package com.cloudbees.jenkins.plugins.sshcredentials.impl;

import com.cloudbees.jenkins.plugins.sshcredentials.SSHUserPrivateKey;
import com.cloudbees.plugins.credentials.CredentialsScope;
import com.cloudbees.plugins.credentials.CredentialsStore;
import com.cloudbees.plugins.credentials.impl.BaseStandardCredentials;
import edu.umd.cs.findbugs.annotations.CheckForNull;
import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.DescriptorExtensionList;
import hudson.Extension;
import hudson.model.AbstractDescribableImpl;
import hudson.model.Descriptor;
import hudson.model.Items;
import hudson.util.Secret;
import java.io.File;
import java.io.IOException;
import java.io.Serializable;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.stream.Collectors;
import jenkins.model.Jenkins;
import net.jcip.annotations.GuardedBy;
import org.apache.commons.io.FileUtils;
import org.apache.commons.lang.StringUtils;
import org.kohsuke.stapler.DataBoundConstructor;

/* loaded from: input_file:WEB-INF/lib/ssh-credentials.jar:com/cloudbees/jenkins/plugins/sshcredentials/impl/BasicSSHUserPrivateKey.class */
public class BasicSSHUserPrivateKey extends BaseSSHUser implements SSHUserPrivateKey {
    private static final long serialVersionUID = 1;
    private final Secret passphrase;
    private final PrivateKeySource privateKeySource;

    @GuardedBy("this")
    private transient List<String> privateKeys;

    @GuardedBy("this")
    private transient long privateKeysLastModified;

    @Extension
    /* loaded from: input_file:WEB-INF/lib/ssh-credentials.jar:com/cloudbees/jenkins/plugins/sshcredentials/impl/BasicSSHUserPrivateKey$DescriptorImpl.class */
    public static class DescriptorImpl extends BaseStandardCredentials.BaseStandardCredentialsDescriptor {
        @NonNull
        public String getDisplayName() {
            return Messages.BasicSSHUserPrivateKey_DisplayName();
        }

        public DescriptorExtensionList<PrivateKeySource, Descriptor<PrivateKeySource>> getPrivateKeySources() {
            return Jenkins.get().getDescriptorList(PrivateKeySource.class);
        }

        public String getIconClassName() {
            return "symbol-fingerprint";
        }

        public /* bridge */ /* synthetic */ String getCheckIdUrl(CredentialsStore credentialsStore) throws UnsupportedEncodingException {
            return super.getCheckIdUrl(credentialsStore);
        }
    }

    /* loaded from: input_file:WEB-INF/lib/ssh-credentials.jar:com/cloudbees/jenkins/plugins/sshcredentials/impl/BasicSSHUserPrivateKey$DirectEntryPrivateKeySource.class */
    public static class DirectEntryPrivateKeySource extends PrivateKeySource implements Serializable {
        private static final long serialVersionUID = 1;
        private final Secret privateKey;

        @Extension
        /* loaded from: input_file:WEB-INF/lib/ssh-credentials.jar:com/cloudbees/jenkins/plugins/sshcredentials/impl/BasicSSHUserPrivateKey$DirectEntryPrivateKeySource$DescriptorImpl.class */
        public static class DescriptorImpl extends PrivateKeySourceDescriptor {
            @NonNull
            public String getDisplayName() {
                return Messages.BasicSSHUserPrivateKey_DirectEntryPrivateKeySourceDisplayName();
            }
        }

        public DirectEntryPrivateKeySource(String str) {
            this(Secret.fromString(str.endsWith("\n") ? str : str + "\n"));
        }

        @DataBoundConstructor
        public DirectEntryPrivateKeySource(Secret secret) {
            this.privateKey = secret;
        }

        public DirectEntryPrivateKeySource(List<String> list) {
            this(StringUtils.join(list, "\f"));
        }

        @Override // com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey.PrivateKeySource
        @NonNull
        public List<String> getPrivateKeys() {
            String secret = Secret.toString(this.privateKey);
            return StringUtils.isBlank(secret) ? Collections.emptyList() : Arrays.asList(StringUtils.split(secret, "\f"));
        }

        public Secret getPrivateKey() {
            return this.privateKey;
        }

        @Override // com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey.PrivateKeySource
        public boolean isSnapshotSource() {
            return true;
        }
    }

