package io.jenkins.blueocean.service.embedded;

import com.google.inject.Binder;
import com.google.inject.Inject;
import com.google.inject.Module;
import hudson.Extension;
import hudson.model.UnprotectedRootAction;
import io.jenkins.blueocean.BlueOceanUI;
import io.jenkins.blueocean.auth.jwt.JwtTokenVerifier;
import io.jenkins.blueocean.commons.BlueOceanConfigProperties;
import io.jenkins.blueocean.commons.ServiceException;
import java.util.Iterator;
import java.util.Random;
import jenkins.model.Jenkins;
import org.acegisecurity.Authentication;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.context.SecurityContextImpl;
import org.kohsuke.stapler.Stapler;
import org.kohsuke.stapler.StaplerProxy;
import org.kohsuke.stapler.StaplerRequest;

@Extension
/* loaded from: input_file:io/jenkins/blueocean/service/embedded/BlueOceanRootAction.class */
public class BlueOceanRootAction implements UnprotectedRootAction, StaplerProxy {
    private static final String URL_BASE = "blue";
    private static final Long randomBits = Long.valueOf(new Random().nextLong());
    private final boolean enableJWT = BlueOceanConfigProperties.BLUEOCEAN_FEATURE_JWT_AUTHENTICATION;

    @Inject
    private BlueOceanUI app;

    @Extension
    /* loaded from: input_file:io/jenkins/blueocean/service/embedded/BlueOceanRootAction$ModuleImpl.class */
    public static class ModuleImpl implements Module {
        public void configure(Binder binder) {
            binder.bind(BlueOceanUI.class).toInstance(new BlueOceanUI(BlueOceanRootAction.URL_BASE));
        }
    }

    public String getIconFileName() {
        return null;
    }

    public String getDisplayName() {
        return null;
    }

    public String getUrlName() {
        return URL_BASE;
    }

    public Object getTarget() {
        StaplerRequest currentRequest = Stapler.getCurrentRequest();
        if (currentRequest.getOriginalRestOfPath().startsWith("/rest/")) {
            if (this.enableJWT) {
                Authentication authentication = null;
                Iterator it = JwtTokenVerifier.all().iterator();
                while (it.hasNext()) {
                    authentication = ((JwtTokenVerifier) it.next()).verify(currentRequest);
                    if (authentication != null) {
                        break;
                    }
                }
                if (authentication == null) {
                    throw new ServiceException.UnauthorizedException("Unauthorized: Jwt token verification failed, no valid authentication instance found");
                }
                SecurityContextImpl securityContextImpl = new SecurityContextImpl();
                securityContextImpl.setAuthentication(authentication);
                SecurityContextHolder.setContext(securityContextImpl);
            }
            Stapler.getCurrentResponse().setHeader("X-Blueocean-Refresher", Jenkins.SESSION_HASH);
        } else {
            Jenkins.getInstance().checkPermission(Jenkins.READ);
        }
        return this.app;
    }
}
