package hudson.plugins.active_directory;

import com.google.common.collect.Lists;
import com.sun.jndi.ldap.LdapCtxFactory;
import com4j.typelibs.ado20.ClassFactory;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import groovy.lang.Binding;
import hudson.Extension;
import hudson.Functions;
import hudson.Util;
import hudson.model.AbstractDescribableImpl;
import hudson.model.AdministrativeMonitor;
import hudson.model.Descriptor;
import hudson.plugins.active_directory.ActiveDirectoryDomain;
import hudson.security.AbstractPasswordBasedSecurityRealm;
import hudson.security.GroupDetails;
import hudson.security.SecurityRealm;
import hudson.security.TokenBasedRememberMeServices2;
import hudson.util.ListBoxModel;
import hudson.util.Secret;
import hudson.util.spring.BeanBuilder;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectStreamException;
import java.io.PrintWriter;
import java.io.Serializable;
import java.io.StringWriter;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ExecutorService;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.naming.AuthenticationException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.ldap.Control;
import javax.naming.ldap.LdapContext;
import javax.naming.ldap.StartTlsRequest;
import javax.naming.ldap.StartTlsResponse;
import javax.net.ssl.SSLSocketFactory;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import jenkins.model.Jenkins;
import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationManager;
import org.acegisecurity.BadCredentialsException;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.UserDetailsService;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.apache.commons.io.IOUtils;
import org.codehaus.mojo.animal_sniffer.IgnoreJRERequirement;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.DoNotUse;
import org.kohsuke.accmod.restrictions.NoExternalUse;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.StaplerResponse;
import org.springframework.dao.DataAccessException;
import org.springframework.web.context.WebApplicationContext;

/* loaded from: input_file:WEB-INF/lib/active-directory.jar:hudson/plugins/active_directory/ActiveDirectorySecurityRealm.class */
public class ActiveDirectorySecurityRealm extends AbstractPasswordBasedSecurityRealm {
    public transient String domain;
    public transient String server;
    public List<ActiveDirectoryDomain> domains;
    public final transient String site;
    public transient String bindName;
    public transient Secret bindPassword;
    public Boolean startTls;
    private GroupLookupStrategy groupLookupStrategy;
    public final boolean removeIrrelevantGroups;
    protected CacheConfiguration cache;
    protected List<EnvironmentProperty> environmentProperties;

    @Deprecated
    protected transient TlsConfiguration tlsConfiguration;
    protected ActiveDirectoryInternalUsersDatabase internalUsersDatabase;
    protected transient ExecutorService threadPoolExecutor;
    private static final Logger LOGGER = Logger.getLogger(ActiveDirectorySecurityRealm.class.getName());

    @SuppressFBWarnings(value = {"MS_SHOULD_BE_FINAL"}, justification = "Diagnostic fields are left mutable so that groovy console can be used to dynamically turn/off probes.")
    public static String DOMAIN_CONTROLLERS = System.getProperty(ActiveDirectorySecurityRealm.class.getName() + ".domainControllers");

    @SuppressFBWarnings(value = {"MS_SHOULD_BE_FINAL"}, justification = "Diagnostic fields are left mutable so that groovy console can be used to dynamically turn/off probes.")
    public static boolean FORCE_LDAPS = Boolean.getBoolean(ActiveDirectorySecurityRealm.class.getName() + ".forceLdaps");

    @Extension
    public static final TlsConfigurationAdministrativeMonitor NOTICE = new TlsConfigurationAdministrativeMonitor();

    @Extension
    /* loaded from: input_file:WEB-INF/lib/active-directory.jar:hudson/plugins/active_directory/ActiveDirectorySecurityRealm$DescriptorImpl.class */
    public static final class DescriptorImpl extends Descriptor<SecurityRealm> {
        private static boolean WARNED = false;

