package com.cloudbees.plugins.credentials;

import com.cloudbees.plugins.credentials.builds.CredentialsParameterBinder;
import com.cloudbees.plugins.credentials.builds.CredentialsParameterBinding;
import com.cloudbees.plugins.credentials.common.IdCredentials;
import com.cloudbees.plugins.credentials.domains.DomainRequirement;
import com.cloudbees.plugins.credentials.fingerprints.ItemCredentialsFingerprintFacet;
import com.cloudbees.plugins.credentials.fingerprints.NodeCredentialsFingerprintFacet;
import edu.umd.cs.findbugs.annotations.CheckForNull;
import edu.umd.cs.findbugs.annotations.NonNull;
import edu.umd.cs.findbugs.annotations.Nullable;
import hudson.BulkChange;
import hudson.DescriptorExtensionList;
import hudson.ExtensionList;
import hudson.ExtensionPoint;
import hudson.Util;
import hudson.init.InitMilestone;
import hudson.model.AbstractBuild;
import hudson.model.Cause;
import hudson.model.Computer;
import hudson.model.ComputerSet;
import hudson.model.Describable;
import hudson.model.Descriptor;
import hudson.model.DescriptorVisibilityFilter;
import hudson.model.Fingerprint;
import hudson.model.Item;
import hudson.model.ItemGroup;
import hudson.model.Job;
import hudson.model.ModelObject;
import hudson.model.Node;
import hudson.model.Queue;
import hudson.model.Run;
import hudson.model.User;
import hudson.model.queue.Tasks;
import hudson.security.ACL;
import hudson.security.ACLContext;
import hudson.security.Permission;
import hudson.security.PermissionGroup;
import hudson.security.PermissionScope;
import hudson.security.SecurityRealm;
import hudson.util.ListBoxModel;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.nio.charset.Charset;
import java.security.DigestOutputStream;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.text.Collator;
import java.util.AbstractMap;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.Objects;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import jenkins.model.FingerprintFacet;
import jenkins.model.Jenkins;
import jenkins.util.Timer;
import org.acegisecurity.Authentication;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.apache.commons.io.IOUtils;
import org.apache.commons.io.output.NullOutputStream;
import org.apache.commons.lang.StringUtils;
import org.jenkins.ui.icon.IconSpec;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.DoNotUse;
import org.kohsuke.stapler.Stapler;
import org.kohsuke.stapler.StaplerRequest;

/* loaded from: input_file:WEB-INF/lib/credentials.jar:com/cloudbees/plugins/credentials/CredentialsProvider.class */
public abstract class CredentialsProvider extends Descriptor<CredentialsProvider> implements ExtensionPoint, Describable<CredentialsProvider>, IconSpec {
    public static final CredentialsProvider NONE = new CredentialsProvider() { // from class: com.cloudbees.plugins.credentials.CredentialsProvider.1
        @Override // com.cloudbees.plugins.credentials.CredentialsProvider
        @NonNull
        public <C extends Credentials> List<C> getCredentials(@NonNull Class<C> cls, @Nullable ItemGroup itemGroup, @Nullable Authentication authentication) {
            return Collections.emptyList();
        }
    };
    public static final PermissionGroup GROUP = new PermissionGroup(CredentialsProvider.class, Messages._CredentialsProvider_PermissionGroupTitle());
    public static final Permission USE_OWN;
    public static final Permission USE_ITEM;
    private static final Logger LOGGER;
    private static final PermissionScope[] SCOPES;
    public static final Permission CREATE;
    public static final Permission UPDATE;
    public static final Permission VIEW;
    public static final Permission DELETE;
    public static final Permission MANAGE_DOMAINS;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/credentials.jar:com/cloudbees/plugins/credentials/CredentialsProvider$ListBoxModelOptionComparator.class */
    public static class ListBoxModelOptionComparator implements Comparator<ListBoxModel.Option> {
        private final Locale locale;
        private transient Collator collator;

        public ListBoxModelOptionComparator() {
            StaplerRequest currentRequest = Stapler.getCurrentRequest();
            if (currentRequest != null) {
                this.locale = currentRequest.getLocale();
            } else {
                this.locale = Locale.getDefault();
            }
            this.collator = Collator.getInstance(this.locale);
        }

        @Override // java.util.Comparator
        public int compare(ListBoxModel.Option option, ListBoxModel.Option option2) {
            return this.collator.compare(option.name.toLowerCase(this.locale), option2.name.toLowerCase(this.locale));
        }
    }

    public CredentialsProvider() {
        super(Descriptor.self());
    }

    public static DescriptorExtensionList<Credentials, CredentialsDescriptor> allCredentialsDescriptors() {
        return Jenkins.get().getDescriptorList(Credentials.class);
    }

    @NonNull
    @Deprecated
    public static <C extends Credentials> List<C> lookupCredentials(@NonNull Class<C> cls) {
        return lookupCredentials(cls, (Item) null, ACL.SYSTEM);
    }

    @NonNull
    @Deprecated
    public static <C extends Credentials> List<C> lookupCredentials(@NonNull Class<C> cls, @Nullable Authentication authentication) {
        return lookupCredentials((Class) cls, (ItemGroup) Jenkins.get(), authentication);
    }

    @NonNull
    @Deprecated
    public static <C extends Credentials> List<C> lookupCredentials(@NonNull Class<C> cls, @Nullable Item item) {
        return item == null ? lookupCredentials((Class) cls, (ItemGroup) Jenkins.get(), ACL.SYSTEM) : lookupCredentials(cls, item, ACL.SYSTEM);
    }

    @NonNull
    @Deprecated
    public static <C extends Credentials> List<C> lookupCredentials(@NonNull Class<C> cls, @Nullable ItemGroup itemGroup) {
        return lookupCredentials(cls, itemGroup, ACL.SYSTEM);
    }

