package io.jenkins.plugins.adobe.cloudmanager.config;

import com.cloudbees.plugins.credentials.Credentials;
import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.CredentialsScope;
import com.cloudbees.plugins.credentials.CredentialsStore;
import com.cloudbees.plugins.credentials.common.StandardListBoxModel;
import com.cloudbees.plugins.credentials.domains.Domain;
import com.cloudbees.plugins.credentials.domains.DomainRequirement;
import com.cloudbees.plugins.credentials.domains.HostnameRequirement;
import com.cloudbees.plugins.credentials.domains.URIRequirementBuilder;
import hudson.Extension;
import hudson.model.AbstractDescribableImpl;
import hudson.model.Descriptor;
import hudson.security.ACL;
import hudson.util.FormValidation;
import hudson.util.ListBoxModel;
import hudson.util.Secret;
import io.adobe.cloudmanager.AdobeClientCredentials;
import io.adobe.cloudmanager.IdentityManagementApi;
import io.adobe.cloudmanager.IdentityManagementApiException;
import io.jenkins.plugins.adobe.cloudmanager.util.CredentialsUtil;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.NoSuchElementException;
import java.util.Optional;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import jenkins.model.Jenkins;
import org.apache.commons.lang.StringUtils;
import org.jenkinsci.plugins.plaincredentials.FileCredentials;
import org.jenkinsci.plugins.plaincredentials.StringCredentials;
import org.jenkinsci.plugins.plaincredentials.impl.StringCredentialsImpl;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.DoNotUse;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.interceptor.RequirePOST;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/jenkins/plugins/adobe/cloudmanager/config/AdobeIOProjectConfig.class */
public class AdobeIOProjectConfig extends AbstractDescribableImpl<AdobeIOProjectConfig> {
    public static final String ADOBE_IO_DOMAIN = "ims-na1.adobelogin.com";
    public static final String ADOBE_IO_URL = "https://ims-na1.adobelogin.com";
    private static final Logger LOGGER = LoggerFactory.getLogger(AdobeIOProjectConfig.class);
    private String name;
    private String apiUrl = ADOBE_IO_URL;
    private String clientId;
    private String imsOrganizationId;
    private String technicalAccountId;
    private String clientSecretCredentialsId;
    private String privateKeyCredentialsId;

    @Extension
    /* loaded from: input_file:io/jenkins/plugins/adobe/cloudmanager/config/AdobeIOProjectConfig$DescriptorImpl.class */
    public static class DescriptorImpl extends Descriptor<AdobeIOProjectConfig> {
        @Nonnull
        public String getDisplayName() {
            return Messages.AdobeIOProjectConfig_DescriptorImpl_displayName();
        }

        public FormValidation doCheckName(@QueryParameter String str) {
            return StringUtils.isBlank(str) ? FormValidation.error(Messages.AdobeIOProjectConfig_DescriptorImpl_error_missingName()) : FormValidation.ok();
        }

        public FormValidation doCheckClientId(@QueryParameter String str) {
            return StringUtils.isBlank(str) ? FormValidation.error(Messages.AdobeIOProjectConfig_DescriptorImpl_error_missingClientId()) : FormValidation.ok();
        }

        public FormValidation doCheckImsOrganizationId(@QueryParameter String str) {
            return StringUtils.isBlank(str) ? FormValidation.error(Messages.AdobeIOProjectConfig_DescriptorImpl_error_missingImsOrg()) : FormValidation.ok();
        }

        public FormValidation doCheckTechnicalAccountId(@QueryParameter String str) {
            return StringUtils.isBlank(str) ? FormValidation.error(Messages.AdobeIOProjectConfig_DescriptorImpl_error_missingTechnicalAccountId()) : FormValidation.ok();
        }

        public FormValidation doCheckClientSecretCredentialsId(@QueryParameter String str) {
            ArrayList arrayList = new ArrayList();
            arrayList.add(FormValidation.warning(Messages.AdobeIOProjectConfig_DescriptorImpl_warn_doNotUseAddCredentialButton()));
            if (StringUtils.isBlank(str)) {
                arrayList.add(FormValidation.error(Messages.AdobeIOProjectConfig_DescriptorImpl_error_missingClientSecret()));
                return FormValidation.aggregate(arrayList);
            }
            if (CredentialsUtil.clientSecretFor(str).isPresent()) {
                arrayList.add(FormValidation.ok());
                return FormValidation.aggregate(arrayList);
            }
            arrayList.add(FormValidation.error(Messages.AdobeIOProjectConfig_DescriptorImpl_error_unresolvableClientSecret(str)));
            return FormValidation.aggregate(arrayList);
        }

