package org.jenkinsci.plugins;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.thoughtworks.xstream.converters.ConversionException;
import com.thoughtworks.xstream.converters.Converter;
import com.thoughtworks.xstream.converters.MarshallingContext;
import com.thoughtworks.xstream.converters.UnmarshallingContext;
import com.thoughtworks.xstream.io.HierarchicalStreamReader;
import com.thoughtworks.xstream.io.HierarchicalStreamWriter;
import hudson.Extension;
import hudson.ProxyConfiguration;
import hudson.Util;
import hudson.model.Descriptor;
import hudson.model.User;
import hudson.security.GroupDetails;
import hudson.security.SecurityRealm;
import hudson.security.UserMayOrMayNotExistException;
import hudson.tasks.Mailer;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.net.InetSocketAddress;
import java.net.MalformedURLException;
import java.net.Proxy;
import java.net.URL;
import java.util.ArrayList;
import java.util.logging.Level;
import java.util.logging.Logger;
import jenkins.model.Jenkins;
import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationManager;
import org.acegisecurity.BadCredentialsException;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.UserDetailsService;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.apache.commons.httpclient.URIException;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.builder.HashCodeBuilder;
import org.apache.http.HttpHost;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.client.utils.URLEncodedUtils;
import org.apache.http.conn.params.ConnRoutePNames;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
import org.gitlab.api.models.GitlabUser;
import org.jfree.util.Log;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.Header;
import org.kohsuke.stapler.HttpRedirect;
import org.kohsuke.stapler.HttpResponse;
import org.kohsuke.stapler.HttpResponses;
import org.kohsuke.stapler.StaplerRequest;
import org.springframework.dao.DataAccessException;
import org.springframework.dao.DataRetrievalFailureException;

/* loaded from: input_file:WEB-INF/lib/gitlab-oauth.jar:org/jenkinsci/plugins/GitLabSecurityRealm.class */
public class GitLabSecurityRealm extends SecurityRealm implements UserDetailsService {
    private String gitlabWebUri;
    private String gitlabApiUri;
    private String clientID;
    private String clientSecret;
    private String oauthScopes;
    private static final Logger LOGGER = Logger.getLogger(GitLabSecurityRealm.class.getName());
    private static final String REFERER_ATTRIBUTE = String.valueOf(GitLabSecurityRealm.class.getName()) + ".referer";
    private static /* synthetic */ int[] $SWITCH_TABLE$java$net$Proxy$Type;

    /* loaded from: input_file:WEB-INF/lib/gitlab-oauth.jar:org/jenkinsci/plugins/GitLabSecurityRealm$ConverterImpl.class */
    public static final class ConverterImpl implements Converter {
        public boolean canConvert(Class cls) {
            return cls == GitLabSecurityRealm.class;
        }

        public void marshal(Object obj, HierarchicalStreamWriter hierarchicalStreamWriter, MarshallingContext marshallingContext) {
            GitLabSecurityRealm gitLabSecurityRealm = (GitLabSecurityRealm) obj;
            hierarchicalStreamWriter.startNode("gitlabWebUri");
            hierarchicalStreamWriter.setValue(gitLabSecurityRealm.getGitlabWebUri());
            hierarchicalStreamWriter.endNode();
            hierarchicalStreamWriter.startNode("gitlabApiUri");
            hierarchicalStreamWriter.setValue(gitLabSecurityRealm.getGitlabApiUri());
            hierarchicalStreamWriter.endNode();
            hierarchicalStreamWriter.startNode("clientID");
            hierarchicalStreamWriter.setValue(gitLabSecurityRealm.getClientID());
            hierarchicalStreamWriter.endNode();
            hierarchicalStreamWriter.startNode("clientSecret");
            hierarchicalStreamWriter.setValue(gitLabSecurityRealm.getClientSecret());
            hierarchicalStreamWriter.endNode();
        }

        public Object unmarshal(HierarchicalStreamReader hierarchicalStreamReader, UnmarshallingContext unmarshallingContext) {
            GitLabSecurityRealm gitLabSecurityRealm = new GitLabSecurityRealm(null);
            while (hierarchicalStreamReader.hasMoreChildren()) {
                hierarchicalStreamReader.moveDown();
                setValue(gitLabSecurityRealm, hierarchicalStreamReader.getNodeName(), hierarchicalStreamReader.getValue());
                hierarchicalStreamReader.moveUp();
            }
            return gitLabSecurityRealm;
        }