    @NonNull
    @Deprecated
    public static <C extends Credentials> List<C> lookupCredentials(@NonNull Class<C> cls, @Nullable ItemGroup itemGroup, @Nullable Authentication authentication) {
        return lookupCredentials(cls, itemGroup, authentication, (List<DomainRequirement>) Collections.emptyList());
    }

    @NonNull
    @Deprecated
    public static <C extends Credentials> List<C> lookupCredentials(@NonNull Class<C> cls, @Nullable Item item, @Nullable Authentication authentication) {
        return lookupCredentials(cls, item, authentication, (List<DomainRequirement>) Collections.emptyList());
    }

    @NonNull
    public static <C extends Credentials> List<C> lookupCredentials(@NonNull Class<C> cls, @Nullable ItemGroup itemGroup, @Nullable Authentication authentication, @Nullable DomainRequirement... domainRequirementArr) {
        return lookupCredentials(cls, itemGroup, authentication, (List<DomainRequirement>) Arrays.asList(domainRequirementArr));
    }

    @NonNull
    public static <C extends Credentials> List<C> lookupCredentials(@NonNull Class<C> cls, @Nullable ItemGroup itemGroup, @Nullable Authentication authentication, @Nullable List<DomainRequirement> list) {
        cls.getClass();
        ItemGroup itemGroup2 = itemGroup == null ? Jenkins.get() : itemGroup;
        Authentication authentication2 = authentication == null ? ACL.SYSTEM : authentication;
        List<DomainRequirement> emptyList = list == null ? Collections.emptyList() : list;
        CredentialsResolver resolver = CredentialsResolver.getResolver(cls);
        if (resolver != null) {
            LOGGER.log(Level.FINE, "Resolving legacy credentials of type {0} with resolver {1}", new Object[]{cls, resolver});
            List lookupCredentials = lookupCredentials(resolver.getFromClass(), itemGroup2, authentication2, emptyList);
            LOGGER.log(Level.FINE, "Original credentials for resolving: {0}", lookupCredentials);
            return resolver.resolve(lookupCredentials);
        }
        ArrayList arrayList = new ArrayList();
        HashSet hashSet = new HashSet();
        Iterator it = all().iterator();
        while (it.hasNext()) {
            CredentialsProvider credentialsProvider = (CredentialsProvider) it.next();
            if (credentialsProvider.isEnabled(itemGroup2) && credentialsProvider.isApplicable((Class<? extends Credentials>) cls)) {
                try {
                    for (C c : credentialsProvider.getCredentials(cls, itemGroup2, authentication2, emptyList)) {
                        if (!(c instanceof IdCredentials) || hashSet.add(((IdCredentials) c).getId())) {
                            arrayList.add(c);
                        }
                    }
                } catch (NoClassDefFoundError e) {
                    LOGGER.log(Level.FINE, "Could not retrieve provider credentials from " + credentialsProvider + " likely due to missing optional dependency", (Throwable) e);
                }
            }
        }
        Collections.sort(arrayList, new CredentialsNameComparator());
        return arrayList;
    }

    public static <C extends IdCredentials> ListBoxModel listCredentials(@NonNull Class<C> cls, @Nullable ItemGroup itemGroup, @Nullable Authentication authentication, @Nullable List<DomainRequirement> list, @Nullable CredentialsMatcher credentialsMatcher) {
        cls.getClass();
        ItemGroup itemGroup2 = itemGroup == null ? Jenkins.get() : itemGroup;
        Authentication authentication2 = authentication == null ? ACL.SYSTEM : authentication;
        List<DomainRequirement> emptyList = list == null ? Collections.emptyList() : list;
        CredentialsMatcher always = credentialsMatcher == null ? CredentialsMatchers.always() : credentialsMatcher;
        CredentialsResolver resolver = CredentialsResolver.getResolver(cls);
        if (resolver != null && IdCredentials.class.isAssignableFrom(resolver.getFromClass())) {
            LOGGER.log(Level.FINE, "Listing legacy credentials of type {0} identified by resolver {1}", new Object[]{cls, resolver});
            return listCredentials(resolver.getFromClass(), itemGroup2, authentication2, emptyList, always);
        }
        ListBoxModel listBoxModel = new ListBoxModel();
        HashSet hashSet = new HashSet();
        Iterator it = all().iterator();
        while (it.hasNext()) {
            CredentialsProvider credentialsProvider = (CredentialsProvider) it.next();
            if (credentialsProvider.isEnabled(itemGroup2) && credentialsProvider.isApplicable((Class<? extends Credentials>) cls)) {
                try {
                    Iterator it2 = credentialsProvider.getCredentialIds(cls, itemGroup2, authentication2, emptyList, always).iterator();
                    while (it2.hasNext()) {
                        ListBoxModel.Option option = (ListBoxModel.Option) it2.next();
                        if (hashSet.add(option.value)) {
                            listBoxModel.add(option);
                        }
                    }
                } catch (NoClassDefFoundError e) {
                    LOGGER.log(Level.FINE, "Could not retrieve provider credentials from " + credentialsProvider + " likely due to missing optional dependency", (Throwable) e);
                }
            }
        }
        Collections.sort(listBoxModel, new ListBoxModelOptionComparator());
        return listBoxModel;
    }

    @NonNull
    public static <C extends Credentials> List<C> lookupCredentials(@NonNull Class<C> cls, @Nullable Item item, @Nullable Authentication authentication, DomainRequirement... domainRequirementArr) {
        return lookupCredentials(cls, item, authentication, (List<DomainRequirement>) Arrays.asList(domainRequirementArr));
    }