        /* JADX INFO: Access modifiers changed from: package-private */
        /* renamed from: hudson.plugins.active_directory.ActiveDirectorySecurityRealm$DescriptorImpl$1PrioritizedSocketInfo, reason: invalid class name */
        /* loaded from: input_file:WEB-INF/lib/active-directory.jar:hudson/plugins/active_directory/ActiveDirectorySecurityRealm$DescriptorImpl$1PrioritizedSocketInfo.class */
        public class C1PrioritizedSocketInfo implements Comparable<C1PrioritizedSocketInfo> {
            SocketInfo socket;
            int priority;

            C1PrioritizedSocketInfo(SocketInfo socketInfo, int i) {
                this.socket = socketInfo;
                this.priority = i;
            }

            @Override // java.lang.Comparable
            @SuppressFBWarnings(value = {"EQ_COMPARETO_USE_OBJECT_EQUALS"}, justification = "Weird and unpredictable behaviour intentional for load balancing.")
            public int compareTo(C1PrioritizedSocketInfo c1PrioritizedSocketInfo) {
                return c1PrioritizedSocketInfo.priority - this.priority;
            }
        }

        public String getDisplayName() {
            return Messages.DisplayName();
        }

        public String getHelpFile() {
            return "/plugin/active-directory/help/realm.html";
        }

        public boolean canDoNativeAuth() {
            if (!Functions.isWindows()) {
                return false;
            }
            try {
                ClassFactory.createConnection().dispose();
                return true;
            } catch (Throwable th) {
                if (WARNED) {
                    return false;
                }
                ActiveDirectorySecurityRealm.LOGGER.log(Level.INFO, "COM4J isn't working. Falling back to non-native authentication", th);
                WARNED = true;
                return false;
            }
        }

        public ListBoxModel doFillSizeItems() {
            ListBoxModel listBoxModel = new ListBoxModel();
            listBoxModel.add("10 elements", "10");
            listBoxModel.add("20 elements", "20");
            listBoxModel.add("50 elements", "50");
            listBoxModel.add("100 elements", "100");
            listBoxModel.add("200 elements", "200");
            listBoxModel.add("256 elements", "256");
            listBoxModel.add("500 elements", "500");
            listBoxModel.add("1000 elements", "1000");
            return listBoxModel;
        }

        public ListBoxModel doFillTtlItems() {
            ListBoxModel listBoxModel = new ListBoxModel();
            listBoxModel.add("30 sec", "30");
            listBoxModel.add("1 min", "60");
            listBoxModel.add("5 min", "300");
            listBoxModel.add("10 min", "600");
            listBoxModel.add("15 min", "900");
            listBoxModel.add("30 min", "1800");
            listBoxModel.add("1 hour", "3600");
            return listBoxModel;
        }

        public ListBoxModel doFillGroupLookupStrategyItems() {
            ListBoxModel listBoxModel = new ListBoxModel();
            for (GroupLookupStrategy groupLookupStrategy : GroupLookupStrategy.values()) {
                listBoxModel.add(groupLookupStrategy.getDisplayName(), groupLookupStrategy.name());
            }
            return listBoxModel;
        }

        private boolean isTrustAllCertificatesEnabled(TlsConfiguration tlsConfiguration) {
            return tlsConfiguration == null || TlsConfiguration.TRUST_ALL_CERTIFICATES.equals(tlsConfiguration);
        }

        @Deprecated
        public DirContext bind(String str, String str2, List<SocketInfo> list, Hashtable<String, String> hashtable) throws NamingException {
            return bind(str, str2, list, hashtable, TlsConfiguration.TRUST_ALL_CERTIFICATES);
        }

