package io.jenkins.plugins.credentials.secretsmanager;

import com.cloudbees.jenkins.plugins.sshcredentials.SSHUserPrivateKey;
import com.cloudbees.plugins.credentials.CredentialsNameProvider;
import com.cloudbees.plugins.credentials.CredentialsStore;
import com.cloudbees.plugins.credentials.CredentialsUnavailableException;
import com.cloudbees.plugins.credentials.NameWith;
import com.cloudbees.plugins.credentials.common.StandardCertificateCredentials;
import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials;
import com.cloudbees.plugins.credentials.impl.BaseStandardCredentials;
import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.Extension;
import hudson.util.Secret;
import io.jenkins.plugins.credentials.secretsmanager.SecretValue;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import javax.annotation.Nonnull;
import org.jenkinsci.plugins.plaincredentials.StringCredentials;

@NameWith(NameProvider.class)
/* loaded from: input_file:WEB-INF/lib/aws-secrets-manager-credentials-provider.jar:io/jenkins/plugins/credentials/secretsmanager/AwsCredentials.class */
abstract class AwsCredentials extends BaseStandardCredentials implements StringCredentials, StandardUsernamePasswordCredentials, SSHUserPrivateKey, StandardCertificateCredentials {
    private static final char[] NO_PASSWORD = new char[0];
    private static final Secret NO_SECRET = Secret.fromString("");
    static final String USERNAME_TAG = "jenkins:credentials:username";
    private final Map<String, String> tags;

    @Extension
    /* loaded from: input_file:WEB-INF/lib/aws-secrets-manager-credentials-provider.jar:io/jenkins/plugins/credentials/secretsmanager/AwsCredentials$DescriptorImpl.class */
    public static class DescriptorImpl extends BaseStandardCredentials.BaseStandardCredentialsDescriptor {
        @Nonnull
        public String getDisplayName() {
            return Messages.awsSecretsManagerSecret();
        }

        public /* bridge */ /* synthetic */ String getCheckIdUrl(CredentialsStore credentialsStore) throws UnsupportedEncodingException {
            return super.getCheckIdUrl(credentialsStore);
        }
    }

    /* loaded from: input_file:WEB-INF/lib/aws-secrets-manager-credentials-provider.jar:io/jenkins/plugins/credentials/secretsmanager/AwsCredentials$NameProvider.class */
    public static class NameProvider extends CredentialsNameProvider<AwsCredentials> {
        @NonNull
        public String getName(@NonNull AwsCredentials awsCredentials) {
            return awsCredentials.getId();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AwsCredentials(String str, String str2, Map<String, String> map) {
        super(str, str2);
        this.tags = map;
    }

    public Map<String, String> getTags() {
        return this.tags;
    }

    @Nonnull
    public Secret getSecret() {
        return Secret.fromString(getSecretString());
    }

    @NonNull
    public Secret getPassword() {
        return this.tags.containsKey(USERNAME_TAG) ? Secret.fromString(getSecretString()) : NO_SECRET;
    }

    @NonNull
    public String getUsername() {
        if (this.tags.containsKey(USERNAME_TAG)) {
            return this.tags.get(USERNAME_TAG);
        }
        throw new CredentialsUnavailableException("username", Messages.noUsernameError());
    }

    public Secret getPassphrase() {
        return NO_SECRET;
    }

    @NonNull
    public List<String> getPrivateKeys() {
        return Collections.singletonList(getPrivateKey());
    }

    @NonNull
    @Deprecated
    public String getPrivateKey() {
        String secretString = getSecretString();
        if (SshKeyValidator.isValid(secretString)) {
            return secretString;
        }
        throw new CredentialsUnavailableException("privateKey", Messages.noPrivateKeyError());
    }

    @NonNull
    public KeyStore getKeyStore() {
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(getSecretBinary());
            Throwable th = null;
            try {
                try {
                    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                    keyStore.load(byteArrayInputStream, NO_PASSWORD);
                    if (byteArrayInputStream != null) {
                        if (0 != 0) {
                            try {
                                byteArrayInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            byteArrayInputStream.close();
                        }
                    }
                    return keyStore;
                } finally {
                }
            } catch (Throwable th3) {
                if (byteArrayInputStream != null) {
                    if (th != null) {
                        try {
                            byteArrayInputStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        byteArrayInputStream.close();
                    }
                }
                throw th3;
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new CredentialsUnavailableException("keyStore", Messages.noCertificateError());
        }
    }

    private String getSecretString() {
        return (String) getSecretValue().match(new SecretValue.Matcher<String>() { // from class: io.jenkins.plugins.credentials.secretsmanager.AwsCredentials.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // io.jenkins.plugins.credentials.secretsmanager.SecretValue.Matcher
            public String string(String str) {
                return str;
            }

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // io.jenkins.plugins.credentials.secretsmanager.SecretValue.Matcher
            public String binary(byte[] bArr) {
                return null;
            }
        });
    }

    private byte[] getSecretBinary() {
        return (byte[]) getSecretValue().match(new SecretValue.Matcher<byte[]>() { // from class: io.jenkins.plugins.credentials.secretsmanager.AwsCredentials.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // io.jenkins.plugins.credentials.secretsmanager.SecretValue.Matcher
            public byte[] string(String str) {
                return null;
            }

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // io.jenkins.plugins.credentials.secretsmanager.SecretValue.Matcher
            public byte[] binary(byte[] bArr) {
                return bArr;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NonNull
    public abstract SecretValue getSecretValue();
}