    @NonNull
    public static <C extends Credentials> List<C> lookupCredentials(@NonNull Class<C> cls, @Nullable Item item, @Nullable Authentication authentication, @Nullable List<DomainRequirement> list) {
        cls.getClass();
        if (item == null) {
            return lookupCredentials((Class) cls, (ItemGroup) Jenkins.get(), authentication, list);
        }
        if (item instanceof ItemGroup) {
            return lookupCredentials(cls, (ItemGroup) item, authentication, list);
        }
        Authentication authentication2 = authentication == null ? ACL.SYSTEM : authentication;
        List<DomainRequirement> emptyList = list == null ? Collections.emptyList() : list;
        CredentialsResolver resolver = CredentialsResolver.getResolver(cls);
        if (resolver != null) {
            LOGGER.log(Level.FINE, "Resolving legacy credentials of type {0} with resolver {1}", new Object[]{cls, resolver});
            List lookupCredentials = lookupCredentials(resolver.getFromClass(), item, authentication2, emptyList);
            LOGGER.log(Level.FINE, "Original credentials for resolving: {0}", lookupCredentials);
            return resolver.resolve(lookupCredentials);
        }
        ArrayList arrayList = new ArrayList();
        HashSet hashSet = new HashSet();
        Iterator it = all().iterator();
        while (it.hasNext()) {
            CredentialsProvider credentialsProvider = (CredentialsProvider) it.next();
            if (credentialsProvider.isEnabled(item) && credentialsProvider.isApplicable((Class<? extends Credentials>) cls)) {
                try {
                    for (C c : credentialsProvider.getCredentials(cls, item, authentication2, emptyList)) {
                        if (!(c instanceof IdCredentials) || hashSet.add(((IdCredentials) c).getId())) {
                            arrayList.add(c);
                        }
                    }
                } catch (NoClassDefFoundError e) {
                    LOGGER.log(Level.FINE, "Could not retrieve provider credentials from " + credentialsProvider + " likely due to missing optional dependency", (Throwable) e);
                }
            }
        }
        Collections.sort(arrayList, new CredentialsNameComparator());
        return arrayList;
    }

    @NonNull
    public static <C extends IdCredentials> ListBoxModel listCredentials(@NonNull Class<C> cls, @Nullable Item item, @Nullable Authentication authentication, @Nullable List<DomainRequirement> list, @Nullable CredentialsMatcher credentialsMatcher) {
        cls.getClass();
        if (item == null) {
            return listCredentials((Class) cls, (ItemGroup) Jenkins.get(), authentication, list, credentialsMatcher);
        }
        if (item instanceof ItemGroup) {
            return listCredentials(cls, (ItemGroup) item, authentication, list, credentialsMatcher);
        }
        Authentication authentication2 = authentication == null ? ACL.SYSTEM : authentication;
        List<DomainRequirement> emptyList = list == null ? Collections.emptyList() : list;
        CredentialsResolver resolver = CredentialsResolver.getResolver(cls);
        if (resolver != null && IdCredentials.class.isAssignableFrom(resolver.getFromClass())) {
            LOGGER.log(Level.FINE, "Listing legacy credentials of type {0} identified by resolver {1}", new Object[]{cls, resolver});
            return listCredentials(resolver.getFromClass(), item, authentication2, emptyList, credentialsMatcher);
        }
        ListBoxModel listBoxModel = new ListBoxModel();
        HashSet hashSet = new HashSet();
        Iterator it = all().iterator();
        while (it.hasNext()) {
            CredentialsProvider credentialsProvider = (CredentialsProvider) it.next();
            if (credentialsProvider.isEnabled(item) && credentialsProvider.isApplicable((Class<? extends Credentials>) cls)) {
                try {
                    Iterator it2 = credentialsProvider.getCredentialIds(cls, item, authentication2, emptyList, credentialsMatcher).iterator();
                    while (it2.hasNext()) {
                        ListBoxModel.Option option = (ListBoxModel.Option) it2.next();
                        if (hashSet.add(option.value)) {
                            listBoxModel.add(option);
                        }
                    }
                } catch (NoClassDefFoundError e) {
                    LOGGER.log(Level.FINE, "Could not retrieve provider credentials from " + credentialsProvider + " likely due to missing optional dependency", (Throwable) e);
                }
            }
        }
        Collections.sort(listBoxModel, new ListBoxModelOptionComparator());
        return listBoxModel;
    }

    @CheckForNull
    public static Set<CredentialsScope> lookupScopes(ModelObject modelObject) {
        ModelObject unwrapContext = CredentialsDescriptor.unwrapContext(modelObject);
        LinkedHashSet linkedHashSet = null;
        Iterator it = all().iterator();
        while (it.hasNext()) {
            CredentialsProvider credentialsProvider = (CredentialsProvider) it.next();
            if (credentialsProvider.isEnabled(unwrapContext)) {
                try {
                    Set<CredentialsScope> scopes = credentialsProvider.getScopes(unwrapContext);
                    if (scopes != null) {
                        if (linkedHashSet == null) {
                            linkedHashSet = new LinkedHashSet();
                        }
                        linkedHashSet.addAll(scopes);
                    }
                } catch (NoClassDefFoundError e) {
                }
            }
        }
        return linkedHashSet;
    }

    public static boolean hasStores(ModelObject modelObject) {
        Iterator it = all().iterator();
        while (it.hasNext()) {
            CredentialsProvider credentialsProvider = (CredentialsProvider) it.next();
            if (credentialsProvider.isEnabled(modelObject) && credentialsProvider.getStore(modelObject) != null) {
                return true;
            }
        }
        return false;
    }

    public static Iterable<CredentialsStore> lookupStores(final ModelObject modelObject) {
        final ExtensionList<CredentialsProvider> all = all();
        return new Iterable<CredentialsStore>() { // from class: com.cloudbees.plugins.credentials.CredentialsProvider.2
            @Override // java.lang.Iterable
            public Iterator<CredentialsStore> iterator() {
                return new Iterator<CredentialsStore>() { // from class: com.cloudbees.plugins.credentials.CredentialsProvider.2.1
                    private ModelObject current;
                    private Iterator<CredentialsProvider> iterator;
                    private CredentialsStore next;

