package org.jenkinsci.plugins;

import com.thoughtworks.xstream.converters.ConversionException;
import com.thoughtworks.xstream.converters.Converter;
import com.thoughtworks.xstream.converters.MarshallingContext;
import com.thoughtworks.xstream.converters.UnmarshallingContext;
import com.thoughtworks.xstream.io.HierarchicalStreamReader;
import com.thoughtworks.xstream.io.HierarchicalStreamWriter;
import hudson.Extension;
import hudson.Util;
import hudson.model.Descriptor;
import hudson.model.User;
import hudson.security.GroupDetails;
import hudson.security.SecurityRealm;
import hudson.security.UserMayOrMayNotExistException;
import hudson.tasks.Mailer;
import java.io.IOException;
import java.util.HashSet;
import java.util.Iterator;
import java.util.logging.Logger;
import jenkins.model.Jenkins;
import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationManager;
import org.acegisecurity.BadCredentialsException;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.UserDetailsService;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.util.EntityUtils;
import org.jfree.util.Log;
import org.kohsuke.github.GHMyself;
import org.kohsuke.github.GHOrganization;
import org.kohsuke.github.GHUser;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.Header;
import org.kohsuke.stapler.HttpRedirect;
import org.kohsuke.stapler.HttpResponse;
import org.kohsuke.stapler.HttpResponses;
import org.kohsuke.stapler.StaplerRequest;
import org.springframework.dao.DataAccessException;
import org.springframework.dao.DataRetrievalFailureException;

/* loaded from: input_file:org/jenkinsci/plugins/GithubSecurityRealm.class */
public class GithubSecurityRealm extends SecurityRealm {
    private static final String DEFAULT_WEB_URI = "https://github.com";
    private static final String DEFAULT_API_URI = "https://api.github.com";
    private static final String DEFAULT_ENTERPRISE_API_SUFFIX = "/api/v3";

    @Deprecated
    private static final String DEFAULT_URI = "https://github.com";
    private String githubWebUri;
    private String githubApiUri;
    private String clientID;
    private String clientSecret;
    private static final Logger LOGGER = Logger.getLogger(GithubSecurityRealm.class.getName());
    private static final String REFERER_ATTRIBUTE = GithubSecurityRealm.class.getName() + ".referer";

    /* loaded from: input_file:org/jenkinsci/plugins/GithubSecurityRealm$ConverterImpl.class */
    public static final class ConverterImpl implements Converter {
        public boolean canConvert(Class cls) {
            return cls == GithubSecurityRealm.class;
        }

        public void marshal(Object obj, HierarchicalStreamWriter hierarchicalStreamWriter, MarshallingContext marshallingContext) {
            GithubSecurityRealm githubSecurityRealm = (GithubSecurityRealm) obj;
            hierarchicalStreamWriter.startNode("githubWebUri");
            hierarchicalStreamWriter.setValue(githubSecurityRealm.getGithubWebUri());
            hierarchicalStreamWriter.endNode();
            hierarchicalStreamWriter.startNode("githubApiUri");
            hierarchicalStreamWriter.setValue(githubSecurityRealm.getGithubApiUri());
            hierarchicalStreamWriter.endNode();
            hierarchicalStreamWriter.startNode("clientID");
            hierarchicalStreamWriter.setValue(githubSecurityRealm.getClientID());
            hierarchicalStreamWriter.endNode();
            hierarchicalStreamWriter.startNode("clientSecret");
            hierarchicalStreamWriter.setValue(githubSecurityRealm.getClientSecret());
            hierarchicalStreamWriter.endNode();
        }

        public Object unmarshal(HierarchicalStreamReader hierarchicalStreamReader, UnmarshallingContext unmarshallingContext) {
            GithubSecurityRealm githubSecurityRealm = new GithubSecurityRealm();
            while (hierarchicalStreamReader.hasMoreChildren()) {
                hierarchicalStreamReader.moveDown();
                setValue(githubSecurityRealm, hierarchicalStreamReader.getNodeName(), hierarchicalStreamReader.getValue());
                hierarchicalStreamReader.moveUp();
            }
            if (githubSecurityRealm.getGithubWebUri() == null) {
                githubSecurityRealm.setGithubWebUri("https://github.com");
            }
            if (githubSecurityRealm.getGithubApiUri() == null) {
                githubSecurityRealm.setGithubApiUri(GithubSecurityRealm.DEFAULT_API_URI);
            }
            return githubSecurityRealm;
        }