        public FormValidation doCheckPrivateKeyCredentialsId(@QueryParameter String str) {
            ArrayList arrayList = new ArrayList();
            arrayList.add(FormValidation.warning(Messages.AdobeIOProjectConfig_DescriptorImpl_warn_doNotUseAddCredentialButton()));
            if (StringUtils.isBlank(str)) {
                arrayList.add(FormValidation.error(Messages.AdobeIOProjectConfig_DescriptorImpl_error_missingPrivateKey()));
                return FormValidation.aggregate(arrayList);
            }
            if (CredentialsUtil.privateKeyFor(str).isPresent()) {
                arrayList.add(FormValidation.ok());
                return FormValidation.aggregate(arrayList);
            }
            arrayList.add(FormValidation.error(Messages.AdobeIOProjectConfig_DescriptorImpl_error_unresolvablePrivateKey(str)));
            return FormValidation.aggregate(arrayList);
        }

        public ListBoxModel doFillClientSecretCredentialsIdItems(@QueryParameter String str) {
            return !Jenkins.get().hasPermission(Jenkins.ADMINISTER) ? new StandardListBoxModel().includeCurrentValue(str) : new StandardListBoxModel().includeEmptyValue().includeMatchingAs(ACL.SYSTEM, Jenkins.get(), StringCredentials.class, URIRequirementBuilder.fromUri(AdobeIOProjectConfig.ADOBE_IO_DOMAIN).build(), CredentialsMatchers.always());
        }

        public ListBoxModel doFillPrivateKeyCredentialsIdItems(@QueryParameter String str) {
            return !Jenkins.get().hasPermission(Jenkins.ADMINISTER) ? new StandardListBoxModel().includeCurrentValue(str) : new StandardListBoxModel().includeEmptyValue().includeMatchingAs(ACL.SYSTEM, Jenkins.get(), FileCredentials.class, URIRequirementBuilder.fromUri(AdobeIOProjectConfig.ADOBE_IO_DOMAIN).build(), CredentialsMatchers.always());
        }

        @RequirePOST
        @Restricted({DoNotUse.class})
        public FormValidation doVerifyCredentials(@QueryParameter String str, @QueryParameter String str2, @QueryParameter String str3, @QueryParameter String str4, @QueryParameter String str5, @QueryParameter String str6) {
            Jenkins.get().checkPermission(Jenkins.ADMINISTER);
            Optional<Secret> clientSecretFor = CredentialsUtil.clientSecretFor(str5);
            if (!clientSecretFor.isPresent()) {
                return FormValidation.error(Messages.AdobeIOProjectConfig_DescriptorImpl_error_unresolvableClientSecret(str5));
            }
            Optional<Secret> privateKeyFor = CredentialsUtil.privateKeyFor(str6);
            if (!privateKeyFor.isPresent()) {
                return FormValidation.error(Messages.AdobeIOProjectConfig_DescriptorImpl_error_unresolvablePrivateKey(str6));
            }
            try {
                try {
                    IdentityManagementApi.create(str).authenticate(new AdobeClientCredentials(str2, str3, str4, clientSecretFor.get().getPlainText(), AdobeClientCredentials.getKeyFromPem(privateKeyFor.get().getPlainText())));
                    return FormValidation.ok(Messages.AdobeIOProjectConfig_DescriptorImpl_validate_credentialsVerified(str2));
                } catch (IdentityManagementApiException e) {
                    return FormValidation.error(Messages.AdobeIOProjectConfig_DescriptorImpl_error_credentialValidationFailed());
                }
            } catch (IOException | NoSuchAlgorithmException | InvalidKeySpecException e2) {
                return FormValidation.error(Messages.AdobeIOProjectConfig_DescriptorImpl_error_unresolvablePrivateKey(str6));
            }
        }
    }

    @DataBoundConstructor
    public AdobeIOProjectConfig() {
    }

    public static DomainRequirement getAIODomainRequirement() {
        return new HostnameRequirement(ADOBE_IO_DOMAIN);
    }

    @CheckForNull
    public String getName() {
        return this.name;
    }

    @DataBoundSetter
    public void setName(String str) {
        this.name = str;
    }

    @CheckForNull
    public String getApiUrl() {
        return this.apiUrl;
    }

    @DataBoundSetter
    public void setApiUrl(String str) {
        this.apiUrl = StringUtils.defaultIfBlank(str, ADOBE_IO_URL);
    }

    @CheckForNull
    public String getClientId() {
        return this.clientId;
    }

    @DataBoundSetter
    public void setClientId(String str) {
        this.clientId = str;
    }

    @CheckForNull
    public String getImsOrganizationId() {
        return this.imsOrganizationId;
    }

    @DataBoundSetter
    public void setImsOrganizationId(String str) {
        this.imsOrganizationId = str;
    }

    @CheckForNull
    public String getTechnicalAccountId() {
        return this.technicalAccountId;
    }

    @DataBoundSetter
    public void setTechnicalAccountId(String str) {
        this.technicalAccountId = str;
    }

