package hudson.security;

import hudson.EnvVars;
import hudson.Extension;
import hudson.Functions;
import hudson.Util;
import hudson.model.Descriptor;
import hudson.security.SecurityRealm;
import hudson.util.FormValidation;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Set;
import org.eclipse.hudson.jna.NativeAccessException;
import org.eclipse.hudson.jna.NativeUtils;
import org.eclipse.hudson.security.HudsonSecurityEntitiesHolder;
import org.kohsuke.stapler.DataBoundConstructor;
import org.springframework.dao.DataAccessException;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationException;
import org.springframework.security.BadCredentialsException;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.providers.AuthenticationProvider;
import org.springframework.security.providers.ProviderManager;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.providers.anonymous.AnonymousAuthenticationProvider;
import org.springframework.security.providers.rememberme.RememberMeAuthenticationProvider;
import org.springframework.security.userdetails.User;
import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.userdetails.UserDetailsService;
import org.springframework.security.userdetails.UsernameNotFoundException;

/* loaded from: input_file:WEB-INF/lib/hudson-core-3.1.1.jar:hudson/security/PAMSecurityRealm.class */
public class PAMSecurityRealm extends SecurityRealm {
    public final String serviceName;

    /* loaded from: input_file:WEB-INF/lib/hudson-core-3.1.1.jar:hudson/security/PAMSecurityRealm$DescriptorImpl.class */
    public static final class DescriptorImpl extends Descriptor<SecurityRealm> {
        @Override // hudson.model.Descriptor
        public String getDisplayName() {
            return Messages.PAMSecurityRealm_DisplayName();
        }

        public FormValidation doTest() {
            try {
                String checkPamAuthentication = NativeUtils.getInstance().checkPamAuthentication();
                return checkPamAuthentication.startsWith("Error:") ? FormValidation.error(checkPamAuthentication.replaceFirst("Error:", "")) : FormValidation.ok(checkPamAuthentication);
            } catch (NativeAccessException e) {
                return FormValidation.error("Native Support for PAM Authentication not available.");
            }
        }
    }

    /* loaded from: input_file:WEB-INF/lib/hudson-core-3.1.1.jar:hudson/security/PAMSecurityRealm$PAMAuthenticationProvider.class */
    public static class PAMAuthenticationProvider implements AuthenticationProvider {
        private String serviceName;

        public PAMAuthenticationProvider(String str) {
            this.serviceName = str;
        }

        @Override // org.springframework.security.providers.AuthenticationProvider
        public Authentication authenticate(Authentication authentication) throws AuthenticationException {
            String obj = authentication.getPrincipal().toString();
            String obj2 = authentication.getCredentials().toString();
            try {
                Set<String> pamAuthenticate = NativeUtils.getInstance().pamAuthenticate(this.serviceName, obj, obj2);
                GrantedAuthority[] grantedAuthorityArr = new GrantedAuthority[pamAuthenticate.size()];
                int i = 0;
                Iterator<String> it = pamAuthenticate.iterator();
                while (it.hasNext()) {
                    int i2 = i;
                    i++;
                    grantedAuthorityArr[i2] = new GrantedAuthorityImpl(it.next());
                }
                EnvVars.setHudsonUserEnvVar(obj);
                return new UsernamePasswordAuthenticationToken(obj, obj2, grantedAuthorityArr);
            } catch (NativeAccessException e) {
                throw new BadCredentialsException(e.getMessage(), (Throwable) e);
            }
        }

        @Override // org.springframework.security.providers.AuthenticationProvider
        public boolean supports(Class cls) {
            return true;
        }
    }

    @DataBoundConstructor
    public PAMSecurityRealm(String str) {
        String fixEmptyAndTrim = Util.fixEmptyAndTrim(str);
        this.serviceName = fixEmptyAndTrim == null ? "sshd" : fixEmptyAndTrim;
    }

    @Override // hudson.security.SecurityRealm
    public SecurityRealm.SecurityComponents createSecurityComponents() {
        PAMAuthenticationProvider pAMAuthenticationProvider = new PAMAuthenticationProvider(this.serviceName);
        RememberMeAuthenticationProvider rememberMeAuthenticationProvider = new RememberMeAuthenticationProvider();
        rememberMeAuthenticationProvider.setKey(HudsonSecurityEntitiesHolder.getHudsonSecurityManager().getSecretKey());
        AnonymousAuthenticationProvider anonymousAuthenticationProvider = new AnonymousAuthenticationProvider();
        anonymousAuthenticationProvider.setKey("anonymous");
        AuthenticationProvider[] authenticationProviderArr = {pAMAuthenticationProvider, rememberMeAuthenticationProvider, anonymousAuthenticationProvider};
        ProviderManager providerManager = new ProviderManager();
        providerManager.setProviders(Arrays.asList(authenticationProviderArr));
        return new SecurityRealm.SecurityComponents(providerManager, new UserDetailsService() { // from class: hudson.security.PAMSecurityRealm.1
            @Override // org.springframework.security.userdetails.UserDetailsService
            public UserDetails loadUserByUsername(String str) throws UsernameNotFoundException, DataAccessException {
                try {
                    if (NativeUtils.getInstance().checkUnixUser(str)) {
                        return new User(str, "", true, true, true, true, new GrantedAuthority[]{SecurityRealm.AUTHENTICATED_AUTHORITY});
                    }
                    throw new UsernameNotFoundException("No such Unix user: " + str);
                } catch (NativeAccessException e) {
                    throw new DataAccessException("Failed to find Unix User", e) { // from class: hudson.security.PAMSecurityRealm.1.1
                    };
                }
            }
        });
    }

    @Override // hudson.security.SecurityRealm
    public GroupDetails loadGroupByGroupname(final String str) throws UsernameNotFoundException, DataAccessException {
        try {
            if (NativeUtils.getInstance().checkUnixGroup(str)) {
                return new GroupDetails() { // from class: hudson.security.PAMSecurityRealm.3
                    @Override // hudson.security.GroupDetails
                    public String getName() {
                        return str;
                    }
                };
            }
            throw new UsernameNotFoundException("No such Unix group: " + str);
        } catch (NativeAccessException e) {
            throw new DataAccessException("Failed to find Unix Group", e) { // from class: hudson.security.PAMSecurityRealm.2
            };
        }
    }

    @Extension
    public static DescriptorImpl install() {
        if (Functions.isWindows()) {
            return null;
        }
        return new DescriptorImpl();
    }
}
