package org.jenkinsci.plugins.oic;

import com.google.api.client.auth.oauth2.AuthorizationCodeFlow;
import com.google.api.client.auth.oauth2.AuthorizationCodeResponseUrl;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import hudson.model.Failure;
import hudson.remoting.Base64;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.UUID;
import org.kohsuke.stapler.HttpRedirect;
import org.kohsuke.stapler.HttpResponse;
import org.kohsuke.stapler.Stapler;
import org.kohsuke.stapler.StaplerRequest;

/* loaded from: input_file:WEB-INF/lib/oic-auth.jar:org/jenkinsci/plugins/oic/OicSession.class */
abstract class OicSession {
    private final AuthorizationCodeFlow flow;
    private final String state = Base64.encode(UUID.randomUUID().toString().getBytes(StandardCharsets.UTF_8)).substring(0, 20);
    private final String from;
    private final String redirectUrl;
    private String idToken;
    private static final String SESSION_NAME = OicSession.class.getName();

    /* JADX INFO: Access modifiers changed from: package-private */
    public OicSession(AuthorizationCodeFlow authorizationCodeFlow, String str, String str2) {
        this.flow = authorizationCodeFlow;
        this.from = str;
        this.redirectUrl = str2;
    }

    @SuppressFBWarnings({"J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION"})
    public HttpResponse doCommenceLogin() throws IOException {
        Stapler.getCurrentRequest().getSession().setAttribute(SESSION_NAME, this);
        return new HttpRedirect(this.flow.newAuthorizationUrl().setState(this.state).setRedirectUri(this.redirectUrl).toString());
    }

    public HttpResponse doFinishLogin(StaplerRequest staplerRequest) throws IOException {
        StringBuffer requestURL = staplerRequest.getRequestURL();
        if (staplerRequest.getQueryString() != null) {
            requestURL.append('?').append(staplerRequest.getQueryString());
        }
        AuthorizationCodeResponseUrl authorizationCodeResponseUrl = new AuthorizationCodeResponseUrl(requestURL.toString());
        if (!this.state.equals(authorizationCodeResponseUrl.getState())) {
            return new Failure("State is invalid");
        }
        String code = authorizationCodeResponseUrl.getCode();
        return authorizationCodeResponseUrl.getError() != null ? new Failure("Error from provider: " + authorizationCodeResponseUrl.getError() + ". Details: " + authorizationCodeResponseUrl.getErrorDescription()) : code == null ? new Failure("Missing authorization code") : onSuccess(code);
    }

    protected String getFrom() {
        return this.from;
    }

    public String getState() {
        return this.state;
    }

    protected abstract HttpResponse onSuccess(String str) throws IOException;

    public static OicSession getCurrent() {
        return (OicSession) Stapler.getCurrentRequest().getSession().getAttribute(SESSION_NAME);
    }

    public void setIdToken(String str) {
        this.idToken = str;
    }

    public String getIdToken() {
        return this.idToken;
    }
}