                    {
                        this.current = modelObject;
                        this.iterator = all.iterator();
                    }

                    @Override // java.util.Iterator
                    public boolean hasNext() {
                        Authentication authentication;
                        if (this.next != null) {
                            return true;
                        }
                        while (this.current != null) {
                            while (this.iterator.hasNext()) {
                                CredentialsProvider next = this.iterator.next();
                                if (next.isEnabled(modelObject)) {
                                    this.next = next.getStore(this.current);
                                    if (this.next != null) {
                                        return true;
                                    }
                                }
                            }
                            if (this.current instanceof Item) {
                                this.current = this.current.getParent();
                                this.iterator = all.iterator();
                            } else if (this.current instanceof User) {
                                Jenkins jenkins = Jenkins.get();
                                if (jenkins.hasPermission(CredentialsProvider.USE_ITEM) && this.current == User.current()) {
                                    authentication = Jenkins.getAuthentication();
                                } else {
                                    try {
                                        authentication = this.current.impersonate();
                                    } catch (UsernameNotFoundException e) {
                                        authentication = null;
                                    }
                                }
                                if (this.current == User.current() && jenkins.getACL().hasPermission(authentication, CredentialsProvider.USE_ITEM)) {
                                    this.current = jenkins;
                                    this.iterator = all.iterator();
                                } else {
                                    this.current = null;
                                }
                            } else if (this.current instanceof Jenkins) {
                                this.current = null;
                            } else if (this.current instanceof ComputerSet) {
                                this.current = Jenkins.get();
                                this.iterator = all.iterator();
                            } else if (this.current instanceof Computer) {
                                this.current = Jenkins.get();
                                this.iterator = all.iterator();
                            } else if (this.current instanceof Node) {
                                this.current = Jenkins.get();
                                this.iterator = all.iterator();
                            } else {
                                this.current = Jenkins.get();
                                this.iterator = all.iterator();
                            }
                        }
                        return false;
                    }

                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.util.Iterator
                    public CredentialsStore next() {
                        if (!hasNext()) {
                            throw new NoSuchElementException();
                        }
                        try {
                            return this.next;
                        } finally {
                            this.next = null;
                        }
                    }

                    @Override // java.util.Iterator
                    public void remove() {
                        throw new UnsupportedOperationException();
                    }
                };
            }
        };
    }

    public static <C extends Credentials> C snapshot(C c) {
        return (C) snapshot(Credentials.class, c);
    }

    public static <C extends Credentials> C snapshot(Class<C> cls, C c) {
        Class<C> cls2 = null;
        CredentialsSnapshotTaker credentialsSnapshotTaker = null;
        Iterator it = ExtensionList.lookup(CredentialsSnapshotTaker.class).iterator();
        while (it.hasNext()) {
            CredentialsSnapshotTaker credentialsSnapshotTaker2 = (CredentialsSnapshotTaker) it.next();
            if (cls.isAssignableFrom(credentialsSnapshotTaker2.type()) && credentialsSnapshotTaker2.type().isInstance(c) && (credentialsSnapshotTaker == null || cls2.isAssignableFrom(credentialsSnapshotTaker2.type()))) {
                credentialsSnapshotTaker = credentialsSnapshotTaker2;
                cls2 = credentialsSnapshotTaker2.type();
            }
        }
        return credentialsSnapshotTaker == null ? c : cls.cast(credentialsSnapshotTaker.snapshot(c));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NonNull
    public static Authentication getDefaultAuthenticationOf(Item item) {
        return item instanceof Queue.Task ? Tasks.getAuthenticationOf((Queue.Task) item) : ACL.SYSTEM;
    }

    @CheckForNull
    public static <C extends IdCredentials> C findCredentialById(@NonNull String str, @NonNull Class<C> cls, @NonNull Run<?, ?> run, DomainRequirement... domainRequirementArr) {
        return (C) findCredentialById(str, cls, run, (List<DomainRequirement>) Arrays.asList(domainRequirementArr));
    }

    @CheckForNull
    public static <C extends IdCredentials> C findCredentialById(@NonNull String str, @NonNull Class<C> cls, @NonNull Run<?, ?> run, @Nullable List<DomainRequirement> list) {
        User byId;
        Objects.requireNonNull(str);
        Objects.requireNonNull(cls);
        Objects.requireNonNull(run);
        String trim = str.trim();
        boolean z = false;
        boolean z2 = false;
        String str2 = null;
        CredentialsParameterBinding forParameterName = CredentialsParameterBinder.getOrCreate(run).forParameterName((trim.startsWith("${") && trim.endsWith("}")) ? trim.substring(2, trim.length() - 1) : trim);
        if (forParameterName != null) {
            z = true;
            str2 = forParameterName.getUserId();
            z2 = forParameterName.isDefaultValue();
            trim = Util.fixNull(forParameterName.getCredentialsId());
        }
        if (!z || z2) {
            Authentication defaultAuthenticationOf = getDefaultAuthenticationOf(run.getParent());
            ArrayList arrayList = new ArrayList(lookupCredentials((Class) cls, (Item) run.getParent(), defaultAuthenticationOf, list));
            if (defaultAuthenticationOf != ACL.SYSTEM && run.hasPermission(defaultAuthenticationOf, USE_ITEM)) {
                arrayList.addAll(lookupCredentials((Class) cls, (Item) run.getParent(), ACL.SYSTEM, list));
            }
            return (C) CredentialsMatchers.firstOrNull(arrayList, CredentialsMatchers.withId(trim));
        }
        Map.Entry<User, Run<?, ?>> triggeredBy = triggeredBy(run);
        Authentication impersonate = triggeredBy == null ? Jenkins.ANONYMOUS : triggeredBy.getKey().impersonate();
        ArrayList arrayList2 = new ArrayList();
        if (triggeredBy != null && run == triggeredBy.getValue() && run.hasPermission(impersonate, USE_OWN)) {
            arrayList2.addAll(lookupCredentials((Class) cls, (Item) run.getParent(), impersonate, list));
        }
        if (str2 != null && (byId = User.getById(str2, false)) != null) {
            Authentication impersonate2 = byId.impersonate();
            if (run.hasPermission(impersonate2, USE_OWN)) {
                arrayList2.addAll(lookupCredentials((Class) cls, (Item) run.getParent(), impersonate2, list));
            }
        }
        if (run.hasPermission(impersonate, USE_ITEM)) {
            Authentication defaultAuthenticationOf2 = getDefaultAuthenticationOf(run.getParent());
            arrayList2.addAll(lookupCredentials((Class) cls, (Item) run.getParent(), defaultAuthenticationOf2, list));
            if (defaultAuthenticationOf2 != ACL.SYSTEM && run.hasPermission(defaultAuthenticationOf2, USE_ITEM)) {
                arrayList2.addAll(lookupCredentials((Class) cls, (Item) run.getParent(), ACL.SYSTEM, list));
            }
        }
        C c = (C) CredentialsMatchers.firstOrNull(arrayList2, CredentialsMatchers.withId(trim));
        return run.isLogUpdated() ? (C) track(run, c) : c;
    }