        private void setValue(GithubSecurityRealm githubSecurityRealm, String str, String str2) {
            if (str.toLowerCase().equals("clientid")) {
                githubSecurityRealm.setClientID(str2);
                return;
            }
            if (str.toLowerCase().equals("clientsecret")) {
                githubSecurityRealm.setClientSecret(str2);
                return;
            }
            if (str.toLowerCase().equals("githubweburi")) {
                githubSecurityRealm.setGithubWebUri(str2);
                return;
            }
            if (str.toLowerCase().equals("githuburi")) {
                githubSecurityRealm.setGithubWebUri(str2);
                githubSecurityRealm.setGithubApiUri(githubSecurityRealm.determineApiUri(str2));
            } else {
                if (!str.toLowerCase().equals("githubapiuri")) {
                    throw new ConversionException("Invalid node value = " + str);
                }
                githubSecurityRealm.setGithubApiUri(str2);
            }
        }
    }

    @Extension
    /* loaded from: input_file:org/jenkinsci/plugins/GithubSecurityRealm$DescriptorImpl.class */
    public static final class DescriptorImpl extends Descriptor<SecurityRealm> {
        public String getHelpFile() {
            return "/plugin/github-oauth/help/help-security-realm.html";
        }

        public String getDisplayName() {
            return "Github Authentication Plugin";
        }

        public DescriptorImpl() {
        }

        public DescriptorImpl(Class<? extends SecurityRealm> cls) {
            super(cls);
        }
    }

    @DataBoundConstructor
    public GithubSecurityRealm(String str, String str2, String str3, String str4) {
        this.githubWebUri = Util.fixEmptyAndTrim(str);
        this.githubApiUri = Util.fixEmptyAndTrim(str2);
        this.clientID = Util.fixEmptyAndTrim(str3);
        this.clientSecret = Util.fixEmptyAndTrim(str4);
    }

    @Deprecated
    public GithubSecurityRealm(String str, String str2, String str3) {
        this.githubWebUri = Util.fixEmptyAndTrim(str);
        this.githubApiUri = determineApiUri(this.githubWebUri);
        this.clientID = Util.fixEmptyAndTrim(str2);
        this.clientSecret = Util.fixEmptyAndTrim(str3);
    }

    private GithubSecurityRealm() {
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String determineApiUri(String str) {
        return str.equals("https://github.com") ? DEFAULT_API_URI : str + DEFAULT_ENTERPRISE_API_SUFFIX;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void setGithubWebUri(String str) {
        this.githubWebUri = str;
    }

    @Deprecated
    private void setGithubUri(String str) {
        setGithubWebUri(str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void setClientID(String str) {
        this.clientID = str;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void setClientSecret(String str) {
        this.clientSecret = str;
    }

    public String getGithubApiUri() {
        return this.githubApiUri;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void setGithubApiUri(String str) {
        this.githubApiUri = str;
    }

    public String getGithubWebUri() {
        return this.githubWebUri;
    }

    @Deprecated
    public String getGithubUri() {
        return getGithubWebUri();
    }

    public String getClientID() {
        return this.clientID;
    }

    public String getClientSecret() {
        return this.clientSecret;
    }

    public HttpResponse doCommenceLogin(StaplerRequest staplerRequest, @Header("Referer") String str) throws IOException {
        staplerRequest.getSession().setAttribute(REFERER_ATTRIBUTE, str);
        HashSet hashSet = new HashSet();
        Iterator it = Jenkins.getInstance().getExtensionList(GitHubOAuthScope.class).iterator();
        while (it.hasNext()) {
            hashSet.addAll(((GitHubOAuthScope) it.next()).getScopesToRequest());
        }
        return new HttpRedirect(this.githubWebUri + "/login/oauth/authorize?client_id=" + this.clientID + (!hashSet.isEmpty() ? "&scope=" + Util.join(hashSet, ",") : "&scope=repo"));
    }

