package edu.hawaii.its.hudson.security;

import groovy.lang.GroovyShell;
import groovy.lang.Script;
import hudson.Extension;
import hudson.Util;
import hudson.model.Descriptor;
import hudson.security.ChainedServletFilter;
import hudson.security.SecurityRealm;
import hudson.util.FormValidation;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.StringReader;
import java.net.HttpCookie;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Collection;
import java.util.HashMap;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.acegisecurity.Authentication;
import org.acegisecurity.context.SecurityContextHolder;
import org.apache.commons.lang.StringUtils;
import org.codehaus.groovy.control.CompilationFailedException;
import org.jasig.cas.client.authentication.AttributePrincipalImpl;
import org.jasig.cas.client.authentication.AuthenticationFilter;
import org.jasig.cas.client.util.CommonUtils;
import org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator;
import org.jasig.cas.client.validation.Assertion;
import org.jasig.cas.client.validation.AssertionImpl;
import org.jasig.cas.client.validation.Cas10TicketValidationFilter;
import org.jasig.cas.client.validation.TicketValidationException;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.StaplerResponse;
import org.springframework.web.util.UrlPathHelper;

/* loaded from: input_file:edu/hawaii/its/hudson/security/Cas1SecurityRealm.class */
public class Cas1SecurityRealm extends SecurityRealm {
    private static final String AUTH_KEY = "AUTH_KEY";
    public final String casServerUrl;
    public final String hudsonHostName;
    public final Boolean forceRenewal;
    public final String rolesValidationScript;
    public final String testValidationResponse;
    private transient Script parsedScript = null;

    /* loaded from: input_file:edu/hawaii/its/hudson/security/Cas1SecurityRealm$DescriptorImpl.class */
    public static final class DescriptorImpl extends Descriptor<SecurityRealm> {
        private static final String CONFIRMED = "confirmed";
        static final /* synthetic */ boolean $assertionsDisabled;

        public String getDisplayName() {
            return "CAS protocol version 1";
        }

        public FormValidation doCheckCasServerUrl(@QueryParameter String str) throws IOException, ServletException {
            String fixEmptyAndTrim = Util.fixEmptyAndTrim(str);
            if (fixEmptyAndTrim == null) {
                return FormValidation.error("required");
            }
            try {
                return !CommonUtils.getResponseFromServer(new URL(new StringBuilder().append(fixEmptyAndTrim).append("/login").toString())).contains("username") ? FormValidation.warning("CAS server response could not be validated.") : FormValidation.ok();
            } catch (RuntimeException e) {
                return FormValidation.error("Problem getting a response from CAS server: " + (e.getCause() == null ? e : e.getCause()));
            } catch (MalformedURLException e2) {
                return FormValidation.error("Malformed CAS server URL: " + e2);
            }
        }

        public FormValidation doHudsonConfirmation() {
            return FormValidation.ok(CONFIRMED);
        }

        public FormValidation doCheckHudsonHostName(StaplerRequest staplerRequest, StaplerResponse staplerResponse, @QueryParameter String str) throws IOException, ServletException {
            String fixEmptyAndTrim = Util.fixEmptyAndTrim(str);
            if (fixEmptyAndTrim == null) {
                return FormValidation.error("required");
            }
            String constructServiceUrl = CommonUtils.constructServiceUrl(staplerRequest, staplerResponse, (String) null, fixEmptyAndTrim, "ticket", true);
            String str2 = "descriptorByName/" + Cas1SecurityRealm.class.getName();
            String str3 = str2 + "/checkHudsonHostName";
            if (!$assertionsDisabled && !constructServiceUrl.contains(str3)) {
                throw new AssertionError(constructServiceUrl);
            }
            try {
                URL url = new URL(constructServiceUrl.substring(0, constructServiceUrl.indexOf(str3)) + str2 + "/hudsonConfirmation");
                HttpSession session = staplerRequest.getSession(false);
                return !(session == null ? CommonUtils.getResponseFromServer(url) : getResponseFromServer(url, createSessionCookie(url, session))).contains(CONFIRMED) ? FormValidation.warning("Could not validate Hudson response.") : FormValidation.ok();
            } catch (RuntimeException e) {
                return FormValidation.error("Problem getting a response from Hudson server: " + (e.getCause() == null ? e : e.getCause()));
            } catch (MalformedURLException e2) {
                return FormValidation.error("Malformed Hudson server URL: " + e2);
            }
        }

