package hudson.security;

import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.DescriptorExtensionList;
import hudson.Extension;
import hudson.ExtensionPoint;
import hudson.Util;
import hudson.cli.CLICommand;
import hudson.model.AbstractDescribableImpl;
import hudson.model.Descriptor;
import hudson.security.FederatedLoginService;
import hudson.security.captcha.CaptchaSupport;
import hudson.util.DescriptorList;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.Filter;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpSession;
import jenkins.model.IdStrategy;
import jenkins.model.Jenkins;
import jenkins.security.AcegiSecurityExceptionFilter;
import jenkins.security.AuthenticationSuccessHandler;
import jenkins.security.BasicHeaderProcessor;
import jenkins.util.SystemProperties;
import net.sf.json.JSONObject;
import org.acegisecurity.AcegiSecurityException;
import org.acegisecurity.GrantedAuthorityImpl;
import org.apache.commons.lang.StringUtils;
import org.jenkinsci.Symbol;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.DoNotUse;
import org.kohsuke.stapler.HttpResponse;
import org.kohsuke.stapler.Stapler;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.StaplerResponse;
import org.springframework.dao.DataAccessException;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.web.access.ExceptionTranslationFilter;
import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
import org.springframework.security.web.authentication.RememberMeServices;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter;
import org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy;
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
import org.springframework.security.web.server.header.CacheControlServerHttpHeadersWriter;

/* loaded from: input_file:WEB-INF/lib/jenkins-core-2.355-rc32438.947b_0b_ee49ff.jar:hudson/security/SecurityRealm.class */
public abstract class SecurityRealm extends AbstractDescribableImpl<SecurityRealm> implements ExtensionPoint {
    private CaptchaSupport captchaSupport;
    private transient SecurityComponents securityComponents;
    private static final ThreadLocal<Boolean> insideGetPostLogOutUrl = ThreadLocal.withInitial(() -> {
        return false;
    });
    public static final SecurityRealm NO_AUTHENTICATION = new None();

    @Deprecated
    public static final DescriptorList<SecurityRealm> LIST = new DescriptorList<>(SecurityRealm.class);
    private static final Logger LOGGER = Logger.getLogger(SecurityRealm.class.getName());
    public static final GrantedAuthority AUTHENTICATED_AUTHORITY2 = new SimpleGrantedAuthority("authenticated");

    @Deprecated
    public static final org.acegisecurity.GrantedAuthority AUTHENTICATED_AUTHORITY = new GrantedAuthorityImpl("authenticated");

    /* loaded from: input_file:WEB-INF/lib/jenkins-core-2.355-rc32438.947b_0b_ee49ff.jar:hudson/security/SecurityRealm$None.class */
    private static class None extends SecurityRealm {

        @Extension(ordinal = -100.0d)
        @Symbol({"none"})
        /* loaded from: input_file:WEB-INF/lib/jenkins-core-2.355-rc32438.947b_0b_ee49ff.jar:hudson/security/SecurityRealm$None$DescriptorImpl.class */
        public static class DescriptorImpl extends Descriptor<SecurityRealm> {
            @Override // hudson.model.Descriptor
            @NonNull
            public String getDisplayName() {
                return Messages.NoneSecurityRealm_DisplayName();
            }

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // hudson.model.Descriptor
            /* renamed from: newInstance */
            public SecurityRealm newInstance2(StaplerRequest staplerRequest, JSONObject jSONObject) throws Descriptor.FormException {
                return SecurityRealm.NO_AUTHENTICATION;
            }
        }

        private None() {
        }

        @Override // hudson.security.SecurityRealm
        public SecurityComponents createSecurityComponents() {
            return new SecurityComponents(new AuthenticationManager() { // from class: hudson.security.SecurityRealm.None.1
                @Override // org.springframework.security.authentication.AuthenticationManager
                public Authentication authenticate(Authentication authentication) {
                    return authentication;
                }
            }, new UserDetailsService() { // from class: hudson.security.SecurityRealm.None.2
                @Override // org.springframework.security.core.userdetails.UserDetailsService
                public UserDetails loadUserByUsername(String str) throws UsernameNotFoundException {
                    throw new UsernameNotFoundException(str);
                }
            });
        }

