package hudson.plugins.active_directory;

import hudson.Extension;
import hudson.model.AbstractDescribableImpl;
import hudson.model.Descriptor;
import hudson.plugins.active_directory.ActiveDirectorySecurityRealm;
import hudson.util.FormValidation;
import hudson.util.ListBoxModel;
import hudson.util.Secret;
import java.io.Serializable;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.DirContext;
import jenkins.model.Jenkins;
import jenkins.security.FIPS140;
import org.apache.commons.lang.StringUtils;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.interceptor.RequirePOST;

/* loaded from: input_file:hudson/plugins/active_directory/ActiveDirectoryDomain.class */
public class ActiveDirectoryDomain extends AbstractDescribableImpl<ActiveDirectoryDomain> implements Serializable {
    public String name;
    public String servers;
    public String site;
    public String bindName;
    public Secret bindPassword;
    protected TlsConfiguration tlsConfiguration;
    private static final Logger LOGGER = Logger.getLogger(ActiveDirectoryUnixAuthenticationProvider.class.getName());

    /* loaded from: input_file:hudson/plugins/active_directory/ActiveDirectoryDomain$Catalog.class */
    public enum Catalog {
        GC("_gc._tcp."),
        LDAP("_ldap._tcp.");

        private final String name;

        Catalog(String str) {
            this.name = str;
        }

        @Override // java.lang.Enum
        public String toString() {
            return this.name;
        }
    }

    @Extension
    /* loaded from: input_file:hudson/plugins/active_directory/ActiveDirectoryDomain$DescriptorImpl.class */
    public static class DescriptorImpl extends Descriptor<ActiveDirectoryDomain> {
        public String getDisplayName() {
            return "";
        }

        public ListBoxModel doFillTlsConfigurationItems() {
            ListBoxModel listBoxModel = new ListBoxModel();
            for (TlsConfiguration tlsConfiguration : TlsConfiguration.values()) {
                listBoxModel.add(tlsConfiguration.getDisplayName(), tlsConfiguration.name());
            }
            return listBoxModel;
        }

        @RequirePOST
        public FormValidation doCheckBindPassword(@QueryParameter String str) {
            return (!FIPS140.useCompliantAlgorithms() || StringUtils.length(str) >= 14) ? FormValidation.ok() : FormValidation.error(Messages.passwordTooShortFIPS());
        }

        @RequirePOST
        public FormValidation doCheckTlsConfiguration(@QueryParameter TlsConfiguration tlsConfiguration) {
            Jenkins.get().checkPermission(Jenkins.ADMINISTER);
            return ActiveDirectoryDomain.isFipsNonCompliant(ActiveDirectorySecurityRealm.DescriptorImpl.isTrustAllCertificatesEnabled(tlsConfiguration)) ? FormValidation.error(Messages.TlsConfiguration_CertificateError()) : FormValidation.ok();
        }

        /* JADX WARN: Removed duplicated region for block: B:62:0x0300 A[Catch: all -> 0x0328, TRY_LEAVE, TryCatch #7 {all -> 0x0328, blocks: (B:6:0x0075, B:11:0x0084, B:17:0x00a2, B:22:0x00ba, B:24:0x00d3, B:26:0x00db, B:29:0x00ed, B:31:0x00f8, B:35:0x010d, B:42:0x0123, B:44:0x012f, B:72:0x0181, B:74:0x01a6, B:76:0x01c6, B:77:0x01d0, B:81:0x01e0, B:62:0x0300, B:65:0x0316, B:85:0x01ee, B:86:0x01f5, B:47:0x0277, B:48:0x0283, B:50:0x028d, B:52:0x0299, B:69:0x02a6, B:57:0x02cb, B:88:0x01fb, B:90:0x020a, B:93:0x021e, B:101:0x0234, B:105:0x024a, B:97:0x0260, B:112:0x0149, B:113:0x0159, B:116:0x0152, B:117:0x00c1), top: B:5:0x0075, inners: #1, #5, #6, #10, #9 }] */
        /* JADX WARN: Removed duplicated region for block: B:65:0x0316 A[Catch: all -> 0x0328, TRY_ENTER, TRY_LEAVE, TryCatch #7 {all -> 0x0328, blocks: (B:6:0x0075, B:11:0x0084, B:17:0x00a2, B:22:0x00ba, B:24:0x00d3, B:26:0x00db, B:29:0x00ed, B:31:0x00f8, B:35:0x010d, B:42:0x0123, B:44:0x012f, B:72:0x0181, B:74:0x01a6, B:76:0x01c6, B:77:0x01d0, B:81:0x01e0, B:62:0x0300, B:65:0x0316, B:85:0x01ee, B:86:0x01f5, B:47:0x0277, B:48:0x0283, B:50:0x028d, B:52:0x0299, B:69:0x02a6, B:57:0x02cb, B:88:0x01fb, B:90:0x020a, B:93:0x021e, B:101:0x0234, B:105:0x024a, B:97:0x0260, B:112:0x0149, B:113:0x0159, B:116:0x0152, B:117:0x00c1), top: B:5:0x0075, inners: #1, #5, #6, #10, #9 }] */
        @org.kohsuke.stapler.interceptor.RequirePOST
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        public hudson.util.FormValidation doValidateTest(@org.kohsuke.stapler.QueryParameter(fixEmpty = true) java.lang.String r17, @org.kohsuke.stapler.QueryParameter(fixEmpty = true) java.lang.String r18, @org.kohsuke.stapler.QueryParameter(fixEmpty = true) java.lang.String r19, @org.kohsuke.stapler.QueryParameter(fixEmpty = true) java.lang.String r20, @org.kohsuke.stapler.QueryParameter(fixEmpty = true) java.lang.String r21, @org.kohsuke.stapler.QueryParameter(fixEmpty = true) hudson.plugins.active_directory.TlsConfiguration r22, @org.kohsuke.stapler.QueryParameter hudson.plugins.active_directory.GroupLookupStrategy r23, @org.kohsuke.stapler.QueryParameter(fixEmpty = false) boolean r24, @org.kohsuke.stapler.QueryParameter(fixEmpty = true) boolean r25, @org.kohsuke.stapler.QueryParameter(fixEmpty = true) boolean r26) throws javax.naming.NamingException {
            /*
                Method dump skipped, instructions count: 821
                To view this dump add '--comments-level debug' option
            */
            throw new UnsupportedOperationException("Method not decompiled: hudson.plugins.active_directory.ActiveDirectoryDomain.DescriptorImpl.doValidateTest(java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String, hudson.plugins.active_directory.TlsConfiguration, hudson.plugins.active_directory.GroupLookupStrategy, boolean, boolean, boolean):hudson.util.FormValidation");
        }
    }

