package com.cloudbees.plugins.credentials.impl;

import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.CredentialsScope;
import com.cloudbees.plugins.credentials.CredentialsSnapshotTaker;
import com.cloudbees.plugins.credentials.common.StandardCertificateCredentials;
import com.cloudbees.plugins.credentials.impl.BaseStandardCredentials;
import com.trilead.ssh2.crypto.Base64;
import edu.umd.cs.findbugs.annotations.CheckForNull;
import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.Extension;
import hudson.Util;
import hudson.model.AbstractDescribableImpl;
import hudson.model.Descriptor;
import hudson.remoting.Channel;
import hudson.util.FormValidation;
import hudson.util.HttpResponses;
import hudson.util.IOUtils;
import hudson.util.Secret;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.Serializable;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.ServletException;
import net.jcip.annotations.GuardedBy;
import org.apache.commons.fileupload.FileItem;
import org.apache.commons.io.FileUtils;
import org.apache.commons.lang.StringUtils;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.HttpResponse;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.StaplerRequest;

/* loaded from: input_file:test-dependencies/credentials.hpi:WEB-INF/lib/credentials.jar:com/cloudbees/plugins/credentials/impl/CertificateCredentialsImpl.class */
public class CertificateCredentialsImpl extends BaseStandardCredentials implements StandardCertificateCredentials {
    private static final long serialVersionUID = 1;
    private static final Logger LOGGER = Logger.getLogger(CertificateCredentialsImpl.class.getName());
    private final KeyStoreSource keyStoreSource;
    private final Secret password;

    @CheckForNull
    @GuardedBy("this")
    private transient KeyStore keyStore;

    @GuardedBy("this")
    private transient long keyStoreLastModified;

    @Extension
    /* loaded from: input_file:test-dependencies/credentials.hpi:WEB-INF/lib/credentials.jar:com/cloudbees/plugins/credentials/impl/CertificateCredentialsImpl$CredentialsSnapshotTakerImpl.class */
    public static class CredentialsSnapshotTakerImpl extends CredentialsSnapshotTaker<StandardCertificateCredentials> {
        @Override // com.cloudbees.plugins.credentials.CredentialsSnapshotTaker
        public Class<StandardCertificateCredentials> type() {
            return StandardCertificateCredentials.class;
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsSnapshotTaker
        public StandardCertificateCredentials snapshot(StandardCertificateCredentials standardCertificateCredentials) {
            if (standardCertificateCredentials instanceof CertificateCredentialsImpl) {
                KeyStoreSource keyStoreSource = ((CertificateCredentialsImpl) standardCertificateCredentials).getKeyStoreSource();
                if (keyStoreSource.isSnapshotSource()) {
                    return standardCertificateCredentials;
                }
                Secret secret = UploadedKeyStoreSource.DescriptorImpl.toSecret(keyStoreSource.getKeyStoreBytes());
                return new CertificateCredentialsImpl(standardCertificateCredentials.getScope(), standardCertificateCredentials.getId(), standardCertificateCredentials.getDescription(), standardCertificateCredentials.getPassword().getEncryptedValue(), new UploadedKeyStoreSource(secret == null ? null : secret.getEncryptedValue()));
            }
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            char[] charArray = standardCertificateCredentials.getPassword().getPlainText().toCharArray();
            try {
                standardCertificateCredentials.getKeyStore().store(byteArrayOutputStream, charArray);
                byteArrayOutputStream.close();
                Arrays.fill(charArray, (char) 0);
                return new CertificateCredentialsImpl(standardCertificateCredentials.getScope(), standardCertificateCredentials.getId(), standardCertificateCredentials.getDescription(), standardCertificateCredentials.getPassword().getEncryptedValue(), new UploadedKeyStoreSource(UploadedKeyStoreSource.DescriptorImpl.toSecret(byteArrayOutputStream.toByteArray()).getEncryptedValue()));
            } catch (IOException e) {
                Arrays.fill(charArray, (char) 0);
                return standardCertificateCredentials;
            } catch (KeyStoreException e2) {
                Arrays.fill(charArray, (char) 0);
                return standardCertificateCredentials;
            } catch (NoSuchAlgorithmException e3) {
                Arrays.fill(charArray, (char) 0);
                return standardCertificateCredentials;
            } catch (CertificateException e4) {
                Arrays.fill(charArray, (char) 0);
                return standardCertificateCredentials;
            } catch (Throwable th) {
                Arrays.fill(charArray, (char) 0);
                throw th;
            }
        }
    }

