package hudson.security;

import edu.umd.cs.findbugs.annotations.CheckForNull;
import edu.umd.cs.findbugs.annotations.NonNull;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import hudson.Extension;
import hudson.Main;
import hudson.Util;
import hudson.model.AbstractDescribableImpl;
import hudson.model.Descriptor;
import hudson.model.User;
import hudson.security.SecurityRealm;
import hudson.tasks.Mailer;
import hudson.util.FormValidation;
import hudson.util.ListBoxModel;
import hudson.util.Scrambler;
import hudson.util.Secret;
import hudson.util.VersionNumber;
import java.io.IOException;
import java.io.Serializable;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TreeSet;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.naming.InvalidNameException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttributes;
import javax.naming.ldap.LdapName;
import jenkins.model.IdStrategy;
import jenkins.model.Jenkins;
import jenkins.security.SecurityListener;
import jenkins.security.plugins.ldap.FromGroupSearchLDAPGroupMembershipStrategy;
import jenkins.security.plugins.ldap.LDAPConfiguration;
import jenkins.security.plugins.ldap.LDAPGroupMembershipStrategy;
import jenkins.security.plugins.ldap.LdapEntryMapper;
import jenkins.security.plugins.ldap.Messages;
import jenkins.security.plugins.ldap.SetContextClassLoader;
import net.sf.json.JSONArray;
import net.sf.json.JSONObject;
import org.apache.commons.collections.map.LRUMap;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.DoNotUse;
import org.kohsuke.accmod.restrictions.NoExternalUse;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.interceptor.RequirePOST;
import org.springframework.ldap.core.ContextSource;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.security.authentication.AccountStatusException;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.ldap.authentication.LdapAuthenticationProvider;
import org.springframework.security.ldap.authentication.LdapAuthenticator;
import org.springframework.security.ldap.search.LdapUserSearch;
import org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator;
import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
import org.springframework.security.ldap.userdetails.LdapUserDetails;
import org.springframework.security.ldap.userdetails.LdapUserDetailsImpl;

/* loaded from: input_file:hudson/security/LDAPSecurityRealm.class */
public class LDAPSecurityRealm extends AbstractPasswordBasedSecurityRealm {

    @Restricted({NoExternalUse.class})
    @SuppressFBWarnings(value = {"UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD"}, justification = "This public field is exposed to the plugin's API")
    @Deprecated
    public transient String server;

    @Restricted({NoExternalUse.class})
    @SuppressFBWarnings(value = {"UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD"}, justification = "This public field is exposed to the plugin's API")
    @Deprecated
    public transient String rootDN;

    @Restricted({NoExternalUse.class})
    @SuppressFBWarnings(value = {"UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD"}, justification = "This public field is exposed to the plugin's API")
    @Deprecated
    public transient boolean inhibitInferRootDN;

    @Restricted({NoExternalUse.class})
    @SuppressFBWarnings(value = {"UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD"}, justification = "This public field is exposed to the plugin's API")
    @Deprecated
    public transient String userSearchBase;

    @Restricted({NoExternalUse.class})
    @SuppressFBWarnings(value = {"UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD"}, justification = "This public field is exposed to the plugin's API")
    @Deprecated
    public transient String userSearch;

    @Restricted({NoExternalUse.class})
    @SuppressFBWarnings(value = {"UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD"}, justification = "This public field is exposed to the plugin's API")
    @Deprecated
    public transient String groupSearchBase;

    @Restricted({NoExternalUse.class})
    @SuppressFBWarnings(value = {"UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD"}, justification = "This public field is exposed to the plugin's API")
    @Deprecated
    public transient String groupSearchFilter;

    @Restricted({NoExternalUse.class})
    @SuppressFBWarnings(value = {"UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD"}, justification = "This public field is exposed to the plugin's API")
    @Deprecated
    public transient String groupMembershipFilter;

    @Restricted({NoExternalUse.class})
    @SuppressFBWarnings(value = {"UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD"}, justification = "This public field is exposed to the plugin's API")
    @Deprecated
    public transient LDAPGroupMembershipStrategy groupMembershipStrategy;

    @Restricted({NoExternalUse.class})
    @SuppressFBWarnings(value = {"UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD"}, justification = "This public field is exposed to the plugin's API")
    @Deprecated
    public transient String managerDN;

    @Restricted({NoExternalUse.class})
    @SuppressFBWarnings(value = {"UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD"}, justification = "This public field is exposed to the plugin's API")
    @Deprecated
    private transient String managerPassword;

    @Restricted({NoExternalUse.class})
    @Deprecated
    private transient Secret managerPasswordSecret;

    @SuppressFBWarnings(value = {"UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD"}, justification = "This public field is exposed to the plugin's API")
    public final boolean disableMailAddressResolver;
    private List<LDAPConfiguration> configurations;
    private final CacheConfiguration cache;
    private transient Map<String, CacheEntry<DelegatedLdapUserDetails>> userDetailsCache;
    private transient Map<String, CacheEntry<GroupDetailsImpl>> groupDetailsCache;

    @Restricted({NoExternalUse.class})
    @Deprecated
    private transient Map<String, String> extraEnvVars;

    @Restricted({NoExternalUse.class})
    @Deprecated
    private transient String displayNameAttributeName;

    @Restricted({NoExternalUse.class})
    @Deprecated
    private transient String mailAddressAttributeName;
    private final IdStrategy userIdStrategy;
    private final IdStrategy groupIdStrategy;
    private boolean disableRolePrefixing;
    private static final boolean FORCE_USERNAME_LOWERCASE = Boolean.getBoolean(LDAPSecurityRealm.class.getName() + ".forceUsernameLowercase");
    private static final boolean FORCE_GROUPNAME_LOWERCASE = Boolean.getBoolean(LDAPSecurityRealm.class.getName() + ".forceGroupnameLowercase");

    @Restricted({NoExternalUse.class})
    public static final Logger LOGGER = Logger.getLogger(LDAPSecurityRealm.class.getName());
    public static final String GROUP_SEARCH = System.getProperty(LDAPSecurityRealm.class.getName() + ".groupSearch", "(& (cn={0}) (| (objectclass=groupOfNames) (objectclass=groupOfUniqueNames) (objectclass=posixGroup)))");

    /* loaded from: input_file:hudson/security/LDAPSecurityRealm$AuthoritiesPopulatorImpl.class */
    public static final class AuthoritiesPopulatorImpl extends DefaultLdapAuthoritiesPopulator {
        String rolePrefix;
        boolean convertToUpperCase;
        private GrantedAuthority defaultRole;

        public AuthoritiesPopulatorImpl(ContextSource contextSource, String str) {
            super(contextSource, Util.fixNull(str));
            this.rolePrefix = "ROLE_";
            this.convertToUpperCase = true;
            this.defaultRole = null;
            super.setRolePrefix("");
            super.setConvertToUpperCase(false);
        }

        public Set<GrantedAuthority> getAdditionalRoles(DirContextOperations dirContextOperations, String str) {
            return Collections.singleton(SecurityRealm.AUTHENTICATED_AUTHORITY2);
        }

        public void setRolePrefix(String str) {
            this.rolePrefix = str;
        }

        public void setConvertToUpperCase(boolean z) {
            this.convertToUpperCase = z;
        }

        public Set<GrantedAuthority> getGroupMembershipRoles(String str, String str2) {
            Set groupMembershipRoles = super.getGroupMembershipRoles(str, str2);
            HashSet hashSet = new HashSet(groupMembershipRoles.size() * 2);
            hashSet.addAll(groupMembershipRoles);
            if (isGeneratingPrefixRoles()) {
                Iterator it = groupMembershipRoles.iterator();
                while (it.hasNext()) {
                    String authority = ((GrantedAuthority) it.next()).getAuthority();
                    if (this.convertToUpperCase) {
                        authority = authority.toUpperCase();
                    }
                    hashSet.add(new SimpleGrantedAuthority(this.rolePrefix + authority));
                }
            }
            return hashSet;
        }

        public boolean isGeneratingPrefixRoles() {
            return StringUtils.isNotBlank(this.rolePrefix) || this.convertToUpperCase;
        }

        public boolean _isConvertToUpperCase() {
            return this.convertToUpperCase;
        }

        public String _getRolePrefix() {
            return this.rolePrefix;
        }

        public GrantedAuthority getDefaultRole() {
            return this.defaultRole;
        }

        public void setDefaultRole(String str) {
            super.setDefaultRole(str);
            this.defaultRole = new SimpleGrantedAuthority(str);
        }
    }

    /* loaded from: input_file:hudson/security/LDAPSecurityRealm$CacheConfiguration.class */
    public static class CacheConfiguration extends AbstractDescribableImpl<CacheConfiguration> {
        private final int size;
        private final int ttl;

        @Extension
        /* loaded from: input_file:hudson/security/LDAPSecurityRealm$CacheConfiguration$DescriptorImpl.class */
        public static class DescriptorImpl extends Descriptor<CacheConfiguration> {
            public String getDisplayName() {
                return "";
            }

            public ListBoxModel doFillSizeItems() {
                ListBoxModel listBoxModel = new ListBoxModel();
                listBoxModel.add("10");
                listBoxModel.add("20");
                listBoxModel.add("50");
                listBoxModel.add("100");
                listBoxModel.add("200");
                listBoxModel.add("500");
                listBoxModel.add("1000");
                return listBoxModel;
            }

            public ListBoxModel doFillTtlItems() {
                ListBoxModel listBoxModel = new ListBoxModel();
                for (int i : new int[]{30, 60, 120, 300, 600, 900, 1800, 3600}) {
                    listBoxModel.add(Util.getTimeSpanString(i * 1000), Integer.toString(i));
                }
                return listBoxModel;
            }
        }

