package io.jenkins.blueocean.rest.impl.pipeline.credential;

import com.cloudbees.hudson.plugins.folder.AbstractFolder;
import com.cloudbees.hudson.plugins.folder.AbstractFolderProperty;
import com.cloudbees.hudson.plugins.folder.AbstractFolderPropertyDescriptor;
import com.cloudbees.plugins.credentials.Credentials;
import com.cloudbees.plugins.credentials.CredentialsMatcher;
import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.CredentialsScope;
import com.cloudbees.plugins.credentials.CredentialsStore;
import com.cloudbees.plugins.credentials.CredentialsStoreAction;
import com.cloudbees.plugins.credentials.common.IdCredentials;
import com.cloudbees.plugins.credentials.domains.Domain;
import com.cloudbees.plugins.credentials.domains.DomainRequirement;
import edu.umd.cs.findbugs.annotations.CheckForNull;
import edu.umd.cs.findbugs.annotations.NonNull;
import edu.umd.cs.findbugs.annotations.Nullable;
import hudson.Extension;
import hudson.model.Descriptor;
import hudson.model.ItemGroup;
import hudson.model.ModelObject;
import hudson.model.TopLevelItem;
import hudson.model.User;
import hudson.security.ACL;
import hudson.security.ACLContext;
import hudson.security.Permission;
import hudson.util.ListBoxModel;
import io.jenkins.blueocean.credential.CredentialsUtils;
import io.jenkins.blueocean.pipeline.credential.Messages;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Set;
import jenkins.model.Jenkins;
import jenkins.util.SystemProperties;
import net.sf.json.JSONObject;
import org.acegisecurity.Authentication;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.StaplerRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Extension(ordinal = 99999.0d)
/* loaded from: input_file:io/jenkins/blueocean/rest/impl/pipeline/credential/BlueOceanCredentialsProvider.class */
public class BlueOceanCredentialsProvider extends CredentialsProvider {
    private static final BlueOceanDomainRequirement PROXY_REQUIREMENT = new BlueOceanDomainRequirement();
    private static final Logger logger = LoggerFactory.getLogger(BlueOceanCredentialsProvider.class);

    /* loaded from: input_file:io/jenkins/blueocean/rest/impl/pipeline/credential/BlueOceanCredentialsProvider$FolderPropertyImpl.class */
    public static class FolderPropertyImpl extends AbstractFolderProperty<AbstractFolder<TopLevelItem>> {
        private final Domain domain;
        private final String user;
        private final String id;
        private transient StoreImpl store;

        /* loaded from: input_file:io/jenkins/blueocean/rest/impl/pipeline/credential/BlueOceanCredentialsProvider$FolderPropertyImpl$CredentialsStoreActionImpl.class */
        public static class CredentialsStoreActionImpl extends CredentialsStoreAction {
            private final CredentialsStore store;

            CredentialsStoreActionImpl(CredentialsStore credentialsStore) {
                this.store = credentialsStore;
            }

            @NonNull
            public CredentialsStore getStore() {
                return this.store;
            }

            public String getIconFileName() {
                if (isVisible()) {
                    return "/plugin/credentials/images/48x48/folder-store.png";
                }
                return null;
            }

            public String getIconClassName() {
                if (isVisible()) {
                    return "icon-credentials-folder-store";
                }
                return null;
            }

            public String getDisplayName() {
                return Messages.BlueOceanCredentialsProvider_DisplayName();
            }

            public String getUrlName() {
                return super.getUrlName();
            }
        }

        @Extension
        /* loaded from: input_file:io/jenkins/blueocean/rest/impl/pipeline/credential/BlueOceanCredentialsProvider$FolderPropertyImpl$DescriptorImpl.class */
        public static class DescriptorImpl extends AbstractFolderPropertyDescriptor {
        }

        /* loaded from: input_file:io/jenkins/blueocean/rest/impl/pipeline/credential/BlueOceanCredentialsProvider$FolderPropertyImpl$StoreImpl.class */
        public class StoreImpl extends CredentialsStore {
            private final CredentialsStoreAction storeAction;

