package com.cloudbees.plugins.credentials;

import com.cloudbees.plugins.credentials.domains.AntPathMatcher;
import com.cloudbees.plugins.credentials.domains.Domain;
import com.cloudbees.plugins.credentials.domains.DomainCredentials;
import com.cloudbees.plugins.credentials.domains.DomainRequirement;
import com.cloudbees.plugins.credentials.domains.DomainSpecification;
import edu.umd.cs.findbugs.annotations.CheckForNull;
import edu.umd.cs.findbugs.annotations.NonNull;
import edu.umd.cs.findbugs.annotations.Nullable;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import hudson.BulkChange;
import hudson.DescriptorExtensionList;
import hudson.Extension;
import hudson.model.Descriptor;
import hudson.model.ItemGroup;
import hudson.model.ModelObject;
import hudson.model.User;
import hudson.model.UserProperty;
import hudson.model.UserPropertyDescriptor;
import hudson.security.ACL;
import hudson.security.ACLContext;
import hudson.security.AccessDeniedException2;
import hudson.security.Permission;
import java.io.IOException;
import java.net.URI;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.WeakHashMap;
import java.util.function.Supplier;
import java.util.logging.Logger;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import jenkins.model.Jenkins;
import net.jcip.annotations.GuardedBy;
import net.sf.json.JSONObject;
import org.acegisecurity.Authentication;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.Stapler;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.export.Exported;
import org.kohsuke.stapler.export.ExportedBean;

@Extension
/* loaded from: input_file:WEB-INF/lib/credentials.jar:com/cloudbees/plugins/credentials/UserCredentialsProvider.class */
public class UserCredentialsProvider extends CredentialsProvider {
    private static final Logger LOGGER = Logger.getLogger(UserCredentialsProperty.class.getName());
    private static final Set<CredentialsScope> SCOPES = Collections.singleton(CredentialsScope.USER);

    @GuardedBy("self")
    private static final WeakHashMap<User, UserCredentialsProperty> emptyProperties = new WeakHashMap<>();

    /* loaded from: input_file:WEB-INF/lib/credentials.jar:com/cloudbees/plugins/credentials/UserCredentialsProvider$StoreImpl.class */
    public static class StoreImpl extends CredentialsStore {
        private final User user;
        private final UserFacingAction storeAction;
        private transient UserCredentialsProperty property;

        private StoreImpl(User user) {
            this.user = user;
            this.storeAction = new UserFacingAction(this);
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsStore
        @Nullable
        public CredentialsStoreAction getStoreAction() {
            return this.storeAction;
        }

        private UserCredentialsProperty getInstance() {
            if (this.property == null) {
                UserCredentialsProperty userCredentialsProperty = (UserCredentialsProperty) this.user.getProperty(UserCredentialsProperty.class);
                if (userCredentialsProperty == null) {
                    synchronized (UserCredentialsProvider.emptyProperties) {
                        userCredentialsProperty = (UserCredentialsProperty) this.user.getProperty(UserCredentialsProperty.class);
                        if (userCredentialsProperty == null) {
                            userCredentialsProperty = (UserCredentialsProperty) UserCredentialsProvider.emptyProperties.get(this.user);
                            if (userCredentialsProperty == null) {
                                userCredentialsProperty = new UserCredentialsProperty(new DomainCredentials[0]);
                                userCredentialsProperty._setUser(this.user);
                                UserCredentialsProvider.emptyProperties.put(this.user, userCredentialsProperty);
                            }
                        }
                    }
                }
                this.property = userCredentialsProperty;
            }
            return this.property;
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsStore
        @NonNull
        public ModelObject getContext() {
            return this.user;
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsStore
        public boolean hasPermission(@NonNull Authentication authentication, @NonNull Permission permission) {
            return getACL().hasPermission(authentication, permission);
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsStore
        @NonNull
        public ACL getACL() {
            return new ACL() { // from class: com.cloudbees.plugins.credentials.UserCredentialsProvider.StoreImpl.1
                public boolean hasPermission(@NonNull Authentication authentication, @NonNull Permission permission) {
                    return StoreImpl.this.user.equals(User.getById(authentication.getName(), true)) && StoreImpl.this.user.getACL().hasPermission(authentication, permission);
                }
            };
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsStore
        @Exported
        @NonNull
        public List<Domain> getDomains() {
            return Collections.unmodifiableList(new ArrayList(getInstance().getDomainCredentialsMap().keySet()));
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsStore
        @Exported
        @NonNull
        public List<Credentials> getCredentials(@NonNull Domain domain) {
            return getInstance().getCredentials(domain);
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsStore
        public boolean addDomain(@NonNull Domain domain, List<Credentials> list) throws IOException {
            return getInstance().addDomain(domain, list);
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsStore
        public boolean removeDomain(@NonNull Domain domain) throws IOException {
            return getInstance().removeDomain(domain);
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsStore
        public boolean updateDomain(@NonNull Domain domain, @NonNull Domain domain2) throws IOException {
            return getInstance().updateDomain(domain, domain2);
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsStore
        public boolean addCredentials(@NonNull Domain domain, @NonNull Credentials credentials) throws IOException {
            return getInstance().addCredentials(domain, credentials);
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsStore
        public boolean removeCredentials(@NonNull Domain domain, @NonNull Credentials credentials) throws IOException {
            return getInstance().removeCredentials(domain, credentials);
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsStore
        public boolean updateCredentials(@NonNull Domain domain, @NonNull Credentials credentials, @NonNull Credentials credentials2) throws IOException {
            return getInstance().updateCredentials(domain, credentials, credentials2);
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsStore
        public String getRelativeLinkToContext() {
            return URI.create(Stapler.getCurrentRequest().getContextPath() + AntPathMatcher.DEFAULT_PATH_SEPARATOR + this.user.getUrl() + AntPathMatcher.DEFAULT_PATH_SEPARATOR).normalize().toString();
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsStore
        public void save() throws IOException {
            if (BulkChange.contains(this)) {
                return;
            }
            getInstance().save();
        }
    }

