package hudson.security;

import groovy.lang.Binding;
import hudson.DescriptorExtensionList;
import hudson.Extension;
import hudson.cli.CLICommand;
import hudson.model.Descriptor;
import hudson.model.User;
import hudson.model.UserProperty;
import hudson.model.UserPropertyDescriptor;
import hudson.security.HudsonPrivateSecurityRealm;
import hudson.security.SecurityRealm;
import hudson.security.captcha.CaptchaSupport;
import hudson.util.spring.BeanBuilder;
import java.io.IOException;
import java.lang.reflect.Constructor;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.MissingResourceException;
import java.util.ResourceBundle;
import java.util.logging.Logger;
import javax.annotation.Nonnull;
import jenkins.model.Jenkins;
import jenkins.security.ImpersonatingUserDetailsService;
import jenkins.security.SecurityListener;
import net.sf.json.JSONArray;
import net.sf.json.JSONObject;
import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationManager;
import org.acegisecurity.BadCredentialsException;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider;
import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.UserDetailsService;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.jenkinsci.Symbol;
import org.kohsuke.args4j.Option;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.StaplerRequest;
import org.springframework.dao.DataAccessException;

/* loaded from: input_file:hudson/security/MixingSecurityRealm.class */
public class MixingSecurityRealm extends HudsonPrivateSecurityRealm {
    private static final Logger logger = Logger.getLogger(MixingSecurityRealm.class.getName());
    private List<SecurityRealm> optionals;
    private boolean priority;

    /* loaded from: input_file:hudson/security/MixingSecurityRealm$Authenticator.class */
    class Authenticator extends AbstractUserDetailsAuthenticationProvider {
        Authenticator() {
        }

        protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
        }

        protected UserDetails retrieveUser(String str, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
            return MixingSecurityRealm.this.doAuthenticate(str, usernamePasswordAuthenticationToken.getCredentials().toString());
        }
    }

    @Extension
    /* loaded from: input_file:hudson/security/MixingSecurityRealm$DescriptorImpl.class */
    public static final class DescriptorImpl extends Descriptor<SecurityRealm> {
        public final List<SecurityRealm> optionals = new ArrayList();

        public DescriptorImpl() {
            load();
        }

        public String getDisplayName() {
            return "Mixing";
        }

        public SecurityRealm getInstance(Descriptor<SecurityRealm> descriptor) {
            if (descriptor == null) {
                return null;
            }
            for (SecurityRealm securityRealm : this.optionals) {
                if (securityRealm != null && descriptor.clazz == securityRealm.getClass()) {
                    return securityRealm;
                }
            }
            return null;
        }

        /* renamed from: newInstance, reason: merged with bridge method [inline-methods] */
        public SecurityRealm m4newInstance(StaplerRequest staplerRequest, JSONObject jSONObject) throws Descriptor.FormException {
            SecurityRealm newInstance;
            JSONArray jSONArray = jSONObject.getJSONArray("optional");
            DescriptorExtensionList all = SecurityRealm.all();
            this.optionals.clear();
            Iterator it = jSONArray.iterator();
            while (it.hasNext()) {
                JSONObject jSONObject2 = (JSONObject) it.next();
                if (jSONObject2.getBoolean("$enabled")) {
                    String string = jSONObject2.getString("$id");
                    jSONObject2.remove("$id");
                    jSONObject2.remove("$enabled");
                    Descriptor findByName = all.findByName(string);
                    if (findByName != null && (newInstance = findByName.newInstance(staplerRequest, jSONObject2)) != null) {
                        this.optionals.add(newInstance);
                    }
                }
            }
            save();
            MixingSecurityRealm newInstance2 = super.newInstance(staplerRequest, jSONObject);
            newInstance2.optionals.clear();
            newInstance2.optionals.addAll(this.optionals);
            return newInstance2;
        }

        private Map<Class, Class> getImplementedClass() {
            HashMap hashMap = new HashMap();
            Class<MixingSecurityRealm> cls = MixingSecurityRealm.class;
            while (true) {
                Class<MixingSecurityRealm> cls2 = cls;
                if (cls2 == SecurityRealm.class) {
                    return hashMap;
                }
                hashMap.put(cls2, cls2);
                cls = cls2.getSuperclass();
            }
        }

