package hudson.plugins.active_directory;

import hudson.Extension;
import hudson.Functions;
import hudson.model.AbstractDescribableImpl;
import hudson.model.Descriptor;
import hudson.model.Hudson;
import hudson.util.FormValidation;
import hudson.util.Secret;
import java.io.IOException;
import java.io.Serializable;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.naming.AuthenticationException;
import javax.naming.CommunicationException;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.DirContext;
import javax.servlet.ServletException;
import org.acegisecurity.BadCredentialsException;
import org.apache.commons.lang.StringUtils;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.QueryParameter;

/* loaded from: input_file:WEB-INF/lib/active-directory.jar:hudson/plugins/active_directory/ActiveDirectoryDomain.class */
public class ActiveDirectoryDomain extends AbstractDescribableImpl<ActiveDirectoryDomain> implements Serializable {
    public String name;
    public String servers;
    public String site;
    public String bindName;
    public Secret bindPassword;
    private static final Logger LOGGER = Logger.getLogger(ActiveDirectoryUnixAuthenticationProvider.class.getName());

    @Extension
    /* loaded from: input_file:WEB-INF/lib/active-directory.jar:hudson/plugins/active_directory/ActiveDirectoryDomain$DescriptorImpl.class */
    public static class DescriptorImpl extends Descriptor<ActiveDirectoryDomain> {
        public String getDisplayName() {
            return "";
        }

        public FormValidation doValidateTest(@QueryParameter(fixEmpty = true) String str, @QueryParameter(fixEmpty = true) String str2, @QueryParameter(fixEmpty = true) String str3, @QueryParameter(fixEmpty = true) String str4, @QueryParameter(fixEmpty = true) String str5) throws IOException, ServletException, NamingException {
            ActiveDirectorySecurityRealm activeDirectorySecurityRealm = new ActiveDirectorySecurityRealm(str, str3, str4, str5, str2);
            ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
            Thread.currentThread().setContextClassLoader(getClass().getClassLoader());
            try {
                Functions.checkPermission(Hudson.ADMINISTER);
                if (activeDirectorySecurityRealm.m93getDescriptor().canDoNativeAuth() && str == null) {
                    try {
                        new ActiveDirectoryAuthenticationProvider();
                        FormValidation ok = FormValidation.ok("Success");
                        Thread.currentThread().setContextClassLoader(contextClassLoader);
                        return ok;
                    } catch (Exception e) {
                        FormValidation error = FormValidation.error(e, "Failed to contact Active Directory");
                        Thread.currentThread().setContextClassLoader(contextClassLoader);
                        return error;
                    }
                }
                if (str == null || str.isEmpty()) {
                    FormValidation error2 = FormValidation.error("No domain was set");
                    Thread.currentThread().setContextClassLoader(contextClassLoader);
                    return error2;
                }
                Secret fromString = Secret.fromString(str5);
                if (str4 != null && fromString == null) {
                    FormValidation error3 = FormValidation.error("Bind DN is specified but not the password");
                    Thread.currentThread().setContextClassLoader(contextClassLoader);
                    return error3;
                }
                try {
                    ActiveDirectoryDomain.LOGGER.log(Level.FINE, "Attempting to resolve {0} to NS record", str);
                    DirContext createDNSLookupContext = activeDirectorySecurityRealm.m93getDescriptor().createDNSLookupContext();
                    Attribute attribute = createDNSLookupContext.getAttributes(str, new String[]{"NS"}).get("NS");
                    if (attribute == null) {
                        ActiveDirectoryDomain.LOGGER.log(Level.FINE, "Attempting to resolve {0} to A record", str);
                        if (createDNSLookupContext.getAttributes(str, new String[]{"A"}).get("A") == null) {
                            throw new NamingException(str + " doesn't look like a domain name");
                        }
                    }
                    ActiveDirectoryDomain.LOGGER.log(Level.FINE, "{0} resolved to {1}", new Object[]{str, attribute});
                    try {
                        List<SocketInfo> obtainLDAPServer = activeDirectorySecurityRealm.m93getDescriptor().obtainLDAPServer(createDNSLookupContext, str, str3, str2);
                        if (str4 == null) {
                            IOException iOException = null;
                            for (SocketInfo socketInfo : obtainLDAPServer) {
                                try {
                                    socketInfo.connect().close();
                                    break;
                                } catch (IOException e2) {
                                    ActiveDirectoryDomain.LOGGER.log(Level.FINE, String.format("Failed to connect to %s", socketInfo), (Throwable) e2);
                                    iOException = e2;
                                }
                            }
                            if (iOException != null) {
                                ActiveDirectoryDomain.LOGGER.log(Level.WARNING, String.format("Failed to connect to %s", str2), (Throwable) iOException);
                                FormValidation error4 = FormValidation.error(iOException, "Failed to connect to " + str2);
                                Thread.currentThread().setContextClassLoader(contextClassLoader);
                                return error4;
                            }
                            FormValidation ok2 = FormValidation.ok("Success");
                            Thread.currentThread().setContextClassLoader(contextClassLoader);
                            return ok2;
                        }
                        try {
                            DirContext bind = activeDirectorySecurityRealm.m93getDescriptor().bind(str4, Secret.toString(fromString), obtainLDAPServer);
                            try {
                                if (new LDAPSearchBuilder(bind, ActiveDirectoryUnixAuthenticationProvider.toDC(str)).subTreeScope().searchOne("(objectClass=user)", new Object[0]) == null) {
                                    FormValidation error5 = FormValidation.error(Messages.ActiveDirectorySecurityRealm_NoUsers());
                                    bind.close();
                                    Thread.currentThread().setContextClassLoader(contextClassLoader);
                                    return error5;
                                }
                                bind.close();
                                FormValidation ok22 = FormValidation.ok("Success");
                                Thread.currentThread().setContextClassLoader(contextClassLoader);
                                return ok22;
                            } catch (Throwable th) {
                                bind.close();
                                throw th;
                            }
                        } catch (BadCredentialsException e3) {
                            if (e3.getCause() instanceof CommunicationException) {
                                FormValidation error6 = FormValidation.error(e3, "Any Domain Controller is reachable");
                                Thread.currentThread().setContextClassLoader(contextClassLoader);
                                return error6;
                            }
                            FormValidation error7 = FormValidation.error(e3, "Bad bind username or password");
                            Thread.currentThread().setContextClassLoader(contextClassLoader);
                            return error7;
                        } catch (Exception e4) {
                            FormValidation error8 = FormValidation.error(e4, e4.getMessage());
                            Thread.currentThread().setContextClassLoader(contextClassLoader);
                            return error8;
                        } catch (AuthenticationException e5) {
                            FormValidation error9 = FormValidation.error(e5, "Bad bind username or password");
                            Thread.currentThread().setContextClassLoader(contextClassLoader);
                            return error9;
                        }
                    } catch (NamingException e6) {
                        String str6 = str3 == null ? "No LDAP server was found in " + str : "No LDAP server was found in the " + str3 + " site of " + str;
                        ActiveDirectoryDomain.LOGGER.log(Level.WARNING, str6, e6);
                        FormValidation error10 = FormValidation.error(e6, str6);
                        Thread.currentThread().setContextClassLoader(contextClassLoader);
                        return error10;
                    }
                } catch (NamingException e7) {
                    ActiveDirectoryDomain.LOGGER.log(Level.WARNING, String.format("Failed to resolve %s to A record", str), e7);
                    FormValidation error11 = FormValidation.error(e7, str + " doesn't look like a valid domain name");
                    Thread.currentThread().setContextClassLoader(contextClassLoader);
                    return error11;
                }
            } catch (Throwable th2) {
                Thread.currentThread().setContextClassLoader(contextClassLoader);
                throw th2;
            }
            Thread.currentThread().setContextClassLoader(contextClassLoader);
            throw th2;
        }
    }

