package org.jenkinsci.plugins.saml;

import hudson.Extension;
import hudson.Util;
import hudson.model.Descriptor;
import hudson.model.User;
import hudson.security.GroupDetails;
import hudson.security.SecurityRealm;
import hudson.security.UserMayOrMayNotExistException;
import hudson.tasks.Mailer;
import hudson.util.FormValidation;
import hudson.util.Secret;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.annotation.Nonnull;
import javax.servlet.ServletException;
import jenkins.model.Jenkins;
import jenkins.security.SecurityListener;
import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationManager;
import org.acegisecurity.BadCredentialsException;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.apache.commons.io.FileUtils;
import org.apache.commons.lang.StringUtils;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.Header;
import org.kohsuke.stapler.HttpResponse;
import org.kohsuke.stapler.HttpResponses;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.StaplerResponse;
import org.pac4j.core.client.RedirectAction;
import org.pac4j.saml.profile.SAML2Profile;
import org.springframework.dao.DataAccessException;

/* loaded from: input_file:org/jenkinsci/plugins/saml/SamlSecurityRealm.class */
public class SamlSecurityRealm extends SecurityRealm {
    public static final String DEFAULT_DISPLAY_NAME_ATTRIBUTE_NAME = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name";
    public static final String DEFAULT_GROUPS_ATTRIBUTE_NAME = "http://schemas.xmlsoap.org/claims/Group";
    public static final int DEFAULT_MAXIMUM_AUTHENTICATION_LIFETIME = 86400;
    public static final String DEFAULT_USERNAME_CASE_CONVERSION = "none";
    public static final String SP_METADATA_FILE_NAME = "/saml-sp-metadata.xml";
    public static final String IDP_METADATA_FILE_NAME = "/saml-idp.metadata.xml";
    public static final String ERROR_ONLY_SPACES_FIELD_VALUE = "The field should have a value different than spaces";
    public static final String ERROR_NOT_VALID_NUMBER = "The field should be a number greater than 0 and lower than 2147483647.";
    public static final String ERROR_MALFORMED_URL = "The url is malformed.";
    public static final String ERROR_IDP_METADATA_EMPTY = "The IdP Metadata can not be empty.";
    public static final String WARN_RECOMMENDED_TO_SET_THE_GROUPS_ATTRIBUTE = "It is recommended to set the groups attribute.";
    public static final String WARN_RECOMMENDED_TO_SET_THE_USERNAME_ATTRIBUTE = "It is recommended to set the username attribute.";
    public static final String ERROR_NOT_POSSIBLE_TO_READ_KS_FILE = "It is not possible to read the keystore file.";
    public static final String ERROR_CERTIFICATES_COULD_NOT_BE_LOADED = "Any of the certificates in the keystore could not be loaded";
    public static final String ERROR_ALGORITHM_CANNOT_BE_FOUND = "the algorithm used to check the integrity of the keystore cannot be found";
    public static final String ERROR_NO_PROVIDER_SUPPORTS_A_KS_SPI_IMPL = "No Provider supports a KeyStoreSpi implementation for the specified type.";
    public static final String ERROR_WRONG_INFO_OR_PASSWORD = "The entry is a PrivateKeyEntry or SecretKeyEntry and the specified protParam does not contain the information needed to recover the key (e.g. wrong password)";
    public static final String ERROR_INSUFFICIENT_OR_INVALID_INFO = "The specified protParam were insufficient or invalid";
    public static final String CONSUMER_SERVICE_URL_PATH = "securityRealm/finishLogin";
    public static final String EXPIRATION_ATTRIBUTE = SamlSecurityRealm.class.getName() + ".expiration";
    private static final Logger LOG = Logger.getLogger(SamlSecurityRealm.class.getName());
    private static final String REFERER_ATTRIBUTE = SamlSecurityRealm.class.getName() + ".referer";
    public static final String WARN_THERE_IS_NOT_KEY_STORE = "There is not keyStore to validate";
    public static final String ERROR_NOT_KEY_FOUND = "Not key found";
    private String displayNameAttributeName;
    private String groupsAttributeName;
    private int maximumAuthenticationLifetime;
    private String emailAttributeName;
    private final String idpMetadata;
    private final String usernameCaseConversion;
    private final String usernameAttributeName;
    private final String logoutUrl;
    private SamlEncryptionData encryptionData;
    private SamlAdvancedConfiguration advancedConfiguration;