    public HttpResponse doFinishLogin(StaplerRequest staplerRequest) throws IOException {
        String parameter = staplerRequest.getParameter("code");
        if (parameter == null || parameter.trim().length() == 0) {
            Log.info("doFinishLogin: missing code.");
            return HttpResponses.redirectToContextRoot();
        }
        Log.info("test");
        HttpPost httpPost = new HttpPost(this.githubWebUri + "/login/oauth/access_token?client_id=" + this.clientID + "&client_secret=" + this.clientSecret + "&code=" + parameter);
        DefaultHttpClient defaultHttpClient = new DefaultHttpClient();
        String entityUtils = EntityUtils.toString(defaultHttpClient.execute(httpPost).getEntity());
        defaultHttpClient.getConnectionManager().shutdown();
        String extractToken = extractToken(entityUtils);
        if (extractToken == null || extractToken.trim().length() <= 0) {
            Log.info("Github did not return an access token.");
        } else {
            GithubAuthenticationToken githubAuthenticationToken = new GithubAuthenticationToken(extractToken, getGithubApiUri());
            SecurityContextHolder.getContext().setAuthentication(githubAuthenticationToken);
            GHMyself myself = githubAuthenticationToken.getGitHub().getMyself();
            User current = User.current();
            current.setFullName(myself.getName());
            if (!current.getProperty(Mailer.UserProperty.class).hasExplicitlyConfiguredAddress()) {
                current.addProperty(new Mailer.UserProperty(myself.getEmail()));
            }
        }
        String str = (String) staplerRequest.getSession().getAttribute(REFERER_ATTRIBUTE);
        return str != null ? HttpResponses.redirectTo(str) : HttpResponses.redirectToContextRoot();
    }

    private String extractToken(String str) {
        for (String str2 : str.split("&")) {
            if (str.contains("access_token")) {
                return str2.split("=")[1];
            }
        }
        return null;
    }

    public boolean allowsSignup() {
        return false;
    }

    public SecurityRealm.SecurityComponents createSecurityComponents() {
        return new SecurityRealm.SecurityComponents(new AuthenticationManager() { // from class: org.jenkinsci.plugins.GithubSecurityRealm.1
            public Authentication authenticate(Authentication authentication) throws AuthenticationException {
                if (authentication instanceof GithubAuthenticationToken) {
                    return authentication;
                }
                throw new BadCredentialsException("Unexpected authentication type: " + authentication);
            }
        }, new UserDetailsService() { // from class: org.jenkinsci.plugins.GithubSecurityRealm.2
            public UserDetails loadUserByUsername(String str) throws UserMayOrMayNotExistException, DataAccessException {
                throw new UserMayOrMayNotExistException("Cannot verify users in this context");
            }
        });
    }

    public String getLoginUrl() {
        return "securityRealm/commenceLogin";
    }

    public UserDetails loadUserByUsername(String str) throws UsernameNotFoundException, DataAccessException {
        GithubAuthenticationToken authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null) {
            throw new UserMayOrMayNotExistException("Could not get auth token.");
        }
        try {
            if (loadGroupByGroupname(str) != null) {
                throw new UsernameNotFoundException("user(" + str + ") is also an organization");
            }
            GHUser loadUser = authentication.loadUser(str);
            if (loadUser != null) {
                return new GithubOAuthUserDetails(loadUser);
            }
            throw new UsernameNotFoundException("No known user: " + str);
        } catch (IOException e) {
            throw new DataRetrievalFailureException("loadUserByUsername (username=" + str + ")", e);
        }
    }

    public GroupDetails loadGroupByGroupname(String str) throws UsernameNotFoundException, DataAccessException {
        GithubAuthenticationToken authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null) {
            throw new UsernameNotFoundException("No known group: " + str);
        }
        try {
            GHOrganization loadOrganization = authentication.loadOrganization(str);
            if (loadOrganization != null) {
                return new GithubOAuthGroupDetails(loadOrganization);
            }
            throw new UsernameNotFoundException("No known group: " + str);
        } catch (IOException e) {
            throw new DataRetrievalFailureException("loadGroupByGroupname (groupname=" + str + ")", e);
        }
    }
}
