package com.microsoft.jenkins.azuread;

import com.microsoft.azure.management.graphrbac.ActiveDirectoryGroup;
import hudson.security.SecurityRealm;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.util.Arrays;
import java.util.Collection;
import java.util.LinkedList;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.acegisecurity.BadCredentialsException;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.GrantedAuthorityImpl;
import org.acegisecurity.userdetails.UserDetails;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.jwt.MalformedClaimException;

/* loaded from: input_file:com/microsoft/jenkins/azuread/AzureAdUser.class */
public final class AzureAdUser implements UserDetails {
    private static final long serialVersionUID = 1779209037664572820L;
    private String name;
    private String givenName;
    private String familyName;
    private String uniqueName;
    private String tenantID;
    private String objectID;
    private String email;
    private List<String> groupOIDs;
    private volatile transient GrantedAuthority[] authorities = {SecurityRealm.AUTHENTICATED_AUTHORITY};

    private AzureAdUser() {
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        objectInputStream.defaultReadObject();
        this.authorities = new GrantedAuthority[]{SecurityRealm.AUTHENTICATED_AUTHORITY};
    }

    public static AzureAdUser createFromJwt(JwtClaims jwtClaims, String str) throws MalformedClaimException {
        if (jwtClaims == null) {
            return null;
        }
        AzureAdUser azureAdUser = new AzureAdUser();
        azureAdUser.name = (String) jwtClaims.getClaimValue("name");
        azureAdUser.givenName = (String) jwtClaims.getClaimValue("given_name");
        azureAdUser.familyName = (String) jwtClaims.getClaimValue("family_name");
        azureAdUser.uniqueName = (String) jwtClaims.getClaimValue("upn");
        if (StringUtils.isEmpty(azureAdUser.uniqueName)) {
            azureAdUser.uniqueName = (String) jwtClaims.getClaimValue("preferred_username");
        }
        String[] split = str.split(",");
        int length = split.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            String str2 = split[i];
            if (azureAdUser.uniqueName.endsWith(str2)) {
                azureAdUser.uniqueName = azureAdUser.uniqueName.substring(0, azureAdUser.uniqueName.length() - str2.length());
                break;
            }
            i++;
        }
        azureAdUser.tenantID = (String) jwtClaims.getClaimValue("tid");
        azureAdUser.objectID = (String) jwtClaims.getClaimValue("oid");
        azureAdUser.email = (String) jwtClaims.getClaimValue("email");
        azureAdUser.groupOIDs = jwtClaims.getStringListClaimValue("groups");
        if (azureAdUser.groupOIDs == null) {
            azureAdUser.groupOIDs = new LinkedList();
        }
        if (azureAdUser.objectID == null || azureAdUser.name == null) {
            throw new BadCredentialsException("Invalid id token: " + jwtClaims.toJson());
        }
        if (azureAdUser.email == null || azureAdUser.email.isEmpty()) {
            Matcher matcher = Pattern.compile("^(.*#)?([A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,6})$", 2).matcher(azureAdUser.uniqueName);
            if (matcher.find()) {
                azureAdUser.email = matcher.group(2);
            }
        }
        return azureAdUser;
    }

