package hudson.security;

import groovy.lang.Binding;
import hudson.DescriptorExtensionList;
import hudson.Extension;
import hudson.Util;
import hudson.model.AbstractDescribableImpl;
import hudson.model.Descriptor;
import hudson.model.User;
import hudson.security.SecurityRealm;
import hudson.tasks.MailAddressResolver;
import hudson.tasks.Mailer;
import hudson.util.FormValidation;
import hudson.util.ListBoxModel;
import hudson.util.Scrambler;
import hudson.util.Secret;
import hudson.util.spring.BeanBuilder;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.Serializable;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.jmdns.impl.constants.DNSConstants;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.InitialDirContext;
import jenkins.model.IdStrategy;
import jenkins.model.Jenkins;
import jenkins.security.plugins.ldap.FromGroupSearchLDAPGroupMembershipStrategy;
import jenkins.security.plugins.ldap.LDAPGroupMembershipStrategy;
import org.acegisecurity.AcegiSecurityException;
import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationManager;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.GrantedAuthorityImpl;
import org.acegisecurity.ldap.InitialDirContextFactory;
import org.acegisecurity.ldap.LdapDataAccessException;
import org.acegisecurity.ldap.LdapTemplate;
import org.acegisecurity.ldap.LdapUserSearch;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.acegisecurity.providers.ldap.LdapAuthoritiesPopulator;
import org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator;
import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.UserDetailsService;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.acegisecurity.userdetails.ldap.LdapUserDetails;
import org.acegisecurity.userdetails.ldap.LdapUserDetailsImpl;
import org.apache.commons.collections.map.LRUMap;
import org.apache.commons.io.input.AutoCloseInputStream;
import org.apache.commons.lang.StringUtils;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.QueryParameter;
import org.sonatype.plexus.components.sec.dispatcher.SecUtil;
import org.springframework.dao.DataAccessException;
import org.springframework.web.context.WebApplicationContext;

/* loaded from: input_file:WEB-INF/detached-plugins/ldap.hpi:WEB-INF/classes/hudson/security/LDAPSecurityRealm.class */
public class LDAPSecurityRealm extends AbstractPasswordBasedSecurityRealm {
    public final String server;
    public final String rootDN;
    public final boolean inhibitInferRootDN;
    public final String userSearchBase;
    public final String userSearch;
    public final String groupSearchBase;
    public final String groupSearchFilter;

    @Deprecated
    public transient String groupMembershipFilter;
    public LDAPGroupMembershipStrategy groupMembershipStrategy;
    public final String managerDN;

    @Deprecated
    private String managerPassword;
    private Secret managerPasswordSecret;
    private transient LdapTemplate ldapTemplate;
    public final boolean disableMailAddressResolver;
    private final CacheConfiguration cache;
    private transient Map<String, CacheEntry<LdapUserDetails>> userDetailsCache;
    private transient Map<String, CacheEntry<Set<String>>> groupDetailsCache;
    private final Map<String, String> extraEnvVars;
    private final String displayNameAttributeName;
    private final String mailAddressAttributeName;
    private final IdStrategy userIdStrategy;
    private final IdStrategy groupIdStrategy;
    private static final boolean FORCE_USERNAME_LOWERCASE = Boolean.getBoolean(LDAPSecurityRealm.class.getName() + ".forceUsernameLowercase");
    private static final boolean FORCE_GROUPNAME_LOWERCASE = Boolean.getBoolean(LDAPSecurityRealm.class.getName() + ".forceGroupnameLowercase");
    private static final Logger LOGGER = Logger.getLogger(LDAPSecurityRealm.class.getName());
    public static String GROUP_SEARCH = System.getProperty(LDAPSecurityRealm.class.getName() + ".groupSearch", "(& (cn={0}) (| (objectclass=groupOfNames) (objectclass=groupOfUniqueNames) (objectclass=posixGroup)))");

    /* loaded from: input_file:WEB-INF/detached-plugins/ldap.hpi:WEB-INF/classes/hudson/security/LDAPSecurityRealm$AuthoritiesPopulatorImpl.class */
    public static final class AuthoritiesPopulatorImpl extends DefaultLdapAuthoritiesPopulator {
        String rolePrefix;
        boolean convertToUpperCase;

        public AuthoritiesPopulatorImpl(InitialDirContextFactory initialDirContextFactory, String str) {
            super(initialDirContextFactory, Util.fixNull(str));
            this.rolePrefix = "ROLE_";
            this.convertToUpperCase = true;
            super.setRolePrefix("");
            super.setConvertToUpperCase(false);
        }

        @Override // org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator
        protected Set getAdditionalRoles(LdapUserDetails ldapUserDetails) {
            return Collections.singleton(SecurityRealm.AUTHENTICATED_AUTHORITY);
        }

        @Override // org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator
        public void setRolePrefix(String str) {
            this.rolePrefix = str;
        }

        @Override // org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator
        public void setConvertToUpperCase(boolean z) {
            this.convertToUpperCase = z;
        }