        @Override // hudson.security.SecurityRealm
        public GroupDetails loadGroupByGroupname2(String str, boolean z) throws UsernameNotFoundException {
            throw new UsernameNotFoundException(str);
        }

        @Override // hudson.security.SecurityRealm
        public Filter createFilter(FilterConfig filterConfig) {
            return new ChainedServletFilter();
        }

        private Object readResolve() {
            return NO_AUTHENTICATION;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/jenkins-core-2.355-rc32438.947b_0b_ee49ff.jar:hudson/security/SecurityRealm$SecurityComponents.class */
    public static final class SecurityComponents {
        public final AuthenticationManager manager2;

        @Deprecated
        public final org.acegisecurity.AuthenticationManager manager;
        public final UserDetailsService userDetails2;

        @Deprecated
        public final org.acegisecurity.userdetails.UserDetailsService userDetails;
        public final RememberMeServices rememberMe2;

        @Deprecated
        public final org.acegisecurity.ui.rememberme.RememberMeServices rememberMe;
        static final /* synthetic */ boolean $assertionsDisabled;

        public SecurityComponents() {
            this(new AuthenticationManagerProxy());
        }

        public SecurityComponents(AuthenticationManager authenticationManager) {
            this(authenticationManager, new UserDetailsServiceProxy());
        }

        @Deprecated
        public SecurityComponents(org.acegisecurity.AuthenticationManager authenticationManager) {
            this(authenticationManager.toSpring());
        }

        public SecurityComponents(AuthenticationManager authenticationManager, UserDetailsService userDetailsService) {
            this(authenticationManager, userDetailsService, createRememberMeService(userDetailsService));
        }

        @Deprecated
        public SecurityComponents(org.acegisecurity.AuthenticationManager authenticationManager, org.acegisecurity.userdetails.UserDetailsService userDetailsService) {
            this(authenticationManager.toSpring(), userDetailsService.toSpring());
        }

        public SecurityComponents(AuthenticationManager authenticationManager, UserDetailsService userDetailsService, RememberMeServices rememberMeServices) {
            if (!$assertionsDisabled && (authenticationManager == null || userDetailsService == null || rememberMeServices == null)) {
                throw new AssertionError();
            }
            this.manager2 = authenticationManager;
            this.userDetails2 = userDetailsService;
            this.rememberMe2 = rememberMeServices;
            this.manager = org.acegisecurity.AuthenticationManager.fromSpring(authenticationManager);
            this.userDetails = org.acegisecurity.userdetails.UserDetailsService.fromSpring(userDetailsService);
            this.rememberMe = org.acegisecurity.ui.rememberme.RememberMeServices.fromSpring(rememberMeServices);
        }

        @Deprecated
        public SecurityComponents(org.acegisecurity.AuthenticationManager authenticationManager, org.acegisecurity.userdetails.UserDetailsService userDetailsService, org.acegisecurity.ui.rememberme.RememberMeServices rememberMeServices) {
            this(authenticationManager.toSpring(), userDetailsService.toSpring(), rememberMeServices.toSpring());
        }

        private static RememberMeServices createRememberMeService(UserDetailsService userDetailsService) {
            TokenBasedRememberMeServices2 tokenBasedRememberMeServices2 = new TokenBasedRememberMeServices2(userDetailsService);
            tokenBasedRememberMeServices2.setParameter("remember_me");
            return tokenBasedRememberMeServices2;
        }

        static {
            $assertionsDisabled = !SecurityRealm.class.desiredAssertionStatus();
        }
    }

    public abstract SecurityComponents createSecurityComponents();

    public IdStrategy getUserIdStrategy() {
        return IdStrategy.CASE_INSENSITIVE;
    }

    public IdStrategy getGroupIdStrategy() {
        return getUserIdStrategy();
    }