    @Extension(ordinal = -1.0d)
    /* loaded from: input_file:test-dependencies/credentials.hpi:WEB-INF/lib/credentials.jar:com/cloudbees/plugins/credentials/impl/CertificateCredentialsImpl$DescriptorImpl.class */
    public static class DescriptorImpl extends BaseStandardCredentials.BaseStandardCredentialsDescriptor {
        public String getDisplayName() {
            return Messages.CertificateCredentialsImpl_DisplayName();
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsDescriptor
        public String getIconClassName() {
            return "icon-credentials-certificate";
        }
    }

    /* loaded from: input_file:test-dependencies/credentials.hpi:WEB-INF/lib/credentials.jar:com/cloudbees/plugins/credentials/impl/CertificateCredentialsImpl$FileOnMasterKeyStoreSource.class */
    public static class FileOnMasterKeyStoreSource extends KeyStoreSource {
        private static final Logger LOGGER = Logger.getLogger(FileOnMasterKeyStoreSource.class.getName());
        private final String keyStoreFile;

        @Extension
        /* loaded from: input_file:test-dependencies/credentials.hpi:WEB-INF/lib/credentials.jar:com/cloudbees/plugins/credentials/impl/CertificateCredentialsImpl$FileOnMasterKeyStoreSource$DescriptorImpl.class */
        public static class DescriptorImpl extends KeyStoreSourceDescriptor {
            public String getDisplayName() {
                return Messages.CertificateCredentialsImpl_FileOnMasterKeyStoreSourceDisplayName();
            }

            @Restricted({NoExternalUse.class})
            public FormValidation doCheckKeyStoreFile(@QueryParameter String str, @QueryParameter String str2) {
                if (StringUtils.isBlank(str)) {
                    return FormValidation.error(Messages.CertificateCredentialsImpl_KeyStoreFileUnspecified());
                }
                File file = new File(str);
                if (!file.isFile()) {
                    return FormValidation.error(Messages.CertificateCredentialsImpl_KeyStoreFileDoesNotExist(str));
                }
                try {
                    return validateCertificateKeystore("PKCS12", FileUtils.readFileToByteArray(file), str2);
                } catch (IOException e) {
                    return FormValidation.error(Messages.CertificateCredentialsImpl_KeyStoreFileUnreadable(str), new Object[]{e});
                }
            }
        }

        @DataBoundConstructor
        public FileOnMasterKeyStoreSource(String str) {
            this.keyStoreFile = str;
        }

        @Override // com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl.KeyStoreSource
        @NonNull
        public byte[] getKeyStoreBytes() {
            try {
                FileInputStream fileInputStream = new FileInputStream(new File(this.keyStoreFile));
                try {
                    return IOUtils.toByteArray(fileInputStream);
                } finally {
                    IOUtils.closeQuietly(fileInputStream);
                }
            } catch (IOException e) {
                LOGGER.log(Level.WARNING, "Could not read private key file " + this.keyStoreFile, (Throwable) e);
                return new byte[0];
            }
        }

        public String getKeyStoreFile() {
            return this.keyStoreFile;
        }

        @Override // com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl.KeyStoreSource
        public long getKeyStoreLastModified() {
            return new File(this.keyStoreFile).lastModified();
        }
    }

    /* loaded from: input_file:test-dependencies/credentials.hpi:WEB-INF/lib/credentials.jar:com/cloudbees/plugins/credentials/impl/CertificateCredentialsImpl$KeyStoreSource.class */
    public static abstract class KeyStoreSource extends AbstractDescribableImpl<KeyStoreSource> {
        @NonNull
        public abstract byte[] getKeyStoreBytes();

        public abstract long getKeyStoreLastModified();

        public boolean isSnapshotSource() {
            return false;
        }
    }

    /* loaded from: input_file:test-dependencies/credentials.hpi:WEB-INF/lib/credentials.jar:com/cloudbees/plugins/credentials/impl/CertificateCredentialsImpl$KeyStoreSourceDescriptor.class */
    public static abstract class KeyStoreSourceDescriptor extends Descriptor<KeyStoreSource> {
        protected KeyStoreSourceDescriptor() {
        }

        protected KeyStoreSourceDescriptor(Class<? extends KeyStoreSource> cls) {
            super(cls);
        }

