package de.theit.jenkins.crowd;

import com.atlassian.crowd.embedded.impl.ConnectionPoolPropertyConstants;
import com.atlassian.crowd.exception.ApplicationPermissionException;
import com.atlassian.crowd.exception.ExpiredCredentialException;
import com.atlassian.crowd.exception.GroupNotFoundException;
import com.atlassian.crowd.exception.InactiveAccountException;
import com.atlassian.crowd.exception.InvalidAuthenticationException;
import com.atlassian.crowd.exception.OperationFailedException;
import com.atlassian.crowd.exception.UserNotFoundException;
import com.atlassian.crowd.model.group.Group;
import com.atlassian.crowd.model.user.User;
import hudson.Extension;
import hudson.model.AbstractDescribableImpl;
import hudson.model.Descriptor;
import hudson.model.Hudson;
import hudson.security.AbstractPasswordBasedSecurityRealm;
import hudson.security.GroupDetails;
import hudson.security.SecurityRealm;
import hudson.util.FormValidation;
import hudson.util.ListBoxModel;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.Filter;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import org.acegisecurity.AccountExpiredException;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationServiceException;
import org.acegisecurity.BadCredentialsException;
import org.acegisecurity.InsufficientAuthenticationException;
import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.apache.http.impl.client.cache.CacheConfig;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.StaplerResponse;
import org.springframework.dao.DataAccessException;
import org.springframework.dao.DataRetrievalFailureException;

/* loaded from: input_file:WEB-INF/lib/crowd2.jar:de/theit/jenkins/crowd/CrowdSecurityRealm.class */
public class CrowdSecurityRealm extends AbstractPasswordBasedSecurityRealm {
    private static final Logger LOG = Logger.getLogger(CrowdSecurityRealm.class.getName());
    public final String url;
    public final String applicationName;
    public final String password;
    public final String group;
    public final boolean nestedGroups;
    public final boolean useSSO;
    public final int sessionValidationInterval;
    public final String cookieDomain;
    public final String cookieTokenkey;
    public final Boolean useProxy;
    public final String httpProxyHost;
    public final String httpProxyPort;
    public final String httpProxyUsername;
    public final String httpProxyPassword;
    public final String socketTimeout;
    public final String httpTimeout;
    public final String httpMaxConnections;
    private final CacheConfiguration cache;
    private transient CrowdConfigurationService configuration;

    /* loaded from: input_file:WEB-INF/lib/crowd2.jar:de/theit/jenkins/crowd/CrowdSecurityRealm$CacheConfiguration.class */
    public static class CacheConfiguration extends AbstractDescribableImpl<CacheConfiguration> {
        private final int size;
        private final int ttl;

        @Extension
        /* loaded from: input_file:WEB-INF/lib/crowd2.jar:de/theit/jenkins/crowd/CrowdSecurityRealm$CacheConfiguration$DescriptorImpl.class */
        public static class DescriptorImpl extends Descriptor<CacheConfiguration> {
            public String getDisplayName() {
                return "";
            }

            public ListBoxModel doFillSizeItems() {
                ListBoxModel listBoxModel = new ListBoxModel();
                listBoxModel.add(ConnectionPoolPropertyConstants.DEFAULT_PREFERRED_POOL_SIZE);
                listBoxModel.add("20");
                listBoxModel.add("50");
                listBoxModel.add("100");
                listBoxModel.add("200");
                listBoxModel.add("500");
                listBoxModel.add("1000");
                return listBoxModel;
            }

            public ListBoxModel doFillTtlItems() {
                ListBoxModel listBoxModel = new ListBoxModel();
                listBoxModel.add("30 sec", "30");
                listBoxModel.add("1 min", "60");
                listBoxModel.add("2 min", "120");
                listBoxModel.add("5 min", "300");
                listBoxModel.add("10 min", "600");
                listBoxModel.add("15 min", "900");
                listBoxModel.add("30 min", "1800");
                listBoxModel.add("1 hour", "3600");
                return listBoxModel;
            }
        }

