package com.delinea.secrets.jenkins.global.cred;

import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.CredentialsScope;
import com.cloudbees.plugins.credentials.CredentialsStore;
import com.cloudbees.plugins.credentials.common.StandardCredentials;
import com.cloudbees.plugins.credentials.common.StandardListBoxModel;
import com.cloudbees.plugins.credentials.impl.BaseStandardCredentials;
import com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl;
import com.delinea.secrets.jenkins.global.cred.VaultClient;
import com.delinea.secrets.jenkins.wrapper.cred.UserCredentials;
import hudson.Extension;
import hudson.model.Item;
import hudson.security.ACL;
import hudson.util.FormValidation;
import hudson.util.ListBoxModel;
import hudson.util.Secret;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.Collections;
import javax.annotation.Nullable;
import javax.servlet.ServletException;
import jenkins.model.Jenkins;
import org.apache.commons.lang.StringUtils;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.Stapler;
import org.kohsuke.stapler.verb.POST;

/* loaded from: input_file:com/delinea/secrets/jenkins/global/cred/SecretServerCredentials.class */
public class SecretServerCredentials extends UsernamePasswordCredentialsImpl implements StandardCredentials {
    private static final long serialVersionUID = 1;
    private final String vaultUrl;
    private final String credentialId;
    private final String secretId;
    private transient VaultClient.UsernamePassword vaultCredential;

    @Extension
    /* loaded from: input_file:com/delinea/secrets/jenkins/global/cred/SecretServerCredentials$DescriptorImpl.class */
    public static class DescriptorImpl extends BaseStandardCredentials.BaseStandardCredentialsDescriptor {
        public String getDisplayName() {
            return "Secret Server Vault Credentials";
        }

        @POST
        public ListBoxModel doFillCredentialIdItems(@AncestorInPath Item item) {
            return ((item != null || Jenkins.get().hasPermission(CredentialsProvider.CREATE)) && (item == null || item.hasPermission(CredentialsProvider.CREATE))) ? new StandardListBoxModel().includeEmptyValue().includeAs(ACL.SYSTEM, item, UserCredentials.class) : new StandardListBoxModel();
        }

        @POST
        public FormValidation doCheckCredentialId(@AncestorInPath Item item, @QueryParameter String str) throws IOException, ServletException {
            return ((item != null || Jenkins.get().hasPermission(CredentialsProvider.CREATE)) && (item == null || item.hasPermission(CredentialsProvider.CREATE))) ? StringUtils.isBlank(str) ? FormValidation.error("Credential ID is required.") : CredentialsProvider.lookupCredentials(UserCredentials.class, item, ACL.SYSTEM, Collections.emptyList()).stream().noneMatch(userCredentials -> {
                return userCredentials.getId().equals(str);
            }) ? FormValidation.error("Credential ID not found. Please provide a valid ID.") : FormValidation.ok() : FormValidation.error("You do not have permission to perform this action.");
        }

        @POST
        public FormValidation doCheckSecretId(@AncestorInPath Item item, @QueryParameter String str) throws IOException, ServletException {
            if ((item == null && !Jenkins.get().hasPermission(CredentialsProvider.CREATE)) || (item != null && !item.hasPermission(CredentialsProvider.CREATE))) {
                return FormValidation.error("You do not have permission to perform this action.");
            }
            if (StringUtils.isBlank(str)) {
                return FormValidation.error("Secret ID is required.");
            }
            try {
                Integer.parseInt(str);
                return FormValidation.ok();
            } catch (NumberFormatException e) {
                return FormValidation.error("ID must be an integer.");
            }
        }

        @POST
        public FormValidation doTestConnection(@AncestorInPath Item item, @QueryParameter("vaultUrl") String str, @QueryParameter("credentialId") String str2, @QueryParameter("secretId") String str3) {
            if ((item == null && !Jenkins.get().hasPermission(CredentialsProvider.CREATE)) || (item != null && !item.hasPermission(CredentialsProvider.CREATE))) {
                return FormValidation.error("You do not have permission to perform this action.");
            }
            if (StringUtils.isBlank(str2)) {
                return FormValidation.error("Credential ID is required to test the connection.");
            }
            if (StringUtils.isBlank(str)) {
                return FormValidation.error("Vault URL cannot be blank.");
            }
            try {
                UserCredentials userCredentials = UserCredentials.get(str2, item);
                new VaultClient().fetchCredentials(str, str3, userCredentials.getUsername(), userCredentials.getPassword().getPlainText());
                return FormValidation.ok("Connection successful.");
            } catch (Exception e) {
                return FormValidation.error("Failed to establish connection: " + e.getMessage());
            }
        }

        public /* bridge */ /* synthetic */ String getCheckIdUrl(CredentialsStore credentialsStore) throws UnsupportedEncodingException {
            return super.getCheckIdUrl(credentialsStore);
        }
    }

    @DataBoundConstructor
    public SecretServerCredentials(CredentialsScope credentialsScope, String str, String str2, String str3, String str4, String str5) {
        super(credentialsScope, str, str2, (String) null, (String) null);
        this.vaultUrl = str3;
        this.credentialId = str4;
        this.secretId = str5;
        this.vaultCredential = null;
    }

    public String getVaultUrl() {
        return this.vaultUrl;
    }

    public String getCredentialId() {
        return this.credentialId;
    }

    public String getSecretId() {
        return this.secretId;
    }

    public String getUsername() {
        return getVaultCredential(getContextItem()).getUsername();
    }

    public Secret getPassword() {
        return Secret.fromString(getVaultCredential(getContextItem()).getPassword());
    }

    @Nullable
    private Item getContextItem() {
        Item item;
        if (Stapler.getCurrentRequest() == null || (item = (Item) Stapler.getCurrentRequest().findAncestorObject(Item.class)) == null) {
            return null;
        }
        return item;
    }

    private VaultClient.UsernamePassword getVaultCredential(@Nullable Item item) {
        if (this.vaultCredential == null) {
            try {
                UserCredentials userCredentials = UserCredentials.get(this.credentialId, item);
                if (userCredentials == null) {
                    throw new RuntimeException("UserCredentials with the specified credentialId not found in the folder context.");
                }
                this.vaultCredential = new VaultClient().fetchCredentials(this.vaultUrl, this.secretId, userCredentials.getUsername(), userCredentials.getPassword().getPlainText());
            } catch (Exception e) {
                throw new RuntimeException("Failed to fetch credentials from vault. " + e.getMessage());
            }
        }
        return this.vaultCredential;
    }
}