        private void setValue(GitLabSecurityRealm gitLabSecurityRealm, String str, String str2) {
            if (str.toLowerCase().equals("clientid")) {
                gitLabSecurityRealm.setClientID(str2);
                return;
            }
            if (str.toLowerCase().equals("clientsecret")) {
                gitLabSecurityRealm.setClientSecret(str2);
            } else if (str.toLowerCase().equals("gitlabweburi")) {
                gitLabSecurityRealm.setGitlabWebUri(str2);
            } else {
                if (!str.toLowerCase().equals("gitlabapiuri")) {
                    throw new ConversionException("Invalid node value = " + str);
                }
                gitLabSecurityRealm.setGitlabApiUri(str2);
            }
        }
    }

    @Extension
    /* loaded from: input_file:WEB-INF/lib/gitlab-oauth.jar:org/jenkinsci/plugins/GitLabSecurityRealm$DescriptorImpl.class */
    public static final class DescriptorImpl extends Descriptor<SecurityRealm> {
        public String getHelpFile() {
            return "/plugin/gitlab-oauth/help/help-security-realm.html";
        }

        public String getDisplayName() {
            return "Gitlab Authentication Plugin";
        }

        public DescriptorImpl() {
        }

        public DescriptorImpl(Class<? extends SecurityRealm> cls) {
            super(cls);
        }
    }

    @DataBoundConstructor
    public GitLabSecurityRealm(String str, String str2, String str3, String str4, String str5) {
        this.gitlabWebUri = Util.fixEmptyAndTrim(str);
        this.gitlabApiUri = Util.fixEmptyAndTrim(str2);
        this.clientID = Util.fixEmptyAndTrim(str3);
        this.clientSecret = Util.fixEmptyAndTrim(str4);
        this.oauthScopes = Util.fixEmptyAndTrim(str5);
    }

    private GitLabSecurityRealm() {
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void setGitlabWebUri(String str) {
        this.gitlabWebUri = str;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void setClientID(String str) {
        this.clientID = str;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void setClientSecret(String str) {
        this.clientSecret = str;
    }

    public String getGitlabApiUri() {
        return this.gitlabApiUri;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void setGitlabApiUri(String str) {
        this.gitlabApiUri = str;
    }

    public String getGitlabWebUri() {
        return this.gitlabWebUri;
    }

    public String getClientID() {
        return this.clientID;
    }

    public String getClientSecret() {
        return this.clientSecret;
    }

    public String getOauthScopes() {
        return this.oauthScopes;
    }

    public HttpResponse doCommenceLogin(StaplerRequest staplerRequest, @Header("Referer") String str) throws IOException {
        staplerRequest.getSession().setAttribute(REFERER_ATTRIBUTE, str);
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BasicNameValuePair("redirect_uri", buildRedirectUrl(staplerRequest)));
        arrayList.add(new BasicNameValuePair("response_type", "code"));
        arrayList.add(new BasicNameValuePair("client_id", this.clientID));
        return new HttpRedirect(String.valueOf(this.gitlabWebUri) + "/oauth/authorize?" + URLEncodedUtils.format(arrayList, "UTF-8"));
    }

    private String buildRedirectUrl(StaplerRequest staplerRequest) throws MalformedURLException {
        URL url = new URL(staplerRequest.getRequestURL().toString());
        return new URL(url.getProtocol(), url.getHost(), url.getPort(), String.valueOf(staplerRequest.getContextPath()) + "/securityRealm/finishLogin").toString();
    }