    /* loaded from: input_file:WEB-INF/lib/credentials.jar:com/cloudbees/plugins/credentials/UserCredentialsProvider$UserCredentialsProperty.class */
    public static class UserCredentialsProperty extends UserProperty {

        @Deprecated
        private transient List<Credentials> credentials;

        @SuppressFBWarnings({"IS2_INCONSISTENT_SYNC"})
        private Map<Domain, List<Credentials>> domainCredentialsMap;

        @Extension
        /* loaded from: input_file:WEB-INF/lib/credentials.jar:com/cloudbees/plugins/credentials/UserCredentialsProvider$UserCredentialsProperty$DescriptorImpl.class */
        public static class DescriptorImpl extends UserPropertyDescriptor {
            public UserProperty newInstance(User user) {
                return new UserCredentialsProperty(new DomainCredentials[0]);
            }

            public boolean isEnabled() {
                return !UserProperty.all().isEmpty();
            }

            @NonNull
            public String getDisplayName() {
                return Messages.UserCredentialsProvider_DisplayName();
            }

            public DescriptorExtensionList<Credentials, CredentialsDescriptor> getCredentialDescriptors() {
                return CredentialsProvider.allCredentialsDescriptors();
            }

            public DescriptorExtensionList<DomainSpecification, Descriptor<DomainSpecification>> getSpecificationDescriptors() {
                return Jenkins.get().getDescriptorList(DomainSpecification.class);
            }
        }

        @Deprecated
        public UserCredentialsProperty(List<Credentials> list) {
            this.domainCredentialsMap = DomainCredentials.migrateListToMap(null, list);
        }

        @DataBoundConstructor
        public UserCredentialsProperty(DomainCredentials[] domainCredentialsArr) {
            this.domainCredentialsMap = DomainCredentials.asMap(Arrays.asList(domainCredentialsArr));
        }

        private Object readResolve() {
            return this.domainCredentialsMap == null ? new UserCredentialsProperty(this.credentials) : this;
        }

        public <C extends Credentials> List<C> getCredentials(Class<C> cls) {
            checkPermission(CredentialsProvider.VIEW);
            Stream<Credentials> stream = getCredentials().stream();
            cls.getClass();
            Stream<Credentials> filter = stream.filter((v1) -> {
                return r1.isInstance(v1);
            });
            cls.getClass();
            return (List) filter.map((v1) -> {
                return r1.cast(v1);
            }).collect(Collectors.toList());
        }

        public List<Credentials> getCredentials() {
            checkPermission(CredentialsProvider.VIEW);
            return this.domainCredentialsMap.get(Domain.global());
        }

        public List<DomainCredentials> getDomainCredentials() {
            checkPermission(CredentialsProvider.VIEW);
            return DomainCredentials.asList(getDomainCredentialsMap());
        }

