package hudson.plugins.openid.impl;

import com.cloudbees.openid4java.team.TeamExtensionFactory;
import com.cloudbees.openid4java.team.TeamExtensionRequest;
import com.cloudbees.openid4java.team.TeamExtensionResponse;
import hudson.Extension;
import hudson.model.Hudson;
import hudson.plugins.openid.Identity;
import hudson.plugins.openid.OpenIdExtension;
import hudson.security.SecurityRealm;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.GrantedAuthorityImpl;
import org.openid4java.message.AuthRequest;
import org.openid4java.message.AuthSuccess;
import org.openid4java.message.MessageException;

@Extension
/* loaded from: input_file:WEB-INF/classes/hudson/plugins/openid/impl/TeamsExtension.class */
public class TeamsExtension extends OpenIdExtension {
    private static final Logger LOGGER;
    public static boolean DISABLE;

    @Override // hudson.plugins.openid.OpenIdExtension
    public void extend(AuthRequest authRequest) throws MessageException {
        if (DISABLE) {
            return;
        }
        TeamExtensionRequest teamExtensionRequest = new TeamExtensionRequest();
        Collection<String> groups = Hudson.getInstance().getAuthorizationStrategy().getGroups();
        teamExtensionRequest.setQueryMembership(groups);
        authRequest.addExtension(teamExtensionRequest);
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.fine("Checking memberships of " + new ArrayList(groups) + " with OpenID");
        }
    }

    @Override // hudson.plugins.openid.OpenIdExtension
    public void process(AuthSuccess authSuccess, Identity identity) throws MessageException {
        if (DISABLE) {
            return;
        }
        TeamExtensionResponse teamExtensionResponse = (TeamExtensionResponse) getMessageAs(TeamExtensionResponse.class, authSuccess, TeamExtensionFactory.URI);
        List<GrantedAuthority> grantedAuthorities = identity.getGrantedAuthorities();
        Iterator<String> it = teamExtensionResponse.getTeamMembership().iterator();
        while (it.hasNext()) {
            grantedAuthorities.add(new GrantedAuthorityImpl(it.next()));
        }
        grantedAuthorities.add(SecurityRealm.AUTHENTICATED_AUTHORITY);
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.fine("Adding " + teamExtensionResponse.getTeamMembership() + " as authorities from team extension to " + identity.getOpenId());
        }
    }

    static {
        TeamExtensionFactory.install();
        LOGGER = Logger.getLogger(TeamsExtension.class.getName());
        DISABLE = Boolean.getBoolean(TeamsExtension.class.getName() + "disable");
    }
}