    @CheckForNull
    private static Map.Entry<User, Run<?, ?>> triggeredBy(Run<?, ?> run) {
        Cause.UserIdCause cause = run.getCause(Cause.UserIdCause.class);
        if (cause != null) {
            User user = User.get(cause.getUserId(), false, Collections.emptyMap());
            if (user == null) {
                return null;
            }
            return new AbstractMap.SimpleImmutableEntry(user, run);
        }
        Cause.UpstreamCause cause2 = run.getCause(Cause.UpstreamCause.class);
        Run upstreamRun = cause2 != null ? cause2.getUpstreamRun() : null;
        while (true) {
            Run run2 = upstreamRun;
            if (run2 == null) {
                return null;
            }
            Cause.UserIdCause cause3 = run2.getCause(Cause.UserIdCause.class);
            if (cause3 != null) {
                User user2 = User.get(cause3.getUserId(), false, Collections.emptyMap());
                if (user2 == null) {
                    return null;
                }
                return new AbstractMap.SimpleImmutableEntry(user2, run2);
            }
            Cause.UpstreamCause cause4 = run2.getCause(Cause.UpstreamCause.class);
            upstreamRun = cause4 != null ? cause4.getUpstreamRun() : null;
        }
    }

    public static ExtensionList<CredentialsProvider> all() {
        return ExtensionList.lookup(CredentialsProvider.class);
    }

    public static List<CredentialsProvider> enabled() {
        ArrayList arrayList = new ArrayList((Collection) ExtensionList.lookup(CredentialsProvider.class));
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            if (!((CredentialsProvider) it.next()).isEnabled()) {
                it.remove();
            }
        }
        return arrayList;
    }

    public static List<CredentialsProvider> enabled(Object obj) {
        ArrayList arrayList = new ArrayList((Collection) ExtensionList.lookup(CredentialsProvider.class));
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            if (!((CredentialsProvider) it.next()).isEnabled(obj)) {
                it.remove();
            }
        }
        return arrayList;
    }

    public Descriptor<CredentialsProvider> getDescriptor() {
        return this;
    }

    public final boolean isEnabled() {
        return CredentialsProviderManager.isEnabled(this);
    }

    public boolean isEnabled(Object obj) {
        if (!isEnabled()) {
            return false;
        }
        Iterator it = DescriptorVisibilityFilter.all().iterator();
        while (it.hasNext()) {
            if (!((DescriptorVisibilityFilter) it.next()).filter(obj, this)) {
                return false;
            }
        }
        return true;
    }

    public String getDisplayName() {
        return StringUtils.join(StringUtils.splitByCharacterTypeCamelCase(getClass().getSimpleName()), ' ');
    }

    public String getIconClassName() {
        return "icon-credentials-credentials";
    }

    public Set<CredentialsScope> getScopes(ModelObject modelObject) {
        return null;
    }

    @CheckForNull
    public CredentialsStore getStore(@CheckForNull ModelObject modelObject) {
        return null;
    }

    @NonNull
    public abstract <C extends Credentials> List<C> getCredentials(@NonNull Class<C> cls, @Nullable ItemGroup itemGroup, @Nullable Authentication authentication);

    @NonNull
    public <C extends Credentials> List<C> getCredentials(@NonNull Class<C> cls, @Nullable ItemGroup itemGroup, @Nullable Authentication authentication, @NonNull List<DomainRequirement> list) {
        return getCredentials(cls, itemGroup, authentication);
    }

    @NonNull
    public <C extends IdCredentials> ListBoxModel getCredentialIds(@NonNull Class<C> cls, @Nullable ItemGroup itemGroup, @Nullable Authentication authentication, @NonNull List<DomainRequirement> list, @NonNull CredentialsMatcher credentialsMatcher) {
        ListBoxModel listBoxModel = new ListBoxModel();
        for (IdCredentials idCredentials : getCredentials(cls, itemGroup, authentication, list)) {
            if (credentialsMatcher.matches(idCredentials)) {
                listBoxModel.add(CredentialsNameProvider.name(idCredentials), idCredentials.getId());
            }
        }
        return listBoxModel;
    }

    @NonNull
    public <C extends Credentials> List<C> getCredentials(@NonNull Class<C> cls, @NonNull Item item, @Nullable Authentication authentication) {
        item.getClass();
        return getCredentials(cls, item.getParent(), authentication);
    }

