package org.conjur.jenkins.authenticator;

import hudson.model.ModelObject;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.logging.Level;
import java.util.logging.Logger;
import jenkins.model.GlobalConfiguration;
import okhttp3.MediaType;
import okhttp3.Request;
import okhttp3.RequestBody;
import okhttp3.Response;
import okhttp3.ResponseBody;
import org.conjur.jenkins.api.ConjurAPIUtils;
import org.conjur.jenkins.api.ConjurAuthnInfo;
import org.conjur.jenkins.configuration.GlobalConjurConfiguration;
import org.conjur.jenkins.exceptions.AuthenticationConjurException;
import org.conjur.jenkins.jwtauth.impl.JwtToken;

/* loaded from: input_file:org/conjur/jenkins/authenticator/ConjurJWTAuthenticator.class */
public class ConjurJWTAuthenticator extends AbstractAuthenticator {
    private static final Logger LOGGER = Logger.getLogger(ConjurJWTAuthenticator.class.getName());

    @Override // org.conjur.jenkins.authenticator.AbstractAuthenticator
    public String getName() {
        return "JWT";
    }

    @Override // org.conjur.jenkins.authenticator.AbstractAuthenticator
    public byte[] getAuthorizationToken(ConjurAuthnInfo conjurAuthnInfo, ModelObject modelObject) throws IOException {
        byte[] bArr = null;
        LOGGER.log(Level.FINEST, String.format("Authenticating with Conjur (JWT) conjurAuthn.authnPath %s conjurAuthn.account %s conjurAuthn.applianceUrl %s", conjurAuthnInfo.authnPath, conjurAuthnInfo.account, conjurAuthnInfo.applianceUrl));
        Request request = null;
        if (conjurAuthnInfo.apiKey != null && conjurAuthnInfo.authnPath != null) {
            request = new Request.Builder().url(String.format("%s/%s/%s/authenticate", conjurAuthnInfo.applianceUrl, !conjurAuthnInfo.authnPath.contains("/") ? "authn-jwt/" + conjurAuthnInfo.authnPath : conjurAuthnInfo.authnPath, conjurAuthnInfo.account)).post(RequestBody.create(MediaType.parse("text/plain"), conjurAuthnInfo.apiKey)).build();
        }
        if (request != null) {
            Response execute = ConjurAPIUtils.getHttpClient(conjurAuthnInfo.conjurConfiguration).newCall(request).execute();
            ResponseBody body = execute.body();
            if (body != null) {
                bArr = Base64.getEncoder().withoutPadding().encodeToString(body.string().getBytes(StandardCharsets.UTF_8)).getBytes(StandardCharsets.US_ASCII);
                LOGGER.log(Level.FINEST, () -> {
                    return "Conjur Authenticate response " + execute.code() + " - " + execute.message();
                });
            }
            if (execute.code() != 200) {
                if (execute.code() == 401) {
                    throw new AuthenticationConjurException(execute.code());
                }
                throw new IOException("[" + execute.code() + "] - " + execute.message());
            }
        } else {
            LOGGER.log(Level.SEVERE, "Cannot create http call. JWTAuthentication failed.");
        }
        return bArr;
    }

    @Override // org.conjur.jenkins.authenticator.AbstractAuthenticator
    public void fillAuthnInfo(ConjurAuthnInfo conjurAuthnInfo, ModelObject modelObject) {
        GlobalConjurConfiguration globalConjurConfiguration = (GlobalConjurConfiguration) GlobalConfiguration.all().get(GlobalConjurConfiguration.class);
        String token = JwtToken.getToken(modelObject, globalConjurConfiguration);
        conjurAuthnInfo.login = null;
        if (globalConjurConfiguration != null) {
            conjurAuthnInfo.authnPath = globalConjurConfiguration.getAuthWebServiceId();
        }
        byte[] bytes = "jwt=".getBytes(StandardCharsets.US_ASCII);
        byte[] bytes2 = token.getBytes(StandardCharsets.US_ASCII);
        byte[] bArr = new byte[bytes.length + bytes2.length];
        System.arraycopy(bytes, 0, bArr, 0, bytes.length);
        System.arraycopy(bytes2, 0, bArr, bytes.length, bytes2.length);
        conjurAuthnInfo.apiKey = bArr;
    }
}