        public List<Descriptor<SecurityRealm>> getSecurityRealmDescriptors() {
            ArrayList arrayList = new ArrayList();
            Map<Class, Class> implementedClass = getImplementedClass();
            Iterator it = SecurityRealm.all().iterator();
            while (it.hasNext()) {
                Descriptor descriptor = (Descriptor) it.next();
                if (!implementedClass.containsKey(descriptor.clazz)) {
                    arrayList.add(descriptor);
                }
            }
            int size = this.optionals.size();
            arrayList.sort((descriptor2, descriptor3) -> {
                int i = size;
                int i2 = size + 1;
                for (int i3 = size - 1; i3 > -1; i3--) {
                    Class<?> cls = this.optionals.get(i3).getClass();
                    if (cls == descriptor2.clazz) {
                        i = i3;
                    } else if (cls == descriptor3.clazz) {
                        i2 = i3;
                    }
                }
                return i - i2;
            });
            return arrayList;
        }
    }

    /* loaded from: input_file:hudson/security/MixingSecurityRealm$MixinAuthenticationManager.class */
    private class MixinAuthenticationManager implements AuthenticationManager {
        private SecurityRealm.SecurityComponents securityComponents;
        Map<SecurityRealm, SecurityRealm.SecurityComponents> securityComponentsMap;

        MixinAuthenticationManager(SecurityRealm.SecurityComponents securityComponents, Map<SecurityRealm, SecurityRealm.SecurityComponents> map) {
            this.securityComponents = securityComponents;
            this.securityComponentsMap = map;
        }

        public Authentication authenticate(Authentication authentication) throws AuthenticationException {
            String name = authentication.getName();
            Authentication authentication2 = null;
            if (MixingSecurityRealm.this.priority && 0 == 0) {
                authentication2 = authenticateLocal(name, authentication);
            }
            if (authentication2 == null) {
                authentication2 = authenticateOptionals(name, authentication);
            }
            if (!MixingSecurityRealm.this.priority && authentication2 == null) {
                authentication2 = authenticateLocal(name, authentication);
            }
            if (authentication2 == null) {
                throw new UsernameNotFoundException("Not found in any realm: " + name);
            }
            return authentication2;
        }

        private Authentication authenticateLocal(String str, Authentication authentication) {
            if (!MixingSecurityRealm.this.isPrivateUser(str)) {
                return null;
            }
            MixingSecurityRealm.logger.fine("SecurityComponents.authentication.isPrivateUser => " + str);
            return this.securityComponents.manager.authenticate(authentication);
        }

        private Authentication authenticateOptionals(String str, Authentication authentication) {
            for (SecurityRealm securityRealm : MixingSecurityRealm.this.optionals) {
                SecurityRealm.SecurityComponents securityComponents = this.securityComponentsMap.get(securityRealm);
                if (MixingSecurityRealm.isOwnedBy(str, securityComponents.userDetails)) {
                    MixingSecurityRealm.logger.fine("SecurityComponents.authentication.isOwnedBy => " + str + " -> " + securityRealm);
                    return securityComponents.manager.authenticate(authentication);
                }
            }
            return null;
        }
    }

    /* loaded from: input_file:hudson/security/MixingSecurityRealm$MixinUserDetailsService.class */
    private class MixinUserDetailsService implements UserDetailsService {
        private SecurityRealm.SecurityComponents securityComponents;
        Map<SecurityRealm, SecurityRealm.SecurityComponents> securityComponentsMap;

        MixinUserDetailsService(SecurityRealm.SecurityComponents securityComponents, Map<SecurityRealm, SecurityRealm.SecurityComponents> map) {
            this.securityComponents = securityComponents;
            this.securityComponentsMap = map;
        }

        public UserDetails loadUserByUsername(String str) throws UsernameNotFoundException, DataAccessException {
            if (!MixingSecurityRealm.this.priority) {
                UserDetails loadUserByUsernameOptionals = loadUserByUsernameOptionals(str);
                if (loadUserByUsernameOptionals == null) {
                    loadUserByUsernameOptionals = loadUserByUsernameLocal(str);
                }
                return loadUserByUsernameOptionals;
            }
            try {
                return loadUserByUsernameLocal(str);
            } catch (UsernameNotFoundException e) {
                UserDetails loadUserByUsernameOptionals2 = loadUserByUsernameOptionals(str);
                if (loadUserByUsernameOptionals2 == null) {
                    throw e;
                }
                return loadUserByUsernameOptionals2;
            }
        }