        @DataBoundConstructor
        public CacheConfiguration(int i, int i2) {
            this.size = Math.max(10, Math.min(i, CacheConfig.DEFAULT_MAX_CACHE_ENTRIES));
            this.ttl = Math.max(30, Math.min(i2, 3600));
        }

        public int getSize() {
            return this.size;
        }

        public int getTtl() {
            return this.ttl;
        }
    }

    @Extension
    /* loaded from: input_file:WEB-INF/lib/crowd2.jar:de/theit/jenkins/crowd/CrowdSecurityRealm$DescriptorImpl.class */
    public static final class DescriptorImpl extends Descriptor<SecurityRealm> {
        public DescriptorImpl() {
            super(CrowdSecurityRealm.class);
        }

        public FormValidation doCheckUrl(@QueryParameter String str) {
            if (Hudson.getInstance().hasPermission(Hudson.ADMINISTER) && 0 == str.length()) {
                return FormValidation.error(ErrorMessages.specifyCrowdUrl());
            }
            return FormValidation.ok();
        }

        public FormValidation doCheckApplicationName(@QueryParameter String str) {
            if (Hudson.getInstance().hasPermission(Hudson.ADMINISTER) && 0 == str.length()) {
                return FormValidation.error(ErrorMessages.specifyApplicationName());
            }
            return FormValidation.ok();
        }

        public FormValidation doCheckPassword(@QueryParameter String str) {
            if (Hudson.getInstance().hasPermission(Hudson.ADMINISTER) && 0 == str.length()) {
                return FormValidation.error(ErrorMessages.specifyApplicationPassword());
            }
            return FormValidation.ok();
        }

        public FormValidation doCheckSessionValidationInterval(@QueryParameter String str) {
            if (!Hudson.getInstance().hasPermission(Hudson.ADMINISTER)) {
                return FormValidation.ok();
            }
            try {
                return (0 == str.length() || Integer.valueOf(str).intValue() < 0) ? FormValidation.error(ErrorMessages.specifySessionValidationInterval()) : FormValidation.ok();
            } catch (NumberFormatException e) {
                return FormValidation.error(ErrorMessages.specifySessionValidationInterval());
            }
        }

        public FormValidation doTestConnection(@QueryParameter String str, @QueryParameter String str2, @QueryParameter String str3, @QueryParameter String str4, @QueryParameter boolean z, @QueryParameter String str5, @QueryParameter int i, @QueryParameter String str6, @QueryParameter Boolean bool, @QueryParameter String str7, @QueryParameter String str8, @QueryParameter String str9, @QueryParameter String str10, @QueryParameter String str11, @QueryParameter String str12, @QueryParameter String str13) {
            CrowdConfigurationService crowdConfigurationService = new CrowdConfigurationService(str, str2, str3, i, z, str5, str6, bool, str7, str8, str9, str10, str11, str12, str13, false, null, null, str4, false);
            try {
                try {
                    crowdConfigurationService.testConnection();
                    Iterator<String> it = crowdConfigurationService.getAllowedGroupNames().iterator();
                    while (it.hasNext()) {
                        String next = it.next();
                        if (!crowdConfigurationService.isGroupActive(next)) {
                            FormValidation error = FormValidation.error(ErrorMessages.groupNotFound(next));
                            crowdConfigurationService.shutdown();
                            return error;
                        }
                    }
                    FormValidation ok = FormValidation.ok("OK");
                    crowdConfigurationService.shutdown();
                    return ok;
                } catch (ApplicationPermissionException e) {
                    CrowdSecurityRealm.LOG.log(Level.WARNING, ErrorMessages.applicationPermission(), (Throwable) e);
                    FormValidation error2 = FormValidation.error(ErrorMessages.applicationPermission());
                    crowdConfigurationService.shutdown();
                    return error2;
                } catch (InvalidAuthenticationException e2) {
                    CrowdSecurityRealm.LOG.log(Level.WARNING, ErrorMessages.invalidAuthentication(), (Throwable) e2);
                    FormValidation error3 = FormValidation.error(ErrorMessages.invalidAuthentication());
                    crowdConfigurationService.shutdown();
                    return error3;
                } catch (OperationFailedException e3) {
                    CrowdSecurityRealm.LOG.log(Level.SEVERE, ErrorMessages.operationFailed(), (Throwable) e3);
                    FormValidation error4 = FormValidation.error(ErrorMessages.operationFailed());
                    crowdConfigurationService.shutdown();
                    return error4;
                }
            } catch (Throwable th) {
                crowdConfigurationService.shutdown();
                throw th;
            }
        }