            StoreImpl() {
                super(BlueOceanCredentialsProvider.class);
                this.storeAction = new CredentialsStoreActionImpl(this);
            }

            @NonNull
            public List<Domain> getDomains() {
                return Collections.singletonList(FolderPropertyImpl.this.domain);
            }

            @Nullable
            public CredentialsStoreAction getStoreAction() {
                return this.storeAction;
            }

            @NonNull
            public ModelObject getContext() {
                return FolderPropertyImpl.this.owner;
            }

            public boolean hasPermission(@NonNull Authentication authentication, @NonNull Permission permission) {
                if (permission == CredentialsProvider.CREATE || permission == CredentialsProvider.DELETE || permission == CredentialsProvider.MANAGE_DOMAINS || permission == CredentialsProvider.UPDATE) {
                    return false;
                }
                return FolderPropertyImpl.this.owner.getACL().hasPermission(authentication, permission);
            }

            @NonNull
            public List<Credentials> getCredentials(@NonNull Domain domain) {
                User user;
                if (!BlueOceanCredentialsProvider.IsSystemPropertyEnabled()) {
                    return Collections.emptyList();
                }
                ArrayList arrayList = new ArrayList(1);
                if (domain.equals(FolderPropertyImpl.this.domain) && (user = User.get(FolderPropertyImpl.this.getUser(), false, Collections.emptyMap())) != null) {
                    try {
                        ACLContext as = ACL.as(user.impersonate());
                        try {
                            for (CredentialsStore credentialsStore : CredentialsProvider.lookupStores(user)) {
                                for (Domain domain2 : credentialsStore.getDomains()) {
                                    if (domain2.test(new DomainRequirement[]{BlueOceanCredentialsProvider.PROXY_REQUIREMENT})) {
                                        arrayList.addAll(CredentialsMatchers.filter(credentialsStore.getCredentials(domain2), CredentialsMatchers.withId(FolderPropertyImpl.this.getId())));
                                    }
                                }
                            }
                            if (as != null) {
                                as.close();
                            }
                        } finally {
                        }
                    } catch (UsernameNotFoundException e) {
                        BlueOceanCredentialsProvider.logger.warn("BlueOceanCredentialsProvider.StoreImpl#getCredentials(): Username attached to credentials can not be found");
                    }
                }
                return arrayList;
            }

            public boolean addCredentials(@NonNull Domain domain, @NonNull Credentials credentials) throws IOException {
                throw new UnsupportedOperationException("Not supported");
            }

            public boolean removeCredentials(@NonNull Domain domain, @NonNull Credentials credentials) throws IOException {
                throw new UnsupportedOperationException("Not supported");
            }

            public boolean updateCredentials(@NonNull Domain domain, @NonNull Credentials credentials, @NonNull Credentials credentials2) throws IOException {
                throw new UnsupportedOperationException("Not supported");
            }
        }

        @DataBoundConstructor
        public FolderPropertyImpl(@NonNull String str, @NonNull String str2, @NonNull Domain domain) {
            this.user = str;
            this.id = str2;
            this.domain = domain;
        }

        public StoreImpl getStore() {
            if (this.store == null) {
                this.store = new StoreImpl();
            }
            return this.store;
        }

        @NonNull
        public String getUser() {
            return this.user;
        }

        @NonNull
        public String getId() {
            return this.id;
        }

        @NonNull
        public Domain getDomain() {
            return this.domain;
        }

        /* renamed from: reconfigure, reason: merged with bridge method [inline-methods] */
        public AbstractFolderProperty<?> m2reconfigure(StaplerRequest staplerRequest, JSONObject jSONObject) throws Descriptor.FormException {
            return this;
        }
    }

    @NonNull
    public <C extends Credentials> List<C> getCredentials(@NonNull Class<C> cls, @NonNull ItemGroup itemGroup, @NonNull Authentication authentication) {
        return getCredentials(cls, itemGroup, authentication, Collections.emptyList());
    }

    private static boolean IsSystemPropertyEnabled() {
        return SystemProperties.getBoolean(BlueOceanCredentialsProvider.class.getName() + ".enabled");
    }

    public boolean isEnabled(Object obj) {
        return IsSystemPropertyEnabled() && super.isEnabled(obj);
    }