        @Override // org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator
        public Set getGroupMembershipRoles(String str, String str2) {
            Set groupMembershipRoles = super.getGroupMembershipRoles(str, str2);
            HashSet hashSet = new HashSet(groupMembershipRoles.size() * 2);
            hashSet.addAll(groupMembershipRoles);
            Iterator it = groupMembershipRoles.iterator();
            while (it.hasNext()) {
                String authority = ((GrantedAuthority) it.next()).getAuthority();
                if (this.convertToUpperCase) {
                    authority = authority.toUpperCase();
                }
                hashSet.add(new GrantedAuthorityImpl(this.rolePrefix + authority));
            }
            return hashSet;
        }
    }

    /* loaded from: input_file:WEB-INF/detached-plugins/ldap.hpi:WEB-INF/classes/hudson/security/LDAPSecurityRealm$CacheConfiguration.class */
    public static class CacheConfiguration extends AbstractDescribableImpl<CacheConfiguration> {
        private final int size;
        private final int ttl;

        @Extension
        /* loaded from: input_file:WEB-INF/detached-plugins/ldap.hpi:WEB-INF/classes/hudson/security/LDAPSecurityRealm$CacheConfiguration$DescriptorImpl.class */
        public static class DescriptorImpl extends Descriptor<CacheConfiguration> {
            @Override // hudson.model.Descriptor
            public String getDisplayName() {
                return "";
            }

            public ListBoxModel doFillSizeItems() {
                ListBoxModel listBoxModel = new ListBoxModel();
                listBoxModel.add("10");
                listBoxModel.add("20");
                listBoxModel.add("50");
                listBoxModel.add("100");
                listBoxModel.add("200");
                listBoxModel.add("500");
                listBoxModel.add("1000");
                return listBoxModel;
            }

            public ListBoxModel doFillTtlItems() {
                ListBoxModel listBoxModel = new ListBoxModel();
                listBoxModel.add("30 sec", "30");
                listBoxModel.add("1 min", "60");
                listBoxModel.add("2 min", "120");
                listBoxModel.add("5 min", "300");
                listBoxModel.add("10 min", "600");
                listBoxModel.add("15 min", "900");
                listBoxModel.add("30 min", "1800");
                listBoxModel.add("1 hour", "3600");
                return listBoxModel;
            }
        }

        @DataBoundConstructor
        public CacheConfiguration(int i, int i2) {
            this.size = Math.max(10, Math.min(i, 1000));
            this.ttl = Math.max(30, Math.min(i2, DNSConstants.DNS_TTL));
        }

        public int getSize() {
            return this.size;
        }

        public int getTtl() {
            return this.ttl;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/detached-plugins/ldap.hpi:WEB-INF/classes/hudson/security/LDAPSecurityRealm$CacheEntry.class */
    public static class CacheEntry<T> {
        private final long expires;
        private final T value;

        public CacheEntry(int i, T t) {
            this.expires = System.currentTimeMillis() + TimeUnit.SECONDS.toMillis(i);
            this.value = t;
        }

        public T getValue() {
            return this.value;
        }

        public boolean isValid() {
            return System.currentTimeMillis() < this.expires;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/detached-plugins/ldap.hpi:WEB-INF/classes/hudson/security/LDAPSecurityRealm$CacheMap.class */
    public static class CacheMap<K, V> extends LinkedHashMap<K, CacheEntry<V>> {
        private final int cacheSize;

        public CacheMap(int i) {
            super(i + 1);
            this.cacheSize = i;
        }

        @Override // java.util.LinkedHashMap
        protected boolean removeEldestEntry(Map.Entry<K, CacheEntry<V>> entry) {
            return size() > this.cacheSize || entry.getValue() == null || !entry.getValue().isValid();
        }
    }

    @Extension
    /* loaded from: input_file:WEB-INF/detached-plugins/ldap.hpi:WEB-INF/classes/hudson/security/LDAPSecurityRealm$DescriptorImpl.class */
    public static final class DescriptorImpl extends Descriptor<SecurityRealm> {
        public static final String DEFAULT_DISPLAYNAME_ATTRIBUTE_NAME = "displayname";
        public static final String DEFAULT_MAILADDRESS_ATTRIBUTE_NAME = "mail";
        public static final String DEFAULT_USER_SEARCH = "uid={0}";

        @Override // hudson.model.Descriptor
        public String getDisplayName() {
            return Messages.LDAPSecurityRealm_DisplayName();
        }

        public IdStrategy getDefaultIdStrategy() {
            return IdStrategy.CASE_INSENSITIVE;
        }

        @Deprecated
        public static IdStrategy fromClassName(String str) {
            Iterator<D> it = Jenkins.getInstance().getDescriptorList(IdStrategy.class).iterator();
            while (it.hasNext()) {
                Descriptor descriptor = (Descriptor) it.next();
                if (descriptor.clazz.getName().equals(str)) {
                    try {
                        return (IdStrategy) descriptor.clazz.newInstance();
                    } catch (IllegalAccessException e) {
                    } catch (InstantiationException e2) {
                    }
                }
            }
            return IdStrategy.CASE_INSENSITIVE;
        }

