package org.jenkinsci.plugins.cas.protocols;

import hudson.Extension;
import hudson.Util;
import hudson.model.Descriptor;
import hudson.util.FormValidation;
import java.util.List;
import jenkins.model.Jenkins;
import org.codehaus.groovy.control.CompilationFailedException;
import org.jasig.cas.client.validation.TicketValidator;
import org.jenkinsci.plugins.cas.CasProtocol;
import org.jenkinsci.plugins.cas.Messages;
import org.jenkinsci.plugins.cas.validation.Cas10RoleParsingTicketValidator;
import org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException;
import org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SecureGroovyScript;
import org.jenkinsci.plugins.scriptsecurity.scripts.UnapprovedClasspathException;
import org.jenkinsci.plugins.scriptsecurity.scripts.UnapprovedUsageException;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.QueryParameter;

/* loaded from: input_file:WEB-INF/lib/cas-plugin.jar:org/jenkinsci/plugins/cas/protocols/Cas10Protocol.class */
public class Cas10Protocol extends CasProtocol {
    public final String rolesValidationScript;
    public final String testValidationResponse;
    public final boolean sandbox;
    private final SecureGroovyScript secureRolesValidationScript;

    @Extension
    /* loaded from: input_file:WEB-INF/lib/cas-plugin.jar:org/jenkinsci/plugins/cas/protocols/Cas10Protocol$DescriptorImpl.class */
    public static final class DescriptorImpl extends Descriptor<CasProtocol> {
        public String getDisplayName() {
            return "CAS 1.0";
        }

        public FormValidation doTestScript(@QueryParameter("rolesValidationScript") String str, @QueryParameter("testValidationResponse") String str2, @QueryParameter("sandbox") boolean z) {
            if (!canRunScripts()) {
                return FormValidation.error(Messages.Cas10Protocol_rolesValidationScript_noRunScriptPermissionError());
            }
            try {
                List<String> parseRolesFromValidationResponse = Cas10RoleParsingTicketValidator.parseRolesFromValidationResponse(Cas10Protocol.getSecureGroovyScript(str, z), str2);
                return parseRolesFromValidationResponse == null ? FormValidation.warning(Messages.Cas10Protocol_rolesValidationScript_noResult()) : FormValidation.ok(Messages.Cas10Protocol_rolesValidationScript_result() + ": " + parseRolesFromValidationResponse);
            } catch (RejectedAccessException e) {
                return FormValidation.error(Messages.Cas10Protocol_rolesValidationScript_rejectedAccessError() + ": " + e);
            } catch (UnapprovedUsageException e2) {
                return FormValidation.error(Messages.Cas10Protocol_rolesValidationScript_unapprovedUsageError() + ": " + e2);
            } catch (ClassCastException e3) {
                return FormValidation.error(Messages.Cas10Protocol_rolesValidationScript_returnTypeError() + ": " + e3);
            } catch (CompilationFailedException e4) {
                return FormValidation.error(Messages.Cas10Protocol_rolesValidationScript_compilationError() + ": " + e4);
            } catch (UnapprovedClasspathException e5) {
                return FormValidation.error(Messages.Cas10Protocol_rolesValidationScript_unapprovedClasspathError() + ": " + e5);
            } catch (Exception e6) {
                return FormValidation.error(Messages.Cas10Protocol_rolesValidationScript_unknownError() + ": " + e6);
            }
        }

        private boolean canRunScripts() {
            return Jenkins.get().getACL().hasPermission(Jenkins.ADMINISTER);
        }
    }

    @Deprecated
    public Cas10Protocol(String str, String str2) {
        this(str, str2, false);
    }

    @DataBoundConstructor
    public Cas10Protocol(String str, String str2, boolean z) {
        super(Cas10RoleParsingTicketValidator.DEFAULT_ROLE_ATTRIBUTE);
        this.rolesValidationScript = Util.fixEmptyAndTrim(str);
        this.testValidationResponse = Util.fixEmpty(str2);
        this.sandbox = z;
        this.secureRolesValidationScript = getSecureGroovyScript(this.rolesValidationScript, this.sandbox);
    }

    @Override // org.jenkinsci.plugins.cas.CasProtocol
    public TicketValidator createTicketValidator(String str) {
        Cas10RoleParsingTicketValidator cas10RoleParsingTicketValidator = new Cas10RoleParsingTicketValidator(str);
        cas10RoleParsingTicketValidator.setRolesValidationScript(this.secureRolesValidationScript);
        return cas10RoleParsingTicketValidator;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static SecureGroovyScript getSecureGroovyScript(String str, boolean z) {
        if (str == null) {
            return null;
        }
        return new SecureGroovyScript(str, z, (List) null).configuringWithKeyItem();
    }
}