        @DataBoundConstructor
        public CacheConfiguration(int i, int i2) {
            this.size = Math.max(10, Math.min(i, 1000));
            this.ttl = Math.max(30, Math.min(i2, 3600));
        }

        public int getSize() {
            return this.size;
        }

        public int getTtl() {
            return this.ttl;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:hudson/security/LDAPSecurityRealm$CacheEntry.class */
    public static class CacheEntry<T> {
        private final long expires;
        private final T value;

        public CacheEntry(int i, T t) {
            this.expires = System.currentTimeMillis() + TimeUnit.SECONDS.toMillis(i);
            this.value = t;
        }

        public T getValue() {
            return this.value;
        }

        public boolean isValid() {
            return System.currentTimeMillis() < this.expires;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:hudson/security/LDAPSecurityRealm$CacheMap.class */
    public static class CacheMap<K, V> extends LinkedHashMap<K, CacheEntry<V>> {
        private final int cacheSize;

        public CacheMap(int i) {
            super(i + 1);
            this.cacheSize = i;
        }

        @Override // java.util.LinkedHashMap
        protected boolean removeEldestEntry(Map.Entry<K, CacheEntry<V>> entry) {
            return size() > this.cacheSize || entry.getValue() == null || !entry.getValue().isValid();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:hudson/security/LDAPSecurityRealm$DelegateLDAPUserDetailsService.class */
    public static class DelegateLDAPUserDetailsService implements UserDetailsService {
        private final List<LDAPUserDetailsService> delegates = new ArrayList();

        public void addDelegate(LDAPUserDetailsService lDAPUserDetailsService) {
            this.delegates.add(lDAPUserDetailsService);
        }

        public boolean contains(LDAPUserDetailsService lDAPUserDetailsService) {
            return this.delegates.contains(lDAPUserDetailsService);
        }

        public DelegatedLdapUserDetails loadUserByUsername(String str, String str2) throws UsernameNotFoundException {
            for (LDAPUserDetailsService lDAPUserDetailsService : this.delegates) {
                if (lDAPUserDetailsService.configurationId.equals(str)) {
                    try {
                        return lDAPUserDetailsService.m5loadUserByUsername(str2);
                    } catch (AuthenticationException e) {
                        LDAPConfiguration _getConfigurationFor = LDAPSecurityRealm._getConfigurationFor(lDAPUserDetailsService.configurationId);
                        Logger logger = LDAPSecurityRealm.LOGGER;
                        Level level = Level.WARNING;
                        Object[] objArr = new Object[2];
                        objArr[0] = lDAPUserDetailsService.configurationId;
                        objArr[1] = _getConfigurationFor != null ? _getConfigurationFor.getServer() : "null";
                        logger.log(level, String.format("Failed communication with ldap server %s (%s)", objArr), e);
                        throw e;
                    }
                }
            }
            return null;
        }

        public UserDetails loadUserByUsername(String str) throws UsernameNotFoundException {
            UsernameNotFoundException usernameNotFoundException = null;
            for (LDAPUserDetailsService lDAPUserDetailsService : this.delegates) {
                try {
                    return lDAPUserDetailsService.m5loadUserByUsername(str);
                } catch (AccountStatusException e) {
                    throw e;
                } catch (AuthenticationException e2) {
                    LDAPSecurityRealm.throwUnlessConfigIsIgnorable(new UserMayOrMayNotExistException2(e2.toString(), e2), LDAPSecurityRealm._getConfigurationFor(lDAPUserDetailsService.configurationId));
                } catch (UsernameNotFoundException e3) {
                    usernameNotFoundException = e3;
                }
            }
            if (usernameNotFoundException != null) {
                throw usernameNotFoundException;
            }
            throw new UsernameNotFoundException(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:hudson/security/LDAPSecurityRealm$DelegatedLdapAuthentication.class */
    public static class DelegatedLdapAuthentication implements Authentication {
        private final Authentication delegate;
        private final Object principal;
        private final String configurationId;

        DelegatedLdapAuthentication(Authentication authentication, Object obj, String str) {
            this.delegate = authentication;
            this.principal = obj;
            this.configurationId = str;
        }

        public Collection<? extends GrantedAuthority> getAuthorities() {
            return this.delegate.getAuthorities();
        }

        public Object getCredentials() {
            return this.delegate.getCredentials();
        }

        public Object getDetails() {
            return this.delegate.getDetails();
        }

        public Object getPrincipal() {
            return this.principal;
        }

        public boolean isAuthenticated() {
            return this.delegate.isAuthenticated();
        }

        public void setAuthenticated(boolean z) throws IllegalArgumentException {
            this.delegate.setAuthenticated(z);
        }

        public String getName() {
            return this.delegate.getName();
        }

        public Authentication getDelegate() {
            return this.delegate;
        }

        public String getConfigurationId() {
            return this.configurationId;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:hudson/security/LDAPSecurityRealm$DelegatedLdapUserDetails.class */
    public static class DelegatedLdapUserDetails implements LdapUserDetails, Serializable {
        private static final long serialVersionUID = 1;
        private final LdapUserDetails userDetails;

        @NonNull
        private final String configurationId;

        @CheckForNull
        private final Attributes attributes;

        DelegatedLdapUserDetails(@NonNull LdapUserDetails ldapUserDetails, @NonNull String str, @CheckForNull Attributes attributes) {
            this.userDetails = ldapUserDetails;
            this.configurationId = str;
            this.attributes = attributes;
        }

        public String getDn() {
            return this.userDetails.getDn();
        }

        public Collection<? extends GrantedAuthority> getAuthorities() {
            return this.userDetails.getAuthorities();
        }

        public String getPassword() {
            return this.userDetails.getPassword();
        }

        public String getUsername() {
            return this.userDetails.getUsername();
        }

        public boolean isAccountNonExpired() {
            return this.userDetails.isAccountNonExpired();
        }

        public boolean isAccountNonLocked() {
            return this.userDetails.isAccountNonLocked();
        }

        public boolean isCredentialsNonExpired() {
            return this.userDetails.isCredentialsNonExpired();
        }

        public boolean isEnabled() {
            return this.userDetails.isEnabled();
        }

        public LdapUserDetails getUserDetails() {
            return this.userDetails;
        }

        @NonNull
        public String getConfigurationId() {
            return this.configurationId;
        }

        public static Attributes getAttributes(LdapUserDetails ldapUserDetails, @CheckForNull LdapUserSearch ldapUserSearch) {
            if ((ldapUserDetails instanceof DelegatedLdapUserDetails) && ((DelegatedLdapUserDetails) ldapUserDetails).attributes != null) {
                return ((DelegatedLdapUserDetails) ldapUserDetails).attributes;
            }
            if (ldapUserSearch != null) {
                try {
                    SetContextClassLoader setContextClassLoader = new SetContextClassLoader();
                    try {
                        Attributes attributes = ldapUserSearch.searchForUser(ldapUserDetails.getUsername()).getAttributes();
                        setContextClassLoader.close();
                        return attributes;
                    } finally {
                    }
                } catch (UsernameNotFoundException e) {
                }
            }
            return new BasicAttributes();
        }

        public void eraseCredentials() {
            this.userDetails.eraseCredentials();
        }
    }

    @Extension
    /* loaded from: input_file:hudson/security/LDAPSecurityRealm$DescriptorImpl.class */
    public static final class DescriptorImpl extends Descriptor<SecurityRealm> {
        public static final String DEFAULT_DISPLAYNAME_ATTRIBUTE_NAME = "displayname";
        public static final String DEFAULT_MAILADDRESS_ATTRIBUTE_NAME = "mail";
        public static final String DEFAULT_USER_SEARCH = "uid={0}";
        static final /* synthetic */ boolean $assertionsDisabled;

        public String getDisplayName() {
            return Messages.LDAPSecurityRealm_DisplayName();
        }

        public IdStrategy getDefaultIdStrategy() {
            return IdStrategy.CASE_INSENSITIVE;
        }

        /* renamed from: newInstance, reason: merged with bridge method [inline-methods] */
        public SecurityRealm m4newInstance(StaplerRequest staplerRequest, JSONObject jSONObject) throws Descriptor.FormException {
            if (!jSONObject.has("configurations")) {
                throw new Descriptor.FormException(Messages.LDAPSecurityRealm_AtLeastOne(), "configurations");
            }
            Object obj = jSONObject.get("configurations");
            if (obj instanceof JSONArray) {
                if (((JSONArray) obj).isEmpty()) {
                    throw new Descriptor.FormException(Messages.LDAPSecurityRealm_AtLeastOne(), "configurations");
                }
                if (((JSONArray) obj).size() > 1) {
                    List bindJSONToList = staplerRequest.bindJSONToList(LDAPConfiguration.class, obj);
                    for (int i = 0; i < bindJSONToList.size(); i++) {
                        LDAPConfiguration lDAPConfiguration = (LDAPConfiguration) bindJSONToList.get(i);
                        for (int i2 = i + 1; i2 < bindJSONToList.size(); i2++) {
                            if (lDAPConfiguration.isConfiguration(((LDAPConfiguration) bindJSONToList.get(i2)).getId())) {
                                throw new Descriptor.FormException(Messages.LDAPSecurityRealm_NotSameServer(), "configurations");
                            }
                        }
                    }
                }
            } else {
                if (!(obj instanceof JSONObject)) {
                    throw new Descriptor.FormException(Messages.LDAPSecurityRealm_AtLeastOne(), "configurations");
                }
                if (((JSONObject) obj).isNullObject()) {
                    throw new Descriptor.FormException(Messages.LDAPSecurityRealm_AtLeastOne(), "configurations");
                }
            }
            return super.newInstance(staplerRequest, jSONObject);
        }

        @Restricted({NoExternalUse.class})
        public boolean hasEnableSecurityForm() {
            VersionNumber version = Jenkins.getVersion();
            return version != null && version.isOlderThan(new VersionNumber("2.214"));
        }