    @Deprecated
    public CliAuthenticator createCliAuthenticator(CLICommand cLICommand) {
        throw new UnsupportedOperationException();
    }

    @Override // hudson.model.AbstractDescribableImpl, hudson.model.Describable
    /* renamed from: getDescriptor */
    public Descriptor<SecurityRealm> getDescriptor2() {
        return super.getDescriptor2();
    }

    public String getAuthenticationGatewayUrl() {
        return "j_spring_security_check";
    }

    public String getLoginUrl() {
        return "login";
    }

    public boolean canLogOut() {
        return true;
    }

    protected String getPostLogOutUrl2(StaplerRequest staplerRequest, Authentication authentication) {
        if (!Util.isOverridden(SecurityRealm.class, getClass(), "getPostLogOutUrl", StaplerRequest.class, org.acegisecurity.Authentication.class) || insideGetPostLogOutUrl.get().booleanValue()) {
            return staplerRequest.getContextPath() + "/";
        }
        insideGetPostLogOutUrl.set(true);
        try {
            String postLogOutUrl = getPostLogOutUrl(staplerRequest, org.acegisecurity.Authentication.fromSpring(authentication));
            insideGetPostLogOutUrl.set(false);
            return postLogOutUrl;
        } catch (Throwable th) {
            insideGetPostLogOutUrl.set(false);
            throw th;
        }
    }

    @Deprecated
    protected String getPostLogOutUrl(StaplerRequest staplerRequest, org.acegisecurity.Authentication authentication) {
        return getPostLogOutUrl2(staplerRequest, authentication.toSpring());
    }

    public CaptchaSupport getCaptchaSupport() {
        return this.captchaSupport;
    }

    public void setCaptchaSupport(CaptchaSupport captchaSupport) {
        this.captchaSupport = captchaSupport;
    }

    public List<Descriptor<CaptchaSupport>> getCaptchaSupportDescriptors() {
        return CaptchaSupport.all();
    }

    public void doLogout(StaplerRequest staplerRequest, StaplerResponse staplerResponse) throws IOException, ServletException {
        HttpSession session = staplerRequest.getSession(false);
        if (session != null) {
            session.invalidate();
        }
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        SecurityContextHolder.clearContext();
        String contextPath = staplerRequest.getContextPath().length() > 0 ? staplerRequest.getContextPath() : "/";
        resetRememberMeCookie(staplerRequest, staplerResponse, contextPath);
        clearStaleSessionCookies(staplerRequest, staplerResponse, contextPath);
        staplerResponse.sendRedirect2(getPostLogOutUrl2(staplerRequest, authentication));
    }

    private void resetRememberMeCookie(StaplerRequest staplerRequest, StaplerResponse staplerResponse, String str) {
        Cookie cookie = new Cookie("remember-me", "");
        cookie.setMaxAge(0);
        cookie.setSecure(staplerRequest.isSecure());
        cookie.setHttpOnly(true);
        cookie.setPath(str);
        staplerResponse.addCookie(cookie);
    }

    private void clearStaleSessionCookies(StaplerRequest staplerRequest, StaplerResponse staplerResponse, String str) {
        Cookie[] cookies = staplerRequest.getCookies();
        if (cookies != null) {
            for (Cookie cookie : cookies) {
                if (cookie.getName().startsWith("JSESSIONID.")) {
                    LOGGER.log(Level.FINE, "Removing cookie {0} during logout", cookie.getName());
                    cookie.setMaxAge(0);
                    cookie.setValue("");
                    staplerResponse.addCookie(cookie);
                }
            }
        }
    }

    public boolean allowsSignup() {
        Class<?> cls = getClass();
        return cls.getClassLoader().getResource(new StringBuilder().append(cls.getName().replace('.', '/')).append("/signup.jelly").toString()) != null;
    }

    public UserDetails loadUserByUsername2(String str) throws UsernameNotFoundException {
        if (!Util.isOverridden(SecurityRealm.class, getClass(), "loadUserByUsername", String.class)) {
            return getSecurityComponents().userDetails2.loadUserByUsername(str);
        }
        try {
            return loadUserByUsername(str).toSpring();
        } catch (AcegiSecurityException e) {
            throw e.toSpring();
        } catch (DataAccessException e2) {
            throw e2.toSpring();
        }
    }