    @Deprecated
    /* loaded from: input_file:WEB-INF/lib/ssh-credentials.jar:com/cloudbees/jenkins/plugins/sshcredentials/impl/BasicSSHUserPrivateKey$FileOnMasterPrivateKeySource.class */
    public static class FileOnMasterPrivateKeySource extends PrivateKeySource {
        private static final Logger LOGGER = Logger.getLogger(FileOnMasterPrivateKeySource.class.getName());
        private final String privateKeyFile;
        private volatile transient long lastModified;
        private volatile transient long nextCheckLastModified;

        public FileOnMasterPrivateKeySource(String str) {
            this.privateKeyFile = str;
        }

        @Override // com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey.PrivateKeySource
        @NonNull
        public List<String> getPrivateKeys() {
            if (this.privateKeyFile != null) {
                File file = new File(this.privateKeyFile);
                if (file.isFile()) {
                    try {
                        return Collections.singletonList(FileUtils.readFileToString(file));
                    } catch (IOException e) {
                        LOGGER.log(Level.WARNING, "Could not read private key file " + this.privateKeyFile, (Throwable) e);
                    }
                }
            }
            return Collections.emptyList();
        }

        public String getPrivateKeyFile() {
            return this.privateKeyFile;
        }

        private Object readResolve() {
            if (this.privateKeyFile != null && this.privateKeyFile.startsWith("---") && this.privateKeyFile.contains("---BEGIN") && this.privateKeyFile.contains("---END")) {
                return new DirectEntryPrivateKeySource(this.privateKeyFile);
            }
            Jenkins.get().checkPermission(Jenkins.RUN_SCRIPTS);
            LOGGER.log(Level.INFO, "SECURITY-440: Migrating FileOnMasterPrivateKeySource to DirectEntryPrivateKeySource");
            return new DirectEntryPrivateKeySource(getPrivateKeys());
        }

        @Override // com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey.PrivateKeySource
        public long getPrivateKeysLastModified() {
            if (this.nextCheckLastModified > System.currentTimeMillis() || this.lastModified < 0) {
                this.lastModified = Long.MIN_VALUE;
                if (this.privateKeyFile != null) {
                    File file = new File(this.privateKeyFile);
                    if (file.exists()) {
                        this.lastModified = file.lastModified();
                    }
                }
                this.nextCheckLastModified = System.currentTimeMillis() + TimeUnit.SECONDS.toMillis(30L);
            }
            return this.lastModified;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/ssh-credentials.jar:com/cloudbees/jenkins/plugins/sshcredentials/impl/BasicSSHUserPrivateKey$PrivateKeySource.class */
    public static abstract class PrivateKeySource extends AbstractDescribableImpl<PrivateKeySource> {
        @NonNull
        public abstract List<String> getPrivateKeys();

        public long getPrivateKeysLastModified() {
            return BasicSSHUserPrivateKey.serialVersionUID;
        }

        @Deprecated
        public boolean isSnapshotSource() {
            return false;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/ssh-credentials.jar:com/cloudbees/jenkins/plugins/sshcredentials/impl/BasicSSHUserPrivateKey$PrivateKeySourceDescriptor.class */
    public static abstract class PrivateKeySourceDescriptor extends Descriptor<PrivateKeySource> {
    }

    @Deprecated
    /* loaded from: input_file:WEB-INF/lib/ssh-credentials.jar:com/cloudbees/jenkins/plugins/sshcredentials/impl/BasicSSHUserPrivateKey$UsersPrivateKeySource.class */
    public static class UsersPrivateKeySource extends PrivateKeySource {
        private static final Logger LOGGER = Logger.getLogger(UsersPrivateKeySource.class.getName());
        private volatile transient long lastModified;
        private volatile transient long nextCheckLastModified;

        private List<File> files() {
            ArrayList arrayList = new ArrayList();
            File file = new File(new File(System.getProperty("user.home")), ".ssh");
            Iterator it = Arrays.asList("id_ecdsa", "id_ed25519", "id_rsa", "id_dsa", "identity").iterator();
            while (it.hasNext()) {
                File file2 = new File(file, (String) it.next());
                if (file2.isFile()) {
                    arrayList.add(file2);
                }
            }
            return arrayList;
        }