        @RequirePOST
        public FormValidation doValidate(StaplerRequest staplerRequest) throws Exception {
            if (!Jenkins.getActiveInstance().hasPermission(Jenkins.ADMINISTER)) {
                return FormValidation.ok();
            }
            JSONObject fromObject = JSONObject.fromObject(IOUtils.toString(staplerRequest.getInputStream()));
            return validate((LDAPSecurityRealm) staplerRequest.bindJSON(LDAPSecurityRealm.class, hasEnableSecurityForm() ? fromObject.getJSONObject("useSecurity").getJSONObject("realm") : fromObject.getJSONObject("realm")), fromObject.getString("testUser"), fromObject.getString("testPassword"));
        }

        private void rsp(StringBuilder sb, String str, String str2, String str3, Object... objArr) {
            sb.append("<div class='").append(str).append("' data-test='");
            sb.append(Util.escape(str2));
            sb.append("'>");
            sb.append(str3);
            boolean z = true;
            for (Object obj : objArr) {
                if (obj instanceof String) {
                    if (z) {
                        sb.append("<br/>");
                    }
                    sb.append(obj);
                    z = true;
                } else if (obj instanceof Collection) {
                    sb.append("<ul>");
                    for (String str4 : (Collection) obj) {
                        sb.append("<li>");
                        sb.append(str4);
                        sb.append("</li>");
                    }
                    sb.append("</ul>");
                    z = false;
                }
            }
            sb.append("</div>");
        }

        private void ok(StringBuilder sb, String str, String str2, Object... objArr) {
            rsp(sb, "validation-ok", str, str2, objArr);
        }

        private void warning(StringBuilder sb, String str, String str2, Object... objArr) {
            rsp(sb, "warning", str, str2, objArr);
        }

        private void error(StringBuilder sb, String str, String str2, Object... objArr) {
            rsp(sb, "error", str, str2, objArr);
        }

        public FormValidation validate(LDAPSecurityRealm lDAPSecurityRealm, String str, String str2) {
            Throwable th;
            Object obj;
            Object obj2;
            Object obj3;
            Object obj4;
            Object obj5;
            Object obj6;
            Object obj7;
            Object obj8;
            LDAPConfiguration.LDAPConfigurationDescriptor lDAPConfigurationDescriptor = (LDAPConfiguration.LDAPConfigurationDescriptor) Jenkins.getActiveInstance().getDescriptorByType(LDAPConfiguration.LDAPConfigurationDescriptor.class);
            for (LDAPConfiguration lDAPConfiguration : lDAPSecurityRealm.getConfigurations()) {
                FormValidation doCheckServer = lDAPConfigurationDescriptor.doCheckServer(lDAPConfiguration.getServerUrl(), lDAPConfiguration.getManagerDN(), lDAPConfiguration.getManagerPasswordSecret(), lDAPConfiguration.getRootDN());
                if (doCheckServer.kind != FormValidation.Kind.OK) {
                    return doCheckServer;
                }
            }
            StringBuilder sb = new StringBuilder(1024);
            sb.append("<div>").append(Messages.LDAPSecurityRealm_LoginHeader()).append("</div>");
            boolean z = false;
            boolean z2 = false;
            LdapUserDetails ldapUserDetails = null;
            try {
                ldapUserDetails = (LdapUserDetails) lDAPSecurityRealm.getSecurityComponents().manager2.authenticate(new UsernamePasswordAuthenticationToken(LDAPSecurityRealm.fixUsername(str), str2)).getPrincipal();
                ok(sb, "authentication", Messages.LDAPSecurityRealm_AuthenticationSuccessful(), new Object[0]);
            } catch (AuthenticationException e) {
                if (StringUtils.isBlank(str2)) {
                    warning(sb, "authentication", Messages.LDAPSecurityRealm_AuthenticationFailedEmptyPass(str), new Object[0]);
                } else {
                    error(sb, "authentication", Messages.LDAPSecurityRealm_AuthenticationFailed(str), new Object[0]);
                    z = true;
                    z2 = true;
                }
            }
            HashSet hashSet = new HashSet();
            if (ldapUserDetails != null) {
                ok(sb, "authentication-username", Messages.LDAPSecurityRealm_UserId(Util.escape(ldapUserDetails.getUsername())), new Object[0]);
                ok(sb, "authentication-dn", Messages.LDAPSecurityRealm_UserDn(Util.escape(ldapUserDetails.getDn())), new Object[0]);
                LDAPConfiguration configurationFor = lDAPSecurityRealm.getConfigurationFor(ldapUserDetails);
                if (!$assertionsDisabled && configurationFor == null) {
                    throw new AssertionError();
                }
                if (lDAPSecurityRealm.hasMultiConfiguration()) {
                    ok(sb, "authentication-configuration", Messages.LDAPSecurityRealm_UserConfiguration(Util.escape(configurationFor.getServer())), new Object[0]);
                }
                validateDisplayName(configurationFor, sb, ldapUserDetails, "authentication-displayname");
                if (!lDAPSecurityRealm.disableMailAddressResolver) {
                    validateEmailAddress(configurationFor, sb, ldapUserDetails, "authentication-email");
                }
                Iterator it = ldapUserDetails.getAuthorities().iterator();
                while (it.hasNext()) {
                    hashSet.add(((GrantedAuthority) it.next()).getAuthority());
                }
                if (ldapUserDetails.getAuthorities().size() < 1) {
                    error(sb, "authentication-groups", Messages.LDAPSecurityRealm_NoGroupMembership(), new Object[0]);
                } else if (ldapUserDetails.getAuthorities().size() == 1) {
                    warning(sb, "authentication-groups", Messages.LDAPSecurityRealm_BasicGroupMembership(), Messages.LDAPSecurityRealm_BasicGroupMembershipDetail());
                } else {
                    ArrayList arrayList = new ArrayList();
                    for (GrantedAuthority grantedAuthority : ldapUserDetails.getAuthorities()) {
                        if (!SecurityRealm.AUTHENTICATED_AUTHORITY2.equals(grantedAuthority)) {
                            arrayList.add("<code>" + Util.escape(grantedAuthority.getAuthority()) + "</code>");
                        }
                    }
                    ok(sb, "authentication-groups", Messages.LDAPSecurityRealm_GroupMembership(), arrayList);
                }
            }
            sb.append("<div>").append(Messages.LDAPSecurityRealm_LookupHeader()).append("</div>");
            LdapUserDetails ldapUserDetails2 = null;
            try {
                ldapUserDetails2 = lDAPSecurityRealm.getSecurityComponents().userDetails2.loadUserByUsername(LDAPSecurityRealm.fixUsername(str));
                ok(sb, "lookup", Messages.LDAPSecurityRealm_UserLookupSuccessful(), new Object[0]);
            } catch (UsernameNotFoundException e2) {
                String str3 = ldapUserDetails == null ? "warning" : "error";
                String LDAPSecurityRealm_UserLookupDoesNotExist = Messages.LDAPSecurityRealm_UserLookupDoesNotExist(str);
                Object[] objArr = new Object[2];
                objArr[0] = isAnyManagerBlank(lDAPSecurityRealm) ? Messages.LDAPSecurityRealm_UserLookupManagerDnRequired() : Messages.LDAPSecurityRealm_UserLookupManagerDnPermissions();
                objArr[1] = Messages.LDAPSecurityRealm_UserLookupSettingsCorrect();
                rsp(sb, str3, "lookup", LDAPSecurityRealm_UserLookupDoesNotExist, objArr);
            } catch (UserMayOrMayNotExistException2 e3) {
                String str4 = ldapUserDetails == null ? "warning" : "error";
                String LDAPSecurityRealm_UserLookupInconclusive = Messages.LDAPSecurityRealm_UserLookupInconclusive(str);
                Object[] objArr2 = new Object[1];
                objArr2[0] = isAnyManagerBlank(lDAPSecurityRealm) ? Messages.LDAPSecurityRealm_UserLookupManagerDnRequired() : Messages.LDAPSecurityRealm_UserLookupManagerDnPermissions();
                rsp(sb, str4, "lookup", LDAPSecurityRealm_UserLookupInconclusive, objArr2);
            } catch (AuthenticationException e4) {
                Throwable cause = e4.getCause();
                while (true) {
                    th = cause;
                    if (th == null || (th instanceof BadCredentialsException)) {
                        break;
                    }
                    cause = th.getCause();
                }
                if (th != null) {
                    String LDAPSecurityRealm_UserLookupBadCredentials = Messages.LDAPSecurityRealm_UserLookupBadCredentials();
                    Object[] objArr3 = new Object[1];
                    objArr3[0] = isAnyManagerBlank(lDAPSecurityRealm) ? Messages.LDAPSecurityRealm_UserLookupManagerDnCorrect() : Messages.LDAPSecurityRealm_UserLookupManagerDnPermissions();
                    error(sb, "lookup", LDAPSecurityRealm_UserLookupBadCredentials, objArr3);
                    z = true;
                } else {
                    error(sb, "lookup", Messages.LDAPSecurityRealm_UserLookupFailed(str), Util.escape(e4.getLocalizedMessage()));
                    z = true;
                }
            }
            if (ldapUserDetails == null && ldapUserDetails2 != null) {
                ok(sb, "lookup-username", Messages.LDAPSecurityRealm_UserId(Util.escape(ldapUserDetails2.getUsername())), new Object[0]);
                ok(sb, "lookup-dn", Messages.LDAPSecurityRealm_UserDn(Util.escape(ldapUserDetails2.getDn())), new Object[0]);
                LDAPConfiguration configurationFor2 = lDAPSecurityRealm.getConfigurationFor(ldapUserDetails2);
                if (!$assertionsDisabled && configurationFor2 == null) {
                    throw new AssertionError();
                }
                if (lDAPSecurityRealm.hasMultiConfiguration()) {
                    ok(sb, "lookup-configuration", Messages.LDAPSecurityRealm_UserConfiguration(Util.escape(configurationFor2.getServer())), new Object[0]);
                }
                validateDisplayName(configurationFor2, sb, ldapUserDetails2, "lookup-displayname");
                if (!lDAPSecurityRealm.disableMailAddressResolver) {
                    validateEmailAddress(configurationFor2, sb, ldapUserDetails2, "lookup-email");
                }
            }
            HashSet hashSet2 = new HashSet();
            if (ldapUserDetails2 != null) {
                Iterator it2 = ldapUserDetails2.getAuthorities().iterator();
                while (it2.hasNext()) {
                    hashSet2.add(((GrantedAuthority) it2.next()).getAuthority());
                }
                if (ldapUserDetails == null || !hashSet.equals(hashSet2)) {
                    if (ldapUserDetails2.getAuthorities().size() < 1) {
                        error(sb, "lookup-groups", Messages.LDAPSecurityRealm_NoGroupMembership(), new Object[0]);
                    } else if (ldapUserDetails2.getAuthorities().size() == 1) {
                        warning(sb, "lookup-groups", Messages.LDAPSecurityRealm_BasicGroupMembership(), Messages.LDAPSecurityRealm_BasicGroupMembershipDetail());
                    } else {
                        ArrayList arrayList2 = new ArrayList();
                        for (GrantedAuthority grantedAuthority2 : ldapUserDetails2.getAuthorities()) {
                            if (!SecurityRealm.AUTHENTICATED_AUTHORITY2.equals(grantedAuthority2)) {
                                arrayList2.add("<code>" + Util.escape(grantedAuthority2.getAuthority()) + "</code>");
                            }
                        }
                        ok(sb, "lookup-groups", Messages.LDAPSecurityRealm_GroupMembership(), arrayList2);
                    }
                }
            }
            if (ldapUserDetails != null && ldapUserDetails2 != null) {
                LDAPConfiguration configurationFor3 = lDAPSecurityRealm.getConfigurationFor(ldapUserDetails);
                LDAPConfiguration configurationFor4 = lDAPSecurityRealm.getConfigurationFor(ldapUserDetails2);
                if (!$assertionsDisabled && configurationFor3 != configurationFor4) {
                    throw new AssertionError("The lookup user details and login user details are not from the same server configuration");
                }
                if (!StringUtils.equals(ldapUserDetails.getUsername(), ldapUserDetails2.getUsername())) {
                    error(sb, "consistency-username", Messages.LDAPSecurityRealm_UsernameMismatch(ldapUserDetails.getUsername(), ldapUserDetails2.getUsername()), new Object[0]);
                    z = true;
                }
                try {
                    LdapName ldapName = new LdapName(ldapUserDetails.getDn());
                    if (!ldapName.equals(new LdapName(ldapUserDetails2.getDn()))) {
                        error(sb, "consistency-dn", Messages.LDAPSecurityRealm_DnMismatch(ldapName, ldapName), new Object[0]);
                        z = true;
                    }
                } catch (InvalidNameException e5) {
                    error(sb, "consistency-dn-parse", Messages.LDAPSecurityRealm_DnParse(e5.getMessage()), new Object[0]);
                    z = true;
                }
                Attributes attributes = DelegatedLdapUserDetails.getAttributes(ldapUserDetails, null);
                Attributes attributes2 = DelegatedLdapUserDetails.getAttributes(ldapUserDetails2, null);
                if (StringUtils.isNotBlank(configurationFor3.getDisplayNameAttributeName())) {
                    Attribute attribute = attributes.get(configurationFor3.getDisplayNameAttributeName());
                    if (attribute == null) {
                        obj8 = null;
                    } else {
                        try {
                            obj8 = attribute.get();
                        } catch (NamingException e6) {
                            obj5 = e6.getClass();
                        }
                    }
                    obj5 = obj8;
                    Attribute attribute2 = attributes2.get(configurationFor4.getDisplayNameAttributeName());
                    if (attribute2 == null) {
                        obj7 = null;
                    } else {
                        try {
                            obj7 = attribute2.get();
                        } catch (NamingException e7) {
                            obj6 = e7.getClass();
                        }
                    }
                    obj6 = obj7;
                    if (obj5 != null ? !obj5.equals(obj6) : obj6 != null) {
                        error(sb, "consistency-displayname", Messages.LDAPSecurityRealm_DisplayNameMismatch(obj5, obj6), new Object[0]);
                        z = true;
                    }
                }
                if (!lDAPSecurityRealm.disableMailAddressResolver && StringUtils.isNotBlank(configurationFor3.getMailAddressAttributeName())) {
                    Attribute attribute3 = attributes.get(configurationFor3.getMailAddressAttributeName());
                    if (attribute3 == null) {
                        obj4 = null;
                    } else {
                        try {
                            obj4 = attribute3.get();
                        } catch (NamingException e8) {
                            obj = e8.getClass();
                        }
                    }
                    obj = obj4;
                    Attribute attribute4 = attributes2.get(configurationFor4.getMailAddressAttributeName());
                    if (attribute4 == null) {
                        obj3 = null;
                    } else {
                        try {
                            obj3 = attribute4.get();
                        } catch (NamingException e9) {
                            obj2 = e9.getClass();
                        }
                    }
                    obj2 = obj3;
                    if (obj != null ? !obj.equals(obj2) : obj2 != null) {
                        error(sb, "consistency-email", Messages.LDAPSecurityRealm_EmailAddressMismatch(obj, obj2), new Object[0]);
                        z = true;
                    }
                }
                if (hashSet.equals(hashSet2)) {
                    ok(sb, "consistency", Messages.LDAPSecurityRealm_GroupMembershipMatch(), new Object[0]);
                } else {
                    error(sb, "consistency", Messages.LDAPSecurityRealm_GroupMembershipMismatch(), new Object[0]);
                    z = true;
                }
            }
            HashSet<String> hashSet3 = new HashSet(hashSet);
            TreeSet treeSet = new TreeSet();
            hashSet3.addAll(hashSet2);
            hashSet3.remove(SecurityRealm.AUTHENTICATED_AUTHORITY2.getAuthority());
            for (String str5 : hashSet3) {
                try {
                    lDAPSecurityRealm.loadGroupByGroupname2(str5, false);
                } catch (UsernameNotFoundException e10) {
                    treeSet.add(str5);
                }
            }
            if (hashSet3.isEmpty()) {
                warning(sb, "resolve-groups", Messages.LDAPSecurityRealm_GroupLookupNotPossible(), Messages.LDAPSecurityRealm_GroupLookupNotPossibleDetail());
            } else if (treeSet.isEmpty()) {
                ok(sb, "resolve-groups", Messages.LDAPSecurityRealm_GroupLookupSuccessful(Integer.valueOf(hashSet3.size())), new Object[0]);
            } else {
                ArrayList arrayList3 = new ArrayList(treeSet.size());
                Iterator it3 = treeSet.iterator();
                while (it3.hasNext()) {
                    arrayList3.add("<code>" + Util.escape((String) it3.next()) + "</code>");
                }
                String LDAPSecurityRealm_GroupLookupFailed = Messages.LDAPSecurityRealm_GroupLookupFailed(Integer.valueOf(treeSet.size()));
                Object[] objArr4 = new Object[3];
                objArr4[0] = arrayList3;
                objArr4[1] = isAnyManagerBlank(lDAPSecurityRealm) ? Messages.LDAPSecurityRealm_GroupLookupManagerDnRequired() : Messages.LDAPSecurityRealm_GroupLookupManagerDnPermissions();
                objArr4[2] = Messages.LDAPSecurityRealm_GroupLookupSettingsCorrect();
                warning(sb, "resolve-groups", LDAPSecurityRealm_GroupLookupFailed, objArr4);
            }
            if (z) {
                sb.append("<div>").append(Messages.LDAPSecurityRealm_LockoutHeader()).append("</div>");
                error(sb, "lockout", z2 ? Messages.LDAPSecurityRealm_PotentialLockout(str) : Messages.LDAPSecurityRealm_PotentialLockout2(str), new Object[0]);
            }
            return FormValidation.okWithMarkup(sb.toString());
        }

