package com.google.gerrit.pgm.init;

import com.google.gerrit.extensions.client.AuthType;
import com.google.gerrit.extensions.client.GitBasicAuthPolicy;
import com.google.gerrit.pgm.init.api.ConsoleUI;
import com.google.gerrit.pgm.init.api.InitFlags;
import com.google.gerrit.pgm.init.api.InitStep;
import com.google.gerrit.pgm.init.api.InitUtil;
import com.google.gerrit.pgm.init.api.Section;
import com.google.gerrit.server.mail.SignedToken;
import com.google.inject.Inject;
import com.google.inject.Singleton;
import java.util.EnumSet;

@Singleton
/* loaded from: input_file:com/google/gerrit/pgm/init/InitAuth.class */
class InitAuth implements InitStep {
    private static final String RECEIVE = "receive";
    private static final String ENABLE_SIGNED_PUSH = "enableSignedPush";
    private final ConsoleUI ui;
    private final Section auth;
    private final Section ldap;
    private final Section receive;
    private final InitFlags flags;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.google.gerrit.pgm.init.InitAuth$1, reason: invalid class name */
    /* loaded from: input_file:com/google/gerrit/pgm/init/InitAuth$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$google$gerrit$extensions$client$AuthType = new int[AuthType.values().length];

        static {
            try {
                $SwitchMap$com$google$gerrit$extensions$client$AuthType[AuthType.HTTP.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$google$gerrit$extensions$client$AuthType[AuthType.HTTP_LDAP.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$google$gerrit$extensions$client$AuthType[AuthType.LDAP.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$com$google$gerrit$extensions$client$AuthType[AuthType.OAUTH.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$com$google$gerrit$extensions$client$AuthType[AuthType.CLIENT_SSL_CERT_LDAP.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$com$google$gerrit$extensions$client$AuthType[AuthType.CUSTOM_EXTENSION.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$com$google$gerrit$extensions$client$AuthType[AuthType.DEVELOPMENT_BECOME_ANY_ACCOUNT.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$com$google$gerrit$extensions$client$AuthType[AuthType.LDAP_BIND.ordinal()] = 8;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$com$google$gerrit$extensions$client$AuthType[AuthType.OPENID.ordinal()] = 9;
            } catch (NoSuchFieldError e9) {
            }
            try {
                $SwitchMap$com$google$gerrit$extensions$client$AuthType[AuthType.OPENID_SSO.ordinal()] = 10;
            } catch (NoSuchFieldError e10) {
            }
        }
    }

    @Inject
    InitAuth(InitFlags initFlags, ConsoleUI consoleUI, Section.Factory factory) {
        this.flags = initFlags;
        this.ui = consoleUI;
        this.auth = factory.get("auth", null);
        this.ldap = factory.get("ldap", null);
        this.receive = factory.get(RECEIVE, null);
    }

    @Override // com.google.gerrit.pgm.init.api.InitStep
    public void run() {
        this.ui.header("User Authentication", new Object[0]);
        initAuthType();
        if (this.auth.getSecure("registerEmailPrivateKey") == null) {
            this.auth.setSecure("registerEmailPrivateKey", SignedToken.generateRandomKey());
        }
        initSignedPush();
    }

    private void initAuthType() {
        AuthType select = this.auth.select("Authentication method", "type", this.flags.dev ? AuthType.DEVELOPMENT_BECOME_ANY_ACCOUNT : AuthType.OPENID);
        switch (AnonymousClass1.$SwitchMap$com$google$gerrit$extensions$client$AuthType[select.ordinal()]) {
            case 1:
            case 2:
                String str = this.auth.get("httpHeader");
                if (this.ui.yesno(Boolean.valueOf(str != null), "Get username from custom HTTP header", new Object[0])) {
                    this.auth.string("Username HTTP header", "httpHeader", "SM_USER");
                } else if (str != null) {
                    this.auth.unset("httpHeader");
                }
                this.auth.string("SSO logout URL", "logoutUrl", null);
                break;
            case 3:
                this.auth.select("Git/HTTP authentication", "gitBasicAuthPolicy", (String) GitBasicAuthPolicy.HTTP, (GitBasicAuthPolicy) EnumSet.of(GitBasicAuthPolicy.HTTP, GitBasicAuthPolicy.HTTP_LDAP, GitBasicAuthPolicy.LDAP));
                break;
            case 4:
                if (this.auth.select("Git/HTTP authentication", "gitBasicAuthPolicy", (String) GitBasicAuthPolicy.HTTP, (GitBasicAuthPolicy) EnumSet.of(GitBasicAuthPolicy.HTTP, GitBasicAuthPolicy.OAUTH)) == GitBasicAuthPolicy.OAUTH) {
                    this.ui.message("*WARNING* Please make sure that your chosen OAuth provider\nsupports Git token authentication.\n", new Object[0]);
                    break;
                }
                break;
        }
        switch (AnonymousClass1.$SwitchMap$com$google$gerrit$extensions$client$AuthType[select.ordinal()]) {
            case 1:
            case 4:
            case 5:
            case 6:
            case 7:
            case 9:
            case 10:
            default:
                return;
            case 2:
            case 3:
            case 8:
                String string = this.ldap.string("LDAP server", "server", "ldap://localhost");
                if (string != null && !string.startsWith("ldap://") && !string.startsWith("ldaps://")) {
                    string = this.ui.yesno(false, "Use SSL", new Object[0]) ? "ldaps://" + string : "ldap://" + string;
                    this.ldap.set("server", string);
                }
                this.ldap.string("LDAP username", "username", null);
                this.ldap.password("username", "password");
                this.ldap.string("Group BaseDN", "groupBase", this.ldap.string("Account BaseDN", "accountBase", InitUtil.dnOf(string)));
                return;
        }
    }

    private void initSignedPush() {
        this.receive.set(ENABLE_SIGNED_PUSH, Boolean.toString(this.ui.yesno(Boolean.valueOf(this.flags.cfg.getBoolean(RECEIVE, ENABLE_SIGNED_PUSH, false)), "Enable signed push support", new Object[0])));
    }
}
