package com.microsoft.azure.util;

import com.azure.core.credential.TokenCredential;
import com.azure.core.http.ProxyOptions;
import com.azure.core.http.netty.NettyAsyncHttpClientBuilder;
import com.azure.identity.ClientSecretCredentialBuilder;
import com.azure.identity.ManagedIdentityCredentialBuilder;
import com.azure.security.keyvault.secrets.SecretClient;
import com.azure.security.keyvault.secrets.SecretClientBuilder;
import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.CredentialsScope;
import com.cloudbees.plugins.credentials.CredentialsStore;
import com.cloudbees.plugins.credentials.common.StandardListBoxModel;
import com.cloudbees.plugins.credentials.impl.BaseStandardCredentials;
import com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl;
import com.microsoft.azure.AzureEnvironment;
import com.microsoft.azure.credentials.ApplicationTokenCredentials;
import com.microsoft.azure.management.Azure;
import com.microsoft.azure.management.resources.Subscription;
import com.microsoft.azure.storage.blob.BlobConstants;
import com.microsoft.jenkins.azurecommons.core.credentials.TokenCredentialData;
import hudson.Extension;
import hudson.ProxyConfiguration;
import hudson.model.Item;
import hudson.security.ACL;
import hudson.util.FormValidation;
import hudson.util.ListBoxModel;
import hudson.util.Secret;
import java.io.ObjectStreamException;
import java.io.Serializable;
import java.io.UnsupportedEncodingException;
import java.net.InetSocketAddress;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.annotation.Nullable;
import jenkins.model.Jenkins;
import org.apache.commons.lang.StringUtils;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;
import org.kohsuke.stapler.QueryParameter;

/* loaded from: input_file:WEB-INF/lib/azure-credentials.jar:com/microsoft/azure/util/AzureCredentials.class */
public class AzureCredentials extends AzureBaseCredentials {
    private final ServicePrincipal data;

    @Extension
    /* loaded from: input_file:WEB-INF/lib/azure-credentials.jar:com/microsoft/azure/util/AzureCredentials$DescriptorImpl.class */
    public static class DescriptorImpl extends BaseStandardCredentials.BaseStandardCredentialsDescriptor {
        public DescriptorImpl() {
            load();
        }

        public String getDisplayName() {
            return "Microsoft Azure Service Principal";
        }

        public FormValidation doVerifyConfiguration(@QueryParameter String str, @QueryParameter String str2, @QueryParameter String str3, @QueryParameter String str4, @QueryParameter String str5, @QueryParameter String str6, @QueryParameter String str7, @QueryParameter String str8, @QueryParameter String str9, @QueryParameter String str10) {
            ServicePrincipal servicePrincipal = new ServicePrincipal(str, str2, str3);
            servicePrincipal.setCertificateId(str4);
            servicePrincipal.setTenant(str5);
            servicePrincipal.setAzureEnvironmentName(str6);
            servicePrincipal.setManagementEndpoint(str7);
            servicePrincipal.setActiveDirectoryEndpoint(str8);
            servicePrincipal.setResourceManagerEndpoint(str9);
            servicePrincipal.setGraphEndpoint(str10);
            try {
                servicePrincipal.validate();
                return FormValidation.ok(Messages.Azure_Config_Success());
            } catch (ValidationException e) {
                return FormValidation.error(e.getMessage());
            }
        }

        public ListBoxModel doFillCertificateIdItems(@AncestorInPath Item item) {
            StandardListBoxModel standardListBoxModel = new StandardListBoxModel();
            standardListBoxModel.add(Messages.Azure_Credentials_Select(), "");
            standardListBoxModel.includeAs(ACL.SYSTEM, item, CertificateCredentialsImpl.class);
            return standardListBoxModel;
        }

        public ListBoxModel doFillAzureEnvironmentNameItems() {
            ListBoxModel listBoxModel = new ListBoxModel();
            listBoxModel.add("Azure");
            listBoxModel.add("Azure China");
            listBoxModel.add("Azure Germany");
            listBoxModel.add("Azure US Government");
            return listBoxModel;
        }

        public /* bridge */ /* synthetic */ String getCheckIdUrl(CredentialsStore credentialsStore) throws UnsupportedEncodingException {
            return super.getCheckIdUrl(credentialsStore);
        }
    }

