package org.jenkinsci.plugins.saml;

import hudson.Extension;
import hudson.Util;
import hudson.model.AbstractDescribableImpl;
import hudson.model.Descriptor;
import hudson.util.FormValidation;
import hudson.util.Secret;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Enumeration;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import org.apache.commons.lang.StringUtils;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.QueryParameter;

/* loaded from: input_file:org/jenkinsci/plugins/saml/SamlEncryptionData.class */
public class SamlEncryptionData extends AbstractDescribableImpl<SamlEncryptionData> {
    private final String keystorePath;

    @Deprecated
    private transient String keystorePassword;
    private Secret keystorePasswordSecret;

    @Deprecated
    private transient String privateKeyPassword;
    private Secret privateKeyPasswordSecret;
    private final String privateKeyAlias;
    private boolean forceSignRedirectBindingAuthnRequest;

    @Extension
    /* loaded from: input_file:org/jenkinsci/plugins/saml/SamlEncryptionData$DescriptorImpl.class */
    public static final class DescriptorImpl extends Descriptor<SamlEncryptionData> {
        public DescriptorImpl() {
        }

        public DescriptorImpl(Class<? extends SamlEncryptionData> cls) {
            super(cls);
        }

        public String getDisplayName() {
            return "Encryption Configuration";
        }

        public FormValidation doCheckKeystorePath(@QueryParameter String str) {
            if (!StringUtils.isEmpty(str) && StringUtils.isBlank(str)) {
                return FormValidation.error(SamlSecurityRealm.ERROR_ONLY_SPACES_FIELD_VALUE);
            }
            return FormValidation.ok();
        }

        public FormValidation doCheckPrivateKeyAlias(@QueryParameter String str) {
            if (!StringUtils.isEmpty(str) && StringUtils.isBlank(str)) {
                return FormValidation.error(SamlSecurityRealm.ERROR_ONLY_SPACES_FIELD_VALUE);
            }
            return FormValidation.ok();
        }

        public FormValidation doCheckKeystorePassword(@QueryParameter String str) {
            if (!StringUtils.isEmpty(str) && StringUtils.isBlank(str)) {
                return FormValidation.error(SamlSecurityRealm.ERROR_ONLY_SPACES_FIELD_VALUE);
            }
            return FormValidation.ok();
        }

        public FormValidation doCheckPrivateKeyPassword(@QueryParameter String str) {
            if (!StringUtils.isEmpty(str) && StringUtils.isBlank(str)) {
                return FormValidation.error(SamlSecurityRealm.ERROR_ONLY_SPACES_FIELD_VALUE);
            }
            return FormValidation.ok();
        }

        public FormValidation doTestKeyStore(@QueryParameter("keystorePath") String str, @QueryParameter("keystorePassword") Secret secret, @QueryParameter("privateKeyPassword") Secret secret2, @QueryParameter("privateKeyAlias") String str2) {
            if (StringUtils.isBlank(str)) {
                return FormValidation.warning(SamlSecurityRealm.WARN_THERE_IS_NOT_KEY_STORE);
            }
            try {
                FileInputStream fileInputStream = new FileInputStream(str);
                Throwable th = null;
                try {
                    try {
                        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                        keyStore.load(fileInputStream, secret.getPlainText().toCharArray());
                        KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(null);
                        if (StringUtils.isNotBlank(secret2.getPlainText())) {
                            passwordProtection = new KeyStore.PasswordProtection(secret2.getPlainText().toCharArray());
                        }
                        Enumeration<String> aliases = keyStore.aliases();
                        while (aliases.hasMoreElements()) {
                            String nextElement = aliases.nextElement();
                            if (StringUtils.isBlank(str2) || nextElement.equalsIgnoreCase(str2)) {
                                keyStore.getEntry(nextElement, passwordProtection);
                                FormValidation ok = FormValidation.ok(SamlSecurityRealm.SUCCESS);
                                if (fileInputStream != null) {
                                    if (0 != 0) {
                                        try {
                                            fileInputStream.close();
                                        } catch (Throwable th2) {
                                            th.addSuppressed(th2);
                                        }
                                    } else {
                                        fileInputStream.close();
                                    }
                                }
                                return ok;
                            }
                        }
                        if (fileInputStream != null) {
                            if (0 != 0) {
                                try {
                                    fileInputStream.close();
                                } catch (Throwable th3) {
                                    th.addSuppressed(th3);
                                }
                            } else {
                                fileInputStream.close();
                            }
                        }
                        return FormValidation.error(SamlSecurityRealm.ERROR_NOT_KEY_FOUND);
                    } finally {
                    }
                } catch (Throwable th4) {
                    if (fileInputStream != null) {
                        if (th != null) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th5) {
                                th.addSuppressed(th5);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                    throw th4;
                }
            } catch (IOException e) {
                return FormValidation.error(e, SamlSecurityRealm.ERROR_NOT_POSSIBLE_TO_READ_KS_FILE);
            } catch (KeyStoreException e2) {
                return FormValidation.error(e2, SamlSecurityRealm.ERROR_NO_PROVIDER_SUPPORTS_A_KS_SPI_IMPL);
            } catch (NoSuchAlgorithmException e3) {
                return FormValidation.error(e3, SamlSecurityRealm.ERROR_ALGORITHM_CANNOT_BE_FOUND);
            } catch (UnrecoverableKeyException e4) {
                return FormValidation.error(e4, SamlSecurityRealm.ERROR_WRONG_INFO_OR_PASSWORD);
            } catch (UnrecoverableEntryException e5) {
                return FormValidation.error(e5, SamlSecurityRealm.ERROR_INSUFFICIENT_OR_INVALID_INFO);
            } catch (CertificateException e6) {
                return FormValidation.error(e6, SamlSecurityRealm.ERROR_CERTIFICATES_COULD_NOT_BE_LOADED);
            }
        }
    }

