package org.jenkinsci.plugins.authorizeproject.strategy;

import hudson.Extension;
import hudson.model.AbstractProject;
import hudson.model.Descriptor;
import hudson.model.Queue;
import hudson.model.User;
import hudson.security.ACL;
import hudson.util.FormValidation;
import java.io.IOException;
import java.util.Collections;
import java.util.logging.Level;
import java.util.logging.Logger;
import jenkins.model.Jenkins;
import net.sf.json.JSONObject;
import org.acegisecurity.Authentication;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.apache.commons.lang.StringUtils;
import org.jenkinsci.plugins.authorizeproject.AuthorizeProjectProperty;
import org.jenkinsci.plugins.authorizeproject.AuthorizeProjectStrategy;
import org.jenkinsci.plugins.authorizeproject.AuthorizeProjectStrategyDescriptor;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.StaplerRequest;

/* loaded from: input_file:org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategy.class */
public class SpecificUsersAuthorizationStrategy extends AuthorizeProjectStrategy {
    private static Logger LOGGER = Logger.getLogger(SpecificUsersAuthorizationStrategy.class.getName());
    private final String userid;
    private final boolean noNeedReauthentication;

    @Extension
    /* loaded from: input_file:org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategy$DescriptorImpl.class */
    public static class DescriptorImpl extends AuthorizeProjectStrategyDescriptor {
        public DescriptorImpl() {
        }

        protected DescriptorImpl(Class<? extends AuthorizeProjectStrategy> cls) {
            super(cls);
        }

        public String getDisplayName() {
            return Messages.SpecificUsersAuthorizationStrategy_DisplayName();
        }

        protected SpecificUsersAuthorizationStrategy newInstanceWithoutAuthentication(StaplerRequest staplerRequest, JSONObject jSONObject) throws Descriptor.FormException {
            String string = jSONObject.getString("userid");
            boolean z = jSONObject.getBoolean("noNeedReauthentication");
            if (StringUtils.isBlank(string)) {
                throw new Descriptor.FormException("userid must be specified", "userid");
            }
            return new SpecificUsersAuthorizationStrategy(string, z);
        }

        protected boolean authenticate(SpecificUsersAuthorizationStrategy specificUsersAuthorizationStrategy, String str) {
            try {
                Jenkins.getInstance().getSecurityRealm().getSecurityComponents().manager.authenticate(new UsernamePasswordAuthenticationToken(specificUsersAuthorizationStrategy.getUserid(), str));
                return true;
            } catch (Exception e) {
                SpecificUsersAuthorizationStrategy.LOGGER.log(Level.WARNING, String.format("Failed to authenticate %s", specificUsersAuthorizationStrategy.userid), (Throwable) e);
                return false;
            }
        }

        protected boolean authenticate(SpecificUsersAuthorizationStrategy specificUsersAuthorizationStrategy, StaplerRequest staplerRequest, JSONObject jSONObject) {
            return authenticate(specificUsersAuthorizationStrategy, jSONObject.getString("password"));
        }

        /* renamed from: newInstance, reason: merged with bridge method [inline-methods] */
        public SpecificUsersAuthorizationStrategy m6newInstance(StaplerRequest staplerRequest, JSONObject jSONObject) throws Descriptor.FormException {
            SpecificUsersAuthorizationStrategy newInstanceWithoutAuthentication = newInstanceWithoutAuthentication(staplerRequest, jSONObject);
            if (!SpecificUsersAuthorizationStrategy.isAuthenticateionRequired(newInstanceWithoutAuthentication, SpecificUsersAuthorizationStrategy.getCurrentStrategy((AbstractProject) staplerRequest.findAncestorObject(AbstractProject.class))) || authenticate(newInstanceWithoutAuthentication, staplerRequest, jSONObject)) {
                return newInstanceWithoutAuthentication;
            }
            throw new Descriptor.FormException(Messages.SpecificUsersAuthorizationStrategy_userid_authenticate(), "userid");
        }

        public String calcCheckPasswordRequestedUrl() {
            return String.format("'%s/%s/checkPasswordRequested' + qs(this).nearBy('userid').nearBy('noNeedReauthentication')", getCurrentDescriptorByNameUrl(), getDescriptorUrl());
        }

