package hudson.security.csrf;

import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.DescriptorExtensionList;
import hudson.ExtensionPoint;
import hudson.Util;
import hudson.init.Initializer;
import hudson.model.Api;
import hudson.model.Describable;
import hudson.model.Descriptor;
import hudson.util.MultipartFormDataParser;
import io.jenkins.servlet.ServletRequestWrapper;
import io.jenkins.servlet.http.HttpServletRequestWrapper;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletOutputStream;
import jakarta.servlet.ServletRequest;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import javax.servlet.http.HttpServletRequest;
import jenkins.model.Jenkins;
import jenkins.security.stapler.StaplerAccessibleType;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.Stapler;
import org.kohsuke.stapler.StaplerRequest2;
import org.kohsuke.stapler.StaplerResponse2;
import org.kohsuke.stapler.WebApp;
import org.kohsuke.stapler.export.Exported;
import org.kohsuke.stapler.export.ExportedBean;

@ExportedBean
@StaplerAccessibleType
/* loaded from: input_file:WEB-INF/lib/jenkins-core-2.507.jar:hudson/security/csrf/CrumbIssuer.class */
public abstract class CrumbIssuer implements Describable<CrumbIssuer>, ExtensionPoint {
    private static final String CRUMB_ATTRIBUTE = CrumbIssuer.class.getName() + "_crumb";

    @Restricted({NoExternalUse.class})
    public static final String DEFAULT_CRUMB_NAME = "Jenkins-Crumb";

    @Restricted({NoExternalUse.class})
    /* loaded from: input_file:WEB-INF/lib/jenkins-core-2.507.jar:hudson/security/csrf/CrumbIssuer$RestrictedApi.class */
    public static class RestrictedApi extends Api {
        RestrictedApi(CrumbIssuer crumbIssuer) {
            super(crumbIssuer);
        }

        @Override // hudson.model.Api
        public void doXml(StaplerRequest2 staplerRequest2, StaplerResponse2 staplerResponse2, @QueryParameter String str, @QueryParameter String str2, @QueryParameter String str3, @QueryParameter int i) throws IOException, ServletException {
            setHeaders(staplerResponse2);
            CrumbIssuer crumbIssuer = (CrumbIssuer) this.bean;
            String crumbRequestField = "/*/crumbRequestField/text()".equals(str) ? crumbIssuer.getCrumbRequestField() : "/*/crumb/text()".equals(str) ? crumbIssuer.getCrumb() : "concat(//crumbRequestField,\":\",//crumb)".equals(str) ? crumbIssuer.getCrumbRequestField() + ":" + crumbIssuer.getCrumb() : "concat(//crumbRequestField,'=',//crumb)".equals(str) ? (crumbIssuer.getCrumbRequestField().startsWith(".") || crumbIssuer.getCrumbRequestField().contains("-")) ? crumbIssuer.getCrumbRequestField() + "=" + crumbIssuer.getCrumb() : null : null;
            if (crumbRequestField == null) {
                super.doXml(staplerRequest2, staplerResponse2, str, str2, str3, i);
                return;
            }
            ServletOutputStream outputStream = staplerResponse2.getOutputStream();
            try {
                staplerResponse2.setContentType("text/plain;charset=UTF-8");
                outputStream.write(crumbRequestField.getBytes(StandardCharsets.UTF_8));
                if (outputStream != null) {
                    outputStream.close();
                }
            } catch (Throwable th) {
                if (outputStream != null) {
                    try {
                        outputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [hudson.security.csrf.CrumbIssuerDescriptor] */
    @Exported
    public String getCrumbRequestField() {
        return getDescriptor2().getCrumbRequestField();
    }

    @Exported
    public String getCrumb() {
        return getCrumb(Stapler.getCurrentRequest2());
    }

    /* JADX WARN: Type inference failed for: r2v1, types: [hudson.security.csrf.CrumbIssuerDescriptor] */
    public String getCrumb(ServletRequest servletRequest) {
        String str = null;
        if (servletRequest != null) {
            str = (String) servletRequest.getAttribute(CRUMB_ATTRIBUTE);
        }
        if (str == null) {
            str = issueCrumb(servletRequest, getDescriptor2().getCrumbSalt());
            if (servletRequest != null) {
                if (str == null || str.isEmpty()) {
                    servletRequest.removeAttribute(CRUMB_ATTRIBUTE);
                } else {
                    servletRequest.setAttribute(CRUMB_ATTRIBUTE, str);
                }
            }
        }
        return str;
    }

    @Deprecated
    public String getCrumb(javax.servlet.ServletRequest servletRequest) {
        return getCrumb(servletRequest != null ? wrap(servletRequest) : null);
    }

    protected String issueCrumb(ServletRequest servletRequest, String str) {
        return (String) Util.ifOverridden(() -> {
            return issueCrumb(servletRequest != null ? wrap(servletRequest) : null, str);
        }, CrumbIssuer.class, getClass(), "issueCrumb", javax.servlet.ServletRequest.class, String.class);
    }