    /* loaded from: input_file:WEB-INF/lib/azure-credentials.jar:com/microsoft/azure/util/AzureCredentials$ServicePrincipal.class */
    public static class ServicePrincipal implements Serializable {
        private static final long serialVersionUID = 1;
        private final Secret subscriptionId;
        private final Secret clientId;
        private final Secret clientSecret;
        private String certificateId;
        private Secret oauth2TokenEndpoint;
        private String serviceManagementURL;
        private Secret tenant;
        private String authenticationEndpoint;
        private String resourceManagerEndpoint;
        private String graphEndpoint;
        private String azureEnvironmentName;
        private transient AzureEnvironment azureEnvironment;
        private static final int TOKEN_ENDPOINT_URL_ENDPOINT_POSTION = 3;

        private Object readResolve() throws ObjectStreamException {
            if (StringUtils.isNotBlank(this.azureEnvironmentName)) {
                return this;
            }
            HashMap hashMap = new HashMap();
            hashMap.put("Azure", AzureEnvironment.AZURE);
            hashMap.put("Azure China", AzureEnvironment.AZURE_CHINA);
            hashMap.put("Azure Germany", AzureEnvironment.AZURE_GERMANY);
            hashMap.put("Azure US Government", AzureEnvironment.AZURE_US_GOVERNMENT);
            boolean z = false;
            Iterator it = hashMap.entrySet().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Map.Entry entry = (Map.Entry) it.next();
                if (matchEnvironment((AzureEnvironment) entry.getValue())) {
                    this.azureEnvironmentName = (String) entry.getKey();
                    this.serviceManagementURL = null;
                    this.authenticationEndpoint = null;
                    this.resourceManagerEndpoint = null;
                    this.graphEndpoint = null;
                    z = true;
                    break;
                }
            }
            if (!z) {
                this.azureEnvironmentName = "Azure";
            }
            return this;
        }

        public String getSubscriptionId() {
            return this.subscriptionId == null ? "" : this.subscriptionId.getPlainText();
        }

        public String getClientId() {
            return this.clientId == null ? "" : this.clientId.getPlainText();
        }

        public String getClientSecret() {
            return this.clientSecret == null ? "" : this.clientSecret.getPlainText();
        }

        public String getCertificateId() {
            return this.certificateId;
        }

        public void setCertificateId(String str) {
            this.certificateId = str;
        }

        @Nullable
        CertificateCredentialsImpl getCertificate() {
            if (StringUtils.isNotEmpty(this.clientSecret.getPlainText()) || StringUtils.isEmpty(this.certificateId)) {
                return null;
            }
            return CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(CertificateCredentialsImpl.class, Jenkins.getInstance(), ACL.SYSTEM, Collections.emptyList()), CredentialsMatchers.withId(this.certificateId));
        }

        @Nullable
        public byte[] getCertificateBytes() {
            CertificateCredentialsImpl certificate = getCertificate();
            if (certificate == null) {
                return null;
            }
            return certificate.getKeyStoreSource().getKeyStoreBytes();
        }

        @Nullable
        public String getCertificatePassword() {
            CertificateCredentialsImpl certificate = getCertificate();
            if (certificate == null) {
                return null;
            }
            return certificate.getPassword().getPlainText();
        }

        public String getTenant() {
            return (this.tenant == null || StringUtils.isBlank(this.tenant.getPlainText())) ? this.oauth2TokenEndpoint != null ? getTenantFromTokenEndpoint(this.oauth2TokenEndpoint.getPlainText()) : getTenantFromTokenEndpoint("") : this.tenant.getPlainText();
        }

        public String getAzureEnvironmentName() {
            return this.azureEnvironmentName;
        }

        public AzureEnvironment getAzureEnvironment() {
            if (this.azureEnvironment != null) {
                return this.azureEnvironment;
            }
            this.azureEnvironment = AzureEnvUtil.resolveAzureEnv(getAzureEnvironmentName());
            AzureEnvUtil.resolveOverride(this.azureEnvironment, AzureEnvironment.Endpoint.MANAGEMENT, this.serviceManagementURL);
            AzureEnvUtil.resolveOverride(this.azureEnvironment, AzureEnvironment.Endpoint.ACTIVE_DIRECTORY, this.authenticationEndpoint);
            AzureEnvUtil.resolveOverride(this.azureEnvironment, AzureEnvironment.Endpoint.RESOURCE_MANAGER, this.resourceManagerEndpoint);
            AzureEnvUtil.resolveOverride(this.azureEnvironment, AzureEnvironment.Endpoint.GRAPH, this.graphEndpoint);
            return this.azureEnvironment;
        }

