package com.cloudbees.plugins.credentials;

import com.cloudbees.plugins.credentials.domains.Domain;
import com.cloudbees.plugins.credentials.domains.DomainCredentials;
import com.cloudbees.plugins.credentials.domains.DomainRequirement;
import com.cloudbees.plugins.credentials.domains.DomainSpecification;
import edu.umd.cs.findbugs.annotations.CheckForNull;
import edu.umd.cs.findbugs.annotations.NonNull;
import edu.umd.cs.findbugs.annotations.Nullable;
import hudson.BulkChange;
import hudson.DescriptorExtensionList;
import hudson.Extension;
import hudson.model.Action;
import hudson.model.Api;
import hudson.model.Descriptor;
import hudson.model.ItemGroup;
import hudson.model.ModelObject;
import hudson.model.TransientUserActionFactory;
import hudson.model.User;
import hudson.model.UserProperty;
import hudson.model.UserPropertyDescriptor;
import hudson.security.ACL;
import hudson.security.Permission;
import hudson.util.CopyOnWriteMap;
import java.io.IOException;
import java.io.ObjectStreamException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.LogRecord;
import java.util.logging.Logger;
import jenkins.model.Jenkins;
import net.sf.json.JSONObject;
import org.acegisecurity.Authentication;
import org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.Stapler;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.export.Exported;
import org.kohsuke.stapler.export.ExportedBean;

@Extension
/* loaded from: input_file:test-dependencies/credentials.hpi:WEB-INF/classes/com/cloudbees/plugins/credentials/UserCredentialsProvider.class */
public class UserCredentialsProvider extends CredentialsProvider {
    private static final Logger LOGGER = Logger.getLogger(UserCredentialsProperty.class.getName());
    private static final Set<CredentialsScope> SCOPES = Collections.singleton(CredentialsScope.USER);

    /* loaded from: input_file:test-dependencies/credentials.hpi:WEB-INF/classes/com/cloudbees/plugins/credentials/UserCredentialsProvider$StoreImpl.class */
    public static class StoreImpl extends CredentialsStore {
        private final User user;

        private StoreImpl(User user) {
            this.user = user;
        }

        private UserCredentialsProperty getInstance() {
            UserCredentialsProperty userCredentialsProperty = (UserCredentialsProperty) this.user.getProperty(UserCredentialsProperty.class);
            if (userCredentialsProperty == null) {
                BulkChange bulkChange = new BulkChange(this.user);
                try {
                    User user = this.user;
                    UserCredentialsProperty userCredentialsProperty2 = new UserCredentialsProperty(new DomainCredentials[0]);
                    userCredentialsProperty = userCredentialsProperty2;
                    user.addProperty(userCredentialsProperty2);
                    bulkChange.abort();
                } catch (IOException e) {
                    bulkChange.abort();
                } catch (Throwable th) {
                    bulkChange.abort();
                    throw th;
                }
            }
            return userCredentialsProperty;
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsStore
        public ModelObject getContext() {
            return this.user;
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsStore
        public boolean hasPermission(@NonNull Authentication authentication, @NonNull Permission permission) {
            return this.user.equals(User.get(authentication.getName()));
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsStore
        public ACL getACL() {
            return this.user.getACL();
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsStore
        @Exported
        @NonNull
        public List<Domain> getDomains() {
            return Collections.unmodifiableList(new ArrayList(getInstance().getDomainCredentialsMap().keySet()));
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsStore
        public boolean addDomain(@NonNull Domain domain, List<Credentials> list) throws IOException {
            return getInstance().addDomain(domain, list);
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsStore
        public boolean removeDomain(@NonNull Domain domain) throws IOException {
            return getInstance().removeDomain(domain);
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsStore
        public boolean updateDomain(@NonNull Domain domain, @NonNull Domain domain2) throws IOException {
            return getInstance().updateDomain(domain, domain2);
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsStore
        public boolean addCredentials(@NonNull Domain domain, @NonNull Credentials credentials) throws IOException {
            return getInstance().addCredentials(domain, credentials);
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsStore
        @Exported
        @NonNull
        public List<Credentials> getCredentials(@NonNull Domain domain) {
            return getInstance().getCredentials(domain);
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsStore
        public boolean removeCredentials(@NonNull Domain domain, @NonNull Credentials credentials) throws IOException {
            return getInstance().removeCredentials(domain, credentials);
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsStore
        public boolean updateCredentials(@NonNull Domain domain, @NonNull Credentials credentials, @NonNull Credentials credentials2) throws IOException {
            return getInstance().updateCredentials(domain, credentials, credentials2);
        }
    }

