package org.conjur.jenkins.api;

import com.cloudbees.hudson.plugins.folder.AbstractFolder;
import edu.umd.cs.findbugs.annotations.NonNull;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import hudson.model.AbstractItem;
import hudson.model.Hudson;
import hudson.model.ItemGroup;
import hudson.model.Job;
import hudson.model.ModelObject;
import hudson.model.Run;
import hudson.util.Secret;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import jenkins.model.GlobalConfiguration;
import jenkins.model.Jenkins;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;
import okhttp3.ResponseBody;
import org.apache.commons.lang.StringUtils;
import org.conjur.jenkins.authenticator.AbstractAuthenticator;
import org.conjur.jenkins.authenticator.ConjurAPIKeyAuthenticator;
import org.conjur.jenkins.authenticator.ConjurJWTAuthenticator;
import org.conjur.jenkins.configuration.ConjurConfiguration;
import org.conjur.jenkins.configuration.ConjurJITJobProperty;
import org.conjur.jenkins.configuration.FolderConjurConfiguration;
import org.conjur.jenkins.configuration.GlobalConjurConfiguration;
import org.conjur.jenkins.configuration.TelemetryConfiguration;
import org.conjur.jenkins.conjursecrets.ConjurSecretCredentials;
import org.conjur.jenkins.exceptions.AuthenticationConjurException;
import org.conjur.jenkins.exceptions.InvalidConjurSecretException;
import org.jenkinsci.plugins.workflow.job.WorkflowJob;
import org.kohsuke.stapler.Stapler;

/* loaded from: input_file:org/conjur/jenkins/api/ConjurAPI.class */
public class ConjurAPI {
    private static final Logger LOGGER = Logger.getLogger(ConjurAPI.class.getName());
    private static AbstractAuthenticator authenticator = null;

    private ConjurAPI() {
    }

    private static void defaultToEnvironment(ConjurAuthnInfo conjurAuthnInfo) {
        Map<String, String> map = System.getenv();
        if (conjurAuthnInfo.applianceUrl == null && map.containsKey("CONJUR_APPLIANCE_URL")) {
            conjurAuthnInfo.applianceUrl = map.get("CONJUR_APPLIANCE_URL");
        }
        if (conjurAuthnInfo.account == null && map.containsKey("CONJUR_ACCOUNT")) {
            conjurAuthnInfo.account = map.get("CONJUR_ACCOUNT");
        }
        if (conjurAuthnInfo.login == null && map.containsKey("CONJUR_AUTHN_LOGIN")) {
            conjurAuthnInfo.login = map.get("CONJUR_AUTHN_LOGIN");
        }
        if (conjurAuthnInfo.apiKey == null && map.containsKey("CONJUR_AUTHN_API_KEY")) {
            conjurAuthnInfo.apiKey = map.get("CONJUR_AUTHN_API_KEY").getBytes(StandardCharsets.US_ASCII);
        }
    }

    public static AbstractAuthenticator getAuthenticatorByName(String str) {
        AbstractAuthenticator abstractAuthenticator = null;
        if (str != null) {
            if (str.equalsIgnoreCase("JWT")) {
                abstractAuthenticator = new ConjurJWTAuthenticator();
            } else if (str.equalsIgnoreCase("APIKey")) {
                abstractAuthenticator = new ConjurAPIKeyAuthenticator();
            }
        }
        return abstractAuthenticator;
    }

    private static void setAuthenticator() {
        GlobalConjurConfiguration globalConjurConfiguration = (GlobalConjurConfiguration) GlobalConfiguration.all().get(GlobalConjurConfiguration.class);
        if (globalConjurConfiguration != null) {
            if (authenticator == null) {
                authenticator = getAuthenticatorByName(globalConjurConfiguration.getSelectAuthenticator());
            } else if (!authenticator.getName().equalsIgnoreCase(globalConjurConfiguration.getSelectAuthenticator())) {
                authenticator = getAuthenticatorByName(globalConjurConfiguration.getSelectAuthenticator());
            }
        }
        if (authenticator == null) {
            authenticator = new ConjurAPIKeyAuthenticator();
        }
        LOGGER.log(Level.FINEST, String.format("Authenticator set to: %s", authenticator.getName()));
    }

