package org.jenkinsci.plugins.reverse_proxy_auth;

import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import groovy.lang.Binding;
import hudson.Extension;
import hudson.Util;
import hudson.model.Descriptor;
import hudson.model.User;
import hudson.security.ChainedServletFilter;
import hudson.security.GroupDetails;
import hudson.security.LDAPSecurityRealm;
import hudson.security.SecurityRealm;
import hudson.security.UserMayOrMayNotExistException;
import hudson.tasks.Mailer;
import hudson.util.FormValidation;
import hudson.util.Scrambler;
import hudson.util.spring.BeanBuilder;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.annotation.CheckForNull;
import javax.annotation.Nullable;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.InitialDirContext;
import javax.servlet.Filter;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import jenkins.model.Jenkins;
import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationManager;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.ldap.InitialDirContextFactory;
import org.acegisecurity.ldap.LdapDataAccessException;
import org.acegisecurity.ldap.LdapTemplate;
import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.UserDetailsService;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.acegisecurity.userdetails.ldap.LdapUserDetails;
import org.apache.commons.lang.StringUtils;
import org.jenkinsci.plugins.reverse_proxy_auth.auth.ReverseProxyAuthoritiesPopulator;
import org.jenkinsci.plugins.reverse_proxy_auth.data.GroupSearchTemplate;
import org.jenkinsci.plugins.reverse_proxy_auth.model.ReverseProxyUserDetails;
import org.jenkinsci.plugins.reverse_proxy_auth.service.ProxyLDAPAuthoritiesPopulator;
import org.jenkinsci.plugins.reverse_proxy_auth.service.ProxyLDAPUserDetailsService;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.StaplerRequest;
import org.springframework.dao.DataAccessException;
import org.springframework.dao.DataAccessResourceFailureException;
import org.springframework.web.context.WebApplicationContext;

/* loaded from: input_file:org/jenkinsci/plugins/reverse_proxy_auth/ReverseProxySecurityRealm.class */
public class ReverseProxySecurityRealm extends SecurityRealm {
    private static final Logger LOGGER = Logger.getLogger(ReverseProxySecurityRealm.class.getName());

    @SuppressFBWarnings(value = {"MS_SHOULD_BE_FINAL"}, justification = "May be used in system groovy scripts")
    public static String GROUP_SEARCH = System.getProperty(LDAPSecurityRealm.class.getName() + ".groupSearch", "(& (cn={0}) (| (objectclass=groupOfNames) (objectclass=groupOfUniqueNames) (objectclass=posixGroup)))");
    private static final int CHECK_INTERVAL = 15;
    private final String managerPassword;
    private ReverseProxySearchTemplate proxyTemplate;
    private transient LdapTemplate ldapTemplate;
    private transient Hashtable<String, GrantedAuthority[]> authContext;
    private transient Hashtable<String, Long> authorityUpdateCache;
    public final String server;
    public final String rootDN;
    public final boolean inhibitInferRootDN;
    public final String userSearchBase;
    public final String userSearch;
    public final String groupSearchBase;
    public final String groupSearchFilter;
    public final String groupMembershipFilter;
    public String groupNameAttribute;
    public final String managerDN;
    public final int updateInterval;
    public transient GrantedAuthority[] authorities;

    @CheckForNull
    public final String forwardedUser;
    public String retrievedUser;
    public final String headerGroups;
    public final String headerGroupsDelimiter;
    public final boolean disableLdapEmailResolver;
    private final String displayNameLdapAttribute;
    private final String emailAddressLdapAttribute;
    public final String customLogInUrl;
    public final String customLogOutUrl;