    @Extension
    /* loaded from: input_file:test-dependencies/credentials.hpi:WEB-INF/classes/com/cloudbees/plugins/credentials/UserCredentialsProvider$TransientUserActionFactoryImpl.class */
    public static class TransientUserActionFactoryImpl extends TransientUserActionFactory {
        public Collection<? extends Action> createFor(User user) {
            return Collections.singletonList(new UserFacingAction(user));
        }
    }

    /* loaded from: input_file:test-dependencies/credentials.hpi:WEB-INF/classes/com/cloudbees/plugins/credentials/UserCredentialsProvider$UserCredentialsProperty.class */
    public static class UserCredentialsProperty extends UserProperty {

        @Deprecated
        private transient List<Credentials> credentials;
        private Map<Domain, List<Credentials>> domainCredentialsMap;

        @Extension
        /* loaded from: input_file:test-dependencies/credentials.hpi:WEB-INF/classes/com/cloudbees/plugins/credentials/UserCredentialsProvider$UserCredentialsProperty$DescriptorImpl.class */
        public static class DescriptorImpl extends UserPropertyDescriptor {
            public UserProperty newInstance(User user) {
                return new UserCredentialsProperty(new DomainCredentials[0]);
            }

            public String getDisplayName() {
                return Messages.UserCredentialsProvider_DisplayName();
            }

            public boolean isVisible() {
                StaplerRequest currentRequest;
                if (!isEnabled() || (currentRequest = Stapler.getCurrentRequest()) == null) {
                    return false;
                }
                User user = (User) currentRequest.findAncestorObject(User.class);
                User current = User.current();
                return (user == null || current == null || !user.equals(current)) ? false : true;
            }

            public DescriptorExtensionList<Credentials, CredentialsDescriptor> getCredentialDescriptors() {
                return CredentialsProvider.allCredentialsDescriptors();
            }

            public DescriptorExtensionList<DomainSpecification, Descriptor<DomainSpecification>> getSpecificationDescriptors() {
                Jenkins jenkins2 = Jenkins.getInstance();
                if (jenkins2 == null) {
                    throw new IllegalStateException("Jenkins has not been started, or was already shut down");
                }
                return jenkins2.getDescriptorList(DomainSpecification.class);
            }

            public boolean isEnabled() {
                return !UserProperty.all().isEmpty();
            }
        }

        @Deprecated
        public UserCredentialsProperty(List<Credentials> list) {
            this.domainCredentialsMap = new CopyOnWriteMap.Hash();
            this.domainCredentialsMap = DomainCredentials.migrateListToMap(this.domainCredentialsMap, list);
        }

        @DataBoundConstructor
        public UserCredentialsProperty(DomainCredentials[] domainCredentialsArr) {
            this.domainCredentialsMap = new CopyOnWriteMap.Hash();
            this.domainCredentialsMap = DomainCredentials.asMap(Arrays.asList(domainCredentialsArr));
        }

        private Object readResolve() throws ObjectStreamException {
            if (this.domainCredentialsMap == null) {
                this.domainCredentialsMap = DomainCredentials.migrateListToMap(this.domainCredentialsMap, this.credentials);
                this.credentials = null;
            }
            return this;
        }

        public <C extends Credentials> List<C> getCredentials(Class<C> cls) {
            ArrayList arrayList = new ArrayList();
            for (Credentials credentials : getCredentials()) {
                if (cls.isInstance(credentials)) {
                    arrayList.add(cls.cast(credentials));
                }
            }
            return arrayList;
        }

        public List<Credentials> getCredentials() {
            return this.domainCredentialsMap.get(Domain.global());
        }

        public List<DomainCredentials> getDomainCredentials() {
            return DomainCredentials.asList(getDomainCredentialsMap());
        }

