package hudson.cli;

import com.google.common.annotations.VisibleForTesting;
import hudson.FilePath;
import hudson.remoting.Channel;
import hudson.util.Secret;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.Serializable;
import java.util.Properties;
import java.util.logging.Level;
import java.util.logging.Logger;
import jenkins.model.Jenkins;
import jenkins.security.HMACConfidentialKey;
import jenkins.security.MasterToSlaveCallable;
import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.acegisecurity.userdetails.UserDetails;
import org.apache.tools.ant.launch.Launcher;
import org.springframework.aop.framework.autoproxy.target.QuickTargetSourceCreator;
import org.springframework.dao.DataAccessException;

@Deprecated
/* loaded from: input_file:WEB-INF/lib/jenkins-core-2.58.jar:hudson/cli/ClientAuthenticationCache.class */
public class ClientAuthenticationCache implements Serializable {
    private static final HMACConfidentialKey MAC = new HMACConfidentialKey(ClientAuthenticationCache.class, "MAC");
    private static final Logger LOGGER = Logger.getLogger(ClientAuthenticationCache.class.getName());
    private final FilePath store;

    @VisibleForTesting
    final Properties props = new Properties();

    public ClientAuthenticationCache(Channel channel) throws IOException, InterruptedException {
        this.store = (FilePath) (channel == null ? FilePath.localChannel : channel).call(new MasterToSlaveCallable<FilePath, IOException>() { // from class: hudson.cli.ClientAuthenticationCache.1
            @Override // hudson.remoting.Callable
            public FilePath call() throws IOException {
                File file = new File(System.getProperty(Launcher.USER_HOMEDIR));
                File file2 = new File(file, ".hudson");
                return file2.exists() ? new FilePath(new File(file2, "cli-credentials")) : new FilePath(new File(file, ".jenkins/cli-credentials"));
            }
        });
        if (this.store.exists()) {
            InputStream read = this.store.read();
            Throwable th = null;
            try {
                try {
                    this.props.load(read);
                    if (read != null) {
                        if (0 == 0) {
                            read.close();
                            return;
                        }
                        try {
                            read.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                } catch (Throwable th3) {
                    th = th3;
                    throw th3;
                }
            } catch (Throwable th4) {
                if (read != null) {
                    if (th != null) {
                        try {
                            read.close();
                        } catch (Throwable th5) {
                            th.addSuppressed(th5);
                        }
                    } else {
                        read.close();
                    }
                }
                throw th4;
            }
        }
    }

    public Authentication get() {
        Jenkins activeInstance = Jenkins.getActiveInstance();
        String property = this.props.getProperty(getPropertyKey());
        if (property == null) {
            LOGGER.finer("No stored CLI authentication");
            return Jenkins.ANONYMOUS;
        }
        Secret decrypt = Secret.decrypt(property);
        if (decrypt != null) {
            LOGGER.log(Level.FINE, "Ignoring insecure stored CLI authentication for {0}", decrypt.getPlainText());
            return Jenkins.ANONYMOUS;
        }
        int lastIndexOf = property.lastIndexOf(58);
        if (lastIndexOf == -1) {
            LOGGER.log(Level.FINE, "Ignoring malformed stored CLI authentication: {0}", property);
            return Jenkins.ANONYMOUS;
        }
        String substring = property.substring(0, lastIndexOf);
        if (!MAC.checkMac(substring, property.substring(lastIndexOf + 1))) {
            LOGGER.log(Level.FINE, "Ignoring stored CLI authentication due to MAC mismatch: {0}", property);
            return Jenkins.ANONYMOUS;
        }
        try {
            UserDetails loadUserByUsername = activeInstance.getSecurityRealm().loadUserByUsername(substring);
            LOGGER.log(Level.FINER, "Loaded stored CLI authentication for {0}", substring);
            return new UsernamePasswordAuthenticationToken(loadUserByUsername.getUsername(), "", loadUserByUsername.getAuthorities());
        } catch (AuthenticationException | DataAccessException e) {
            LOGGER.log(Level.FINE, "Stored CLI authentication did not correspond to a valid user: " + substring, e);
            return Jenkins.ANONYMOUS;
        }
    }

    @VisibleForTesting
    String getPropertyKey() {
        String rootUrl = Jenkins.getActiveInstance().getRootUrl();
        return rootUrl != null ? rootUrl : Secret.fromString("key").getEncryptedValue();
    }

    public void set(Authentication authentication) throws IOException, InterruptedException {
        String username = Jenkins.getActiveInstance().getSecurityRealm().loadUserByUsername(authentication.getName()).getUsername();
        this.props.setProperty(getPropertyKey(), username + QuickTargetSourceCreator.PREFIX_COMMONS_POOL + MAC.mac(username));
        save();
    }

    public void remove() throws IOException, InterruptedException {
        if (this.props.remove(getPropertyKey()) != null) {
            save();
        }
    }

    @VisibleForTesting
    void save() throws IOException, InterruptedException {
        OutputStream write = this.store.write();
        Throwable th = null;
        try {
            this.props.store(write, "Credential store");
            if (write != null) {
                if (0 != 0) {
                    try {
                        write.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    write.close();
                }
            }
            this.store.chmod(384);
        } catch (Throwable th3) {
            if (write != null) {
                if (0 != 0) {
                    try {
                        write.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    write.close();
                }
            }
            throw th3;
        }
    }
}
