenkins.get().checkPermission(Jenkins.READ);
        JSONObject submittedForm = staplerRequest.getSubmittedForm();
        HttpSession session = staplerRequest.getSession(false);
        String rootUrl = Jenkins.get().getRootUrl();
        LOGGER.fine("Authenticating user tfa security answers");
        try {
            if (this.user == null) {
                return;
            }
            if (validateUserAnswers(submittedForm)) {
                LOGGER.fine(this.user.getId() + " user is authentic");
                if (session != null) {
                    rootUrl = (String) session.getAttribute("tfaRelayState");
                    session.removeAttribute("tfaRelayState");
                    session.setAttribute(this.user.getId() + MoGlobalConfigConstant.UtilityGlobalConstants.SESSION_2FA_VERIFICATION.getKey(), "true");
                    MoFilter.userAuthenticationStatus.put(this.user.getId(), true);
                }
                this.showWrongCredentialWarning.put(this.user.getId(), false);
            } else {
                LOGGER.fine("User is not authentic");
                rootUrl = "./";
                this.showWrongCredentialWarning.put(this.user.getId(), true);
            }
            LOGGER.fine("Redirecting user to " + rootUrl);
            if (rootUrl == null) {
                rootUrl = Jenkins.get().getRootUrl();
            }
            FormApply.success(rootUrl).generateResponse(staplerRequest, staplerResponse, (Object) null);
        } catch (Exception e) {
            LOGGER.fine("Exception while authenticating/Logging out the user " + e.getMessage());
        }
    }
}