    @Deprecated
    public org.acegisecurity.userdetails.UserDetails loadUserByUsername(String str) throws org.acegisecurity.userdetails.UsernameNotFoundException, DataAccessException {
        try {
            return org.acegisecurity.userdetails.UserDetails.fromSpring(loadUserByUsername2(str));
        } catch (AuthenticationException e) {
            throw org.acegisecurity.AuthenticationException.fromSpring(e);
        }
    }

    public GroupDetails loadGroupByGroupname2(String str, boolean z) throws UsernameNotFoundException {
        if (Util.isOverridden(SecurityRealm.class, getClass(), "loadGroupByGroupname", String.class)) {
            try {
                return loadGroupByGroupname(str);
            } catch (AcegiSecurityException e) {
                throw e.toSpring();
            } catch (DataAccessException e2) {
                throw e2.toSpring();
            }
        }
        if (!Util.isOverridden(SecurityRealm.class, getClass(), "loadGroupByGroupname", String.class, Boolean.TYPE)) {
            throw new UserMayOrMayNotExistException2(str);
        }
        try {
            return loadGroupByGroupname(str, z);
        } catch (AcegiSecurityException e3) {
            throw e3.toSpring();
        } catch (DataAccessException e4) {
            throw e4.toSpring();
        }
    }

    @Deprecated
    public GroupDetails loadGroupByGroupname(String str) throws org.acegisecurity.userdetails.UsernameNotFoundException, DataAccessException {
        try {
            return loadGroupByGroupname2(str, false);
        } catch (AuthenticationException e) {
            throw org.acegisecurity.AuthenticationException.fromSpring(e);
        }
    }

    @Deprecated
    public GroupDetails loadGroupByGroupname(String str, boolean z) throws org.acegisecurity.userdetails.UsernameNotFoundException, DataAccessException {
        try {
            return loadGroupByGroupname2(str, z);
        } catch (AuthenticationException e) {
            throw org.acegisecurity.AuthenticationException.fromSpring(e);
        }
    }

    public HttpResponse commenceSignup(FederatedLoginService.FederatedIdentity federatedIdentity) {
        throw new UnsupportedOperationException();
    }

    public final void doCaptcha(StaplerRequest staplerRequest, StaplerResponse staplerResponse) throws IOException {
        if (this.captchaSupport != null) {
            String id = staplerRequest.getSession().getId();
            staplerResponse.setContentType("image/png");
            staplerResponse.setHeader("Cache-Control", "no-cache, no-store, must-revalidate");
            staplerResponse.setHeader("Pragma", CacheControlServerHttpHeadersWriter.PRAGMA_VALUE);
            staplerResponse.setHeader("Expires", "0");
            this.captchaSupport.generateImage(id, staplerResponse.getOutputStream());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final boolean validateCaptcha(String str) {
        if (this.captchaSupport == null) {
            return true;
        }
        return this.captchaSupport.validateCaptcha(Stapler.getCurrentRequest().getSession().getId(), str);
    }

    public synchronized SecurityComponents getSecurityComponents() {
        if (this.securityComponents == null) {
            this.securityComponents = createSecurityComponents();
        }
        return this.securityComponents;
    }