    @Extension
    /* loaded from: input_file:org/jenkinsci/plugins/reverse_proxy_auth/ReverseProxySecurityRealm$ProxyLDAPDescriptor.class */
    public static class ProxyLDAPDescriptor extends Descriptor<SecurityRealm> {
        public String getDisplayName() {
            return Messages.ReverseProxySecurityRealm_DisplayName();
        }

        public FormValidation doServerCheck(@QueryParameter String str, @QueryParameter String str2, @QueryParameter String str3) {
            String fixEmptyAndTrim = Util.fixEmptyAndTrim(str);
            if (fixEmptyAndTrim == null) {
                return FormValidation.error("Server is null or empty");
            }
            if (!Jenkins.getActiveInstance().hasPermission(Jenkins.ADMINISTER)) {
                return FormValidation.ok();
            }
            try {
                Hashtable hashtable = new Hashtable();
                if (str2 != null && str2.trim().length() > 0 && !"undefined".equals(str2)) {
                    hashtable.put("java.naming.security.principal", str2);
                }
                if (str3 != null && str3.trim().length() > 0 && !"undefined".equals(str3)) {
                    hashtable.put("java.naming.security.credentials", str3);
                }
                hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
                hashtable.put("java.naming.provider.url", ReverseProxySecurityRealm.toProviderUrl(fixEmptyAndTrim, ""));
                new InitialDirContext(hashtable).getAttributes("");
                return FormValidation.ok();
            } catch (NumberFormatException e) {
                return FormValidation.error(hudson.security.Messages.LDAPSecurityRealm_InvalidPortNumber());
            } catch (NamingException e2) {
                Matcher matcher = Pattern.compile("(ldaps?://)?([^:]+)(?:\\:(\\d+))?(\\s+(ldaps?://)?([^:]+)(?:\\:(\\d+))?)*").matcher(fixEmptyAndTrim.trim());
                if (!matcher.matches()) {
                    return FormValidation.error(hudson.security.Messages.LDAPSecurityRealm_SyntaxOfServerField());
                }
                try {
                    InetAddress byName = InetAddress.getByName(matcher.group(2));
                    int i = matcher.group(1) != null ? 636 : 389;
                    if (matcher.group(3) != null) {
                        i = Integer.parseInt(matcher.group(3));
                    }
                    new Socket(byName, i).close();
                    return FormValidation.error(e2, hudson.security.Messages.LDAPSecurityRealm_UnableToConnect(fixEmptyAndTrim, e2));
                } catch (UnknownHostException e3) {
                    return FormValidation.error(hudson.security.Messages.LDAPSecurityRealm_UnknownHost(e3.getMessage()));
                } catch (IOException e4) {
                    return FormValidation.error(e4, hudson.security.Messages.LDAPSecurityRealm_UnableToConnect(fixEmptyAndTrim, e4.getMessage()));
                }
            }
        }
    }

    /* loaded from: input_file:org/jenkinsci/plugins/reverse_proxy_auth/ReverseProxySecurityRealm$ReverseProxyUserDetailsService.class */
    public static class ReverseProxyUserDetailsService implements UserDetailsService {
        private final ReverseProxyAuthoritiesPopulator authoritiesPopulator;

        public ReverseProxyUserDetailsService(WebApplicationContext webApplicationContext) {
            this.authoritiesPopulator = (ReverseProxyAuthoritiesPopulator) SecurityRealm.findBean(ReverseProxyAuthoritiesPopulator.class, webApplicationContext);
        }

        /* renamed from: loadUserByUsername, reason: merged with bridge method [inline-methods] */
        public ReverseProxyUserDetails m2loadUserByUsername(String str) throws UsernameNotFoundException, DataAccessException {
            try {
                ReverseProxyUserDetails reverseProxyUserDetails = new ReverseProxyUserDetails();
                reverseProxyUserDetails.setUsername(str);
                reverseProxyUserDetails.setAuthorities(this.authoritiesPopulator.getGrantedAuthorities(reverseProxyUserDetails));
                return reverseProxyUserDetails;
            } catch (LdapDataAccessException e) {
                ReverseProxySecurityRealm.LOGGER.log(Level.WARNING, "Failed to search LDAP for username=" + str, e);
                throw new UserMayOrMayNotExistException(e.getMessage(), e);
            }
        }
    }