    public void setAuthorities(Collection<ActiveDirectoryGroup> collection) {
        GrantedAuthority[] grantedAuthorityArr;
        int i = 0;
        if (collection.isEmpty()) {
            grantedAuthorityArr = new GrantedAuthority[(this.groupOIDs.size() * 2) + 2];
            for (String str : this.groupOIDs) {
                int i2 = i;
                int i3 = i + 1;
                grantedAuthorityArr[i2] = new AzureAdGroup(str, str);
                i = i3 + 1;
                grantedAuthorityArr[i3] = new GrantedAuthorityImpl(str);
            }
        } else {
            grantedAuthorityArr = new GrantedAuthority[(collection.size() * 2) + 2];
            for (ActiveDirectoryGroup activeDirectoryGroup : collection) {
                int i4 = i;
                int i5 = i + 1;
                grantedAuthorityArr[i4] = new AzureAdGroup(activeDirectoryGroup.id(), activeDirectoryGroup.name());
                i = i5 + 1;
                grantedAuthorityArr[i5] = new GrantedAuthorityImpl(activeDirectoryGroup.id());
            }
        }
        grantedAuthorityArr[i] = SecurityRealm.AUTHENTICATED_AUTHORITY;
        grantedAuthorityArr[i + 1] = new GrantedAuthorityImpl(this.objectID);
        this.authorities = grantedAuthorityArr;
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        AzureAdUser azureAdUser = (AzureAdUser) obj;
        if (this.name != null) {
            if (!this.name.equals(azureAdUser.name)) {
                return false;
            }
        } else if (azureAdUser.name != null) {
            return false;
        }
        if (this.givenName != null) {
            if (!this.givenName.equals(azureAdUser.givenName)) {
                return false;
            }
        } else if (azureAdUser.givenName != null) {
            return false;
        }
        if (this.familyName != null) {
            if (!this.familyName.equals(azureAdUser.familyName)) {
                return false;
            }
        } else if (azureAdUser.familyName != null) {
            return false;
        }
        if (this.uniqueName != null) {
            if (!this.uniqueName.equals(azureAdUser.uniqueName)) {
                return false;
            }
        } else if (azureAdUser.uniqueName != null) {
            return false;
        }
        if (this.tenantID != null) {
            if (!this.tenantID.equals(azureAdUser.tenantID)) {
                return false;
            }
        } else if (azureAdUser.tenantID != null) {
            return false;
        }
        if (this.groupOIDs == null || azureAdUser.groupOIDs == null) {
            if (this.groupOIDs != null || azureAdUser.groupOIDs != null) {
                return false;
            }
        } else if (!CollectionUtils.isEqualCollection(this.groupOIDs, azureAdUser.groupOIDs)) {
            return false;
        }
        return this.objectID.equals(azureAdUser.objectID);
    }

    public int hashCode() {
        return (31 * ((31 * ((31 * ((31 * ((31 * ((31 * (this.name != null ? this.name.hashCode() : 0)) + (this.givenName != null ? this.givenName.hashCode() : 0))) + (this.familyName != null ? this.familyName.hashCode() : 0))) + (this.uniqueName != null ? this.uniqueName.hashCode() : 0))) + (this.tenantID != null ? this.tenantID.hashCode() : 0))) + (this.groupOIDs != null ? this.groupOIDs.hashCode() : 0))) + this.objectID.hashCode();
    }

    public GrantedAuthority[] getAuthorities() {
        return (GrantedAuthority[]) this.authorities.clone();
    }

    public String getPassword() {
        return "";
    }

    public String getUsername() {
        return getUniqueName();
    }

    public boolean isAccountNonExpired() {
        return true;
    }

    public boolean isAccountNonLocked() {
        return true;
    }

    public boolean isCredentialsNonExpired() {
        return true;
    }

    public boolean isEnabled() {
        return true;
    }

    public String getTenantID() {
        return this.tenantID;
    }

    public String getObjectID() {
        return this.objectID;
    }

    public String getUniqueName() {
        return this.uniqueName;
    }

    public String getName() {
        return this.name;
    }

    public String getFamilyName() {
        return this.familyName;
    }

    public String getGivenName() {
        return this.givenName;
    }

    public String getEmail() {
        return this.email;
    }

    public List<String> getGroupOIDs() {
        return this.groupOIDs;
    }

    public String toString() {
        return "AzureAdUser{name='" + this.name + "', givenName='" + this.givenName + "', familyName='" + this.familyName + "', uniqueName='" + this.uniqueName + "', tenantID='" + this.tenantID + "', objectID='" + this.objectID + "', email='" + this.email + "', groups='" + this.groupOIDs.toString() + "', authorities=" + Arrays.toString(this.authorities) + '}';
    }
}
