package org.conjur.jenkins.api;

import com.cloudbees.plugins.credentials.common.CertificateCredentials;
import hudson.model.Item;
import hudson.model.ItemGroup;
import hudson.util.FormValidation;
import hudson.util.Secret;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.stream.Collectors;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import jenkins.model.Jenkins;
import okhttp3.OkHttpClient;
import org.conjur.jenkins.configuration.ConjurConfiguration;
import org.conjur.jenkins.conjursecrets.ConjurSecretCredentials;
import org.conjur.jenkins.conjursecrets.ConjurSecretUsernameSSHKeyCredentials;
import org.conjur.jenkins.exceptions.InvalidConjurSecretException;
import org.kohsuke.stapler.Stapler;

/* loaded from: input_file:org/conjur/jenkins/api/ConjurAPIUtils.class */
public class ConjurAPIUtils {
    public static final Logger LOGGER = Logger.getLogger(ConjurAPIUtils.class.getName());

    static synchronized CertificateCredentials certificateFromConfiguration(ConjurConfiguration conjurConfiguration) {
        return conjurConfiguration.getCertificateCredentials();
    }

    static synchronized OkHttpClient httpClientWithCertificate(CertificateCredentials certificateCredentials) {
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(certificateCredentials.getKeyStore(), certificateCredentials.getPassword().getPlainText().toCharArray());
            KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(null, null);
            Enumeration<String> aliases = certificateCredentials.getKeyStore().aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                keyStore.setCertificateEntry(nextElement, certificateCredentials.getKeyStore().getCertificate(nextElement));
            }
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            SSLContext sSLContext = SSLContext.getInstance("TLSv1.3");
            sSLContext.init(keyManagers, trustManagers, new SecureRandom());
            return new OkHttpClient.Builder().sslSocketFactory(sSLContext.getSocketFactory(), (X509TrustManager) trustManagers[0]).build();
        } catch (Exception e) {
            throw new IllegalArgumentException("Error configuring server certificates.", e);
        }
    }

    public static synchronized OkHttpClient getHttpClient(ConjurConfiguration conjurConfiguration) {
        CertificateCredentials certificateFromConfiguration = certificateFromConfiguration(conjurConfiguration);
        return certificateFromConfiguration != null ? httpClientWithCertificate(certificateFromConfiguration) : new OkHttpClient.Builder().build();
    }

    public static StringBuffer getStringFromException(Exception exc) {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(String.format("%s%s", exc.getMessage(), System.lineSeparator()));
        for (StackTraceElement stackTraceElement : exc.getStackTrace()) {
            stringBuffer.append(String.format("%s%s", stackTraceElement.toString(), System.lineSeparator()));
        }
        return stringBuffer;
    }

    public static String defaultIfBlank(String str, String str2) {
        return (str == null || str.length() <= 0) ? str2 : str;
    }

    public static FormValidation validateCredential(ItemGroup<Item> itemGroup, ConjurSecretCredentials conjurSecretCredentials) {
        String plainText;
        Jenkins.get().checkPermission(Jenkins.ADMINISTER);
        try {
            conjurSecretCredentials.setContext(itemGroup);
            if (conjurSecretCredentials instanceof ConjurSecretUsernameSSHKeyCredentials) {
                plainText = ((ConjurSecretUsernameSSHKeyCredentials) conjurSecretCredentials).getPrivateKey();
            } else {
                LOGGER.log(Level.FINEST, String.format("Context set %s", itemGroup.getDisplayName()));
                Secret secret = conjurSecretCredentials.getSecret();
                plainText = secret != null ? secret.getPlainText() : null;
            }
            return (plainText == null || plainText.isEmpty()) ? FormValidation.error("FAILED to retrieve secret!") : FormValidation.ok("Successfully retrieved secret string");
        } catch (InvalidConjurSecretException e) {
            try {
                conjurSecretCredentials.setContext(getItemFromReferer());
                if (conjurSecretCredentials instanceof ConjurSecretUsernameSSHKeyCredentials) {
                    ((ConjurSecretUsernameSSHKeyCredentials) conjurSecretCredentials).getPrivateKey();
                } else {
                    Secret secret2 = conjurSecretCredentials.getSecret();
                    if (secret2 != null) {
                        secret2.getPlainText();
                    }
                }
                return FormValidation.ok("Successfully retrieved secret string");
            } catch (Exception e2) {
                LOGGER.log(Level.FINEST, "FAILED to retrieve secret!");
                return FormValidation.error("FAILED to retrieve secret: \n" + String.valueOf(e) + "\nPlease check Conjur configuration or add credentials from credentials page");
            }
        }
    }

    public static Item getItemFromReferer() throws URISyntaxException {
        return Jenkins.get().getItemByFullName(extractJobPathFromUrl(new URI(Stapler.getCurrentRequest().getReferer()).getPath()));
    }

    private static String extractJobPathFromUrl(String str) {
        if (str.contains("/job/")) {
            return (String) Arrays.stream(str.split("/job/")).filter(str2 -> {
                return !str2.isEmpty();
            }).map(str3 -> {
                return str3.replaceAll("/.*", "");
            }).collect(Collectors.joining("/"));
        }
        throw new IllegalArgumentException("Invalid job path: " + str);
    }
}
