package defpackage;

import com.amazonaws.ClientConfiguration;
import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.auth.BasicSessionCredentials;
import com.amazonaws.services.codebuild.AWSCodeBuildClient;
import com.amazonaws.services.codebuild.model.ListProjectsRequest;
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient;
import com.amazonaws.services.securitytoken.model.AssumeRoleRequest;
import com.amazonaws.services.securitytoken.model.Credentials;
import com.cloudbees.plugins.credentials.CredentialsDescriptor;
import com.cloudbees.plugins.credentials.CredentialsScope;
import com.cloudbees.plugins.credentials.impl.BaseStandardCredentials;
import hudson.Extension;
import hudson.util.FormValidation;
import java.util.Date;
import java.util.UUID;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.QueryParameter;

/* loaded from: input_file:CodeBuildCredentials.class */
public class CodeBuildCredentials extends BaseStandardCredentials implements AWSCredentialsProvider {
    public static final long serialVersionUID = 555;
    private static final int ERROR_MESSAGE_MAX_LENGTH = 178;
    private static final int MIN_VALIDITY_ALLOWED = 180000;
    private final String accessKey;
    private final String secretKey;
    private final String proxyHost;
    private final String proxyPort;
    private final String iamRoleArn;
    private final String externalId;
    private transient Credentials roleCredentials;

    @Extension
    /* loaded from: input_file:CodeBuildCredentials$DescriptorImpl.class */
    public static class DescriptorImpl extends CredentialsDescriptor {
        public String getDisplayName() {
            return "CodeBuild Credentials";
        }

        public FormValidation doCheckSecretKey(@QueryParameter("proxyHost") String str, @QueryParameter("proxyPort") String str2, @QueryParameter("accessKey") String str3, @QueryParameter("secretKey") String str4) {
            try {
                new AWSCodeBuildClient(AWSClientFactory.getBasicCredentialsOrDefaultChain(str3, str4).getCredentials(), getClientConfiguration(str, str2)).listProjects(new ListProjectsRequest());
                return FormValidation.ok("AWS access and secret key authorization successful.");
            } catch (Exception e) {
                String message = e.getMessage();
                if (message.length() >= CodeBuildCredentials.ERROR_MESSAGE_MAX_LENGTH) {
                    message = message.substring(CodeBuildCredentials.ERROR_MESSAGE_MAX_LENGTH);
                }
                return FormValidation.error("Authorization failed: " + message);
            }
        }

        public FormValidation doCheckIamRoleArn(@QueryParameter("proxyHost") String str, @QueryParameter("proxyPort") String str2, @QueryParameter("accessKey") String str3, @QueryParameter("secretKey") String str4, @QueryParameter("iamRoleArn") String str5, @QueryParameter("externalId") String str6) {
            if (str3.isEmpty() || str4.isEmpty()) {
                return FormValidation.error("AWS access and secret keys are required to use an IAM role for authorization");
            }
            if (str5.isEmpty()) {
                return FormValidation.ok();
            }
            try {
                new AWSSecurityTokenServiceClient(new BasicAWSCredentials(str3, str4), getClientConfiguration(str, str2)).assumeRole(new AssumeRoleRequest().withRoleArn(str5).withExternalId(str6).withDurationSeconds(3600).withRoleSessionName("jenkins-codebuild-plugin"));
                return FormValidation.ok("IAM role authorization successful.");
            } catch (Exception e) {
                String message = e.getMessage();
                if (message.length() >= CodeBuildCredentials.ERROR_MESSAGE_MAX_LENGTH) {
                    message = message.substring(CodeBuildCredentials.ERROR_MESSAGE_MAX_LENGTH);
                }
                return FormValidation.error("Authorization failed: " + message);
            }
        }

        public String getNewUUID() {
            return UUID.randomUUID().toString();
        }

        private ClientConfiguration getClientConfiguration(String str, String str2) {
            ClientConfiguration clientConfiguration = new ClientConfiguration();
            if (!str.isEmpty()) {
                clientConfiguration.withProxyHost(str);
            }
            if (!str2.isEmpty()) {
                clientConfiguration.setProxyPort(Validation.parseInt(str2).intValue());
            }
            return clientConfiguration;
        }
    }

    @DataBoundConstructor
    public CodeBuildCredentials(CredentialsScope credentialsScope, String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8) {
        super(credentialsScope, str, str2);
        this.roleCredentials = null;
        this.accessKey = Validation.sanitize(str3);
        this.secretKey = Validation.sanitize(str4);
        this.proxyHost = str5;
        this.proxyPort = str6;
        this.iamRoleArn = Validation.sanitize(str7);
        this.externalId = str8;
    }

    public String getCredentialsDescriptor() {
        return (this.accessKey.isEmpty() || this.secretKey.isEmpty()) ? Validation.defaultChainCredentials : this.iamRoleArn.isEmpty() ? Validation.basicAWSCredentials : Validation.IAMRoleCredentials + this.iamRoleArn;
    }

    public AWSCredentials getCredentials() {
        BasicSessionCredentials credentials = AWSClientFactory.getBasicCredentialsOrDefaultChain(this.accessKey, this.secretKey).getCredentials();
        if (!this.iamRoleArn.isEmpty()) {
            if (haveCredentialsExpired()) {
                refresh();
            }
            credentials = new BasicSessionCredentials(this.roleCredentials.getAccessKeyId(), this.roleCredentials.getSecretAccessKey(), this.roleCredentials.getSessionToken());
        }
        return credentials;
    }

    public void refresh() {
        if (this.iamRoleArn.isEmpty() || !haveCredentialsExpired()) {
            return;
        }
        AWSCredentials credentials = AWSClientFactory.getBasicCredentialsOrDefaultChain(this.accessKey, this.secretKey).getCredentials();
        this.roleCredentials = new AWSSecurityTokenServiceClient(credentials).assumeRole(new AssumeRoleRequest().withRoleArn(this.iamRoleArn).withExternalId(this.externalId).withDurationSeconds(3600).withRoleSessionName("CodeBuild-Jenkins-Plugin")).getCredentials();
    }

    private boolean haveCredentialsExpired() {
        return this.roleCredentials == null || this.roleCredentials.getExpiration().getTime() < new Date().getTime() + 180000;
    }

    public String getAccessKey() {
        return this.accessKey;
    }

    public String getSecretKey() {
        return this.secretKey;
    }

    public String getProxyHost() {
        return this.proxyHost;
    }

    public String getProxyPort() {
        return this.proxyPort;
    }

    public String getIamRoleArn() {
        return this.iamRoleArn;
    }

    public String getExternalId() {
        return this.externalId;
    }
}
