package org.conjur.jenkins.configuration;

import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.common.StandardCertificateCredentials;
import com.cloudbees.plugins.credentials.common.StandardCredentials;
import com.cloudbees.plugins.credentials.common.StandardListBoxModel;
import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials;
import com.cloudbees.plugins.credentials.domains.URIRequirementBuilder;
import hudson.Extension;
import hudson.model.AbstractDescribableImpl;
import hudson.model.Descriptor;
import hudson.model.Item;
import hudson.security.ACL;
import hudson.util.FormValidation;
import hudson.util.ListBoxModel;
import java.io.IOException;
import java.io.Serializable;
import java.time.Duration;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.ServletException;
import jenkins.model.Jenkins;
import org.apache.commons.lang.StringUtils;
import org.conjur.jenkins.credentials.ConjurCredentialProvider;
import org.conjur.jenkins.credentials.ConjurCredentialStore;
import org.conjur.jenkins.credentials.CredentialsSupplier;
import org.conjur.jenkins.jwtauth.impl.JwtToken;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.verb.POST;

/* loaded from: input_file:org/conjur/jenkins/configuration/ConjurConfiguration.class */
public class ConjurConfiguration extends AbstractDescribableImpl<ConjurConfiguration> implements Serializable {
    private static final Logger LOGGER = Logger.getLogger(ConjurConfiguration.class.getName());
    private static final long serialVersionUID = 1;
    private String applianceURL;
    private String account;
    private String credentialID;
    private String certificateCredentialID;
    private String ownerFullName;

    @Extension
    /* loaded from: input_file:org/conjur/jenkins/configuration/ConjurConfiguration$DescriptorImpl.class */
    public static class DescriptorImpl extends Descriptor<ConjurConfiguration> {
        public ListBoxModel doFillCertificateCredentialIDItems(@AncestorInPath Item item, @QueryParameter String str) {
            return ConjurConfiguration.fillCredentialIDItemsWithClass(item, str, StandardCertificateCredentials.class);
        }

        public ListBoxModel doFillCredentialIDItems(@AncestorInPath Item item, @QueryParameter String str) {
            return ConjurConfiguration.fillCredentialIDItemsWithClass(item, str, StandardUsernamePasswordCredentials.class);
        }

        public String getDisplayName() {
            return "Conjur Configuration";
        }

        @POST
        public FormValidation doObtainJwtToken(@AncestorInPath Item item) throws IOException, ServletException {
            return FormValidation.ok("JWT Token: \n" + JwtToken.getUnsignedToken("pluginAction", item).claim.toString(4));
        }

        @POST
        public FormValidation doRefreshCredentialSupplier(@AncestorInPath Item item) throws IOException, ServletException {
            if (item == null) {
                return FormValidation.ok();
            }
            String valueOf = String.valueOf(item.hashCode());
            if (ConjurCredentialStore.getAllStores().containsKey(valueOf)) {
                ConjurConfiguration.LOGGER.log(Level.FINEST, "Resetting Credential Supplier : " + item.getClass().getName() + ": " + item.toString() + " => " + item.hashCode());
                ConjurCredentialProvider.getAllCredentialSuppliers().put(valueOf, ConjurCredentialProvider.memoizeWithExpiration(CredentialsSupplier.standard(item), Duration.ofSeconds(120L)));
            }
            return FormValidation.ok("Refreshed");
        }
    }

    public ConjurConfiguration() {
    }

    @DataBoundConstructor
    public ConjurConfiguration(String str, String str2) {
        if (str.endsWith("/")) {
            this.applianceURL = str.substring(0, str.length() - 1);
        } else {
            this.applianceURL = str;
        }
        this.account = str2;
    }

    public FormValidation doCheckAccount(@QueryParameter String str) {
        return StringUtils.isEmpty(str) ? FormValidation.warning("Please specify Account.") : FormValidation.ok();
    }

    public String getAccount() {
        return this.account;
    }

    public String getApplianceURL() {
        return this.applianceURL;
    }

    public String getCertificateCredentialID() {
        return this.certificateCredentialID;
    }

    public String getCredentialID() {
        return this.credentialID;
    }

    public String getOwnerFullName() {
        return this.ownerFullName;
    }

    @DataBoundSetter
    public void setAccount(String str) {
        this.account = str;
    }

    @DataBoundSetter
    public void setApplianceURL(String str) {
        this.applianceURL = str;
    }

    @DataBoundSetter
    public void setCertificateCredentialID(String str) {
        this.certificateCredentialID = str;
    }

    @DataBoundSetter
    public void setCredentialID(String str) {
        this.credentialID = str;
    }

    public void setOwnerFullName(String str) {
        this.ownerFullName = str;
    }

    private static ListBoxModel fillCredentialIDItemsWithClass(Item item, String str, Class<? extends StandardCredentials> cls) {
        StandardListBoxModel standardListBoxModel = new StandardListBoxModel();
        return (item != null || Jenkins.get().hasPermission(Jenkins.ADMINISTER)) ? (item == null || item.hasPermission(Item.EXTENDED_READ) || item.hasPermission(CredentialsProvider.USE_ITEM)) ? standardListBoxModel.includeEmptyValue().includeAs(ACL.SYSTEM, item, cls, URIRequirementBuilder.fromUri(str).build()).includeCurrentValue(str) : standardListBoxModel.includeCurrentValue(str) : standardListBoxModel.includeCurrentValue(str);
    }
}
