package com.cloudbees.jenkins.support.impl;

import com.cloudbees.jenkins.support.AsyncResultCache;
import com.cloudbees.jenkins.support.api.Component;
import com.cloudbees.jenkins.support.api.Container;
import com.cloudbees.jenkins.support.api.UnfilteredStringContent;
import edu.umd.cs.findbugs.annotations.NonNull;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import hudson.Extension;
import hudson.Functions;
import hudson.model.Node;
import hudson.security.Permission;
import java.io.IOException;
import java.io.StringWriter;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Iterator;
import java.util.Set;
import java.util.WeakHashMap;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import jenkins.model.Jenkins;
import jenkins.security.MasterToSlaveCallable;

@Extension
/* loaded from: input_file:WEB-INF/lib/support-core.jar:com/cloudbees/jenkins/support/impl/RootCAs.class */
public class RootCAs extends Component {
    private final WeakHashMap<Node, String> certCache = new WeakHashMap<>();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/support-core.jar:com/cloudbees/jenkins/support/impl/RootCAs$GetRootCA.class */
    public static final class GetRootCA extends MasterToSlaveCallable<String, RuntimeException> {
        private static final long serialVersionUID = 1;

        private GetRootCA() {
        }

        @SuppressFBWarnings(value = {"RV_RETURN_VALUE_IGNORED_BAD_PRACTICE", "DM_DEFAULT_ENCODING"}, justification = "Best effort")
        /* renamed from: call, reason: merged with bridge method [inline-methods] */
        public String m62call() {
            StringWriter stringWriter = new StringWriter();
            RootCAs.getRootCAList(stringWriter);
            return stringWriter.toString();
        }
    }

    @Override // com.cloudbees.jenkins.support.api.Component
    public boolean isSelectedByDefault() {
        return false;
    }

    @Override // com.cloudbees.jenkins.support.api.Component
    @NonNull
    public Set<Permission> getRequiredPermissions() {
        return Collections.singleton(Jenkins.ADMINISTER);
    }

    @Override // com.cloudbees.jenkins.support.api.Component
    @NonNull
    public String getDisplayName() {
        return "Root CAs";
    }

    @Override // com.cloudbees.jenkins.support.api.Component
    public void addContents(@NonNull Container container) {
        Jenkins jenkins = Jenkins.get();
        addContents(container, jenkins);
        Iterator it = jenkins.getNodes().iterator();
        while (it.hasNext()) {
            addContents(container, (Node) it.next());
        }
    }

    @Override // com.cloudbees.jenkins.support.api.Component
    @NonNull
    public Component.ComponentCategory getCategory() {
        return Component.ComponentCategory.PLATFORM;
    }

    private void addContents(@NonNull Container container, @NonNull Node node) {
        String str;
        String[] strArr;
        if (node.toComputer() == null) {
            return;
        }
        if (node instanceof Jenkins) {
            str = "nodes/master/RootCA.txt";
            strArr = new String[0];
        } else {
            str = "nodes/slave/{0}/RootCA.txt";
            strArr = new String[]{node.getNodeName()};
        }
        try {
            container.add(new UnfilteredStringContent(str, strArr, getRootCA(node)));
        } catch (IOException e) {
            container.add(new UnfilteredStringContent(str, strArr, Functions.printThrowable(e)));
        }
    }

    public String getRootCA(Node node) throws IOException {
        return (String) AsyncResultCache.get(node, this.certCache, new GetRootCA(), "Root CA info", "N/A: Either no connection to node, or no cached result");
    }

    public static void getRootCAList(StringWriter stringWriter) {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            for (int i = 0; i < trustManagers.length; i++) {
                stringWriter.append("===== Trust Manager ").append((CharSequence) String.valueOf(i)).append(" =====\n");
                TrustManager trustManager = trustManagers[i];
                if (trustManager instanceof X509TrustManager) {
                    X509Certificate[] acceptedIssuers = ((X509TrustManager) trustManager).getAcceptedIssuers();
                    stringWriter.append("It is an X.509 Trust Manager containing ").append((CharSequence) String.valueOf(acceptedIssuers.length)).append(" certificates:\n");
                    for (X509Certificate x509Certificate : acceptedIssuers) {
                        stringWriter.append((CharSequence) x509Certificate.getSubjectX500Principal().toString()).append('\n');
                    }
                } else {
                    stringWriter.append("Skipping as it is not an X.509 Trust Manager.\n");
                    stringWriter.append("Class Name: ").append((CharSequence) trustManager.getClass().getName()).append('\n');
                }
            }
        } catch (KeyStoreException | NoSuchAlgorithmException e) {
            stringWriter.write(Functions.printThrowable(e));
        }
    }
}