    @Extension
    /* loaded from: input_file:org/jenkinsci/plugins/saml/SamlSecurityRealm$DescriptorImpl.class */
    public static final class DescriptorImpl extends Descriptor<SecurityRealm> {
        public DescriptorImpl() {
        }

        public DescriptorImpl(Class<? extends SecurityRealm> cls) {
            super(cls);
        }

        public String getDisplayName() {
            return "SAML 2.0";
        }

        public FormValidation doCheckLogoutUrl(@QueryParameter String str) {
            if (StringUtils.isEmpty(str)) {
                return FormValidation.ok();
            }
            try {
                new URL(str);
                return FormValidation.ok();
            } catch (MalformedURLException e) {
                return FormValidation.error(SamlSecurityRealm.ERROR_MALFORMED_URL, new Object[]{e});
            }
        }

        public FormValidation doTestIdpMetadata(@QueryParameter("idpMetadata") String str) {
            return StringUtils.isBlank(str) ? FormValidation.error(SamlSecurityRealm.ERROR_IDP_METADATA_EMPTY) : new SamlValidateIdPMetadata(str).get();
        }

        public FormValidation doCheckDisplayNameAttributeName(@QueryParameter String str) {
            if (!StringUtils.isEmpty(str) && StringUtils.isBlank(str)) {
                return FormValidation.error(SamlSecurityRealm.ERROR_ONLY_SPACES_FIELD_VALUE);
            }
            return FormValidation.ok();
        }

        public FormValidation doCheckGroupsAttributeName(@QueryParameter String str) {
            return StringUtils.isEmpty(str) ? FormValidation.warning(SamlSecurityRealm.WARN_RECOMMENDED_TO_SET_THE_GROUPS_ATTRIBUTE) : StringUtils.isBlank(str) ? FormValidation.error(SamlSecurityRealm.ERROR_ONLY_SPACES_FIELD_VALUE) : FormValidation.ok();
        }

        public FormValidation doCheckUsernameAttributeName(@QueryParameter String str) {
            return StringUtils.isEmpty(str) ? FormValidation.warning(SamlSecurityRealm.WARN_RECOMMENDED_TO_SET_THE_USERNAME_ATTRIBUTE) : StringUtils.isBlank(str) ? FormValidation.error(SamlSecurityRealm.ERROR_ONLY_SPACES_FIELD_VALUE) : FormValidation.ok();
        }

        public FormValidation doCheckEmailAttributeName(@QueryParameter String str) {
            if (!StringUtils.isEmpty(str) && StringUtils.isBlank(str)) {
                return FormValidation.error(SamlSecurityRealm.ERROR_ONLY_SPACES_FIELD_VALUE);
            }
            return FormValidation.ok();
        }

        public FormValidation doCheckAuthnContextClassRef(@QueryParameter String str) {
            if (!StringUtils.isEmpty(str) && StringUtils.isBlank(str)) {
                return FormValidation.error(SamlSecurityRealm.ERROR_ONLY_SPACES_FIELD_VALUE);
            }
            return FormValidation.ok();
        }

        public FormValidation doCheckSpEntityId(@QueryParameter String str) {
            if (!StringUtils.isEmpty(str) && StringUtils.isBlank(str)) {
                return FormValidation.error(SamlSecurityRealm.ERROR_ONLY_SPACES_FIELD_VALUE);
            }
            return FormValidation.ok();
        }

