package io.jenkins.plugins.twofactor.jenkins.tfaMethodsAuth;

import hudson.Util;
import hudson.model.Action;
import hudson.model.User;
import hudson.tasks.Mailer;
import hudson.tasks.SMTPAuthentication;
import hudson.util.FormApply;
import hudson.util.Secret;
import io.jenkins.plugins.twofactor.constants.MoGlobalConfigConstant;
import io.jenkins.plugins.twofactor.constants.MoPluginUrls;
import io.jenkins.plugins.twofactor.jenkins.MoFilter;
import io.jenkins.plugins.twofactor.jenkins.MoGlobalConfig;
import io.jenkins.plugins.twofactor.jenkins.MoUserAuth;
import io.jenkins.plugins.twofactor.jenkins.tfaMethodsConfig.MoOtpOverEmailConfig;
import jakarta.mail.Address;
import jakarta.mail.Authenticator;
import jakarta.mail.Message;
import jakarta.mail.PasswordAuthentication;
import jakarta.mail.Session;
import jakarta.mail.Transport;
import jakarta.mail.internet.MimeMessage;
import java.io.IOException;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import java.util.Random;
import java.util.logging.Logger;
import javax.servlet.ServletException;
import javax.servlet.http.HttpSession;
import jenkins.model.Jenkins;
import net.sf.json.JSONObject;
import org.apache.commons.lang.StringUtils;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.StaplerResponse;
import org.kohsuke.stapler.interceptor.RequirePOST;

/* loaded from: input_file:io/jenkins/plugins/twofactor/jenkins/tfaMethodsAuth/MoOtpOverEmailAuth.class */
public class MoOtpOverEmailAuth implements Action {
    public Map<String, Boolean> showWrongCredentialWarning = new HashMap();
    private final User user = User.current();
    private static final Logger LOGGER = Logger.getLogger(MoOtpOverEmailAuth.class.getName());
    private static final Map<String, String> sentOtp = new HashMap();
    private static final Random RANDOM = new Random();

    public String getIconFileName() {
        return "";
    }

    public String getDisplayName() {
        return MoPluginUrls.Urls.MO_OTP_OVER_EMAIL_AUTH.getUrl();
    }

    public String getUrlName() {
        return MoPluginUrls.Urls.MO_OTP_OVER_EMAIL_AUTH.getUrl();
    }

    public boolean isOtpSentToUser() {
        return !sentOtp.getOrDefault(this.user.getId(), "").equals("");
    }

    public String getUserEmailAddress() {
        return this.user.getProperty(Mailer.UserProperty.class).getAddress();
    }

    public String getUserId() {
        return this.user != null ? this.user.getId() : "";
    }

    public boolean isUserAuthenticatedFromTfa() {
        return MoFilter.userAuthenticationStatus.getOrDefault(this.user.getId(), false).booleanValue();
    }

    public boolean getShowWrongCredentialWarning() {
        return this.showWrongCredentialWarning.getOrDefault(this.user.getId(), false).booleanValue();
    }

    public boolean isOtpOverEmailConfigured() {
        MoOtpOverEmailConfig moOtpOverEmailConfig = (MoOtpOverEmailConfig) this.user.getProperty(MoOtpOverEmailConfig.class);
        return moOtpOverEmailConfig != null && moOtpOverEmailConfig.isConfigured().booleanValue();
    }

    private String createOtp(int i) {
        char[] cArr = new char[i];
        for (int i2 = 0; i2 < i; i2++) {
            cArr[i2] = "0123456789".charAt(RANDOM.nextInt("0123456789".length()));
        }
        return String.valueOf(cArr);
    }