    @Deprecated
    protected String issueCrumb(javax.servlet.ServletRequest servletRequest, String str) {
        return (String) Util.ifOverridden(() -> {
            return issueCrumb(servletRequest != null ? wrap(servletRequest) : null, str);
        }, CrumbIssuer.class, getClass(), "issueCrumb", ServletRequest.class, String.class);
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [hudson.security.csrf.CrumbIssuerDescriptor] */
    public boolean validateCrumb(ServletRequest servletRequest) {
        ?? descriptor2 = getDescriptor2();
        return validateCrumb(servletRequest, descriptor2.getCrumbSalt(), servletRequest.getParameter(descriptor2.getCrumbRequestField()));
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [hudson.security.csrf.CrumbIssuerDescriptor] */
    public boolean validateCrumb(ServletRequest servletRequest, MultipartFormDataParser multipartFormDataParser) {
        ?? descriptor2 = getDescriptor2();
        return validateCrumb(servletRequest, descriptor2.getCrumbSalt(), multipartFormDataParser.get(descriptor2.getCrumbRequestField()));
    }

    @Deprecated
    public boolean validateCrumb(javax.servlet.ServletRequest servletRequest, MultipartFormDataParser multipartFormDataParser) {
        return validateCrumb(servletRequest != null ? wrap(servletRequest) : null, multipartFormDataParser);
    }

    private static ServletRequest wrap(@NonNull javax.servlet.ServletRequest servletRequest) {
        return servletRequest instanceof HttpServletRequest ? HttpServletRequestWrapper.toJakartaHttpServletRequest((HttpServletRequest) servletRequest) : ServletRequestWrapper.toJakartaServletRequest(servletRequest);
    }

    public boolean validateCrumb(ServletRequest servletRequest, String str, String str2) {
        return ((Boolean) Util.ifOverridden(() -> {
            return Boolean.valueOf(validateCrumb(servletRequest != null ? wrap(servletRequest) : null, str, str2));
        }, CrumbIssuer.class, getClass(), "validateCrumb", javax.servlet.ServletRequest.class, String.class, String.class)).booleanValue();
    }

    private static javax.servlet.ServletRequest wrap(@NonNull ServletRequest servletRequest) {
        return servletRequest instanceof jakarta.servlet.http.HttpServletRequest ? HttpServletRequestWrapper.fromJakartaHttpServletRequest((jakarta.servlet.http.HttpServletRequest) servletRequest) : ServletRequestWrapper.fromJakartaServletRequest(servletRequest);
    }

    @Deprecated
    public boolean validateCrumb(javax.servlet.ServletRequest servletRequest, String str, String str2) {
        return ((Boolean) Util.ifOverridden(() -> {
            return Boolean.valueOf(validateCrumb(servletRequest != null ? wrap(servletRequest) : null, str, str2));
        }, CrumbIssuer.class, getClass(), "validateCrumb", ServletRequest.class, String.class, String.class)).booleanValue();
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // hudson.model.Describable
    /* renamed from: getDescriptor */
    public Descriptor<CrumbIssuer> getDescriptor2() {
        return (CrumbIssuerDescriptor) Jenkins.get().getDescriptorOrDie(getClass());
    }

    public static DescriptorExtensionList<CrumbIssuer, Descriptor<CrumbIssuer>> all() {
        return Jenkins.get().getDescriptorList(CrumbIssuer.class);
    }

    public Api getApi() {
        return new RestrictedApi(this);
    }

    @Initializer
    public static void initStaplerCrumbIssuer() {
        WebApp.get(Jenkins.get().getServletContext()).setCrumbIssuer(new org.kohsuke.stapler.CrumbIssuer() { // from class: hudson.security.csrf.CrumbIssuer.1
            @Override // org.kohsuke.stapler.CrumbIssuer
            public String issueCrumb(StaplerRequest2 staplerRequest2) {
                CrumbIssuer crumbIssuer = Jenkins.get().getCrumbIssuer();
                return crumbIssuer != null ? crumbIssuer.getCrumb(staplerRequest2) : DEFAULT.issueCrumb(staplerRequest2);
            }

            /* JADX WARN: Type inference failed for: r2v1, types: [hudson.security.csrf.CrumbIssuerDescriptor] */
            @Override // org.kohsuke.stapler.CrumbIssuer
            public void validateCrumb(StaplerRequest2 staplerRequest2, String str) {
                CrumbIssuer crumbIssuer = Jenkins.get().getCrumbIssuer();
                if (crumbIssuer == null) {
                    DEFAULT.validateCrumb(staplerRequest2, str);
                } else if (!crumbIssuer.validateCrumb(staplerRequest2, crumbIssuer.getDescriptor2().getCrumbSalt(), str)) {
                    throw new SecurityException("Crumb didn't match");
                }
            }
        });
    }
}
