package com.microsoft.azure.util;

import com.azure.core.http.rest.PagedIterable;
import com.azure.core.management.profile.AzureProfile;
import com.azure.identity.ManagedIdentityCredentialBuilder;
import com.azure.resourcemanager.AzureResourceManager;
import com.azure.resourcemanager.resources.models.Subscription;
import com.cloudbees.plugins.credentials.CredentialsScope;
import com.cloudbees.plugins.credentials.CredentialsStore;
import com.cloudbees.plugins.credentials.impl.BaseStandardCredentials;
import com.microsoft.azure.util.AzureCredentials;
import hudson.Extension;
import hudson.Util;
import hudson.util.FormValidation;
import hudson.util.ListBoxModel;
import java.io.UnsupportedEncodingException;
import java.util.Iterator;
import org.apache.commons.lang.StringUtils;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;
import org.kohsuke.stapler.QueryParameter;

/* loaded from: input_file:com/microsoft/azure/util/AzureImdsCredentials.class */
public class AzureImdsCredentials extends AbstractManagedIdentitiesCredentials {
    private String subscriptionId;

    @Extension
    /* loaded from: input_file:com/microsoft/azure/util/AzureImdsCredentials$DescriptorImpl.class */
    public static class DescriptorImpl extends BaseStandardCredentials.BaseStandardCredentialsDescriptor {
        public String getDisplayName() {
            return "Managed Identities for Azure Resources";
        }

        public ListBoxModel doFillAzureEnvNameItems() {
            ListBoxModel listBoxModel = new ListBoxModel();
            listBoxModel.add("Azure");
            listBoxModel.add("Azure China");
            listBoxModel.add("Azure Germany");
            listBoxModel.add("Azure US Government");
            return listBoxModel;
        }

        public FormValidation doVerifyConfiguration(@QueryParameter String str, @QueryParameter String str2) {
            AzureImdsCredentials azureImdsCredentials = new AzureImdsCredentials(null, null, null, str2);
            if (StringUtils.isNotBlank(str)) {
                azureImdsCredentials.setSubscriptionId(str);
            }
            try {
                azureImdsCredentials.validate();
                return FormValidation.ok(Messages.Azure_MI_Config_Success());
            } catch (AzureCredentials.ValidationException e) {
                return FormValidation.error(e.getMessage());
            }
        }

        public /* bridge */ /* synthetic */ String getCheckIdUrl(CredentialsStore credentialsStore) throws UnsupportedEncodingException {
            return super.getCheckIdUrl(credentialsStore);
        }
    }

    public AzureImdsCredentials(CredentialsScope credentialsScope, String str, String str2) {
        super(credentialsScope, str, str2);
    }

    @DataBoundConstructor
    public AzureImdsCredentials(CredentialsScope credentialsScope, String str, String str2, String str3) {
        super(credentialsScope, str, str2);
        setAzureEnvName(str3);
        setAzureEnvironment(AzureEnvUtil.resolveAzureEnv(str3));
    }

    public String getSubscriptionId() {
        return this.subscriptionId;
    }

    @DataBoundSetter
    public void setSubscriptionId(String str) {
        this.subscriptionId = Util.fixEmpty(str);
    }

    public boolean validate() throws AzureCredentials.ValidationException {
        try {
            String subscriptionId = getSubscriptionId();
            PagedIterable list = AzureResourceManager.configure().withHttpClient(AzureCredentials.getHttpClient()).authenticate(new ManagedIdentityCredentialBuilder().build(), new AzureProfile(AzureEnvUtil.resolveAzureEnv(getAzureEnvName()))).withSubscription(subscriptionId).subscriptions().list();
            if (this.subscriptionId == null) {
                return true;
            }
            Iterator it = list.iterator();
            while (it.hasNext()) {
                if (((Subscription) it.next()).subscriptionId().equalsIgnoreCase(subscriptionId)) {
                    return true;
                }
            }
            throw new AzureCredentials.ValidationException(Messages.Azure_Invalid_SubscriptionId());
        } catch (Exception e) {
            throw new AzureCredentials.ValidationException(Messages.Azure_CantValidate() + ": " + e.getMessage());
        }
    }
}
