package hudson.plugins.active_directory;

import com4j.COM4J;
import com4j.Com4jObject;
import com4j.ComException;
import com4j.Variant;
import com4j.typelibs.activeDirectory.IADs;
import com4j.typelibs.activeDirectory.IADsGroup;
import com4j.typelibs.activeDirectory.IADsOpenDSObject;
import com4j.typelibs.activeDirectory.IADsUser;
import com4j.typelibs.ado20.ClassFactory;
import com4j.typelibs.ado20._Command;
import com4j.typelibs.ado20._Connection;
import com4j.typelibs.ado20._Recordset;
import hudson.security.GroupDetails;
import hudson.security.SecurityRealm;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.logging.Logger;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.BadCredentialsException;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.GrantedAuthorityImpl;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.UsernameNotFoundException;

/* loaded from: input_file:hudson/plugins/active_directory/ActiveDirectoryAuthenticationProvider.class */
public class ActiveDirectoryAuthenticationProvider extends AbstractActiveDirectoryAuthenticationProvider {
    private final String defaultNamingContext = (String) COM4J.getObject(IADs.class, "LDAP://RootDSE", (String) null).get("defaultNamingContext");
    private final _Connection con;
    private static final Logger LOGGER = Logger.getLogger(ActiveDirectoryAuthenticationProvider.class.getName());

    public ActiveDirectoryAuthenticationProvider() {
        LOGGER.info("Active Directory domain is " + this.defaultNamingContext);
        this.con = ClassFactory.createConnection();
        this.con.provider("ADsDSOObject");
        this.con.open("Active Directory Provider", "", "", -1);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // hudson.plugins.active_directory.AbstractActiveDirectoryAuthenticationProvider
    public UserDetails retrieveUser(String str, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
        String str2 = null;
        if (usernamePasswordAuthenticationToken != null) {
            str2 = (String) usernamePasswordAuthenticationToken.getCredentials();
        }
        String dnOfUserOrGroup = getDnOfUserOrGroup(str);
        IADsOpenDSObject object = COM4J.getObject(IADsOpenDSObject.class, "LDAP:", (String) null);
        try {
            IADsUser iADsUser = (IADsUser) (usernamePasswordAuthenticationToken == null ? object.openDSObject("LDAP://" + dnOfUserOrGroup, (String) null, (String) null, 0) : object.openDSObject("LDAP://" + dnOfUserOrGroup, dnOfUserOrGroup, str2, 0)).queryInterface(IADsUser.class);
            if (iADsUser == null) {
                throw new UsernameNotFoundException("User not found: " + str);
            }
            ArrayList arrayList = new ArrayList();
            Iterator it = iADsUser.groups().iterator();
            while (it.hasNext()) {
                arrayList.add(new GrantedAuthorityImpl(((Com4jObject) it.next()).queryInterface(IADsGroup.class).name().substring(3)));
            }
            arrayList.add(SecurityRealm.AUTHENTICATED_AUTHORITY);
            return new ActiveDirectoryUserDetail(str, str2, !isAccountDisabled(iADsUser), true, true, true, (GrantedAuthority[]) arrayList.toArray(new GrantedAuthority[arrayList.size()]), iADsUser.fullName(), iADsUser.emailAddress(), iADsUser.telephoneNumber().toString()).updateUserInfo();
        } catch (ComException e) {
            throw new BadCredentialsException("Incorrect password for " + str);
        }
    }

    private boolean isAccountDisabled(IADsUser iADsUser) {
        try {
            return iADsUser.accountDisabled();
        } catch (ComException e) {
            if (e.getHRESULT() == -2147463155) {
                return false;
            }
            throw e;
        }
    }

    protected String getDnOfUserOrGroup(String str) {
        _Command createCommand = ClassFactory.createCommand();
        createCommand.activeConnection(this.con);
        createCommand.commandText("<LDAP://" + this.defaultNamingContext + ">;(sAMAccountName=" + str + ");distinguishedName;subTree");
        _Recordset execute = createCommand.execute((Object) null, Variant.MISSING, -1);
        if (execute.eof()) {
            throw new UsernameNotFoundException("No such user or group: " + str);
        }
        return execute.fields().item("distinguishedName").value().toString();
    }

    @Override // hudson.plugins.active_directory.GroupDetailsService
    public GroupDetails loadGroupByGroupname(String str) {
        if (COM4J.getObject(IADsOpenDSObject.class, "LDAP:", (String) null).openDSObject("LDAP://" + getDnOfUserOrGroup(str), (String) null, (String) null, 0).queryInterface(IADsGroup.class) == null) {
            throw new UsernameNotFoundException("Group not found: " + str);
        }
        return new ActiveDirectoryGroupDetails(str);
    }
}