    public HttpResponse doFinishLogin(StaplerRequest staplerRequest) throws IOException {
        String parameter = staplerRequest.getParameter("code");
        if (StringUtils.isBlank(parameter)) {
            Log.info("doFinishLogin: missing code.");
            return HttpResponses.redirectToContextRoot();
        }
        HttpPost httpPost = new HttpPost(String.valueOf(this.gitlabWebUri) + "/oauth/token");
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BasicNameValuePair("client_id", this.clientID));
        arrayList.add(new BasicNameValuePair("client_secret", this.clientSecret));
        arrayList.add(new BasicNameValuePair("code", parameter));
        arrayList.add(new BasicNameValuePair("grant_type", "authorization_code"));
        arrayList.add(new BasicNameValuePair("redirect_uri", buildRedirectUrl(staplerRequest)));
        httpPost.setEntity(new UrlEncodedFormEntity(arrayList, "UTF-8"));
        DefaultHttpClient defaultHttpClient = new DefaultHttpClient();
        HttpHost proxy = getProxy(httpPost);
        if (proxy != null) {
            defaultHttpClient.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY, proxy);
        }
        String entityUtils = EntityUtils.toString(defaultHttpClient.execute((HttpUriRequest) httpPost).getEntity());
        defaultHttpClient.getConnectionManager().shutdown();
        String extractToken = extractToken(entityUtils);
        if (StringUtils.isNotBlank(extractToken)) {
            GitLabAuthenticationToken gitLabAuthenticationToken = new GitLabAuthenticationToken(extractToken, getGitlabApiUri());
            SecurityContextHolder.getContext().setAuthentication(gitLabAuthenticationToken);
            GitlabUser myself = gitLabAuthenticationToken.getMyself();
            User current = User.current();
            if (current != null) {
                current.setFullName(myself.getName());
                if (!current.getProperty(Mailer.UserProperty.class).hasExplicitlyConfiguredAddress()) {
                    current.addProperty(new Mailer.UserProperty(gitLabAuthenticationToken.getMyself().getEmail()));
                }
            }
            fireAuthenticated(new GitLabOAuthUserDetails(myself, gitLabAuthenticationToken.getAuthorities()));
        } else {
            Log.info("Gitlab did not return an access token.");
        }
        String str = (String) staplerRequest.getSession().getAttribute(REFERER_ATTRIBUTE);
        return str != null ? HttpResponses.redirectTo(str) : HttpResponses.redirectToContextRoot();
    }

    private void fireAuthenticated(UserDetails userDetails) {
        try {
            Class.forName("jenkins.security.SecurityListener").getMethod("fireAuthenticated", UserDetails.class).invoke(null, userDetails);
        } catch (ClassNotFoundException e) {
        } catch (IllegalAccessException e2) {
            throw ((Error) new IllegalAccessError(e2.getMessage()).initCause(e2));
        } catch (NoSuchMethodException e3) {
        } catch (InvocationTargetException e4) {
            LOGGER.log(Level.WARNING, "Failed to invoke fireAuthenticated", (Throwable) e4);
        }
    }

    private HttpHost getProxy(HttpUriRequest httpUriRequest) throws URIException {
        ProxyConfiguration proxyConfiguration;
        Jenkins jenkins = Jenkins.getInstance();
        if (jenkins == null || (proxyConfiguration = jenkins.proxy) == null) {
            return null;
        }
        Proxy createProxy = proxyConfiguration.createProxy(httpUriRequest.getURI().getHost());
        switch ($SWITCH_TABLE$java$net$Proxy$Type()[createProxy.type().ordinal()]) {
            case 1:
                return null;
            case 2:
                InetSocketAddress inetSocketAddress = (InetSocketAddress) createProxy.address();
                return new HttpHost(inetSocketAddress.getHostName(), inetSocketAddress.getPort());
            case 3:
            default:
                return null;
        }
    }

    private String extractToken(String str) {
        try {
            JsonNode jsonNode = new ObjectMapper().readTree(str).get("access_token");
            if (jsonNode != null) {
                return jsonNode.asText();
            }
            return null;
        } catch (JsonProcessingException e) {
            Log.error(e.getMessage(), e);
            return null;
        } catch (IOException e2) {
            Log.error(e2.getMessage(), e2);
            return null;
        }
    }