    public Filter createFilter(FilterConfig filterConfig) {
        LOGGER.entering(SecurityRealm.class.getName(), "createFilter");
        SecurityComponents securityComponents = getSecurityComponents();
        ArrayList arrayList = new ArrayList();
        HttpSessionSecurityContextRepository httpSessionSecurityContextRepository = new HttpSessionSecurityContextRepository();
        httpSessionSecurityContextRepository.setAllowSessionCreation(false);
        arrayList.add(new HttpSessionContextIntegrationFilter2(httpSessionSecurityContextRepository));
        BasicHeaderProcessor basicHeaderProcessor = new BasicHeaderProcessor();
        BasicAuthenticationEntryPoint basicAuthenticationEntryPoint = new BasicAuthenticationEntryPoint();
        basicAuthenticationEntryPoint.setRealmName("Jenkins");
        basicHeaderProcessor.setAuthenticationEntryPoint(basicAuthenticationEntryPoint);
        basicHeaderProcessor.setRememberMeServices(securityComponents.rememberMe2);
        arrayList.add(basicHeaderProcessor);
        AuthenticationProcessingFilter2 authenticationProcessingFilter2 = new AuthenticationProcessingFilter2(getAuthenticationGatewayUrl());
        authenticationProcessingFilter2.setAuthenticationManager(securityComponents.manager2);
        if (SystemProperties.getInteger(SecurityRealm.class.getName() + ".sessionFixationProtectionMode", 1).intValue() == 1) {
            authenticationProcessingFilter2.setSessionAuthenticationStrategy(new SessionFixationProtectionStrategy());
        }
        authenticationProcessingFilter2.setRememberMeServices(securityComponents.rememberMe2);
        AuthenticationSuccessHandler authenticationSuccessHandler = new AuthenticationSuccessHandler();
        authenticationSuccessHandler.setTargetUrlParameter("from");
        authenticationProcessingFilter2.setAuthenticationSuccessHandler(authenticationSuccessHandler);
        authenticationProcessingFilter2.setAuthenticationFailureHandler(new SimpleUrlAuthenticationFailureHandler("/loginError"));
        arrayList.add(authenticationProcessingFilter2);
        arrayList.add(new RememberMeAuthenticationFilter(securityComponents.manager2, securityComponents.rememberMe2));
        arrayList.addAll(commonFilters());
        return new ChainedServletFilter(arrayList);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final List<Filter> commonFilters() {
        AnonymousAuthenticationFilter anonymousAuthenticationFilter = new AnonymousAuthenticationFilter(ACL.ANONYMOUS_USERNAME, ACL.ANONYMOUS_USERNAME, Collections.singletonList(new SimpleGrantedAuthority(ACL.ANONYMOUS_USERNAME)));
        ExceptionTranslationFilter exceptionTranslationFilter = new ExceptionTranslationFilter(new HudsonAuthenticationEntryPoint("/" + getLoginUrl() + "?from={0}"));
        exceptionTranslationFilter.setAccessDeniedHandler(new AccessDeniedHandlerImpl());
        return Arrays.asList(anonymousAuthenticationFilter, exceptionTranslationFilter, new UnwrapSecurityExceptionFilter(), new AcegiSecurityExceptionFilter());
    }

    @Restricted({DoNotUse.class})
    public static String getFrom() {
        String str = null;
        String str2 = null;
        StaplerRequest currentRequest = Stapler.getCurrentRequest();
        if (currentRequest != null) {
            str = currentRequest.getParameter("from");
        }
        if (str == null && currentRequest != null && currentRequest.getRequestURI() != null && !currentRequest.getRequestURI().equals("/loginError") && !currentRequest.getRequestURI().equals(DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL)) {
            str = currentRequest.getRequestURI();
        }
        try {
            str2 = URLEncoder.encode(StringUtils.defaultIfBlank(str, "/").trim(), "UTF-8");
        } catch (UnsupportedEncodingException e) {
        }
        return StringUtils.isBlank(str2) ? "/" : str2;
    }

    public static DescriptorExtensionList<SecurityRealm, Descriptor<SecurityRealm>> all() {
        return Jenkins.get().getDescriptorList(SecurityRealm.class);
    }
}