        public FormValidation doCheckKeystorePath(@QueryParameter String str) {
            if (!StringUtils.isEmpty(str) && StringUtils.isBlank(str)) {
                return FormValidation.error(SamlSecurityRealm.ERROR_ONLY_SPACES_FIELD_VALUE);
            }
            return FormValidation.ok();
        }

        public FormValidation doCheckKPrivateKeyAlias(@QueryParameter String str) {
            if (!StringUtils.isEmpty(str) && StringUtils.isBlank(str)) {
                return FormValidation.error(SamlSecurityRealm.ERROR_ONLY_SPACES_FIELD_VALUE);
            }
            return FormValidation.ok();
        }

        public FormValidation doCheckMaximumSessionLifetime(@QueryParameter String str) {
            if (StringUtils.isEmpty(str)) {
                return FormValidation.ok();
            }
            try {
                long parseLong = Long.parseLong(str);
                if (parseLong >= 0 && parseLong <= 2147483647L) {
                    return FormValidation.ok();
                }
                return FormValidation.error(SamlSecurityRealm.ERROR_NOT_VALID_NUMBER);
            } catch (NumberFormatException e) {
                return FormValidation.error(SamlSecurityRealm.ERROR_NOT_VALID_NUMBER, new Object[]{e});
            }
        }

        public FormValidation doCheckMaximumAuthenticationLifetime(@QueryParameter String str) {
            if (StringUtils.isEmpty(str)) {
                return FormValidation.ok();
            }
            try {
                long parseLong = Long.parseLong(str);
                if (parseLong >= 0 && parseLong <= 2147483647L) {
                    return FormValidation.ok();
                }
                return FormValidation.error(SamlSecurityRealm.ERROR_NOT_VALID_NUMBER);
            } catch (NumberFormatException e) {
                return FormValidation.error(SamlSecurityRealm.ERROR_NOT_VALID_NUMBER, new Object[]{e});
            }
        }

        public FormValidation doTestKeyStore(@QueryParameter("keystorePath") String str, @QueryParameter("keystorePassword") Secret secret, @QueryParameter("privateKeyPassword") Secret secret2, @QueryParameter("privateKeyAlias") String str2) {
            if (StringUtils.isBlank(str)) {
                return FormValidation.warning(SamlSecurityRealm.WARN_THERE_IS_NOT_KEY_STORE);
            }
            try {
                FileInputStream fileInputStream = new FileInputStream(str);
                Throwable th = null;
                try {
                    try {
                        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                        keyStore.load(fileInputStream, secret.getPlainText().toCharArray());
                        KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(null);
                        if (StringUtils.isNotBlank(secret2.getPlainText())) {
                            passwordProtection = new KeyStore.PasswordProtection(secret2.getPlainText().toCharArray());
                        }
                        Enumeration<String> aliases = keyStore.aliases();
                        while (aliases.hasMoreElements()) {
                            String nextElement = aliases.nextElement();
                            if (StringUtils.isBlank(str2) || nextElement.equalsIgnoreCase(str2)) {
                                keyStore.getEntry(nextElement, passwordProtection);
                                FormValidation ok = FormValidation.ok("Success");
                                if (fileInputStream != null) {
                                    if (0 != 0) {
                                        try {
                                            fileInputStream.close();
                                        } catch (Throwable th2) {
                                            th.addSuppressed(th2);
                                        }
                                    } else {
                                        fileInputStream.close();
                                    }
                                }
                                return ok;
                            }
                        }
                        if (fileInputStream != null) {
                            if (0 != 0) {
                                try {
                                    fileInputStream.close();
                                } catch (Throwable th3) {
                                    th.addSuppressed(th3);
                                }
                            } else {
                                fileInputStream.close();
                            }
                        }
                        return FormValidation.error(SamlSecurityRealm.ERROR_NOT_KEY_FOUND);
                    } finally {
                    }
                } catch (Throwable th4) {
                    if (fileInputStream != null) {
                        if (th != null) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th5) {
                                th.addSuppressed(th5);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                    throw th4;
                }
            } catch (IOException e) {
                return FormValidation.error(e, SamlSecurityRealm.ERROR_NOT_POSSIBLE_TO_READ_KS_FILE);
            } catch (KeyStoreException e2) {
                return FormValidation.error(e2, SamlSecurityRealm.ERROR_NO_PROVIDER_SUPPORTS_A_KS_SPI_IMPL);
            } catch (NoSuchAlgorithmException e3) {
                return FormValidation.error(e3, SamlSecurityRealm.ERROR_ALGORITHM_CANNOT_BE_FOUND);
            } catch (UnrecoverableKeyException e4) {
                return FormValidation.error(e4, SamlSecurityRealm.ERROR_WRONG_INFO_OR_PASSWORD);
            } catch (UnrecoverableEntryException e5) {
                return FormValidation.error(e5, SamlSecurityRealm.ERROR_INSUFFICIENT_OR_INVALID_INFO);
            } catch (CertificateException e6) {
                return FormValidation.error(e6, SamlSecurityRealm.ERROR_CERTIFICATES_COULD_NOT_BE_LOADED);
            }
        }
    }

