package org.jenkins.wso2.appfactory;

import hudson.Extension;
import hudson.model.Descriptor;
import hudson.model.Hudson;
import hudson.security.AbstractPasswordBasedSecurityRealm;
import hudson.security.GroupDetails;
import hudson.security.SecurityRealm;
import hudson.util.FormValidation;
import java.io.File;
import java.rmi.RemoteException;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.AuthenticationServiceException;
import org.acegisecurity.BadCredentialsException;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.apache.axis2.AxisFault;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.QueryParameter;
import org.springframework.dao.DataAccessException;
import org.wso2.carbon.authenticator.stub.AuthenticationAdminStub;
import org.wso2.carbon.authenticator.stub.LoginAuthenticationExceptionException;

/* loaded from: input_file:org/jenkins/wso2/appfactory/CarbonSecurityRealm.class */
public class CarbonSecurityRealm extends AbstractPasswordBasedSecurityRealm {
    private static final Logger LOGGER = Logger.getLogger(CarbonSecurityRealm.class.getName());
    private String clientTrustStore;
    private String clientTrustStorePassword;
    private String authenticationServiceEPR;
    private String appfactorySystemUsername;
    private String appfactorySystemUserPassword;

    /* loaded from: input_file:org/jenkins/wso2/appfactory/CarbonSecurityRealm$CarbonGroupDetails.class */
    class CarbonGroupDetails extends GroupDetails {
        private String name;

        CarbonGroupDetails(String str) {
            this.name = str;
        }

        public String getName() {
            return this.name;
        }
    }

    /* loaded from: input_file:org/jenkins/wso2/appfactory/CarbonSecurityRealm$DescriptorImpl.class */
    public static final class DescriptorImpl extends Descriptor<SecurityRealm> {
        public DescriptorImpl() {
            load();
        }

        public FormValidation doCheckAuthenticationServiceEPR(@QueryParameter String str) {
            return !Hudson.getInstance().hasPermission(Hudson.ADMINISTER) ? FormValidation.error("User doesn't have enough privilage") : 0 == str.length() ? FormValidation.error("invalid url") : FormValidation.ok();
        }

        public FormValidation doCheckClientTrustStorePassword(@QueryParameter String str) {
            return !Hudson.getInstance().hasPermission(Hudson.ADMINISTER) ? FormValidation.error("User doesn't have enough privilage") : 0 == str.length() ? FormValidation.error("invalid password") : FormValidation.ok();
        }

        public FormValidation doCheckClientTrustStore(@QueryParameter String str) {
            if (Hudson.getInstance().hasPermission(Hudson.ADMINISTER)) {
                return new File(str).canRead() ? FormValidation.ok() : FormValidation.error("Client trust store doesn't exist");
            }
            return FormValidation.error("User doesn't have enough privilage");
        }

        public FormValidation doCheckAppfactorySystemUsername(@QueryParameter String str) {
            return !Hudson.getInstance().hasPermission(Hudson.ADMINISTER) ? FormValidation.error("User doesn't have enough privilage") : 0 == str.length() ? FormValidation.error("invalid user name") : FormValidation.ok();
        }

        public FormValidation doCheckAppfactorySystemUserPassword(@QueryParameter String str) {
            return !Hudson.getInstance().hasPermission(Hudson.ADMINISTER) ? FormValidation.error("User doesn't have enough privilage") : 0 == str.length() ? FormValidation.error("invalid password") : FormValidation.ok();
        }

        public String getDisplayName() {
            return Messages.DisplayName();
        }
    }

