package jp.ikedam.jenkins.plugins.ldap_sasl;

import hudson.DescriptorExtensionList;
import hudson.Extension;
import hudson.model.AutoCompletionCandidates;
import hudson.model.Descriptor;
import hudson.security.AbstractPasswordBasedSecurityRealm;
import hudson.security.GroupDetails;
import hudson.security.SecurityRealm;
import hudson.util.FormValidation;
import java.io.Serializable;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Logger;
import javax.naming.InvalidNameException;
import javax.naming.NamingException;
import javax.naming.ldap.Control;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapName;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationServiceException;
import org.acegisecurity.BadCredentialsException;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.apache.commons.lang.StringUtils;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.QueryParameter;
import org.springframework.dao.DataAccessException;

/* loaded from: input_file:jp/ikedam/jenkins/plugins/ldap_sasl/LdapSaslSecurityRealm.class */
public class LdapSaslSecurityRealm extends AbstractPasswordBasedSecurityRealm implements Serializable {
    private static final long serialVersionUID = 4771805355880928786L;
    protected static final String SEPERATOR_PATTERN = "[\\s,]+";
    private List<String> mechanismList;
    private UserDnResolver userDnResolver;
    private GroupResolver groupResolver;
    private int connectionTimeout;
    private int readTimeout;
    private String groupSearchBase = null;
    private String groupPrefix = null;
    private List<String> ldapUriList = new ArrayList();

    @Extension
    /* loaded from: input_file:jp/ikedam/jenkins/plugins/ldap_sasl/LdapSaslSecurityRealm$DescriptorImpl.class */
    public static final class DescriptorImpl extends Descriptor<SecurityRealm> {
        private static String[] MECH_CANDIDATES = {"DIGEST-MD5", "CRAM-MD5", "PLAIN", "EXTERNAL "};

        public String getDisplayName() {
            return Messages.LdapSaslSecurityRealm_DisplayName();
        }

        public String[] getMechanismCandidates() {
            return MECH_CANDIDATES;
        }

        public AutoCompletionCandidates doAutoCompleteMechanisms(@QueryParameter String str, @QueryParameter String str2) {
            int i;
            AutoCompletionCandidates autoCompletionCandidates = new AutoCompletionCandidates();
            String[] mechanismCandidates = getMechanismCandidates();
            String[] split = str2 != null ? str2.split(LdapSaslSecurityRealm.SEPERATOR_PATTERN) : new String[0];
            for (String str3 : mechanismCandidates) {
                if (StringUtils.isBlank(str) || str3.toLowerCase().startsWith(str.toLowerCase())) {
                    int length = split.length;
                    while (true) {
                        if (i >= length) {
                            autoCompletionCandidates.add(str3);
                            break;
                        }
                        String str4 = split[i];
                        i = (StringUtils.isBlank(str4) || !str4.equals(str3)) ? i + 1 : 0;
                    }
                }
            }
            return autoCompletionCandidates;
        }

        public DescriptorExtensionList<UserDnResolver, Descriptor<UserDnResolver>> getUserDnResolverList() {
            return UserDnResolver.all();
        }

        public DescriptorExtensionList<GroupResolver, Descriptor<GroupResolver>> getGroupResolverList() {
            return GroupResolver.all();
        }

        public FormValidation doCheckLdapUriList(@QueryParameter String str) {
            if (StringUtils.isBlank(str)) {
                return FormValidation.error(Messages.LdapSaslSecurityRealm_LdapUriList_empty());
            }
            try {
                URI uri = new URI(StringUtils.trim(str));
                if (StringUtils.isBlank(uri.getScheme()) || !("ldap".equals(uri.getScheme().toLowerCase()) || "ldaps".equals(uri.getScheme().toLowerCase()))) {
                    return FormValidation.error(Messages.LdapSaslSecurityRealm_LdapUriList_invalid("invalid scheme"));
                }
                if (uri.getPort() != -1 && (uri.getPort() < 1 || uri.getPort() > 65535)) {
                    return FormValidation.error(Messages.LdapSaslSecurityRealm_LdapUriList_invalid("Invalid port number"));
                }
                if (!StringUtils.isEmpty(uri.getUserInfo())) {
                    return FormValidation.error(Messages.LdapSaslSecurityRealm_LdapUriList_invalid("Cannot specify a user information."));
                }
                if (!StringUtils.isEmpty(uri.getQuery())) {
                    return FormValidation.error(Messages.LdapSaslSecurityRealm_LdapUriList_invalid("Cannot specify a query."));
                }
                if (!StringUtils.isEmpty(uri.getFragment())) {
                    return FormValidation.error(Messages.LdapSaslSecurityRealm_LdapUriList_invalid("Cannot specify a fragment."));
                }
                String path = uri.getPath();
                if (path != null && path.startsWith("/")) {
                    path = path.substring(1);
                }
                if (!StringUtils.isEmpty(path)) {
                    try {
                        new LdapName(path);
                    } catch (InvalidNameException e) {
                        return FormValidation.error(Messages.LdapSaslSecurityRealm_LdapUriList_invalid(e.getMessage()));
                    }
                }
                return "ldaps".equals(uri.getScheme().toLowerCase()) ? FormValidation.warning(Messages.LdapSaslSecurityRealm_LdapUriList_ldaps()) : FormValidation.ok();
            } catch (URISyntaxException e2) {
                return FormValidation.error(Messages.LdapSaslSecurityRealm_LdapUriList_invalid(e2.getMessage()));
            }
        }