        @NonNull
        public synchronized Map<Domain, List<Credentials>> getDomainCredentialsMap() {
            Map<Domain, List<Credentials>> migrateListToMap = DomainCredentials.migrateListToMap(this.domainCredentialsMap, this.credentials);
            this.domainCredentialsMap = migrateListToMap;
            return migrateListToMap;
        }

        public synchronized void setDomainCredentialsMap(Map<Domain, List<Credentials>> map) {
            this.domainCredentialsMap = DomainCredentials.toCopyOnWriteMap(map);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public synchronized boolean addDomain(@NonNull Domain domain, List<Credentials> list) throws IOException {
            checkPermission(CredentialsProvider.MANAGE_DOMAINS);
            Map<Domain, List<Credentials>> domainCredentialsMap = getDomainCredentialsMap();
            if (!domainCredentialsMap.containsKey(domain)) {
                domainCredentialsMap.put(domain, new ArrayList(list));
                save();
                return true;
            }
            List<Credentials> list2 = domainCredentialsMap.get(domain);
            boolean z = false;
            for (Credentials credentials : list) {
                if (!list2.contains(credentials)) {
                    list2.add(credentials);
                    z = true;
                }
            }
            if (z) {
                save();
            }
            return z;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public synchronized boolean removeDomain(@NonNull Domain domain) throws IOException {
            checkPermission(CredentialsProvider.MANAGE_DOMAINS);
            Map<Domain, List<Credentials>> domainCredentialsMap = getDomainCredentialsMap();
            if (!domainCredentialsMap.containsKey(domain)) {
                return false;
            }
            domainCredentialsMap.remove(domain);
            save();
            return true;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public synchronized boolean updateDomain(@NonNull Domain domain, @NonNull Domain domain2) throws IOException {
            checkPermission(CredentialsProvider.MANAGE_DOMAINS);
            Map<Domain, List<Credentials>> domainCredentialsMap = getDomainCredentialsMap();
            if (!domainCredentialsMap.containsKey(domain)) {
                return false;
            }
            domainCredentialsMap.put(domain2, domainCredentialsMap.remove(domain));
            save();
            return true;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public synchronized boolean addCredentials(@NonNull Domain domain, @NonNull Credentials credentials) throws IOException {
            checkPermission(CredentialsProvider.CREATE);
            Map<Domain, List<Credentials>> domainCredentialsMap = getDomainCredentialsMap();
            if (!domainCredentialsMap.containsKey(domain)) {
                return false;
            }
            List<Credentials> list = domainCredentialsMap.get(domain);
            if (list.contains(credentials)) {
                return false;
            }
            list.add(credentials);
            save();
            return true;
        }

        /* JADX INFO: Access modifiers changed from: private */
        @NonNull
        public synchronized List<Credentials> getCredentials(@NonNull Domain domain) {
            Jenkins jenkins2 = Jenkins.getInstance();
            if (jenkins2 == null) {
                throw new IllegalStateException("Jenkins has not been started, or was already shut down");
            }
            if (!jenkins2.hasPermission(CredentialsProvider.VIEW)) {
                return Collections.emptyList();
            }
            List<Credentials> list = getDomainCredentialsMap().get(domain);
            return (list == null || list.isEmpty()) ? Collections.emptyList() : Collections.unmodifiableList(new ArrayList(list));
        }

        /* JADX INFO: Access modifiers changed from: private */
        public synchronized boolean removeCredentials(@NonNull Domain domain, @NonNull Credentials credentials) throws IOException {
            checkPermission(CredentialsProvider.DELETE);
            Map<Domain, List<Credentials>> domainCredentialsMap = getDomainCredentialsMap();
            if (!domainCredentialsMap.containsKey(domain)) {
                return false;
            }
            List<Credentials> list = domainCredentialsMap.get(domain);
            if (!list.contains(credentials)) {
                return false;
            }
            list.remove(credentials);
            save();
            return true;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public synchronized boolean updateCredentials(@NonNull Domain domain, @NonNull Credentials credentials, @NonNull Credentials credentials2) throws IOException {
            List<Credentials> list;
            int indexOf;
            checkPermission(CredentialsProvider.UPDATE);
            Map<Domain, List<Credentials>> domainCredentialsMap = getDomainCredentialsMap();
            if (!domainCredentialsMap.containsKey(domain) || (indexOf = (list = domainCredentialsMap.get(domain)).indexOf(credentials)) == -1) {
                return false;
            }
            list.set(indexOf, credentials2);
            save();
            return true;
        }