    @SuppressFBWarnings
    public static byte[] getAuthorizationToken(ConjurAuthnInfo conjurAuthnInfo, ModelObject modelObject) throws IOException {
        setAuthenticator();
        return authenticator.getAuthorizationToken(conjurAuthnInfo, modelObject);
    }

    public static ConjurAuthnInfo getConjurAuthnInfo(ConjurConfiguration conjurConfiguration, ModelObject modelObject) {
        if (authenticator == null) {
            setAuthenticator();
        }
        ConjurAuthnInfo conjurAuthnInfo = new ConjurAuthnInfo();
        conjurAuthnInfo.conjurConfiguration = conjurConfiguration;
        defaultToEnvironment(conjurAuthnInfo);
        if (conjurConfiguration != null) {
            String applianceURL = conjurConfiguration.getApplianceURL();
            if (applianceURL != null && !applianceURL.isEmpty()) {
                conjurAuthnInfo.applianceUrl = applianceURL;
            }
            String account = conjurConfiguration.getAccount();
            if (account != null && !account.isEmpty()) {
                conjurAuthnInfo.account = account;
            }
            conjurAuthnInfo.authnPath = "authn";
        }
        authenticator.fillAuthnInfo(conjurAuthnInfo, modelObject);
        return conjurAuthnInfo;
    }

    @SuppressFBWarnings
    public static byte[] getConjurSecret(OkHttpClient okHttpClient, ConjurConfiguration conjurConfiguration, byte[] bArr, String str) throws IOException {
        LOGGER.log(Level.FINEST, String.format("getConjurSecret: variable name %s", str));
        Response execute = okHttpClient.newCall(new Request.Builder().url(String.format("%s/secrets/%s/variable/%s", conjurConfiguration.getApplianceURL(), conjurConfiguration.getAccount(), str)).get().addHeader("x-cybr-telemetry", TelemetryConfiguration.getTelemetryHeader()).addHeader("Authorization", "Token token=\"" + new String(bArr, StandardCharsets.US_ASCII) + "\"").build()).execute();
        byte[] bArr2 = new byte[0];
        ResponseBody body = execute.body();
        if (body != null) {
            bArr2 = body.bytes();
        }
        LOGGER.log(Level.FINEST, () -> {
            return "getConjurSecret: Fetch secret from Conjur response code " + execute.code() + " - " + execute.message();
        });
        if (execute.code() == 200) {
            return bArr2;
        }
        if (execute.code() == 404) {
            throw new AuthenticationConjurException("No access");
        }
        throw new IOException(String.format("Error fetching secret from Conjur [%d - %s] %s", Integer.valueOf(execute.code()), execute.message(), new String(bArr2)));
    }

    public static ConjurConfiguration logConjurConfiguration(ConjurConfiguration conjurConfiguration) {
        if (conjurConfiguration != null) {
            LOGGER.log(Level.FINEST, "Conjur configuration provided");
            LOGGER.log(Level.FINEST, "Conjur Configuration Appliance Url:{0} ", conjurConfiguration.getApplianceURL());
            LOGGER.log(Level.FINEST, "Conjur Configuration Account: {0}", conjurConfiguration.getAccount());
            LOGGER.log(Level.FINEST, "Conjur Configuration credential ID:{0} ", conjurConfiguration.getCredentialID());
        }
        return conjurConfiguration;
    }

    public static ConjurConfiguration getConjurConfig(@NonNull ItemGroup<?> itemGroup) {
        ConjurConfiguration conjurConfiguration = null;
        ItemGroup<?> itemGroup2 = itemGroup;
        while (true) {
            ItemGroup<?> itemGroup3 = itemGroup2;
            if (!(itemGroup3 instanceof AbstractFolder)) {
                GlobalConjurConfiguration globalConjurConfiguration = (GlobalConjurConfiguration) GlobalConfiguration.all().get(GlobalConjurConfiguration.class);
                if (globalConjurConfiguration != null) {
                    conjurConfiguration = conjurConfiguration == null ? globalConjurConfiguration.getConjurConfiguration() : conjurConfiguration.mergeWithParent(globalConjurConfiguration.getConjurConfiguration());
                }
                if (conjurConfiguration == null) {
                    LOGGER.log(Level.SEVERE, "Missing configuration for Conjur Plugin");
                } else {
                    if (StringUtils.isEmpty(conjurConfiguration.getAccount())) {
                        LOGGER.log(Level.SEVERE, "Conjur Plugin missing Account field to be configured");
                    }
                    if (StringUtils.isEmpty(conjurConfiguration.getApplianceURL())) {
                        LOGGER.log(Level.SEVERE, "Conjur Plugin require ConjurURL field to be configured");
                    }
                    if (globalConjurConfiguration != null && globalConjurConfiguration.getSelectAuthenticator().equals("APIKey") && StringUtils.isEmpty(conjurConfiguration.getCredentialID())) {
                        LOGGER.log(Level.SEVERE, "Credentials not set for APIKey authenticator");
                    }
                }
                return conjurConfiguration;
            }
            FolderConjurConfiguration folderConjurConfiguration = ((AbstractFolder) itemGroup3).getProperties().get(FolderConjurConfiguration.class);
            if (folderConjurConfiguration != null) {
                if (folderConjurConfiguration.getConjurConfiguration() != null && !folderConjurConfiguration.getInheritFromParent().booleanValue()) {
                    return conjurConfiguration;
                }
                conjurConfiguration = conjurConfiguration != null ? conjurConfiguration.mergeWithParent(folderConjurConfiguration.getConjurConfiguration()) : folderConjurConfiguration.getConjurConfiguration();
            }
            itemGroup2 = ((AbstractFolder) itemGroup3).getParent();
        }
    }

