package com.cloudbees.hudson.plugins.folder.properties;

import com.cloudbees.hudson.plugins.folder.Folder;
import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsNameProvider;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.CredentialsScope;
import com.cloudbees.plugins.credentials.CredentialsStore;
import com.cloudbees.plugins.credentials.SystemCredentialsProvider;
import com.cloudbees.plugins.credentials.common.IdCredentials;
import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials;
import com.cloudbees.plugins.credentials.domains.Domain;
import com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl;
import hudson.Launcher;
import hudson.model.AbstractBuild;
import hudson.model.BuildListener;
import hudson.model.Computer;
import hudson.model.FreeStyleBuild;
import hudson.model.FreeStyleProject;
import hudson.model.Item;
import hudson.model.Result;
import hudson.model.User;
import hudson.security.ACL;
import hudson.security.Permission;
import hudson.util.ListBoxModel;
import java.io.IOException;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import jenkins.security.QueueItemAuthenticatorConfiguration;
import org.hamcrest.Matcher;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.hamcrest.StringDescription;
import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
import org.jvnet.hudson.test.JenkinsRule;
import org.jvnet.hudson.test.MockAuthorizationStrategy;
import org.jvnet.hudson.test.MockQueueItemAuthenticator;
import org.jvnet.hudson.test.TestBuilder;

/* loaded from: input_file:com/cloudbees/hudson/plugins/folder/properties/FolderCredentialsProviderTest.class */
public class FolderCredentialsProviderTest {

    @Rule
    public JenkinsRule r = new JenkinsRule();

    /* loaded from: input_file:com/cloudbees/hudson/plugins/folder/properties/FolderCredentialsProviderTest$HasCredentialBuilder.class */
    private static class HasCredentialBuilder extends TestBuilder {
        private final String id;
        private final Matcher<?> matcher;

        HasCredentialBuilder(String str) {
            this(str, null);
        }

        HasCredentialBuilder(String str, Matcher<?> matcher) {
            this.id = str;
            this.matcher = matcher;
        }

        public boolean perform(AbstractBuild<?, ?> abstractBuild, Launcher launcher, BuildListener buildListener) {
            IdCredentials findCredentialById = CredentialsProvider.findCredentialById(this.id, IdCredentials.class, abstractBuild);
            if (findCredentialById == null) {
                buildListener.getLogger().printf("Could not find any credentials with id %s%n", this.id);
                abstractBuild.setResult(Result.FAILURE);
                return false;
            }
            buildListener.getLogger().printf("Found %s credentials with id %s%n", CredentialsNameProvider.name(findCredentialById), this.id);
            if (this.matcher == null) {
                return true;
            }
            if (this.matcher.matches(findCredentialById)) {
                buildListener.getLogger().println("Credentials match criteria");
                return true;
            }
            StringDescription stringDescription = new StringDescription();
            this.matcher.describeMismatch(findCredentialById, stringDescription);
            buildListener.getLogger().println(stringDescription.toString());
            return false;
        }
    }

    @Test
    public void foldersHaveTheirOwnStore() throws Exception {
        MatcherAssert.assertThat(getFolderStore(createFolder()), Matchers.notNullValue());
    }

    @Test
    public void credentialsAvailableAtFolderScope() throws Exception {
        Folder createFolder = createFolder();
        MatcherAssert.assertThat(CredentialsProvider.lookupCredentialsInItemGroup(StandardUsernamePasswordCredentials.class, createFolder, ACL.SYSTEM2, Collections.emptyList()), Matchers.is(CredentialsProvider.lookupCredentialsInItem(StandardUsernamePasswordCredentials.class, createFolder, ACL.SYSTEM2, Collections.emptyList())));
        CredentialsStore folderStore = getFolderStore(createFolder);
        UsernamePasswordCredentialsImpl usernamePasswordCredentialsImpl = new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, "test-id", "description", "test-user", "secret");
        folderStore.addCredentials(Domain.global(), usernamePasswordCredentialsImpl);
        List lookupCredentialsInItemGroup = CredentialsProvider.lookupCredentialsInItemGroup(StandardUsernamePasswordCredentials.class, createFolder, ACL.SYSTEM2, Collections.emptyList());
        List lookupCredentialsInItem = CredentialsProvider.lookupCredentialsInItem(StandardUsernamePasswordCredentials.class, createFolder, ACL.SYSTEM2, Collections.emptyList());
        MatcherAssert.assertThat(lookupCredentialsInItemGroup, Matchers.is(lookupCredentialsInItem));
        MatcherAssert.assertThat(lookupCredentialsInItemGroup, Matchers.hasItem(usernamePasswordCredentialsImpl));
        MatcherAssert.assertThat(lookupCredentialsInItem, Matchers.hasItem(usernamePasswordCredentialsImpl));
    }