    @DataBoundConstructor
    public CarbonSecurityRealm(String str, String str2, String str3, String str4, String str5) {
        this.authenticationServiceEPR = str3;
        this.clientTrustStore = str;
        this.clientTrustStorePassword = str2;
        this.appfactorySystemUsername = str4;
        this.appfactorySystemUserPassword = str5;
    }

    public String getClientTrustStore() {
        return this.clientTrustStore;
    }

    public void setClientTrustStore(String str) {
        this.clientTrustStore = str;
    }

    public String getClientTrustStorePassword() {
        return this.clientTrustStorePassword;
    }

    public void setClientTrustStorePassword(String str) {
        this.clientTrustStorePassword = str;
    }

    public String getAuthenticationServiceEPR() {
        return this.authenticationServiceEPR;
    }

    public void setAuthenticationServiceEPR(String str) {
        this.authenticationServiceEPR = str;
    }

    public String getAppfactorySystemUsername() {
        return this.appfactorySystemUsername;
    }

    public void setAppfactorySystemUsername(String str) {
        this.appfactorySystemUsername = str;
    }

    public String getAppfactorySystemUserPassword() {
        return this.appfactorySystemUserPassword;
    }

    public void setAppfactorySystemUserPassword(String str) {
        this.appfactorySystemUserPassword = str;
    }

    @Extension
    public static DescriptorImpl install() {
        return new DescriptorImpl();
    }

    protected UserDetails authenticate(String str, String str2) throws AuthenticationException {
        UserDetails createUserDetails;
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.fine("login request recieved for : " + str);
        }
        if (!isAppfactorySystemUser(str)) {
            AuthenticationAdminStub authenticationAdminStub = null;
            try {
                try {
                    try {
                        AuthenticationAdminStub authenticationAdminStub2 = new AuthenticationAdminStub(getAuthenticationServiceEPR());
                        System.setProperty("javax.net.ssl.trustStore", getClientTrustStore());
                        System.setProperty("javax.net.ssl.trustStorePassword", getClientTrustStorePassword());
                        if (!authenticationAdminStub2.login(str, str2, (String) null)) {
                            throw new BadCredentialsException("Invalid credentials supplied user name - " + str + "Password : *****");
                        }
                        if (LOGGER.isLoggable(Level.FINER)) {
                            LOGGER.finer("Sucessfully authenticated user : " + str);
                        }
                        createUserDetails = createUserDetails(str, str2);
                        if (authenticationAdminStub2 != null) {
                            try {
                                authenticationAdminStub2._getServiceClient().cleanupTransport();
                                authenticationAdminStub2._getServiceClient().cleanup();
                            } catch (AxisFault e) {
                                LOGGER.warning("Failed to clean up authentication service stub.");
                            }
                        }
                    } catch (RemoteException e2) {
                        throw new AuthenticationServiceException(e2.getMessage(), e2);
                    }
                } catch (AxisFault e3) {
                    throw new AuthenticationServiceException(e3.getLocalizedMessage(), e3);
                } catch (LoginAuthenticationExceptionException e4) {
                    throw new AuthenticationServiceException(e4.getMessage(), e4);
                }
            } catch (Throwable th) {
                if (0 != 0) {
                    try {
                        authenticationAdminStub._getServiceClient().cleanupTransport();
                        authenticationAdminStub._getServiceClient().cleanup();
                    } catch (AxisFault e5) {
                        LOGGER.warning("Failed to clean up authentication service stub.");
                    }
                }
                throw th;
            }
        } else {
            if (!authenticateAppfactorySystemUser(str2)) {
                throw new BadCredentialsException("Invalid credentials supplied appfactory system user, check appfactory configurations.");
            }
            createUserDetails = createUserDetails(str, str2);
        }
        return createUserDetails;
    }

    private UserDetails createUserDetails(String str, String str2) {
        return new CarbonUserDetails(str, str2, new GrantedAuthority[]{SecurityRealm.AUTHENTICATED_AUTHORITY});
    }

    private boolean isAppfactorySystemUser(String str) {
        return getAppfactorySystemUsername().equals(str);
    }

    private boolean authenticateAppfactorySystemUser(String str) {
        return getAppfactorySystemUserPassword().equals(str);
    }

    public UserDetails loadUserByUsername(String str) throws UsernameNotFoundException, DataAccessException {
        throw new UsernameNotFoundException("loading users by name is not supported");
    }

    public GroupDetails loadGroupByGroupname(String str) throws UsernameNotFoundException, DataAccessException {
        return new CarbonGroupDetails(str);
    }
}