    @DataBoundConstructor
    public SamlSecurityRealm(String str, String str2, String str3, Integer num, String str4, String str5, String str6, SamlAdvancedConfiguration samlAdvancedConfiguration, SamlEncryptionData samlEncryptionData, String str7) throws IOException {
        this.idpMetadata = Util.fixEmptyAndTrim(str);
        this.usernameAttributeName = Util.fixEmptyAndTrim(str4);
        this.usernameCaseConversion = StringUtils.defaultIfBlank(str7, DEFAULT_USERNAME_CASE_CONVERSION);
        this.logoutUrl = Util.fixEmptyAndTrim(str6);
        this.displayNameAttributeName = DEFAULT_DISPLAY_NAME_ATTRIBUTE_NAME;
        this.groupsAttributeName = DEFAULT_GROUPS_ATTRIBUTE_NAME;
        this.maximumAuthenticationLifetime = DEFAULT_MAXIMUM_AUTHENTICATION_LIFETIME;
        if (str2 != null && !str2.isEmpty()) {
            this.displayNameAttributeName = str2;
        }
        if (str3 != null && !str3.isEmpty()) {
            this.groupsAttributeName = str3;
        }
        if (num != null && num.intValue() > 0) {
            this.maximumAuthenticationLifetime = num.intValue();
        }
        if (StringUtils.isNotBlank(str5)) {
            this.emailAttributeName = Util.fixEmptyAndTrim(str5);
        }
        this.advancedConfiguration = samlAdvancedConfiguration;
        this.encryptionData = samlEncryptionData;
        FileUtils.writeStringToFile(new File(getIDPMetadataFilePath()), str);
        LOG.finer(toString());
    }

    public Object readResolve() {
        if (!new File(getIDPMetadataFilePath()).exists() && this.idpMetadata != null) {
            try {
                FileUtils.writeStringToFile(new File(getIDPMetadataFilePath()), this.idpMetadata);
            } catch (IOException e) {
                LOG.log(Level.SEVERE, "Can not write IdP metadata file in JENKINS_HOME", (Throwable) e);
            }
        }
        return this;
    }

    public SamlSecurityRealm(String str, String str2, String str3, Integer num, String str4, String str5, String str6, SamlAdvancedConfiguration samlAdvancedConfiguration, SamlEncryptionData samlEncryptionData) throws IOException {
        this(str, str2, str3, num, str4, str5, str6, samlAdvancedConfiguration, samlEncryptionData, DEFAULT_USERNAME_CASE_CONVERSION);
    }

    public boolean allowsSignup() {
        return false;
    }

    public SecurityRealm.SecurityComponents createSecurityComponents() {
        LOG.finer("createSecurityComponents");
        return new SecurityRealm.SecurityComponents(new AuthenticationManager() { // from class: org.jenkinsci.plugins.saml.SamlSecurityRealm.1
            public Authentication authenticate(Authentication authentication) throws AuthenticationException {
                if (authentication instanceof SamlAuthenticationToken) {
                    return authentication;
                }
                throw new BadCredentialsException("Unexpected authentication type: " + authentication);
            }
        }, new SamlUserDetailsService());
    }