        @Override // com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey.PrivateKeySource
        @NonNull
        public List<String> getPrivateKeys() {
            ArrayList arrayList = new ArrayList();
            Iterator<File> it = files().iterator();
            while (it.hasNext()) {
                try {
                    arrayList.add(FileUtils.readFileToString(it.next()));
                } catch (IOException e) {
                    LOGGER.log(Level.WARNING, "Could not read private key", (Throwable) e);
                }
            }
            return arrayList;
        }

        @Override // com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey.PrivateKeySource
        public long getPrivateKeysLastModified() {
            if (this.nextCheckLastModified > System.currentTimeMillis() || this.lastModified < 0) {
                this.lastModified = Long.MIN_VALUE;
                Iterator<File> it = files().iterator();
                while (it.hasNext()) {
                    this.lastModified = Math.max(this.lastModified, it.next().lastModified());
                }
                this.nextCheckLastModified = System.currentTimeMillis() + TimeUnit.SECONDS.toMillis(30L);
            }
            return this.lastModified;
        }

        private Object readResolve() {
            Jenkins.get().checkPermission(Jenkins.RUN_SCRIPTS);
            LOGGER.log(Level.INFO, "SECURITY-440: Migrating UsersPrivateKeySource to DirectEntryPrivateKeySource");
            return new DirectEntryPrivateKeySource(getPrivateKeys());
        }
    }

    @DataBoundConstructor
    public BasicSSHUserPrivateKey(CredentialsScope credentialsScope, String str, String str2, PrivateKeySource privateKeySource, String str3, String str4) {
        super(credentialsScope, str, str2, str4);
        this.privateKeySource = privateKeySource == null ? new DirectEntryPrivateKeySource("") : privateKeySource;
        this.passphrase = fixEmpty(str3 == null ? null : Secret.fromString(str3));
    }

    private static Secret fixEmpty(Secret secret) {
        if (secret == null || secret.getPlainText().isEmpty()) {
            return null;
        }
        return secret;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.cloudbees.jenkins.plugins.sshcredentials.impl.BaseSSHUser
    public synchronized Object readResolve() {
        if (this.privateKeySource != null) {
            return (this.passphrase == null || fixEmpty(this.passphrase) != null) ? super.readResolve() : new BasicSSHUserPrivateKey(getScope(), getId(), getUsername(), this.privateKeySource, null, getDescription());
        }
        Secret passphrase = getPassphrase();
        if (this.privateKeys != null) {
            return new BasicSSHUserPrivateKey(getScope(), getId(), getUsername(), new DirectEntryPrivateKeySource(this.privateKeys), passphrase == null ? null : passphrase.getEncryptedValue(), getDescription());
        }
        return new BasicSSHUserPrivateKey(getScope(), getId(), getUsername(), new DirectEntryPrivateKeySource(""), passphrase == null ? null : passphrase.getEncryptedValue(), getDescription());
    }

    @Override // com.cloudbees.jenkins.plugins.sshcredentials.SSHUserPrivateKey
    @NonNull
    public synchronized List<String> getPrivateKeys() {
        if (this.privateKeySource == null) {
            return Collections.emptyList();
        }
        long privateKeysLastModified = this.privateKeySource.getPrivateKeysLastModified();
        if (this.privateKeys == null || this.privateKeys.isEmpty() || privateKeysLastModified > this.privateKeysLastModified) {
            this.privateKeys = (List) this.privateKeySource.getPrivateKeys().stream().map(str -> {
                return str.endsWith("\n") ? str : str + "\n";
            }).collect(Collectors.toList());
            this.privateKeysLastModified = privateKeysLastModified;
        }
        return this.privateKeys;
    }

    @NonNull
    public PrivateKeySource getPrivateKeySource() {
        return this.privateKeySource == null ? new DirectEntryPrivateKeySource("") : this.privateKeySource;
    }

    @Override // com.cloudbees.jenkins.plugins.sshcredentials.SSHUserPrivateKey
    @CheckForNull
    public Secret getPassphrase() {
        return this.passphrase;
    }

    static {
        Items.XSTREAM2.addCriticalField(BasicSSHUserPrivateKey.class, "privateKeySource");
    }
}
