package hudson.security;

import com.sun.jndi.ldap.LdapCtxFactory;
import groovy.lang.Binding;
import hudson.Util;
import hudson.model.Descriptor;
import hudson.model.Hudson;
import hudson.model.User;
import hudson.security.SecurityRealm;
import hudson.tasks.MailAddressResolver;
import hudson.util.FormValidation;
import hudson.util.Scrambler;
import hudson.util.spring.BeanBuilder;
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.util.Collections;
import java.util.Hashtable;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import org.acegisecurity.AuthenticationManager;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.ldap.InitialDirContextFactory;
import org.acegisecurity.ldap.LdapDataAccessException;
import org.acegisecurity.ldap.LdapTemplate;
import org.acegisecurity.ldap.LdapUserSearch;
import org.acegisecurity.providers.ldap.LdapAuthoritiesPopulator;
import org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator;
import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.UserDetailsService;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.acegisecurity.userdetails.ldap.LdapUserDetails;
import org.acegisecurity.userdetails.ldap.LdapUserDetailsImpl;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.QueryParameter;
import org.springframework.dao.DataAccessException;
import org.springframework.web.context.WebApplicationContext;

/* loaded from: input_file:WEB-INF/lib/hudson-core-1.304.jar:hudson/security/LDAPSecurityRealm.class */
public class LDAPSecurityRealm extends SecurityRealm {
    public final String server;
    public final String rootDN;
    public final String userSearchBase;
    public final String userSearch;
    public final String groupSearchBase;
    public final String managerDN;
    private final String managerPassword;
    private transient LdapTemplate ldapTemplate;
    private static final Logger LOGGER = Logger.getLogger(LDAPSecurityRealm.class.getName());
    public static String GROUP_SEARCH = System.getProperty(LDAPSecurityRealm.class.getName() + ".groupSearch", "(& (cn={0}) (| (objectclass=groupOfNames) (objectclass=groupOfUniqueNames) (objectclass=posixGroup)))");

    /* loaded from: input_file:WEB-INF/lib/hudson-core-1.304.jar:hudson/security/LDAPSecurityRealm$AuthoritiesPopulatorImpl.class */
    public static final class AuthoritiesPopulatorImpl extends DefaultLdapAuthoritiesPopulator {
        public AuthoritiesPopulatorImpl(InitialDirContextFactory initialDirContextFactory, String str) {
            super(initialDirContextFactory, str);
        }

        @Override // org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator
        protected Set getAdditionalRoles(LdapUserDetails ldapUserDetails) {
            return Collections.singleton(SecurityRealm.AUTHENTICATED_AUTHORITY);
        }
    }

    /* loaded from: input_file:WEB-INF/lib/hudson-core-1.304.jar:hudson/security/LDAPSecurityRealm$DescriptorImpl.class */
    public static final class DescriptorImpl extends Descriptor<SecurityRealm> {
        @Override // hudson.model.Descriptor
        public String getDisplayName() {
            return Messages.LDAPSecurityRealm_DisplayName();
        }

        public FormValidation doServerCheck(@QueryParameter String str, @QueryParameter String str2, @QueryParameter String str3) {
            if (!Hudson.getInstance().hasPermission(Hudson.ADMINISTER)) {
                return FormValidation.ok();
            }
            try {
                Hashtable hashtable = new Hashtable();
                if (str2 != null && str2.trim().length() > 0 && !"undefined".equals(str2)) {
                    hashtable.put("java.naming.security.principal", str2);
                }
                if (str3 != null && str3.trim().length() > 0 && !"undefined".equals(str3)) {
                    hashtable.put("java.naming.security.credentials", str3);
                }
                LdapCtxFactory.getLdapCtxInstance(LDAPSecurityRealm.addPrefix(str) + '/', hashtable).getAttributes("");
                return FormValidation.ok();
            } catch (NamingException e) {
                Matcher matcher = Pattern.compile("(ldaps://)?([^:]+)(?:\\:(\\d+))?").matcher(str.trim());
                if (!matcher.matches()) {
                    return FormValidation.error("Syntax of server field is SERVER or SERVER:PORT or ldaps://SERVER[:PORT]");
                }
                try {
                    InetAddress byName = InetAddress.getByName(matcher.group(2));
                    int i = matcher.group(1) != null ? 636 : 389;
                    if (matcher.group(3) != null) {
                        i = Integer.parseInt(matcher.group(3));
                    }
                    new Socket(byName, i).close();
                    return FormValidation.error("Unable to connect to " + str + ": " + e);
                } catch (UnknownHostException e2) {
                    return FormValidation.error("Unknown host: " + e2.getMessage());
                } catch (IOException e3) {
                    return FormValidation.error("Unable to connect to " + str + " : " + e3.getMessage());
                }
            } catch (NumberFormatException e4) {
                return FormValidation.error("Invalid port number");
            }
        }
    }

    /* loaded from: input_file:WEB-INF/lib/hudson-core-1.304.jar:hudson/security/LDAPSecurityRealm$MailAdressResolverImpl.class */
    public static final class MailAdressResolverImpl extends MailAddressResolver {
        @Override // hudson.tasks.MailAddressResolver
        public String findMailAddressFor(User user) {
            SecurityRealm securityRealm = Hudson.getInstance().getSecurityRealm();
            if (!(securityRealm instanceof LDAPSecurityRealm)) {
                return null;
            }
            try {
                Attribute attribute = ((LdapUserDetails) securityRealm.getSecurityComponents().userDetails.loadUserByUsername(user.getId())).getAttributes().get("mail");
                if (attribute == null) {
                    return null;
                }
                return (String) attribute.get();
            } catch (DataAccessException e) {
                LDAPSecurityRealm.LOGGER.log(Level.FINE, "Failed to look up LDAP for e-mail address", (Throwable) e);
                return null;
            } catch (NamingException e2) {
                LDAPSecurityRealm.LOGGER.log(Level.FINE, "Failed to look up LDAP for e-mail address", e2);
                return null;
            } catch (UsernameNotFoundException e3) {
                LDAPSecurityRealm.LOGGER.log(Level.FINE, "Failed to look up LDAP for e-mail address", (Throwable) e3);
                return null;
            }
        }
    }