    private static Session createSession(String str, String str2, boolean z, boolean z2, String str3, Secret secret) {
        String fixEmptyAndTrim = Util.fixEmptyAndTrim(str);
        String fixEmptyAndTrim2 = Util.fixEmptyAndTrim(str2);
        String fixEmptyAndTrim3 = Util.fixEmptyAndTrim(str3);
        Properties properties = new Properties(System.getProperties());
        if (fixEmptyAndTrim != null) {
            properties.put("mail.smtp.host", fixEmptyAndTrim);
        }
        if (fixEmptyAndTrim2 != null) {
            properties.put("mail.smtp.port", fixEmptyAndTrim2);
        }
        if (z) {
            if (properties.getProperty("mail.smtp.socketFactory.port") == null) {
                String str4 = fixEmptyAndTrim2 == null ? "465" : fixEmptyAndTrim2;
                properties.put("mail.smtp.port", str4);
                properties.put("mail.smtp.socketFactory.port", str4);
            }
            if (properties.getProperty("mail.smtp.ssl.enable") == null) {
                properties.put("mail.smtp.ssl.enable", "true");
                properties.put("mail.smtp.ssl.checkserveridentity", true);
            }
            properties.put("mail.smtp.socketFactory.fallback", "false");
            if (properties.getProperty("mail.smtp.ssl.checkserveridentity") == null) {
                properties.put("mail.smtp.ssl.checkserveridentity", "true");
            }
        }
        if (z2) {
            if (properties.getProperty("mail.smtp.socketFactory.port") == null) {
                String str5 = fixEmptyAndTrim2 == null ? "587" : fixEmptyAndTrim2;
                properties.put("mail.smtp.port", str5);
                properties.put("mail.smtp.socketFactory.port", str5);
            }
            properties.put("mail.smtp.starttls.enable", "true");
            properties.put("mail.smtp.starttls.required", "true");
        }
        if (fixEmptyAndTrim3 != null) {
            properties.put("mail.smtp.auth", "true");
        }
        properties.put("mail.smtp.timeout", "60000");
        properties.put("mail.smtp.connectiontimeout", "60000");
        return Session.getInstance(properties, getAuthenticator(fixEmptyAndTrim3, Secret.toString(secret)));
    }

    private static Authenticator getAuthenticator(final String str, final String str2) {
        if (str == null) {
            return null;
        }
        return new Authenticator() { // from class: io.jenkins.plugins.twofactor.jenkins.tfaMethodsAuth.MoOtpOverEmailAuth.1
            protected PasswordAuthentication getPasswordAuthentication() {
                return new PasswordAuthentication(str, str2);
            }
        };
    }

    public void sendMail() {
        try {
            LOGGER.fine("Sending mail for otpOverEmail method");
            Mailer.DescriptorImpl descriptor = Mailer.descriptor();
            String smtpHost = descriptor.getSmtpHost();
            String senderEmailAddress = MoGlobalConfig.get().getOtpOverEmailDto().getSenderEmailAddress();
            SMTPAuthentication authentication = descriptor.getAuthentication();
            String username = authentication != null ? authentication.getUsername() : null;
            Secret password = authentication != null ? authentication.getPassword() : null;
            boolean useSsl = descriptor.getUseSsl();
            boolean useTls = descriptor.getUseTls();
            String smtpPort = descriptor.getSmtpPort();
            String charset = descriptor.getCharset();
            String userEmailAddress = getUserEmailAddress();
            MimeMessage mimeMessage = new MimeMessage(createSession(smtpHost, smtpPort, useSsl, useTls, username, password));
            sentOtp.put(this.user.getId(), createOtp(5));
            String customOTPEmailSubject = MoGlobalConfig.get().getAdvancedSettings().getCustomOTPEmailSubject();
            if (StringUtils.isBlank(customOTPEmailSubject)) {
                customOTPEmailSubject = MoGlobalConfigConstant.AdvanceSettingsConstants.DEFAULT_OTP_EMAIL_SUBJECT.getValue();
            }
            String customOTPEmailTemplate = MoGlobalConfig.get().getAdvancedSettings().getCustomOTPEmailTemplate();
            if (StringUtils.isBlank(customOTPEmailTemplate)) {
                customOTPEmailTemplate = MoGlobalConfigConstant.AdvanceSettingsConstants.DEFAULT_OTP_EMAIL_TEMPLATE.getValue();
            }
            if (customOTPEmailSubject.contains("$username")) {
                customOTPEmailSubject = customOTPEmailSubject.replace("$username", this.user.getId());
            }
            if (customOTPEmailSubject.contains("$otp")) {
                customOTPEmailSubject = customOTPEmailSubject.replace("$otp", sentOtp.get(this.user.getId()));
            }
            if (customOTPEmailTemplate.contains("$username")) {
                customOTPEmailTemplate = customOTPEmailTemplate.replace("$username", this.user.getId());
            }
            if (customOTPEmailTemplate.contains("$otp")) {
                customOTPEmailTemplate = customOTPEmailTemplate.replace("$otp", sentOtp.get(this.user.getId()));
            }
            mimeMessage.setSubject(customOTPEmailSubject);
            mimeMessage.setContent(customOTPEmailTemplate, "text/html");
            mimeMessage.setFrom(Mailer.stringToAddress(senderEmailAddress, charset));
            if (StringUtils.isNotBlank(userEmailAddress)) {
                mimeMessage.setReplyTo(new Address[]{Mailer.stringToAddress(userEmailAddress, charset)});
            }
            mimeMessage.setSentDate(new Date());
            mimeMessage.setRecipient(Message.RecipientType.TO, Mailer.stringToAddress(userEmailAddress, charset));
            Transport.send(mimeMessage);
        } catch (RuntimeException e) {
            LOGGER.fine("Run time exception occur" + e.getMessage());
            throw e;
        } catch (Exception e2) {
            LOGGER.fine("Failed in sending mail, error is " + e2.getMessage());
        }
    }