    public static ConjurConfiguration getConfigurationFromContext(ModelObject modelObject) {
        GlobalConjurConfiguration globalConjurConfiguration;
        ConjurConfiguration conjurConfiguration = null;
        ConjurConfiguration conjurConfiguration2 = null;
        LOGGER.log(Level.FINEST, String.format("getConfigurationFromContext for context: %s", modelObject));
        if (modelObject != null) {
            if ((modelObject instanceof Hudson) && (globalConjurConfiguration = (GlobalConjurConfiguration) GlobalConfiguration.all().get(GlobalConjurConfiguration.class)) != null && globalConjurConfiguration.getConjurConfiguration() != null) {
                return globalConjurConfiguration.getConjurConfiguration();
            }
            if (modelObject instanceof Run) {
                Run run = (Run) modelObject;
                Job parent = run.getParent();
                ConjurJITJobProperty conjurJITJobProperty = (ConjurJITJobProperty) run.getParent().getProperty(ConjurJITJobProperty.class);
                if (conjurJITJobProperty != null) {
                    conjurConfiguration2 = conjurJITJobProperty.getConjurConfiguration();
                }
                conjurConfiguration = conjurConfiguration2 != null ? conjurConfiguration2.getInheritFromParent().booleanValue() ? conjurConfiguration2.mergeWithParent(getConjurConfig(parent.getParent())) : conjurConfiguration2 : getConjurConfig(parent.getParent());
            } else if (modelObject instanceof WorkflowJob) {
                ConjurJITJobProperty conjurJITJobProperty2 = (ConjurJITJobProperty) ((WorkflowJob) modelObject).getProperty(ConjurJITJobProperty.class);
                conjurConfiguration = ((conjurJITJobProperty2 == null || conjurJITJobProperty2.getConjurConfiguration() == null) ? new ConjurConfiguration() : conjurJITJobProperty2.getConjurConfiguration()).mergeWithParent(getConjurConfig(((WorkflowJob) modelObject).getParent()));
            } else if (modelObject instanceof AbstractFolder) {
                conjurConfiguration = getConjurConfig((ItemGroup) modelObject);
            } else if (modelObject instanceof AbstractItem) {
                conjurConfiguration = getConjurConfig(((AbstractItem) modelObject).getParent());
            }
        }
        LOGGER.log(Level.FINEST, String.format("getConfigurationFromContext for context END: returnConfig %s", conjurConfiguration));
        return conjurConfiguration;
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Code restructure failed: missing block: B:36:0x0249, code lost:
    
        switch(r32) {
            case 0: goto L41;
            case 1: goto L42;
            default: goto L91;
        };
     */
    /* JADX WARN: Code restructure failed: missing block: B:37:0x0264, code lost:
    
        r27 = r0.getString("value");
     */
    /* JADX WARN: Code restructure failed: missing block: B:39:0x0281, code lost:
    
        r29 = r29 + 1;
     */
    /* JADX WARN: Code restructure failed: missing block: B:40:0x0271, code lost:
    
        r28 = r0.getString("value").toLowerCase();
     */
    /* JADX WARN: Removed duplicated region for block: B:27:0x01f0  */
    /* JADX WARN: Removed duplicated region for block: B:63:0x034c  */
    /* JADX WARN: Removed duplicated region for block: B:69:0x039d  */
    /* JADX WARN: Removed duplicated region for block: B:74:0x03ec  */
    /* JADX WARN: Removed duplicated region for block: B:79:0x043e A[SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static java.util.Collection<com.cloudbees.plugins.credentials.common.StandardCredentials> getCredentialsForContext(@edu.umd.cs.findbugs.annotations.NonNull java.lang.Class<?> r9, hudson.model.ModelObject r10) throws java.lang.Exception {
        /*
            Method dump skipped, instructions count: 1173
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.conjur.jenkins.api.ConjurAPI.getCredentialsForContext(java.lang.Class, hudson.model.ModelObject):java.util.Collection");
    }