        @Deprecated
        public ListBoxModel doFillUserIdStrategyClassItems() {
            ListBoxModel listBoxModel = new ListBoxModel();
            Iterator<D> it = Jenkins.getInstance().getDescriptorList(IdStrategy.class).iterator();
            while (it.hasNext()) {
                Descriptor descriptor = (Descriptor) it.next();
                try {
                    descriptor.clazz.newInstance();
                    listBoxModel.add(descriptor.getDisplayName(), descriptor.clazz.getName());
                } catch (IllegalAccessException e) {
                } catch (InstantiationException e2) {
                }
            }
            return listBoxModel;
        }

        @Deprecated
        public ListBoxModel doFillGroupIdStrategyClassItems() {
            return doFillUserIdStrategyClassItems();
        }

        public FormValidation doCheckServer(@QueryParameter String str, @QueryParameter String str2, @QueryParameter Secret secret) {
            String secret2 = Secret.toString(secret);
            if (!Jenkins.getInstance().hasPermission(Jenkins.ADMINISTER)) {
                return FormValidation.ok();
            }
            try {
                Hashtable hashtable = new Hashtable();
                if (str2 != null && str2.trim().length() > 0 && !"undefined".equals(str2)) {
                    hashtable.put("java.naming.security.principal", str2);
                }
                if (secret2 != null && secret2.trim().length() > 0 && !"undefined".equals(secret2)) {
                    hashtable.put("java.naming.security.credentials", secret2);
                }
                hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
                hashtable.put("java.naming.provider.url", LDAPSecurityRealm.toProviderUrl(str, ""));
                new InitialDirContext(hashtable).getAttributes("");
                return FormValidation.ok();
            } catch (NumberFormatException e) {
                return FormValidation.error(Messages.LDAPSecurityRealm_InvalidPortNumber());
            } catch (NamingException e2) {
                Matcher matcher = Pattern.compile("(ldaps?://)?([^:]+)(?:\\:(\\d+))?(\\s+(ldaps?://)?([^:]+)(?:\\:(\\d+))?)*").matcher(str.trim());
                if (!matcher.matches()) {
                    return FormValidation.error(Messages.LDAPSecurityRealm_SyntaxOfServerField());
                }
                try {
                    InetAddress byName = InetAddress.getByName(matcher.group(2));
                    int i = matcher.group(1) != null ? 636 : 389;
                    if (matcher.group(3) != null) {
                        i = Integer.parseInt(matcher.group(3));
                    }
                    new Socket(byName, i).close();
                    return FormValidation.error((Throwable) e2, Messages.LDAPSecurityRealm_UnableToConnect(str, e2));
                } catch (UnknownHostException e3) {
                    return FormValidation.error(Messages.LDAPSecurityRealm_UnknownHost(e3.getMessage()));
                } catch (IOException e4) {
                    return FormValidation.error(e4, Messages.LDAPSecurityRealm_UnableToConnect(str, e4.getMessage()));
                }
            }
        }

        public DescriptorExtensionList<LDAPGroupMembershipStrategy, Descriptor<LDAPGroupMembershipStrategy>> getGroupMembershipStrategies() {
            return Jenkins.getInstance().getDescriptorList(LDAPGroupMembershipStrategy.class);
        }
    }

    /* loaded from: input_file:WEB-INF/detached-plugins/ldap.hpi:WEB-INF/classes/hudson/security/LDAPSecurityRealm$EnvironmentProperty.class */
    public static class EnvironmentProperty extends AbstractDescribableImpl<EnvironmentProperty> implements Serializable {
        private final String name;
        private final String value;

        @Extension
        /* loaded from: input_file:WEB-INF/detached-plugins/ldap.hpi:WEB-INF/classes/hudson/security/LDAPSecurityRealm$EnvironmentProperty$DescriptorImpl.class */
        public static class DescriptorImpl extends Descriptor<EnvironmentProperty> {
            @Override // hudson.model.Descriptor
            public String getDisplayName() {
                return null;
            }
        }

        @DataBoundConstructor
        public EnvironmentProperty(String str, String str2) {
            this.name = str;
            this.value = str2;
        }

        public String getName() {
            return this.name;
        }

        public String getValue() {
            return this.value;
        }

        public static Map<String, String> toMap(List<EnvironmentProperty> list) {
            if (list == null) {
                return null;
            }
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            for (EnvironmentProperty environmentProperty : list) {
                linkedHashMap.put(environmentProperty.getName(), environmentProperty.getValue());
            }
            return linkedHashMap;
        }
    }

    /* loaded from: input_file:WEB-INF/detached-plugins/ldap.hpi:WEB-INF/classes/hudson/security/LDAPSecurityRealm$GroupDetailsImpl.class */
    private static class GroupDetailsImpl extends GroupDetails {
        private String name;

        public GroupDetailsImpl(String str) {
            this.name = str;
        }

        @Override // hudson.security.GroupDetails
        public String getName() {
            return this.name;
        }
    }