        public DirContext bind(String str, String str2, List<SocketInfo> list, Hashtable<String, String> hashtable, TlsConfiguration tlsConfiguration) throws NamingException {
            Hashtable<String, String> hashtable2 = new Hashtable<>();
            if (Boolean.valueOf(System.getProperty("hudson.plugins.active_directory.referral.ignore", "false")).booleanValue()) {
                hashtable2.put("java.naming.referral", "ignore");
            } else {
                hashtable2.put("java.naming.referral", "follow");
            }
            hashtable2.put("java.naming.ldap.attributes.binary", "tokenGroups objectSid");
            if (ActiveDirectorySecurityRealm.FORCE_LDAPS && isTrustAllCertificatesEnabled(tlsConfiguration)) {
                hashtable2.put("java.naming.ldap.factory.socket", TrustAllSocketFactory.class.getName());
            }
            hashtable2.putAll(hashtable);
            Throwable th = null;
            for (SocketInfo socketInfo : list) {
                try {
                    LdapContext bind = bind(str, str2, socketInfo, hashtable2, tlsConfiguration);
                    ActiveDirectorySecurityRealm.LOGGER.fine("Bound to " + socketInfo);
                    return bind;
                } catch (NamingException e) {
                    ActiveDirectorySecurityRealm.LOGGER.log(Level.WARNING, "Failed to bind to " + socketInfo, e);
                    th = e;
                } catch (AuthenticationException e2) {
                    ActiveDirectorySecurityRealm.LOGGER.log(Level.WARNING, "Failed to authenticate while binding to " + socketInfo, e2);
                    throw new BadCredentialsException("Either no such user '" + str + "' or incorrect password", th);
                }
            }
            ActiveDirectorySecurityRealm.LOGGER.log(Level.WARNING, "All attempts to login failed for user {0}", str);
            throw th;
        }

        @Deprecated
        public DirContext bind(String str, String str2, List<SocketInfo> list) throws NamingException {
            return bind(str, str2, list, new Hashtable<>());
        }

        private void customizeLdapProperty(Hashtable<String, String> hashtable, String str) {
            String property = System.getProperty(str, null);
            if (property != null) {
                hashtable.put(str, property);
            }
        }

        private void customizeLdapProperties(Hashtable<String, String> hashtable) {
            customizeLdapProperty(hashtable, "com.sun.jndi.ldap.connect.timeout");
            customizeLdapProperty(hashtable, "com.sun.jndi.ldap.read.timeout");
        }

        @SuppressFBWarnings(value = {"UPM_UNCALLED_PRIVATE_METHOD"}, justification = "Deprecated method.It will removed at some point")
        @Deprecated
        @IgnoreJRERequirement
        private LdapContext bind(String str, String str2, SocketInfo socketInfo, Hashtable<String, String> hashtable) throws NamingException {
            return bind(str, str2, socketInfo, hashtable, (TlsConfiguration) null);
        }

        @IgnoreJRERequirement
        private LdapContext bind(String str, String str2, SocketInfo socketInfo, Hashtable<String, String> hashtable, TlsConfiguration tlsConfiguration) throws NamingException {
            String str3 = (ActiveDirectorySecurityRealm.FORCE_LDAPS ? "ldaps://" : "ldap://") + socketInfo + '/';
            String name = Thread.currentThread().getName();
            Thread.currentThread().setName("Connecting to " + str3 + " : " + name);
            ActiveDirectorySecurityRealm.LOGGER.fine("Connecting to " + str3);
            try {
                hashtable.put("java.naming.provider.url", str3);
                hashtable.put("java.naming.ldap.version", "3");
                customizeLdapProperties(hashtable);
                LdapContext ldapCtxInstance = LdapCtxFactory.getLdapCtxInstance(str3, hashtable);
                boolean z = true;
                ActiveDirectorySecurityRealm securityRealm = Jenkins.getActiveInstance().getSecurityRealm();
                if (securityRealm instanceof ActiveDirectorySecurityRealm) {
                    z = securityRealm.isStartTls().booleanValue();
                }
                if (!ActiveDirectorySecurityRealm.FORCE_LDAPS && z) {
                    try {
                        StartTlsResponse extendedOperation = ldapCtxInstance.extendedOperation(new StartTlsRequest());
                        if (isTrustAllCertificatesEnabled(tlsConfiguration)) {
                            extendedOperation.negotiate((SSLSocketFactory) TrustAllSocketFactory.getDefault());
                        } else {
                            extendedOperation.negotiate();
                        }
                        ActiveDirectorySecurityRealm.LOGGER.fine("Connection upgraded to TLS");
                    } catch (NamingException | IOException e) {
                        ActiveDirectorySecurityRealm.LOGGER.log(Level.FINE, "Failed to start TLS. Authentication will be done via plain-text LDAP", e);
                    }
                }
                if (str == null || str2 == null || str2.equals("")) {
                    ldapCtxInstance.addToEnvironment("java.naming.security.authentication", "none");
                    ActiveDirectorySecurityRealm.LOGGER.fine("Binding anonymously to " + str3);
                } else {
                    ldapCtxInstance.addToEnvironment("java.naming.security.principal", str);
                    ldapCtxInstance.addToEnvironment("java.naming.security.credentials", str2);
                    ActiveDirectorySecurityRealm.LOGGER.fine("Binding as " + str + " to " + str3);
                }
                ldapCtxInstance.reconnect((Control[]) null);
                Thread.currentThread().setName(name);
                return ldapCtxInstance;
            } catch (Throwable th) {
                Thread.currentThread().setName(name);
                throw th;
            }
        }

