package hudson.plugins.script_realm_extended;

import hudson.Launcher;
import hudson.model.Descriptor;
import hudson.security.AbstractPasswordBasedSecurityRealm;
import hudson.security.GroupDetails;
import hudson.security.SecurityRealm;
import hudson.util.QuotedStringTokenizer;
import hudson.util.StreamTaskListener;
import java.io.IOException;
import java.io.StringWriter;
import java.util.ArrayList;
import java.util.StringTokenizer;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationServiceException;
import org.acegisecurity.BadCredentialsException;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.GrantedAuthorityImpl;
import org.acegisecurity.userdetails.User;
import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.apache.commons.io.output.ByteArrayOutputStream;
import org.apache.commons.io.output.NullOutputStream;
import org.apache.commons.lang.StringUtils;
import org.kohsuke.stapler.DataBoundConstructor;
import org.springframework.dao.DataAccessException;

/* loaded from: input_file:WEB-INF/classes/hudson/plugins/script_realm_extended/ExtendedScriptSecurityRealm.class */
public class ExtendedScriptSecurityRealm extends AbstractPasswordBasedSecurityRealm {
    private static final Logger LOGGER = Logger.getLogger(ExtendedScriptSecurityRealm.class.getName());
    public final String commandLine;
    public final String groupsCommandLine;
    public final String groupsDelimiter;

    /* loaded from: input_file:WEB-INF/classes/hudson/plugins/script_realm_extended/ExtendedScriptSecurityRealm$DescriptorImpl.class */
    public static final class DescriptorImpl extends Descriptor<SecurityRealm> {
        public String getDisplayName() {
            return "Authenticate via custom script (supporting groups)";
        }
    }

    @DataBoundConstructor
    public ExtendedScriptSecurityRealm(String str, String str2, String str3) {
        this.commandLine = str;
        this.groupsCommandLine = str2;
        if (StringUtils.isBlank(str3)) {
            this.groupsDelimiter = ",";
        } else {
            this.groupsDelimiter = str3;
        }
    }

    protected UserDetails authenticate(String str, String str2) throws AuthenticationException {
        try {
            StringWriter stringWriter = new StringWriter();
            if (new Launcher.LocalLauncher(new StreamTaskListener(stringWriter)).launch().cmds(QuotedStringTokenizer.tokenize(this.commandLine)).stdout(new NullOutputStream()).envs(new String[]{"U=" + str, "P=" + str2}).join() != 0) {
                throw new BadCredentialsException(stringWriter.toString());
            }
            return new User(str, "", true, true, true, true, loadGroups(str));
        } catch (IOException e) {
            throw new AuthenticationServiceException("Failed", e);
        } catch (InterruptedException e2) {
            throw new AuthenticationServiceException("Interrupted", e2);
        }
    }

    public UserDetails loadUserByUsername(String str) throws UsernameNotFoundException, DataAccessException {
        return new User(str, "", true, true, true, true, loadGroups(str));
    }

    public GroupDetails loadGroupByGroupname(final String str) throws UsernameNotFoundException, DataAccessException {
        return new GroupDetails() { // from class: hudson.plugins.script_realm_extended.ExtendedScriptSecurityRealm.1
            public String getName() {
                return str;
            }
        };
    }

    protected GrantedAuthority[] loadGroups(String str) throws AuthenticationException {
        try {
            ArrayList arrayList = new ArrayList();
            arrayList.add(AUTHENTICATED_AUTHORITY);
            if (!StringUtils.isBlank(this.groupsCommandLine)) {
                StringWriter stringWriter = new StringWriter();
                Launcher.LocalLauncher localLauncher = new Launcher.LocalLauncher(new StreamTaskListener(stringWriter));
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                if (localLauncher.launch().cmds(QuotedStringTokenizer.tokenize(this.groupsCommandLine)).stdout(byteArrayOutputStream).envs(new String[]{"U=" + str}).join() != 0) {
                    throw new BadCredentialsException(stringWriter.toString());
                }
                StringTokenizer stringTokenizer = new StringTokenizer(byteArrayOutputStream.toString().trim(), this.groupsDelimiter);
                while (stringTokenizer.hasMoreTokens()) {
                    String trim = stringTokenizer.nextToken().trim();
                    LOGGER.log(Level.FINE, "granting: {0} to {1}", (Object[]) new String[]{trim, str});
                    arrayList.add(new GrantedAuthorityImpl(trim));
                }
            }
            return (GrantedAuthority[]) arrayList.toArray(new GrantedAuthority[0]);
        } catch (IOException e) {
            throw new AuthenticationServiceException("Failed", e);
        } catch (InterruptedException e2) {
            throw new AuthenticationServiceException("Interrupted", e2);
        }
    }
}