    /* loaded from: input_file:WEB-INF/detached-plugins/ldap.hpi:WEB-INF/classes/hudson/security/LDAPSecurityRealm$LDAPAuthenticationManager.class */
    private class LDAPAuthenticationManager implements AuthenticationManager {
        private final AuthenticationManager delegate;

        private LDAPAuthenticationManager(AuthenticationManager authenticationManager) {
            this.delegate = authenticationManager;
        }

        @Override // org.acegisecurity.AuthenticationManager
        public Authentication authenticate(Authentication authentication) throws AuthenticationException {
            return LDAPSecurityRealm.this.updateUserDetails(this.delegate.authenticate(authentication));
        }
    }

    /* loaded from: input_file:WEB-INF/detached-plugins/ldap.hpi:WEB-INF/classes/hudson/security/LDAPSecurityRealm$LDAPUserDetailsService.class */
    public static class LDAPUserDetailsService implements UserDetailsService {
        public final LdapUserSearch ldapSearch;
        public final LdapAuthoritiesPopulator authoritiesPopulator;
        public final LDAPGroupMembershipStrategy groupMembershipStrategy;
        private final LRUMap attributesCache;

        LDAPUserDetailsService(WebApplicationContext webApplicationContext) {
            this(webApplicationContext, (LDAPGroupMembershipStrategy) null);
        }

        LDAPUserDetailsService(LdapUserSearch ldapUserSearch, LdapAuthoritiesPopulator ldapAuthoritiesPopulator) {
            this(ldapUserSearch, ldapAuthoritiesPopulator, null);
        }

        LDAPUserDetailsService(LdapUserSearch ldapUserSearch, LdapAuthoritiesPopulator ldapAuthoritiesPopulator, LDAPGroupMembershipStrategy lDAPGroupMembershipStrategy) {
            this.attributesCache = new LRUMap(32);
            this.ldapSearch = ldapUserSearch;
            this.authoritiesPopulator = ldapAuthoritiesPopulator;
            this.groupMembershipStrategy = lDAPGroupMembershipStrategy;
        }

        public LDAPUserDetailsService(WebApplicationContext webApplicationContext, LDAPGroupMembershipStrategy lDAPGroupMembershipStrategy) {
            this((LdapUserSearch) SecurityRealm.findBean(LdapUserSearch.class, webApplicationContext), (LdapAuthoritiesPopulator) SecurityRealm.findBean(LdapAuthoritiesPopulator.class, webApplicationContext), lDAPGroupMembershipStrategy);
        }

        @Override // org.acegisecurity.userdetails.UserDetailsService
        public LdapUserDetails loadUserByUsername(String str) throws UsernameNotFoundException, DataAccessException {
            CacheEntry cacheEntry;
            String fixUsername = LDAPSecurityRealm.fixUsername(str);
            try {
                SecurityRealm securityRealm = Jenkins.getInstance() == null ? null : Jenkins.getInstance().getSecurityRealm();
                if ((securityRealm instanceof LDAPSecurityRealm) && securityRealm.getSecurityComponents().userDetails == this) {
                    LDAPSecurityRealm lDAPSecurityRealm = (LDAPSecurityRealm) securityRealm;
                    if (lDAPSecurityRealm.cache != null) {
                        synchronized (lDAPSecurityRealm) {
                            cacheEntry = lDAPSecurityRealm.userDetailsCache != null ? (CacheEntry) lDAPSecurityRealm.userDetailsCache.get(fixUsername) : null;
                        }
                        if (cacheEntry != null && cacheEntry.isValid()) {
                            return (LdapUserDetails) cacheEntry.getValue();
                        }
                    }
                }
                LdapUserDetails searchForUser = this.ldapSearch.searchForUser(fixUsername);
                if (searchForUser != null) {
                    LdapUserDetailsImpl.Essence essence = new LdapUserDetailsImpl.Essence(searchForUser);
                    Attributes attributes = searchForUser.getAttributes();
                    if (attributes instanceof BasicAttributes) {
                        synchronized (this.attributesCache) {
                            Attributes attributes2 = (Attributes) this.attributesCache.get(attributes);
                            if (attributes2 == null) {
                                attributes2 = attributes;
                                this.attributesCache.put(attributes, attributes);
                            }
                            essence.setAttributes(attributes2);
                        }
                    }
                    for (GrantedAuthority grantedAuthority : this.groupMembershipStrategy == null ? this.authoritiesPopulator.getGrantedAuthorities(searchForUser) : this.groupMembershipStrategy.getGrantedAuthorities(searchForUser)) {
                        if (LDAPSecurityRealm.FORCE_GROUPNAME_LOWERCASE) {
                            essence.addAuthority(new GrantedAuthorityImpl(grantedAuthority.getAuthority().toLowerCase()));
                        } else {
                            essence.addAuthority(grantedAuthority);
                        }
                    }
                    searchForUser = essence.createUserDetails();
                }
                if ((securityRealm instanceof LDAPSecurityRealm) && securityRealm.getSecurityComponents().userDetails == this) {
                    LDAPSecurityRealm lDAPSecurityRealm2 = (LDAPSecurityRealm) securityRealm;
                    if (lDAPSecurityRealm2.cache != null) {
                        synchronized (lDAPSecurityRealm2) {
                            if (lDAPSecurityRealm2.userDetailsCache == null) {
                                lDAPSecurityRealm2.userDetailsCache = new CacheMap(lDAPSecurityRealm2.cache.getSize());
                            }
                            lDAPSecurityRealm2.userDetailsCache.put(fixUsername, new CacheEntry(lDAPSecurityRealm2.cache.getTtl(), lDAPSecurityRealm2.updateUserDetails(searchForUser)));
                        }
                    }
                }
                return searchForUser;
            } catch (LdapDataAccessException e) {
                LDAPSecurityRealm.LOGGER.log(Level.WARNING, "Failed to search LDAP for username=" + fixUsername, (Throwable) e);
                throw new UserMayOrMayNotExistException(e.getMessage(), (Throwable) e);
            }
        }
    }

