package org.jenkinsci.plugins.oic;

import com.google.api.client.auth.oauth2.AuthorizationCodeFlow;
import com.google.api.client.auth.oauth2.AuthorizationCodeRequestUrl;
import com.google.api.client.auth.oauth2.AuthorizationCodeResponseUrl;
import com.google.api.client.auth.openidconnect.IdToken;
import com.google.common.annotations.VisibleForTesting;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import hudson.model.Failure;
import hudson.remoting.Base64;
import java.io.IOException;
import java.io.Serializable;
import java.nio.charset.StandardCharsets;
import java.util.UUID;
import javax.servlet.http.HttpSession;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.DoNotUse;
import org.kohsuke.stapler.HttpRedirect;
import org.kohsuke.stapler.HttpResponse;
import org.kohsuke.stapler.Stapler;
import org.kohsuke.stapler.StaplerRequest;

/* loaded from: input_file:org/jenkinsci/plugins/oic/OicSession.class */
abstract class OicSession implements Serializable {
    private static final long serialVersionUID = 1;

    @VisibleForTesting
    String state = Base64.encode(UUID.randomUUID().toString().getBytes(StandardCharsets.UTF_8)).substring(0, 20);

    @VisibleForTesting
    String nonce = UUID.randomUUID().toString();
    private final String from;
    private final String redirectUrl;
    private String idToken;
    private static final String SESSION_NAME = OicSession.class.getName();

    /* JADX INFO: Access modifiers changed from: package-private */
    public OicSession(String str, String str2) {
        this.from = str;
        this.redirectUrl = str2;
    }

    @SuppressFBWarnings({"J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION"})
    private void setupOicSession(HttpSession httpSession) {
        httpSession.setAttribute(SESSION_NAME, this);
    }

    @Restricted({DoNotUse.class})
    public HttpResponse commenceLogin(boolean z, AuthorizationCodeFlow authorizationCodeFlow) {
        setupOicSession(Stapler.getCurrentRequest().getSession());
        AuthorizationCodeRequestUrl redirectUri = authorizationCodeFlow.newAuthorizationUrl().setState(this.state).setRedirectUri(this.redirectUrl);
        if (z) {
            this.nonce = null;
        } else {
            redirectUri.set("nonce", this.nonce);
        }
        return new HttpRedirect(redirectUri.toString());
    }

    public HttpResponse finishLogin(StaplerRequest staplerRequest, AuthorizationCodeFlow authorizationCodeFlow) throws IOException {
        StringBuffer requestURL = staplerRequest.getRequestURL();
        if (staplerRequest.getQueryString() != null) {
            requestURL.append('?').append(staplerRequest.getQueryString());
        }
        AuthorizationCodeResponseUrl authorizationCodeResponseUrl = new AuthorizationCodeResponseUrl(requestURL.toString());
        if (!this.state.equals(authorizationCodeResponseUrl.getState())) {
            return new Failure("State is invalid");
        }
        if (authorizationCodeResponseUrl.getError() != null) {
            return new Failure("Error from provider: " + authorizationCodeResponseUrl.getError() + ". Details: " + authorizationCodeResponseUrl.getErrorDescription());
        }
        String code = authorizationCodeResponseUrl.getCode();
        if (code == null) {
            return new Failure("Missing authorization code");
        }
        HttpSession session = staplerRequest.getSession(false);
        if (session != null) {
            session.invalidate();
        }
        setupOicSession(staplerRequest.getSession(true));
        return onSuccess(code, authorizationCodeFlow);
    }

    protected String getFrom() {
        return this.from;
    }

    public String getState() {
        return this.state;
    }

    protected abstract HttpResponse onSuccess(String str, AuthorizationCodeFlow authorizationCodeFlow);

    /* JADX INFO: Access modifiers changed from: protected */
    public final boolean validateNonce(IdToken idToken) {
        if (idToken == null || this.nonce == null) {
            return true;
        }
        return this.nonce.equals(idToken.getPayload().getNonce());
    }

    public static OicSession getCurrent() {
        return (OicSession) Stapler.getCurrentRequest().getSession().getAttribute(SESSION_NAME);
    }

    public void setIdToken(String str) {
        this.idToken = str;
    }

    public String getIdToken() {
        return this.idToken;
    }
}
