package org.jenkinsci.plugins;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import hudson.Extension;
import hudson.Util;
import hudson.model.AbstractProject;
import hudson.model.Descriptor;
import hudson.model.User;
import hudson.security.SecurityRealm;
import hudson.tasks.Mailer;
import hudson.util.FormValidation;
import java.io.IOException;
import java.net.MalformedURLException;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import javax.servlet.http.HttpServletRequest;
import jenkins.model.Jenkins;
import jenkins.security.SecurityListener;
import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationManager;
import org.acegisecurity.BadCredentialsException;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.apache.commons.lang.StringUtils;
import org.apache.http.client.utils.URLEncodedUtils;
import org.apache.http.message.BasicNameValuePair;
import org.jfree.util.Log;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.Header;
import org.kohsuke.stapler.HttpRedirect;
import org.kohsuke.stapler.HttpResponse;
import org.kohsuke.stapler.HttpResponses;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.StaplerRequest;
import org.springframework.beans.factory.xml.BeanDefinitionParserDelegate;
import org.springframework.security.web.util.UrlUtils;

/* loaded from: input_file:WEB-INF/lib/wso2id-oauth.jar:org/jenkinsci/plugins/Wso2IdSecurityRealm.class */
public class Wso2IdSecurityRealm extends SecurityRealm {
    public static final String DEFAULT_COMMENCE_LOGIN_URL = "securityRealm/commenceLogin";
    public static final String DEFAULT_FINISH_LOGIN_URL = "securityRealm/finishLogin";
    private static final String REFERER_ATTRIBUTE = Wso2IdSecurityRealm.class.getName() + ".referer";
    private String wso2idWebUri;
    private String clientID;
    private String clientSecret;

    @Extension
    /* loaded from: input_file:WEB-INF/lib/wso2id-oauth.jar:org/jenkinsci/plugins/Wso2IdSecurityRealm$DescriptorImpl.class */
    public static final class DescriptorImpl extends Descriptor<SecurityRealm> {
        public DescriptorImpl() {
            load();
        }

        public FormValidation doCheckWso2WebUri(@QueryParameter String str) {
            return str.length() == 0 ? FormValidation.error("Please set a Wso2WebUri") : FormValidation.ok();
        }

        public FormValidation doCheckClientID(@QueryParameter String str) {
            return str.length() == 0 ? FormValidation.error("Please set a clientID") : FormValidation.ok();
        }

        public FormValidation doCheckClientSecret(@QueryParameter String str) {
            return str.length() == 0 ? FormValidation.error("Please set a clientSecret") : FormValidation.ok();
        }

        public boolean isApplicable(Class<? extends AbstractProject> cls) {
            return true;
        }

        public String getDisplayName() {
            return "WSO2 Oauth Plugin";
        }
    }

    @DataBoundConstructor
    public Wso2IdSecurityRealm(String str, String str2, String str3, String str4) {
        this.wso2idWebUri = Util.fixEmptyAndTrim(str);
        this.clientID = str3;
        this.clientSecret = str4;
    }

    public String getLoginUrl() {
        return DEFAULT_COMMENCE_LOGIN_URL;
    }

    public String getWso2idWebUri() {
        return this.wso2idWebUri;
    }

    public String getClientID() {
        return this.clientID;
    }

    public String getClientSecret() {
        return this.clientSecret;
    }

    public static String getJenkinsUrl() {
        Jenkins jenkins = Jenkins.getInstance();
        if (jenkins == null) {
            return null;
        }
        return jenkins.getRootUrl();
    }

    public static String getJenkinsUrl(HttpServletRequest httpServletRequest) {
        String jenkinsUrl = getJenkinsUrl();
        if (jenkinsUrl == null && httpServletRequest != null) {
            jenkinsUrl = UrlUtils.buildFullRequestUrl(httpServletRequest.getScheme(), httpServletRequest.getServerName(), httpServletRequest.getServerPort(), httpServletRequest.getContextPath(), null) + "/";
        }
        return jenkinsUrl;
    }

    private String buildRedirectUrl(StaplerRequest staplerRequest) throws MalformedURLException {
        return getJenkinsUrl(staplerRequest) + DEFAULT_FINISH_LOGIN_URL;
    }