        private boolean isAnyManagerBlank(LDAPSecurityRealm lDAPSecurityRealm) {
            Iterator<LDAPConfiguration> it = lDAPSecurityRealm.getConfigurations().iterator();
            while (it.hasNext()) {
                if (StringUtils.isBlank(it.next().getManagerDN())) {
                    return true;
                }
            }
            return false;
        }

        private void validateEmailAddress(LDAPConfiguration lDAPConfiguration, StringBuilder sb, LdapUserDetails ldapUserDetails, String str) {
            Attributes attributes = DelegatedLdapUserDetails.getAttributes(ldapUserDetails, null);
            Attribute attribute = attributes.get(lDAPConfiguration.getMailAddressAttributeName());
            if (attribute == null) {
                ArrayList arrayList = new ArrayList();
                Iterator it = Collections.list(attributes.getAll()).iterator();
                while (it.hasNext()) {
                    arrayList.add("<code>" + Util.escape(((Attribute) it.next()).getID()) + "</code>");
                }
                warning(sb, str, Messages.LDAPSecurityRealm_NoEmailAddress(), Messages.LDAPSecurityRealm_IsAttributeNameCorrect(Util.escape(lDAPConfiguration.getMailAddressAttributeName())), Messages.LDAPSecurityRealm_AvailableAttributes(), arrayList);
                return;
            }
            try {
                String str2 = (String) attribute.get();
                if (StringUtils.isNotBlank(str2)) {
                    ok(sb, str, Messages.LDAPSecurityRealm_UserEmail(Util.escape(str2)), new Object[0]);
                } else {
                    ArrayList arrayList2 = new ArrayList();
                    Iterator it2 = Collections.list(attributes.getAll()).iterator();
                    while (it2.hasNext()) {
                        arrayList2.add("<code>" + Util.escape(((Attribute) it2.next()).getID()) + "</code>");
                    }
                    warning(sb, str, Messages.LDAPSecurityRealm_EmptyEmailAddress(), Messages.LDAPSecurityRealm_IsAttributeNameCorrect(Util.escape(lDAPConfiguration.getMailAddressAttributeName())), Messages.LDAPSecurityRealm_AvailableAttributes(), arrayList2);
                }
            } catch (NamingException e) {
                ArrayList arrayList3 = new ArrayList();
                Iterator it3 = Collections.list(attributes.getAll()).iterator();
                while (it3.hasNext()) {
                    arrayList3.add("<code>" + Util.escape(((Attribute) it3.next()).getID()) + "</code>");
                }
                error(sb, str, Messages.LDAPSecurityRealm_CouldNotRetrieveEmailAddress(), Messages.LDAPSecurityRealm_IsAttributeNameCorrect(Util.escape(lDAPConfiguration.getMailAddressAttributeName())), Messages.LDAPSecurityRealm_AvailableAttributes(), arrayList3);
            }
        }