        @NonNull
        public synchronized Map<Domain, List<Credentials>> getDomainCredentialsMap() {
            checkPermission(CredentialsProvider.VIEW);
            Map<Domain, List<Credentials>> migrateListToMap = DomainCredentials.migrateListToMap(this.domainCredentialsMap, this.credentials);
            this.domainCredentialsMap = migrateListToMap;
            return migrateListToMap;
        }

        public synchronized void setDomainCredentialsMap(Map<Domain, List<Credentials>> map) {
            checkPermission(CredentialsProvider.MANAGE_DOMAINS);
            this.domainCredentialsMap = DomainCredentials.toCopyOnWriteMap(map);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public synchronized boolean addDomain(@NonNull Domain domain, List<Credentials> list) throws IOException {
            checkPermission(CredentialsProvider.MANAGE_DOMAINS);
            Map<Domain, List<Credentials>> domainCredentialsMap = getDomainCredentialsMap();
            if (!domainCredentialsMap.containsKey(domain)) {
                domainCredentialsMap.put(domain, new ArrayList(list));
                save();
                return true;
            }
            List<Credentials> list2 = domainCredentialsMap.get(domain);
            boolean z = false;
            for (Credentials credentials : list) {
                if (!list2.contains(credentials)) {
                    list2.add(credentials);
                    z = true;
                }
            }
            if (z) {
                save();
            }
            return z;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public synchronized boolean removeDomain(@NonNull Domain domain) throws IOException {
            checkPermission(CredentialsProvider.MANAGE_DOMAINS);
            Map<Domain, List<Credentials>> domainCredentialsMap = getDomainCredentialsMap();
            if (!domainCredentialsMap.containsKey(domain)) {
                return false;
            }
            domainCredentialsMap.remove(domain);
            save();
            return true;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public synchronized boolean updateDomain(@NonNull Domain domain, @NonNull Domain domain2) throws IOException {
            checkPermission(CredentialsProvider.MANAGE_DOMAINS);
            Map<Domain, List<Credentials>> domainCredentialsMap = getDomainCredentialsMap();
            if (!domainCredentialsMap.containsKey(domain)) {
                return false;
            }
            domainCredentialsMap.put(domain2, domainCredentialsMap.remove(domain));
            save();
            return true;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public synchronized boolean addCredentials(@NonNull Domain domain, @NonNull Credentials credentials) throws IOException {
            checkPermission(CredentialsProvider.CREATE);
            Map<Domain, List<Credentials>> domainCredentialsMap = getDomainCredentialsMap();
            if (!domainCredentialsMap.containsKey(domain)) {
                return false;
            }
            List<Credentials> list = domainCredentialsMap.get(domain);
            if (list.contains(credentials)) {
                return false;
            }
            list.add(credentials);
            save();
            return true;
        }

        /* JADX INFO: Access modifiers changed from: private */
        @NonNull
        public synchronized List<Credentials> getCredentials(@NonNull Domain domain) {
            if (!this.user.equals(User.current())) {
                return Collections.emptyList();
            }
            List<Credentials> list = getDomainCredentialsMap().get(domain);
            return (list == null || list.isEmpty()) ? Collections.emptyList() : Collections.unmodifiableList(new ArrayList(list));
        }

        /* JADX INFO: Access modifiers changed from: private */
        public synchronized boolean removeCredentials(@NonNull Domain domain, @NonNull Credentials credentials) throws IOException {
            checkPermission(CredentialsProvider.DELETE);
            Map<Domain, List<Credentials>> domainCredentialsMap = getDomainCredentialsMap();
            if (!domainCredentialsMap.containsKey(domain)) {
                return false;
            }
            List<Credentials> list = domainCredentialsMap.get(domain);
            if (!list.contains(credentials)) {
                return false;
            }
            list.remove(credentials);
            save();
            return true;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public synchronized boolean updateCredentials(@NonNull Domain domain, @NonNull Credentials credentials, @NonNull Credentials credentials2) throws IOException {
            List<Credentials> list;
            int indexOf;
            checkPermission(CredentialsProvider.UPDATE);
            Map<Domain, List<Credentials>> domainCredentialsMap = getDomainCredentialsMap();
            if (!domainCredentialsMap.containsKey(domain) || (indexOf = (list = domainCredentialsMap.get(domain)).indexOf(credentials)) == -1) {
                return false;
            }
            list.set(indexOf, credentials2);
            save();
            return true;
        }