        private void checkPermission(Permission permission) {
            this.user.checkPermission(permission);
        }

        private void save() throws IOException {
            if (this.user.equals(User.current())) {
                this.user.save();
            }
        }

        /* renamed from: reconfigure, reason: merged with bridge method [inline-methods] */
        public UserProperty m22reconfigure(StaplerRequest staplerRequest, JSONObject jSONObject) throws Descriptor.FormException {
            User user = (User) staplerRequest.findAncestorObject(User.class);
            User current = User.current();
            return (user == null || current == null || !user.getId().equals(current.getId())) ? this : getDescriptor().newInstance(staplerRequest, jSONObject);
        }
    }

    @ExportedBean
    /* loaded from: input_file:test-dependencies/credentials.hpi:WEB-INF/classes/com/cloudbees/plugins/credentials/UserCredentialsProvider$UserFacingAction.class */
    public static class UserFacingAction extends CredentialsStoreAction {
        private final User user;

        public UserFacingAction(User user) {
            this.user = user;
        }

        public Api getApi() {
            return new Api(this);
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsStoreAction
        @Exported
        public CredentialsStore getStore() {
            return new StoreImpl(this.user);
        }
    }

    @Override // com.cloudbees.plugins.credentials.CredentialsProvider
    public Set<CredentialsScope> getScopes(ModelObject modelObject) {
        return modelObject instanceof User ? SCOPES : super.getScopes(modelObject);
    }

    @Override // com.cloudbees.plugins.credentials.CredentialsProvider
    @NonNull
    public <C extends Credentials> List<C> getCredentials(@NonNull Class<C> cls, @Nullable ItemGroup itemGroup, @Nullable Authentication authentication) {
        return getCredentials(cls, itemGroup, authentication, Collections.emptyList());
    }

    @Override // com.cloudbees.plugins.credentials.CredentialsProvider
    @NonNull
    public <C extends Credentials> List<C> getCredentials(@NonNull Class<C> cls, @Nullable ItemGroup itemGroup, @Nullable Authentication authentication, @NonNull List<DomainRequirement> list) {
        User current;
        UserCredentialsProperty userCredentialsProperty;
        if (authentication == null) {
            authentication = ACL.SYSTEM;
        }
        if (!ACL.SYSTEM.equals(authentication)) {
            if (authentication != null) {
                try {
                } catch (NullPointerException e) {
                    LogRecord logRecord = new LogRecord(Level.FINE, "Could not find user for specified authentication. User credentials lookup aborted");
                    logRecord.setThrown(e);
                    logRecord.setParameters(new Object[]{authentication});
                    LOGGER.log(logRecord);
                    current = null;
                }
                if (!(authentication instanceof AnonymousAuthenticationToken)) {
                    current = authentication == Jenkins.getAuthentication() ? User.current() : User.get(authentication.getName());
                    if (current != null && (userCredentialsProperty = (UserCredentialsProperty) current.getProperty(UserCredentialsProperty.class)) != null) {
                        return DomainCredentials.getCredentials(userCredentialsProperty.getDomainCredentialsMap(), cls, list, CredentialsMatchers.always());
                    }
                }
            }
            current = null;
            if (current != null) {
                return DomainCredentials.getCredentials(userCredentialsProperty.getDomainCredentialsMap(), cls, list, CredentialsMatchers.always());
            }
        }
        return new ArrayList();
    }

    @Override // com.cloudbees.plugins.credentials.CredentialsProvider
    public CredentialsStore getStore(@CheckForNull ModelObject modelObject) {
        if (modelObject instanceof User) {
            return new StoreImpl((User) modelObject);
        }
        return null;
    }
}