        public String getDisplayName() {
            return "Crowd 2";
        }
    }

    @DataBoundConstructor
    public CrowdSecurityRealm(String str, String str2, String str3, String str4, boolean z, int i, boolean z2, String str5, String str6, Boolean bool, String str7, String str8, String str9, String str10, String str11, String str12, String str13, CacheConfiguration cacheConfiguration) {
        this.cookieTokenkey = str6;
        this.useProxy = bool;
        this.httpProxyHost = str7;
        this.httpProxyPort = str8;
        this.httpProxyUsername = str9;
        this.httpProxyPassword = str10;
        this.socketTimeout = str11;
        this.httpTimeout = str12;
        this.httpMaxConnections = str13;
        this.url = str.trim();
        this.applicationName = str2.trim();
        this.password = str3.trim();
        this.group = str4.trim();
        this.nestedGroups = z;
        this.sessionValidationInterval = i;
        this.useSSO = z2;
        this.cookieDomain = str5;
        this.cache = cacheConfiguration;
    }

    @Deprecated
    public CrowdSecurityRealm(String str, String str2, String str3, String str4, boolean z, int i, boolean z2, String str5, String str6, Boolean bool, String str7, String str8, String str9, String str10, String str11, String str12, String str13) {
        this(str, str2, str3, str4, z, i, z2, str5, str6, bool, str7, str8, str9, str10, str11, str12, str13, null);
    }

    public CacheConfiguration getCache() {
        return this.cache;
    }

    public Integer getCacheSize() {
        if (this.cache == null) {
            return null;
        }
        return Integer.valueOf(this.cache.getSize());
    }

    public Integer getCacheTTL() {
        if (this.cache == null) {
            return null;
        }
        return Integer.valueOf(this.cache.getTtl());
    }

    private void initializeConfiguration() {
        this.configuration = new CrowdConfigurationService(this.url, this.applicationName, this.password, this.sessionValidationInterval, this.useSSO, this.cookieDomain, this.cookieTokenkey, this.useProxy, this.httpProxyHost, this.httpProxyPort, this.httpProxyUsername, this.httpProxyPassword, this.socketTimeout, this.httpTimeout, this.httpMaxConnections, this.cache != null, getCacheSize(), getCacheTTL(), this.group, this.nestedGroups);
    }

    public SecurityRealm.SecurityComponents createSecurityComponents() {
        if (null == this.configuration) {
            initializeConfiguration();
        }
        CrowdAuthenticationManager crowdAuthenticationManager = new CrowdAuthenticationManager(this.configuration);
        CrowdUserDetailsService crowdUserDetailsService = new CrowdUserDetailsService(this.configuration);
        return this.useSSO ? new SecurityRealm.SecurityComponents(crowdAuthenticationManager, crowdUserDetailsService, new CrowdRememberMeServices(this.configuration)) : new SecurityRealm.SecurityComponents(crowdAuthenticationManager, crowdUserDetailsService);
    }

    public void doLogout(StaplerRequest staplerRequest, StaplerResponse staplerResponse) throws IOException, ServletException {
        SecurityRealm securityRealm = Hudson.getInstance().getSecurityRealm();
        if (this.useSSO && (securityRealm instanceof CrowdSecurityRealm) && (securityRealm.getSecurityComponents().rememberMe instanceof CrowdRememberMeServices)) {
            ((CrowdRememberMeServices) securityRealm.getSecurityComponents().rememberMe).logout(staplerRequest, staplerResponse);
        }
        super.doLogout(staplerRequest, staplerResponse);
    }