        public DirContext createDNSLookupContext() throws NamingException {
            Hashtable hashtable = new Hashtable();
            hashtable.put("java.naming.factory.initial", "com.sun.jndi.dns.DnsContextFactory");
            hashtable.put("java.naming.provider.url", "dns:");
            return new InitialDirContext(hashtable);
        }

        @Deprecated
        public List<SocketInfo> obtainLDAPServer(String str, String str2, String str3) throws NamingException {
            return obtainLDAPServer(createDNSLookupContext(), str, str2, str3);
        }

        public List<SocketInfo> obtainLDAPServer(ActiveDirectoryDomain activeDirectoryDomain) throws NamingException {
            return obtainLDAPServer(createDNSLookupContext(), activeDirectoryDomain.getName(), activeDirectoryDomain.getSite(), activeDirectoryDomain.getServers());
        }

        public List<SocketInfo> obtainLDAPServer(DirContext dirContext, String str, String str2, String str3) throws NamingException {
            ArrayList arrayList = new ArrayList();
            if (str3 == null || str3.isEmpty()) {
                str3 = ActiveDirectorySecurityRealm.DOMAIN_CONTROLLERS;
            }
            if (str3 != null) {
                for (String str4 : str3.split(",")) {
                    arrayList.add(new SocketInfo(str4.trim()));
                }
                return arrayList;
            }
            String str5 = null;
            Attribute attribute = null;
            NamingException namingException = null;
            for (ActiveDirectoryDomain.Catalog catalog : ActiveDirectoryDomain.Catalog.values()) {
                str5 = catalog + (str2 != null ? str2 + "._sites." : "") + str;
                ActiveDirectorySecurityRealm.LOGGER.fine("Attempting to resolve " + str5 + " to SRV record");
                try {
                    attribute = dirContext.getAttributes(str5, new String[]{"SRV"}).get("SRV");
                } catch (NumberFormatException e) {
                    namingException = (NamingException) new NamingException("JDK IPv6 bug encountered").initCause(e);
                } catch (NamingException e2) {
                    namingException = e2;
                }
                if (attribute != null) {
                    break;
                }
            }
            if (attribute != null) {
                ArrayList arrayList2 = new ArrayList();
                NamingEnumeration all = attribute.getAll();
                while (all.hasMoreElements()) {
                    String obj = all.next().toString();
                    ActiveDirectorySecurityRealm.LOGGER.fine("SRV record found: " + obj);
                    String[] split = obj.split(" ");
                    String str6 = split[3];
                    if (str6.endsWith(".")) {
                        str6 = str6.substring(0, str6.length() - 1);
                    }
                    int parseInt = Integer.parseInt(split[2]);
                    if (ActiveDirectorySecurityRealm.FORCE_LDAPS) {
                        if (parseInt == 389) {
                            parseInt = 636;
                        }
                        if (parseInt == 3268) {
                            parseInt = 3269;
                        }
                    }
                    arrayList2.add(new C1PrioritizedSocketInfo(new SocketInfo(str6, parseInt), Integer.parseInt(split[0])));
                }
                Collections.sort(arrayList2);
                Iterator it = arrayList2.iterator();
                while (it.hasNext()) {
                    arrayList.add(((C1PrioritizedSocketInfo) it.next()).socket);
                }
            }
            if (!arrayList.isEmpty()) {
                ActiveDirectorySecurityRealm.LOGGER.fine(str5 + " resolved to " + arrayList);
                return arrayList;
            }
            NamingException namingException2 = new NamingException("No SRV record found for " + str5);
            if (namingException != null) {
                namingException2.initCause(namingException);
            }
            throw namingException2;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/active-directory.jar:hudson/plugins/active_directory/ActiveDirectorySecurityRealm$EnvironmentProperty.class */
    public static class EnvironmentProperty extends AbstractDescribableImpl<EnvironmentProperty> implements Serializable {
        private final String name;
        private final String value;

