package hudson.security;

import groovy.lang.Binding;
import hudson.FilePath;
import hudson.cli.CLICommand;
import hudson.security.SecurityRealm;
import hudson.util.spring.BeanBuilder;
import java.io.Console;
import java.io.IOException;
import jenkins.model.Jenkins;
import jenkins.security.ImpersonatingUserDetailsService;
import jenkins.security.MasterToSlaveCallable;
import jenkins.security.SecurityListener;
import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationManager;
import org.acegisecurity.BadCredentialsException;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider;
import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.UserDetailsService;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.kohsuke.args4j.Option;
import org.springframework.dao.DataAccessException;

/* loaded from: input_file:WEB-INF/lib/jenkins-core-1.591.jar:hudson/security/AbstractPasswordBasedSecurityRealm.class */
public abstract class AbstractPasswordBasedSecurityRealm extends SecurityRealm implements UserDetailsService {

    /* loaded from: input_file:WEB-INF/lib/jenkins-core-1.591.jar:hudson/security/AbstractPasswordBasedSecurityRealm$Authenticator.class */
    class Authenticator extends AbstractUserDetailsAuthenticationProvider {
        Authenticator() {
        }

        @Override // org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider
        protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
        }

        @Override // org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider
        protected UserDetails retrieveUser(String str, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
            return AbstractPasswordBasedSecurityRealm.this.doAuthenticate(str, usernamePasswordAuthenticationToken.getCredentials().toString());
        }
    }

    /* loaded from: input_file:WEB-INF/lib/jenkins-core-1.591.jar:hudson/security/AbstractPasswordBasedSecurityRealm$InteractivelyAskForPassword.class */
    private static class InteractivelyAskForPassword extends MasterToSlaveCallable<String, IOException> {
        private static final long serialVersionUID = 1;

        private InteractivelyAskForPassword() {
        }

        @Override // hudson.remoting.Callable
        public String call() throws IOException {
            char[] readPassword;
            Console console = System.console();
            if (console == null || (readPassword = console.readPassword("Password:", new Object[0])) == null) {
                return null;
            }
            return new String(readPassword);
        }
    }

    @Override // hudson.security.SecurityRealm
    public SecurityRealm.SecurityComponents createSecurityComponents() {
        Binding binding = new Binding();
        binding.setVariable("authenticator", new Authenticator());
        BeanBuilder beanBuilder = new BeanBuilder();
        beanBuilder.parse(Jenkins.getInstance().servletContext.getResourceAsStream("/WEB-INF/security/AbstractPasswordBasedSecurityRealm.groovy"), binding);
        return new SecurityRealm.SecurityComponents((AuthenticationManager) findBean(AuthenticationManager.class, beanBuilder.createApplicationContext()), new ImpersonatingUserDetailsService(this));
    }

    @Override // hudson.security.SecurityRealm
    public CliAuthenticator createCliAuthenticator(final CLICommand cLICommand) {
        return new CliAuthenticator() { // from class: hudson.security.AbstractPasswordBasedSecurityRealm.1

            @Option(name = "--username", usage = "User name to authenticate yourself to Jenkins")
            public String userName;

            @Option(name = "--password", usage = "Password for authentication. Note that passing a password in arguments is insecure.")
            public String password;

            @Option(name = "--password-file", usage = "File that contains the password")
            public String passwordFile;

            @Override // hudson.security.CliAuthenticator
            public Authentication authenticate() throws AuthenticationException, IOException, InterruptedException {
                if (this.userName == null) {
                    return cLICommand.getTransportAuthentication();
                }
                if (this.passwordFile != null) {
                    try {
                        this.password = new FilePath(cLICommand.channel, this.passwordFile).readToString().trim();
                    } catch (IOException e) {
                        throw new BadCredentialsException("Failed to read " + this.passwordFile, (Throwable) e);
                    }
                }
                if (this.password == null) {
                    this.password = (String) cLICommand.channel.call(new InteractivelyAskForPassword());
                }
                if (this.password == null) {
                    throw new BadCredentialsException("No password specified");
                }
                UserDetails doAuthenticate = AbstractPasswordBasedSecurityRealm.this.doAuthenticate(this.userName, this.password);
                return new UsernamePasswordAuthenticationToken(doAuthenticate, this.password, doAuthenticate.getAuthorities());
            }
        };
    }

    protected abstract UserDetails authenticate(String str, String str2) throws AuthenticationException;

    /* JADX INFO: Access modifiers changed from: private */
    public UserDetails doAuthenticate(String str, String str2) throws AuthenticationException {
        try {
            UserDetails authenticate = authenticate(str, str2);
            SecurityListener.fireAuthenticated(authenticate);
            return authenticate;
        } catch (AuthenticationException e) {
            SecurityListener.fireFailedToAuthenticate(str);
            throw e;
        }
    }

    @Override // hudson.security.SecurityRealm, org.acegisecurity.userdetails.UserDetailsService
    public abstract UserDetails loadUserByUsername(String str) throws UsernameNotFoundException, DataAccessException;

    @Override // hudson.security.SecurityRealm
    public abstract GroupDetails loadGroupByGroupname(String str) throws UsernameNotFoundException, DataAccessException;
}