    public Filter createFilter(FilterConfig filterConfig) {
        if (null == this.configuration) {
            initializeConfiguration();
        }
        Filter createFilter = super.createFilter(filterConfig);
        return !this.useSSO ? createFilter : new CrowdServletFilter(this, this.configuration, createFilter);
    }

    public UserDetails loadUserByUsername(String str) throws UsernameNotFoundException, DataAccessException {
        return getSecurityComponents().userDetails.loadUserByUsername(str);
    }

    public GroupDetails loadGroupByGroupname(String str) throws UsernameNotFoundException, DataAccessException {
        try {
            if (LOG.isLoggable(Level.FINER)) {
                LOG.finer("Trying to load group: " + str);
            }
            final Group group = this.configuration.getGroup(str);
            return new GroupDetails() { // from class: de.theit.jenkins.crowd.CrowdSecurityRealm.1
                public String getName() {
                    return group.getName();
                }
            };
        } catch (ApplicationPermissionException e) {
            LOG.warning(ErrorMessages.applicationPermission());
            throw new DataRetrievalFailureException(ErrorMessages.applicationPermission(), e);
        } catch (GroupNotFoundException e2) {
            if (LOG.isLoggable(Level.INFO)) {
                LOG.info(ErrorMessages.groupNotFound(str));
            }
            throw new DataRetrievalFailureException(ErrorMessages.groupNotFound(str), e2);
        } catch (InvalidAuthenticationException e3) {
            LOG.warning(ErrorMessages.invalidAuthentication());
            throw new DataRetrievalFailureException(ErrorMessages.invalidAuthentication(), e3);
        } catch (OperationFailedException e4) {
            LOG.log(Level.SEVERE, ErrorMessages.operationFailed(), (Throwable) e4);
            throw new DataRetrievalFailureException(ErrorMessages.operationFailed(), e4);
        }
    }

    protected UserDetails authenticate(String str, String str2) throws AuthenticationException {
        if (!this.configuration.isGroupMember(str)) {
            throw new InsufficientAuthenticationException(ErrorMessages.userNotValid(str, this.configuration.getAllowedGroupNames()));
        }
        try {
            if (LOG.isLoggable(Level.FINE)) {
                LOG.fine("Authenticate user '" + str + "' using password '" + (null != str2 ? "<available>'" : "<not specified>'"));
            }
            User authenticateUser = this.configuration.authenticateUser(str, str2);
            ArrayList arrayList = new ArrayList();
            arrayList.add(SecurityRealm.AUTHENTICATED_AUTHORITY);
            arrayList.addAll(this.configuration.getAuthoritiesForUser(str));
            return new CrowdUser(authenticateUser, arrayList);
        } catch (ApplicationPermissionException e) {
            LOG.warning(ErrorMessages.applicationPermission());
            throw new AuthenticationServiceException(ErrorMessages.applicationPermission(), e);
        } catch (ExpiredCredentialException e2) {
            LOG.warning(ErrorMessages.expiredCredentials(str));
            throw new BadCredentialsException(ErrorMessages.expiredCredentials(str), e2);
        } catch (InactiveAccountException e3) {
            LOG.warning(ErrorMessages.accountExpired(str));
            throw new AccountExpiredException(ErrorMessages.accountExpired(str), e3);
        } catch (InvalidAuthenticationException e4) {
            LOG.warning(ErrorMessages.invalidAuthentication());
            throw new AuthenticationServiceException(ErrorMessages.invalidAuthentication(), e4);
        } catch (OperationFailedException e5) {
            LOG.log(Level.SEVERE, ErrorMessages.operationFailed(), (Throwable) e5);
            throw new AuthenticationServiceException(ErrorMessages.operationFailed(), e5);
        } catch (UserNotFoundException e6) {
            if (LOG.isLoggable(Level.INFO)) {
                LOG.info(ErrorMessages.userNotFound(str));
            }
            throw new BadCredentialsException(ErrorMessages.userNotFound(str), e6);
        }
    }
}