    @Extension
    /* loaded from: input_file:WEB-INF/detached-plugins/ldap.hpi:WEB-INF/classes/hudson/security/LDAPSecurityRealm$MailAdressResolverImpl.class */
    public static final class MailAdressResolverImpl extends MailAddressResolver {
        @Override // hudson.tasks.MailAddressResolver
        public String findMailAddressFor(User user) {
            SecurityRealm securityRealm = Jenkins.getInstance().getSecurityRealm();
            if (!(securityRealm instanceof LDAPSecurityRealm)) {
                return null;
            }
            if (((LDAPSecurityRealm) securityRealm).disableMailAddressResolver) {
                LDAPSecurityRealm.LOGGER.info("LDAPSecurityRealm MailAddressResolver is disabled");
                return null;
            }
            try {
                Attribute attribute = ((LdapUserDetails) securityRealm.getSecurityComponents().userDetails.loadUserByUsername(user.getId())).getAttributes().get(((LDAPSecurityRealm) securityRealm).getMailAddressAttributeName());
                if (attribute == null) {
                    return null;
                }
                return (String) attribute.get();
            } catch (UsernameNotFoundException e) {
                LDAPSecurityRealm.LOGGER.log(Level.FINE, "Failed to look up LDAP for e-mail address", (Throwable) e);
                return null;
            } catch (AcegiSecurityException e2) {
                LDAPSecurityRealm.LOGGER.log(Level.FINE, "Failed to look up LDAP for e-mail address", (Throwable) e2);
                return null;
            } catch (DataAccessException e3) {
                LDAPSecurityRealm.LOGGER.log(Level.FINE, "Failed to look up LDAP for e-mail address", (Throwable) e3);
                return null;
            } catch (NamingException e4) {
                LDAPSecurityRealm.LOGGER.log(Level.FINE, "Failed to look up LDAP for e-mail address", e4);
                return null;
            }
        }
    }

    @Deprecated
    public LDAPSecurityRealm(String str, String str2, String str3, String str4, String str5, String str6, String str7, boolean z) {
        this(str, str2, str3, str4, str5, str6, str7, z, false);
    }

    @Deprecated
    public LDAPSecurityRealm(String str, String str2, String str3, String str4, String str5, String str6, String str7, boolean z, boolean z2) {
        this(str, str2, str3, str4, str5, str6, str7, z, z2, null);
    }

    @Deprecated
    public LDAPSecurityRealm(String str, String str2, String str3, String str4, String str5, String str6, String str7, boolean z, boolean z2, CacheConfiguration cacheConfiguration) {
        this(str, str2, str3, str4, str5, null, null, str6, str7, z, z2, cacheConfiguration);
    }

    @Deprecated
    public LDAPSecurityRealm(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8, String str9, boolean z, boolean z2, CacheConfiguration cacheConfiguration) {
        this(str, str2, str3, str4, str5, str6, str7, str8, str9, z, z2, cacheConfiguration, null);
    }

    @Deprecated
    public LDAPSecurityRealm(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8, String str9, boolean z, boolean z2, CacheConfiguration cacheConfiguration, EnvironmentProperty[] environmentPropertyArr) {
        this(str, str2, str3, str4, str5, str6, str7, str8, str9, z, z2, cacheConfiguration, environmentPropertyArr, (String) null, (String) null);
    }

    @Deprecated
    public LDAPSecurityRealm(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8, String str9, boolean z, boolean z2, CacheConfiguration cacheConfiguration, EnvironmentProperty[] environmentPropertyArr, String str10, String str11) {
        this(str, str2, str3, str4, str5, str6, str7, str8, Secret.fromString(str9), z, z2, cacheConfiguration, environmentPropertyArr, (String) null, (String) null);
    }

    @Deprecated
    public LDAPSecurityRealm(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8, Secret secret, boolean z, boolean z2, CacheConfiguration cacheConfiguration, EnvironmentProperty[] environmentPropertyArr, String str9, String str10) {
        this(str, str2, str3, str4, str5, str6, new FromGroupSearchLDAPGroupMembershipStrategy(str7), str8, secret, z, z2, cacheConfiguration, environmentPropertyArr, str9, str10);
    }

