package hudson.security;

import hudson.Functions;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.Date;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import jenkins.model.Jenkins;
import jenkins.security.HMACConfidentialKey;
import jenkins.security.ImpersonatingUserDetailsService;
import net.sf.json.util.JSONUtils;
import org.acegisecurity.Authentication;
import org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices;
import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.UserDetailsService;
import org.apache.commons.codec.binary.Base64;
import org.springframework.aop.framework.autoproxy.target.QuickTargetSourceCreator;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/lib/jenkins-core-2.121.3.jar:hudson/security/TokenBasedRememberMeServices2.class */
public class TokenBasedRememberMeServices2 extends TokenBasedRememberMeServices {
    private static final HMACConfidentialKey MAC = new HMACConfidentialKey(TokenBasedRememberMeServices.class, "mac");
    private static final Method SET_HTTP_ONLY;

    @Override // org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices
    public void setUserDetailsService(UserDetailsService userDetailsService) {
        super.setUserDetailsService(new ImpersonatingUserDetailsService(userDetailsService));
    }

    @Override // org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices
    protected String makeTokenSignature(long j, UserDetails userDetails) {
        return MAC.mac(userDetails.getUsername() + QuickTargetSourceCreator.PREFIX_COMMONS_POOL + j + ":N/A:" + getKey());
    }

    @Override // org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices
    protected String retrievePassword(Authentication authentication) {
        return "N/A";
    }

    @Override // org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices, org.acegisecurity.ui.rememberme.RememberMeServices
    public void loginSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) {
        if (!rememberMeRequested(httpServletRequest, getParameter())) {
            if (logger.isDebugEnabled()) {
                logger.debug("Did not send remember-me cookie (principal did not set parameter '" + getParameter() + "')");
                return;
            }
            return;
        }
        Jenkins instanceOrNull = Jenkins.getInstanceOrNull();
        if (instanceOrNull != null && instanceOrNull.isDisableRememberMe()) {
            if (logger.isDebugEnabled()) {
                logger.debug("Did not send remember-me cookie because 'Remember Me' is disabled in security configuration (principal did set parameter '" + getParameter() + "')");
                return;
            }
            return;
        }
        Assert.notNull(authentication.getPrincipal());
        Assert.notNull(authentication.getCredentials());
        Assert.isInstanceOf(UserDetails.class, authentication.getPrincipal());
        long currentTimeMillis = System.currentTimeMillis() + (this.tokenValiditySeconds * 1000);
        String username = ((UserDetails) authentication.getPrincipal()).getUsername();
        httpServletResponse.addCookie(makeValidCookie(new String(Base64.encodeBase64((username + QuickTargetSourceCreator.PREFIX_COMMONS_POOL + currentTimeMillis + QuickTargetSourceCreator.PREFIX_COMMONS_POOL + makeTokenSignature(currentTimeMillis, (UserDetails) authentication.getPrincipal())).getBytes())), httpServletRequest, this.tokenValiditySeconds));
        if (logger.isDebugEnabled()) {
            logger.debug("Added remember-me cookie for user '" + username + "', expiry: '" + new Date(currentTimeMillis) + JSONUtils.SINGLE_QUOTE);
        }
    }

    @Override // org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices, org.acegisecurity.ui.rememberme.RememberMeServices
    public Authentication autoLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (Jenkins.getInstance().isDisableRememberMe()) {
            cancelCookie(httpServletRequest, httpServletResponse, null);
            return null;
        }
        try {
            return super.autoLogin(httpServletRequest, httpServletResponse);
        } catch (Exception e) {
            cancelCookie(httpServletRequest, httpServletResponse, "Failed to handle remember-me cookie: " + Functions.printThrowable(e));
            return null;
        }
    }

    @Override // org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices
    protected Cookie makeValidCookie(String str, HttpServletRequest httpServletRequest, long j) {
        Cookie makeValidCookie = super.makeValidCookie(str, httpServletRequest, j);
        secureCookie(makeValidCookie, httpServletRequest);
        return makeValidCookie;
    }

    @Override // org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices
    protected Cookie makeCancelCookie(HttpServletRequest httpServletRequest) {
        Cookie makeCancelCookie = super.makeCancelCookie(httpServletRequest);
        secureCookie(makeCancelCookie, httpServletRequest);
        return makeCancelCookie;
    }

    private void secureCookie(Cookie cookie, HttpServletRequest httpServletRequest) {
        if (SET_HTTP_ONLY != null) {
            try {
                SET_HTTP_ONLY.invoke(cookie, true);
            } catch (IllegalAccessException e) {
            } catch (InvocationTargetException e2) {
            }
        }
        cookie.setSecure(httpServletRequest.isSecure());
    }

    static {
        Method method = null;
        try {
            method = Cookie.class.getMethod("setHttpOnly", Boolean.TYPE);
        } catch (NoSuchMethodException e) {
        }
        SET_HTTP_ONLY = method;
    }
}