        @Extension
        /* loaded from: input_file:WEB-INF/lib/active-directory.jar:hudson/plugins/active_directory/ActiveDirectorySecurityRealm$EnvironmentProperty$DescriptorImpl.class */
        public static class DescriptorImpl extends Descriptor<EnvironmentProperty> {
            public String getDisplayName() {
                return null;
            }
        }

        @DataBoundConstructor
        public EnvironmentProperty(String str, String str2) {
            this.name = str;
            this.value = str2;
        }

        public String getName() {
            return this.name;
        }

        public String getValue() {
            return this.value;
        }

        public static Map<String, String> toMap(List<EnvironmentProperty> list) {
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            if (list == null) {
                return linkedHashMap;
            }
            for (EnvironmentProperty environmentProperty : list) {
                linkedHashMap.put(environmentProperty.getName(), environmentProperty.getValue());
            }
            return linkedHashMap;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/active-directory.jar:hudson/plugins/active_directory/ActiveDirectorySecurityRealm$TlsConfigurationAdministrativeMonitor.class */
    public static final class TlsConfigurationAdministrativeMonitor extends AdministrativeMonitor {
        public boolean isActivated() {
            ActiveDirectorySecurityRealm securityRealm = Jenkins.getActiveInstance().getSecurityRealm();
            if (!(securityRealm instanceof ActiveDirectorySecurityRealm)) {
                return false;
            }
            ActiveDirectorySecurityRealm activeDirectorySecurityRealm = securityRealm;
            for (ActiveDirectoryDomain activeDirectoryDomain : activeDirectorySecurityRealm.getDomains()) {
                if (activeDirectoryDomain.tlsConfiguration == null && activeDirectorySecurityRealm.m94getDescriptor().canDoNativeAuth() && activeDirectorySecurityRealm.domains != null) {
                    return true;
                }
                if (activeDirectoryDomain.tlsConfiguration == null && !activeDirectorySecurityRealm.m94getDescriptor().canDoNativeAuth()) {
                    return true;
                }
            }
            return false;
        }

        public void doAct(StaplerRequest staplerRequest, StaplerResponse staplerResponse) throws IOException {
            if (staplerRequest.hasParameter("correct")) {
                staplerResponse.sendRedirect(staplerRequest.getRootPath() + "/configureSecurity");
            }
        }

        public static TlsConfigurationAdministrativeMonitor get() {
            return (TlsConfigurationAdministrativeMonitor) AdministrativeMonitor.all().get(TlsConfigurationAdministrativeMonitor.class);
        }

        public String getDisplayName() {
            return Messages.TlsConfiguration_AdministrativeMonitor_DisplayName();
        }
    }

    public ActiveDirectorySecurityRealm(String str, String str2, String str3, String str4, String str5) {
        this(str, str2, str3, str4, str5, GroupLookupStrategy.AUTO, false);
    }

    public ActiveDirectorySecurityRealm(String str, String str2, String str3, String str4, String str5, GroupLookupStrategy groupLookupStrategy) {
        this(str, str2, str3, str4, str5, groupLookupStrategy, false);
    }

    public ActiveDirectorySecurityRealm(String str, String str2, String str3, String str4, String str5, GroupLookupStrategy groupLookupStrategy, boolean z) {
        this(str, str2, str3, str4, str5, groupLookupStrategy, z, null);
    }

