package io.jenkins.plugins.ksm.credential;

import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.CredentialsScope;
import com.cloudbees.plugins.credentials.CredentialsStore;
import com.cloudbees.plugins.credentials.impl.BaseStandardCredentials;
import com.keepersecurity.secretsManager.core.LocalConfigStorage;
import com.keepersecurity.secretsManager.core.SecretsManager;
import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.Extension;
import hudson.model.Item;
import hudson.security.ACL;
import hudson.util.FormValidation;
import hudson.util.Secret;
import io.jenkins.plugins.ksm.KsmQuery;
import java.io.UnsupportedEncodingException;
import java.util.Collections;
import jenkins.model.Jenkins;
import org.jenkins.ui.icon.Icon;
import org.jenkins.ui.icon.IconSet;
import org.jenkins.ui.icon.IconType;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.verb.POST;

/* loaded from: input_file:WEB-INF/lib/keeper-secrets-manager.jar:io/jenkins/plugins/ksm/credential/KsmCredential.class */
public class KsmCredential extends BaseStandardCredentials {
    private String token;
    private Secret clientId;
    private Secret privateKey;
    private Secret appKey;
    private String hostname;
    private boolean skipSslVerification;
    private boolean allowConfigInject;
    public static final String tokenErrorPrefix = "Error:";
    public static final int tokenHashLength = 43;

    @Extension
    /* loaded from: input_file:WEB-INF/lib/keeper-secrets-manager.jar:io/jenkins/plugins/ksm/credential/KsmCredential$DescriptorImpl.class */
    public static class DescriptorImpl extends BaseStandardCredentials.BaseStandardCredentialsDescriptor {
        @NonNull
        public String getDisplayName() {
            return "Keeper Secrets Manager";
        }

        public FormValidation doCheckToken(@QueryParameter String str) {
            if (str.equals("")) {
                return FormValidation.ok();
            }
            if (str.startsWith(KsmCredential.tokenErrorPrefix)) {
                return FormValidation.error("There appears to be an error with the token.");
            }
            if (str.contains(":")) {
                String[] split = str.split(":");
                if (split.length != 2) {
                    return FormValidation.error("The token appears not to be the correct formatted.");
                }
                if (split[0].equals("")) {
                    return FormValidation.error("The token region code, before the colon, appears to be blank.");
                }
                if (split[1].length() != 43) {
                    return FormValidation.error("The token hash, after the colon, appears not to be the correct length.");
                }
            } else if (str.length() != 43) {
                return FormValidation.error("The token appears not to be the correct length.");
            }
            return FormValidation.ok();
        }

        public FormValidation doCheckHostname(@QueryParameter String str) {
            return str.trim().equals("") ? FormValidation.error("Hostname cannot be blank.") : FormValidation.ok();
        }

        public FormValidation doCheckDescription(@QueryParameter String str) {
            return str.trim().equals("") ? FormValidation.error("Description cannot be blank.") : FormValidation.ok();
        }

        @POST
        @Restricted({NoExternalUse.class})
        public FormValidation doTestCredential(@QueryParameter String str, @QueryParameter String str2, @QueryParameter String str3, @QueryParameter String str4, @QueryParameter boolean z) {
            Jenkins.get().checkPermission(Jenkins.ADMINISTER);
            String testCredentials = KsmQuery.testCredentials(str2, str3, str4, str, z);
            return testCredentials != null ? FormValidation.error(testCredentials) : FormValidation.ok();
        }

        public String getIconClassName() {
            return "icon-ksm";
        }

        public /* bridge */ /* synthetic */ String getCheckIdUrl(CredentialsStore credentialsStore) throws UnsupportedEncodingException {
            return super.getCheckIdUrl(credentialsStore);
        }

        static {
            for (String str : new String[]{"ksm"}) {
                IconSet.icons.addIcon(new Icon("icon-ksm icon-sm", String.format("keeper-secrets-manager/images/%s.svg", str), "width: 16px; height: 16px;", IconType.PLUGIN));
                IconSet.icons.addIcon(new Icon("icon-ksm icon-md", String.format("keeper-secrets-manager/images/%s.svg", str), "width: 24px; height: 24px;", IconType.PLUGIN));
                IconSet.icons.addIcon(new Icon("icon-ksm icon-lg", String.format("keeper-secrets-manager/images/%s.svg", str), "width: 32px; height: 32px;", IconType.PLUGIN));
                IconSet.icons.addIcon(new Icon("icon-ksm icon-xlg", String.format("keeper-secrets-manager/images/%s.svg", str), "width: 48px; height: 48px;", IconType.PLUGIN));
            }
        }
    }

    @DataBoundConstructor
    public KsmCredential(CredentialsScope credentialsScope, String str, String str2, String str3, Secret secret, Secret secret2, Secret secret3, String str4, boolean z, boolean z2) {
        super(credentialsScope, str, str2);
        if (!str3.trim().equals("") && !str3.trim().startsWith(tokenErrorPrefix)) {
            try {
                LocalConfigStorage redeemToken = KsmQuery.redeemToken(str3, str4);
                secret = Secret.fromString(redeemToken.getString(SecretsManager.KEY_CLIENT_ID));
                secret3 = Secret.fromString(redeemToken.getString(SecretsManager.KEY_APP_KEY));
                secret2 = Secret.fromString(redeemToken.getString(SecretsManager.KEY_PRIVATE_KEY));
                str4 = redeemToken.getString(SecretsManager.KEY_HOSTNAME);
                str3 = "";
            } catch (Exception e) {
                str3 = "Error: " + e.getMessage();
            }
        }
        if (!Secret.toString(secret).equals("") && !Secret.toString(secret2).equals("") && !Secret.toString(secret3).equals("")) {
            str3 = "";
        }
        this.token = str3.trim();
        this.clientId = secret;
        this.privateKey = secret2;
        this.appKey = secret3;
        this.hostname = str4;
        this.skipSslVerification = z;
        this.allowConfigInject = z2;
    }

    public String getToken() {
        return this.token;
    }

    public Secret getClientId() {
        return this.clientId;
    }

    public Secret getPrivateKey() {
        return this.privateKey;
    }

    public Secret getAppKey() {
        return this.appKey;
    }

    public String getHostname() {
        return this.hostname;
    }

    public boolean getSkipSslVerification() {
        return this.skipSslVerification;
    }

    public boolean getAllowConfigInject() {
        return this.allowConfigInject;
    }

    public String getCredentialError() {
        return this.token;
    }

    public static KsmCredential getCredentialFromId(String str) throws Exception {
        KsmCredential firstOrNull = CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(KsmCredential.class, (Item) null, ACL.SYSTEM, Collections.emptyList()), CredentialsMatchers.withId(str));
        if (firstOrNull == null) {
            throw new Exception("Cannot find the credential for the public id.");
        }
        return firstOrNull;
    }
}