    @DataBoundConstructor
    public SamlEncryptionData(String str, Secret secret, Secret secret2, String str2, boolean z) {
        this.keystorePath = Util.fixEmptyAndTrim(str);
        this.keystorePasswordSecret = secret != null ? secret : Secret.fromString("");
        this.privateKeyPasswordSecret = secret2 != null ? secret2 : Secret.fromString("");
        this.privateKeyAlias = Util.fixEmptyAndTrim(str2);
        this.forceSignRedirectBindingAuthnRequest = z;
    }

    public String getKeystorePath() {
        return this.keystorePath;
    }

    @Nonnull
    public Secret getKeystorePassword() {
        return this.keystorePasswordSecret;
    }

    @CheckForNull
    public String getKeystorePasswordPlainText() {
        return Util.fixEmptyAndTrim(this.keystorePasswordSecret.getPlainText());
    }

    @Nonnull
    public Secret getPrivateKeyPassword() {
        return this.privateKeyPasswordSecret;
    }

    @CheckForNull
    public String getPrivateKeyPasswordPlainText() {
        return Util.fixEmptyAndTrim(this.privateKeyPasswordSecret.getPlainText());
    }

    public String getPrivateKeyAlias() {
        return this.privateKeyAlias;
    }

    public boolean isForceSignRedirectBindingAuthnRequest() {
        return this.forceSignRedirectBindingAuthnRequest;
    }

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer("SamlEncryptionData{");
        stringBuffer.append("keystorePath='").append(StringUtils.defaultIfBlank(this.keystorePath, SamlSecurityRealm.DEFAULT_USERNAME_CASE_CONVERSION)).append('\'');
        stringBuffer.append(", keystorePassword is NOT empty='").append(getKeystorePasswordPlainText() != null).append('\'');
        stringBuffer.append(", privateKeyPassword is NOT empty='").append(getPrivateKeyPasswordPlainText() != null).append('\'');
        stringBuffer.append(", privateKeyAlias is NOT empty='").append(StringUtils.isNotEmpty(this.privateKeyAlias)).append('\'');
        stringBuffer.append(", forceSignRedirectBindingAuthnRequest = ").append(this.forceSignRedirectBindingAuthnRequest);
        stringBuffer.append('}');
        return stringBuffer.toString();
    }

    private Object readResolve() {
        if (this.keystorePassword != null) {
            this.keystorePasswordSecret = Secret.fromString(this.keystorePassword);
            this.keystorePassword = null;
        }
        if (this.privateKeyPassword != null) {
            this.privateKeyPasswordSecret = Secret.fromString(this.privateKeyPassword);
            this.privateKeyPassword = null;
        }
        return this;
    }
}
