package org.jenkinsci.plugins.configfiles.maven.security;

import com.cloudbees.jenkins.plugins.sshcredentials.SSHUserPrivateKey;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.common.StandardUsernameCredentials;
import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials;
import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.FilePath;
import hudson.model.Run;
import hudson.model.TaskListener;
import hudson.util.Secret;
import java.io.StringReader;
import java.io.StringWriter;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathFactory;
import jenkins.util.xml.XMLUtils;
import org.apache.commons.lang.StringUtils;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:org/jenkinsci/plugins/configfiles/maven/security/CredentialsHelper.class */
public class CredentialsHelper {
    private static final Logger LOGGER = Logger.getLogger(CredentialsHelper.class.getName());
    private static final Collection<String> ATTRIBUTES_TO_KEEP = Arrays.asList("filePermissions", "directoryPermissions", "configuration");

    private CredentialsHelper() {
    }

    public static Map<String, StandardUsernameCredentials> resolveCredentials(Run<?, ?> run, List<ServerCredentialMapping> list, TaskListener taskListener) {
        HashMap hashMap = new HashMap();
        for (ServerCredentialMapping serverCredentialMapping : list) {
            String credentialsId = serverCredentialMapping.getCredentialsId();
            String serverId = serverCredentialMapping.getServerId();
            List emptyList = Collections.emptyList();
            if (StringUtils.isNotBlank(serverId)) {
                emptyList = Collections.singletonList(new MavenServerIdRequirement(serverId));
            }
            StandardUsernameCredentials findCredentialById = CredentialsProvider.findCredentialById(credentialsId, StandardUsernameCredentials.class, run, emptyList);
            if (findCredentialById != null) {
                hashMap.put(serverId, findCredentialById);
            } else {
                taskListener.getLogger().println("Could not find credentials [" + credentialsId + "] for " + String.valueOf(run));
            }
        }
        return hashMap;
    }

    @Deprecated
    public static Map<String, StandardUsernameCredentials> resolveCredentials(Run<?, ?> run, List<ServerCredentialMapping> list) {
        return resolveCredentials(run, list, TaskListener.NULL);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v10, types: [org.w3c.dom.Node] */
    public static String fillAuthentication(String str, Boolean bool, Map<String, StandardUsernameCredentials> map, FilePath filePath, List<String> list) throws Exception {
        Object obj;
        if (map.isEmpty()) {
            return str;
        }
        Document parse = XMLUtils.parse(new StringReader(str));
        Map<String, Node> emptyMap = Collections.emptyMap();
        XPath newXPath = XPathFactory.newInstance().newXPath();
        Element element = (Node) newXPath.evaluate("/settings/servers", parse, XPathConstants.NODE);
        if (element == null) {
            Node node = (Node) newXPath.evaluate("/settings", parse, XPathConstants.NODE);
            element = parse.createElement("servers");
            node.appendChild(element);
        } else {
            emptyMap = removeMavenServerDefinitions(element, map.keySet(), Boolean.TRUE.equals(bool));
        }
        for (Map.Entry<String, StandardUsernameCredentials> entry : map.entrySet()) {
            SSHUserPrivateKey sSHUserPrivateKey = (StandardUsernameCredentials) entry.getValue();
            String key = entry.getKey();
            Node node2 = emptyMap.get(key);
            if (sSHUserPrivateKey instanceof StandardUsernamePasswordCredentials) {
                StandardUsernamePasswordCredentials standardUsernamePasswordCredentials = (StandardUsernamePasswordCredentials) sSHUserPrivateKey;
                LOGGER.log(Level.FINE, "Maven Server ID {0}: use {1} / {2}", new Object[]{key, standardUsernamePasswordCredentials.getId(), standardUsernamePasswordCredentials.getDescription()});
                Element createElement = parse.createElement("server");
                Element createElement2 = parse.createElement("id");
                createElement2.setTextContent(key);
                Element createElement3 = parse.createElement("password");
                createElement3.setTextContent(Secret.toString(standardUsernamePasswordCredentials.getPassword()));
                Element createElement4 = parse.createElement("username");
                createElement4.setTextContent(standardUsernamePasswordCredentials.getUsername());
                createElement.appendChild(createElement2);
                createElement.appendChild(createElement4);
                createElement.appendChild(createElement3);
                copyServerAttributes(node2, createElement);
                element.appendChild(createElement);
            } else if (sSHUserPrivateKey instanceof SSHUserPrivateKey) {
                SSHUserPrivateKey sSHUserPrivateKey2 = sSHUserPrivateKey;
                List privateKeys = sSHUserPrivateKey2.getPrivateKeys();
                if (privateKeys.isEmpty()) {
                    LOGGER.log(Level.WARNING, "Maven Server ID {0}: not private key defined in {1}, skip", new Object[]{key, sSHUserPrivateKey2.getId()});
                } else {
                    if (privateKeys.size() == 1) {
                        LOGGER.log(Level.FINE, "Maven Server ID {0}: use {1}", new Object[]{key, sSHUserPrivateKey2.getId()});
                        obj = privateKeys.get(0);
                    } else {
                        LOGGER.log(Level.WARNING, "Maven Server ID {0}: more than one ({1}) private key defined in {1}, use first private key", new Object[]{key, Integer.valueOf(privateKeys.size()), sSHUserPrivateKey2.getId()});
                        obj = privateKeys.get(0);
                    }
                    String str2 = (String) obj;
                    Element createElement5 = parse.createElement("server");
                    Element createElement6 = parse.createElement("id");
                    createElement6.setTextContent(key);
                    Element createElement7 = parse.createElement("username");
                    createElement7.setTextContent(sSHUserPrivateKey2.getUsername());
                    filePath.mkdirs();
                    FilePath createTextTempFile = filePath.createTextTempFile("private-key-", ".pem", str2, true);
                    createTextTempFile.chmod(384);
                    list.add(createTextTempFile.getRemote());
                    LOGGER.log(Level.FINE, "Create {0}", new Object[]{createTextTempFile.getRemote()});
                    Element createElement8 = parse.createElement("privateKey");
                    createElement8.setTextContent(createTextTempFile.getRemote());
                    Element createElement9 = parse.createElement("passphrase");
                    createElement9.setTextContent(Secret.toString(sSHUserPrivateKey2.getPassphrase()));
                    createElement5.appendChild(createElement6);
                    createElement5.appendChild(createElement7);
                    createElement5.appendChild(createElement8);
                    createElement5.appendChild(createElement9);
                    copyServerAttributes(node2, createElement5);
                    element.appendChild(createElement5);
                }
            } else {
                Logger logger = LOGGER;
                Level level = Level.WARNING;
                Object[] objArr = new Object[3];
                objArr[0] = key;
                objArr[1] = sSHUserPrivateKey == null ? null : sSHUserPrivateKey.getId();
                objArr[2] = sSHUserPrivateKey == null ? null : sSHUserPrivateKey.getClass();
                logger.log(level, "Maven Server ID {0}: credentials type of {1} not supported: {2}", objArr);
            }
        }
        StringWriter stringWriter = new StringWriter();
        Transformer newTransformer = TransformerFactory.newInstance().newTransformer();
        newTransformer.setOutputProperty("indent", "yes");
        newTransformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "2");
        newTransformer.transform(new DOMSource(parse), new StreamResult(stringWriter));
        return stringWriter.toString();
    }