    @DataBoundConstructor
    public LDAPSecurityRealm(String str, String str2, String str3, String str4, String str5, String str6, String str7) {
        this.server = str.trim();
        this.rootDN = (Util.fixEmptyAndTrim(str2) == null ? Util.fixNull(inferRootDN(str)) : str2).trim();
        this.userSearchBase = str3.trim();
        String fixEmptyAndTrim = Util.fixEmptyAndTrim(str4);
        this.userSearch = fixEmptyAndTrim != null ? fixEmptyAndTrim : "uid={0}";
        this.groupSearchBase = Util.fixEmptyAndTrim(str5);
        this.managerDN = Util.fixEmpty(str6);
        this.managerPassword = Scrambler.scramble(Util.fixEmpty(str7));
    }

    public String getServerUrl() {
        return addPrefix(this.server);
    }

    private String inferRootDN(String str) {
        try {
            Hashtable hashtable = new Hashtable();
            if (this.managerDN != null) {
                hashtable.put("java.naming.security.principal", this.managerDN);
                hashtable.put("java.naming.security.credentials", getManagerPassword());
            }
            Attributes attributes = LdapCtxFactory.getLdapCtxInstance(getServerUrl() + '/', hashtable).getAttributes("");
            Attribute attribute = attributes.get("defaultNamingContext");
            if (attribute != null) {
                return attribute.toString();
            }
            Attribute attribute2 = attributes.get("namingcontexts");
            if (attribute2 != null) {
                return attribute2.get().toString();
            }
            LOGGER.warning("namingcontexts attribute not found in root DSE of " + str);
            return null;
        } catch (NamingException e) {
            LOGGER.log(Level.WARNING, "Failed to connect to LDAP to infer Root DN for " + str, e);
            return null;
        }
    }

    public String getManagerPassword() {
        return Scrambler.descramble(this.managerPassword);
    }

    public String getLDAPURL() {
        return getServerUrl() + '/' + Util.fixNull(this.rootDN);
    }

    @Override // hudson.security.SecurityRealm
    public SecurityRealm.SecurityComponents createSecurityComponents() {
        Binding binding = new Binding();
        binding.setVariable("instance", this);
        BeanBuilder beanBuilder = new BeanBuilder();
        beanBuilder.parse(Hudson.getInstance().servletContext.getResourceAsStream("/WEB-INF/security/LDAPBindSecurityRealm.groovy"), binding);
        final WebApplicationContext createApplicationContext = beanBuilder.createApplicationContext();
        this.ldapTemplate = new LdapTemplate((InitialDirContextFactory) findBean(InitialDirContextFactory.class, createApplicationContext));
        return new SecurityRealm.SecurityComponents((AuthenticationManager) findBean(AuthenticationManager.class, createApplicationContext), new UserDetailsService() { // from class: hudson.security.LDAPSecurityRealm.1
            final LdapUserSearch ldapSearch;
            final LdapAuthoritiesPopulator authoritiesPopulator;

            {
                this.ldapSearch = (LdapUserSearch) SecurityRealm.findBean(LdapUserSearch.class, createApplicationContext);
                this.authoritiesPopulator = (LdapAuthoritiesPopulator) SecurityRealm.findBean(LdapAuthoritiesPopulator.class, createApplicationContext);
            }

            @Override // org.acegisecurity.userdetails.UserDetailsService
            public UserDetails loadUserByUsername(String str) throws UsernameNotFoundException, DataAccessException {
                try {
                    LdapUserDetails searchForUser = this.ldapSearch.searchForUser(str);
                    if (searchForUser != null) {
                        LdapUserDetailsImpl.Essence essence = new LdapUserDetailsImpl.Essence(searchForUser);
                        for (GrantedAuthority grantedAuthority : this.authoritiesPopulator.getGrantedAuthorities(searchForUser)) {
                            essence.addAuthority(grantedAuthority);
                        }
                        searchForUser = essence.createUserDetails();
                    }
                    return searchForUser;
                } catch (LdapDataAccessException e) {
                    LDAPSecurityRealm.LOGGER.log(Level.WARNING, "Failed to search LDAP for username=" + str, (Throwable) e);
                    throw new UserMayOrMayNotExistException(e.getMessage(), (Throwable) e);
                }
            }
        });
    }

    @Override // hudson.security.SecurityRealm
    public GroupDetails loadGroupByGroupname(String str) throws UsernameNotFoundException, DataAccessException {
        final Set searchForSingleAttributeValues = this.ldapTemplate.searchForSingleAttributeValues(this.groupSearchBase != null ? this.groupSearchBase : "", GROUP_SEARCH, new String[]{str}, "cn");
        if (searchForSingleAttributeValues.isEmpty()) {
            throw new UsernameNotFoundException(str);
        }
        return new GroupDetails() { // from class: hudson.security.LDAPSecurityRealm.2
            @Override // hudson.security.GroupDetails
            public String getName() {
                return (String) searchForSingleAttributeValues.iterator().next();
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String addPrefix(String str) {
        return str.contains("://") ? str : "ldap://" + str;
    }
}