    public String getLoginUrl() {
        return "securityRealm/commenceLogin";
    }

    public HttpResponse doCommenceLogin(StaplerRequest staplerRequest, StaplerResponse staplerResponse, @Header("Referer") String str) {
        LOG.fine("SamlSecurityRealm.doCommenceLogin called. Using consumerServiceUrl " + getSamlPluginConfig().getConsumerServiceUrl());
        staplerRequest.getSession().setAttribute(REFERER_ATTRIBUTE, str);
        RedirectAction redirectAction = new SamlRedirectActionWrapper(getSamlPluginConfig(), staplerRequest, staplerResponse).get();
        if (redirectAction.getType() == RedirectAction.RedirectType.REDIRECT) {
            LOG.fine("REDIRECT : " + redirectAction.getLocation());
            return HttpResponses.redirectTo(redirectAction.getLocation());
        }
        if (redirectAction.getType() != RedirectAction.RedirectType.SUCCESS) {
            throw new IllegalStateException("Received unexpected response type " + redirectAction.getType());
        }
        LOG.fine("SUCCESS : " + redirectAction.getContent());
        return HttpResponses.html(redirectAction.getContent());
    }

    public HttpResponse doFinishLogin(StaplerRequest staplerRequest, StaplerResponse staplerResponse) {
        LOG.finer("SamlSecurityRealm.doFinishLogin called");
        if (LOG.isLoggable(Level.FINEST)) {
            try {
                LOG.finest("SAMLResponse XML:" + new String(Base64.getDecoder().decode(staplerRequest.getParameter("SAMLResponse")), "UTF-8"));
            } catch (UnsupportedEncodingException e) {
                LOG.finest("No UTF-8 SAMLResponse XML");
            }
        }
        SAML2Profile sAML2Profile = new SamlProfileWrapper(getSamlPluginConfig(), staplerRequest, staplerResponse).get();
        String loadUserName = loadUserName(sAML2Profile);
        List<GrantedAuthority> loadGrantedAuthorities = loadGrantedAuthorities(sAML2Profile);
        SamlUserDetails samlUserDetails = new SamlUserDetails(loadUserName, (GrantedAuthority[]) loadGrantedAuthorities.toArray(new GrantedAuthority[loadGrantedAuthorities.size()]));
        if (getMaximumSessionLifetime() != null) {
            staplerRequest.getSession().setAttribute(EXPIRATION_ATTRIBUTE, Long.valueOf(System.currentTimeMillis() + (1000 * getMaximumSessionLifetime().intValue())));
        }
        SecurityContextHolder.getContext().setAuthentication(new SamlAuthenticationToken(samlUserDetails, staplerRequest.getSession()));
        SecurityListener.fireAuthenticated(samlUserDetails);
        User current = User.current();
        boolean modifyUserFullName = false | modifyUserFullName(current, sAML2Profile) | modifyUserEmail(current, (List) sAML2Profile.getAttribute(getEmailAttributeName()));
        if (current != null && modifyUserFullName) {
            try {
                current.save();
            } catch (IOException e2) {
                LOG.log(Level.WARNING, "Unable to save updated user data", (Throwable) e2);
            }
        }
        SecurityListener.fireLoggedIn(samlUserDetails.getUsername());
        String str = (String) staplerRequest.getSession().getAttribute(REFERER_ATTRIBUTE);
        return HttpResponses.redirectTo(str != null ? str : baseUrl());
    }

    private String baseUrl() {
        return Jenkins.getInstance().getRootUrl();
    }

