package com.microsoft.azure.util;

import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.CredentialsScope;
import com.cloudbees.plugins.credentials.impl.BaseStandardCredentials;
import com.microsoft.azure.AzureEnvironment;
import com.microsoft.azure.credentials.ApplicationTokenCredentials;
import com.microsoft.azure.management.Azure;
import com.microsoft.azure.management.resources.Subscription;
import hudson.Extension;
import hudson.security.ACL;
import hudson.util.FormValidation;
import hudson.util.Secret;
import java.io.Serializable;
import java.util.Collections;
import java.util.Iterator;
import jenkins.model.Jenkins;
import org.apache.commons.lang.StringUtils;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.QueryParameter;

/* loaded from: input_file:com/microsoft/azure/util/AzureCredentials.class */
public class AzureCredentials extends BaseStandardCredentials {
    private final ServicePrincipal data;

    /* loaded from: input_file:com/microsoft/azure/util/AzureCredentials$Constants.class */
    public static class Constants {
        public static final String DEFAULT_MANAGEMENT_URL = "https://management.core.windows.net/";
        public static final String DEFAULT_AUTHENTICATION_ENDPOINT = "https://login.microsoftonline.com/";
        public static final String DEFAULT_RESOURCE_MANAGER_ENDPOINT = "https://management.azure.com/";
        public static final String DEFAULT_GRAPH_ENDPOINT = "https://graph.windows.net/";
        public static final String DEFAULT_OAUTH_PREFIX = "https://login.windows.net/<TenantId>";
    }

    @Extension
    /* loaded from: input_file:com/microsoft/azure/util/AzureCredentials$DescriptorImpl.class */
    public static class DescriptorImpl extends BaseStandardCredentials.BaseStandardCredentialsDescriptor {
        public final String getDisplayName() {
            return "Microsoft Azure Service Principal";
        }

        public final String getDefaultServiceManagementURL() {
            return Constants.DEFAULT_MANAGEMENT_URL;
        }

        public final String getDefaultAuthenticationEndpoint() {
            return Constants.DEFAULT_AUTHENTICATION_ENDPOINT;
        }

        public final String getDefaultResourceManagerEndpoint() {
            return Constants.DEFAULT_RESOURCE_MANAGER_ENDPOINT;
        }

        public final String getDefaultGraphEndpoint() {
            return Constants.DEFAULT_GRAPH_ENDPOINT;
        }

        public final String getDefaultOAuthPrefix() {
            return Constants.DEFAULT_OAUTH_PREFIX;
        }

        public final FormValidation doVerifyConfiguration(@QueryParameter String str, @QueryParameter String str2, @QueryParameter String str3, @QueryParameter String str4, @QueryParameter String str5, @QueryParameter String str6, @QueryParameter String str7, @QueryParameter String str8) {
            try {
                new ServicePrincipal(str, str2, str3, str4, str5, str6, str7, str8).validate();
                return FormValidation.ok(Messages.Azure_Config_Success());
            } catch (ValidationException e) {
                return FormValidation.error(e.getMessage());
            }
        }
    }

    /* loaded from: input_file:com/microsoft/azure/util/AzureCredentials$ServicePrincipal.class */
    public static class ServicePrincipal implements Serializable {
        private final Secret subscriptionId;
        private final Secret clientId;
        private final Secret clientSecret;
        private final Secret oauth2TokenEndpoint;
        private final String serviceManagementURL;
        private final Secret tenant;
        private final String authenticationEndpoint;
        private final String resourceManagerEndpoint;
        private final String graphEndpoint;
        private static final int TOKEN_ENDPOINT_URL_ENDPOINT_POSTION = 3;

        public final String getSubscriptionId() {
            return this.subscriptionId == null ? "" : this.subscriptionId.getPlainText();
        }

        public final String getClientId() {
            return this.clientId == null ? "" : this.clientId.getPlainText();
        }

        public final String getClientSecret() {
            return this.clientSecret == null ? "" : this.clientSecret.getPlainText();
        }

        public final String getTenant() {
            return (this.tenant == null || StringUtils.isBlank(this.tenant.getPlainText())) ? this.oauth2TokenEndpoint != null ? getTenantFromTokenEndpoint(this.oauth2TokenEndpoint.getPlainText()) : getTenantFromTokenEndpoint("") : this.tenant.getPlainText();
        }

        public final String getServiceManagementURL() {
            return this.serviceManagementURL == null ? Constants.DEFAULT_MANAGEMENT_URL : this.serviceManagementURL;
        }

        public final String getAuthenticationEndpoint() {
            return this.authenticationEndpoint == null ? Constants.DEFAULT_AUTHENTICATION_ENDPOINT : this.authenticationEndpoint;
        }

        public final String getResourceManagerEndpoint() {
            return this.resourceManagerEndpoint == null ? Constants.DEFAULT_RESOURCE_MANAGER_ENDPOINT : this.resourceManagerEndpoint;
        }

        public final String getGraphEndpoint() {
            return this.graphEndpoint == null ? Constants.DEFAULT_GRAPH_ENDPOINT : this.graphEndpoint;
        }

