package com.google.gerrit.pgm.init;

import com.google.gerrit.extensions.client.AuthType;
import com.google.gerrit.extensions.client.GitBasicAuthPolicy;
import com.google.gerrit.pgm.init.api.ConsoleUI;
import com.google.gerrit.pgm.init.api.InitFlags;
import com.google.gerrit.pgm.init.api.InitStep;
import com.google.gerrit.pgm.init.api.InitUtil;
import com.google.gerrit.pgm.init.api.Section;
import com.google.gwtjsonrpc.server.SignedToken;
import com.google.inject.Inject;
import com.google.inject.Singleton;
import java.util.EnumSet;
import org.apache.derby.security.SystemPermission;

@Singleton
/* loaded from: input_file:com/google/gerrit/pgm/init/InitAuth.class */
class InitAuth implements InitStep {
    private static final String RECEIVE = "receive";
    private static final String ENABLE_SIGNED_PUSH = "enableSignedPush";
    private final ConsoleUI ui;
    private final Section auth;
    private final Section ldap;
    private final Section receive;
    private final InitFlags flags;

    @Inject
    InitAuth(InitFlags initFlags, ConsoleUI consoleUI, Section.Factory factory) {
        this.flags = initFlags;
        this.ui = consoleUI;
        this.auth = factory.get("auth", null);
        this.ldap = factory.get("ldap", null);
        this.receive = factory.get("receive", null);
    }

    @Override // com.google.gerrit.pgm.init.api.InitStep
    public void run() {
        this.ui.header("User Authentication", new Object[0]);
        initAuthType();
        if (this.auth.getSecure("registerEmailPrivateKey") == null) {
            this.auth.setSecure("registerEmailPrivateKey", SignedToken.generateRandomKey());
        }
        initSignedPush();
    }

    private void initAuthType() {
        AuthType authType = (AuthType) this.auth.select("Authentication method", "type", this.flags.dev ? AuthType.DEVELOPMENT_BECOME_ANY_ACCOUNT : AuthType.OPENID);
        switch (authType) {
            case HTTP:
            case HTTP_LDAP:
                String str = this.auth.get("httpHeader");
                if (this.ui.yesno(Boolean.valueOf(str != null), "Get username from custom HTTP header", new Object[0])) {
                    this.auth.string("Username HTTP header", "httpHeader", "SM_USER");
                } else if (str != null) {
                    this.auth.unset("httpHeader");
                }
                this.auth.string("SSO logout URL", "logoutUrl", null);
                break;
            case LDAP:
                this.auth.select("Git/HTTP authentication", "gitBasicAuthPolicy", (String) GitBasicAuthPolicy.HTTP, (GitBasicAuthPolicy) EnumSet.of(GitBasicAuthPolicy.HTTP, GitBasicAuthPolicy.HTTP_LDAP, GitBasicAuthPolicy.LDAP));
                break;
            case OAUTH:
                if (((GitBasicAuthPolicy) this.auth.select("Git/HTTP authentication", "gitBasicAuthPolicy", (String) GitBasicAuthPolicy.HTTP, (GitBasicAuthPolicy) EnumSet.of(GitBasicAuthPolicy.HTTP, GitBasicAuthPolicy.OAUTH))) == GitBasicAuthPolicy.OAUTH) {
                    this.ui.message("*WARNING* Please make sure that your chosen OAuth provider\nsupports Git token authentication.\n", new Object[0]);
                    break;
                }
                break;
        }
        switch (authType) {
            case HTTP:
            case OAUTH:
            case CLIENT_SSL_CERT_LDAP:
            case CUSTOM_EXTENSION:
            case DEVELOPMENT_BECOME_ANY_ACCOUNT:
            case OPENID:
            case OPENID_SSO:
            default:
                return;
            case HTTP_LDAP:
            case LDAP:
            case LDAP_BIND:
                String string = this.ldap.string("LDAP server", SystemPermission.SERVER, "ldap://localhost");
                if (string != null && !string.startsWith("ldap://") && !string.startsWith("ldaps://")) {
                    string = this.ui.yesno(false, "Use SSL", new Object[0]) ? "ldaps://" + string : "ldap://" + string;
                    this.ldap.set(SystemPermission.SERVER, string);
                }
                this.ldap.string("LDAP username", "username", null);
                this.ldap.password("username", "password");
                this.ldap.string("Group BaseDN", "groupBase", this.ldap.string("Account BaseDN", "accountBase", InitUtil.dnOf(string)));
                return;
        }
    }

    private void initSignedPush() {
        this.receive.set(ENABLE_SIGNED_PUSH, Boolean.toString(this.ui.yesno(Boolean.valueOf(this.flags.cfg.getBoolean("receive", ENABLE_SIGNED_PUSH, false)), "Enable signed push support", new Object[0])));
    }
}