    private String loadUserName(SAML2Profile sAML2Profile) {
        String usernameFromProfile = getUsernameFromProfile(sAML2Profile);
        if ("lowercase".compareTo(getUsernameCaseConversion()) == 0) {
            usernameFromProfile = usernameFromProfile.toLowerCase();
        } else if ("uppercase".compareTo(getUsernameCaseConversion()) == 0) {
            usernameFromProfile = usernameFromProfile.toUpperCase();
        }
        return usernameFromProfile;
    }

    private boolean modifyUserFullName(User user, SAML2Profile sAML2Profile) {
        boolean z = false;
        String str = null;
        List list = (List) sAML2Profile.getAttribute(getDisplayNameAttributeName());
        if (list != null && !list.isEmpty()) {
            str = (String) list.get(0);
        }
        if (user != null && StringUtils.isNotBlank(str) && str.compareTo(user.getFullName()) != 0) {
            user.setFullName(str);
            z = true;
        }
        return z;
    }

    private List<GrantedAuthority> loadGrantedAuthorities(SAML2Profile sAML2Profile) {
        List list = (List) sAML2Profile.getAttribute(getGroupsAttributeName());
        if (list == null) {
            list = new ArrayList();
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(AUTHENTICATED_AUTHORITY);
        if (!list.isEmpty()) {
            Iterator it = list.iterator();
            while (it.hasNext()) {
                arrayList.add(new SamlGroupAuthority((String) it.next()));
            }
        }
        return arrayList;
    }

    private boolean modifyUserEmail(User user, List<String> list) {
        Mailer.UserProperty property;
        String str = null;
        boolean z = false;
        if (list == null || list.isEmpty()) {
            LOG.warning("There is not Email attribute '" + getEmailAttributeName() + "' for user : " + user.getId());
            return false;
        }
        Iterator<String> it = list.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            String next = it.next();
            if (StringUtils.isNotEmpty(next)) {
                str = next;
                break;
            }
        }
        if (StringUtils.isBlank(str)) {
            LOG.warning("The Email is blank for user : " + user.getId());
        }
        if (user != null) {
            try {
                if (StringUtils.isNotBlank(str) && ((property = user.getProperty(Mailer.UserProperty.class)) == null || str.compareTo(StringUtils.defaultIfBlank(property.getAddress(), "")) != 0)) {
                    user.addProperty(new Mailer.UserProperty(str));
                    z = true;
                }
            } catch (IOException e) {
                LOG.log(Level.SEVERE, "Could not update user email", (Throwable) e);
            }
        }
        return z;
    }

    private String getUsernameFromProfile(SAML2Profile sAML2Profile) {
        if (getUsernameAttributeName() != null) {
            Object attribute = sAML2Profile.getAttribute(getUsernameAttributeName());
            if (attribute instanceof String) {
                return (String) attribute;
            }
            if (attribute instanceof List) {
                return (String) ((List) attribute).get(0);
            }
            LOG.log(Level.SEVERE, "Unable to get username from attribute {0} value {1}, Saml Profile {2}", new Object[]{getUsernameAttributeName(), attribute, sAML2Profile});
            LOG.log(Level.SEVERE, "Falling back to NameId {0}", sAML2Profile.getId());
        }
        return sAML2Profile.getId();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getIDPMetadataFilePath() {
        return Jenkins.getInstance().getRootDir().getAbsolutePath() + IDP_METADATA_FILE_NAME;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getSPMetadataFilePath() {
        return Jenkins.getInstance().getRootDir().getAbsolutePath() + SP_METADATA_FILE_NAME;
    }

    public HttpResponse doMetadata(StaplerRequest staplerRequest, StaplerResponse staplerResponse) {
        return new SamlSPMetadataWrapper(getSamlPluginConfig(), staplerRequest, staplerResponse).get();
    }

    protected String getPostLogOutUrl(StaplerRequest staplerRequest, @Nonnull Authentication authentication) {
        LOG.log(Level.FINE, "Doing Logout {}", authentication.getPrincipal());
        return (Jenkins.getInstance().hasPermission(Jenkins.READ) && StringUtils.isBlank(getLogoutUrl())) ? super.getPostLogOutUrl(staplerRequest, authentication) : StringUtils.isNotBlank(getLogoutUrl()) ? getLogoutUrl() : Jenkins.getInstance().getRootUrl() + "samlLogout";
    }

