package com.cloudbees.plugins.credentials;

import com.cloudbees.plugins.credentials.domains.Domain;
import com.cloudbees.plugins.credentials.domains.DomainCredentials;
import com.cloudbees.plugins.credentials.domains.DomainRequirement;
import edu.umd.cs.findbugs.annotations.CheckForNull;
import edu.umd.cs.findbugs.annotations.NonNull;
import edu.umd.cs.findbugs.annotations.Nullable;
import hudson.Extension;
import hudson.ExtensionList;
import hudson.XmlFile;
import hudson.model.AbstractDescribableImpl;
import hudson.model.Descriptor;
import hudson.model.Item;
import hudson.model.ItemGroup;
import hudson.model.ModelObject;
import hudson.model.Saveable;
import hudson.model.listeners.SaveableListener;
import hudson.security.ACL;
import hudson.security.Permission;
import hudson.util.CopyOnWriteMap;
import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.CopyOnWriteArrayList;
import java.util.logging.Level;
import java.util.logging.Logger;
import jenkins.model.Jenkins;
import org.acegisecurity.Authentication;
import org.acegisecurity.context.SecurityContextHolder;
import org.kohsuke.stapler.export.Exported;
import org.kohsuke.stapler.export.ExportedBean;

@Extension
/* loaded from: input_file:WEB-INF/detached-plugins/credentials.hpi:WEB-INF/lib/credentials.jar:com/cloudbees/plugins/credentials/SystemCredentialsProvider.class */
public class SystemCredentialsProvider extends AbstractDescribableImpl<SystemCredentialsProvider> implements Saveable {
    private static final Logger LOGGER = Logger.getLogger(SystemCredentialsProvider.class.getName());

    @Deprecated
    private transient List<Credentials> credentials;
    private Map<Domain, List<Credentials>> domainCredentialsMap;
    private transient StoreImpl store = new StoreImpl();

    @Extension
    /* loaded from: input_file:WEB-INF/detached-plugins/credentials.hpi:WEB-INF/lib/credentials.jar:com/cloudbees/plugins/credentials/SystemCredentialsProvider$DescriptorImpl.class */
    public static final class DescriptorImpl extends Descriptor<SystemCredentialsProvider> {
        @Override // hudson.model.Descriptor
        public String getDisplayName() {
            return "";
        }
    }

    @Extension
    /* loaded from: input_file:WEB-INF/detached-plugins/credentials.hpi:WEB-INF/lib/credentials.jar:com/cloudbees/plugins/credentials/SystemCredentialsProvider$ProviderImpl.class */
    public static class ProviderImpl extends CredentialsProvider {
        private static final Set<CredentialsScope> SCOPES = Collections.unmodifiableSet(new LinkedHashSet(Arrays.asList(CredentialsScope.GLOBAL, CredentialsScope.SYSTEM)));