    @DataBoundConstructor
    public ReverseProxySecurityRealm(String str, String str2, String str3, String str4, String str5, String str6, String str7, boolean z, String str8, String str9, String str10, String str11, String str12, String str13, String str14, String str15, Integer num, boolean z2, String str16, String str17) {
        this.authorities = new GrantedAuthority[0];
        this.forwardedUser = Util.fixEmptyAndTrim(str);
        this.headerGroups = str2;
        if (StringUtils.isBlank(str3)) {
            this.headerGroupsDelimiter = "|";
        } else {
            this.headerGroupsDelimiter = str3.trim();
        }
        if (StringUtils.isBlank(str4)) {
            this.customLogInUrl = null;
        } else {
            this.customLogInUrl = str4;
        }
        if (StringUtils.isBlank(str5)) {
            this.customLogOutUrl = null;
        } else {
            this.customLogOutUrl = str5;
        }
        this.server = Util.fixEmptyAndTrim(str6);
        this.managerDN = Util.fixEmpty(str14);
        this.managerPassword = Scrambler.scramble(Util.fixEmpty(str15));
        this.inhibitInferRootDN = z;
        if (this.server != null) {
            if (!z && Util.fixEmptyAndTrim(str7) == null) {
                str7 = Util.fixNull(inferRootDN(str6));
            }
            this.rootDN = str7.trim();
        } else {
            this.rootDN = null;
        }
        this.userSearchBase = Util.fixNull(str8).trim();
        String fixEmptyAndTrim = Util.fixEmptyAndTrim(str9);
        this.userSearch = fixEmptyAndTrim != null ? fixEmptyAndTrim : "uid={0}";
        this.groupSearchBase = Util.fixEmptyAndTrim(str10);
        this.groupSearchFilter = Util.fixEmptyAndTrim(str11);
        this.groupMembershipFilter = Util.fixEmptyAndTrim(str12);
        this.groupNameAttribute = Util.fixEmptyAndTrim(str13);
        this.updateInterval = (num == null || num.intValue() <= 0) ? CHECK_INTERVAL : num.intValue();
        this.authorities = new GrantedAuthority[0];
        this.disableLdapEmailResolver = z2;
        this.displayNameLdapAttribute = str16;
        this.emailAddressLdapAttribute = str17;
    }

    public String getForwardedUser() {
        return this.forwardedUser;
    }

    public String getHeaderGroups() {
        return this.headerGroups;
    }

    public String getHeaderGroupsDelimiter() {
        return this.headerGroupsDelimiter;
    }

    @CheckForNull
    public String getServerUrl() {
        if (this.server == null) {
            return null;
        }
        StringBuilder sb = new StringBuilder();
        boolean z = true;
        for (String str : this.server.split("\\s+")) {
            if (str.trim().length() != 0) {
                if (z) {
                    z = false;
                } else {
                    sb.append(' ');
                }
                sb.append(addPrefix(str));
            }
        }
        return sb.toString();
    }

    public String getGroupSearchFilter() {
        return this.groupSearchFilter;
    }

    public String getGroupMembershipFilter() {
        return this.groupMembershipFilter;
    }

    public String getGroupNameAttribute() {
        return this.groupNameAttribute;
    }

    public void setGroupNameAttribute(String str) {
        this.groupNameAttribute = str;
    }

    public String getDisplayNameLdapAttribute() {
        return this.displayNameLdapAttribute;
    }

    public String getEmailAddressLdapAttribute() {
        return this.emailAddressLdapAttribute;
    }

    private String inferRootDN(String str) {
        try {
            Hashtable hashtable = new Hashtable();
            if (this.managerDN != null) {
                hashtable.put("java.naming.security.principal", this.managerDN);
                hashtable.put("java.naming.security.credentials", getManagerPassword());
            }
            hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
            hashtable.put("java.naming.provider.url", toProviderUrl(Util.fixNull(getServerUrl()), ""));
            Attributes attributes = new InitialDirContext(hashtable).getAttributes("");
            Attribute attribute = attributes.get("defaultNamingContext");
            if (attribute != null && attribute.get() != null) {
                return attribute.get().toString();
            }
            Attribute attribute2 = attributes.get("namingcontexts");
            if (attribute2 != null) {
                return attribute2.get().toString();
            }
            LOGGER.warning("namingcontexts attribute not found in root DSE of " + str);
            return null;
        } catch (NamingException e) {
            LOGGER.log(Level.WARNING, "Failed to connect to LDAP to infer Root DN for " + str, e);
            return null;
        }
    }