    @Deprecated
    public LDAPSecurityRealm(String str, String str2, String str3, String str4, String str5, String str6, LDAPGroupMembershipStrategy lDAPGroupMembershipStrategy, String str7, Secret secret, boolean z, boolean z2, CacheConfiguration cacheConfiguration, EnvironmentProperty[] environmentPropertyArr, String str8, String str9) {
        this(str, str2, str3, str4, str5, str6, lDAPGroupMembershipStrategy, str7, secret, z, z2, cacheConfiguration, environmentPropertyArr, str8, str9, IdStrategy.CASE_INSENSITIVE, IdStrategy.CASE_INSENSITIVE);
    }

    @DataBoundConstructor
    @Deprecated
    public LDAPSecurityRealm(String str, String str2, String str3, String str4, String str5, String str6, LDAPGroupMembershipStrategy lDAPGroupMembershipStrategy, String str7, Secret secret, boolean z, boolean z2, CacheConfiguration cacheConfiguration, EnvironmentProperty[] environmentPropertyArr, String str8, String str9, String str10, String str11) {
        this(str, str2, str3, str4, str5, str6, lDAPGroupMembershipStrategy, str7, secret, z, z2, cacheConfiguration, environmentPropertyArr, str8, str9, DescriptorImpl.fromClassName(str10), DescriptorImpl.fromClassName(str11));
    }

    public LDAPSecurityRealm(String str, String str2, String str3, String str4, String str5, String str6, LDAPGroupMembershipStrategy lDAPGroupMembershipStrategy, String str7, Secret secret, boolean z, boolean z2, CacheConfiguration cacheConfiguration, EnvironmentProperty[] environmentPropertyArr, String str8, String str9, IdStrategy idStrategy, IdStrategy idStrategy2) {
        this.userDetailsCache = null;
        this.groupDetailsCache = null;
        this.server = str.trim();
        this.managerDN = Util.fixEmpty(str7);
        this.managerPasswordSecret = secret;
        this.inhibitInferRootDN = z;
        if (!z && Util.fixEmptyAndTrim(str2) == null) {
            str2 = Util.fixNull(inferRootDN(str));
        }
        this.rootDN = str2.trim();
        this.userSearchBase = Util.fixNull(str3).trim();
        String fixEmptyAndTrim = Util.fixEmptyAndTrim(str4);
        this.userSearch = fixEmptyAndTrim != null ? fixEmptyAndTrim : DescriptorImpl.DEFAULT_USER_SEARCH;
        this.groupSearchBase = Util.fixEmptyAndTrim(str5);
        this.groupSearchFilter = Util.fixEmptyAndTrim(str6);
        this.groupMembershipStrategy = lDAPGroupMembershipStrategy == null ? new FromGroupSearchLDAPGroupMembershipStrategy("") : lDAPGroupMembershipStrategy;
        this.disableMailAddressResolver = z2;
        this.cache = cacheConfiguration;
        this.extraEnvVars = (environmentPropertyArr == null || environmentPropertyArr.length == 0) ? null : EnvironmentProperty.toMap(Arrays.asList(environmentPropertyArr));
        this.displayNameAttributeName = StringUtils.defaultString(Util.fixEmptyAndTrim(str8), "displayname");
        this.mailAddressAttributeName = StringUtils.defaultString(Util.fixEmptyAndTrim(str9), DescriptorImpl.DEFAULT_MAILADDRESS_ATTRIBUTE_NAME);
        this.userIdStrategy = idStrategy == null ? IdStrategy.CASE_INSENSITIVE : idStrategy;
        this.groupIdStrategy = idStrategy2 == null ? IdStrategy.CASE_INSENSITIVE : idStrategy2;
    }

    @Deprecated
    public String getUserIdStrategyClass() {
        return getUserIdStrategy().getClass().getName();
    }

    @Deprecated
    public String getGroupIdStrategyClass() {
        return getGroupIdStrategy().getClass().getName();
    }

    private Object readResolve() {
        if (this.managerPassword != null) {
            this.managerPasswordSecret = Secret.fromString(Scrambler.descramble(this.managerPassword));
            this.managerPassword = null;
        }
        if (this.groupMembershipStrategy == null) {
            this.groupMembershipStrategy = new FromGroupSearchLDAPGroupMembershipStrategy(this.groupMembershipFilter);
            this.groupMembershipFilter = null;
        }
        return this;
    }

    public String getServerUrl() {
        StringBuilder sb = new StringBuilder();
        boolean z = true;
        for (String str : Util.fixNull(this.server).split("\\s+")) {
            if (str.trim().length() != 0) {
                if (z) {
                    z = false;
                } else {
                    sb.append(' ');
                }
                sb.append(addPrefix(str));
            }
        }
        return sb.toString();
    }

    @Override // hudson.security.SecurityRealm
    public IdStrategy getUserIdStrategy() {
        return this.userIdStrategy == null ? IdStrategy.CASE_INSENSITIVE : this.userIdStrategy;
    }