    public ActiveDirectoryDomain(String str, String str2) {
        this(str, str2, null, null, null);
    }

    @DataBoundConstructor
    public ActiveDirectoryDomain(String str, String str2, String str3, String str4, String str5) {
        this.name = str;
        String fixEmpty = fixEmpty(str2);
        if (fixEmpty != null) {
            String[] split = fixEmpty.split(",");
            for (int i = 0; i < split.length; i++) {
                if (!split[i].contains(":")) {
                    int i2 = i;
                    split[i2] = split[i2] + ":3268";
                }
            }
            fixEmpty = StringUtils.join(split, ",");
        }
        this.servers = fixEmpty;
        this.site = fixEmpty(str3);
        this.bindName = fixEmpty(str4);
        this.bindPassword = Secret.fromString(fixEmpty(str5));
    }

    @Restricted({NoExternalUse.class})
    public String getName() {
        return this.name;
    }

    @Restricted({NoExternalUse.class})
    public String getServers() {
        return this.servers;
    }

    @Restricted({NoExternalUse.class})
    public String getBindName() {
        return this.bindName;
    }

    @Restricted({NoExternalUse.class})
    public Secret getBindPassword() {
        return this.bindPassword;
    }

    @Restricted({NoExternalUse.class})
    public String getSite() {
        return this.site;
    }

    public static String fixEmpty(String str) {
        if (str == null || str.length() == 0) {
            return null;
        }
        return str;
    }
}