    @Nullable
    public static String toProviderUrl(@CheckForNull String str, @CheckForNull String str2) {
        if (str == null) {
            return null;
        }
        StringBuilder sb = new StringBuilder();
        boolean z = true;
        for (String str3 : str.split("\\s+")) {
            if (str3.trim().length() != 0) {
                if (z) {
                    z = false;
                } else {
                    sb.append(' ');
                }
                String addPrefix = addPrefix(str3);
                sb.append(addPrefix);
                if (!addPrefix.endsWith("/")) {
                    sb.append('/');
                }
                sb.append(Util.fixNull(str2));
            }
        }
        return sb.toString();
    }

    public String getManagerPassword() {
        return Scrambler.descramble(this.managerPassword);
    }

    public int getUpdateInterval() {
        return this.updateInterval;
    }

    public String getLDAPURL() {
        return toProviderUrl(getServerUrl(), Util.fixNull(this.rootDN));
    }

    public Filter createFilter(FilterConfig filterConfig) {
        return new ChainedServletFilter(new Filter[]{super.createFilter(filterConfig), new Filter() { // from class: org.jenkinsci.plugins.reverse_proxy_auth.ReverseProxySecurityRealm.1
            public void init(FilterConfig filterConfig2) throws ServletException {
            }

            /* JADX WARN: Code restructure failed: missing block: B:17:0x00a6, code lost:
            
                if (r0 == null) goto L19;
             */
            /* JADX WARN: Code restructure failed: missing block: B:18:0x00ae, code lost:
            
                org.jenkinsci.plugins.reverse_proxy_auth.ReverseProxySecurityRealm.LOGGER.log(java.util.logging.Level.FINE, "USER LOGGED IN: {0}", r13);
             */
            /* JADX WARN: Code restructure failed: missing block: B:19:0x00bd, code lost:
            
                if (r13 != null) goto L24;
             */
            /* JADX WARN: Code restructure failed: missing block: B:20:0x00c0, code lost:
            
                r13 = r12;
             */
            /* JADX WARN: Code restructure failed: missing block: B:22:0x00cb, code lost:
            
                if (r6.this$0.authContext != null) goto L27;
             */
            /* JADX WARN: Code restructure failed: missing block: B:23:0x00ce, code lost:
            
                r6.this$0.authContext = new java.util.Hashtable();
             */
            /* JADX WARN: Code restructure failed: missing block: B:25:0x00e4, code lost:
            
                if (r6.this$0.getLDAPURL() == null) goto L38;
             */
            /* JADX WARN: Code restructure failed: missing block: B:26:0x00e7, code lost:
            
                r0 = (org.acegisecurity.GrantedAuthority[]) r6.this$0.authContext.get(r13);
             */
            /* JADX WARN: Code restructure failed: missing block: B:27:0x00fa, code lost:
            
                if (r0 == null) goto L52;
             */
            /* JADX WARN: Code restructure failed: missing block: B:29:0x0101, code lost:
            
                if (r0.length <= 1) goto L52;
             */
            /* JADX WARN: Code restructure failed: missing block: B:30:0x0104, code lost:
            
                r6.this$0.authorities = r6.this$0.retrieveAuthoritiesIfNecessary(r13, r0);
             */
            /* JADX WARN: Code restructure failed: missing block: B:36:0x0119, code lost:
            
                r6.this$0.authorities = r6.this$0.loadUserByUsername(r13).getAuthorities();
                r0 = new java.util.HashSet(java.util.Arrays.asList(r6.this$0.authorities));
                r0.add(hudson.security.SecurityRealm.AUTHENTICATED_AUTHORITY);
                r6.this$0.authorities = (org.acegisecurity.GrantedAuthority[]) r0.toArray(new org.acegisecurity.GrantedAuthority[0]);
             */
            /* JADX WARN: Code restructure failed: missing block: B:38:0x016b, code lost:
            
                r16 = move-exception;
             */
            /* JADX WARN: Code restructure failed: missing block: B:39:0x016d, code lost:
            