        private void validateDisplayName(LDAPConfiguration lDAPConfiguration, StringBuilder sb, LdapUserDetails ldapUserDetails, String str) {
            Attributes attributes = DelegatedLdapUserDetails.getAttributes(ldapUserDetails, null);
            Attribute attribute = attributes.get(lDAPConfiguration.getDisplayNameAttributeName());
            if (attribute == null) {
                ArrayList arrayList = new ArrayList();
                Iterator it = Collections.list(attributes.getAll()).iterator();
                while (it.hasNext()) {
                    arrayList.add("<code>" + Util.escape(((Attribute) it.next()).getID()) + "</code>");
                }
                warning(sb, str, Messages.LDAPSecurityRealm_NoDisplayName(), Messages.LDAPSecurityRealm_IsAttributeNameCorrect(Util.escape(lDAPConfiguration.getDisplayNameAttributeName())), Messages.LDAPSecurityRealm_AvailableAttributes(), arrayList);
                return;
            }
            try {
                String str2 = (String) attribute.get();
                if (str2 != null) {
                    ok(sb, str, Messages.LDAPSecurityRealm_UserDisplayName(Util.escape(str2)), new Object[0]);
                } else {
                    ArrayList arrayList2 = new ArrayList();
                    Iterator it2 = Collections.list(attributes.getAll()).iterator();
                    while (it2.hasNext()) {
                        arrayList2.add("<code>" + Util.escape(((Attribute) it2.next()).getID()) + "</code>");
                    }
                    warning(sb, str, Messages.LDAPSecurityRealm_EmptyDisplayName(), Messages.LDAPSecurityRealm_IsAttributeNameCorrect(Util.escape(lDAPConfiguration.getDisplayNameAttributeName())), Messages.LDAPSecurityRealm_AvailableAttributes(), arrayList2);
                }
            } catch (NamingException e) {
                ArrayList arrayList3 = new ArrayList();
                Iterator it3 = Collections.list(attributes.getAll()).iterator();
                while (it3.hasNext()) {
                    arrayList3.add("<code>" + Util.escape(((Attribute) it3.next()).getID()) + "</code>");
                }
                error(sb, str, Messages.LDAPSecurityRealm_CouldNotRetrieveDisplayName(), Messages.LDAPSecurityRealm_IsAttributeNameCorrect(Util.escape(lDAPConfiguration.getDisplayNameAttributeName())), Messages.LDAPSecurityRealm_AvailableAttributes(), arrayList3);
            }
        }

        static {
            $assertionsDisabled = !LDAPSecurityRealm.class.desiredAssertionStatus();
        }
    }

    /* loaded from: input_file:hudson/security/LDAPSecurityRealm$EnvironmentProperty.class */
    public static class EnvironmentProperty extends AbstractDescribableImpl<EnvironmentProperty> implements Serializable {
        private final String name;
        private final String value;

        @Extension
        /* loaded from: input_file:hudson/security/LDAPSecurityRealm$EnvironmentProperty$DescriptorImpl.class */
        public static class DescriptorImpl extends Descriptor<EnvironmentProperty> {
            public String getDisplayName() {
                return "";
            }
        }

        @DataBoundConstructor
        public EnvironmentProperty(String str, String str2) {
            this.name = str;
            this.value = str2;
        }

        public String getName() {
            return this.name;
        }

        public String getValue() {
            return this.value;
        }

        public static Map<String, String> toMap(List<EnvironmentProperty> list) {
            if (list == null) {
                return null;
            }
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            for (EnvironmentProperty environmentProperty : list) {
                linkedHashMap.put(environmentProperty.getName(), environmentProperty.getValue());
            }
            return linkedHashMap;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:hudson/security/LDAPSecurityRealm$GroupDetailsImpl.class */
    public static class GroupDetailsImpl extends GroupDetails {
        private final String dn;
        private final String name;
        private final Set<String> members;

        public GroupDetailsImpl(String str, String str2) {
            this(str, str2, null);
        }

        public GroupDetailsImpl(String str, String str2, Set<String> set) {
            this.dn = str;
            this.name = str2;
            this.members = set;
        }

        public String getDn() {
            return this.dn;
        }

        public String getName() {
            return this.name;
        }

        public Set<String> getMembers() {
            return this.members;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:hudson/security/LDAPSecurityRealm$GroupDetailsMapper.class */
    public static class GroupDetailsMapper implements LdapEntryMapper<GroupDetailsImpl> {
        private GroupDetailsMapper() {
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // jenkins.security.plugins.ldap.LdapEntryMapper
        public GroupDetailsImpl mapAttributes(String str, Attributes attributes) throws NamingException {
            return new GroupDetailsImpl(str, LDAPSecurityRealm.fixGroupname(extractGroupName(new LdapName(str), attributes)));
        }

        static String extractGroupName(LdapName ldapName, Attributes attributes) throws NamingException {
            boolean z = false;
            String valueOf = String.valueOf(ldapName.getRdn(ldapName.size() - 1).getValue());
            Attribute attribute = attributes.get("cn");
            if (attribute != null) {
                NamingEnumeration all = attribute.getAll();
                while (all.hasMore() && !z) {
                    valueOf = all.next().toString();
                    z = true;
                    if (all.hasMore()) {
                        LDAPSecurityRealm.LOGGER.log(Level.FINE, "The group " + ldapName.getRdns() + " has more than one cn value. The first one  (" + valueOf + ") has been assigned as external group name");
                    }
                }
            } else {
                LDAPSecurityRealm.LOGGER.log(Level.SEVERE, "The group {0} has not defined a cn attribute. The last value from the dn ({1}) has been assigned as external group name", new Object[]{ldapName.getRdns(), valueOf});
            }
            return valueOf;
        }
    }

    /* loaded from: input_file:hudson/security/LDAPSecurityRealm$LDAPAuthenticationManager.class */
    private class LDAPAuthenticationManager implements AuthenticationManager {
        private final List<ManagerEntry> delegates;
        private final DelegateLDAPUserDetailsService detailsService;

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:hudson/security/LDAPSecurityRealm$LDAPAuthenticationManager$ManagerEntry.class */
        public class ManagerEntry {
            final AuthenticationManager delegate;
            final String configurationId;
            final LdapUserSearch ldapUserSearch;

            ManagerEntry(AuthenticationManager authenticationManager, String str, LdapUserSearch ldapUserSearch) {
                this.delegate = authenticationManager;
                this.configurationId = str;
                this.ldapUserSearch = ldapUserSearch;
            }
        }

        private LDAPAuthenticationManager(DelegateLDAPUserDetailsService delegateLDAPUserDetailsService) {
            this.delegates = new ArrayList();
            this.detailsService = delegateLDAPUserDetailsService;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void addDelegate(AuthenticationManager authenticationManager, String str, LdapUserSearch ldapUserSearch) {
            this.delegates.add(new ManagerEntry(authenticationManager, str, ldapUserSearch));
        }

        public Authentication authenticate(Authentication authentication) throws AuthenticationException {
            SetContextClassLoader setContextClassLoader = new SetContextClassLoader();
            try {
                BadCredentialsException badCredentialsException = null;
                for (ManagerEntry managerEntry : this.delegates) {
                    try {
                        Authentication authenticate = managerEntry.delegate.authenticate(authentication);
                        Object principal = authenticate.getPrincipal();
                        if ((principal instanceof LdapUserDetails) && !(principal instanceof DelegatedLdapUserDetails)) {
                            principal = new DelegatedLdapUserDetails((LdapUserDetails) principal, managerEntry.configurationId, null);
                        }
                        SecurityListener.fireAuthenticated2((UserDetails) principal);
                        Authentication updateUserDetails = LDAPSecurityRealm.this.updateUserDetails(new DelegatedLdapAuthentication(authenticate, principal, managerEntry.configurationId), managerEntry.ldapUserSearch);
                        setContextClassLoader.close();
                        return updateUserDetails;
                    } catch (BadCredentialsException e) {
                        if (this.detailsService == null || this.delegates.size() <= 1) {
                            badCredentialsException = e;
                        } else {
                            try {
                                if (this.detailsService.loadUserByUsername(managerEntry.configurationId, String.valueOf(authentication.getPrincipal())) != null) {
                                    throw e;
                                    break;
                                }
                            } catch (AuthenticationException e2) {
                                LDAPSecurityRealm.throwUnlessConfigIsIgnorable(e2, LDAPSecurityRealm.this.getConfigurationFor(managerEntry.configurationId));
                                badCredentialsException = e;
                            } catch (UsernameNotFoundException e3) {
                                badCredentialsException = e;
                            }
                        }
                    } catch (AuthenticationServiceException e4) {
                        LDAPSecurityRealm.throwUnlessConfigIsIgnorable(e4, LDAPSecurityRealm.this.getConfigurationFor(managerEntry.configurationId));
                        badCredentialsException = e4;
                    }
                }
                if (badCredentialsException != null) {
                    throw badCredentialsException;
                }
                throw new UserMayOrMayNotExistException2("No ldap server configuration");
            } catch (Throwable th) {
                try {
                    setContextClassLoader.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        }
    }