        private static String getResponseFromServer(URL url, HttpCookie httpCookie) {
            HttpURLConnection httpURLConnection = null;
            try {
                try {
                    httpURLConnection = (HttpURLConnection) url.openConnection();
                    httpURLConnection.setRequestProperty("Cookie", httpCookie.toString());
                    BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream()));
                    StringBuffer stringBuffer = new StringBuffer();
                    while (true) {
                        String readLine = bufferedReader.readLine();
                        if (readLine == null) {
                            break;
                        }
                        stringBuffer.append(readLine);
                        stringBuffer.append("\n");
                    }
                    String stringBuffer2 = stringBuffer.toString();
                    if (httpURLConnection != null) {
                        httpURLConnection.disconnect();
                    }
                    return stringBuffer2;
                } catch (IOException e) {
                    throw new RuntimeException(e);
                }
            } catch (Throwable th) {
                if (httpURLConnection != null) {
                    httpURLConnection.disconnect();
                }
                throw th;
            }
        }

        private static HttpCookie createSessionCookie(URL url, HttpSession httpSession) {
            HttpCookie httpCookie = new HttpCookie("JSESSIONID", httpSession.getId());
            httpCookie.setDomain(url.getHost());
            httpCookie.setPath(url.getPath());
            return httpCookie;
        }

        public FormValidation doTestScript(@QueryParameter("rolesValidationScript") String str, @QueryParameter("testValidationResponse") String str2) {
            try {
                Collection parseRolesFromValidationResponse = Cas1SecurityRealm.parseRolesFromValidationResponse(new GroovyShell().parse(Cas1SecurityRealm.normalizeRolesValidationScript(str)), str2);
                return parseRolesFromValidationResponse == null ? FormValidation.error("Roles Validation Script returned null.") : FormValidation.ok("Roles parsed from the test validation response: " + parseRolesFromValidationResponse);
            } catch (ClassCastException e) {
                return FormValidation.error("Roles Validation Script did not return a Collection: " + e);
            } catch (CompilationFailedException e2) {
                return FormValidation.error("Roles Validation Script failed to compile: " + e2);
            }
        }

        static {
            $assertionsDisabled = !Cas1SecurityRealm.class.desiredAssertionStatus();
        }
    }

    /* loaded from: input_file:edu/hawaii/its/hudson/security/Cas1SecurityRealm$OnlyDoFilter.class */
    private static abstract class OnlyDoFilter implements Filter {
        private OnlyDoFilter() {
        }

        public void init(FilterConfig filterConfig) throws ServletException {
        }

        public void destroy() {
        }
    }

    @DataBoundConstructor
    public Cas1SecurityRealm(String str, String str2, Boolean bool, String str3, String str4) {
        this.testValidationResponse = str4 == null ? "" : str4;
        this.casServerUrl = Util.fixEmptyAndTrim(str);
        this.hudsonHostName = Util.fixEmptyAndTrim(str2);
        this.rolesValidationScript = normalizeRolesValidationScript(str3);
        this.forceRenewal = bool;
    }

    protected String getPostLogOutUrl(StaplerRequest staplerRequest, Authentication authentication) {
        return this.casServerUrl + "/logout";
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String normalizeRolesValidationScript(String str) {
        String fixEmptyAndTrim = Util.fixEmptyAndTrim(str);
        if (fixEmptyAndTrim == null) {
            fixEmptyAndTrim = "return []";
        }
        return fixEmptyAndTrim;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized Script getParsedScript() {
        if (this.parsedScript == null) {
            this.parsedScript = new GroovyShell().parse(this.rolesValidationScript);
        }
        return this.parsedScript;
    }