    public ActiveDirectorySecurityRealm(String str, String str2, String str3, String str4, String str5, GroupLookupStrategy groupLookupStrategy, boolean z, CacheConfiguration cacheConfiguration) {
        this(str, Lists.newArrayList(new ActiveDirectoryDomain[]{new ActiveDirectoryDomain(str, str5)}), str2, str3, str4, str5, groupLookupStrategy, z, Boolean.valueOf(str != null), cacheConfiguration, true);
    }

    public ActiveDirectorySecurityRealm(String str, List<ActiveDirectoryDomain> list, String str2, String str3, String str4, String str5, GroupLookupStrategy groupLookupStrategy, boolean z, Boolean bool, CacheConfiguration cacheConfiguration, Boolean bool2) {
        this(str, list, str2, str3, str4, str5, groupLookupStrategy, z, bool, cacheConfiguration, bool2, TlsConfiguration.TRUST_ALL_CERTIFICATES);
    }

    public ActiveDirectorySecurityRealm(String str, List<ActiveDirectoryDomain> list, String str2, String str3, String str4, String str5, GroupLookupStrategy groupLookupStrategy, boolean z, Boolean bool, CacheConfiguration cacheConfiguration, Boolean bool2, TlsConfiguration tlsConfiguration) {
        this(str, list, str2, str3, str4, str5, groupLookupStrategy, z, bool, cacheConfiguration, bool2, tlsConfiguration, null);
    }

    @Deprecated
    public ActiveDirectorySecurityRealm(String str, List<ActiveDirectoryDomain> list, String str2, String str3, String str4, String str5, GroupLookupStrategy groupLookupStrategy, boolean z, Boolean bool, CacheConfiguration cacheConfiguration, Boolean bool2, TlsConfiguration tlsConfiguration, ActiveDirectoryInternalUsersDatabase activeDirectoryInternalUsersDatabase) {
        this(str, list, str2, str3, str4, str5, groupLookupStrategy, z, bool, cacheConfiguration, bool2, (ActiveDirectoryInternalUsersDatabase) null);
    }

    @DataBoundConstructor
    public ActiveDirectorySecurityRealm(String str, List<ActiveDirectoryDomain> list, String str2, String str3, String str4, String str5, GroupLookupStrategy groupLookupStrategy, boolean z, Boolean bool, CacheConfiguration cacheConfiguration, Boolean bool2, ActiveDirectoryInternalUsersDatabase activeDirectoryInternalUsersDatabase) {
        if (bool != null && !bool.booleanValue()) {
            list = null;
        }
        this.domain = Util.fixEmpty(str);
        this.server = Util.fixEmpty(str5);
        this.domains = list;
        this.site = Util.fixEmpty(str2);
        this.bindName = Util.fixEmpty(str3);
        this.bindPassword = Secret.fromString(Util.fixEmpty(str4));
        this.groupLookupStrategy = groupLookupStrategy;
        this.removeIrrelevantGroups = z;
        this.cache = cacheConfiguration;
        this.startTls = bool2;
        this.internalUsersDatabase = activeDirectoryInternalUsersDatabase;
    }

    @DataBoundSetter
    public void setEnvironmentProperties(List<EnvironmentProperty> list) {
        this.environmentProperties = list;
    }

    @Restricted({NoExternalUse.class})
    public CacheConfiguration getCache() {
        if (this.cache == null || !(this.cache.getSize() == 0 || this.cache.getTtl() == 0)) {
            return this.cache;
        }
        return null;
    }

    @Restricted({NoExternalUse.class})
    public String getJenkinsInternalUser() {
        if (this.internalUsersDatabase == null) {
            return null;
        }
        return this.internalUsersDatabase.getJenkinsInternalUser();
    }

    @Restricted({NoExternalUse.class})
    public ActiveDirectoryInternalUsersDatabase getInternalUsersDatabase() {
        if (this.internalUsersDatabase == null || this.internalUsersDatabase.getJenkinsInternalUser() == null || !this.internalUsersDatabase.getJenkinsInternalUser().isEmpty()) {
            return this.internalUsersDatabase;
        }
        return null;
    }