        @NonNull
        protected static FormValidation validateCertificateKeystore(String str, byte[] bArr, String str2) {
            char[] charArray = CertificateCredentialsImpl.toCharArray(Secret.fromString(str2));
            try {
                try {
                    try {
                        KeyStore keyStore = KeyStore.getInstance(str);
                        keyStore.load(new ByteArrayInputStream(bArr), charArray);
                        if (keyStore.size() == 0) {
                            FormValidation warning = FormValidation.warning(Messages.CertificateCredentialsImpl_EmptyKeystore());
                            if (charArray != null) {
                                Arrays.fill(charArray, ' ');
                            }
                            return warning;
                        }
                        StringBuilder sb = new StringBuilder();
                        boolean z = true;
                        Enumeration<String> aliases = keyStore.aliases();
                        while (aliases.hasMoreElements()) {
                            String nextElement = aliases.nextElement();
                            if (z) {
                                z = false;
                            } else {
                                sb.append(", ");
                            }
                            sb.append(nextElement);
                            if (keyStore.isCertificateEntry(nextElement)) {
                                keyStore.getCertificate(nextElement);
                            } else if (!keyStore.isKeyEntry(nextElement)) {
                                continue;
                            } else {
                                if (charArray == null) {
                                    FormValidation warning2 = FormValidation.warning(Messages.CertificateCredentialsImpl_LoadKeyFailedQueryEmptyPassword(nextElement));
                                    if (charArray != null) {
                                        Arrays.fill(charArray, ' ');
                                    }
                                    return warning2;
                                }
                                try {
                                    keyStore.getKey(nextElement, charArray);
                                } catch (UnrecoverableEntryException e) {
                                    FormValidation warning3 = FormValidation.warning(e, Messages.CertificateCredentialsImpl_LoadKeyFailed(nextElement));
                                    if (charArray != null) {
                                        Arrays.fill(charArray, ' ');
                                    }
                                    return warning3;
                                }
                            }
                        }
                        FormValidation ok = FormValidation.ok(StringUtils.defaultIfEmpty(StandardCertificateCredentials.NameProvider.getSubjectDN(keyStore), sb.toString()));
                        if (charArray != null) {
                            Arrays.fill(charArray, ' ');
                        }
                        return ok;
                    } catch (KeyStoreException e2) {
                        FormValidation warning4 = FormValidation.warning(e2, Messages.CertificateCredentialsImpl_LoadKeystoreFailed());
                        if (charArray != null) {
                            Arrays.fill(charArray, ' ');
                        }
                        return warning4;
                    } catch (CertificateException e3) {
                        FormValidation warning5 = FormValidation.warning(e3, Messages.CertificateCredentialsImpl_LoadKeystoreFailed());
                        if (charArray != null) {
                            Arrays.fill(charArray, ' ');
                        }
                        return warning5;
                    }
                } catch (IOException e4) {
                    FormValidation warning6 = FormValidation.warning(e4, Messages.CertificateCredentialsImpl_LoadKeystoreFailed());
                    if (charArray != null) {
                        Arrays.fill(charArray, ' ');
                    }
                    return warning6;
                } catch (NoSuchAlgorithmException e5) {
                    FormValidation warning7 = FormValidation.warning(e5, Messages.CertificateCredentialsImpl_LoadKeystoreFailed());
                    if (charArray != null) {
                        Arrays.fill(charArray, ' ');
                    }
                    return warning7;
                }
            } catch (Throwable th) {
                if (charArray != null) {
                    Arrays.fill(charArray, ' ');
                }
                throw th;
            }
        }
    }

    /* loaded from: input_file:test-dependencies/credentials.hpi:WEB-INF/lib/credentials.jar:com/cloudbees/plugins/credentials/impl/CertificateCredentialsImpl$UploadedKeyStoreSource.class */
    public static class UploadedKeyStoreSource extends KeyStoreSource implements Serializable {
        private static final long serialVersionUID = 1;
        private static final Logger LOGGER = Logger.getLogger(FileOnMasterKeyStoreSource.class.getName());

        @CheckForNull
        private final Secret uploadedKeystore;

        @Extension
        /* loaded from: input_file:test-dependencies/credentials.hpi:WEB-INF/lib/credentials.jar:com/cloudbees/plugins/credentials/impl/CertificateCredentialsImpl$UploadedKeyStoreSource$DescriptorImpl.class */
        public static class DescriptorImpl extends KeyStoreSourceDescriptor {
            public static byte[] toByteArray(Secret secret) {
                if (secret != null) {
                    try {
                        return Base64.decode(secret.getPlainText().toCharArray());
                    } catch (IOException e) {
                    }
                }
                return new byte[0];
            }

            public static Secret toSecret(byte[] bArr) {
                if (bArr == null || bArr.length == 0) {
                    return null;
                }
                return Secret.fromString(new String(Base64.encode(bArr)));
            }

            public String getDisplayName() {
                return Messages.CertificateCredentialsImpl_UploadedKeyStoreSourceDisplayName();
            }

            @Restricted({NoExternalUse.class})
            public FormValidation doCheckUploadedKeystore(@QueryParameter String str, @QueryParameter String str2) {
                return StringUtils.isBlank(str) ? FormValidation.error(Messages.CertificateCredentialsImpl_NoCertificateUploaded()) : validateCertificateKeystore("PKCS12", toByteArray(Secret.fromString(str)), str2);
            }