        private void checkPermission(Permission permission) {
            if (!this.user.equals(User.current())) {
                throw new AccessDeniedException2(Jenkins.getAuthentication(), permission);
            }
            this.user.checkPermission(permission);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void save() throws IOException {
            Map<Domain, List<Credentials>> map;
            List<Credentials> list;
            if (this.user.equals(User.current())) {
                if (((UserCredentialsProperty) this.user.getProperty(UserCredentialsProperty.class)) == null) {
                    synchronized (this) {
                        map = this.domainCredentialsMap;
                    }
                    if (map == null || map.isEmpty()) {
                        return;
                    }
                    if (map.size() == 1 && (list = map.get(Domain.global())) != null && list.isEmpty()) {
                        return;
                    }
                    synchronized (UserCredentialsProvider.emptyProperties) {
                        this.user.addProperty(this);
                        UserCredentialsProvider.emptyProperties.remove(this.user);
                    }
                }
                this.user.save();
            }
        }

        /* renamed from: reconfigure, reason: merged with bridge method [inline-methods] */
        public UserProperty m22reconfigure(StaplerRequest staplerRequest, JSONObject jSONObject) {
            return this;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void _setUser(User user) {
            this.user = user;
        }
    }

    @ExportedBean
    /* loaded from: input_file:WEB-INF/lib/credentials.jar:com/cloudbees/plugins/credentials/UserCredentialsProvider$UserFacingAction.class */
    public static class UserFacingAction extends CredentialsStoreAction {
        private final StoreImpl store;

        public UserFacingAction(StoreImpl storeImpl) {
            this.store = storeImpl;
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsStoreAction
        @Exported
        @NonNull
        public CredentialsStore getStore() {
            return this.store;
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsStoreAction
        public String getIconFileName() {
            if (isVisible()) {
                return "symbol-person";
            }
            return null;
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsStoreAction
        public String getIconClassName() {
            if (isVisible()) {
                return "symbol-person";
            }
            return null;
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsStoreAction
        public String getDisplayName() {
            return Messages.UserCredentialsProvider_UserFacingAction_DisplayName();
        }
    }

    @Override // com.cloudbees.plugins.credentials.CredentialsProvider
    public Set<CredentialsScope> getScopes(ModelObject modelObject) {
        return modelObject instanceof User ? SCOPES : super.getScopes(modelObject);
    }

    @Override // com.cloudbees.plugins.credentials.CredentialsProvider
    public CredentialsStore getStore(@CheckForNull ModelObject modelObject) {
        if (modelObject instanceof User) {
            return new StoreImpl((User) modelObject);
        }
        return null;
    }

    @Override // com.cloudbees.plugins.credentials.CredentialsProvider
    @NonNull
    public <C extends Credentials> List<C> getCredentials(@NonNull Class<C> cls, @Nullable ItemGroup itemGroup, @Nullable Authentication authentication) {
        return getCredentials(cls, itemGroup, authentication, Collections.emptyList());
    }

    @Override // com.cloudbees.plugins.credentials.CredentialsProvider
    @NonNull
    public <C extends Credentials> List<C> getCredentials(@NonNull Class<C> cls, @Nullable ItemGroup itemGroup, @Nullable Authentication authentication, @NonNull List<DomainRequirement> list) {
        User user;
        UserCredentialsProperty userCredentialsProperty;
        if (authentication == null) {
            authentication = ACL.SYSTEM;
        }
        if (ACL.SYSTEM.equals(authentication) || (user = User.get(authentication)) == null || (userCredentialsProperty = (UserCredentialsProperty) user.getProperty(UserCredentialsProperty.class)) == null) {
            return Collections.emptyList();
        }
        boolean z = !user.equals(User.current());
        Supplier supplier = () -> {
            return DomainCredentials.getCredentials(userCredentialsProperty.getDomainCredentialsMap(), cls, list, CredentialsMatchers.always());
        };
        if (!z) {
            return (List) supplier.get();
        }
        ACLContext as = ACL.as(user);
        Throwable th = null;
        try {
            try {
                List<C> list2 = (List) supplier.get();
                if (as != null) {
                    if (0 != 0) {
                        try {
                            as.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        as.close();
                    }
                }
                return list2;
            } finally {
            }
        } catch (Throwable th3) {
            if (as != null) {
                if (th != null) {
                    try {
                        as.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    as.close();
                }
            }
            throw th3;
        }
    }

    @Override // com.cloudbees.plugins.credentials.CredentialsProvider
    public String getIconClassName() {
        return "symbol-person";
    }
}
