package org.jenkins.wso2.appfactory;

import hudson.Extension;
import hudson.model.Descriptor;
import hudson.security.AbstractPasswordBasedSecurityRealm;
import hudson.security.GroupDetails;
import hudson.security.SecurityRealm;
import hudson.util.FormValidation;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationServiceException;
import org.acegisecurity.BadCredentialsException;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.jfree.util.Log;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.QueryParameter;
import org.springframework.dao.DataAccessException;
import org.wso2.carbon.appfactory.common.AppFactoryException;
import org.wso2.carbon.appfactory.common.util.AppFactoryUtil;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:WEB-INF/classes/org/jenkins/wso2/appfactory/CarbonSecurityRealm.class */
public class CarbonSecurityRealm extends AbstractPasswordBasedSecurityRealm {
    private static final Logger LOGGER = Logger.getLogger(CarbonSecurityRealm.class.getName());
    public static final String JENKINS_SERVER_ADMIN_USERNAME = "JenkinsServerAdminUsername";
    public static final String JENKINS_SERVER_ADMIN_PASSWORD = "JenkinsServerAdminPassword";

    /* loaded from: input_file:WEB-INF/classes/org/jenkins/wso2/appfactory/CarbonSecurityRealm$CarbonGroupDetails.class */
    class CarbonGroupDetails extends GroupDetails {
        private String name;

        CarbonGroupDetails(String str) {
            this.name = str;
        }

        public String getName() {
            return this.name;
        }
    }

    /* loaded from: input_file:WEB-INF/classes/org/jenkins/wso2/appfactory/CarbonSecurityRealm$DescriptorImpl.class */
    public static final class DescriptorImpl extends Descriptor<SecurityRealm> {
        public DescriptorImpl() {
            load();
        }

        public FormValidation doCheckAuthenticationServiceEPR(@QueryParameter String str) {
            return FormValidation.ok();
        }

        public FormValidation doCheckClientTrustStorePassword(@QueryParameter String str) {
            return FormValidation.ok();
        }

        public FormValidation doCheckAppfactorySystemUsername(@QueryParameter String str) {
            return FormValidation.ok();
        }

        public FormValidation doCheckAppfactorySystemUserPassword(@QueryParameter String str) {
            return FormValidation.ok();
        }

        public String getDisplayName() {
            return Messages.DisplayName();
        }
    }

    @DataBoundConstructor
    public CarbonSecurityRealm() {
    }

    @Extension
    public static DescriptorImpl install() {
        return new DescriptorImpl();
    }

    protected UserDetails authenticate(String str, String str2) throws AuthenticationException {
        UserDetails createUserDetails;
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.fine("login request received for : " + str);
        }
        if (!isJenkinsSystemUser(str)) {
            String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(str);
            try {
                UserStoreManager userStoreManager = CarbonContext.getThreadLocalCarbonContext().getUserRealm().getUserStoreManager();
                if (userStoreManager == null || !userStoreManager.authenticate(tenantAwareUsername, str2)) {
                    throw new BadCredentialsException("Invalid credentials supplied user name - " + str + "Password : *****");
                }
                createUserDetails = createUserDetails(tenantAwareUsername, str2);
            } catch (UserStoreException e) {
                throw new AuthenticationServiceException(e.getLocalizedMessage(), e);
            }
        } else {
            if (!authenticateJenkinsSystemUser(str2)) {
                throw new BadCredentialsException("Invalid credentials supplied app factory system user, check app factory configurations.");
            }
            createUserDetails = createUserDetails(str, str2);
        }
        return createUserDetails;
    }

    protected UserDetails createUserDetails(String str, String str2) {
        return new CarbonUserDetails(str, str2, new GrantedAuthority[]{SecurityRealm.AUTHENTICATED_AUTHORITY});
    }

    protected boolean isJenkinsSystemUser(String str) {
        String str2 = "";
        try {
            str2 = AppFactoryUtil.getAppfactoryConfiguration().getFirstProperty(JENKINS_SERVER_ADMIN_USERNAME);
        } catch (AppFactoryException e) {
            Log.error("Error reading jenkins admin username from configuration");
        }
        return str2.equals(str);
    }

    protected boolean authenticateJenkinsSystemUser(String str) {
        String str2 = "";
        try {
            str2 = AppFactoryUtil.getAppfactoryConfiguration().getFirstProperty(JENKINS_SERVER_ADMIN_PASSWORD);
        } catch (AppFactoryException e) {
            Log.error("Error reading jenkins admin password from configuration");
        }
        return str2.equals(str);
    }

    public UserDetails loadUserByUsername(String str) throws UsernameNotFoundException, DataAccessException {
        throw new UsernameNotFoundException("loading users by name is not supported");
    }

    public GroupDetails loadGroupByGroupname(String str) throws UsernameNotFoundException, DataAccessException {
        return new CarbonGroupDetails(str);
    }
}