    public HttpResponse doCommenceLogin(StaplerRequest staplerRequest, @Header("Referer") String str) throws IOException {
        staplerRequest.getSession().setAttribute(REFERER_ATTRIBUTE, str);
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BasicNameValuePair("redirect_uri", buildRedirectUrl(staplerRequest)));
        arrayList.add(new BasicNameValuePair("response_type", "code"));
        arrayList.add(new BasicNameValuePair("client_id", this.clientID));
        arrayList.add(new BasicNameValuePair(BeanDefinitionParserDelegate.SCOPE_ATTRIBUTE, "openid"));
        return new HttpRedirect(getWso2idWebUri() + "/oauth2/authorize?" + URLEncodedUtils.format(arrayList, StandardCharsets.UTF_8));
    }

    public HttpResponse doFinishLogin(StaplerRequest staplerRequest) throws IOException {
        String parameter = staplerRequest.getParameter("code");
        if (StringUtils.isBlank(parameter)) {
            Log.info("doFinishLogin: missing code.");
            return HttpResponses.redirectToContextRoot();
        }
        String accessToken = getAccessToken(staplerRequest, parameter);
        if (StringUtils.isNotBlank(accessToken)) {
            Wso2IdAuthenticationToken wso2IdAuthenticationToken = new Wso2IdAuthenticationToken(accessToken, getWso2idWebUri());
            SecurityContextHolder.getContext().setAuthentication(wso2IdAuthenticationToken);
            Wso2IdUser wso2User = wso2IdAuthenticationToken.getWso2User();
            User current = User.current();
            if (current != null) {
                current.setFullName(wso2User.getName());
                if (!current.getProperty(Mailer.UserProperty.class).hasExplicitlyConfiguredAddress()) {
                    current.addProperty(new Mailer.UserProperty(wso2User.getEmail()));
                }
            }
            SecurityListener.fireAuthenticated(new Wso2IdOAuthUserDetails(wso2User.getUsername(), wso2IdAuthenticationToken.getAuthorities()));
        } else {
            Log.info("WSO2 did not return an access token.");
        }
        String str = (String) staplerRequest.getSession().getAttribute(REFERER_ATTRIBUTE);
        return str != null ? HttpResponses.redirectTo(str) : HttpResponses.redirectToContextRoot();
    }

    private String getAccessToken(StaplerRequest staplerRequest, String str) throws IOException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BasicNameValuePair("client_id", this.clientID));
        arrayList.add(new BasicNameValuePair("client_secret", this.clientSecret));
        arrayList.add(new BasicNameValuePair("code", str));
        arrayList.add(new BasicNameValuePair("grant_type", "authorization_code"));
        arrayList.add(new BasicNameValuePair("redirect_uri", buildRedirectUrl(staplerRequest)));
        return extractToken(new Wso2IdClient().post(this.wso2idWebUri + "/oauth2/token", arrayList));
    }

    private String extractToken(String str) {
        String str2 = null;
        try {
            JsonNode jsonNode = ((JsonNode) new ObjectMapper().readValue(str, JsonNode.class)).get("access_token");
            if (jsonNode != null) {
                str2 = jsonNode.asText();
            }
        } catch (IOException e) {
            Log.error(e.getMessage(), e);
        }
        return str2;
    }

    public SecurityRealm.SecurityComponents createSecurityComponents() {
        return new SecurityRealm.SecurityComponents(new AuthenticationManager() { // from class: org.jenkinsci.plugins.Wso2IdSecurityRealm.1
            public Authentication authenticate(Authentication authentication) throws AuthenticationException {
                if (authentication instanceof Wso2IdAuthenticationToken) {
                    return authentication;
                }
                if (!(authentication instanceof UsernamePasswordAuthenticationToken)) {
                    throw new BadCredentialsException("Unexpected authentication type: " + authentication);
                }
                try {
                    Wso2IdAuthenticationToken wso2IdAuthenticationToken = new Wso2IdAuthenticationToken(((UsernamePasswordAuthenticationToken) authentication).getCredentials().toString(), Wso2IdSecurityRealm.this.getWso2idWebUri());
                    SecurityContextHolder.getContext().setAuthentication(wso2IdAuthenticationToken);
                    return wso2IdAuthenticationToken;
                } catch (IOException e) {
                    throw new RuntimeException(e);
                }
            }
        }, new Wso2IdUserDetailsService());
    }

    public Descriptor<SecurityRealm> getDescriptor() {
        return (DescriptorImpl) super.getDescriptor();
    }
}