        private UserDetails loadUserByUsernameLocal(String str) {
            MixingSecurityRealm.logger.fine("SecurityComponents.loadUserByUsername.isPrivateUser => " + str);
            return this.securityComponents.userDetails.loadUserByUsername(str);
        }

        private UserDetails loadUserByUsernameOptionals(String str) {
            for (SecurityRealm securityRealm : MixingSecurityRealm.this.optionals) {
                SecurityRealm.SecurityComponents securityComponents = this.securityComponentsMap.get(securityRealm);
                try {
                    MixingSecurityRealm.logger.fine("SecurityComponents.loadUserByUsername.isOwnedBy => " + str + " -> " + securityRealm);
                    return securityComponents.userDetails.loadUserByUsername(str);
                } catch (UsernameNotFoundException e) {
                }
            }
            return null;
        }
    }

    @Extension
    @Symbol({"password"})
    /* loaded from: input_file:hudson/security/MixingSecurityRealm$UserDescriptorImpl.class */
    public static final class UserDescriptorImpl extends UserPropertyDescriptor {
        static HudsonPrivateSecurityRealm.Details.DescriptorImpl descriptor;

        public UserDescriptorImpl() {
            super(HudsonPrivateSecurityRealm.Details.class);
        }

        @Nonnull
        public String getDisplayName() {
            return "Password";
        }

        /* renamed from: newInstance, reason: merged with bridge method [inline-methods] */
        public UserProperty m6newInstance(StaplerRequest staplerRequest, @Nonnull JSONObject jSONObject) throws Descriptor.FormException {
            if (staplerRequest == null) {
                return super.newInstance((StaplerRequest) null, jSONObject);
            }
            User user = (User) staplerRequest.findAncestorObject(User.class);
            if (user == null) {
                throw new IllegalArgumentException("No ancestor of type User in the request");
            }
            if (user.getProperty(HudsonPrivateSecurityRealm.Details.class) != null) {
                MixingSecurityRealm.logger.fine("UserDescriptorImpl.newInstance.isPrivateUser => " + user.getId());
                return descriptor.newInstance(staplerRequest, jSONObject);
            }
            MixingSecurityRealm.logger.fine("UserDescriptorImpl.newInstance.isOwnedByOther => " + user.getId());
            return MixingSecurityRealm.proxyDetail(user.getId(), user);
        }

        public boolean isEnabled() {
            return Jenkins.get().getSecurityRealm() instanceof MixingSecurityRealm;
        }

        public UserProperty newInstance(User user) {
            MixingSecurityRealm.logger.fine("UserDescriptorImpl.newInstance.null => " + user);
            return null;
        }

        public boolean hasDetails(HudsonPrivateSecurityRealm.Details details) {
            if (details == null) {
                return false;
            }
            try {
                Method declaredMethod = HudsonPrivateSecurityRealm.Details.class.getDeclaredMethod("getUser", new Class[0]);
                declaredMethod.setAccessible(true);
                return ((User) declaredMethod.invoke(details, new Object[0])).getProperty(HudsonPrivateSecurityRealm.Details.class) != null;
            } catch (IllegalAccessException | NoSuchMethodException | InvocationTargetException e) {
                return false;
            }
        }

        static {
            DescriptorExtensionList descriptorList = Jenkins.get().getDescriptorList(UserProperty.class);
            Iterator it = descriptorList.iterator();
            while (it.hasNext()) {
                HudsonPrivateSecurityRealm.Details.DescriptorImpl descriptorImpl = (UserPropertyDescriptor) it.next();
                if (descriptorImpl.getClass() == HudsonPrivateSecurityRealm.Details.DescriptorImpl.class) {
                    descriptorList.remove(descriptorImpl);
                    descriptor = descriptorImpl;
                    return;
                }
            }
        }
    }

    @DataBoundConstructor
    public MixingSecurityRealm(boolean z, boolean z2, CaptchaSupport captchaSupport, boolean z3) {
        super(z, z2, captchaSupport);
        this.optionals = new ArrayList();
        this.priority = z3;
    }