        @Override // com.cloudbees.plugins.credentials.CredentialsProvider, hudson.model.Descriptor
        public String getDisplayName() {
            return Messages.SystemCredentialsProvider_ProviderImpl_DisplayName();
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsProvider
        public Set<CredentialsScope> getScopes(ModelObject modelObject) {
            return ((modelObject instanceof Jenkins) || (modelObject instanceof SystemCredentialsProvider)) ? SCOPES : super.getScopes(modelObject);
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsProvider
        public CredentialsStore getStore(@CheckForNull ModelObject modelObject) {
            if (modelObject == Jenkins.getInstance()) {
                return SystemCredentialsProvider.getInstance().getStore();
            }
            return null;
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsProvider
        @NonNull
        public <C extends Credentials> List<C> getCredentials(@NonNull Class<C> cls, @Nullable ItemGroup itemGroup, @Nullable Authentication authentication) {
            return getCredentials(cls, itemGroup, authentication, Collections.emptyList());
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsProvider
        @NonNull
        public <C extends Credentials> List<C> getCredentials(@NonNull Class<C> cls, @Nullable ItemGroup itemGroup, @Nullable Authentication authentication, @NonNull List<DomainRequirement> list) {
            if (ACL.SYSTEM.equals(authentication)) {
                return DomainCredentials.getCredentials(SystemCredentialsProvider.getInstance().getDomainCredentialsMap(), cls, list, Jenkins.getInstance() == itemGroup ? CredentialsMatchers.always() : CredentialsMatchers.not(CredentialsMatchers.withScope(CredentialsScope.SYSTEM)));
            }
            return new ArrayList();
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsProvider
        @NonNull
        public <C extends Credentials> List<C> getCredentials(@NonNull Class<C> cls, @NonNull Item item, @Nullable Authentication authentication) {
            return getCredentials(cls, item, authentication, Collections.emptyList());
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsProvider
        @NonNull
        public <C extends Credentials> List<C> getCredentials(@NonNull Class<C> cls, @NonNull Item item, @Nullable Authentication authentication, @NonNull List<DomainRequirement> list) {
            return ACL.SYSTEM.equals(authentication) ? DomainCredentials.getCredentials(SystemCredentialsProvider.getInstance().getDomainCredentialsMap(), cls, list, CredentialsMatchers.not(CredentialsMatchers.withScope(CredentialsScope.SYSTEM))) : new ArrayList();
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsProvider, org.jenkins.ui.icon.IconSpec
        public String getIconClassName() {
            return "icon-credentials-system-store";
        }
    }

    @ExportedBean
    /* loaded from: input_file:WEB-INF/detached-plugins/credentials.hpi:WEB-INF/lib/credentials.jar:com/cloudbees/plugins/credentials/SystemCredentialsProvider$StoreImpl.class */
    public static class StoreImpl extends CredentialsStore {
        private final UserFacingAction storeAction;

        public StoreImpl() {
            super(ProviderImpl.class);
            this.storeAction = new UserFacingAction();
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsStore
        @NonNull
        public ModelObject getContext() {
            return Jenkins.getActiveInstance();
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsStore
        public boolean hasPermission(@NonNull Authentication authentication, @NonNull Permission permission) {
            return getACL().hasPermission(authentication, permission);
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsStore, hudson.security.AccessControlled
        public ACL getACL() {
            return Jenkins.getActiveInstance().getACL();
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsStore
        @Exported
        @NonNull
        public List<Domain> getDomains() {
            return Collections.unmodifiableList(new ArrayList(SystemCredentialsProvider.getInstance().getDomainCredentialsMap().keySet()));
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsStore
        @Exported
        @NonNull
        public List<Credentials> getCredentials(@NonNull Domain domain) {
            return SystemCredentialsProvider.getInstance().getCredentials(domain);
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsStore
        public boolean addDomain(@NonNull Domain domain, List<Credentials> list) throws IOException {
            return SystemCredentialsProvider.getInstance().addDomain(domain, list);
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsStore
        public boolean removeDomain(@NonNull Domain domain) throws IOException {
            return SystemCredentialsProvider.getInstance().removeDomain(domain);
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsStore
        public boolean updateDomain(@NonNull Domain domain, @NonNull Domain domain2) throws IOException {
            return SystemCredentialsProvider.getInstance().updateDomain(domain, domain2);
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsStore
        public boolean addCredentials(@NonNull Domain domain, @NonNull Credentials credentials) throws IOException {
            return SystemCredentialsProvider.getInstance().addCredentials(domain, credentials);
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsStore
        public boolean removeCredentials(@NonNull Domain domain, @NonNull Credentials credentials) throws IOException {
            return SystemCredentialsProvider.getInstance().removeCredentials(domain, credentials);
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsStore
        public boolean updateCredentials(@NonNull Domain domain, @NonNull Credentials credentials, @NonNull Credentials credentials2) throws IOException {
            return SystemCredentialsProvider.getInstance().updateCredentials(domain, credentials, credentials2);
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsStore
        @Nullable
        public CredentialsStoreAction getStoreAction() {
            return this.storeAction;
        }
    }