        @Deprecated
        public String getServiceManagementURL() {
            return getManagementEndpoint();
        }

        public String getManagementEndpoint() {
            return getAzureEnvironment().managementEndpoint();
        }

        @Deprecated
        public String getAuthenticationEndpoint() {
            return getActiveDirectoryEndpoint();
        }

        public String getActiveDirectoryEndpoint() {
            return getAzureEnvironment().activeDirectoryEndpoint();
        }

        public String getResourceManagerEndpoint() {
            return getAzureEnvironment().resourceManagerEndpoint();
        }

        public String getGraphEndpoint() {
            return getAzureEnvironment().graphEndpoint();
        }

        @Deprecated
        void setOauth2TokenEndpoint(String str) {
            this.oauth2TokenEndpoint = null;
            if (StringUtils.isNotBlank(str)) {
                this.tenant = Secret.fromString(getTenantFromTokenEndpoint(str));
            }
        }

        void setTenant(String str) {
            this.tenant = Secret.fromString(str);
            if (StringUtils.isNotBlank(this.tenant.getPlainText())) {
                this.oauth2TokenEndpoint = null;
            }
        }

        void setManagementEndpoint(String str) {
            this.serviceManagementURL = StringUtils.trimToNull(str);
            this.azureEnvironment = null;
        }

        void setActiveDirectoryEndpoint(String str) {
            this.authenticationEndpoint = StringUtils.trimToNull(str);
            this.azureEnvironment = null;
        }

        void setResourceManagerEndpoint(String str) {
            this.resourceManagerEndpoint = StringUtils.trimToNull(str);
            this.azureEnvironment = null;
        }

        void setGraphEndpoint(String str) {
            this.graphEndpoint = StringUtils.trimToNull(str);
            this.azureEnvironment = null;
        }

        void setAzureEnvironmentName(String str) {
            this.azureEnvironmentName = str;
            this.azureEnvironment = null;
        }

        private boolean matchEnvironment(AzureEnvironment azureEnvironment) {
            return (AzureEnvUtil.isOverridden(azureEnvironment.managementEndpoint(), this.serviceManagementURL) || AzureEnvUtil.isOverridden(azureEnvironment.resourceManagerEndpoint(), this.resourceManagerEndpoint) || AzureEnvUtil.isOverridden(azureEnvironment.activeDirectoryEndpoint(), this.authenticationEndpoint) || AzureEnvUtil.isOverridden(azureEnvironment.graphEndpoint(), this.graphEndpoint)) ? false : true;
        }

        public ServicePrincipal(String str, String str2, String str3) {
            this.subscriptionId = Secret.fromString(str);
            this.clientId = Secret.fromString(str2);
            this.clientSecret = Secret.fromString(str3);
            this.tenant = Secret.fromString("");
        }

        @Deprecated
        public ServicePrincipal(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8) {
            this.subscriptionId = Secret.fromString(str);
            this.clientId = Secret.fromString(str2);
            this.clientSecret = Secret.fromString(str3);
            this.tenant = Secret.fromString(getTenantFromTokenEndpoint(str4));
            this.serviceManagementURL = StringUtils.trimToNull(str5);
            this.authenticationEndpoint = StringUtils.trimToNull(str6);
            this.resourceManagerEndpoint = StringUtils.trimToNull(str7);
            this.graphEndpoint = StringUtils.trimToNull(str8);
        }

        public ServicePrincipal() {
            this.subscriptionId = Secret.fromString("");
            this.clientId = Secret.fromString("");
            this.clientSecret = Secret.fromString("");
            this.tenant = Secret.fromString("");
        }

        public boolean isBlank() {
            return StringUtils.isBlank(this.subscriptionId.getPlainText()) || StringUtils.isBlank(this.clientId.getPlainText()) || StringUtils.isBlank(getTenant()) || StringUtils.isBlank(this.clientSecret.getPlainText());
        }