    /* renamed from: getDescriptor, reason: merged with bridge method [inline-methods] */
    public DescriptorImpl m3getDescriptor() {
        return (DescriptorImpl) super.getDescriptor();
    }

    public boolean isPrivateUser(String str) {
        User byId = User.getById(str, false);
        return (byId == null || byId.getProperty(HudsonPrivateSecurityRealm.Details.class) == null) ? false : true;
    }

    public static boolean isOwnedBy(String str, UserDetailsService userDetailsService) {
        try {
            return userDetailsService.loadUserByUsername(str) != null;
        } catch (UsernameNotFoundException e) {
            return false;
        }
    }

    public SecurityRealm.SecurityComponents createSecurityComponents() {
        Binding binding = new Binding();
        binding.setVariable("authenticator", new Authenticator());
        BeanBuilder beanBuilder = new BeanBuilder();
        beanBuilder.parse(Jenkins.get().servletContext.getResourceAsStream("/WEB-INF/security/AbstractPasswordBasedSecurityRealm.groovy"), binding);
        SecurityRealm.SecurityComponents securityComponents = new SecurityRealm.SecurityComponents((AuthenticationManager) findBean(AuthenticationManager.class, beanBuilder.createApplicationContext()), new ImpersonatingUserDetailsService(this));
        if (this.optionals == null) {
            return securityComponents;
        }
        HashMap hashMap = new HashMap();
        for (SecurityRealm securityRealm : this.optionals) {
            hashMap.put(securityRealm, securityRealm.createSecurityComponents());
        }
        return new SecurityRealm.SecurityComponents(new MixinAuthenticationManager(securityComponents, hashMap), new MixinUserDetailsService(securityComponents, hashMap));
    }

    public static HudsonPrivateSecurityRealm.Details fromUserDetail(UserDetails userDetails) {
        return proxyDetail(userDetails.getUsername(), null);
    }

    public static String emptyPassword() {
        return null;
    }

    public static HudsonPrivateSecurityRealm.Details proxyDetail(String str, User user) {
        try {
            Constructor declaredConstructor = HudsonPrivateSecurityRealm.Details.class.getDeclaredConstructor(String.class);
            declaredConstructor.setAccessible(true);
            HudsonPrivateSecurityRealm.Details details = (HudsonPrivateSecurityRealm.Details) declaredConstructor.newInstance(emptyPassword());
            if (user == null) {
                user = User.getOrCreateByIdOrFullName(str);
            }
            Method declaredMethod = UserProperty.class.getDeclaredMethod("setUser", User.class);
            declaredMethod.setAccessible(true);
            declaredMethod.invoke(details, user);
            return details;
        } catch (IllegalAccessException | InstantiationException | NoSuchMethodException | InvocationTargetException e) {
            throw new UsernameNotFoundException(e.getMessage(), e);
        }
    }

    /* renamed from: loadUserByUsername, reason: merged with bridge method [inline-methods] */
    public HudsonPrivateSecurityRealm.Details m1loadUserByUsername(String str) {
        if (!this.priority) {
            Iterator<SecurityRealm> it = this.optionals.iterator();
            while (it.hasNext()) {
                try {
                    return fromUserDetail(it.next().loadUserByUsername(str));
                } catch (UsernameNotFoundException e) {
                }
            }
            return super.loadUserByUsername(str);
        }
        try {
            return super.loadUserByUsername(str);
        } catch (UsernameNotFoundException e2) {
            Iterator<SecurityRealm> it2 = this.optionals.iterator();
            while (it2.hasNext()) {
                try {
                    return fromUserDetail(it2.next().loadUserByUsername(str));
                } catch (UsernameNotFoundException e3) {
                }
            }
            throw e2;
        }
    }

    public CliAuthenticator createCliAuthenticator(final CLICommand cLICommand) {
        final CliAuthenticator createCliAuthenticator = super.createCliAuthenticator(cLICommand);
        return new CliAuthenticator() { // from class: hudson.security.MixingSecurityRealm.1

            @Option(name = "--username", usage = "User name to authenticate yourself to Jenkins")
            public String userName;

            @Option(name = "--password", usage = "Password for authentication. Note that passing a password in arguments is insecure.")
            public String password;

            @Option(name = "--password-file", usage = "File that contains the password")
            public String passwordFile;

