package org.jenkinsci.plugins.graniteclient;

import com.cloudbees.jenkins.plugins.sshcredentials.SSHUserPrivateKey;
import com.cloudbees.plugins.credentials.Credentials;
import com.cloudbees.plugins.credentials.CredentialsDescriptor;
import com.cloudbees.plugins.credentials.CredentialsMatcher;
import com.cloudbees.plugins.credentials.CredentialsNameProvider;
import com.cloudbees.plugins.credentials.CredentialsScope;
import com.cloudbees.plugins.credentials.SystemCredentialsProvider;
import com.cloudbees.plugins.credentials.common.IdCredentials;
import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials;
import com.cloudbees.plugins.credentials.domains.DomainCredentials;
import com.cloudbees.plugins.credentials.impl.BaseStandardCredentials;
import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.model.Descriptor;
import hudson.util.Secret;
import java.io.IOException;
import java.security.KeyPair;
import java.security.UnrecoverableKeyException;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Collections;
import java.util.List;
import java.util.logging.Logger;
import javax.annotation.CheckForNull;
import jenkins.bouncycastle.api.PEMEncodable;
import jenkins.model.Jenkins;
import net.adamcin.httpsig.api.Key;
import net.adamcin.httpsig.ssh.jce.KeyFormat;
import net.adamcin.httpsig.ssh.jce.SSHKey;
import net.adamcin.httpsig.ssh.jce.UserKeysFingerprintKeyId;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/jenkinsci/plugins/graniteclient/GraniteNamedIdCredentials.class */
public abstract class GraniteNamedIdCredentials implements IdCredentials {
    private static final Logger LOGGER = Logger.getLogger(GraniteNamedIdCredentials.class.getName());
    private static final long serialVersionUID = -7611025520557823267L;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/jenkinsci/plugins/graniteclient/GraniteNamedIdCredentials$CredentialsIdMatcher.class */
    public static class CredentialsIdMatcher implements CredentialsMatcher {
        final String credentialsId;

        private CredentialsIdMatcher(String str) {
            this.credentialsId = str;
        }

        public boolean matches(@NonNull Credentials credentials) {
            if (this.credentialsId == null || this.credentialsId.isEmpty()) {
                return false;
            }
            if (credentials instanceof SSHUserPrivateKey) {
                return this.credentialsId.equals(((SSHUserPrivateKey) credentials).getId());
            }
            if (credentials instanceof IdCredentials) {
                return this.credentialsId.equals(((IdCredentials) credentials).getId());
            }
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/jenkinsci/plugins/graniteclient/GraniteNamedIdCredentials$SSHPrivateKeyNamedIdCredentials.class */
    public static class SSHPrivateKeyNamedIdCredentials extends GraniteNamedIdCredentials {
        private static final long serialVersionUID = -8908675817671402062L;
        private final SSHUserPrivateKey wrapped;

        SSHPrivateKeyNamedIdCredentials(SSHUserPrivateKey sSHUserPrivateKey) {
            this.wrapped = sSHUserPrivateKey;
        }

        @NonNull
        public String getId() {
            return this.wrapped.getId();
        }

        @Override // org.jenkinsci.plugins.graniteclient.GraniteNamedIdCredentials
        public String getName() {
            Key keyFromCredentials = getKeyFromCredentials(this.wrapped);
            if (keyFromCredentials == null) {
                return "[Signature] <failed to read SSH key> " + getId();
            }
            StringBuilder append = new StringBuilder("[Signature] ").append(new UserKeysFingerprintKeyId(this.wrapped.getUsername()).getId(keyFromCredentials));
            if (!this.wrapped.getDescription().trim().isEmpty()) {
                append.append(" (").append(this.wrapped.getDescription()).append(")");
            }
            return append.toString();
        }

        @Override // org.jenkinsci.plugins.graniteclient.GraniteNamedIdCredentials
        protected Credentials getWrappedCredentials() {
            return this.wrapped;
        }

        @Override // org.jenkinsci.plugins.graniteclient.GraniteNamedIdCredentials
        @NonNull
        /* renamed from: getDescriptor */
        public /* bridge */ /* synthetic */ Descriptor mo10getDescriptor() {
            return super.mo10getDescriptor();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/jenkinsci/plugins/graniteclient/GraniteNamedIdCredentials$URIUserInfoCredentials.class */
    public static class URIUserInfoCredentials extends BaseStandardCredentials implements StandardUsernamePasswordCredentials {
        private String username;
        private Secret password;
        private StandardUsernamePasswordCredentials wrapped;

        URIUserInfoCredentials(String str, String str2, StandardUsernamePasswordCredentials standardUsernamePasswordCredentials) {
            super("URIUserInfoCredentials_" + str, "");
            if (str == null) {
                throw new NullPointerException("username");
            }
            this.username = str;
            this.password = (str2 == null || str2.isEmpty()) ? null : Secret.fromString(str2);
            this.wrapped = standardUsernamePasswordCredentials;
        }

        @NonNull
        public String getUsername() {
            return this.username;
        }

        @NonNull
        public Secret getPassword() {
            return this.password != null ? this.password : this.wrapped != null ? this.wrapped.getPassword() : Secret.fromString("admin");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/jenkinsci/plugins/graniteclient/GraniteNamedIdCredentials$URIUserInfoCredentialsWithSSHKey.class */
    public static class URIUserInfoCredentialsWithSSHKey extends BaseStandardCredentials implements SSHUserPrivateKey {
        private String username;
        private SSHUserPrivateKey wrapped;

        URIUserInfoCredentialsWithSSHKey(String str, SSHUserPrivateKey sSHUserPrivateKey) {
            super("URIUserInfoCredentialsWithSSHKey_" + str, "");
            if (str == null) {
                throw new NullPointerException("username");
            }
            if (sSHUserPrivateKey == null) {
                throw new NullPointerException("wrapped");
            }
            this.username = str;
            this.wrapped = sSHUserPrivateKey;
        }