    @Override // hudson.security.SecurityRealm
    public IdStrategy getGroupIdStrategy() {
        return this.groupIdStrategy == null ? IdStrategy.CASE_INSENSITIVE : this.groupIdStrategy;
    }

    public CacheConfiguration getCache() {
        return this.cache;
    }

    public Integer getCacheSize() {
        if (this.cache == null) {
            return null;
        }
        return Integer.valueOf(this.cache.getSize());
    }

    public Integer getCacheTTL() {
        if (this.cache == null) {
            return null;
        }
        return Integer.valueOf(this.cache.getTtl());
    }

    @Deprecated
    public String getGroupMembershipFilter() {
        return this.groupMembershipFilter;
    }

    public LDAPGroupMembershipStrategy getGroupMembershipStrategy() {
        return this.groupMembershipStrategy;
    }

    public String getGroupSearchFilter() {
        return this.groupSearchFilter;
    }

    public Map<String, String> getExtraEnvVars() {
        return (this.extraEnvVars == null || this.extraEnvVars.isEmpty()) ? Collections.emptyMap() : Collections.unmodifiableMap(this.extraEnvVars);
    }

    public EnvironmentProperty[] getEnvironmentProperties() {
        if (this.extraEnvVars == null || this.extraEnvVars.isEmpty()) {
            return new EnvironmentProperty[0];
        }
        EnvironmentProperty[] environmentPropertyArr = new EnvironmentProperty[this.extraEnvVars.size()];
        int i = 0;
        for (Map.Entry<String, String> entry : this.extraEnvVars.entrySet()) {
            int i2 = i;
            i++;
            environmentPropertyArr[i2] = new EnvironmentProperty(entry.getKey(), entry.getValue());
        }
        return environmentPropertyArr;
    }

    private String inferRootDN(String str) {
        try {
            Hashtable hashtable = new Hashtable();
            if (this.managerDN != null) {
                hashtable.put("java.naming.security.principal", this.managerDN);
                hashtable.put("java.naming.security.credentials", getManagerPassword());
            }
            hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
            hashtable.put("java.naming.provider.url", toProviderUrl(getServerUrl(), ""));
            Attributes attributes = new InitialDirContext(hashtable).getAttributes("");
            Attribute attribute = attributes.get("defaultNamingContext");
            if (attribute != null && attribute.get() != null) {
                return attribute.get().toString();
            }
            Attribute attribute2 = attributes.get("namingcontexts");
            if (attribute2 != null) {
                return attribute2.get().toString();
            }
            LOGGER.warning("namingcontexts attribute not found in root DSE of " + str);
            return null;
        } catch (NamingException e) {
            LOGGER.log(Level.WARNING, "Failed to connect to LDAP to infer Root DN for " + str, e);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String toProviderUrl(String str, String str2) {
        StringBuilder sb = new StringBuilder();
        boolean z = true;
        for (String str3 : str.split("\\s+")) {
            if (str3.trim().length() != 0) {
                if (z) {
                    z = false;
                } else {
                    sb.append(' ');
                }
                String addPrefix = addPrefix(str3);
                sb.append(addPrefix);
                if (!addPrefix.endsWith("/")) {
                    sb.append('/');
                }
                sb.append(Util.fixNull(str2));
            }
        }
        return sb.toString();
    }

    public String getManagerPassword() {
        return Secret.toString(this.managerPasswordSecret);
    }

    public Secret getManagerPasswordSecret() {
        return this.managerPasswordSecret;
    }

    public String getLDAPURL() {
        return toProviderUrl(getServerUrl(), Util.fixNull(this.rootDN));
    }

    public String getDisplayNameAttributeName() {
        return StringUtils.defaultString(this.displayNameAttributeName, "displayname");
    }

    public String getMailAddressAttributeName() {
        return StringUtils.defaultString(this.mailAddressAttributeName, DescriptorImpl.DEFAULT_MAILADDRESS_ATTRIBUTE_NAME);
    }

    @Override // hudson.security.AbstractPasswordBasedSecurityRealm, hudson.security.SecurityRealm
    public SecurityRealm.SecurityComponents createSecurityComponents() {
        Binding binding = new Binding();
        binding.setVariable("instance", this);
        BeanBuilder beanBuilder = new BeanBuilder(Jenkins.getInstance().pluginManager.uberClassLoader);
        try {
            File file = new File(Jenkins.getInstance().getRootDir(), "LDAPBindSecurityRealm.groovy");
            beanBuilder.parse(file.exists() ? new AutoCloseInputStream(new FileInputStream(file)) : getClass().getResourceAsStream("LDAPBindSecurityRealm.groovy"), binding);
            WebApplicationContext createApplicationContext = beanBuilder.createApplicationContext();
            this.ldapTemplate = new LdapTemplate((InitialDirContextFactory) findBean(InitialDirContextFactory.class, createApplicationContext));
            if (this.groupMembershipStrategy != null) {
                this.groupMembershipStrategy.setAuthoritiesPopulator((LdapAuthoritiesPopulator) findBean(LdapAuthoritiesPopulator.class, createApplicationContext));
            }
            return new SecurityRealm.SecurityComponents(new LDAPAuthenticationManager((AuthenticationManager) findBean(AuthenticationManager.class, createApplicationContext)), new LDAPUserDetailsService(createApplicationContext, this.groupMembershipStrategy));
        } catch (FileNotFoundException e) {
            throw new Error("Failed to load LDAPBindSecurityRealm.groovy", e);
        }
    }