    @NonNull
    public <C extends Credentials> List<C> getCredentials(@NonNull Class<C> cls, @NonNull Item item, @Nullable Authentication authentication, @NonNull List<DomainRequirement> list) {
        return getCredentials(cls, item instanceof ItemGroup ? (ItemGroup) item : item.getParent(), authentication, list);
    }

    @NonNull
    public <C extends IdCredentials> ListBoxModel getCredentialIds(@NonNull Class<C> cls, @NonNull Item item, @Nullable Authentication authentication, @NonNull List<DomainRequirement> list, @NonNull CredentialsMatcher credentialsMatcher) {
        if (item instanceof ItemGroup) {
            return getCredentialIds(cls, (ItemGroup) item, authentication, list, credentialsMatcher);
        }
        ListBoxModel listBoxModel = new ListBoxModel();
        for (IdCredentials idCredentials : getCredentials(cls, item, authentication, list)) {
            if (credentialsMatcher.matches(idCredentials)) {
                listBoxModel.add(CredentialsNameProvider.name(idCredentials), idCredentials.getId());
            }
        }
        return listBoxModel;
    }

    public final boolean isApplicable(Class<? extends Credentials> cls) {
        if (!isEnabled()) {
            return false;
        }
        Iterator it = ExtensionList.lookup(CredentialsDescriptor.class).iterator();
        while (it.hasNext()) {
            CredentialsDescriptor credentialsDescriptor = (CredentialsDescriptor) it.next();
            if (cls.isAssignableFrom(credentialsDescriptor.clazz) && isApplicable(credentialsDescriptor)) {
                return true;
            }
        }
        return false;
    }

    public final boolean isApplicable(Descriptor<?> descriptor) {
        if (!isEnabled()) {
            return false;
        }
        if ((descriptor instanceof CredentialsDescriptor) && !((CredentialsDescriptor) descriptor).isApplicable(this)) {
            return false;
        }
        Iterator it = DescriptorVisibilityFilter.all().iterator();
        while (it.hasNext()) {
            if (!((DescriptorVisibilityFilter) it.next()).filter(this, descriptor)) {
                return false;
            }
        }
        return _isApplicable(descriptor);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean _isApplicable(Descriptor<?> descriptor) {
        return true;
    }

    public final List<CredentialsDescriptor> getCredentialsDescriptors() {
        List<CredentialsDescriptor> apply = DescriptorVisibilityFilter.apply(this, ExtensionList.lookup(CredentialsDescriptor.class));
        if (!(apply instanceof ArrayList)) {
            apply = new ArrayList(apply);
        }
        Iterator<CredentialsDescriptor> it = apply.iterator();
        while (it.hasNext()) {
            if (!_isApplicable(it.next())) {
                it.remove();
            }
        }
        return apply;
    }

    public final boolean hasCredentialsDescriptors() {
        ExtensionList all = DescriptorVisibilityFilter.all();
        Iterator it = ExtensionList.lookup(CredentialsDescriptor.class).iterator();
        while (it.hasNext()) {
            CredentialsDescriptor credentialsDescriptor = (CredentialsDescriptor) it.next();
            Iterator it2 = all.iterator();
            while (true) {
                if (it2.hasNext()) {
                    if (!((DescriptorVisibilityFilter) it2.next()).filter(this, credentialsDescriptor)) {
                        break;
                    }
                } else if (_isApplicable(credentialsDescriptor)) {
                    return true;
                }
            }
        }
        return false;
    }

    @CheckForNull
    public static Fingerprint getFingerprintOf(@NonNull Credentials credentials) throws IOException {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("MD5");
            DigestOutputStream digestOutputStream = new DigestOutputStream(new NullOutputStream(), messageDigest);
            try {
                CredentialsStoreAction.FINGERPRINT_XML.toXML(credentials, new OutputStreamWriter(digestOutputStream, Charset.forName("UTF-8")));
                IOUtils.closeQuietly(digestOutputStream);
                return (Fingerprint) Jenkins.get().getFingerprintMap().get(Util.toHexString(messageDigest.digest()));
            } catch (Throwable th) {
                IOUtils.closeQuietly(digestOutputStream);
                throw th;
            }
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException("JLS mandates MD5 as a supported digest algorithm");
        }
    }

    @NonNull
    public static Fingerprint getOrCreateFingerprintOf(@NonNull Credentials credentials) throws IOException {
        Object[] objArr = new Object[2];
        objArr[0] = credentials instanceof IdCredentials ? ((IdCredentials) credentials).getId() : "unknown";
        objArr[1] = CredentialsNameProvider.name(credentials);
        String format = String.format("Credential id=%s name=%s", objArr);
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("MD5");
            DigestOutputStream digestOutputStream = new DigestOutputStream(new NullOutputStream(), messageDigest);
            try {
                CredentialsStoreAction.FINGERPRINT_XML.toXML(credentials, new OutputStreamWriter(digestOutputStream, Charset.forName("UTF-8")));
                IOUtils.closeQuietly(digestOutputStream);
                return Jenkins.get().getFingerprintMap().getOrCreate((AbstractBuild) null, format, messageDigest.digest());
            } catch (Throwable th) {
                IOUtils.closeQuietly(digestOutputStream);
                throw th;
            }
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException("JLS mandates MD5 as a supported digest algorithm");
        }
    }

    @CheckForNull
    public static <C extends Credentials> C track(@NonNull Run run, @CheckForNull C c) {
        if (c != null) {
            trackAll(run, Collections.singletonList(c));
        }
        return c;
    }

    @NonNull
    public static <C extends Credentials> List<C> trackAll(@NonNull Run run, C... cArr) {
        return cArr != null ? trackAll(run, Arrays.asList(cArr)) : Collections.emptyList();
    }

