package com.microsoft.jenkins.keyvault;

import com.azure.security.keyvault.secrets.models.KeyVaultSecret;
import com.cloudbees.plugins.credentials.CredentialsScope;
import com.cloudbees.plugins.credentials.CredentialsStore;
import com.cloudbees.plugins.credentials.common.StandardCertificateCredentials;
import com.microsoft.jenkins.keyvault.BaseSecretCredentials;
import edu.umd.cs.findbugs.annotations.CheckForNull;
import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.Extension;
import hudson.Util;
import hudson.model.Item;
import hudson.util.FormValidation;
import hudson.util.ListBoxModel;
import hudson.util.Secret;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.Base64;
import java.util.logging.Level;
import java.util.logging.LogRecord;
import java.util.logging.Logger;
import jenkins.model.Jenkins;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.verb.POST;

/* loaded from: input_file:com/microsoft/jenkins/keyvault/SecretCertificateCredentials.class */
public class SecretCertificateCredentials extends BaseSecretCredentials implements StandardCertificateCredentials {
    private static final long serialVersionUID = 1;
    private static final Logger LOGGER = Logger.getLogger(SecretCertificateCredentials.class.getName());
    private final Secret password;

    @Extension
    /* loaded from: input_file:com/microsoft/jenkins/keyvault/SecretCertificateCredentials$DescriptorImpl.class */
    public static class DescriptorImpl extends BaseSecretCredentials.DescriptorImpl {
        public String getDisplayName() {
            return Messages.Certificate_Credentials_Display_Name();
        }

        @POST
        public FormValidation doVerifyConfiguration(@AncestorInPath Item item, @QueryParameter String str, @QueryParameter String str2, @QueryParameter Secret secret) {
            if (item == null) {
                Jenkins.get().checkPermission(Jenkins.ADMINISTER);
            } else {
                item.checkPermission(Item.CONFIGURE);
            }
            try {
                try {
                    return !new SecretCertificateCredentials(CredentialsScope.SYSTEM, "", "", str, str2, secret).getKeyStore().aliases().hasMoreElements() ? FormValidation.error(Messages.Certificate_Credentials_Validation_No_Private_Key()) : FormValidation.ok(Messages.Certificate_Credentials_Validation_OK());
                } catch (KeyStoreException e) {
                    return FormValidation.error(e.getMessage());
                }
            } catch (Exception e2) {
                String message = e2.getMessage();
                if (message == null) {
                    message = Messages.Certificate_Credentials_Validation_Invalid();
                }
                return FormValidation.error(message);
            }
        }

        @Override // com.microsoft.jenkins.keyvault.BaseSecretCredentials.DescriptorImpl
        public /* bridge */ /* synthetic */ ListBoxModel doFillServicePrincipalIdItems(@AncestorInPath Item item, @QueryParameter("servicePrincipalId") String str) {
            return super.doFillServicePrincipalIdItems(item, str);
        }

        public /* bridge */ /* synthetic */ String getCheckIdUrl(CredentialsStore credentialsStore) throws UnsupportedEncodingException {
            return super.getCheckIdUrl(credentialsStore);
        }
    }

    @DataBoundConstructor
    public SecretCertificateCredentials(CredentialsScope credentialsScope, String str, String str2, String str3, String str4, Secret secret) {
        super(credentialsScope, str, str2, str3, str4);
        this.password = secret;
    }

    @NonNull
    public Secret getPassword() {
        return this.password;
    }

    @CheckForNull
    private static char[] toCharArray(@NonNull Secret secret) {
        String fixEmpty = Util.fixEmpty(secret.getPlainText());
        if (fixEmpty == null) {
            return null;
        }
        return fixEmpty.toCharArray();
    }

    @NonNull
    public KeyStore getKeyStore() {
        KeyVaultSecret keyVaultSecret = getKeyVaultSecret();
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            try {
                keyStore.load(new ByteArrayInputStream(Base64.getMimeDecoder().decode(keyVaultSecret.getValue())), toCharArray(this.password));
            } catch (IOException | NoSuchAlgorithmException | CertificateException e) {
                LogRecord logRecord = new LogRecord(Level.WARNING, "Credentials ID {0}: Could not load keystore from {1}");
                logRecord.setParameters(new Object[]{getId(), getSecretIdentifier()});
                logRecord.setThrown(e);
                LOGGER.log(logRecord);
            }
            return keyStore;
        } catch (KeyStoreException e2) {
            throw new IllegalStateException("PKCS12 is a keystore type per the JLS spec", e2);
        }
    }
}