    @Restricted({NoExternalUse.class})
    public Boolean isStartTls() {
        return this.startTls;
    }

    public Integer getSize() {
        if (this.cache == null) {
            return null;
        }
        return Integer.valueOf(this.cache.getSize());
    }

    public Integer getTtl() {
        if (this.cache == null) {
            return null;
        }
        return Integer.valueOf(this.cache.getTtl());
    }

    @Restricted({NoExternalUse.class})
    public List<EnvironmentProperty> getEnvironmentProperties() {
        return this.environmentProperties;
    }

    @Restricted({NoExternalUse.class})
    public boolean getCustomDomain() {
        return this.domains != null;
    }

    public GroupLookupStrategy getGroupLookupStrategy() {
        return this.groupLookupStrategy == null ? GroupLookupStrategy.AUTO : this.groupLookupStrategy;
    }

    @Restricted({NoExternalUse.class})
    @Deprecated
    public TlsConfiguration getTlsConfiguration() {
        return this.tlsConfiguration;
    }

    public SecurityRealm.SecurityComponents createSecurityComponents() {
        BeanBuilder beanBuilder = new BeanBuilder(getClass().getClassLoader());
        Binding binding = new Binding();
        binding.setVariable("realm", this);
        InputStream resourceAsStream = getClass().getResourceAsStream("ActiveDirectory.groovy");
        try {
            beanBuilder.parse(resourceAsStream, binding);
            IOUtils.closeQuietly(resourceAsStream);
            WebApplicationContext createApplicationContext = beanBuilder.createApplicationContext();
            findBean(AbstractActiveDirectoryAuthenticationProvider.class, createApplicationContext);
            UserDetailsService userDetailsService = (UserDetailsService) findBean(UserDetailsService.class, createApplicationContext);
            TokenBasedRememberMeServices2 tokenBasedRememberMeServices2 = new TokenBasedRememberMeServices2() { // from class: hudson.plugins.active_directory.ActiveDirectorySecurityRealm.1
                public Authentication autoLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
                    try {
                        return super.autoLogin(httpServletRequest, httpServletResponse);
                    } catch (Exception e) {
                        cancelCookie(httpServletRequest, httpServletResponse, "Failed to handle remember-me cookie: " + Functions.printThrowable(e));
                        return null;
                    }
                }
            };
            tokenBasedRememberMeServices2.setUserDetailsService(userDetailsService);
            tokenBasedRememberMeServices2.setKey(Jenkins.getActiveInstance().getSecretKey());
            tokenBasedRememberMeServices2.setParameter("remember_me");
            return new SecurityRealm.SecurityComponents((AuthenticationManager) findBean(AuthenticationManager.class, createApplicationContext), userDetailsService, tokenBasedRememberMeServices2);
        } catch (Throwable th) {
            IOUtils.closeQuietly(resourceAsStream);
            throw th;
        }
    }

    @Restricted({NoExternalUse.class})
    public List<ActiveDirectoryDomain> getDomains() {
        return this.domains;
    }

    public ActiveDirectoryDomain getDomain(String str) {
        for (ActiveDirectoryDomain activeDirectoryDomain : this.domains) {
            if (activeDirectoryDomain.getName().equals(str)) {
                return activeDirectoryDomain;
            }
        }
        return null;
    }

    public Object readResolve() throws ObjectStreamException {
        if (this.domain != null) {
            this.domains = new ArrayList();
            this.domain = this.domain.trim();
            for (String str : this.domain.split(",")) {
                this.domains.add(new ActiveDirectoryDomain(str.trim(), this.server));
            }
        }
        List<ActiveDirectoryDomain> domains = getDomains();
        if (domains != null) {
            if (this.bindName != null && this.bindPassword != null) {
                for (ActiveDirectoryDomain activeDirectoryDomain : domains) {
                    activeDirectoryDomain.bindName = this.bindName;
                    activeDirectoryDomain.bindPassword = this.bindPassword;
                }
            }
            if (this.site != null) {
                Iterator<ActiveDirectoryDomain> it = domains.iterator();
                while (it.hasNext()) {
                    it.next().site = this.site;
                }
            }
            if (this.tlsConfiguration != null) {
                Iterator<ActiveDirectoryDomain> it2 = domains.iterator();
                while (it2.hasNext()) {
                    it2.next().tlsConfiguration = this.tlsConfiguration;
                }
            }
        }
        if (this.startTls == null) {
            this.startTls = true;
        }
        return this;
    }

