package org.conjur.jenkins.authenticator;

import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.common.UsernamePasswordCredentials;
import hudson.model.ModelObject;
import java.io.IOException;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.Collections;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import jenkins.model.Jenkins;
import okhttp3.MediaType;
import okhttp3.Request;
import okhttp3.RequestBody;
import okhttp3.Response;
import okhttp3.ResponseBody;
import org.acegisecurity.Authentication;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.conjur.jenkins.api.ConjurAPI;
import org.conjur.jenkins.api.ConjurAPIUtils;
import org.conjur.jenkins.api.ConjurAuthnInfo;
import org.conjur.jenkins.configuration.ConjurConfiguration;
import org.conjur.jenkins.exceptions.AuthenticationConjurException;

/* loaded from: input_file:org/conjur/jenkins/authenticator/ConjurAPIKeyAuthenticator.class */
public class ConjurAPIKeyAuthenticator extends AbstractAuthenticator {
    private static final Logger LOGGER = Logger.getLogger(ConjurAPIKeyAuthenticator.class.getName());
    public static final String CONJUR_JENKINS_PLUGIN = "CONJUR_JENKINS_PLUGIN";
    public static final Authentication CONJUR_JENKINS_PLUGIN2 = new UsernamePasswordAuthenticationToken(CONJUR_JENKINS_PLUGIN, CONJUR_JENKINS_PLUGIN);

    @Override // org.conjur.jenkins.authenticator.AbstractAuthenticator
    public String getName() {
        return "APIKey";
    }

    @Override // org.conjur.jenkins.authenticator.AbstractAuthenticator
    public byte[] getAuthorizationToken(ConjurAuthnInfo conjurAuthnInfo, ModelObject modelObject) throws IOException {
        byte[] bArr = null;
        LOGGER.log(Level.FINEST, String.format("getAuthorizationToken: authnPath %s account %s conjurAuthn.applianceUrl %s", conjurAuthnInfo.authnPath, conjurAuthnInfo.account, conjurAuthnInfo.applianceUrl));
        Request request = null;
        if (conjurAuthnInfo.apiKey != null && conjurAuthnInfo.login != null) {
            request = new Request.Builder().url(String.format("%s/%s/%s/%s/authenticate", conjurAuthnInfo.applianceUrl, conjurAuthnInfo.authnPath, conjurAuthnInfo.account, URLEncoder.encode(conjurAuthnInfo.login, "utf-8"))).post(RequestBody.create(MediaType.parse("text/plain"), conjurAuthnInfo.apiKey)).build();
        }
        if (request != null) {
            Response execute = ConjurAPIUtils.getHttpClient(conjurAuthnInfo.conjurConfiguration).newCall(request).execute();
            ResponseBody body = execute.body();
            if (body != null) {
                bArr = Base64.getEncoder().withoutPadding().encodeToString(body.string().getBytes(StandardCharsets.UTF_8)).getBytes(StandardCharsets.US_ASCII);
                LOGGER.log(Level.FINEST, () -> {
                    return String.format("Conjur Authenticate response %d - %s", Integer.valueOf(execute.code()), execute.message());
                });
            }
            if (execute.code() != 200) {
                if (execute.code() == 401) {
                    throw new AuthenticationConjurException(execute.code());
                }
                throw new IOException("[" + execute.code() + "] - " + execute.message());
            }
        } else {
            LOGGER.log(Level.SEVERE, "Cannot create http call. Authentication failed.");
        }
        return bArr;
    }

    @Override // org.conjur.jenkins.authenticator.AbstractAuthenticator
    public void fillAuthnInfo(ConjurAuthnInfo conjurAuthnInfo, ModelObject modelObject) {
        UsernamePasswordCredentials firstOrNull;
        ConjurConfiguration configurationFromContext = ConjurAPI.getConfigurationFromContext(modelObject);
        List lookupCredentials = CredentialsProvider.lookupCredentials(UsernamePasswordCredentials.class, Jenkins.get(), CONJUR_JENKINS_PLUGIN2, Collections.emptyList());
        if (configurationFromContext.getCredentialID() != null && !configurationFromContext.getCredentialID().isEmpty() && (firstOrNull = CredentialsMatchers.firstOrNull(lookupCredentials, CredentialsMatchers.withId(configurationFromContext.getCredentialID()))) != null) {
            conjurAuthnInfo.login = firstOrNull.getUsername();
            conjurAuthnInfo.apiKey = firstOrNull.getPassword().getPlainText().getBytes(StandardCharsets.US_ASCII);
        }
        LOGGER.log(Level.SEVERE, String.format("UsernamePasswordCredentials found %d for ID %s", Integer.valueOf(lookupCredentials.size()), configurationFromContext.getCredentialID()));
    }
}