    public boolean allowsSignup() {
        return false;
    }

    public SecurityRealm.SecurityComponents createSecurityComponents() {
        return new SecurityRealm.SecurityComponents(new AuthenticationManager() { // from class: org.jenkinsci.plugins.GitLabSecurityRealm.1
            public Authentication authenticate(Authentication authentication) throws AuthenticationException {
                if (authentication instanceof GitLabAuthenticationToken) {
                    return authentication;
                }
                if (!(authentication instanceof UsernamePasswordAuthenticationToken)) {
                    throw new BadCredentialsException("Unexpected authentication type: " + authentication);
                }
                try {
                    GitLabAuthenticationToken gitLabAuthenticationToken = new GitLabAuthenticationToken(((UsernamePasswordAuthenticationToken) authentication).getCredentials().toString(), GitLabSecurityRealm.this.getGitlabApiUri());
                    SecurityContextHolder.getContext().setAuthentication(gitLabAuthenticationToken);
                    return gitLabAuthenticationToken;
                } catch (IOException e) {
                    throw new RuntimeException(e);
                }
            }
        }, new UserDetailsService() { // from class: org.jenkinsci.plugins.GitLabSecurityRealm.2
            public UserDetails loadUserByUsername(String str) throws UsernameNotFoundException, DataAccessException {
                return GitLabSecurityRealm.this.loadUserByUsername(str);
            }
        });
    }

    public String getLoginUrl() {
        return "securityRealm/commenceLogin";
    }

    /* renamed from: getDescriptor, reason: merged with bridge method [inline-methods] */
    public DescriptorImpl m368getDescriptor() {
        return (DescriptorImpl) super.getDescriptor();
    }

    public UserDetails loadUserByUsername(String str) throws UsernameNotFoundException, DataAccessException {
        if (!(SecurityContextHolder.getContext().getAuthentication() instanceof GitLabAuthenticationToken)) {
            throw new UserMayOrMayNotExistException("Could not get auth token.");
        }
        GitLabAuthenticationToken authentication = SecurityContextHolder.getContext().getAuthentication();
        try {
            GitLabOAuthUserDetails userDetails = authentication.getUserDetails(str);
            if (userDetails == null) {
                throw new UsernameNotFoundException("Unknown user: " + str);
            }
            if (authentication.loadOrganization(str) != null) {
                throw new UsernameNotFoundException("user(" + str + ") is also an organization");
            }
            return userDetails;
        } catch (Error e) {
            throw new DataRetrievalFailureException("loadUserByUsername (username=" + str + ")", e);
        }
    }

    public boolean equals(Object obj) {
        if (!(obj instanceof GitLabSecurityRealm)) {
            return false;
        }
        GitLabSecurityRealm gitLabSecurityRealm = (GitLabSecurityRealm) obj;
        return getGitlabWebUri().equals(gitLabSecurityRealm.getGitlabWebUri()) && getGitlabApiUri().equals(gitLabSecurityRealm.getGitlabApiUri()) && getClientID().equals(gitLabSecurityRealm.getClientID()) && getClientSecret().equals(gitLabSecurityRealm.getClientSecret()) && getOauthScopes().equals(gitLabSecurityRealm.getOauthScopes());
    }

    public int hashCode() {
        return HashCodeBuilder.reflectionHashCode(this, false);
    }

    public GroupDetails loadGroupByGroupname(String str) throws UsernameNotFoundException, DataAccessException {
        GitLabAuthenticationToken authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null) {
            throw new UsernameNotFoundException("No known group: " + str);
        }
        return new GitLabOAuthGroupDetails(authentication.loadOrganization(str));
    }

    /* synthetic */ GitLabSecurityRealm(GitLabSecurityRealm gitLabSecurityRealm) {
        this();
    }

    static /* synthetic */ int[] $SWITCH_TABLE$java$net$Proxy$Type() {
        int[] iArr = $SWITCH_TABLE$java$net$Proxy$Type;
        if (iArr != null) {
            return iArr;
        }
        int[] iArr2 = new int[Proxy.Type.values().length];
        try {
            iArr2[Proxy.Type.DIRECT.ordinal()] = 1;
        } catch (NoSuchFieldError unused) {
        }
        try {
            iArr2[Proxy.Type.HTTP.ordinal()] = 2;
        } catch (NoSuchFieldError unused2) {
        }
        try {
            iArr2[Proxy.Type.SOCKS.ordinal()] = 3;
        } catch (NoSuchFieldError unused3) {
        }
        $SWITCH_TABLE$java$net$Proxy$Type = iArr2;
        return iArr2;
    }
}