    /* renamed from: getDescriptor, reason: merged with bridge method [inline-methods] */
    public DescriptorImpl m94getDescriptor() {
        return (DescriptorImpl) super.getDescriptor();
    }

    public void doAuthTest(StaplerRequest staplerRequest, StaplerResponse staplerResponse, @QueryParameter String str, @QueryParameter String str2) throws IOException, ServletException {
        Jenkins.getActiveInstance().checkPermission(Jenkins.ADMINISTER);
        StringWriter stringWriter = new StringWriter();
        PrintWriter printWriter = new PrintWriter(stringWriter);
        ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
        Thread.currentThread().setContextClassLoader(getClass().getClassLoader());
        try {
            try {
                AbstractActiveDirectoryAuthenticationProvider authenticationProvider = getAuthenticationProvider();
                if (authenticationProvider instanceof ActiveDirectoryUnixAuthenticationProvider) {
                    ActiveDirectoryUnixAuthenticationProvider activeDirectoryUnixAuthenticationProvider = (ActiveDirectoryUnixAuthenticationProvider) authenticationProvider;
                    DescriptorImpl m94getDescriptor = m94getDescriptor();
                    for (ActiveDirectoryDomain activeDirectoryDomain : this.domains) {
                        try {
                            printWriter.println("Domain= " + activeDirectoryDomain.getName() + " site= " + activeDirectoryDomain.getSite());
                            List<SocketInfo> obtainLDAPServer = m94getDescriptor.obtainLDAPServer(activeDirectoryDomain);
                            printWriter.println("List of domain controllers: " + obtainLDAPServer);
                            for (SocketInfo socketInfo : obtainLDAPServer) {
                                printWriter.println("Trying a domain controller at " + socketInfo);
                                try {
                                    printWriter.println("Authenticated as " + activeDirectoryUnixAuthenticationProvider.retrieveUser(str, str2, activeDirectoryDomain, Collections.singletonList(socketInfo)));
                                } catch (org.acegisecurity.AuthenticationException e) {
                                    e.printStackTrace(printWriter);
                                }
                            }
                        } catch (NamingException e2) {
                            printWriter.println("Failing to resolve domain controllers");
                            e2.printStackTrace(printWriter);
                        }
                    }
                } else {
                    printWriter.println("Using Windows ADSI. No diagnostics available.");
                }
                Thread.currentThread().setContextClassLoader(contextClassLoader);
            } catch (Throwable th) {
                Thread.currentThread().setContextClassLoader(contextClassLoader);
                throw th;
            }
        } catch (Exception e3) {
            e3.printStackTrace(printWriter);
            Thread.currentThread().setContextClassLoader(contextClassLoader);
        }
        staplerRequest.setAttribute("output", stringWriter.toString());
        staplerRequest.getView(this, "test.jelly").forward(staplerRequest, staplerResponse);
    }

    @Restricted({DoNotUse.class})
    public void shutDownthreadPoolExecutors() {
        this.threadPoolExecutor.shutdown();
    }

    public GroupDetails loadGroupByGroupname(String str) throws UsernameNotFoundException, DataAccessException {
        return getAuthenticationProvider().loadGroupByGroupname(str);
    }

    public AbstractActiveDirectoryAuthenticationProvider getAuthenticationProvider() {
        return (AbstractActiveDirectoryAuthenticationProvider) getSecurityComponents().userDetails;
    }

    public UserDetails loadUserByUsername(String str) throws UsernameNotFoundException, DataAccessException {
        return getAuthenticationProvider().loadUserByUsername(str);
    }

    protected UserDetails authenticate(String str, String str2) throws org.acegisecurity.AuthenticationException {
        return getAuthenticationProvider().retrieveUser(str, new UsernamePasswordAuthenticationToken(str, str2));
    }
}