            CliAuthenticator fillFields(CliAuthenticator cliAuthenticator) throws AuthenticationException {
                for (Field field : cliAuthenticator.getClass().getDeclaredFields()) {
                    try {
                        if (field.getName().equalsIgnoreCase("userName")) {
                            field.set(cliAuthenticator, this.userName);
                        } else if (field.getName().equalsIgnoreCase("password")) {
                            field.set(cliAuthenticator, this.password);
                        } else if (field.getName().equalsIgnoreCase("passwordFile")) {
                            field.set(cliAuthenticator, this.passwordFile);
                        }
                    } catch (IllegalAccessException e) {
                        throw new AuthenticationException(e.getMessage(), e) { // from class: hudson.security.MixingSecurityRealm.1.1
                        };
                    }
                }
                return cliAuthenticator;
            }

            public Authentication authenticate() throws AuthenticationException, IOException, InterruptedException {
                if (this.userName == null) {
                    return cLICommand.getTransportAuthentication();
                }
                if (!MixingSecurityRealm.this.priority) {
                    for (SecurityRealm securityRealm : MixingSecurityRealm.this.optionals) {
                        try {
                            securityRealm.loadUserByUsername(this.userName);
                            MixingSecurityRealm.logger.fine("Authentication.authenticate.isOwnedBy => " + this.userName + " -> " + securityRealm);
                            return fillFields(securityRealm.createCliAuthenticator(cLICommand)).authenticate();
                        } catch (UsernameNotFoundException e) {
                        }
                    }
                    fillFields(createCliAuthenticator);
                    MixingSecurityRealm.logger.fine("Authentication.authenticate.isPrivateUser => " + this.userName);
                    return createCliAuthenticator.authenticate();
                }
                if (MixingSecurityRealm.this.isPrivateUser(this.userName)) {
                    fillFields(createCliAuthenticator);
                    MixingSecurityRealm.logger.fine("Authentication.authenticate.isPrivateUser => " + this.userName);
                    return createCliAuthenticator.authenticate();
                }
                for (SecurityRealm securityRealm2 : MixingSecurityRealm.this.optionals) {
                    try {
                        securityRealm2.loadUserByUsername(this.userName);
                        MixingSecurityRealm.logger.fine("Authentication.authenticate.isOwnedBy => " + this.userName + " -> " + securityRealm2);
                        return fillFields(securityRealm2.createCliAuthenticator(cLICommand)).authenticate();
                    } catch (UsernameNotFoundException e2) {
                    }
                }
                throw new UsernameNotFoundException("Not found in any realm");
            }
        };
    }

    private HudsonPrivateSecurityRealm.Details selfAuthenticate(String str, String str2) {
        HudsonPrivateSecurityRealm.Details loadUserByUsername = super.loadUserByUsername(str);
        if (loadUserByUsername.isPasswordCorrect(str2)) {
            return loadUserByUsername;
        }
        throw new BadCredentialsException(getLocalizedBadCredentialsMessage());
    }

    private String getLocalizedBadCredentialsMessage() {
        try {
            return ResourceBundle.getBundle("org.acegisecurity.messages").getString("AbstractUserDetailsAuthenticationProvider.badCredentials");
        } catch (MissingResourceException e) {
            return "Bad credentials";
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* renamed from: authenticate, reason: merged with bridge method [inline-methods] */
    public HudsonPrivateSecurityRealm.Details m2authenticate(String str, String str2) throws AuthenticationException {
        if (!this.priority) {
            for (SecurityRealm securityRealm : this.optionals) {
                try {
                    logger.fine("authenticate.isOwnedBy => " + str + " -> " + securityRealm);
                    return fromUserDetail(securityRealm.loadUserByUsername(str));
                } catch (UsernameNotFoundException e) {
                }
            }
            logger.fine("authenticate.isPrivateUser => " + str);
            return selfAuthenticate(str, str2);
        }
        if (isPrivateUser(str)) {
            logger.fine("authenticate.isPrivateUser => " + str);
            return selfAuthenticate(str, str2);
        }
        for (SecurityRealm securityRealm2 : this.optionals) {
            try {
                logger.fine("authenticate.isOwnedBy => " + str + " -> " + securityRealm2);
                return fromUserDetail(securityRealm2.loadUserByUsername(str));
            } catch (UsernameNotFoundException e2) {
            }
        }
        throw new UsernameNotFoundException("Not found in any realm: " + str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public UserDetails doAuthenticate(String str, String str2) throws AuthenticationException {
        try {
            logger.fine("doAuthenticate => " + str);
            HudsonPrivateSecurityRealm.Details m2authenticate = m2authenticate(str, str2);
            SecurityListener.fireAuthenticated(m2authenticate);
            return m2authenticate;
        } catch (AuthenticationException e) {
            SecurityListener.fireFailedToAuthenticate(str);
            throw e;
        }
    }
}