                org.jenkinsci.plugins.reverse_proxy_auth.ReverseProxySecurityRealm.LOGGER.log(java.util.logging.Level.WARNING, "User not found in the LDAP directory: " + r16.getMessage());
                r0 = new java.util.HashSet();
                r0.add(hudson.security.SecurityRealm.AUTHENTICATED_AUTHORITY);
                r6.this$0.authorities = (org.acegisecurity.GrantedAuthority[]) r0.toArray(new org.acegisecurity.GrantedAuthority[0]);
             */
            /* JADX WARN: Code restructure failed: missing block: B:40:0x01b9, code lost:
            
                r0 = r0.getHeader(r6.this$0.headerGroups);
                r0 = new java.util.ArrayList();
                r0.add(hudson.security.SecurityRealm.AUTHENTICATED_AUTHORITY);
             */
            /* JADX WARN: Code restructure failed: missing block: B:41:0x01df, code lost:
            
                if (r0 == null) goto L44;
             */
            /* JADX WARN: Code restructure failed: missing block: B:42:0x01e2, code lost:
            
                r0 = new java.util.StringTokenizer(r0, r6.this$0.headerGroupsDelimiter);
             */
            /* JADX WARN: Code restructure failed: missing block: B:44:0x01f9, code lost:
            
                if (r0.hasMoreTokens() == false) goto L54;
             */
            /* JADX WARN: Code restructure failed: missing block: B:45:0x01fc, code lost:
            
                r0.add(new org.acegisecurity.GrantedAuthorityImpl(r0.nextToken().trim()));
             */
            /* JADX WARN: Code restructure failed: missing block: B:47:0x021a, code lost:
            
                r6.this$0.authorities = (org.acegisecurity.GrantedAuthority[]) r0.toArray(new org.acegisecurity.GrantedAuthority[0]);
                r0 = r6.this$0.proxyTemplate.searchForSingleAttributeValues(new org.jenkinsci.plugins.reverse_proxy_auth.data.UserSearchTemplate(r13), r6.this$0.authorities);
                r0 = new java.util.HashSet();
                r0 = (java.lang.String[]) r0.toArray(new java.lang.String[0]);
                r21 = 0;
             */
            /* JADX WARN: Code restructure failed: missing block: B:49:0x0270, code lost:
            
                if (r21 >= r0.length) goto L55;
             */
            /* JADX WARN: Code restructure failed: missing block: B:50:0x0273, code lost:
            
                r0.add(new org.acegisecurity.GrantedAuthorityImpl(r0[r21]));
                r21 = r21 + 1;
             */
            /* JADX WARN: Code restructure failed: missing block: B:52:0x028d, code lost:
            
                r6.this$0.authorities = (org.acegisecurity.GrantedAuthority[]) r0.toArray(new org.acegisecurity.GrantedAuthority[0]);
                r6.this$0.authContext.put(r13, r6.this$0.authorities);
                new org.acegisecurity.providers.UsernamePasswordAuthenticationToken(r13, "", r6.this$0.authorities);
             */
            /* JADX WARN: Code restructure failed: missing block: B:54:0x00ab, code lost:
            
                if (r12 != null) goto L21;
             */
            /*
                Code decompiled incorrectly, please refer to instructions dump.
                To view partially-correct add '--show-bad-code' argument
            */
            public void doFilter(javax.servlet.ServletRequest r7, javax.servlet.ServletResponse r8, javax.servlet.FilterChain r9) throws java.io.IOException, javax.servlet.ServletException {
                /*
                    Method dump skipped, instructions count: 783
                    To view this dump add '--comments-level debug' option
                */
                throw new UnsupportedOperationException("Method not decompiled: org.jenkinsci.plugins.reverse_proxy_auth.ReverseProxySecurityRealm.AnonymousClass1.doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain):void");
            }

            public void destroy() {
            }
        }});
    }

    public boolean canLogOut() {
        return this.customLogOutUrl != null;
    }

    public String getPostLogOutUrl(StaplerRequest staplerRequest, Authentication authentication) {
        return this.customLogOutUrl == null ? super.getPostLogOutUrl(staplerRequest, authentication) : this.customLogOutUrl;
    }