        public String doCheckPasswordRequested(StaplerRequest staplerRequest, @QueryParameter String str, @QueryParameter boolean z) {
            return Boolean.toString(SpecificUsersAuthorizationStrategy.isAuthenticateionRequired(new SpecificUsersAuthorizationStrategy(str, z), SpecificUsersAuthorizationStrategy.getCurrentStrategy((AbstractProject) staplerRequest.findAncestorObject(AbstractProject.class))));
        }

        public FormValidation doCheckUserid(@QueryParameter String str) {
            return StringUtils.isBlank(str) ? FormValidation.error(Messages.SpecificUsersAuthorizationStrategy_userid_required()) : FormValidation.ok();
        }

        public FormValidation doCheckPassword(StaplerRequest staplerRequest, @QueryParameter String str, @QueryParameter String str2, @QueryParameter boolean z) {
            if (SpecificUsersAuthorizationStrategy.isAuthenticateionRequired(new SpecificUsersAuthorizationStrategy(str, z), SpecificUsersAuthorizationStrategy.getCurrentStrategy((AbstractProject) staplerRequest.findAncestorObject(AbstractProject.class))) && StringUtils.isBlank(str2)) {
                return FormValidation.error(Messages.SpecificUsersAuthorizationStrategy_password_required());
            }
            return FormValidation.ok();
        }

        public FormValidation doCheckNoNeedReauthentication(@QueryParameter boolean z) {
            return z ? FormValidation.warning(Messages.SpecificUsersAuthorizationStrategy_noNeedReauthentication_usage()) : FormValidation.ok();
        }
    }

    public String getUserid() {
        return this.userid;
    }

    public boolean isNoNeedReauthentication() {
        return this.noNeedReauthentication;
    }

    public SpecificUsersAuthorizationStrategy(String str, boolean z) {
        this.userid = StringUtils.trim(str);
        this.noNeedReauthentication = z;
    }

    @Override // org.jenkinsci.plugins.authorizeproject.AuthorizeProjectStrategy
    public Authentication authenticate(AbstractProject<?, ?> abstractProject, Queue.Item item) {
        Authentication impersonate;
        User user = User.get(getUserid(), false, Collections.emptyMap());
        if (user != null && (impersonate = user.impersonate()) != null) {
            return impersonate;
        }
        return Jenkins.ANONYMOUS;
    }

    protected static boolean isAuthenticateionRequired(SpecificUsersAuthorizationStrategy specificUsersAuthorizationStrategy, SpecificUsersAuthorizationStrategy specificUsersAuthorizationStrategy2) {
        if (specificUsersAuthorizationStrategy == null || Jenkins.getInstance().hasPermission(Jenkins.ADMINISTER)) {
            return false;
        }
        User current = User.current();
        if (current == null || current.getId() == null || !current.getId().equals(specificUsersAuthorizationStrategy.getUserid())) {
            return specificUsersAuthorizationStrategy2 == null || !specificUsersAuthorizationStrategy2.isNoNeedReauthentication() || specificUsersAuthorizationStrategy2.getUserid() == null || !specificUsersAuthorizationStrategy2.getUserid().equals(specificUsersAuthorizationStrategy.getUserid());
        }
        return false;
    }

    protected static SpecificUsersAuthorizationStrategy getCurrentStrategy(AbstractProject<?, ?> abstractProject) {
        AuthorizeProjectProperty authorizeProjectProperty;
        if (abstractProject == null || (authorizeProjectProperty = (AuthorizeProjectProperty) abstractProject.getProperty(AuthorizeProjectProperty.class)) == null || !(authorizeProjectProperty.getStrategy() instanceof SpecificUsersAuthorizationStrategy)) {
            return null;
        }
        return (SpecificUsersAuthorizationStrategy) authorizeProjectProperty.getStrategy();
    }

    private Object readResolve() throws IOException {
        if (ACL.SYSTEM.equals(Jenkins.getAuthentication()) || !isAuthenticateionRequired(this, null)) {
            return this;
        }
        throw new IOException(Messages.SpecificUsersAuthorizationStrategy_userid_readResolve());
    }
}