        public boolean validate() throws ValidationException {
            Azure.Authenticated authenticate;
            if (StringUtils.isBlank(this.subscriptionId.getPlainText())) {
                throw new ValidationException(Messages.Azure_SubscriptionID_Missing());
            }
            if (StringUtils.isBlank(this.clientId.getPlainText())) {
                throw new ValidationException(Messages.Azure_ClientID_Missing());
            }
            String plainText = this.clientSecret.getPlainText();
            if (StringUtils.isEmpty(plainText) && StringUtils.isBlank(this.certificateId)) {
                throw new ValidationException(Messages.Azure_ClientSecret_Missing());
            }
            if (StringUtils.isBlank(getTenant())) {
                throw new ValidationException(Messages.Azure_OAuthToken_Malformed());
            }
            try {
                String subscriptionId = getSubscriptionId();
                if (StringUtils.isEmpty(plainText)) {
                    CertificateCredentialsImpl certificate = getCertificate();
                    if (certificate == null) {
                        throw new ValidationException(Messages.Azure_ClientCertificate_NotFound());
                    }
                    authenticate = Azure.authenticate(new ApplicationTokenCredentials(getClientId(), getTenant(), certificate.getKeyStoreSource().getKeyStoreBytes(), certificate.getPassword().getPlainText(), getAzureEnvironment()));
                } else {
                    authenticate = Azure.authenticate(new ApplicationTokenCredentials(getClientId(), getTenant(), getClientSecret(), getAzureEnvironment()));
                }
                Iterator<Subscription> it = authenticate.subscriptions().list().iterator();
                while (it.hasNext()) {
                    if (it.next().subscriptionId().equalsIgnoreCase(subscriptionId)) {
                        return true;
                    }
                }
                throw new ValidationException(Messages.Azure_Invalid_SubscriptionId());
            } catch (Exception e) {
                throw new ValidationException(Messages.Azure_CantValidate());
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static String getTenantFromTokenEndpoint(String str) {
            if (!str.matches("https{0,1}://[a-zA-Z0-9\\.]*/[a-z0-9\\-]*/?.*$")) {
                return "";
            }
            String[] split = str.split(BlobConstants.DEFAULT_DELIMITER);
            return split.length < 4 ? "" : split[3];
        }
    }

    /* loaded from: input_file:WEB-INF/lib/azure-credentials.jar:com/microsoft/azure/util/AzureCredentials$ValidationException.class */
    public static class ValidationException extends Exception {
        public ValidationException(String str) {
            super(str);
        }
    }

    @DataBoundConstructor
    public AzureCredentials(CredentialsScope credentialsScope, String str, String str2, String str3, String str4, String str5) {
        super(credentialsScope, str, str2);
        this.data = new ServicePrincipal(str3, str4, str5);
    }

    @Deprecated
    public AzureCredentials(CredentialsScope credentialsScope, String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8, String str9, String str10) {
        super(credentialsScope, str, str2);
        this.data = new ServicePrincipal(str3, str4, str5);
        this.data.setTenant(ServicePrincipal.getTenantFromTokenEndpoint(str6));
        this.data.setManagementEndpoint(str7);
        this.data.setActiveDirectoryEndpoint(str8);
        this.data.setResourceManagerEndpoint(str9);
        this.data.setGraphEndpoint(str10);
    }

    @Deprecated
    public static ServicePrincipal getServicePrincipal(String str) {
        AzureCredentials firstOrNull = CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(AzureCredentials.class, Jenkins.getInstance(), ACL.SYSTEM, Collections.emptyList()), CredentialsMatchers.withId(str));
        return firstOrNull == null ? new ServicePrincipal() : firstOrNull.data;
    }

    public static SecretClient createKeyVaultClient(TokenCredential tokenCredential, String str) {
        ProxyConfiguration proxyConfiguration = Jenkins.get().proxy;
        ProxyOptions proxyOptions = null;
        if (proxyConfiguration != null) {
            proxyOptions = new ProxyOptions(ProxyOptions.Type.HTTP, new InetSocketAddress(proxyConfiguration.name, proxyConfiguration.port));
            proxyOptions.setCredentials(proxyConfiguration.getUserName(), proxyConfiguration.getPassword());
        }
        return new SecretClientBuilder().vaultUrl(str).credential(tokenCredential).httpClient(new NettyAsyncHttpClientBuilder().proxy(proxyOptions).build()).buildClient();
    }