    /* loaded from: input_file:hudson/security/LDAPSecurityRealm$LDAPUserDetailsService.class */
    public static class LDAPUserDetailsService implements UserDetailsService {
        public final LdapUserSearch ldapSearch;
        public final LdapAuthoritiesPopulator authoritiesPopulator;
        public final LDAPGroupMembershipStrategy groupMembershipStrategy;
        public final String configurationId;
        private final LRUMap attributesCache = new LRUMap(32);

        LDAPUserDetailsService(LdapUserSearch ldapUserSearch, LdapAuthoritiesPopulator ldapAuthoritiesPopulator, LDAPGroupMembershipStrategy lDAPGroupMembershipStrategy, String str) {
            this.ldapSearch = ldapUserSearch;
            this.authoritiesPopulator = ldapAuthoritiesPopulator;
            this.groupMembershipStrategy = lDAPGroupMembershipStrategy;
            this.configurationId = str;
        }

        /* renamed from: loadUserByUsername, reason: merged with bridge method [inline-methods] */
        public DelegatedLdapUserDetails m5loadUserByUsername(String str) throws UsernameNotFoundException {
            CacheEntry cacheEntry;
            String fixUsername = LDAPSecurityRealm.fixUsername(str);
            try {
                SetContextClassLoader setContextClassLoader = new SetContextClassLoader();
                try {
                    LDAPSecurityRealm securityRealm = Jenkins.get().getSecurityRealm();
                    if ((securityRealm instanceof LDAPSecurityRealm) && (securityRealm.getSecurityComponents().userDetails2 == this || ((securityRealm.getSecurityComponents().userDetails2 instanceof DelegateLDAPUserDetailsService) && ((DelegateLDAPUserDetailsService) securityRealm.getSecurityComponents().userDetails2).contains(this)))) {
                        LDAPSecurityRealm lDAPSecurityRealm = securityRealm;
                        if (lDAPSecurityRealm.cache != null) {
                            synchronized (lDAPSecurityRealm) {
                                cacheEntry = lDAPSecurityRealm.userDetailsCache != null ? (CacheEntry) lDAPSecurityRealm.userDetailsCache.get(fixUsername) : null;
                            }
                            if (cacheEntry != null && cacheEntry.isValid()) {
                                DelegatedLdapUserDetails delegatedLdapUserDetails = (DelegatedLdapUserDetails) cacheEntry.getValue();
                                setContextClassLoader.close();
                                return delegatedLdapUserDetails;
                            }
                        }
                    }
                    DirContextOperations searchForUser = this.ldapSearch.searchForUser(fixUsername);
                    LdapUserDetailsImpl.Essence essence = new LdapUserDetailsImpl.Essence(searchForUser);
                    essence.setUsername(fixUsername);
                    essence.setDn(searchForUser.getNameInNamespace());
                    Attributes attributes = searchForUser.getAttributes();
                    synchronized (this.attributesCache) {
                        Attributes attributes2 = (Attributes) this.attributesCache.get(attributes);
                        if (attributes2 == null) {
                            this.attributesCache.put(attributes, attributes);
                        } else {
                            attributes = attributes2;
                        }
                    }
                    for (GrantedAuthority grantedAuthority : this.groupMembershipStrategy == null ? this.authoritiesPopulator.getGrantedAuthorities(searchForUser, fixUsername) : this.groupMembershipStrategy.getGrantedAuthorities(searchForUser, fixUsername)) {
                        if (LDAPSecurityRealm.FORCE_GROUPNAME_LOWERCASE) {
                            essence.addAuthority(new SimpleGrantedAuthority(grantedAuthority.getAuthority().toLowerCase()));
                        } else {
                            essence.addAuthority(grantedAuthority);
                        }
                    }
                    UserAttributesHelper.checkIfUserEnabled(fixUsername, attributes);
                    UserAttributesHelper.checkIfAccountNonExpired(fixUsername, attributes);
                    UserAttributesHelper.checkIfCredentialsNonExpired(fixUsername, attributes);
                    UserAttributesHelper.checkIfAccountNonLocked(fixUsername, attributes);
                    DelegatedLdapUserDetails delegatedLdapUserDetails2 = new DelegatedLdapUserDetails(essence.createUserDetails(), this.configurationId, attributes);
                    if ((securityRealm instanceof LDAPSecurityRealm) && (securityRealm.getSecurityComponents().userDetails2 == this || ((securityRealm.getSecurityComponents().userDetails2 instanceof DelegateLDAPUserDetailsService) && ((DelegateLDAPUserDetailsService) securityRealm.getSecurityComponents().userDetails2).contains(this)))) {
                        LDAPSecurityRealm lDAPSecurityRealm2 = securityRealm;
                        if (lDAPSecurityRealm2.cache != null) {
                            synchronized (lDAPSecurityRealm2) {
                                if (lDAPSecurityRealm2.userDetailsCache == null) {
                                    lDAPSecurityRealm2.userDetailsCache = new CacheMap(lDAPSecurityRealm2.cache.getSize());
                                }
                                lDAPSecurityRealm2.userDetailsCache.put(fixUsername, new CacheEntry(lDAPSecurityRealm2.cache.getTtl(), lDAPSecurityRealm2.updateUserDetails(delegatedLdapUserDetails2, this.ldapSearch)));
                            }
                        }
                    }
                    setContextClassLoader.close();
                    return delegatedLdapUserDetails2;
                } finally {
                }
            } catch (AuthenticationException e) {
                throw e;
            } catch (RuntimeException e2) {
                throw new AuthenticationServiceException("Failed to search LDAP for " + fixUsername, e2);
            }
        }
    }

    /* loaded from: input_file:hudson/security/LDAPSecurityRealm$LdapAuthenticationProviderImpl.class */
    public static final class LdapAuthenticationProviderImpl extends LdapAuthenticationProvider {
        public LdapAuthenticationProviderImpl(LdapAuthenticator ldapAuthenticator, LdapAuthoritiesPopulator ldapAuthoritiesPopulator, LDAPGroupMembershipStrategy lDAPGroupMembershipStrategy) {
            super(ldapAuthenticator, lDAPGroupMembershipStrategy != null ? new WrappedAuthoritiesPopulator(lDAPGroupMembershipStrategy, ldapAuthoritiesPopulator) : ldapAuthoritiesPopulator);
        }
    }

    /* loaded from: input_file:hudson/security/LDAPSecurityRealm$WrappedAuthoritiesPopulator.class */
    private static final class WrappedAuthoritiesPopulator implements LdapAuthoritiesPopulator {
        private final LDAPGroupMembershipStrategy strategy;
        private final LdapAuthoritiesPopulator populator;

        private WrappedAuthoritiesPopulator(LDAPGroupMembershipStrategy lDAPGroupMembershipStrategy, LdapAuthoritiesPopulator ldapAuthoritiesPopulator) {
            this.strategy = lDAPGroupMembershipStrategy;
            this.populator = ldapAuthoritiesPopulator;
            lDAPGroupMembershipStrategy.setAuthoritiesPopulator(ldapAuthoritiesPopulator);
        }

        public Collection<? extends GrantedAuthority> getGrantedAuthorities(DirContextOperations dirContextOperations, String str) {
            if (this.strategy.getAuthoritiesPopulator() != this.populator) {
                this.strategy.setAuthoritiesPopulator(this.populator);
            }
            return this.strategy.getGrantedAuthorities(dirContextOperations, str);
        }
    }

    @Deprecated
    public LDAPSecurityRealm(String str, String str2, String str3, String str4, String str5, String str6, String str7, boolean z) {
        this(str, str2, str3, str4, str5, str6, str7, z, false);
    }

    @Deprecated
    public LDAPSecurityRealm(String str, String str2, String str3, String str4, String str5, String str6, String str7, boolean z, boolean z2) {
        this(str, str2, str3, str4, str5, str6, str7, z, z2, null);
    }

    @Deprecated
    public LDAPSecurityRealm(String str, String str2, String str3, String str4, String str5, String str6, String str7, boolean z, boolean z2, CacheConfiguration cacheConfiguration) {
        this(str, str2, str3, str4, str5, null, null, str6, str7, z, z2, cacheConfiguration);
    }

    @Deprecated
    public LDAPSecurityRealm(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8, String str9, boolean z, boolean z2, CacheConfiguration cacheConfiguration) {
        this(str, str2, str3, str4, str5, str6, str7, str8, str9, z, z2, cacheConfiguration, null);
    }

    @Deprecated
    public LDAPSecurityRealm(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8, String str9, boolean z, boolean z2, CacheConfiguration cacheConfiguration, EnvironmentProperty[] environmentPropertyArr) {
        this(str, str2, str3, str4, str5, str6, str7, str8, str9, z, z2, cacheConfiguration, environmentPropertyArr, (String) null, (String) null);
    }

    @Deprecated
    public LDAPSecurityRealm(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8, String str9, boolean z, boolean z2, CacheConfiguration cacheConfiguration, EnvironmentProperty[] environmentPropertyArr, String str10, String str11) {
        this(str, str2, str3, str4, str5, str6, str7, str8, Secret.fromString(str9), z, z2, cacheConfiguration, environmentPropertyArr, (String) null, (String) null);
    }

    @Deprecated
    public LDAPSecurityRealm(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8, Secret secret, boolean z, boolean z2, CacheConfiguration cacheConfiguration, EnvironmentProperty[] environmentPropertyArr, String str9, String str10) {
        this(str, str2, str3, str4, str5, str6, new FromGroupSearchLDAPGroupMembershipStrategy(str7), str8, secret, z, z2, cacheConfiguration, environmentPropertyArr, str9, str10);
    }