    public ActiveDirectoryDomain(String str, String str2) {
        this(str, str2, null, null, null);
    }

    @Deprecated
    public ActiveDirectoryDomain(String str, String str2, String str3, String str4, String str5) {
        this(str, str2, str3, str4, str5, TlsConfiguration.TRUST_ALL_CERTIFICATES);
    }

    @DataBoundConstructor
    public ActiveDirectoryDomain(String str, String str2, String str3, String str4, String str5, TlsConfiguration tlsConfiguration) {
        if (isFipsNonCompliant(ActiveDirectorySecurityRealm.DescriptorImpl.isTrustAllCertificatesEnabled(tlsConfiguration))) {
            throw new IllegalArgumentException(Messages.TlsConfiguration_CertificateError());
        }
        this.name = str;
        if (FIPS140.useCompliantAlgorithms() && StringUtils.length(str5) < 14) {
            throw new IllegalArgumentException(Messages.passwordTooShortFIPS());
        }
        String fixEmpty = fixEmpty(str2);
        if (fixEmpty != null) {
            String[] split = fixEmpty.split(",");
            for (int i = 0; i < split.length; i++) {
                if (!split[i].contains(":")) {
                    int i2 = i;
                    split[i2] = split[i2] + ":3268";
                }
            }
            fixEmpty = StringUtils.join(split, ",");
        }
        this.servers = fixEmpty;
        this.site = fixEmpty(str3);
        this.bindName = fixEmpty(str4);
        this.bindPassword = Secret.fromString(fixEmpty(str5));
        this.tlsConfiguration = tlsConfiguration;
    }

    @Restricted({NoExternalUse.class})
    public String getName() {
        return this.name;
    }

    @Restricted({NoExternalUse.class})
    public String getServers() {
        return this.servers;
    }

    @Restricted({NoExternalUse.class})
    public String getBindName() {
        return this.bindName;
    }

    @Restricted({NoExternalUse.class})
    public Secret getBindPassword() {
        return this.bindPassword;
    }

    @Restricted({NoExternalUse.class})
    public String getSite() {
        return this.site;
    }

    @Restricted({NoExternalUse.class})
    public TlsConfiguration getTlsConfiguration() {
        return this.tlsConfiguration;
    }

    protected Object readResolve() {
        if (isFipsNonCompliant(ActiveDirectorySecurityRealm.DescriptorImpl.isTrustAllCertificatesEnabled(this.tlsConfiguration))) {
            throw new IllegalStateException(Messages.TlsConfiguration_CertificateError());
        }
        String secret = Secret.toString(this.bindPassword);
        if (!FIPS140.useCompliantAlgorithms() || StringUtils.length(secret) >= 14) {
            return this;
        }
        throw new IllegalArgumentException(Messages.passwordTooShortFIPS());
    }

    public Attribute getRecordFromDomain() {
        Attribute attribute = null;
        try {
            LOGGER.log(Level.FINE, "Attempting to resolve {0} to NS record", this.name);
            DirContext createDNSLookupContext = DNSUtils.createDNSLookupContext();
            attribute = createDNSLookupContext.getAttributes(this.name, new String[]{"NS"}).get("NS");
            if (attribute == null) {
                LOGGER.log(Level.FINE, "Attempting to resolve {0} to A record", this.name);
                attribute = createDNSLookupContext.getAttributes(this.name, new String[]{"A"}).get("A");
                if (attribute == null) {
                    throw new NamingException(this.name + " doesn't look like a domain name");
                }
            }
            LOGGER.log(Level.FINE, "{0} resolved to {1}", new Object[]{this.name, attribute});
        } catch (NamingException e) {
            LOGGER.log(Level.WARNING, String.format("Failed to resolve %s to A record", this.name), e);
        }
        return attribute;
    }

    public Attribute getServersOnCatalog(String str) {
        String str2 = Catalog.valueOf(str).toString() + (this.site != null ? this.site + "._sites." : "") + this.name;
        LOGGER.log(Level.FINE, "Attempting to resolve {0} to SRV record", str2);
        try {
            return DNSUtils.createDNSLookupContext().getAttributes(str2, new String[]{"SRV"}).get("SRV");
        } catch (NamingException | NumberFormatException e) {
            LOGGER.log(Level.WARNING, String.format("Failed to resolve %s", str2), e);
            return null;
        }
    }

    public static String fixEmpty(String str) {
        if (str == null || str.length() == 0) {
            return null;
        }
        return str;
    }

    private static boolean isFipsNonCompliant(boolean z) {
        return FIPS140.useCompliantAlgorithms() && z;
    }
}