    @NonNull
    public static List<String> secretsForMasking(Run<?, ?> run, List<ServerCredentialMapping> list) {
        Secret passphrase;
        ArrayList arrayList = new ArrayList();
        Iterator<StandardUsernameCredentials> it = resolveCredentials(run, list, TaskListener.NULL).values().iterator();
        while (it.hasNext()) {
            SSHUserPrivateKey sSHUserPrivateKey = (StandardUsernameCredentials) it.next();
            if (sSHUserPrivateKey.isUsernameSecret()) {
                arrayList.add(sSHUserPrivateKey.getUsername());
            }
            if (sSHUserPrivateKey instanceof StandardUsernamePasswordCredentials) {
                arrayList.add(((StandardUsernamePasswordCredentials) sSHUserPrivateKey).getPassword().getPlainText());
            } else if ((sSHUserPrivateKey instanceof SSHUserPrivateKey) && (passphrase = sSHUserPrivateKey.getPassphrase()) != null && !passphrase.getPlainText().isBlank()) {
                arrayList.add(passphrase.getPlainText());
            }
        }
        return arrayList;
    }

    private static void copyServerAttributes(Node node, Node node2) {
        if (node == null || node2 == null) {
            return;
        }
        NodeList childNodes = node.getChildNodes();
        for (int i = 0; i < childNodes.getLength(); i++) {
            Node item = childNodes.item(i);
            if (ATTRIBUTES_TO_KEEP.contains(StringUtils.trimToNull(item.getNodeName()))) {
                node2.appendChild(item);
            }
        }
    }

    private static Map<String, Node> removeMavenServerDefinitions(Node node, Set<String> set, boolean z) {
        LinkedHashMap linkedHashMap = new LinkedHashMap(set.size());
        NodeList childNodes = node.getChildNodes();
        int i = 0;
        while (i < childNodes.getLength()) {
            Node item = childNodes.item(i);
            String serverId = getServerId(item);
            if (z || set.contains(serverId)) {
                Node removeChild = node.removeChild(item);
                if (set.contains(serverId)) {
                    linkedHashMap.put(serverId, removeChild);
                }
                i--;
            }
            i++;
        }
        return linkedHashMap;
    }

    private static String getServerId(Node node) {
        NodeList childNodes = node.getChildNodes();
        for (int i = 0; i < childNodes.getLength(); i++) {
            Node item = childNodes.item(i);
            String lowerCase = StringUtils.lowerCase(item.getNodeName());
            String trimToNull = StringUtils.trimToNull(item.getTextContent());
            if ("id".equals(lowerCase)) {
                return trimToNull;
            }
        }
        return null;
    }
}