    public static TokenCredential getCredentialById(String str) {
        AzureCredentials firstOrNull = CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(AzureCredentials.class, Jenkins.getInstance(), ACL.SYSTEM, Collections.emptyList()), CredentialsMatchers.withId(str));
        if (firstOrNull != null) {
            return new ClientSecretCredentialBuilder().clientId(firstOrNull.getClientId()).clientSecret(firstOrNull.getPlainClientSecret()).tenantId(firstOrNull.getTenant()).build();
        }
        if (CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(AzureImdsCredentials.class, Jenkins.getInstance(), ACL.SYSTEM, Collections.emptyList()), CredentialsMatchers.withId(str)) != null) {
            return new ManagedIdentityCredentialBuilder().build();
        }
        throw new RuntimeException(String.format("Credential: %s was not found", str));
    }

    public String getSubscriptionId() {
        return this.data.subscriptionId.getPlainText();
    }

    public String getClientId() {
        return this.data.clientId.getPlainText();
    }

    public String getClientSecret() {
        return StringUtils.isEmpty(this.data.clientSecret.getPlainText()) ? "" : this.data.clientSecret.getEncryptedValue();
    }

    public String getPlainClientSecret() {
        return this.data.clientSecret.getPlainText();
    }

    @DataBoundSetter
    public void setCertificateId(String str) {
        this.data.setCertificateId(str);
    }

    public String getCertificateId() {
        return this.data.getCertificateId();
    }

    public String getTenant() {
        return this.data.getTenant();
    }

    @DataBoundSetter
    public void setTenant(String str) {
        this.data.setTenant(str);
    }

    @Deprecated
    public String getOauth2TokenEndpoint() {
        return "https://login.windows.net/" + this.data.getTenant();
    }

    @DataBoundSetter
    @Deprecated
    public void setOauth2TokenEndpoint(String str) {
        this.data.setOauth2TokenEndpoint(str);
    }

    @Deprecated
    public String getAzureEnvionmentName() {
        return this.data.getAzureEnvironmentName();
    }

    @Override // com.microsoft.azure.util.AzureBaseCredentials
    public String getAzureEnvironmentName() {
        return this.data.getAzureEnvironmentName();
    }

    @DataBoundSetter
    public void setAzureEnvironmentName(String str) {
        this.data.setAzureEnvironmentName(str);
    }

    @Deprecated
    public String getServiceManagementURL() {
        return getManagementEndpoint();
    }

    @Override // com.microsoft.azure.util.AzureBaseCredentials
    public String getManagementEndpoint() {
        return this.data.serviceManagementURL;
    }

    @DataBoundSetter
    @Deprecated
    public void setServiceManagementURL(String str) {
        setManagementEndpoint(str);
    }

    @DataBoundSetter
    public void setManagementEndpoint(String str) {
        this.data.setManagementEndpoint(str);
    }

    @Deprecated
    public String getAuthenticationEndpoint() {
        return getActiveDirectoryEndpoint();
    }

    @Override // com.microsoft.azure.util.AzureBaseCredentials
    public String getActiveDirectoryEndpoint() {
        return this.data.authenticationEndpoint;
    }

    @DataBoundSetter
    @Deprecated
    public void setAuthenticationEndpoint(String str) {
        setActiveDirectoryEndpoint(str);
    }

    @DataBoundSetter
    public void setActiveDirectoryEndpoint(String str) {
        this.data.setActiveDirectoryEndpoint(str);
    }

    @Override // com.microsoft.azure.util.AzureBaseCredentials
    public String getResourceManagerEndpoint() {
        return this.data.resourceManagerEndpoint;
    }

    @DataBoundSetter
    public void setResourceManagerEndpoint(String str) {
        this.data.setResourceManagerEndpoint(str);
    }

    @Override // com.microsoft.azure.util.AzureBaseCredentials
    public String getGraphEndpoint() {
        return this.data.graphEndpoint;
    }

    @Override // com.microsoft.azure.util.AzureBaseCredentials
    public TokenCredentialData createToken() {
        TokenCredentialData createToken = super.createToken();
        createToken.setType(0);
        createToken.setClientId(getClientId());
        createToken.setClientSecret(getPlainClientSecret());
        createToken.setCertificateBytes(this.data.getCertificateBytes());
        createToken.setCertificatePassword(this.data.getCertificatePassword());
        createToken.setTenant(getTenant());
        createToken.setSubscriptionId(getSubscriptionId());
        return createToken;
    }

    @DataBoundSetter
    public void setGraphEndpoint(String str) {
        this.data.setGraphEndpoint(str);
    }
}
