package org.jenkinsci.plugins.saml;

import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.Extension;
import hudson.Util;
import hudson.model.AbstractDescribableImpl;
import hudson.model.Descriptor;
import hudson.util.FormValidation;
import hudson.util.Secret;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Enumeration;
import javax.annotation.CheckForNull;
import org.apache.commons.lang.StringUtils;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.interceptor.RequirePOST;

/* loaded from: input_file:WEB-INF/lib/saml.jar:org/jenkinsci/plugins/saml/SamlEncryptionData.class */
public class SamlEncryptionData extends AbstractDescribableImpl<SamlEncryptionData> {
    private final String keystorePath;
    private Secret keystorePasswordSecret;
    private Secret privateKeyPasswordSecret;
    private final String privateKeyAlias;
    private final boolean forceSignRedirectBindingAuthnRequest;
    private boolean wantsAssertionsSigned;

    @Extension
    /* loaded from: input_file:WEB-INF/lib/saml.jar:org/jenkinsci/plugins/saml/SamlEncryptionData$DescriptorImpl.class */
    public static final class DescriptorImpl extends Descriptor<SamlEncryptionData> {
        public DescriptorImpl() {
        }

        public DescriptorImpl(Class<? extends SamlEncryptionData> cls) {
            super(cls);
        }

        @NonNull
        public String getDisplayName() {
            return "Encryption Configuration";
        }

        @RequirePOST
        public FormValidation doCheckKeystorePath(@QueryParameter String str) {
            return SamlFormValidation.checkStringAttributeFormat(str, SamlSecurityRealm.WARN_KEYSTORE_NOT_SET, true);
        }

        @RequirePOST
        public FormValidation doCheckPrivateKeyAlias(@QueryParameter String str) {
            return SamlFormValidation.checkStringAttributeFormat(str, SamlSecurityRealm.WARN_PRIVATE_KEY_ALIAS_NOT_SET, true);
        }

        @RequirePOST
        public FormValidation doCheckKeystorePassword(@QueryParameter String str) {
            return SamlFormValidation.checkStringAttributeFormat(str, SamlSecurityRealm.WARN_PRIVATE_KEYSTORE_PASS_NOT_SET, true);
        }

        @RequirePOST
        public FormValidation doCheckPrivateKeyPassword(@QueryParameter String str) {
            return SamlFormValidation.checkStringAttributeFormat(str, SamlSecurityRealm.WARN_PRIVATE_KEY_PASS_NOT_SET, true);
        }

        @RequirePOST
        public FormValidation doTestKeyStore(@QueryParameter("keystorePath") String str, @QueryParameter("keystorePassword") Secret secret, @QueryParameter("privateKeyPassword") Secret secret2, @QueryParameter("privateKeyAlias") String str2) {
            if (StringUtils.isBlank(str)) {
                return FormValidation.warning(SamlSecurityRealm.WARN_THERE_IS_NOT_KEY_STORE);
            }
            try {
                FileInputStream fileInputStream = new FileInputStream(str);
                try {
                    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                    keyStore.load(fileInputStream, secret.getPlainText().toCharArray());
                    KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(null);
                    if (StringUtils.isNotBlank(secret2.getPlainText())) {
                        passwordProtection = new KeyStore.PasswordProtection(secret2.getPlainText().toCharArray());
                    }
                    Enumeration<String> aliases = keyStore.aliases();
                    while (aliases.hasMoreElements()) {
                        String nextElement = aliases.nextElement();
                        if (StringUtils.isBlank(str2) || nextElement.equalsIgnoreCase(str2)) {
                            keyStore.getEntry(nextElement, passwordProtection);
                            FormValidation ok = FormValidation.ok(SamlSecurityRealm.SUCCESS);
                            fileInputStream.close();
                            return ok;
                        }
                    }
                    fileInputStream.close();
                    return FormValidation.error(SamlSecurityRealm.ERROR_NOT_KEY_FOUND);
                } catch (Throwable th) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } catch (IOException e) {
                return FormValidation.error(e, SamlSecurityRealm.ERROR_NOT_POSSIBLE_TO_READ_KS_FILE);
            } catch (KeyStoreException e2) {
                return FormValidation.error(e2, SamlSecurityRealm.ERROR_NO_PROVIDER_SUPPORTS_A_KS_SPI_IMPL);
            } catch (NoSuchAlgorithmException e3) {
                return FormValidation.error(e3, SamlSecurityRealm.ERROR_ALGORITHM_CANNOT_BE_FOUND);
            } catch (UnrecoverableKeyException e4) {
                return FormValidation.error(e4, SamlSecurityRealm.ERROR_WRONG_INFO_OR_PASSWORD);
            } catch (UnrecoverableEntryException e5) {
                return FormValidation.error(e5, SamlSecurityRealm.ERROR_INSUFFICIENT_OR_INVALID_INFO);
            } catch (CertificateException e6) {
                return FormValidation.error(e6, SamlSecurityRealm.ERROR_CERTIFICATES_COULD_NOT_BE_LOADED);
            }
        }
    }

    @DataBoundConstructor
    public SamlEncryptionData(String str, Secret secret, Secret secret2, String str2, boolean z, boolean z2) {
        this.keystorePath = Util.fixEmptyAndTrim(str);
        if (secret != null && StringUtils.isNotEmpty(secret.getPlainText())) {
            this.keystorePasswordSecret = secret;
        }
        if (secret2 != null && StringUtils.isNotEmpty(secret2.getPlainText())) {
            this.privateKeyPasswordSecret = secret2;
        }
        this.privateKeyAlias = Util.fixEmptyAndTrim(str2);
        this.forceSignRedirectBindingAuthnRequest = z;
        this.wantsAssertionsSigned = z2;
    }

    public String getKeystorePath() {
        return this.keystorePath;
    }

    @CheckForNull
    public Secret getKeystorePassword() {
        return this.keystorePasswordSecret;
    }

    @CheckForNull
    public String getKeystorePasswordPlainText() {
        if (this.keystorePasswordSecret != null) {
            return Util.fixEmptyAndTrim(this.keystorePasswordSecret.getPlainText());
        }
        return null;
    }

    @CheckForNull
    public Secret getPrivateKeyPassword() {
        return this.privateKeyPasswordSecret;
    }

    @CheckForNull
    public String getPrivateKeyPasswordPlainText() {
        if (this.privateKeyPasswordSecret != null) {
            return Util.fixEmptyAndTrim(this.privateKeyPasswordSecret.getPlainText());
        }
        return null;
    }

    public String getPrivateKeyAlias() {
        return this.privateKeyAlias;
    }

    public boolean isForceSignRedirectBindingAuthnRequest() {
        return this.forceSignRedirectBindingAuthnRequest;
    }

    public boolean isWantsAssertionsSigned() {
        return this.wantsAssertionsSigned;
    }

    public void setWantsAssertionsSigned(boolean z) {
        this.wantsAssertionsSigned = z;
    }

    public String toString() {
        return "SamlEncryptionData{keystorePath='" + StringUtils.defaultIfBlank(this.keystorePath, "none") + "', keystorePassword is NOT empty='" + (getKeystorePasswordPlainText() != null) + "', privateKeyPassword is NOT empty='" + (getPrivateKeyPasswordPlainText() != null) + "', privateKeyAlias is NOT empty='" + StringUtils.isNotEmpty(this.privateKeyAlias) + "', forceSignRedirectBindingAuthnRequest = " + this.forceSignRedirectBindingAuthnRequest + ", wantsAssertionsSigned = " + this.wantsAssertionsSigned + "}";
    }

    private Object readResolve() {
        return this;
    }
}
