package org.jenkinsci.plugins.cas.spring;

import com.fasterxml.jackson.annotation.JsonProperty;
import hudson.model.User;
import hudson.tasks.Mailer;
import java.io.IOException;
import java.util.Collection;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationListener;
import org.springframework.security.authentication.event.AuthenticationSuccessEvent;
import org.springframework.security.cas.authentication.CasAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.util.StringUtils;

/* loaded from: input_file:WEB-INF/lib/cas-plugin.jar:org/jenkinsci/plugins/cas/spring/CasEventListener.class */
public class CasEventListener implements ApplicationListener<AuthenticationSuccessEvent> {
    public static final String DEFAULT_FULL_NAME_ATTRIBUTE = "cn";
    public static final String DEFAULT_EMAIL_ATTRIBUTE = "mail";
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) CasEventListener.class);
    private String fullNameAttribute = DEFAULT_FULL_NAME_ATTRIBUTE;
    private String emailAttribute = DEFAULT_EMAIL_ATTRIBUTE;
    private Pattern placeholderPattern = Pattern.compile("\\{\\{[a-zA-Z0-9._-]+\\}\\}");

    public void onApplicationEvent(AuthenticationSuccessEvent authenticationSuccessEvent) {
        onSuccessfulAuthentication(authenticationSuccessEvent.getAuthentication());
    }

    public void onSuccessfulAuthentication(Authentication authentication) {
        LOG.debug("Successful authentication={}", authentication);
        SecurityContextHolder.getContext().setAuthentication(authentication);
        if (authentication instanceof CasAuthenticationToken) {
            try {
                syncUserAttributes((CasAuthenticationToken) authentication);
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        }
    }

    protected void syncUserAttributes(CasAuthenticationToken casAuthenticationToken) throws IOException {
        if (casAuthenticationToken.getAssertion() == null || casAuthenticationToken.getAssertion().getPrincipal() == null || casAuthenticationToken.getAssertion().getPrincipal().getAttributes() == null) {
            return;
        }
        LOG.debug("Syncing CAS user with Jenkins user '{}'", casAuthenticationToken.getName());
        User orCreateByIdOrFullName = User.getOrCreateByIdOrFullName(casAuthenticationToken.getName());
        String parseAttributeTemplate = parseAttributeTemplate(casAuthenticationToken, getFullNameAttribute());
        if (StringUtils.hasText(parseAttributeTemplate)) {
            LOG.debug("Setting user '{}' full name to '{}'", casAuthenticationToken.getName(), parseAttributeTemplate);
            orCreateByIdOrFullName.setFullName(parseAttributeTemplate);
        }
        String parseAttributeTemplate2 = parseAttributeTemplate(casAuthenticationToken, getEmailAttribute());
        if (StringUtils.hasText(parseAttributeTemplate2)) {
            LOG.debug("Setting user '{}' email address to '{}'", casAuthenticationToken.getName(), parseAttributeTemplate2);
            orCreateByIdOrFullName.addProperty(new Mailer.UserProperty(parseAttributeTemplate2));
        }
        orCreateByIdOrFullName.save();
    }

    protected String parseAttributeTemplate(CasAuthenticationToken casAuthenticationToken, String str) {
        if (!StringUtils.hasText(str)) {
            return null;
        }
        if (!str.contains("{{")) {
            return getAttributeValue(casAuthenticationToken, str);
        }
        StringBuffer stringBuffer = new StringBuffer();
        Matcher matcher = this.placeholderPattern.matcher(str);
        while (matcher.find()) {
            String group = matcher.group();
            String attributeValue = getAttributeValue(casAuthenticationToken, group.substring(2, group.length() - 2));
            matcher.appendReplacement(stringBuffer, StringUtils.hasText(attributeValue) ? attributeValue : JsonProperty.USE_DEFAULT_NAME);
        }
        matcher.appendTail(stringBuffer);
        return stringBuffer.toString();
    }

    protected String getAttributeValue(CasAuthenticationToken casAuthenticationToken, String str) {
        Object obj;
        if (!StringUtils.hasText(str) || (obj = casAuthenticationToken.getAssertion().getPrincipal().getAttributes().get(str)) == null) {
            return null;
        }
        return obj instanceof Collection ? ((Collection) obj).iterator().next().toString() : obj.toString();
    }

    public String getFullNameAttribute() {
        return this.fullNameAttribute;
    }

    public void setFullNameAttribute(String str) {
        if (str == null) {
            this.fullNameAttribute = DEFAULT_FULL_NAME_ATTRIBUTE;
        } else {
            this.fullNameAttribute = str;
        }
    }

    public String getEmailAttribute() {
        return this.emailAttribute;
    }

    public void setEmailAttribute(String str) {
        if (str == null) {
            this.emailAttribute = DEFAULT_EMAIL_ATTRIBUTE;
        } else {
            this.emailAttribute = str;
        }
    }
}