        @NonNull
        public List<String> getPrivateKeys() {
            return this.wrapped.getPrivateKeys();
        }

        @NonNull
        public String getPrivateKey() {
            return this.wrapped.getPrivateKey();
        }

        public Secret getPassphrase() {
            return this.wrapped.getPassphrase();
        }

        @NonNull
        public String getUsername() {
            return this.username;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/jenkinsci/plugins/graniteclient/GraniteNamedIdCredentials$UserPassNamedIdCredentials.class */
    public static class UserPassNamedIdCredentials extends GraniteNamedIdCredentials {
        private static final long serialVersionUID = -7566342113168803477L;
        private final StandardUsernamePasswordCredentials wrapped;

        UserPassNamedIdCredentials(StandardUsernamePasswordCredentials standardUsernamePasswordCredentials) {
            this.wrapped = standardUsernamePasswordCredentials;
        }

        @Override // org.jenkinsci.plugins.graniteclient.GraniteNamedIdCredentials
        public String getName() {
            return CredentialsNameProvider.name(this.wrapped);
        }

        @Override // org.jenkinsci.plugins.graniteclient.GraniteNamedIdCredentials
        protected Credentials getWrappedCredentials() {
            return this.wrapped;
        }

        @NonNull
        public String getId() {
            return this.wrapped.getId();
        }

        @Override // org.jenkinsci.plugins.graniteclient.GraniteNamedIdCredentials
        @NonNull
        /* renamed from: getDescriptor */
        public /* bridge */ /* synthetic */ Descriptor mo10getDescriptor() {
            return super.mo10getDescriptor();
        }
    }

    GraniteNamedIdCredentials() {
    }

    @CheckForNull
    public static Credentials getCredentialsById(String str) {
        if (!sanityCheck() || str == null) {
            return null;
        }
        List credentials = DomainCredentials.getCredentials(SystemCredentialsProvider.getInstance().getDomainCredentialsMap(), Credentials.class, Collections.emptyList(), new CredentialsIdMatcher(str));
        if (credentials.isEmpty()) {
            return null;
        }
        return (Credentials) credentials.iterator().next();
    }

    public static Credentials getCredentialsFromURIUserInfo(String str, Credentials credentials) {
        if (!sanityCheck() || str == null || str.isEmpty()) {
            return null;
        }
        if (str.indexOf(58) < 0) {
            return credentials instanceof SSHUserPrivateKey ? new URIUserInfoCredentialsWithSSHKey(str, (SSHUserPrivateKey) credentials) : credentials instanceof StandardUsernamePasswordCredentials ? new URIUserInfoCredentials(str, null, (StandardUsernamePasswordCredentials) credentials) : new URIUserInfoCredentials(str, null, null);
        }
        String[] split = str.split(":", 2);
        return new URIUserInfoCredentials(split[0], split[1], null);
    }

    private static boolean sanityCheck() {
        return Jenkins.getInstance() != null;
    }

    public CredentialsScope getScope() {
        return getWrappedCredentials().getScope();
    }

    protected abstract Credentials getWrappedCredentials();

    public abstract String getName();

    @Override // 
    @NonNull
    /* renamed from: getDescriptor, reason: merged with bridge method [inline-methods] */
    public CredentialsDescriptor mo10getDescriptor() {
        return getWrappedCredentials().getDescriptor();
    }

    @NonNull
    public static GraniteNamedIdCredentials wrap(SSHUserPrivateKey sSHUserPrivateKey) {
        return new SSHPrivateKeyNamedIdCredentials(sSHUserPrivateKey);
    }

    @NonNull
    public static GraniteNamedIdCredentials wrap(StandardUsernamePasswordCredentials standardUsernamePasswordCredentials) {
        return new UserPassNamedIdCredentials(standardUsernamePasswordCredentials);
    }

    @CheckForNull
    public static GraniteNamedIdCredentials maybeWrap(@CheckForNull Credentials credentials) {
        if (credentials instanceof StandardUsernamePasswordCredentials) {
            return wrap((StandardUsernamePasswordCredentials) credentials);
        }
        if (credentials instanceof SSHUserPrivateKey) {
            return wrap((SSHUserPrivateKey) credentials);
        }
        return null;
    }

    public static Key getKeyFromCredentials(SSHUserPrivateKey sSHUserPrivateKey) {
        try {
            char[] cArr = null;
            Secret passphrase = sSHUserPrivateKey.getPassphrase();
            if (passphrase != null) {
                cArr = passphrase.getEncryptedValue().toCharArray();
            }
            KeyPair keyPair = PEMEncodable.decode(sSHUserPrivateKey.getPrivateKey(), cArr).toKeyPair();
            if (keyPair == null) {
                return null;
            }
            if ((keyPair.getPrivate() instanceof RSAPrivateKey) || (keyPair.getPublic() instanceof RSAPublicKey)) {
                return new SSHKey(KeyFormat.SSH_RSA, keyPair);
            }
            if ((keyPair.getPrivate() instanceof DSAPrivateKey) || (keyPair.getPublic() instanceof DSAPublicKey)) {
                return new SSHKey(KeyFormat.SSH_DSS, keyPair);
            }
            return null;
        } catch (IOException e) {
            LOGGER.severe("[getKeyFromCredentials] failed to read key from SSHUserPrivateKey: " + e.getMessage());
            return null;
        } catch (UnrecoverableKeyException e2) {
            LOGGER.severe("[getKeyFromCredentials] failed to decode key from SSHUserPrivateKey: " + e2.getMessage());
            return null;
        }
    }
}