    @NonNull
    public static <C extends Credentials> List<C> trackAll(@NonNull Run run, @NonNull List<C> list) {
        for (C c : list) {
            if (c != null) {
                try {
                    getOrCreateFingerprintOf(c).addFor(run);
                } catch (IOException e) {
                    LOGGER.log(Level.FINEST, "Could not track usage of " + c, (Throwable) e);
                }
            }
        }
        return list;
    }

    @CheckForNull
    public static <C extends Credentials> C track(@NonNull Node node, @CheckForNull C c) {
        if (c != null) {
            trackAll(node, Collections.singletonList(c));
        }
        return c;
    }

    @NonNull
    public static <C extends Credentials> List<C> trackAll(@NonNull Node node, C... cArr) {
        return cArr != null ? trackAll(node, Arrays.asList(cArr)) : Collections.emptyList();
    }

    @NonNull
    public static <C extends Credentials> List<C> trackAll(@NonNull Node node, @NonNull List<C> list) {
        long currentTimeMillis = System.currentTimeMillis();
        String nodeName = node.getNodeName();
        HashSet hashSet = new HashSet();
        Iterator it = Jenkins.get().getNodes().iterator();
        while (it.hasNext()) {
            hashSet.add(((Node) it.next()).getNodeName());
        }
        for (C c : list) {
            if (c != null) {
                try {
                    Fingerprint orCreateFingerprintOf = getOrCreateFingerprintOf(c);
                    BulkChange bulkChange = new BulkChange(orCreateFingerprintOf);
                    try {
                        Collection facets = orCreateFingerprintOf.getFacets();
                        long j = currentTimeMillis;
                        Iterator it2 = facets.iterator();
                        while (it2.hasNext()) {
                            FingerprintFacet fingerprintFacet = (FingerprintFacet) it2.next();
                            if (fingerprintFacet instanceof NodeCredentialsFingerprintFacet) {
                                if (StringUtils.equals(nodeName, ((NodeCredentialsFingerprintFacet) fingerprintFacet).getNodeName())) {
                                    j = Math.min(j, fingerprintFacet.getTimestamp());
                                    it2.remove();
                                } else if (!hashSet.contains(((NodeCredentialsFingerprintFacet) fingerprintFacet).getNodeName())) {
                                    it2.remove();
                                }
                            }
                        }
                        if (hashSet.contains(node.getNodeName())) {
                            facets.add(new NodeCredentialsFingerprintFacet(node, orCreateFingerprintOf, j, currentTimeMillis));
                        }
                        bulkChange.commit();
                    } catch (Throwable th) {
                        bulkChange.commit();
                        throw th;
                        break;
                    }
                } catch (IOException e) {
                    LOGGER.log(Level.FINEST, "Could not track usage of " + c, (Throwable) e);
                }
            }
        }
        return list;
    }

    @CheckForNull
    public static <C extends Credentials> C track(@NonNull Item item, @CheckForNull C c) {
        if (c != null) {
            trackAll(item, Collections.singletonList(c));
        }
        return c;
    }

    @NonNull
    public static <C extends Credentials> List<C> trackAll(@NonNull Item item, C... cArr) {
        return cArr != null ? trackAll(item, Arrays.asList(cArr)) : Collections.emptyList();
    }

    @NonNull
    public static <C extends Credentials> List<C> trackAll(@NonNull Item item, @NonNull List<C> list) {
        long currentTimeMillis = System.currentTimeMillis();
        String fullName = item.getFullName();
        for (C c : list) {
            if (c != null) {
                try {
                    Fingerprint orCreateFingerprintOf = getOrCreateFingerprintOf(c);
                    BulkChange bulkChange = new BulkChange(orCreateFingerprintOf);
                    try {
                        Collection facets = orCreateFingerprintOf.getFacets();
                        long j = currentTimeMillis;
                        Iterator it = facets.iterator();
                        while (it.hasNext()) {
                            FingerprintFacet fingerprintFacet = (FingerprintFacet) it.next();
                            if ((fingerprintFacet instanceof ItemCredentialsFingerprintFacet) && StringUtils.equals(fullName, ((ItemCredentialsFingerprintFacet) fingerprintFacet).getItemFullName())) {
                                j = Math.min(j, fingerprintFacet.getTimestamp());
                                it.remove();
                            }
                        }
                        facets.add(new ItemCredentialsFingerprintFacet(item, orCreateFingerprintOf, j, currentTimeMillis));
                        bulkChange.commit();
                    } catch (Throwable th) {
                        bulkChange.commit();
                        throw th;
                        break;
                    }
                } catch (IOException e) {
                    LOGGER.log(Level.FINEST, "Could not track usage of " + c, (Throwable) e);
                }
            }
        }
        return list;
    }