    @RequirePOST
    public void doResendOtp(StaplerRequest staplerRequest, StaplerResponse staplerResponse) throws ServletException, IOException {
        Jenkins.get().checkPermission(Jenkins.READ);
        try {
            sendMail();
        } catch (Exception e) {
            LOGGER.fine("Failed to send mail to user " + e.getMessage());
        }
        FormApply.success("./").generateResponse(staplerRequest, staplerResponse, (Object) null);
    }

    @RequirePOST
    public void doSaveOrValidateOtpOverEmailConfig(StaplerRequest staplerRequest, StaplerResponse staplerResponse) throws Exception {
        String str;
        Jenkins.get().checkPermission(Jenkins.READ);
        if (sentOtp.get(this.user.getId()) == null) {
            return;
        }
        boolean isOtpOverEmailConfigured = isOtpOverEmailConfigured();
        JSONObject submittedForm = staplerRequest.getSubmittedForm();
        String str2 = staplerRequest.getContextPath() + "./";
        try {
            String string = submittedForm.getString("emailOtpForVerification");
            HttpSession session = staplerRequest.getSession(false);
            LOGGER.fine(isOtpOverEmailConfigured ? "Authenticating the OTPOverEmail  OTP to login user" : "Authenticating the OTP to set OTPOverEmailConfig for user");
            MoOtpOverEmailConfig moOtpOverEmailConfig = (MoOtpOverEmailConfig) this.user.getProperty(MoOtpOverEmailConfig.class);
            if (string.equals(sentOtp.get(this.user.getId()))) {
                LOGGER.fine("Otp is authentic");
                moOtpOverEmailConfig.setConfigured(true);
                sentOtp.remove(this.user.getId());
                str = MoUserAuth.allow2FaAccessAndRedirect(session, this.user, this.showWrongCredentialWarning);
            } else {
                LOGGER.fine("Entered wrong otp for otpOverEmailConfig");
                str = "./";
                this.showWrongCredentialWarning.put(this.user.getId(), true);
            }
            if (!isOtpOverEmailConfigured) {
                this.user.save();
            }
            if (str == null) {
                str = Jenkins.get().getRootUrl();
            }
            LOGGER.fine("Redirecting" + this.user.getId() + " from otpOverEmailAuth to " + str);
            FormApply.success(str).generateResponse(staplerRequest, staplerResponse, (Object) null);
            LOGGER.fine("Redirecting user from otpOverEmailAuth to " + str);
            FormApply.success(str).generateResponse(staplerRequest, staplerResponse, (Object) null);
        } catch (RuntimeException e) {
            throw e;
        } catch (Exception e2) {
            LOGGER.fine("Something went wrong in Otp Over Email, Form is not filled correctly ");
            throw new Exception("Something went wrong in Otp Over Email, exception is " + e2.getMessage());
        }
    }
}
