package com.google.jenkins.plugins.credentials.oauth;

import com.cloudbees.plugins.credentials.CredentialsScope;
import com.cloudbees.plugins.credentials.NameWith;
import com.fasterxml.jackson.core.JsonParseException;
import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.ImmutableList;
import com.google.jenkins.plugins.credentials.oauth.LegacyJsonKey;
import com.google.jenkins.plugins.credentials.oauth.ServiceAccountConfig;
import edu.umd.cs.findbugs.annotations.CheckForNull;
import edu.umd.cs.findbugs.annotations.NonNull;
import edu.umd.cs.findbugs.annotations.Nullable;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import hudson.Extension;
import java.io.FileInputStream;
import java.io.IOException;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import jenkins.model.Jenkins;
import org.kohsuke.stapler.DataBoundConstructor;

@NameWith(value = GoogleRobotNameProvider.class, priority = 50)
/* loaded from: input_file:com/google/jenkins/plugins/credentials/oauth/GoogleRobotPrivateKeyCredentials.class */
public final class GoogleRobotPrivateKeyCredentials extends GoogleRobotCredentials {
    private static final long serialVersionUID = -6768343254941345944L;
    private static final Logger LOGGER = Logger.getLogger(GoogleRobotPrivateKeyCredentials.class.getSimpleName());
    private ServiceAccountConfig serviceAccountConfig;

    @Deprecated
    private transient String secretsFile;

    @Deprecated
    private transient String p12File;

    /* loaded from: input_file:com/google/jenkins/plugins/credentials/oauth/GoogleRobotPrivateKeyCredentials$AccountIdNotSetException.class */
    public static class AccountIdNotSetException extends RuntimeException {
    }

    @Extension
    /* loaded from: input_file:com/google/jenkins/plugins/credentials/oauth/GoogleRobotPrivateKeyCredentials$Descriptor.class */
    public static class Descriptor extends AbstractGoogleRobotCredentialsDescriptor {
        public Descriptor() {
            this(new GoogleRobotCredentialsModule());
        }

        @VisibleForTesting
        Descriptor(GoogleRobotCredentialsModule googleRobotCredentialsModule) {
            super(GoogleRobotPrivateKeyCredentials.class, googleRobotCredentialsModule);
        }

        public String getDisplayName() {
            return Messages.GoogleRobotPrivateKeyCredentials_DisplayName();
        }
    }

    /* loaded from: input_file:com/google/jenkins/plugins/credentials/oauth/GoogleRobotPrivateKeyCredentials$InvalidSecretsFileException.class */
    public static class InvalidSecretsFileException extends RuntimeException {
        public InvalidSecretsFileException() {
        }

        public InvalidSecretsFileException(Throwable th) {
            super(th);
        }
    }

    /* loaded from: input_file:com/google/jenkins/plugins/credentials/oauth/GoogleRobotPrivateKeyCredentials$KeyTypeNotSetException.class */
    public static class KeyTypeNotSetException extends RuntimeException {
    }

    /* loaded from: input_file:com/google/jenkins/plugins/credentials/oauth/GoogleRobotPrivateKeyCredentials$MissingSecretsFileException.class */
    public static class MissingSecretsFileException extends RuntimeException {
    }

    /* loaded from: input_file:com/google/jenkins/plugins/credentials/oauth/GoogleRobotPrivateKeyCredentials$PrivateKeyNotSetException.class */
    public static class PrivateKeyNotSetException extends RuntimeException {
    }

    /* loaded from: input_file:com/google/jenkins/plugins/credentials/oauth/GoogleRobotPrivateKeyCredentials$SecretsFileNotFoundException.class */
    public static class SecretsFileNotFoundException extends RuntimeException {
        public SecretsFileNotFoundException(Throwable th) {
            super(th);
        }
    }

    @Deprecated
    public GoogleRobotPrivateKeyCredentials(String str, ServiceAccountConfig serviceAccountConfig, @Nullable GoogleRobotCredentialsModule googleRobotCredentialsModule) throws Exception {
        super(CredentialsScope.GLOBAL, "", str, googleRobotCredentialsModule);
        this.serviceAccountConfig = serviceAccountConfig;
    }

    @DataBoundConstructor
    public GoogleRobotPrivateKeyCredentials(@CheckForNull CredentialsScope credentialsScope, String str, String str2, ServiceAccountConfig serviceAccountConfig, @Nullable GoogleRobotCredentialsModule googleRobotCredentialsModule) throws Exception {
        super(credentialsScope, str, str2, googleRobotCredentialsModule);
        this.serviceAccountConfig = serviceAccountConfig;
    }

