package org.jenkinsci.plugins.cas.spring;

import hudson.tasks.Mailer;
import java.io.IOException;
import java.util.Collection;
import java.util.Iterator;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.GrantedAuthorityImpl;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.userdetails.UserDetails;
import org.jenkinsci.plugins.cas.spring.security.CasAuthentication;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationListener;
import org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent;
import org.springframework.security.cas.authentication.CasAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.User;

/* loaded from: input_file:org/jenkinsci/plugins/cas/spring/CasEventListener.class */
public class CasEventListener implements ApplicationListener {
    public static final String DEFAULT_FULL_NAME_ATTRIBUTE = "cn";
    public static final String DEFAULT_EMAIL_ATTRIBUTE = "mail";
    public static final String CAS_NO_PASSWORD = "NO_PASSWORD";
    private String fullNameAttribute = DEFAULT_FULL_NAME_ATTRIBUTE;
    private String emailAttribute = DEFAULT_EMAIL_ATTRIBUTE;

    public void onApplicationEvent(ApplicationEvent applicationEvent) {
        if (applicationEvent instanceof InteractiveAuthenticationSuccessEvent) {
            onSuccessfulAuthentication(((InteractiveAuthenticationSuccessEvent) applicationEvent).getAuthentication());
        }
    }

    protected void onSuccessfulAuthentication(Authentication authentication) {
        if (authentication instanceof CasAuthenticationToken) {
            CasAuthenticationToken casAuthenticationToken = (CasAuthenticationToken) authentication;
            try {
                copyToAcegiContext(casAuthenticationToken);
                syncUserAttributes(casAuthenticationToken);
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        }
    }

    protected void copyToAcegiContext(CasAuthenticationToken casAuthenticationToken) {
        GrantedAuthority[] grantedAuthorityArr = new GrantedAuthority[casAuthenticationToken.getAuthorities().size()];
        int i = 0;
        Iterator it = casAuthenticationToken.getAuthorities().iterator();
        while (it.hasNext()) {
            int i2 = i;
            i++;
            grantedAuthorityArr[i2] = new GrantedAuthorityImpl(((org.springframework.security.core.GrantedAuthority) it.next()).getAuthority());
        }
        User userDetails = casAuthenticationToken.getUserDetails();
        org.acegisecurity.userdetails.User user = new org.acegisecurity.userdetails.User(userDetails.getUsername(), CAS_NO_PASSWORD, userDetails.isEnabled(), userDetails.isAccountNonExpired(), userDetails.isCredentialsNonExpired(), userDetails.isAccountNonLocked(), grantedAuthorityArr);
        SecurityContextHolder.getContext().setAuthentication(new CasAuthentication(casAuthenticationToken.getKeyHash(), (Object) user, casAuthenticationToken.getCredentials(), grantedAuthorityArr, (UserDetails) user, casAuthenticationToken.getAssertion()));
    }

    protected void syncUserAttributes(CasAuthenticationToken casAuthenticationToken) throws IOException {
        if (casAuthenticationToken.getAssertion() == null || casAuthenticationToken.getAssertion().getPrincipal() == null || casAuthenticationToken.getAssertion().getPrincipal().getAttributes() == null) {
            return;
        }
        hudson.model.User user = hudson.model.User.get(casAuthenticationToken.getName());
        String attributeValue = getAttributeValue(casAuthenticationToken, getFullNameAttribute());
        if (attributeValue != null) {
            user.setFullName(attributeValue);
        }
        String attributeValue2 = getAttributeValue(casAuthenticationToken, getEmailAttribute());
        if (attributeValue2 != null) {
            user.addProperty(new Mailer.UserProperty(attributeValue2));
        }
        user.save();
    }

    protected String getAttributeValue(CasAuthenticationToken casAuthenticationToken, String str) {
        Object obj;
        if (casAuthenticationToken == null || casAuthenticationToken.getAssertion() == null || casAuthenticationToken.getAssertion().getPrincipal() == null || casAuthenticationToken.getAssertion().getPrincipal().getAttributes() == null || str == null || (obj = casAuthenticationToken.getAssertion().getPrincipal().getAttributes().get(str)) == null) {
            return null;
        }
        return obj instanceof Collection ? (String) ((Collection) obj).iterator().next() : obj.toString();
    }

    public String getFullNameAttribute() {
        return this.fullNameAttribute;
    }

    public void setFullNameAttribute(String str) {
        if (str == null) {
            this.fullNameAttribute = DEFAULT_FULL_NAME_ATTRIBUTE;
        } else {
            this.fullNameAttribute = str;
        }
    }

    public String getEmailAttribute() {
        return this.emailAttribute;
    }

    public void setEmailAttribute(String str) {
        if (str == null) {
            this.emailAttribute = DEFAULT_EMAIL_ATTRIBUTE;
        } else {
            this.emailAttribute = str;
        }
    }
}