    public static Secret getSecretFromConjur(ModelObject modelObject, ModelObject modelObject2, String str) {
        Secret secret = null;
        try {
            ConjurConfiguration configurationFromContext = getConfigurationFromContext(modelObject);
            if (modelObject != null) {
                byte[] authorizationToken = getAuthorizationToken(modelObject2 == null ? getConjurAuthnInfo(configurationFromContext, modelObject) : getConjurAuthnInfo(configurationFromContext, modelObject2), modelObject);
                byte[] conjurSecret = getConjurSecret(ConjurAPIUtils.getHttpClient(configurationFromContext), configurationFromContext, authorizationToken, str);
                secret = Secret.fromString(new String(conjurSecret, StandardCharsets.UTF_8));
                Arrays.fill(authorizationToken, (byte) 0);
                Arrays.fill(conjurSecret, (byte) 0);
            }
            return secret;
        } catch (IOException e) {
            throw new InvalidConjurSecretException(e.getMessage(), e);
        } catch (Exception e2) {
            throw new InvalidConjurSecretException(e2.getMessage(), e2);
        }
    }

    public static boolean isInheritanceOn(ModelObject modelObject) {
        boolean z = true;
        if (modelObject instanceof Job) {
            try {
                ConjurJITJobProperty conjurJITJobProperty = (ConjurJITJobProperty) ((Job) modelObject).getProperty(ConjurJITJobProperty.class);
                if (conjurJITJobProperty != null && conjurJITJobProperty.getConjurConfiguration() != null && !conjurJITJobProperty.getConjurConfiguration().getInheritFromParent().booleanValue()) {
                    LOGGER.log(Level.FINEST, "There is no config assigned to Job/Item. Inheritance is off.");
                    z = false;
                }
            } catch (Exception e) {
                LOGGER.log(Level.FINEST, "Cannot get properties for Job/Item");
            }
        } else if (modelObject instanceof AbstractFolder) {
            try {
                FolderConjurConfiguration folderConjurConfiguration = ((AbstractFolder) modelObject).getProperties().get(FolderConjurConfiguration.class);
                if (folderConjurConfiguration != null) {
                    if (!folderConjurConfiguration.getInheritFromParent().booleanValue()) {
                        z = false;
                    }
                }
            } catch (Exception e2) {
                LOGGER.log(Level.FINEST, "Cannot get properties for AbstractFolder");
            }
        }
        return z;
    }

    public static Secret getSecretFromConjurWithInheritance(ModelObject modelObject, ConjurSecretCredentials conjurSecretCredentials, String str) {
        if (modelObject == null) {
            LOGGER.log(Level.FINEST, "No context set for function getSecretWithInheritance");
            modelObject = (ModelObject) Stapler.getCurrentRequest().findAncestorObject(ModelObject.class);
            if (modelObject == null) {
                LOGGER.log(Level.FINEST, "No context available for current request");
                modelObject = Jenkins.get();
            }
        }
        LOGGER.log(Level.FINEST, String.format("Get Secret with inheritance for context: %s", modelObject.getDisplayName()));
        while (true) {
            try {
                try {
                    LOGGER.log(Level.FINEST, String.format("Get config context %s", modelObject.getDisplayName()));
                    ConjurConfiguration configurationFromContext = getConfigurationFromContext(modelObject);
                    byte[] authorizationToken = getAuthorizationToken(getConjurAuthnInfo(configurationFromContext, modelObject), modelObject);
                    byte[] conjurSecret = getConjurSecret(ConjurAPIUtils.getHttpClient(configurationFromContext), configurationFromContext, authorizationToken, str);
                    Secret fromString = Secret.fromString(new String(conjurSecret, StandardCharsets.UTF_8));
                    conjurSecretCredentials.setContext(modelObject);
                    Arrays.fill(authorizationToken, (byte) 0);
                    Arrays.fill(conjurSecret, (byte) 0);
                    return fromString;
                } catch (AuthenticationConjurException e) {
                    if (isInheritanceOn(modelObject)) {
                        LOGGER.log(Level.FINEST, "Get config context exception: " + modelObject.getDisplayName() + " " + String.valueOf(modelObject));
                        if (modelObject instanceof Run) {
                            modelObject = ((Run) modelObject).getParent().getParent();
                        } else if (modelObject instanceof Job) {
                            modelObject = ((Job) modelObject).getParent();
                        } else if (modelObject instanceof AbstractFolder) {
                            modelObject = ((AbstractFolder) modelObject).getParent();
                        } else if (modelObject instanceof Hudson) {
                            LOGGER.log(Level.FINEST, "Get config context Invalid when inheritance is on!");
                            throw new InvalidConjurSecretException(e.getMessage(), e);
                        }
                    } else {
                        if (modelObject instanceof Hudson) {
                            LOGGER.log(Level.FINEST, "Get config context Invalid!");
                            throw new InvalidConjurSecretException(e.getMessage(), e);
                        }
                        modelObject = Jenkins.get();
                    }
                }
            } catch (IOException e2) {
                throw new InvalidConjurSecretException(e2.getMessage(), e2);
            }
        }
    }
}