    public Filter createFilter(FilterConfig filterConfig) {
        Filter authenticationFilter = new AuthenticationFilter();
        authenticationFilter.setIgnoreInitConfiguration(true);
        authenticationFilter.setRenew(this.forceRenewal.booleanValue());
        authenticationFilter.setGateway(false);
        authenticationFilter.setCasServerLoginUrl(this.casServerUrl + "/login");
        authenticationFilter.setServerName(this.hudsonHostName);
        Filter cas10TicketValidationFilter = new Cas10TicketValidationFilter();
        cas10TicketValidationFilter.setIgnoreInitConfiguration(true);
        cas10TicketValidationFilter.setRedirectAfterValidation(true);
        cas10TicketValidationFilter.setServerName(this.hudsonHostName);
        cas10TicketValidationFilter.setTicketValidator(new AbstractCasProtocolUrlBasedTicketValidator(this.casServerUrl) { // from class: edu.hawaii.its.hudson.security.Cas1SecurityRealm.1
            static final /* synthetic */ boolean $assertionsDisabled;

            protected String getUrlSuffix() {
                return "validate";
            }

            protected Assertion parseResponseFromServer(String str) throws TicketValidationException {
                if (!str.startsWith("yes")) {
                    throw new TicketValidationException("CAS could not validate ticket.");
                }
                try {
                    BufferedReader bufferedReader = new BufferedReader(new StringReader(str));
                    String readLine = bufferedReader.readLine();
                    if (!$assertionsDisabled && !readLine.equals("yes")) {
                        throw new AssertionError(readLine);
                    }
                    String readLine2 = bufferedReader.readLine();
                    Collection parseRolesFromValidationResponse = Cas1SecurityRealm.parseRolesFromValidationResponse(Cas1SecurityRealm.this.getParsedScript(), str);
                    HashMap hashMap = new HashMap();
                    hashMap.put(Cas1SecurityRealm.AUTH_KEY, new Cas1Authentication(readLine2, parseRolesFromValidationResponse));
                    return new AssertionImpl(new AttributePrincipalImpl(readLine2), hashMap);
                } catch (IOException e) {
                    throw new TicketValidationException("Unable to parse CAS response.", e);
                }
            }

            static {
                $assertionsDisabled = !Cas1SecurityRealm.class.desiredAssertionStatus();
            }
        });
        return new ChainedServletFilter(new Filter[]{authenticationFilter, cas10TicketValidationFilter, new OnlyDoFilter() { // from class: edu.hawaii.its.hudson.security.Cas1SecurityRealm.2
            public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
                try {
                    SecurityContextHolder.getContext().setAuthentication((Cas1Authentication) ((Assertion) ((HttpServletRequest) servletRequest).getSession(false).getAttribute("_const_cas_assertion_")).getAttributes().get(Cas1SecurityRealm.AUTH_KEY));
                    filterChain.doFilter(servletRequest, servletResponse);
                    SecurityContextHolder.getContext().setAuthentication((Authentication) null);
                } catch (Throwable th) {
                    SecurityContextHolder.getContext().setAuthentication((Authentication) null);
                    throw th;
                }
            }
        }, new OnlyDoFilter() { // from class: edu.hawaii.its.hudson.security.Cas1SecurityRealm.3
            private final UrlPathHelper URL_PATH_HELPER = new UrlPathHelper();

            public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
                if (servletRequest instanceof HttpServletRequest) {
                    HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
                    if (httpServletRequest.getRequestURI().contains(";jsessionid=") && httpServletRequest.isRequestedSessionIdFromCookie()) {
                        String requestUri = this.URL_PATH_HELPER.getRequestUri(httpServletRequest);
                        if (StringUtils.isNotBlank(httpServletRequest.getQueryString())) {
                            requestUri = requestUri + "?" + this.URL_PATH_HELPER.decodeRequestString(httpServletRequest, httpServletRequest.getQueryString());
                        }
                        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
                        httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(requestUri));
                        return;
                    }
                }
                filterChain.doFilter(servletRequest, servletResponse);
            }
        }});
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Collection parseRolesFromValidationResponse(Script script, String str) {
        script.getBinding().setVariable("response", str);
        return (Collection) script.run();
    }

    public SecurityRealm.SecurityComponents createSecurityComponents() {
        return new SecurityRealm.SecurityComponents();
    }

    @Extension
    public static DescriptorImpl install() {
        return new DescriptorImpl();
    }
}
