package com.datapipe.jenkins.vault.credentials.common;

import com.cloudbees.plugins.credentials.CredentialsScope;
import com.cloudbees.plugins.credentials.CredentialsStore;
import com.cloudbees.plugins.credentials.impl.BaseStandardCredentials;
import com.datapipe.jenkins.vault.configuration.VaultConfiguration;
import edu.umd.cs.findbugs.annotations.CheckForNull;
import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.Extension;
import hudson.FilePath;
import hudson.Util;
import hudson.model.Item;
import hudson.model.ItemGroup;
import hudson.util.FormValidation;
import hudson.util.ListBoxModel;
import hudson.util.Secret;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.Base64;
import java.util.function.Supplier;
import java.util.logging.Level;
import java.util.logging.LogRecord;
import java.util.logging.Logger;
import java.util.regex.Pattern;
import org.apache.commons.lang.StringUtils;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;
import org.kohsuke.stapler.QueryParameter;

/* loaded from: input_file:com/datapipe/jenkins/vault/credentials/common/VaultCertificateCredentialsImpl.class */
public class VaultCertificateCredentialsImpl extends AbstractVaultBaseStandardCredentials implements VaultCertificateCredentials {
    private static final Logger LOGGER = Logger.getLogger(VaultCertificateCredentialsImpl.class.getName());
    private static final long serialVersionUID = 1;
    private String keyStoreKey;
    private String passwordKey;
    private Supplier<Secret> keystore;
    private Supplier<Secret> password;

    @Extension
    /* loaded from: input_file:com/datapipe/jenkins/vault/credentials/common/VaultCertificateCredentialsImpl$DescriptorImpl.class */
    public static class DescriptorImpl extends BaseStandardCredentials.BaseStandardCredentialsDescriptor {
        public static final String DEFAULT_KEYSTORE_KEY = "keystore";
        public static final String DEFAULT_PASSWORD_KEY = "password";

        public String getDisplayName() {
            return "Vault Certificate Credential";
        }

        public FormValidation doTestConnection(@AncestorInPath ItemGroup<Item> itemGroup, @QueryParameter("path") String str, @QueryParameter("keyStoreKey") String str2, @QueryParameter("passwordKey") String str3, @QueryParameter("prefixPath") String str4, @QueryParameter("namespace") String str5, @QueryParameter("engineVersion") Integer num) {
            try {
                VaultHelper.getVaultSecretKey(str, StringUtils.defaultIfBlank(str2, DEFAULT_KEYSTORE_KEY), str4, str5, num);
                try {
                    VaultHelper.getVaultSecretKey(str, StringUtils.defaultIfBlank(str3, "password"), str4, str5, num);
                    return FormValidation.ok("Successfully retrieved keyStore and the password");
                } catch (Exception e) {
                    return FormValidation.error("FAILED to retrieve password key: \n" + e);
                }
            } catch (Exception e2) {
                return FormValidation.error("FAILED to retrieve keyStore key: \n" + e2);
            }
        }

        public ListBoxModel doFillEngineVersionItems(@AncestorInPath Item item) {
            return VaultConfiguration.engineVersions(item);
        }

        public /* bridge */ /* synthetic */ String getCheckIdUrl(CredentialsStore credentialsStore) throws UnsupportedEncodingException {
            return super.getCheckIdUrl(credentialsStore);
        }
    }

    public VaultCertificateCredentialsImpl(CredentialsScope credentialsScope, String str, String str2, Supplier<Secret> supplier, Supplier<Secret> supplier2) {
        super(credentialsScope, str, str2);
        this.keystore = supplier;
        this.password = supplier2;
    }

    @DataBoundConstructor
    public VaultCertificateCredentialsImpl(CredentialsScope credentialsScope, String str, String str2) {
        super(credentialsScope, str, str2);
        this.keystore = null;
        this.password = null;
    }

    @NonNull
    public String getKeyStoreKeyKey() {
        return this.keyStoreKey;
    }

    @DataBoundSetter
    public void setKeyStoreKey(String str) {
        this.keyStoreKey = StringUtils.defaultIfBlank(str, DescriptorImpl.DEFAULT_KEYSTORE_KEY);
    }

    @NonNull
    public String getPasswordKey() {
        return this.passwordKey;
    }

    @DataBoundSetter
    public void setPasswordKey(String str) {
        this.passwordKey = StringUtils.defaultIfBlank(str, "password");
    }

    public Secret getKeyStoreBase64() {
        return this.keystore != null ? this.keystore.get() : Secret.fromString(getVaultSecretKeyValue(StringUtils.defaultIfBlank(getKeyStoreKeyKey(), DescriptorImpl.DEFAULT_KEYSTORE_KEY)));
    }

    @NonNull
    public KeyStore getKeyStore() {
        String secret = Secret.toString(getKeyStoreBase64());
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            try {
                keyStore.load(new ByteArrayInputStream(Base64.getDecoder().decode(unwrap(secret))), toCharArray(getPassword()));
            } catch (IOException | NoSuchAlgorithmException | CertificateException e) {
                LogRecord logRecord = new LogRecord(Level.WARNING, "Credentials ID {0}: Could not load keystore from Vault");
                logRecord.setParameters(new Object[]{getId()});
                logRecord.setThrown(e);
                LOGGER.log(logRecord);
            }
            return keyStore;
        } catch (KeyStoreException e2) {
            throw new IllegalStateException("PKCS12 is a keystore type per the JLS spec", e2);
        }
    }

    @NonNull
    public Secret getPassword() {
        return this.password != null ? this.password.get() : Secret.fromString(getVaultSecretKeyValue(StringUtils.defaultIfBlank(getPasswordKey(), "password")));
    }

    @Override // com.datapipe.jenkins.vault.credentials.common.VaultCertificateCredentials
    public void write(FilePath filePath) throws IOException {
        try {
            getKeyStore().store(filePath.write(), toCharArray(getPassword()));
        } catch (InterruptedException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            LogRecord logRecord = new LogRecord(Level.WARNING, "Credentials ID {0}: Could not write keystore to file");
            logRecord.setParameters(new Object[]{getId()});
            logRecord.setThrown(e);
            LOGGER.log(logRecord);
        }
    }

    @CheckForNull
    private static char[] toCharArray(@NonNull Secret secret) {
        String fixEmpty = Util.fixEmpty(secret.getPlainText());
        if (fixEmpty == null) {
            return null;
        }
        return fixEmpty.toCharArray();
    }

    @CheckForNull
    private static String unwrap(@NonNull String str) {
        if (str == null) {
            return null;
        }
        return Pattern.compile("\\r?\\n").matcher(str).replaceAll("");
    }
}