    public void doLogout(StaplerRequest staplerRequest, StaplerResponse staplerResponse) throws IOException, ServletException {
        super.doLogout(staplerRequest, staplerResponse);
        LOG.log(Level.FINEST, "Here we could do the SAML Single Logout");
    }

    public GroupDetails loadGroupByGroupname(String str) throws UsernameNotFoundException, DataAccessException {
        SamlGroupDetails samlGroupDetails = new SamlGroupDetails(str);
        if (samlGroupDetails.getMembers().isEmpty()) {
            throw new UserMayOrMayNotExistException(str);
        }
        return samlGroupDetails;
    }

    public GroupDetails loadGroupByGroupname(String str, boolean z) throws UsernameNotFoundException, DataAccessException {
        GroupDetails loadGroupByGroupname = loadGroupByGroupname(str);
        if (z) {
            loadGroupByGroupname.getMembers();
        }
        return loadGroupByGroupname;
    }

    public SamlPluginConfig getSamlPluginConfig() {
        return new SamlPluginConfig(this.displayNameAttributeName, this.groupsAttributeName, this.maximumAuthenticationLifetime, this.emailAttributeName, this.idpMetadata, this.usernameCaseConversion, this.usernameAttributeName, this.logoutUrl, this.encryptionData, this.advancedConfiguration);
    }

    public String getIdpMetadata() {
        return this.idpMetadata;
    }

    public String getUsernameAttributeName() {
        return this.usernameAttributeName;
    }

    public String getDisplayNameAttributeName() {
        return this.displayNameAttributeName;
    }

    public String getGroupsAttributeName() {
        return this.groupsAttributeName;
    }

    public Integer getMaximumAuthenticationLifetime() {
        return Integer.valueOf(this.maximumAuthenticationLifetime);
    }

    public SamlAdvancedConfiguration getAdvancedConfiguration() {
        return this.advancedConfiguration;
    }

    public Boolean getForceAuthn() {
        return getAdvancedConfiguration() != null ? getAdvancedConfiguration().getForceAuthn() : Boolean.FALSE;
    }

    public String getAuthnContextClassRef() {
        if (getAdvancedConfiguration() != null) {
            return getAdvancedConfiguration().getAuthnContextClassRef();
        }
        return null;
    }

    public String getSpEntityId() {
        if (getAdvancedConfiguration() != null) {
            return getAdvancedConfiguration().getSpEntityId();
        }
        return null;
    }

    public Integer getMaximumSessionLifetime() {
        if (getAdvancedConfiguration() != null) {
            return getAdvancedConfiguration().getMaximumSessionLifetime();
        }
        return null;
    }

    public SamlEncryptionData getEncryptionData() {
        return this.encryptionData;
    }

    public String getKeystorePath() {
        if (getEncryptionData() != null) {
            return getEncryptionData().getKeystorePath();
        }
        return null;
    }

    public Secret getKeystorePassword() {
        if (getEncryptionData() != null) {
            return getEncryptionData().getKeystorePassword();
        }
        return null;
    }

    public Secret getPrivateKeyPassword() {
        if (getEncryptionData() != null) {
            return getEncryptionData().getPrivateKeyPassword();
        }
        return null;
    }

    public String getPrivateKeyAlias() {
        if (getEncryptionData() != null) {
            return getEncryptionData().getPrivateKeyAlias();
        }
        return null;
    }

    public String getUsernameCaseConversion() {
        return this.usernameCaseConversion;
    }

    public String getEmailAttributeName() {
        return this.emailAttributeName;
    }

    public String getLogoutUrl() {
        return this.logoutUrl;
    }

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer("SamlSecurityRealm{");
        stringBuffer.append(getSamlPluginConfig().toString());
        stringBuffer.append('}');
        return stringBuffer.toString();
    }
}
