package hudson.security.csrf;

import hudson.model.Descriptor;
import hudson.model.Hudson;
import hudson.model.ModelObject;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
import net.sf.json.JSONObject;
import org.acegisecurity.Authentication;
import org.kohsuke.stapler.StaplerRequest;

/* loaded from: input_file:WEB-INF/lib/hudson-core-1.321.jar:hudson/security/csrf/DefaultCrumbIssuer.class */
public class DefaultCrumbIssuer extends CrumbIssuer {
    private MessageDigest md;
    private final String PROXY_HEADER = "X-Forwarded-For";
    private static final Logger LOGGER = Logger.getLogger(DefaultCrumbIssuer.class.getName());

    /* loaded from: input_file:WEB-INF/lib/hudson-core-1.321.jar:hudson/security/csrf/DefaultCrumbIssuer$DescriptorImpl.class */
    public static final class DescriptorImpl extends CrumbIssuerDescriptor<DefaultCrumbIssuer> implements ModelObject {
        public DescriptorImpl() {
            super(Hudson.getInstance().getSecretKey(), System.getProperty("hudson.security.csrf.requestfield", ".crumb"));
            load();
        }

        @Override // hudson.model.Descriptor
        public String getDisplayName() {
            return Messages.DefaultCrumbIssuer_DisplayName();
        }

        @Override // hudson.model.Descriptor
        /* renamed from: newInstance */
        public CrumbIssuer newInstance2(StaplerRequest staplerRequest, JSONObject jSONObject) throws Descriptor.FormException {
            return new DefaultCrumbIssuer();
        }
    }

    DefaultCrumbIssuer() {
        try {
            this.md = MessageDigest.getInstance("MD5");
        } catch (NoSuchAlgorithmException e) {
            this.md = null;
            LOGGER.log(Level.SEVERE, "Can't find MD5", (Throwable) e);
        }
    }

    @Override // hudson.security.csrf.CrumbIssuer
    protected String issueCrumb(ServletRequest servletRequest, String str) {
        if (!(servletRequest instanceof HttpServletRequest) || this.md == null) {
            return null;
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        StringBuilder sb = new StringBuilder();
        Authentication authentication = Hudson.getAuthentication();
        if (authentication != null) {
            sb.append(authentication.getName());
        }
        sb.append(';');
        sb.append(getClientIP(httpServletRequest));
        this.md.update(sb.toString().getBytes());
        byte[] digest = this.md.digest(str.getBytes());
        StringBuilder sb2 = new StringBuilder();
        for (byte b : digest) {
            String hexString = Integer.toHexString(255 & b);
            if (hexString.length() == 1) {
                sb2.append('0');
            }
            sb2.append(hexString);
        }
        return sb2.toString();
    }

    @Override // hudson.security.csrf.CrumbIssuer
    public boolean validateCrumb(ServletRequest servletRequest, String str, String str2) {
        String issueCrumb;
        if (!(servletRequest instanceof HttpServletRequest) || (issueCrumb = issueCrumb(servletRequest, str)) == null || str2 == null) {
            return false;
        }
        return issueCrumb.equals(str2);
    }

    private String getClientIP(HttpServletRequest httpServletRequest) {
        String remoteAddr = httpServletRequest.getRemoteAddr();
        String header = httpServletRequest.getHeader("X-Forwarded-For");
        if (header != null) {
            String[] split = header.split(",");
            if (split.length >= 1) {
                return split[0];
            }
        }
        return remoteAddr;
    }
}
