package hudson.plugins.tics;

import com.cloudbees.plugins.credentials.CredentialsMatcher;
import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.common.StandardCredentials;
import com.cloudbees.plugins.credentials.common.StandardListBoxModel;
import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials;
import com.cloudbees.plugins.credentials.domains.URIRequirementBuilder;
import com.google.common.base.MoreObjects;
import com.google.common.base.Splitter;
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import com.google.common.collect.UnmodifiableIterator;
import hudson.EnvVars;
import hudson.Util;
import hudson.model.Item;
import hudson.model.Job;
import hudson.security.ACL;
import hudson.util.ListBoxModel;
import hudson.util.Secret;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Optional;
import jenkins.model.Jenkins;
import org.apache.commons.lang3.tuple.Pair;
import org.jenkinsci.plugins.plaincredentials.StringCredentials;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.QueryParameter;

/* loaded from: input_file:hudson/plugins/tics/AuthHelper.class */
public final class AuthHelper {
    public static final String TICSAUTHTOKEN = "TICSAUTHTOKEN";

    private AuthHelper() {
    }

    private static <T extends StandardCredentials> Optional<T> lookupCredentials(Class<T> cls, Job<?, ?> job, String str) {
        if (Strings.isNullOrEmpty(str)) {
            return Optional.empty();
        }
        for (StandardCredentials standardCredentials : CredentialsProvider.lookupCredentialsInItem(cls, job, ACL.SYSTEM2, Collections.emptyList())) {
            if (str.equals(standardCredentials.getId())) {
                return Optional.of(standardCredentials);
            }
        }
        return Optional.empty();
    }

    public static Optional<Pair<String, String>> lookupUsernameAndPasswordFromCredentialsId(Job<?, ?> job, String str, EnvVars envVars) {
        Optional<Pair<String, String>> map = lookupCredentials(StandardUsernamePasswordCredentials.class, job, str).map(standardUsernamePasswordCredentials -> {
            return Pair.of(standardUsernamePasswordCredentials.getUsername(), Secret.toString(standardUsernamePasswordCredentials.getPassword()));
        });
        return map.isPresent() ? map : lookupTicsAuthToken(job, str, envVars).map(AuthHelper::decodeTokenToUsernamePassword);
    }

    public static Optional<String> lookupTicsAuthToken(Job<?, ?> job, String str, EnvVars envVars) {
        if (!Strings.isNullOrEmpty(str)) {
            return (Optional) lookupCredentials(StringCredentials.class, job, str).map(stringCredentials -> {
                return Optional.of(stringCredentials.getSecret().getPlainText());
            }).orElseThrow(() -> {
                return new IllegalArgumentException("The provided credentials are of the wrong type. Only two types are supported; username & password and secret text.");
            });
        }
        String str2 = (String) envVars.get(TICSAUTHTOKEN);
        return !Strings.isNullOrEmpty(str2) ? lookupCredentials(StringCredentials.class, job, str2).map(stringCredentials2 -> {
            return stringCredentials2.getSecret().getPlainText();
        }).or(() -> {
            return Optional.of(str2);
        }) : Optional.empty();
    }

    protected static Pair<String, String> decodeTokenToUsernamePassword(String str) {
        try {
            String[] split = new String(Base64.getDecoder().decode(str), StandardCharsets.UTF_8).split(":", 2);
            if (split.length != 2) {
                throw new IllegalStateException("Unexpected number of parts");
            }
            return Pair.of(split[0], split[1]);
        } catch (Exception e) {
            throw new IllegalArgumentException("Malformed authentication token. Please make sure you are using a valid token from the TICS Viewer.", e);
        }
    }

    public static Map<String, String> getPluginEnvMap(EnvVars envVars, String str) {
        LinkedHashMap newLinkedHashMap = Maps.newLinkedHashMap();
        UnmodifiableIterator it = ImmutableList.copyOf(Splitter.onPattern("\r?\n").split((CharSequence) MoreObjects.firstNonNull(str, ""))).iterator();
        while (it.hasNext()) {
            ArrayList newArrayList = Lists.newArrayList(Splitter.on("=").limit(2).split((String) it.next()));
            if (newArrayList.size() == 2) {
                newLinkedHashMap.put(((String) newArrayList.get(0)).trim(), Util.replaceMacro(((String) newArrayList.get(1)).trim(), envVars));
            }
        }
        return newLinkedHashMap;
    }

    public static ListBoxModel fillCredentialsDropdown(@AncestorInPath Item item, @QueryParameter String str) {
        CredentialsMatcher anyOf = CredentialsMatchers.anyOf(new CredentialsMatcher[]{CredentialsMatchers.instanceOf(StandardCredentials.class)});
        StandardListBoxModel standardListBoxModel = new StandardListBoxModel();
        if (item == null) {
            if (!Jenkins.get().hasPermission(Jenkins.ADMINISTER)) {
                return standardListBoxModel.includeCurrentValue(str);
            }
        } else if (!item.hasPermission(Item.CONFIGURE)) {
            return standardListBoxModel.includeCurrentValue(str);
        }
        return standardListBoxModel.includeEmptyValue().includeMatchingAs(ACL.SYSTEM2, item, StandardCredentials.class, str == null ? Collections.emptyList() : URIRequirementBuilder.fromUri(str.trim()).build(), anyOf);
    }
}