    @Override // hudson.security.AbstractPasswordBasedSecurityRealm
    protected UserDetails authenticate(String str, String str2) throws AuthenticationException {
        return updateUserDetails((UserDetails) getSecurityComponents().manager.authenticate(new UsernamePasswordAuthenticationToken(fixUsername(str), str2)).getPrincipal());
    }

    @Override // hudson.security.AbstractPasswordBasedSecurityRealm, hudson.security.SecurityRealm, org.acegisecurity.userdetails.UserDetailsService
    public UserDetails loadUserByUsername(String str) throws UsernameNotFoundException, DataAccessException {
        return updateUserDetails(getSecurityComponents().userDetails.loadUserByUsername(fixUsername(str)));
    }

    public Authentication updateUserDetails(Authentication authentication) {
        updateUserDetails((UserDetails) authentication.getPrincipal());
        return authentication;
    }

    public UserDetails updateUserDetails(UserDetails userDetails) {
        if (userDetails instanceof LdapUserDetails) {
            updateUserDetails((LdapUserDetails) userDetails);
        }
        return userDetails;
    }

    public LdapUserDetails updateUserDetails(LdapUserDetails ldapUserDetails) {
        Mailer.UserProperty userProperty;
        User user = User.get(fixUsername(ldapUserDetails.getUsername()));
        try {
            Attribute attribute = ldapUserDetails.getAttributes().get(getDisplayNameAttributeName());
            String str = attribute == null ? null : (String) attribute.get();
            if (StringUtils.isNotBlank(str) && user.getId().equals(user.getFullName()) && !user.getFullName().equals(str)) {
                user.setFullName(str);
            }
        } catch (NamingException e) {
            LOGGER.log(Level.FINEST, "Could not retrieve display name attribute", e);
        }
        if (!this.disableMailAddressResolver) {
            try {
                Attribute attribute2 = ldapUserDetails.getAttributes().get(getMailAddressAttributeName());
                String str2 = attribute2 == null ? null : (String) attribute2.get();
                if (StringUtils.isNotBlank(str2) && ((userProperty = (Mailer.UserProperty) user.getProperty(Mailer.UserProperty.class)) == null || !userProperty.hasExplicitlyConfiguredAddress())) {
                    user.addProperty(new Mailer.UserProperty(str2));
                }
            } catch (IOException e2) {
                LOGGER.log(Level.WARNING, "Failed to associate the e-mail address", (Throwable) e2);
            } catch (NamingException e3) {
                LOGGER.log(Level.FINEST, "Could not retrieve email address attribute", e3);
            }
        }
        return ldapUserDetails;
    }

    @Override // hudson.security.AbstractPasswordBasedSecurityRealm, hudson.security.SecurityRealm
    public GroupDetails loadGroupByGroupname(String str) throws UsernameNotFoundException, DataAccessException {
        Set<String> set;
        CacheEntry<Set<String>> cacheEntry;
        String fixGroupname = fixGroupname(str);
        if (this.cache != null) {
            synchronized (this) {
                cacheEntry = this.groupDetailsCache != null ? this.groupDetailsCache.get(fixGroupname) : null;
            }
            set = (cacheEntry == null || !cacheEntry.isValid()) ? null : cacheEntry.getValue();
        } else {
            set = null;
        }
        Set<String> searchForSingleAttributeValues = set != null ? set : this.ldapTemplate.searchForSingleAttributeValues(this.groupSearchBase != null ? this.groupSearchBase : "", this.groupSearchFilter != null ? this.groupSearchFilter : GROUP_SEARCH, new String[]{fixGroupname}, "cn");
        if (this.cache != null && set == null && !searchForSingleAttributeValues.isEmpty()) {
            synchronized (this) {
                if (this.groupDetailsCache == null) {
                    this.groupDetailsCache = new CacheMap(this.cache.getSize());
                }
                this.groupDetailsCache.put(fixGroupname, new CacheEntry<>(this.cache.getTtl(), searchForSingleAttributeValues));
            }
        }
        if (searchForSingleAttributeValues.isEmpty()) {
            throw new UsernameNotFoundException(fixGroupname);
        }
        return new GroupDetailsImpl(fixGroupname(searchForSingleAttributeValues.iterator().next()));
    }

    private static String fixGroupname(String str) {
        return FORCE_GROUPNAME_LOWERCASE ? str.toLowerCase() : str;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String fixUsername(String str) {
        return FORCE_USERNAME_LOWERCASE ? str.toLowerCase() : str;
    }

    private static String addPrefix(String str) {
        return str.contains(SecUtil.PROTOCOL_DELIM) ? str : "ldap://" + str;
    }
}