    @Deprecated
    public LDAPSecurityRealm(String str, String str2, String str3, String str4, String str5, String str6, LDAPGroupMembershipStrategy lDAPGroupMembershipStrategy, String str7, Secret secret, boolean z, boolean z2, CacheConfiguration cacheConfiguration, EnvironmentProperty[] environmentPropertyArr, String str8, String str9) {
        this(str, str2, str3, str4, str5, str6, lDAPGroupMembershipStrategy, str7, secret, z, z2, cacheConfiguration, environmentPropertyArr, str8, str9, IdStrategy.CASE_INSENSITIVE, IdStrategy.CASE_INSENSITIVE);
    }

    @Deprecated
    public LDAPSecurityRealm(String str, String str2, String str3, String str4, String str5, String str6, LDAPGroupMembershipStrategy lDAPGroupMembershipStrategy, String str7, Secret secret, boolean z, boolean z2, CacheConfiguration cacheConfiguration, EnvironmentProperty[] environmentPropertyArr, String str8, String str9, IdStrategy idStrategy, IdStrategy idStrategy2) {
        this(createLdapConfiguration(str, str2, str3, str4, str5, str6, lDAPGroupMembershipStrategy, str7, secret, z, environmentPropertyArr, str8, str9), z2, cacheConfiguration, idStrategy, idStrategy2);
    }

    @DataBoundConstructor
    public LDAPSecurityRealm(List<LDAPConfiguration> list, boolean z, CacheConfiguration cacheConfiguration, IdStrategy idStrategy, IdStrategy idStrategy2) {
        this.userDetailsCache = null;
        this.groupDetailsCache = null;
        if (list == null || list.isEmpty()) {
            throw new IllegalArgumentException(Messages.LDAPSecurityRealm_AtLeastOne());
        }
        if (list.size() > 1 && (!Main.isUnitTest || !Boolean.getBoolean(LDAPSecurityRealm.class.getName() + "do a bad thing during testing"))) {
            for (int i = 0; i < list.size(); i++) {
                LDAPConfiguration lDAPConfiguration = list.get(i);
                for (int i2 = i + 1; i2 < list.size(); i2++) {
                    if (lDAPConfiguration.isConfiguration(list.get(i2).getId())) {
                        throw new IllegalArgumentException(Messages.LDAPSecurityRealm_NotSameServer());
                    }
                }
            }
        }
        this.configurations = list;
        this.disableMailAddressResolver = z;
        this.cache = cacheConfiguration;
        this.userIdStrategy = idStrategy;
        this.groupIdStrategy = idStrategy2;
    }

    private static List<LDAPConfiguration> createLdapConfiguration(String str, String str2, String str3, String str4, String str5, String str6, LDAPGroupMembershipStrategy lDAPGroupMembershipStrategy, String str7, Secret secret, boolean z, EnvironmentProperty[] environmentPropertyArr, String str8, String str9) {
        LDAPConfiguration lDAPConfiguration = new LDAPConfiguration(str, str2, z, str7, secret);
        lDAPConfiguration.setUserSearchBase(str3);
        lDAPConfiguration.setUserSearch(str4);
        lDAPConfiguration.setGroupSearchBase(str5);
        lDAPConfiguration.setGroupSearchFilter(str6);
        lDAPConfiguration.setGroupMembershipStrategy(lDAPGroupMembershipStrategy);
        lDAPConfiguration.setEnvironmentProperties(environmentPropertyArr);
        lDAPConfiguration.setDisplayNameAttributeName(str8);
        lDAPConfiguration.setMailAddressAttributeName(str9);
        return Collections.singletonList(lDAPConfiguration);
    }

    public List<LDAPConfiguration> getConfigurations() {
        return this.configurations;
    }

    private boolean hasConfiguration() {
        return (this.configurations == null || this.configurations.isEmpty()) ? false : true;
    }

    public boolean isDisableRolePrefixing() {
        return this.disableRolePrefixing;
    }

    @DataBoundSetter
    public void setDisableRolePrefixing(boolean z) {
        this.disableRolePrefixing = z;
    }

    private Object readResolve() {
        if (this.managerPassword != null) {
            this.managerPasswordSecret = Secret.fromString(Scrambler.descramble(this.managerPassword));
            this.managerPassword = null;
        }
        if (this.server != null) {
            LDAPConfiguration lDAPConfiguration = new LDAPConfiguration(this.server, this.rootDN, this.inhibitInferRootDN, this.managerDN, this.managerPasswordSecret);
            this.server = null;
            this.rootDN = null;
            this.managerDN = null;
            this.managerPasswordSecret = null;
            lDAPConfiguration.setMailAddressAttributeName(this.mailAddressAttributeName);
            this.mailAddressAttributeName = null;
            lDAPConfiguration.setDisplayNameAttributeName(this.displayNameAttributeName);
            this.displayNameAttributeName = null;
            lDAPConfiguration.setExtraEnvVars(this.extraEnvVars);
            this.extraEnvVars = null;
            if (this.groupMembershipStrategy == null) {
                lDAPConfiguration.setGroupMembershipStrategy(new FromGroupSearchLDAPGroupMembershipStrategy(this.groupMembershipFilter));
                this.groupMembershipFilter = null;
            } else {
                lDAPConfiguration.setGroupMembershipStrategy(this.groupMembershipStrategy);
                this.groupMembershipStrategy = null;
            }
            lDAPConfiguration.setGroupSearchBase(this.groupSearchBase);
            this.groupSearchBase = null;
            lDAPConfiguration.setGroupSearchFilter(this.groupSearchFilter);
            this.groupSearchFilter = null;
            lDAPConfiguration.setUserSearch(this.userSearch);
            this.userSearch = null;
            lDAPConfiguration.setUserSearchBase(this.userSearchBase);
            this.userSearchBase = null;
            this.configurations = new ArrayList();
            this.configurations.add(lDAPConfiguration);
        }
        return this;
    }

    @Restricted({DoNotUse.class})
    @Deprecated
    public String getServerUrl() {
        if (hasConfiguration()) {
            return this.configurations.get(0).getServerUrl();
        }
        return null;
    }

    public IdStrategy getUserIdStrategy() {
        return this.userIdStrategy == null ? IdStrategy.CASE_INSENSITIVE : this.userIdStrategy;
    }

    public IdStrategy getGroupIdStrategy() {
        return this.groupIdStrategy == null ? IdStrategy.CASE_INSENSITIVE : this.groupIdStrategy;
    }

    public CacheConfiguration getCache() {
        return this.cache;
    }

    public Integer getCacheSize() {
        if (this.cache == null) {
            return null;
        }
        return Integer.valueOf(this.cache.getSize());
    }

    public Integer getCacheTTL() {
        if (this.cache == null) {
            return null;
        }
        return Integer.valueOf(this.cache.getTtl());
    }

    @Restricted({DoNotUse.class})
    @Deprecated
    public String getGroupMembershipFilter() {
        if (hasConfiguration()) {
            return this.configurations.get(0).getGroupSearchFilter();
        }
        return null;
    }

    @Restricted({DoNotUse.class})
    @Deprecated
    public LDAPGroupMembershipStrategy getGroupMembershipStrategy() {
        if (hasConfiguration()) {
            return this.configurations.get(0).getGroupMembershipStrategy();
        }
        return null;
    }

    @Restricted({DoNotUse.class})
    @Deprecated
    public String getGroupSearchFilter() {
        if (hasConfiguration()) {
            return this.configurations.get(0).getGroupSearchFilter();
        }
        return null;
    }

    @Restricted({DoNotUse.class})
    @Deprecated
    public Map<String, String> getExtraEnvVars() {
        return hasConfiguration() ? this.configurations.get(0).getExtraEnvVars() : Collections.emptyMap();
    }

    @Restricted({DoNotUse.class})
    @Deprecated
    public EnvironmentProperty[] getEnvironmentProperties() {
        return hasConfiguration() ? this.configurations.get(0).getEnvironmentProperties() : new EnvironmentProperty[0];
    }

    @Restricted({DoNotUse.class})
    @Deprecated
    public String getManagerPassword() {
        if (hasConfiguration()) {
            return this.configurations.get(0).getManagerPassword();
        }
        return null;
    }

    @Restricted({DoNotUse.class})
    @Deprecated
    public Secret getManagerPasswordSecret() {
        if (hasConfiguration()) {
            return this.configurations.get(0).getManagerPasswordSecret();
        }
        return null;
    }

    @Restricted({DoNotUse.class})
    @Deprecated
    public String getLDAPURL() {
        if (hasConfiguration()) {
            return this.configurations.get(0).getLDAPURL();
        }
        return null;
    }

    @Restricted({DoNotUse.class})
    @Deprecated
    public String getDisplayNameAttributeName() {
        return hasConfiguration() ? this.configurations.get(0).getDisplayNameAttributeName() : "displayname";
    }

    @Restricted({DoNotUse.class})
    @Deprecated
    public String getMailAddressAttributeName() {
        return hasConfiguration() ? this.configurations.get(0).getMailAddressAttributeName() : "mail";
    }

    @CheckForNull
    @Restricted({NoExternalUse.class})
    public LDAPConfiguration getConfigurationFor(LdapUserDetails ldapUserDetails) {
        if (ldapUserDetails instanceof DelegatedLdapUserDetails) {
            return getConfigurationFor(((DelegatedLdapUserDetails) ldapUserDetails).getConfigurationId());
        }
        return null;
    }

    @Restricted({NoExternalUse.class})
    public boolean hasMultiConfiguration() {
        return hasConfiguration() && this.configurations.size() > 1;
    }

    @CheckForNull
    @Restricted({NoExternalUse.class})
    public LDAPConfiguration getConfigurationFor(String str) {
        if (this.configurations != null) {
            for (LDAPConfiguration lDAPConfiguration : this.configurations) {
                if (lDAPConfiguration.isConfiguration(str)) {
                    return lDAPConfiguration;
                }
            }
        }
        LOGGER.log(Level.FINE, "Unable to find configuration for {0}", str);
        return null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    @CheckForNull
    public static LDAPConfiguration _getConfigurationFor(String str) {
        LDAPSecurityRealm securityRealm = Jenkins.getActiveInstance().getSecurityRealm();
        if (securityRealm instanceof LDAPSecurityRealm) {
            return securityRealm.getConfigurationFor(str);
        }
        return null;
    }