    public SecurityRealm.SecurityComponents createSecurityComponents() throws DataAccessException {
        Binding binding = new Binding();
        binding.setVariable("instance", this);
        BeanBuilder beanBuilder = new BeanBuilder(Jenkins.getActiveInstance().pluginManager.uberClassLoader);
        String str = getLDAPURL() != null ? "ReverseProxyLDAPSecurityRealm.groovy" : "ReverseProxySecurityRealm.groovy";
        File file = new File(Jenkins.getActiveInstance().getRootDir(), str);
        try {
            InputStream fileInputStream = file.exists() ? new FileInputStream(file) : getClass().getResourceAsStream(str);
            Throwable th = null;
            try {
                if (fileInputStream == null) {
                    throw new FileNotFoundException("Cannot find resource " + str);
                }
                beanBuilder.parse(fileInputStream, binding);
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                WebApplicationContext createApplicationContext = beanBuilder.createApplicationContext();
                if (getLDAPURL() == null) {
                    this.proxyTemplate = new ReverseProxySearchTemplate();
                    return new SecurityRealm.SecurityComponents((AuthenticationManager) findBean(AuthenticationManager.class, createApplicationContext), new ReverseProxyUserDetailsService(createApplicationContext));
                }
                this.ldapTemplate = new LdapTemplate((InitialDirContextFactory) findBean(InitialDirContextFactory.class, createApplicationContext));
                if (this.groupMembershipFilter != null || this.groupNameAttribute != null) {
                    ProxyLDAPAuthoritiesPopulator proxyLDAPAuthoritiesPopulator = (ProxyLDAPAuthoritiesPopulator) findBean(ProxyLDAPAuthoritiesPopulator.class, createApplicationContext);
                    if (this.groupMembershipFilter != null) {
                        proxyLDAPAuthoritiesPopulator.setGroupSearchFilter(this.groupMembershipFilter);
                    }
                    if (this.groupNameAttribute != null) {
                        proxyLDAPAuthoritiesPopulator.setGroupRoleAttribute(this.groupNameAttribute);
                    }
                }
                return new SecurityRealm.SecurityComponents((AuthenticationManager) findBean(AuthenticationManager.class, createApplicationContext), new ProxyLDAPUserDetailsService(this, createApplicationContext));
            } finally {
            }
        } catch (IOException e) {
            throw new DataAccessResourceFailureException("Failed to load " + str, e);
        }
    }

    public UserDetails loadUserByUsername(String str) throws UsernameNotFoundException, DataAccessException {
        UserDetails loadUserByUsername = getSecurityComponents().userDetails.loadUserByUsername(str);
        if (loadUserByUsername instanceof LdapUserDetails) {
            updateLdapUserDetails((LdapUserDetails) loadUserByUsername);
        }
        return loadUserByUsername;
    }

