package com.microsoft.jenkins.azuread;

import com.microsoft.graph.models.User;
import hudson.security.SecurityRealm;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.util.ArrayList;
import java.util.Collections;
import java.util.LinkedList;
import java.util.List;
import java.util.Objects;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.jwt.MalformedClaimException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;

/* loaded from: input_file:WEB-INF/lib/azure-ad.jar:com/microsoft/jenkins/azuread/AzureAdUser.class */
public final class AzureAdUser implements UserDetails {
    private static final long serialVersionUID = 1779209037664572820L;
    private String name;
    private String uniqueName;
    private String tenantID;
    private String objectID;
    private String email;
    private List<String> groupOIDs;
    private volatile transient List<GrantedAuthority> authorities = Collections.singletonList(SecurityRealm.AUTHENTICATED_AUTHORITY2);

    private AzureAdUser() {
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        objectInputStream.defaultReadObject();
        this.authorities = Collections.singletonList(SecurityRealm.AUTHENTICATED_AUTHORITY2);
    }

    public static AzureAdUser createFromActiveDirectoryUser(User user) {
        if (user == null) {
            return null;
        }
        AzureAdUser azureAdUser = new AzureAdUser();
        azureAdUser.name = user.displayName;
        azureAdUser.uniqueName = user.userPrincipalName;
        azureAdUser.objectID = user.id;
        azureAdUser.email = user.mail;
        azureAdUser.groupOIDs = new LinkedList();
        return azureAdUser;
    }

    public static AzureAdUser createFromJwt(JwtClaims jwtClaims) {
        if (jwtClaims == null) {
            return null;
        }
        AzureAdUser azureAdUser = new AzureAdUser();
        azureAdUser.name = (String) jwtClaims.getClaimValue("name");
        azureAdUser.uniqueName = (String) jwtClaims.getClaimValue("upn");
        if (StringUtils.isEmpty(azureAdUser.uniqueName)) {
            azureAdUser.uniqueName = (String) jwtClaims.getClaimValue("preferred_username");
        }
        azureAdUser.tenantID = (String) jwtClaims.getClaimValue("tid");
        azureAdUser.objectID = (String) jwtClaims.getClaimValue("oid");
        azureAdUser.email = (String) jwtClaims.getClaimValue("email");
        if (azureAdUser.email == null && azureAdUser.uniqueName.contains("@")) {
            azureAdUser.email = azureAdUser.uniqueName;
        }
        try {
            azureAdUser.groupOIDs = jwtClaims.getStringListClaimValue("groups");
            if (azureAdUser.groupOIDs == null) {
                azureAdUser.groupOIDs = new LinkedList();
            }
            if (azureAdUser.objectID == null || azureAdUser.name == null) {
                throw new BadCredentialsException("Invalid id token: " + jwtClaims.toJson());
            }
            if (azureAdUser.email == null || azureAdUser.email.isEmpty()) {
                Matcher matcher = Pattern.compile("^(.*#)?([A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,6})$", 2).matcher(azureAdUser.uniqueName);
                if (matcher.find()) {
                    azureAdUser.email = matcher.group(2);
                }
            }
            return azureAdUser;
        } catch (MalformedClaimException e) {
            throw new RuntimeException(e);
        }
    }

    public void setAuthorities(List<AzureAdGroup> list, String str) {
        ArrayList arrayList = new ArrayList();
        if (list.isEmpty()) {
            for (String str2 : this.groupOIDs) {
                arrayList.add(new AzureAdGroup(str2, str2));
            }
        } else {
            for (AzureAdGroup azureAdGroup : list) {
                arrayList.add(azureAdGroup);
                arrayList.add(new SimpleGrantedAuthority(azureAdGroup.getGroupName()));
            }
        }
        arrayList.add(SecurityRealm.AUTHENTICATED_AUTHORITY2);
        arrayList.add(new SimpleGrantedAuthority(this.objectID));
        arrayList.add(new SimpleGrantedAuthority(str));
        this.authorities = arrayList;
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        AzureAdUser azureAdUser = (AzureAdUser) obj;
        if (!Objects.equals(this.name, azureAdUser.name) || !Objects.equals(this.uniqueName, azureAdUser.uniqueName) || !Objects.equals(this.tenantID, azureAdUser.tenantID)) {
            return false;
        }
        if (this.groupOIDs == null || azureAdUser.groupOIDs == null) {
            if (this.groupOIDs != null || azureAdUser.groupOIDs != null) {
                return false;
            }
        } else if (!CollectionUtils.isEqualCollection(this.groupOIDs, azureAdUser.groupOIDs)) {
            return false;
        }
        return this.objectID.equals(azureAdUser.objectID);
    }

    public int hashCode() {
        return (31 * ((31 * ((31 * ((31 * (this.name != null ? this.name.hashCode() : 0)) + (this.uniqueName != null ? this.uniqueName.hashCode() : 0))) + (this.tenantID != null ? this.tenantID.hashCode() : 0))) + (this.groupOIDs != null ? this.groupOIDs.hashCode() : 0))) + this.objectID.hashCode();
    }

    /* renamed from: getAuthorities, reason: merged with bridge method [inline-methods] */
    public List<GrantedAuthority> m792getAuthorities() {
        return this.authorities;
    }

    public String getPassword() {
        return "";
    }

    public String getUsername() {
        return getObjectID();
    }

    public boolean isAccountNonExpired() {
        return true;
    }

    public boolean isAccountNonLocked() {
        return true;
    }

    public boolean isCredentialsNonExpired() {
        return true;
    }

    public boolean isEnabled() {
        return true;
    }

    public String getTenantID() {
        return this.tenantID;
    }

    public String getObjectID() {
        return this.objectID;
    }

    public String getUniqueName() {
        return this.uniqueName;
    }

    public String getName() {
        return this.name;
    }

    public String getEmail() {
        return this.email;
    }

    public List<String> getGroupOIDs() {
        return this.groupOIDs;
    }

    public String toString() {
        return "AzureAdUser{name='" + this.name + "', uniqueName='" + this.uniqueName + "', tenantID='" + this.tenantID + "', objectID='" + this.objectID + "', email='" + this.email + "', groups='" + this.groupOIDs.toString() + "', authorities=" + this.authorities + "}";
    }
}