    @ExportedBean
    /* loaded from: input_file:WEB-INF/detached-plugins/credentials.hpi:WEB-INF/lib/credentials.jar:com/cloudbees/plugins/credentials/SystemCredentialsProvider$UserFacingAction.class */
    public static class UserFacingAction extends CredentialsStoreAction {
        @Override // com.cloudbees.plugins.credentials.CredentialsStoreAction
        @NonNull
        public CredentialsStore getStore() {
            return SystemCredentialsProvider.getInstance().getStore();
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsStoreAction, hudson.model.Action
        public String getIconFileName() {
            if (isVisible()) {
                return "/plugin/credentials/images/24x24/system-store.png";
            }
            return null;
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsStoreAction, org.jenkins.ui.icon.IconSpec
        public String getIconClassName() {
            if (isVisible()) {
                return "icon-credentials-system-store";
            }
            return null;
        }

        @Override // com.cloudbees.plugins.credentials.CredentialsStoreAction, hudson.model.Action, hudson.model.ModelObject
        public String getDisplayName() {
            return Messages.SystemCredentialsProvider_UserFacingAction_DisplayName();
        }
    }

    public SystemCredentialsProvider() {
        this.credentials = new CopyOnWriteArrayList();
        this.domainCredentialsMap = new CopyOnWriteMap.Hash();
        try {
            XmlFile configFile = getConfigFile();
            if (configFile.exists()) {
                configFile.unmarshal(this);
            }
        } catch (IOException e) {
            LOGGER.log(Level.SEVERE, "Failed to read the existing credentials", (Throwable) e);
        }
        this.domainCredentialsMap = DomainCredentials.migrateListToMap(this.domainCredentialsMap, this.credentials);
        this.credentials = null;
    }

    public static XmlFile getConfigFile() {
        return new XmlFile(new File(Jenkins.getActiveInstance().getRootDir(), "credentials.xml"));
    }

    public static SystemCredentialsProvider getInstance() {
        return (SystemCredentialsProvider) ExtensionList.lookup(SystemCredentialsProvider.class).get(SystemCredentialsProvider.class);
    }

    public List<Credentials> getCredentials() {
        return this.domainCredentialsMap.get(Domain.global());
    }

    public List<DomainCredentials> getDomainCredentials() {
        return DomainCredentials.asList(getDomainCredentialsMap());
    }

    @NonNull
    public synchronized Map<Domain, List<Credentials>> getDomainCredentialsMap() {
        Map<Domain, List<Credentials>> migrateListToMap = DomainCredentials.migrateListToMap(this.domainCredentialsMap, this.credentials);
        this.domainCredentialsMap = migrateListToMap;
        return migrateListToMap;
    }

    public synchronized void setDomainCredentialsMap(Map<Domain, List<Credentials>> map) {
        this.domainCredentialsMap = DomainCredentials.toCopyOnWriteMap(map);
    }

    private void checkPermission(Permission permission) {
        Jenkins.getActiveInstance().checkPermission(permission);
    }