    @Restricted({NoExternalUse.class})
    public static String toProviderUrl(String str, String str2) {
        String providerUrl;
        StringBuilder sb = new StringBuilder();
        boolean z = true;
        for (String str3 : str.split("\\s+")) {
            if (str3.trim().length() != 0 && (providerUrl = getProviderUrl(str3, str2)) != null) {
                if (z) {
                    z = false;
                } else {
                    sb.append(' ');
                }
                sb.append(providerUrl);
            }
        }
        return sb.toString();
    }

    private static String getProviderUrl(String str, String str2) {
        String addPrefix = addPrefix(str);
        if (!addPrefix.endsWith("/")) {
            addPrefix = addPrefix + '/';
        }
        if (str2 != null) {
            String trim = str2.trim();
            if (!trim.isEmpty()) {
                try {
                    addPrefix = addPrefix + new URI(null, null, trim, null).toASCIIString();
                } catch (URISyntaxException e) {
                    LOGGER.log(Level.WARNING, "Unable to build URL with rootDN: " + addPrefix, (Throwable) e);
                    return null;
                }
            }
        }
        return addPrefix;
    }

    @NonNull
    public SecurityRealm.SecurityComponents createSecurityComponents() {
        DelegateLDAPUserDetailsService delegateLDAPUserDetailsService = new DelegateLDAPUserDetailsService();
        LDAPAuthenticationManager lDAPAuthenticationManager = new LDAPAuthenticationManager(delegateLDAPUserDetailsService);
        for (LDAPConfiguration lDAPConfiguration : this.configurations) {
            LDAPConfiguration.ApplicationContext createApplicationContext = lDAPConfiguration.createApplicationContext(this);
            lDAPAuthenticationManager.addDelegate(createApplicationContext.authenticationManager, lDAPConfiguration.getId(), createApplicationContext.ldapUserSearch);
            delegateLDAPUserDetailsService.addDelegate(new LDAPUserDetailsService(createApplicationContext.ldapUserSearch, createApplicationContext.ldapAuthoritiesPopulator, lDAPConfiguration.getGroupMembershipStrategy(), lDAPConfiguration.getId()));
        }
        return new SecurityRealm.SecurityComponents(lDAPAuthenticationManager, delegateLDAPUserDetailsService);
    }

    protected UserDetails authenticate2(String str, String str2) throws AuthenticationException {
        return updateUserDetails((UserDetails) getSecurityComponents().manager2.authenticate(new UsernamePasswordAuthenticationToken(fixUsername(str), str2)).getPrincipal(), (LdapUserSearch) null);
    }

    public UserDetails loadUserByUsername2(String str) throws UsernameNotFoundException {
        return updateUserDetails(getSecurityComponents().userDetails2.loadUserByUsername(fixUsername(str)), (LdapUserSearch) null);
    }

    public Authentication updateUserDetails(Authentication authentication, @CheckForNull LdapUserSearch ldapUserSearch) {
        return new DelegatedLdapAuthentication(authentication, updateUserDetails((UserDetails) authentication.getPrincipal(), ldapUserSearch), authentication instanceof DelegatedLdapAuthentication ? ((DelegatedLdapAuthentication) authentication).getConfigurationId() : null);
    }

    public UserDetails updateUserDetails(UserDetails userDetails, @CheckForNull LdapUserSearch ldapUserSearch) {
        return userDetails instanceof LdapUserDetails ? updateUserDetails((LdapUserDetails) userDetails, ldapUserSearch) : userDetails;
    }

    public DelegatedLdapUserDetails updateUserDetails(LdapUserDetails ldapUserDetails, @CheckForNull LdapUserSearch ldapUserSearch) {
        String str;
        String str2;
        Mailer.UserProperty property;
        User user = User.get(fixUsername(ldapUserDetails.getUsername()));
        LDAPConfiguration configurationFor = getConfigurationFor(ldapUserDetails);
        if (configurationFor != null) {
            str = configurationFor.getDisplayNameAttributeName();
            str2 = configurationFor.getMailAddressAttributeName();
            if (StringUtils.isEmpty(str)) {
                str = "displayname";
            }
            if (StringUtils.isEmpty(str2)) {
                str2 = "mail";
            }
        } else {
            str = "displayname";
            str2 = "mail";
        }
        Attributes attributes = DelegatedLdapUserDetails.getAttributes(ldapUserDetails, ldapUserSearch);
        try {
            Attribute attribute = attributes.get(str);
            String str3 = attribute == null ? null : (String) attribute.get();
            if (StringUtils.isNotBlank(str3) && user.getId().equals(user.getFullName()) && !user.getFullName().equals(str3)) {
                user.setFullName(str3);
            }
        } catch (NamingException e) {
            LOGGER.log(Level.FINEST, "Could not retrieve display name attribute", e);
        }
        if (!this.disableMailAddressResolver) {
            try {
                Attribute attribute2 = attributes.get(str2);
                String str4 = attribute2 == null ? null : (String) attribute2.get();
                if (StringUtils.isNotBlank(str4) && ((property = user.getProperty(Mailer.UserProperty.class)) == null || !property.hasExplicitlyConfiguredAddress())) {
                    user.addProperty(new Mailer.UserProperty(str4));
                }
            } catch (NamingException e2) {
                LOGGER.log(Level.FINEST, "Could not retrieve email address attribute", e2);
            } catch (IOException e3) {
                LOGGER.log(Level.WARNING, "Failed to associate the e-mail address", (Throwable) e3);
            }
        }
        return new DelegatedLdapUserDetails(ldapUserDetails, ldapUserDetails instanceof DelegatedLdapUserDetails ? ((DelegatedLdapUserDetails) ldapUserDetails).configurationId : "???", attributes);
    }

    public GroupDetails loadGroupByGroupname2(String str, boolean z) throws UsernameNotFoundException {
        GroupDetailsImpl groupDetailsImpl;
        CacheEntry<GroupDetailsImpl> cacheEntry;
        String fixGroupname = fixGroupname(str);
        if (this.cache != null) {
            synchronized (this) {
                cacheEntry = this.groupDetailsCache != null ? this.groupDetailsCache.get(fixGroupname) : null;
            }
            if (cacheEntry == null || !cacheEntry.isValid()) {
                groupDetailsImpl = null;
            } else {
                GroupDetailsImpl value = cacheEntry.getValue();
                groupDetailsImpl = (z && value.getMembers() == null) ? null : value;
            }
        } else {
            groupDetailsImpl = null;
        }
        GroupDetailsImpl searchForGroupName = groupDetailsImpl != null ? groupDetailsImpl : searchForGroupName(fixGroupname, z);
        if (this.cache != null && groupDetailsImpl == null) {
            synchronized (this) {
                if (this.groupDetailsCache == null) {
                    this.groupDetailsCache = new CacheMap(this.cache.getSize());
                }
                this.groupDetailsCache.put(fixGroupname, new CacheEntry<>(this.cache.getTtl(), searchForGroupName));
            }
        }
        return searchForGroupName;
    }

    @NonNull
    private GroupDetailsImpl searchForGroupName(String str, boolean z) throws UsernameNotFoundException {
        GroupDetailsImpl groupDetailsImpl;
        for (LDAPConfiguration lDAPConfiguration : this.configurations) {
            try {
                groupDetailsImpl = (GroupDetailsImpl) lDAPConfiguration.getLdapTemplate().searchForFirstEntry(lDAPConfiguration.getGroupSearchBase() != null ? lDAPConfiguration.getGroupSearchBase() : "", lDAPConfiguration.getGroupSearchFilter() != null ? lDAPConfiguration.getGroupSearchFilter() : GROUP_SEARCH, new Object[]{str}, null, new GroupDetailsMapper());
            } catch (AuthenticationException e) {
                throwUnlessConfigIsIgnorable(e, lDAPConfiguration);
            } catch (RuntimeException e2) {
                throwUnlessConfigIsIgnorable(new UserMayOrMayNotExistException2("Failed to search LDAP for group: " + str, e2), lDAPConfiguration);
            }
            if (groupDetailsImpl != null) {
                if (z) {
                    groupDetailsImpl = new GroupDetailsImpl(groupDetailsImpl.getDn(), groupDetailsImpl.getName(), lDAPConfiguration.getGroupMembershipStrategy().getGroupMembers(groupDetailsImpl.getDn(), lDAPConfiguration));
                }
                return groupDetailsImpl;
            }
            continue;
        }
        throw new UsernameNotFoundException(str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String fixGroupname(String str) {
        return FORCE_GROUPNAME_LOWERCASE ? str.toLowerCase() : str;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String fixUsername(String str) {
        return FORCE_USERNAME_LOWERCASE ? str.toLowerCase() : str;
    }

    /* renamed from: getDescriptor, reason: merged with bridge method [inline-methods] */
    public DescriptorImpl m2getDescriptor() {
        return (DescriptorImpl) super.getDescriptor();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static <T extends Exception> void throwUnlessConfigIsIgnorable(T t, @CheckForNull LDAPConfiguration lDAPConfiguration) throws Exception {
        boolean z = lDAPConfiguration == null || !lDAPConfiguration.isIgnoreIfUnavailable();
        Logger logger = LOGGER;
        Level level = Level.WARNING;
        Object[] objArr = new Object[3];
        objArr[0] = lDAPConfiguration == null ? "null" : lDAPConfiguration.getId();
        objArr[1] = lDAPConfiguration == null ? "null" : lDAPConfiguration.getServer();
        objArr[2] = z ? "_not_ try" : "try";
        logger.log(level, String.format("Failed communication with ldap server %s (%s), will %s the next configuration", objArr), (Throwable) t);
        if (z) {
            throw t;
        }
    }

    private static String addPrefix(String str) {
        return str.contains("://") ? str : "ldap://" + str;
    }
}