    @Restricted({DoNotUse.class})
    public static void saveAll() throws IOException {
        LOGGER.entering(CredentialsProvider.class.getName(), "saveAll");
        try {
            final Jenkins jenkins = Jenkins.get();
            jenkins.checkPermission(Jenkins.ADMINISTER);
            LOGGER.log(Level.INFO, "Forced save credentials stores: Requested by {0}", StringUtils.defaultIfBlank(Jenkins.getAuthentication().getName(), "anonymous"));
            Timer.get().execute(new Runnable() { // from class: com.cloudbees.plugins.credentials.CredentialsProvider.3
                @Override // java.lang.Runnable
                public void run() {
                    try {
                        ACLContext as = ACL.as(ACL.SYSTEM);
                        Throwable th = null;
                        try {
                            if (jenkins.getInitLevel().compareTo(InitMilestone.JOB_LOADED) < 0) {
                                CredentialsProvider.LOGGER.log(Level.INFO, "Forced save credentials stores: Initialization has not completed");
                                while (jenkins.getInitLevel().compareTo(InitMilestone.JOB_LOADED) < 0) {
                                    CredentialsProvider.LOGGER.log(Level.INFO, "Forced save credentials stores: Sleeping for 1 second");
                                    try {
                                        Thread.sleep(1000L);
                                    } catch (InterruptedException e) {
                                        CredentialsProvider.LOGGER.log(Level.WARNING, "Forced save credentials stores: Aborting due to interrupt", (Throwable) e);
                                        if (as != null) {
                                            if (0 != 0) {
                                                try {
                                                    as.close();
                                                } catch (Throwable th2) {
                                                    th.addSuppressed(th2);
                                                }
                                            } else {
                                                as.close();
                                            }
                                        }
                                        CredentialsProvider.LOGGER.log(Level.INFO, "Forced save credentials stores: Completed");
                                        return;
                                    }
                                }
                                CredentialsProvider.LOGGER.log(Level.INFO, "Forced save credentials stores: Initialization has completed");
                            }
                            CredentialsProvider.LOGGER.log(Level.INFO, "Forced save credentials stores: Processing Jenkins");
                            for (CredentialsStore credentialsStore : CredentialsProvider.lookupStores(jenkins)) {
                                try {
                                    credentialsStore.save();
                                } catch (IOException e2) {
                                    CredentialsProvider.LOGGER.log(Level.WARNING, "Forced save credentials stores: Could not save " + credentialsStore, (Throwable) e2);
                                }
                            }
                            CredentialsProvider.LOGGER.log(Level.INFO, "Forced save credentials stores: Processing Items...");
                            int i = 0;
                            for (ModelObject modelObject : jenkins.getAllItems(Item.class)) {
                                i++;
                                if (i % 100 == 0) {
                                    CredentialsProvider.LOGGER.log(Level.INFO, "Forced save credentials stores: Processing Items ({0} processed)", Integer.valueOf(i));
                                }
                                for (CredentialsStore credentialsStore2 : CredentialsProvider.lookupStores(modelObject)) {
                                    if (modelObject == credentialsStore2.getContext()) {
                                        try {
                                            credentialsStore2.save();
                                        } catch (IOException e3) {
                                            CredentialsProvider.LOGGER.log(Level.WARNING, "Forced save credentials stores: Could not save " + credentialsStore2, (Throwable) e3);
                                        }
                                    }
                                }
                            }
                            CredentialsProvider.LOGGER.log(Level.INFO, "Forced save credentials stores: Processing Users...");
                            int i2 = 0;
                            for (ModelObject modelObject2 : User.getAll()) {
                                i2++;
                                if (i2 % 100 == 0) {
                                    CredentialsProvider.LOGGER.log(Level.INFO, "Forced save credentials stores: Processing Users ({0} processed)", Integer.valueOf(i2));
                                }
                                ACL.impersonate(new UsernamePasswordAuthenticationToken(modelObject2.getId(), "", new GrantedAuthority[]{SecurityRealm.AUTHENTICATED_AUTHORITY}));
                                for (CredentialsStore credentialsStore3 : CredentialsProvider.lookupStores(modelObject2)) {
                                    if (modelObject2 == credentialsStore3.getContext()) {
                                        try {
                                            credentialsStore3.save();
                                        } catch (IOException e4) {
                                            CredentialsProvider.LOGGER.log(Level.WARNING, "Forced save credentials stores: Could not save " + credentialsStore3, (Throwable) e4);
                                        }
                                    }
                                }
                            }
                            if (as != null) {
                                if (0 != 0) {
                                    try {
                                        as.close();
                                    } catch (Throwable th3) {
                                        th.addSuppressed(th3);
                                    }
                                } else {
                                    as.close();
                                }
                            }
                            CredentialsProvider.LOGGER.log(Level.INFO, "Forced save credentials stores: Completed");
                        } finally {
                        }
                    } catch (Throwable th4) {
                        CredentialsProvider.LOGGER.log(Level.INFO, "Forced save credentials stores: Completed");
                        throw th4;
                    }
                }
            });
            LOGGER.exiting(CredentialsProvider.class.getName(), "saveAll");
        } catch (Throwable th) {
            LOGGER.exiting(CredentialsProvider.class.getName(), "saveAll");
            throw th;
        }
    }

    static {
        USE_OWN = new Permission(GROUP, "UseOwn", Messages._CredentialsProvider_UseOwnPermissionDescription(), Boolean.getBoolean("com.cloudbees.plugins.credentials.UseOwnPermission") ? Jenkins.ADMINISTER : Job.BUILD, Boolean.getBoolean("com.cloudbees.plugins.credentials.UseOwnPermission"), new PermissionScope[]{PermissionScope.ITEM});
        USE_ITEM = new Permission(GROUP, "UseItem", Messages._CredentialsProvider_UseItemPermissionDescription(), Job.CONFIGURE, Boolean.getBoolean("com.cloudbees.plugins.credentials.UseItemPermission"), new PermissionScope[]{PermissionScope.ITEM});
        LOGGER = Logger.getLogger(CredentialsProvider.class.getName());
        SCOPES = new PermissionScope[]{PermissionScope.ITEM, PermissionScope.ITEM_GROUP, PermissionScope.JENKINS};
        CREATE = new Permission(GROUP, "Create", Messages._CredentialsProvider_CreatePermissionDescription(), Permission.CREATE, true, SCOPES);
        UPDATE = new Permission(GROUP, "Update", Messages._CredentialsProvider_UpdatePermissionDescription(), Permission.UPDATE, true, SCOPES);
        VIEW = new Permission(GROUP, "View", Messages._CredentialsProvider_ViewPermissionDescription(), Permission.READ, true, SCOPES);
        DELETE = new Permission(GROUP, "Delete", Messages._CredentialsProvider_DeletePermissionDescription(), Permission.DELETE, true, SCOPES);
        MANAGE_DOMAINS = new Permission(GROUP, "ManageDomains", Messages._CredentialsProvider_ManageDomainsPermissionDescription(), Permission.CONFIGURE, true, SCOPES);
    }
}