        public ServicePrincipal(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8) {
            this.subscriptionId = Secret.fromString(str);
            this.clientId = Secret.fromString(str2);
            this.clientSecret = Secret.fromString(str3);
            this.oauth2TokenEndpoint = Secret.fromString(str4);
            this.tenant = Secret.fromString(getTenantFromTokenEndpoint(this.oauth2TokenEndpoint.getPlainText()));
            if (StringUtils.isBlank(str5)) {
                this.serviceManagementURL = Constants.DEFAULT_MANAGEMENT_URL;
            } else {
                this.serviceManagementURL = str5;
            }
            if (StringUtils.isBlank(str6)) {
                this.authenticationEndpoint = Constants.DEFAULT_AUTHENTICATION_ENDPOINT;
            } else {
                this.authenticationEndpoint = str6;
            }
            if (StringUtils.isBlank(str7)) {
                this.resourceManagerEndpoint = Constants.DEFAULT_RESOURCE_MANAGER_ENDPOINT;
            } else {
                this.resourceManagerEndpoint = str7;
            }
            if (StringUtils.isBlank(str8)) {
                this.graphEndpoint = Constants.DEFAULT_GRAPH_ENDPOINT;
            } else {
                this.graphEndpoint = str8;
            }
        }

        public ServicePrincipal() {
            this.subscriptionId = Secret.fromString("");
            this.clientId = Secret.fromString("");
            this.clientSecret = Secret.fromString("");
            this.oauth2TokenEndpoint = Secret.fromString("");
            this.tenant = Secret.fromString("");
            this.serviceManagementURL = Constants.DEFAULT_MANAGEMENT_URL;
            this.authenticationEndpoint = Constants.DEFAULT_AUTHENTICATION_ENDPOINT;
            this.resourceManagerEndpoint = Constants.DEFAULT_RESOURCE_MANAGER_ENDPOINT;
            this.graphEndpoint = Constants.DEFAULT_GRAPH_ENDPOINT;
        }

        public final boolean isBlank() {
            return StringUtils.isBlank(this.subscriptionId.getPlainText()) || StringUtils.isBlank(this.clientId.getPlainText()) || StringUtils.isBlank(this.oauth2TokenEndpoint.getPlainText()) || StringUtils.isBlank(this.clientSecret.getPlainText());
        }

        public final boolean validate() throws ValidationException {
            if (StringUtils.isBlank(this.subscriptionId.getPlainText())) {
                throw new ValidationException(Messages.Azure_SubscriptionID_Missing());
            }
            if (StringUtils.isBlank(this.clientId.getPlainText())) {
                throw new ValidationException(Messages.Azure_ClientID_Missing());
            }
            if (StringUtils.isBlank(this.clientSecret.getPlainText())) {
                throw new ValidationException(Messages.Azure_ClientSecret_Missing());
            }
            if (StringUtils.isBlank(this.oauth2TokenEndpoint.getPlainText())) {
                throw new ValidationException(Messages.Azure_OAuthToken_Missing());
            }
            if (StringUtils.isBlank(getTenant())) {
                throw new ValidationException(Messages.Azure_OAuthToken_Malformed());
            }
            try {
                String subscriptionId = getSubscriptionId();
                Iterator it = Azure.authenticate(new ApplicationTokenCredentials(getClientId(), getTenant(), getClientSecret(), new AzureEnvironment(getAuthenticationEndpoint(), getServiceManagementURL(), getResourceManagerEndpoint(), getGraphEndpoint()))).subscriptions().list().iterator();
                while (it.hasNext()) {
                    if (((Subscription) it.next()).subscriptionId().equalsIgnoreCase(subscriptionId)) {
                        return true;
                    }
                }
                throw new ValidationException(Messages.Azure_Invalid_SubscriptionId());
            } catch (Exception e) {
                throw new ValidationException(Messages.Azure_CantValidate());
            }
        }

        private static String getTenantFromTokenEndpoint(String str) {
            if (!str.matches("https{0,1}://[a-zA-Z0-9\\.]*/[a-z0-9\\-]*/?.*$")) {
                return "";
            }
            String[] split = str.split("/");
            return split.length < 4 ? "" : split[TOKEN_ENDPOINT_URL_ENDPOINT_POSTION];
        }
    }

    /* loaded from: input_file:com/microsoft/azure/util/AzureCredentials$ValidationException.class */
    public static class ValidationException extends Exception {
        public ValidationException(String str) {
            super(str);
        }
    }

    @DataBoundConstructor
    public AzureCredentials(CredentialsScope credentialsScope, String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8, String str9, String str10) {
        super(credentialsScope, str, str2);
        this.data = new ServicePrincipal(str3, str4, str5, str6, str7, str8, str9, str10);
    }

    public static ServicePrincipal getServicePrincipal(String str) {
        AzureCredentials firstOrNull = CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(AzureCredentials.class, Jenkins.getInstance(), ACL.SYSTEM, Collections.emptyList()), CredentialsMatchers.withId(str));
        return firstOrNull == null ? new ServicePrincipal() : firstOrNull.data;
    }

    public final String getSubscriptionId() {
        return this.data.subscriptionId.getPlainText();
    }

    public final String getClientId() {
        return this.data.clientId.getPlainText();
    }

    public final String getClientSecret() {
        return this.data.clientSecret.getEncryptedValue();
    }

    public final String getPlainClientSecret() {
        return this.data.clientSecret.getPlainText();
    }

    public final String getTenant() {
        return this.data.getTenant();
    }

    public final String getOauth2TokenEndpoint() {
        return this.data.oauth2TokenEndpoint.getPlainText();
    }

    public final String getServiceManagementURL() {
        return this.data.serviceManagementURL;
    }

    public final String getAuthenticationEndpoint() {
        return this.data.authenticationEndpoint;
    }

    public final String getResourceManagerEndpoint() {
        return this.data.resourceManagerEndpoint;
    }

    public final String getGraphEndpoint() {
        return this.data.graphEndpoint;
    }
}
