package hudson.plugins.active_directory;

import com.sun.jndi.ldap.LdapCtxFactory;
import hudson.plugins.active_directory.ActiveDirectorySecurityRealm;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.BadCredentialsException;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.GrantedAuthorityImpl;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider;
import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.UserDetailsService;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.springframework.dao.DataAccessException;

/* loaded from: input_file:hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.class */
public class ActiveDirectoryUnixAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider implements UserDetailsService {
    private final String domainName;
    private static final Logger LOGGER = Logger.getLogger(ActiveDirectoryUnixAuthenticationProvider.class.getName());

    public ActiveDirectoryUnixAuthenticationProvider(String str) {
        this.domainName = str;
    }

    public UserDetails loadUserByUsername(String str) throws UsernameNotFoundException, DataAccessException {
        throw new UsernameNotFoundException("Active-directory plugin doesn't support user retrieval");
    }

    protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
    }

    protected UserDetails retrieveUser(String str, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
        String str2 = usernamePasswordAuthenticationToken != null ? (String) usernamePasswordAuthenticationToken.getCredentials() : null;
        Hashtable hashtable = new Hashtable();
        String str3 = str + '@' + this.domainName;
        hashtable.put("java.naming.security.principal", str3);
        hashtable.put("java.naming.security.credentials", str2);
        hashtable.put("java.naming.referral", "follow");
        try {
            DirContext ldapCtxInstance = LdapCtxFactory.getLdapCtxInstance("ldap://" + ActiveDirectorySecurityRealm.DesciprotrImpl.INSTANCE.obtainLDAPServer(this.domainName) + '/', hashtable);
            try {
                SearchControls searchControls = new SearchControls();
                searchControls.setSearchScope(2);
                NamingEnumeration search = ldapCtxInstance.search(toDC(this.domainName), "(& (userPrincipalName=" + str3 + ")(objectClass=user))", searchControls);
                if (!search.hasMore()) {
                    search = ldapCtxInstance.search(toDC(this.domainName), "(& (sAMAccountName=" + str + ")(objectClass=user))", searchControls);
                    if (!search.hasMore()) {
                        throw new BadCredentialsException("Authentication was successful but cannot locate the user information for " + str);
                    }
                }
                SearchResult searchResult = (SearchResult) search.next();
                ArrayList arrayList = new ArrayList();
                Attribute attribute = searchResult.getAttributes().get("memberOf");
                if (attribute != null) {
                    for (int i = 0; i < attribute.size(); i++) {
                        arrayList.add(new GrantedAuthorityImpl(ldapCtxInstance.getAttributes(attribute.get(i).toString(), new String[]{"CN"}).get("CN").get().toString()));
                    }
                }
                ldapCtxInstance.close();
                return new ActiveDirectoryUserDetail(str, str2, true, true, true, true, (GrantedAuthority[]) arrayList.toArray(new GrantedAuthority[arrayList.size()]));
            } catch (NamingException e) {
                LOGGER.log(Level.WARNING, "Failed to retrieve user information for " + str, e);
                throw new BadCredentialsException("Failed to retrieve user information for " + str, e);
            }
        } catch (NamingException e2) {
            LOGGER.log(Level.WARNING, "Failed to bind to LDAP", e2);
            throw new BadCredentialsException("Either no such user '" + str3 + "' or incorrect password", e2);
        }
    }

    private static String toDC(String str) {
        StringBuilder sb = new StringBuilder();
        for (String str2 : str.split("\\.")) {
            if (str2.length() != 0) {
                if (sb.length() > 0) {
                    sb.append(",");
                }
                sb.append("DC=").append(str2);
            }
        }
        return sb.toString();
    }
}
