package io.jenkins.blueocean.auth.jwt.impl;

import com.google.common.collect.ImmutableList;
import hudson.Extension;
import hudson.Plugin;
import hudson.model.User;
import hudson.remoting.Base64;
import hudson.tasks.Mailer;
import io.jenkins.blueocean.auth.jwt.JwkService;
import io.jenkins.blueocean.auth.jwt.JwtAuthenticationService;
import io.jenkins.blueocean.auth.jwt.JwtAuthenticationStore;
import io.jenkins.blueocean.auth.jwt.JwtAuthenticationStoreFactory;
import io.jenkins.blueocean.auth.jwt.JwtToken;
import io.jenkins.blueocean.auth.jwt.impl.JwtTokenImpl;
import io.jenkins.blueocean.commons.ServiceException;
import java.io.IOException;
import java.security.interfaces.RSAPublicKey;
import java.util.Collections;
import java.util.Iterator;
import java.util.Map;
import java.util.UUID;
import javax.annotation.Nullable;
import jenkins.model.Jenkins;
import net.sf.json.JSONObject;
import org.acegisecurity.Authentication;
import org.kohsuke.stapler.QueryParameter;

@Extension
/* loaded from: input_file:io/jenkins/blueocean/auth/jwt/impl/JwtImpl.class */
public class JwtImpl extends JwtAuthenticationService {
    private static int DEFAULT_EXPIRY_IN_SEC = 1800;
    private static int DEFAULT_MAX_EXPIRY_TIME_IN_MIN = 480;
    private static int DEFAULT_NOT_BEFORE_IN_SEC = 30;

    /* loaded from: input_file:io/jenkins/blueocean/auth/jwt/impl/JwtImpl$JwkFactory.class */
    public class JwkFactory extends JwkService {
        private final String keyId;

        public JwkFactory(String str) {
            this.keyId = str;
        }

        @Override // io.jenkins.blueocean.auth.jwt.JwkService
        public JSONObject getJwk() {
            JwtTokenImpl.JwtRsaDigitalSignatureKey jwtRsaDigitalSignatureKey = new JwtTokenImpl.JwtRsaDigitalSignatureKey(this.keyId);
            try {
                if (!jwtRsaDigitalSignatureKey.exists()) {
                    throw new ServiceException.NotFoundException(String.format("kid %s not found", this.keyId));
                }
                RSAPublicKey publicKey = jwtRsaDigitalSignatureKey.getPublicKey();
                JSONObject jSONObject = new JSONObject();
                jSONObject.put("kty", "RSA");
                jSONObject.put("alg", "RS256");
                jSONObject.put("kid", this.keyId);
                jSONObject.put("use", "sig");
                jSONObject.put("key_ops", ImmutableList.of("verify"));
                jSONObject.put("n", Base64.encode(publicKey.getModulus().toByteArray()));
                jSONObject.put("e", Base64.encode(publicKey.getPublicExponent().toByteArray()));
                return jSONObject;
            } catch (IOException e) {
                throw new ServiceException.UnexpectedErrorException("Unexpected error: " + e.getMessage(), e);
            }
        }
    }

    @Override // io.jenkins.blueocean.auth.jwt.JwtAuthenticationService
    public JwtToken getToken(@Nullable @QueryParameter("expiryTimeInMins") Integer num, @Nullable @QueryParameter("maxExpiryTimeInMins") Integer num2) {
        String property = System.getProperty("EXPIRY_TIME_IN_MINS");
        long j = DEFAULT_EXPIRY_IN_SEC;
        if (property != null) {
            j = Integer.parseInt(property);
        }
        int i = DEFAULT_MAX_EXPIRY_TIME_IN_MIN;
        String property2 = System.getProperty("MAX_EXPIRY_TIME_IN_MINS");
        if (property2 != null) {
            i = Integer.parseInt(property2);
        }
        if (num2 != null) {
            i = num2.intValue();
        }
        if (num != null) {
            if (num.intValue() > i) {
                throw new ServiceException.BadRequestExpception(String.format("expiryTimeInMins %s can't be greated than %s", num, Integer.valueOf(i)));
            }
            j = num.intValue() * 60;
        }
        Authentication authentication = Jenkins.getAuthentication();
        String name = authentication.getName();
        User user = User.get(name, false, Collections.emptyMap());
        String str = null;
        String str2 = null;
        if (user != null) {
            str2 = user.getFullName();
            name = user.getId();
            Mailer.UserProperty property3 = user.getProperty(Mailer.UserProperty.class);
            if (property3 != null) {
                str = property3.getAddress();
            }
        }
        Plugin plugin = Jenkins.getInstance().getPlugin("blueocean-jwt");
        String str3 = "blueocean-jwt:" + (plugin != null ? plugin.getWrapper().getVersion() : "");
        JwtToken first = JwtToken.first();
        if (first == null) {
            throw new ServiceException.UnexpectedErrorException("No implementation of JwtToken found");
        }
        first.claim.put("kid", UUID.randomUUID().toString().replace("-", ""));
        first.claim.put("jti", UUID.randomUUID().toString().replace("-", ""));
        first.claim.put("iss", str3);
        first.claim.put("sub", name);
        first.claim.put("name", str2);
        long currentTimeMillis = System.currentTimeMillis() / 1000;
        first.claim.put("iat", Long.valueOf(currentTimeMillis));
        first.claim.put("exp", Long.valueOf(currentTimeMillis + j));
        first.claim.put("nbf", Long.valueOf(currentTimeMillis - DEFAULT_NOT_BEFORE_IN_SEC));
        Map<String, Object> jSONObject = new JSONObject<>();
        JSONObject jSONObject2 = new JSONObject();
        jSONObject2.put("id", name);
        jSONObject2.put("fullName", str2);
        jSONObject2.put("email", str);
        getJwtStore(authentication).store(authentication, jSONObject);
        jSONObject.put("user", jSONObject2);
        first.claim.put("context", jSONObject);
        return first;
    }

    @Override // io.jenkins.blueocean.auth.jwt.JwtAuthenticationService
    public JwkFactory getJwks(String str) {
        if (str == null) {
            throw new ServiceException.BadRequestExpception("keyId is required");
        }
        return new JwkFactory(str);
    }

    public String getIconFileName() {
        return null;
    }

    public String getDisplayName() {
        return "BlueOcean Jwt endpoint";
    }

    public static JwtAuthenticationStore getJwtStore(Authentication authentication) {
        JwtAuthenticationStore jwtAuthenticationStore = null;
        Iterator it = JwtAuthenticationStoreFactory.all().iterator();
        while (it.hasNext()) {
            JwtAuthenticationStoreFactory jwtAuthenticationStoreFactory = (JwtAuthenticationStoreFactory) it.next();
            if (jwtAuthenticationStoreFactory instanceof SimpleJwtAuthenticationStore) {
                jwtAuthenticationStore = jwtAuthenticationStoreFactory.getJwtAuthenticationStore(authentication);
            } else {
                JwtAuthenticationStore jwtAuthenticationStore2 = jwtAuthenticationStoreFactory.getJwtAuthenticationStore(authentication);
                if (jwtAuthenticationStore2 != null) {
                    return jwtAuthenticationStore2;
                }
            }
        }
        return jwtAuthenticationStore;
    }
}