            @Restricted({NoExternalUse.class})
            public Upload getUpload(String str) {
                return new Upload(str, null);
            }
        }

        /* loaded from: input_file:test-dependencies/credentials.hpi:WEB-INF/lib/credentials.jar:com/cloudbees/plugins/credentials/impl/CertificateCredentialsImpl$UploadedKeyStoreSource$Upload.class */
        public static class Upload {

            @NonNull
            private final String divId;

            @CheckForNull
            private final Secret uploadedKeystore;

            public Upload(@NonNull String str, @CheckForNull Secret secret) {
                this.divId = str;
                this.uploadedKeystore = secret;
            }

            @NonNull
            public String getDivId() {
                return this.divId;
            }

            public Secret getUploadedKeystore() {
                return this.uploadedKeystore;
            }

            @NonNull
            public HttpResponse doUpload(@NonNull StaplerRequest staplerRequest) throws ServletException, IOException {
                FileItem fileItem = staplerRequest.getFileItem("certificate.file");
                if (fileItem == null) {
                    throw new ServletException("no file upload");
                }
                return HttpResponses.forwardToView(new Upload(getDivId(), DescriptorImpl.toSecret(fileItem.get())), "complete");
            }
        }

        @DataBoundConstructor
        public UploadedKeyStoreSource(String str) {
            this.uploadedKeystore = StringUtils.isBlank(str) ? null : Secret.fromString(str);
        }

        public String getUploadedKeystore() {
            return this.uploadedKeystore == null ? "" : this.uploadedKeystore.getEncryptedValue();
        }

        @Override // com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl.KeyStoreSource
        @NonNull
        public byte[] getKeyStoreBytes() {
            return DescriptorImpl.toByteArray(this.uploadedKeystore);
        }

        @Override // com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl.KeyStoreSource
        public long getKeyStoreLastModified() {
            return 0L;
        }

        @Override // com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl.KeyStoreSource
        public boolean isSnapshotSource() {
            return true;
        }
    }

    @DataBoundConstructor
    public CertificateCredentialsImpl(@CheckForNull CredentialsScope credentialsScope, @CheckForNull String str, @CheckForNull String str2, @CheckForNull String str3, @NonNull KeyStoreSource keyStoreSource) {
        super(credentialsScope, str, str2);
        keyStoreSource.getClass();
        this.password = Secret.fromString(str3);
        this.keyStoreSource = keyStoreSource;
    }

    /* JADX INFO: Access modifiers changed from: private */
    @CheckForNull
    public static char[] toCharArray(@NonNull Secret secret) {
        String fixEmpty = Util.fixEmpty(secret.getPlainText());
        if (fixEmpty == null) {
            return null;
        }
        return fixEmpty.toCharArray();
    }

    private Object writeReplace() {
        return (Channel.current() == null || this.keyStoreSource.isSnapshotSource()) ? this : CredentialsProvider.snapshot(this);
    }

    @Override // com.cloudbees.plugins.credentials.common.CertificateCredentials
    @NonNull
    public synchronized KeyStore getKeyStore() {
        long keyStoreLastModified = this.keyStoreSource.getKeyStoreLastModified();
        if (this.keyStore == null || this.keyStoreLastModified < keyStoreLastModified) {
            try {
                KeyStore keyStore = KeyStore.getInstance("PKCS12");
                try {
                    keyStore.load(new ByteArrayInputStream(this.keyStoreSource.getKeyStoreBytes()), toCharArray(this.password));
                } catch (IOException e) {
                    LOGGER.log(Level.WARNING, "Could not load keystore from " + this.keyStoreSource.toString(), (Throwable) e);
                } catch (NoSuchAlgorithmException e2) {
                    LOGGER.log(Level.WARNING, "Could not load keystore from " + this.keyStoreSource.toString(), (Throwable) e2);
                } catch (CertificateException e3) {
                    LOGGER.log(Level.WARNING, "Could not load keystore from " + this.keyStoreSource.toString(), (Throwable) e3);
                }
                this.keyStore = keyStore;
                this.keyStoreLastModified = keyStoreLastModified;
            } catch (KeyStoreException e4) {
                throw new IllegalStateException("PKCS12 is a keystore type per the JLS spec", e4);
            }
        }
        return this.keyStore;
    }

    @Override // com.cloudbees.plugins.credentials.common.PasswordCredentials
    @NonNull
    public Secret getPassword() {
        return this.password;
    }

    public boolean isPasswordEmpty() {
        return StringUtils.isEmpty(this.password.getPlainText());
    }

    public KeyStoreSource getKeyStoreSource() {
        return this.keyStoreSource;
    }
}
