package org.jenkinsci.plugins.cas.validation;

import groovy.lang.Binding;
import hudson.model.TaskListener;
import java.io.BufferedReader;
import java.io.StringReader;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import jenkins.model.Jenkins;
import org.jasig.cas.client.authentication.AttributePrincipalImpl;
import org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator;
import org.jasig.cas.client.validation.Assertion;
import org.jasig.cas.client.validation.AssertionImpl;
import org.jasig.cas.client.validation.TicketValidationException;
import org.jenkinsci.plugins.scriptsecurity.sandbox.groovy.SecureGroovyScript;

/* loaded from: input_file:org/jenkinsci/plugins/cas/validation/Cas10RoleParsingTicketValidator.class */
public class Cas10RoleParsingTicketValidator extends AbstractCasProtocolUrlBasedTicketValidator {
    public static final String DEFAULT_ROLE_ATTRIBUTE = "roles";
    private SecureGroovyScript rolesValidationScript;
    private String rolesAttribute;

    public Cas10RoleParsingTicketValidator(String str) {
        super(str);
        this.rolesAttribute = DEFAULT_ROLE_ATTRIBUTE;
    }

    protected String getUrlSuffix() {
        return "validate";
    }

    protected Assertion parseResponseFromServer(String str) throws TicketValidationException {
        if (!str.startsWith("yes")) {
            throw new TicketValidationException("CAS Server could not validate ticket.");
        }
        try {
            BufferedReader bufferedReader = new BufferedReader(new StringReader(str));
            bufferedReader.readLine();
            String readLine = bufferedReader.readLine();
            List<String> parseRolesFromValidationResponse = parseRolesFromValidationResponse(this.rolesValidationScript, str);
            if (parseRolesFromValidationResponse == null) {
                return new AssertionImpl(readLine);
            }
            HashMap hashMap = new HashMap(1);
            hashMap.put(this.rolesAttribute, parseRolesFromValidationResponse);
            return new AssertionImpl(new AttributePrincipalImpl(readLine, hashMap));
        } catch (Exception e) {
            throw new TicketValidationException("Unable to parse response.", e);
        }
    }

    public static List<String> parseRolesFromValidationResponse(SecureGroovyScript secureGroovyScript, String str) throws Exception {
        if (secureGroovyScript == null) {
            return null;
        }
        Binding binding = new Binding();
        binding.setVariable("response", str);
        Collection collection = (Collection) secureGroovyScript.evaluate(Jenkins.get().getPluginManager().uberClassLoader, binding, (TaskListener) null);
        if (collection == null || collection.isEmpty()) {
            return null;
        }
        ArrayList arrayList = new ArrayList(collection.size());
        for (Object obj : collection) {
            if (obj != null) {
                arrayList.add(obj.toString());
            }
        }
        return arrayList;
    }

    public SecureGroovyScript getRolesValidationScript() {
        return this.rolesValidationScript;
    }

    public void setRolesValidationScript(SecureGroovyScript secureGroovyScript) {
        this.rolesValidationScript = secureGroovyScript;
    }

    public String getRolesAttribute() {
        return this.rolesAttribute;
    }

    public void setRolesAttribute(String str) {
        this.rolesAttribute = str;
    }
}