    @NonNull
    public <C extends Credentials> List<C> getCredentials(@NonNull Class<C> cls, @Nullable ItemGroup itemGroup, @Nullable Authentication authentication, @NonNull List<DomainRequirement> list) {
        User user;
        if (!IsSystemPropertyEnabled()) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList();
        FolderPropertyImpl propertyOf = propertyOf(itemGroup);
        if (propertyOf != null && propertyOf.domain.test(list) && (user = User.get(propertyOf.getUser(), false, Collections.emptyMap())) != null) {
            try {
                ACLContext as = ACL.as(user.impersonate());
                try {
                    for (CredentialsStore credentialsStore : CredentialsProvider.lookupStores(user)) {
                        for (Domain domain : credentialsStore.getDomains()) {
                            if (domain.test(new DomainRequirement[]{PROXY_REQUIREMENT})) {
                                for (Credentials credentials : CredentialsMatchers.filter(credentialsStore.getCredentials(domain), CredentialsMatchers.withId(propertyOf.getId()))) {
                                    if (cls.isInstance(credentials)) {
                                        arrayList.add(credentials);
                                    }
                                }
                            }
                        }
                    }
                    if (as != null) {
                        as.close();
                    }
                } finally {
                }
            } catch (UsernameNotFoundException e) {
                logger.warn("BlueOceanCredentialsProvider#getCredentials(): Username attached to credentials can not be found");
            }
        }
        return arrayList;
    }

    @NonNull
    public <C extends IdCredentials> ListBoxModel getCredentialIds(@NonNull Class<C> cls, @Nullable ItemGroup itemGroup, @Nullable Authentication authentication, @NonNull List<DomainRequirement> list, @NonNull CredentialsMatcher credentialsMatcher) {
        if (!IsSystemPropertyEnabled()) {
            return new ListBoxModel();
        }
        ListBoxModel listBoxModel = new ListBoxModel();
        FolderPropertyImpl propertyOf = propertyOf(itemGroup);
        if (propertyOf != null && propertyOf.domain.test(list)) {
            listBoxModel.add(Messages.BlueOceanCredentialsProvider_DisplayName(), propertyOf.getId());
        }
        return listBoxModel;
    }

    @NonNull
    public String getDisplayName() {
        return Messages.BlueOceanCredentialsProvider_DisplayName();
    }

    public CredentialsStore getStore(@CheckForNull ModelObject modelObject) {
        FolderPropertyImpl propertyOf;
        if (IsSystemPropertyEnabled() && (propertyOf = propertyOf(modelObject)) != null) {
            return propertyOf.getStore();
        }
        return null;
    }

    public Set<CredentialsScope> getScopes(ModelObject modelObject) {
        return Collections.singleton(CredentialsScope.GLOBAL);
    }

    private boolean isApplicable(ModelObject modelObject) {
        return (modelObject instanceof AbstractFolder) && ((AbstractFolder) modelObject).getProperties().get(FolderPropertyImpl.class) != null;
    }

    private static FolderPropertyImpl propertyOf(ModelObject modelObject) {
        if (!(modelObject instanceof AbstractFolder)) {
            return null;
        }
        FolderPropertyImpl folderPropertyImpl = ((AbstractFolder) modelObject).getProperties().get(FolderPropertyImpl.class);
        if (folderPropertyImpl != null) {
            return folderPropertyImpl;
        }
        ItemGroup parent = ((AbstractFolder) modelObject).getParent();
        if (parent instanceof Jenkins) {
            return null;
        }
        return propertyOf(parent);
    }

    @NonNull
    public static Domain createDomain(@NonNull String str) {
        return new Domain("blueocean-folder-credential-domain", Messages.BlueOceanCredentialsProvider_DomainDescription(), CredentialsUtils.generateDomainSpecifications(str));
    }
}
