package org.conjur.jenkins.credentials;

import com.cloudbees.plugins.credentials.Credentials;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.common.CertificateCredentials;
import com.cloudbees.plugins.credentials.common.StandardCredentials;
import com.cloudbees.plugins.credentials.domains.DomainRequirement;
import hudson.Extension;
import hudson.model.Item;
import hudson.model.ItemGroup;
import hudson.model.ModelObject;
import hudson.security.ACL;
import java.time.Duration;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.concurrent.ConcurrentHashMap;
import java.util.function.Supplier;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import jenkins.model.GlobalConfiguration;
import jenkins.model.Jenkins;
import org.acegisecurity.Authentication;
import org.conjur.jenkins.configuration.GlobalConjurConfiguration;
import org.conjur.jenkins.conjursecrets.ConjurSecretCredentials;
import org.conjur.jenkins.conjursecrets.ConjurSecretUsernameCredentials;
import org.conjur.jenkins.conjursecrets.ConjurSecretUsernameSSHKeyCredentials;

@Extension
/* loaded from: input_file:org/conjur/jenkins/credentials/ConjurCredentialProvider.class */
public class ConjurCredentialProvider extends CredentialsProvider {
    private static final Logger LOGGER = Logger.getLogger(ConjurCredentialProvider.class.getName());
    private static final ConcurrentHashMap<String, Supplier<Collection<StandardCredentials>>> allCredentialSuppliers = new ConcurrentHashMap<>();
    private Supplier<Collection<StandardCredentials>> currentCredentialSupplier;

    public <C extends Credentials> List<C> getCredentials(@Nonnull Class<C> cls, @Nullable ItemGroup itemGroup, @Nullable Authentication authentication, @Nonnull List<DomainRequirement> list) {
        LOGGER.log(Level.FINE, "getCredentials (1)  type: " + cls + " itemGroup: " + itemGroup);
        return getCredentials(cls, itemGroup, authentication);
    }

    @Nonnull
    public <C extends Credentials> List<C> getCredentials(@Nonnull Class<C> cls, @Nonnull Item item, @Nonnull Authentication authentication, @Nonnull List<DomainRequirement> list) {
        LOGGER.log(Level.FINE, "getCredentials (2) type: " + cls + " item: " + item);
        return getCredentialsFromSupplier(cls, item, authentication);
    }

    @Nonnull
    public <C extends Credentials> List<C> getCredentials(@Nonnull Class<C> cls, ItemGroup itemGroup, Authentication authentication) {
        LOGGER.log(Level.FINE, "getCredentials (3) type: " + cls + " itemGroup: " + itemGroup);
        return getCredentialsFromSupplier(cls, itemGroup, authentication);
    }

    private <C extends Credentials> List<C> getCredentialsFromSupplier(@Nonnull Class<C> cls, ModelObject modelObject, Authentication authentication) {
        LOGGER.log(Level.FINE, "Type: " + cls.getName() + " authentication: " + authentication + " context: " + modelObject.getDisplayName());
        if (!cls.isInstance(CertificateCredentials.class) && (cls.isInstance(ConjurSecretCredentials.class) || cls == ConjurSecretUsernameCredentials.class || cls.isAssignableFrom(ConjurSecretCredentials.class) || cls.isAssignableFrom(ConjurSecretUsernameSSHKeyCredentials.class))) {
            LOGGER.log(Level.FINE, "*****");
            if (ACL.SYSTEM.equals(authentication)) {
                Collections.emptyList();
                LOGGER.log(Level.FINE, "**** getCredentials ConjurCredentialProvider: " + getId() + " : " + this);
                LOGGER.log(Level.FINE, "Getting Credentials from ConjurCredentialProvider @ " + modelObject.getClass().getName());
                LOGGER.log(Level.FINE, "To Fetch credentials");
                m10getStore(modelObject);
                if (this.currentCredentialSupplier != null) {
                    Stream<StandardCredentials> filter = this.currentCredentialSupplier.get().stream().filter(standardCredentials -> {
                        return cls.isAssignableFrom(standardCredentials.getClass());
                    });
                    Objects.requireNonNull(cls);
                    return (List) filter.map((v1) -> {
                        return r1.cast(v1);
                    }).collect(Collectors.toList());
                }
            }
        }
        return Collections.emptyList();
    }

    /* renamed from: getStore, reason: merged with bridge method [inline-methods] */
    public ConjurCredentialStore m10getStore(ModelObject modelObject) {
        GlobalConjurConfiguration globalConjurConfiguration = (GlobalConjurConfiguration) GlobalConfiguration.all().get(GlobalConjurConfiguration.class);
        LOGGER.log(Level.FINEST, "Global Conjur Configuration");
        if (globalConjurConfiguration == null || !globalConjurConfiguration.getEnableJWKS().booleanValue() || !globalConjurConfiguration.getEnableContextAwareCredentialStore().booleanValue()) {
            LOGGER.log(Level.FINE, "No Conjur Credential Store (Content Aware)");
            return null;
        }
        if (modelObject == Jenkins.get()) {
            return null;
        }
        ConjurCredentialStore conjurCredentialStore = null;
        if (modelObject != null) {
            String valueOf = String.valueOf(modelObject.hashCode());
            if (ConjurCredentialStore.getAllStores().containsKey(valueOf)) {
                LOGGER.log(Level.FINEST, "GetStore EXISTING ConjurCredentialProvider : " + modelObject.getClass().getName() + ": " + modelObject.toString() + " => " + modelObject.hashCode());
                conjurCredentialStore = ConjurCredentialStore.getAllStores().get(valueOf);
            } else {
                LOGGER.log(Level.FINEST, "GetStore NEW ConjurCredentialProvider : " + modelObject.getClass().getName() + ": " + modelObject.toString() + " => " + modelObject.hashCode());
                conjurCredentialStore = new ConjurCredentialStore(this, modelObject);
                Supplier<Collection<StandardCredentials>> memoizeWithExpiration = memoizeWithExpiration(CredentialsSupplier.standard(modelObject), Duration.ofSeconds(120L));
                ConjurCredentialStore.getAllStores().put(valueOf, conjurCredentialStore);
                allCredentialSuppliers.put(valueOf, memoizeWithExpiration);
            }
            this.currentCredentialSupplier = allCredentialSuppliers.get(valueOf);
        }
        return conjurCredentialStore;
    }

    public static ConcurrentHashMap<String, Supplier<Collection<StandardCredentials>>> getAllCredentialSuppliers() {
        return allCredentialSuppliers;
    }

    public String getIconClassName() {
        return "icon-conjur-credentials-store";
    }

    public static <T> Supplier<T> memoizeWithExpiration(Supplier<T> supplier, Duration duration) {
        return CustomSuppliers.memoizeWithExpiration(supplier, duration);
    }
}