    private void checkedSave(Permission permission) throws IOException {
        checkPermission(permission);
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        SecurityContextHolder.getContext().setAuthentication(ACL.SYSTEM);
        try {
            save();
            SecurityContextHolder.getContext().setAuthentication(authentication);
        } catch (Throwable th) {
            SecurityContextHolder.getContext().setAuthentication(authentication);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized boolean addDomain(@NonNull Domain domain, List<Credentials> list) throws IOException {
        checkPermission(CredentialsProvider.MANAGE_DOMAINS);
        Map<Domain, List<Credentials>> domainCredentialsMap = getDomainCredentialsMap();
        if (!domainCredentialsMap.containsKey(domain)) {
            domainCredentialsMap.put(domain, new ArrayList(list));
            checkedSave(CredentialsProvider.MANAGE_DOMAINS);
            return true;
        }
        List<Credentials> list2 = domainCredentialsMap.get(domain);
        boolean z = false;
        for (Credentials credentials : list) {
            if (!list2.contains(credentials)) {
                list2.add(credentials);
                z = true;
            }
        }
        if (z) {
            checkedSave(CredentialsProvider.MANAGE_DOMAINS);
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized boolean removeDomain(@NonNull Domain domain) throws IOException {
        checkPermission(CredentialsProvider.MANAGE_DOMAINS);
        Map<Domain, List<Credentials>> domainCredentialsMap = getDomainCredentialsMap();
        if (!domainCredentialsMap.containsKey(domain)) {
            return false;
        }
        domainCredentialsMap.remove(domain);
        checkedSave(CredentialsProvider.MANAGE_DOMAINS);
        return true;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized boolean updateDomain(@NonNull Domain domain, @NonNull Domain domain2) throws IOException {
        checkPermission(CredentialsProvider.MANAGE_DOMAINS);
        Map<Domain, List<Credentials>> domainCredentialsMap = getDomainCredentialsMap();
        if (!domainCredentialsMap.containsKey(domain)) {
            return false;
        }
        domainCredentialsMap.put(domain2, domainCredentialsMap.remove(domain));
        checkedSave(CredentialsProvider.MANAGE_DOMAINS);
        return true;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized boolean addCredentials(@NonNull Domain domain, @NonNull Credentials credentials) throws IOException {
        checkPermission(CredentialsProvider.CREATE);
        Map<Domain, List<Credentials>> domainCredentialsMap = getDomainCredentialsMap();
        if (!domainCredentialsMap.containsKey(domain)) {
            return false;
        }
        List<Credentials> list = domainCredentialsMap.get(domain);
        if (list.contains(credentials)) {
            return false;
        }
        list.add(credentials);
        checkedSave(CredentialsProvider.CREATE);
        return true;
    }

    /* JADX INFO: Access modifiers changed from: private */
    @NonNull
    public synchronized List<Credentials> getCredentials(@NonNull Domain domain) {
        if (!Jenkins.getActiveInstance().hasPermission(CredentialsProvider.VIEW)) {
            return Collections.emptyList();
        }
        List<Credentials> list = getDomainCredentialsMap().get(domain);
        return (list == null || list.isEmpty()) ? Collections.emptyList() : Collections.unmodifiableList(new ArrayList(list));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized boolean removeCredentials(@NonNull Domain domain, @NonNull Credentials credentials) throws IOException {
        checkPermission(CredentialsProvider.DELETE);
        Map<Domain, List<Credentials>> domainCredentialsMap = getDomainCredentialsMap();
        if (!domainCredentialsMap.containsKey(domain)) {
            return false;
        }
        List<Credentials> list = domainCredentialsMap.get(domain);
        if (!list.contains(credentials)) {
            return false;
        }
        list.remove(credentials);
        checkedSave(CredentialsProvider.DELETE);
        return true;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized boolean updateCredentials(@NonNull Domain domain, @NonNull Credentials credentials, @NonNull Credentials credentials2) throws IOException {
        List<Credentials> list;
        int indexOf;
        checkPermission(CredentialsProvider.UPDATE);
        Map<Domain, List<Credentials>> domainCredentialsMap = getDomainCredentialsMap();
        if (!domainCredentialsMap.containsKey(domain) || (indexOf = (list = domainCredentialsMap.get(domain)).indexOf(credentials)) == -1) {
            return false;
        }
        list.set(indexOf, credentials2);
        checkedSave(CredentialsProvider.UPDATE);
        return true;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized StoreImpl getStore() {
        if (this.store == null) {
            this.store = new StoreImpl();
        }
        return this.store;
    }

    @Override // hudson.model.Saveable
    public void save() throws IOException {
        checkPermission(Jenkins.ADMINISTER);
        XmlFile configFile = getConfigFile();
        configFile.write(this);
        SaveableListener.fireOnChange(this, configFile);
    }
}