    public LdapUserDetails updateLdapUserDetails(LdapUserDetails ldapUserDetails) {
        LOGGER.log(Level.FINEST, "displayNameLdapAttribute" + this.displayNameLdapAttribute);
        LOGGER.log(Level.FINEST, "disableLdapEmailResolver" + this.disableLdapEmailResolver);
        LOGGER.log(Level.FINEST, "emailAddressLdapAttribute" + this.emailAddressLdapAttribute);
        if (ldapUserDetails.getAttributes() == null) {
            LOGGER.log(Level.FINEST, "getAttributes is null");
        } else {
            User user = User.get(ldapUserDetails.getUsername());
            if (!StringUtils.isBlank(this.displayNameLdapAttribute)) {
                LOGGER.log(Level.FINEST, "Getting user details from LDAP attributes");
                try {
                    Attribute attribute = ldapUserDetails.getAttributes().get(this.displayNameLdapAttribute);
                    String str = attribute == null ? null : (String) attribute.get();
                    LOGGER.log(Level.FINEST, "displayName is " + str);
                    if (StringUtils.isNotBlank(str)) {
                        user.setFullName(str);
                    }
                } catch (NamingException e) {
                    LOGGER.log(Level.FINEST, "Could not retrieve display name attribute", e);
                }
            }
            if (!this.disableLdapEmailResolver && !StringUtils.isBlank(this.emailAddressLdapAttribute)) {
                try {
                    Attribute attribute2 = ldapUserDetails.getAttributes().get(this.emailAddressLdapAttribute);
                    String str2 = attribute2 == null ? null : (String) attribute2.get();
                    if (StringUtils.isNotBlank(str2)) {
                        LOGGER.log(Level.FINEST, "mailAddress is " + str2);
                        Mailer.UserProperty property = user.getProperty(Mailer.UserProperty.class);
                        if (property == null || !property.hasExplicitlyConfiguredAddress()) {
                            LOGGER.log(Level.FINEST, "user mail address has been changed");
                            user.addProperty(new Mailer.UserProperty(str2));
                        }
                    }
                } catch (IOException e2) {
                    LOGGER.log(Level.WARNING, "Failed to associate the e-mail address", (Throwable) e2);
                } catch (NamingException e3) {
                    LOGGER.log(Level.FINEST, "Could not retrieve email address attribute", e3);
                }
            }
        }
        return ldapUserDetails;
    }

    public GroupDetails loadGroupByGroupname(String str) throws UsernameNotFoundException, DataAccessException {
        Set<String> searchForSingleAttributeValues;
        if (getLDAPURL() != null) {
            searchForSingleAttributeValues = this.ldapTemplate.searchForSingleAttributeValues(this.groupSearchBase != null ? this.groupSearchBase : "", this.groupSearchFilter != null ? this.groupSearchFilter : GROUP_SEARCH, new String[]{str}, "cn");
        } else {
            searchForSingleAttributeValues = this.proxyTemplate.searchForSingleAttributeValues(new GroupSearchTemplate(str), this.authContext != null ? this.authContext.get(SecurityContextHolder.getContext().getAuthentication().getName()) : null);
        }
        if (searchForSingleAttributeValues.isEmpty()) {
            throw new UsernameNotFoundException(str);
        }
        final Set<String> set = searchForSingleAttributeValues;
        return new GroupDetails() { // from class: org.jenkinsci.plugins.reverse_proxy_auth.ReverseProxySecurityRealm.2
            public String getName() {
                return (String) set.iterator().next();
            }
        };
    }

    public <T> T extractBean(Class<T> cls, WebApplicationContext webApplicationContext) {
        return (T) findBean(cls, webApplicationContext);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public GrantedAuthority[] retrieveAuthoritiesIfNecessary(String str, GrantedAuthority[] grantedAuthorityArr) {
        GrantedAuthority[] grantedAuthorityArr2 = grantedAuthorityArr;
        if (getLDAPURL() != null) {
            long currentTimeMillis = System.currentTimeMillis();
            if (this.authorityUpdateCache == null || !this.authorityUpdateCache.containsKey(str)) {
                if (this.authorityUpdateCache == null) {
                    this.authorityUpdateCache = new Hashtable<>();
                }
                this.authorityUpdateCache.put(str, Long.valueOf(currentTimeMillis));
            } else {
                long longValue = ((currentTimeMillis - this.authorityUpdateCache.get(str).longValue()) / 1000) / 60;
                if (longValue >= this.updateInterval) {
                    LOGGER.log(Level.INFO, "The check interval reached the threshold of " + longValue + "min, will now update the authorities");
                    HashSet hashSet = new HashSet(Arrays.asList(loadUserByUsername(str).getAuthorities()));
                    hashSet.add(AUTHENTICATED_AUTHORITY);
                    grantedAuthorityArr2 = (GrantedAuthority[]) hashSet.toArray(new GrantedAuthority[0]);
                    this.authorityUpdateCache.put(str, Long.valueOf(currentTimeMillis));
                    LOGGER.log(Level.INFO, "Authorities for user " + str + " have been updated.");
                }
            }
        }
        return grantedAuthorityArr2;
    }

    private static String addPrefix(String str) {
        return str.contains("://") ? str : "ldap://" + str;
    }
}
