package com.google.jenkins.plugins.credentials.oauth;

import com.google.api.client.json.jackson.JacksonFactory;
import com.google.api.client.util.PemReader;
import com.google.jenkins.plugins.credentials.oauth.ServiceAccountConfig;
import hudson.Extension;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.StringReader;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.logging.Level;
import java.util.logging.Logger;
import jenkins.model.Jenkins;
import org.apache.commons.fileupload.FileItem;
import org.apache.commons.io.IOUtils;
import org.kohsuke.stapler.DataBoundConstructor;

/* loaded from: input_file:WEB-INF/classes/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfig.class */
public class JsonServiceAccountConfig extends ServiceAccountConfig {
    private static final long serialVersionUID = 6818111194672325387L;
    private static final Logger LOGGER = Logger.getLogger(JsonServiceAccountConfig.class.getSimpleName());
    private String jsonKeyFile;
    private transient JsonKey jsonKey;

    @Extension
    /* loaded from: input_file:WEB-INF/classes/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfig$DescriptorImpl.class */
    public static final class DescriptorImpl extends ServiceAccountConfig.Descriptor {
        public String getDisplayName() {
            return Messages.JsonServiceAccountConfig_DisplayName();
        }
    }

    @DataBoundConstructor
    public JsonServiceAccountConfig(FileItem fileItem, String str) {
        if (fileItem == null || fileItem.getSize() <= 0) {
            if (str == null || str.isEmpty()) {
                return;
            }
            this.jsonKeyFile = str;
            return;
        }
        try {
            JsonKey load = JsonKey.load(new JacksonFactory(), fileItem.getInputStream());
            if (load.getClientEmail() != null && load.getPrivateKey() != null) {
                try {
                    this.jsonKeyFile = writeJsonKeyToFile(load);
                } catch (IOException e) {
                    LOGGER.log(Level.SEVERE, "Failed to write json key to file", (Throwable) e);
                }
            }
        } catch (IOException e2) {
            LOGGER.log(Level.SEVERE, "Failed to read json key from file", (Throwable) e2);
        }
    }

    private String writeJsonKeyToFile(JsonKey jsonKey) throws IOException {
        File createJsonKeyFile = createJsonKeyFile();
        writeJsonKeyToFile(jsonKey, createJsonKeyFile);
        return createJsonKeyFile.getAbsolutePath();
    }

    private File createJsonKeyFile() throws IOException {
        File file = new File(Jenkins.getInstance().getRootDir(), "gauth");
        if (file.exists() || file.mkdirs()) {
            return File.createTempFile("key", ".json", file);
        }
        throw new IOException("Failed to create key folder");
    }

    private void writeJsonKeyToFile(JsonKey jsonKey, File file) throws IOException {
        FileOutputStream fileOutputStream = null;
        try {
            fileOutputStream = new FileOutputStream(file);
            IOUtils.write(jsonKey.toPrettyString(), fileOutputStream);
            IOUtils.closeQuietly(fileOutputStream);
        } catch (Throwable th) {
            IOUtils.closeQuietly(fileOutputStream);
            throw th;
        }
    }

    /* renamed from: getDescriptor, reason: merged with bridge method [inline-methods] */
    public DescriptorImpl m224getDescriptor() {
        return (DescriptorImpl) Jenkins.getInstance().getDescriptorOrDie(JsonServiceAccountConfig.class);
    }

    public String getJsonKeyFile() {
        return this.jsonKeyFile;
    }

    @Override // com.google.jenkins.plugins.credentials.oauth.ServiceAccountConfig
    public String getAccountId() {
        JsonKey jsonKey = getJsonKey();
        if (jsonKey != null) {
            return jsonKey.getClientEmail();
        }
        return null;
    }

    @Override // com.google.jenkins.plugins.credentials.oauth.ServiceAccountConfig
    public PrivateKey getPrivateKey() {
        String privateKey;
        JsonKey jsonKey = getJsonKey();
        if (jsonKey == null || (privateKey = jsonKey.getPrivateKey()) == null || privateKey.isEmpty()) {
            return null;
        }
        try {
            return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(new PemReader(new StringReader(privateKey)).readNextSection().getBase64DecodedBytes()));
        } catch (IOException e) {
            LOGGER.log(Level.SEVERE, "Failed to read private key", (Throwable) e);
            return null;
        } catch (NoSuchAlgorithmException e2) {
            LOGGER.log(Level.SEVERE, "Failed to read private key", (Throwable) e2);
            return null;
        } catch (InvalidKeySpecException e3) {
            LOGGER.log(Level.SEVERE, "Failed to read private key", (Throwable) e3);
            return null;
        }
    }

    private JsonKey getJsonKey() {
        if (this.jsonKey == null && this.jsonKeyFile != null && !this.jsonKeyFile.isEmpty()) {
            try {
                this.jsonKey = JsonKey.load(new JacksonFactory(), new FileInputStream(this.jsonKeyFile));
                return this.jsonKey;
            } catch (IOException e) {
            }
        }
        return this.jsonKey;
    }
}