    @SuppressFBWarnings(value = {"RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE"}, justification = "For migration purposes: older credentials might not have had separate id or scope fields. These fields might be null when deserializing. The readResolve method sets defaults for null id and scope. Id defaults to getProjectId() and scope defaults to CredentialsScope.GLOBAL if null.")
    public Object readResolve() throws Exception {
        if (this.serviceAccountConfig == null) {
            this.serviceAccountConfig = new P12ServiceAccountConfig(getClientEmailFromSecretsFileAndLogErrors(), null, this.p12File);
        }
        return new GoogleRobotPrivateKeyCredentials(getScope() == null ? CredentialsScope.GLOBAL : getScope(), getId() == null ? getProjectId() : getId(), getProjectId(), this.serviceAccountConfig, getModule());
    }

    private String getClientEmailFromSecretsFileAndLogErrors() {
        try {
            return getClientEmailFromSecretsFile();
        } catch (InvalidSecretsFileException e) {
            LOGGER.log(Level.WARNING, String.format("Invalid SecretsFile format. Failed to set Service Account E-Mail Address on upgraded Credentials with Project Id '%s'.", getProjectId()));
            return null;
        } catch (MissingSecretsFileException e2) {
            LOGGER.log(Level.WARNING, String.format("SecretsFile is not set. Failed to set Service Account E-Mail Address on upgraded Credentials with Project Id '%s'.", getProjectId()));
            return null;
        } catch (SecretsFileNotFoundException e3) {
            LOGGER.log(Level.WARNING, String.format("SecretsFile could not be found. Failed to set Service Account E-Mail Address on upgraded Credentials with Project Id '%s'.", getProjectId()));
            return null;
        }
    }

    private String getClientEmailFromSecretsFile() throws MissingSecretsFileException, SecretsFileNotFoundException, InvalidSecretsFileException {
        if (this.secretsFile == null) {
            throw new MissingSecretsFileException();
        }
        try {
            LegacyJsonKey.Details web = LegacyJsonKey.load(getModule().getJsonFactory(), new FileInputStream(this.secretsFile)).getWeb();
            if (web == null) {
                throw new InvalidSecretsFileException();
            }
            String clientEmail = web.getClientEmail();
            if (clientEmail == null) {
                throw new InvalidSecretsFileException();
            }
            return clientEmail;
        } catch (JsonParseException e) {
            throw new InvalidSecretsFileException(e);
        } catch (IOException e2) {
            throw new SecretsFileNotFoundException(e2);
        }
    }

    public static List<ServiceAccountConfig.Descriptor> getServiceAccountConfigDescriptors() {
        Jenkins jenkins = Jenkins.get();
        return ImmutableList.of((ServiceAccountConfig.Descriptor) jenkins.getDescriptorOrDie(JsonServiceAccountConfig.class), (ServiceAccountConfig.Descriptor) jenkins.getDescriptorOrDie(P12ServiceAccountConfig.class));
    }

    @NonNull
    public String getUsername() throws KeyTypeNotSetException, AccountIdNotSetException {
        if (this.serviceAccountConfig == null) {
            throw new KeyTypeNotSetException();
        }
        String accountId = this.serviceAccountConfig.getAccountId();
        if (accountId == null) {
            throw new AccountIdNotSetException();
        }
        return accountId;
    }

    public static String getHelpFile() {
        return Jenkins.get().getDescriptorOrDie(GoogleRobotPrivateKeyCredentials.class).getHelpFile("credentials");
    }

    @Override // com.google.jenkins.plugins.credentials.oauth.GoogleOAuth2Credentials
    /* renamed from: getGoogleCredential, reason: merged with bridge method [inline-methods] */
    public GoogleCredential mo3getGoogleCredential(GoogleOAuth2ScopeRequirement googleOAuth2ScopeRequirement) throws KeyTypeNotSetException, AccountIdNotSetException, PrivateKeyNotSetException {
        if (this.serviceAccountConfig == null) {
            throw new KeyTypeNotSetException();
        }
        if (this.serviceAccountConfig.getAccountId() == null) {
            throw new AccountIdNotSetException();
        }
        if (this.serviceAccountConfig.getPrivateKey() == null) {
            throw new PrivateKeyNotSetException();
        }
        return new GoogleCredential.Builder().setTransport(getModule().getHttpTransport()).setJsonFactory(getModule().getJsonFactory()).setServiceAccountScopes(googleOAuth2ScopeRequirement.getScopes()).setServiceAccountId(this.serviceAccountConfig.getAccountId()).setServiceAccountPrivateKey(this.serviceAccountConfig.getPrivateKey()).build();
    }

    public ServiceAccountConfig getServiceAccountConfig() {
        return this.serviceAccountConfig;
    }
}