    @CheckForNull
    public String getClientSecretCredentialsId() {
        return this.clientSecretCredentialsId;
    }

    @DataBoundSetter
    public void setClientSecretCredentialsId(String str) {
        this.clientSecretCredentialsId = str;
    }

    @CheckForNull
    public String getPrivateKeyCredentialsId() {
        return this.privateKeyCredentialsId;
    }

    @DataBoundSetter
    public void setPrivateKeyCredentialsId(String str) {
        this.privateKeyCredentialsId = str;
    }

    @CheckForNull
    public Secret authenticate() {
        try {
            AdobeClientCredentials adobeClientCredentials = new AdobeClientCredentials(this.imsOrganizationId, this.technicalAccountId, this.clientId, CredentialsUtil.clientSecretFor(this.clientSecretCredentialsId).get().getPlainText(), AdobeClientCredentials.getKeyFromPem(CredentialsUtil.privateKeyFor(this.privateKeyCredentialsId).get().getPlainText()));
            if (!isValidToken(adobeClientCredentials)) {
                generateNewToken(adobeClientCredentials);
            }
            return getToken();
        } catch (IdentityManagementApiException e) {
            LOGGER.error(Messages.AdobeIOProjectConfig_error_authenticationError(e.getLocalizedMessage()));
            return null;
        } catch (IOException e2) {
            LOGGER.error(Messages.AdobeIOProjectConfig_error_credentialsAccess(e2.getLocalizedMessage()));
            return null;
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e3) {
            LOGGER.error(Messages.AdobeIOProjectConfig_error_privateKeyError(this.privateKeyCredentialsId));
            return null;
        } catch (NoSuchElementException e4) {
            LOGGER.error(Messages.AdobeIOProjectConfig_error_authenticate_unresolvableCredentials(this.clientSecretCredentialsId, this.privateKeyCredentialsId));
            return null;
        }
    }

    private boolean isValidToken(AdobeClientCredentials adobeClientCredentials) throws IdentityManagementApiException {
        Secret token = getToken();
        if (token == null) {
            return false;
        }
        try {
            return IdentityManagementApi.create(getApiUrl()).isValid(adobeClientCredentials, token.getPlainText());
        } catch (IdentityManagementApiException e) {
            LOGGER.warn(Messages.AdobeIOProjectConfig_warn_checkToken(e.getMessage()));
            return false;
        }
    }

    private void generateNewToken(AdobeClientCredentials adobeClientCredentials) throws IdentityManagementApiException, IOException {
        Secret fromString = Secret.fromString(IdentityManagementApi.create(this.apiUrl).authenticate(adobeClientCredentials));
        CredentialsStore credentialsStore = null;
        Domain domain = null;
        for (CredentialsStore credentialsStore2 : CredentialsProvider.lookupStores(Jenkins.get())) {
            if (credentialsStore2 != null) {
                domain = (Domain) credentialsStore2.getDomains().stream().filter(domain2 -> {
                    return !domain2.getSpecifications().isEmpty() && domain2.test(new DomainRequirement[]{getAIODomainRequirement()});
                }).findFirst().orElse(null);
                credentialsStore = credentialsStore2;
                if (domain != null) {
                    break;
                }
            }
        }
        if (credentialsStore == null || domain == null) {
            throw new NoSuchElementException(Messages.AdobeIOProjectConfig_error_unresolvableCredentialStore());
        }
        Optional aioScopedCredentialsFor = CredentialsUtil.aioScopedCredentialsFor(generateCredentialsId(), StringCredentials.class);
        StringCredentialsImpl stringCredentialsImpl = new StringCredentialsImpl(CredentialsScope.SYSTEM, generateCredentialsId(), Messages.AdobeIOProjectConfig_accessToken_description(getDisplayName()), fromString);
        if (aioScopedCredentialsFor.isPresent()) {
            credentialsStore.updateCredentials(domain, (Credentials) aioScopedCredentialsFor.get(), stringCredentialsImpl);
        } else {
            credentialsStore.addCredentials(domain, stringCredentialsImpl);
        }
    }

    @CheckForNull
    private Secret getToken() {
        return (Secret) CredentialsUtil.aioScopedCredentialsFor(generateCredentialsId(), StringCredentials.class).map((v0) -> {
            return v0.getSecret();
        }).orElse(null);
    }

    @Nonnull
    public String getDisplayName() {
        return Messages.AdobeIOProjectConfig_displayName(getName(), getImsOrganizationId());
    }

    private String generateCredentialsId() {
        String imsOrganizationId = getImsOrganizationId();
        return StringUtils.join(new String[]{getName(), imsOrganizationId != null ? Integer.toString(imsOrganizationId.hashCode()) : ""}, "-").replaceAll("[^a-zA-Z0-9_.-]+", "");
    }
}