        public FormValidation doCheckMechanisms(@QueryParameter String str) {
            if (StringUtils.isBlank(str)) {
                return FormValidation.error(Messages.LdapSaslSecurityRealm_Mechanisms_empty());
            }
            Iterator it = Arrays.asList(str.split(LdapSaslSecurityRealm.SEPERATOR_PATTERN)).iterator();
            while (it.hasNext()) {
                if (!StringUtils.isBlank((String) it.next())) {
                    return FormValidation.ok();
                }
            }
            return FormValidation.error(Messages.LdapSaslSecurityRealm_Mechanisms_empty());
        }
    }

    public List<String> getLdapUriList() {
        return this.ldapUriList;
    }

    public String getValidLdapUris() {
        ArrayList arrayList = new ArrayList();
        DescriptorImpl descriptorImpl = (DescriptorImpl) getDescriptor();
        if (getLdapUriList() != null) {
            for (String str : getLdapUriList()) {
                if (descriptorImpl.doCheckLdapUriList(str).kind != FormValidation.Kind.ERROR) {
                    arrayList.add(str);
                }
            }
        }
        if (arrayList.isEmpty()) {
            return null;
        }
        return StringUtils.join(arrayList, " ");
    }

    public List<String> getMechanismList() {
        return this.mechanismList;
    }

    public String getMechanisms() {
        return StringUtils.join(getMechanismList(), " ");
    }

    public UserDnResolver getUserDnResolver() {
        return this.userDnResolver;
    }

    public GroupResolver getGroupResolver() {
        return this.groupResolver;
    }

    public Object readResolve() {
        if (this.groupSearchBase != null && this.groupPrefix != null) {
            this.userDnResolver = new LdapWhoamiUserDnResolver();
            this.groupResolver = !StringUtils.isBlank(this.groupSearchBase) ? new SearchGroupResolver(this.groupSearchBase, this.groupPrefix) : new NoGroupResolver();
            this.groupSearchBase = null;
            this.groupPrefix = null;
        }
        return this;
    }

    public int getConnectionTimeout() {
        return this.connectionTimeout;
    }

    public int getReadTimeout() {
        return this.readTimeout;
    }

    @DataBoundConstructor
    public LdapSaslSecurityRealm(List<String> list, String str, UserDnResolver userDnResolver, GroupResolver groupResolver, int i, int i2) {
        this.userDnResolver = null;
        this.groupResolver = null;
        if (list != null) {
            for (String str2 : list) {
                if (!StringUtils.isBlank(str2)) {
                    this.ldapUriList.add(StringUtils.trim(str2));
                }
            }
        }
        List<String> asList = str != null ? Arrays.asList(str.split(SEPERATOR_PATTERN)) : new ArrayList(0);
        this.mechanismList = new ArrayList();
        for (String str3 : asList) {
            if (!StringUtils.isBlank(str3)) {
                this.mechanismList.add(StringUtils.trim(str3));
            }
        }
        this.userDnResolver = userDnResolver;
        this.groupResolver = groupResolver;
        this.connectionTimeout = i;
        this.readTimeout = i2;
    }

    protected UserDetails authenticate(String str, String str2) throws AuthenticationException {
        Logger logger = getLogger();
        String validLdapUris = getValidLdapUris();
        if (StringUtils.isBlank(validLdapUris)) {
            logger.severe("No valid LDAP URI is specified.");
            throw new AuthenticationServiceException("No valid LDAP URI is specified.");
        }
        String mechanisms = getMechanisms();
        if (StringUtils.isBlank(mechanisms)) {
            logger.severe("No valid mechanism is specified.");
            throw new AuthenticationServiceException("No valid mechanism is specified.");
        }
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", validLdapUris);
        hashtable.put("java.naming.security.principal", str);
        hashtable.put("java.naming.security.credentials", str2);
        hashtable.put("java.naming.security.authentication", mechanisms);
        hashtable.put("com.sun.jndi.ldap.connect.timeout", Integer.toString(getConnectionTimeout()));
        hashtable.put("com.sun.jndi.ldap.read.timeout", Integer.toString(getReadTimeout()));
        logger.fine("Authenticating with LDAP-SASL:");
        logger.fine(String.format("username=%s", str));
        logger.fine(String.format("servers=%s", validLdapUris));
        logger.fine(String.format("mech=%s", mechanisms));
        try {
            InitialLdapContext initialLdapContext = new InitialLdapContext(hashtable, (Control[]) null);
            String userDn = getUserDnResolver() != null ? getUserDnResolver().getUserDn(initialLdapContext, str) : null;
            logger.fine(String.format("User DN is %s", userDn));
            List<GrantedAuthority> resolveGroup = getGroupResolver() != null ? getGroupResolver().resolveGroup(initialLdapContext, userDn, str) : new ArrayList<>();
            logger.fine("Authenticating succeeded.");
            return new LdapUser(str, "", userDn, true, true, true, true, (GrantedAuthority[]) resolveGroup.toArray(new GrantedAuthority[0]));
        } catch (javax.naming.AuthenticationException e) {
            throw new BadCredentialsException(String.format("Authentication failed: %s", str), e);
        } catch (NamingException e2) {
            throw new AuthenticationServiceException(String.format("Authentication failed: %s", str), e2);
        }
    }

    private Logger getLogger() {
        return Logger.getLogger(getClass().getName());
    }

    public UserDetails loadUserByUsername(String str) throws UsernameNotFoundException, DataAccessException {
        return null;
    }

    public GroupDetails loadGroupByGroupname(String str) throws UsernameNotFoundException, DataAccessException {
        return null;
    }
}