    @Test
    public void credentialsListableAtFolderScope() throws Exception {
        Folder createFolder = createFolder();
        ListBoxModel listCredentialsInItemGroup = CredentialsProvider.listCredentialsInItemGroup(StandardUsernamePasswordCredentials.class, createFolder, ACL.SYSTEM2, Collections.emptyList(), CredentialsMatchers.always());
        ListBoxModel listCredentialsInItem = CredentialsProvider.listCredentialsInItem(StandardUsernamePasswordCredentials.class, createFolder, ACL.SYSTEM2, Collections.emptyList(), CredentialsMatchers.always());
        MatcherAssert.assertThat(listCredentialsInItemGroup, Matchers.is(listCredentialsInItem));
        MatcherAssert.assertThat(Integer.valueOf(listCredentialsInItemGroup.size()), Matchers.is(0));
        MatcherAssert.assertThat(Integer.valueOf(listCredentialsInItem.size()), Matchers.is(0));
        getFolderStore(createFolder).addCredentials(Domain.global(), new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, "test-id", "description", "test-user", "secret"));
        ListBoxModel listCredentialsInItemGroup2 = CredentialsProvider.listCredentialsInItemGroup(StandardUsernamePasswordCredentials.class, createFolder, ACL.SYSTEM2, Collections.emptyList(), CredentialsMatchers.always());
        ListBoxModel listCredentialsInItem2 = CredentialsProvider.listCredentialsInItem(StandardUsernamePasswordCredentials.class, createFolder, ACL.SYSTEM2, Collections.emptyList(), CredentialsMatchers.always());
        MatcherAssert.assertThat(Integer.valueOf(listCredentialsInItemGroup2.size()), Matchers.is(1));
        MatcherAssert.assertThat(((ListBoxModel.Option) listCredentialsInItemGroup2.get(0)).value, Matchers.is("test-id"));
        MatcherAssert.assertThat(Integer.valueOf(listCredentialsInItem2.size()), Matchers.is(1));
        MatcherAssert.assertThat(((ListBoxModel.Option) listCredentialsInItem2.get(0)).value, Matchers.is("test-id"));
    }

    @Test
    public void given_folderCredential_when_builtAsSystem_then_credentialFound() throws Exception {
        Folder createFolder = createFolder();
        getFolderStore(createFolder).addCredentials(Domain.global(), new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, "foo-manchu", "Dr. Fu Manchu", "foo", "manchu"));
        FreeStyleProject createProject = createFolder.createProject(FreeStyleProject.class, "job");
        createProject.getBuildersList().add(new HasCredentialBuilder("foo-manchu"));
        this.r.buildAndAssertSuccess(createProject);
    }

    @Test
    public void given_folderCredential_when_builtAsUserWithUseItem_then_credentialFound() throws Exception {
        Folder createFolder = createFolder();
        getFolderStore(createFolder).addCredentials(Domain.global(), new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, "foo-manchu", "Dr. Fu Manchu", "foo", "manchu"));
        FreeStyleProject createProject = createFolder.createProject(FreeStyleProject.class, "job");
        createProject.getBuildersList().add(new HasCredentialBuilder("foo-manchu"));
        this.r.jenkins.setSecurityRealm(this.r.createDummySecurityRealm());
        MockAuthorizationStrategy mockAuthorizationStrategy = new MockAuthorizationStrategy();
        mockAuthorizationStrategy.grant(new Permission[]{CredentialsProvider.USE_ITEM}).everywhere().to(new String[]{"bob"});
        mockAuthorizationStrategy.grant(new Permission[]{Item.BUILD}).everywhere().to(new String[]{"bob"});
        mockAuthorizationStrategy.grant(new Permission[]{Computer.BUILD}).everywhere().to(new String[]{"bob"});
        this.r.jenkins.setAuthorizationStrategy(mockAuthorizationStrategy);
        HashMap hashMap = new HashMap();
        hashMap.put(createProject.getFullName(), User.getOrCreateByIdOrFullName("bob").impersonate());
        MockQueueItemAuthenticator mockQueueItemAuthenticator = new MockQueueItemAuthenticator(hashMap);
        QueueItemAuthenticatorConfiguration.get().getAuthenticators().clear();
        QueueItemAuthenticatorConfiguration.get().getAuthenticators().add(mockQueueItemAuthenticator);
        this.r.buildAndAssertSuccess(createProject);
    }

    @Test
    public void given_folderCredential_when_builtAsUserWithoutUseItem_then_credentialNotFound() throws Exception {
        Folder createFolder = createFolder();
        getFolderStore(createFolder).addCredentials(Domain.global(), new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, "foo-manchu", "Dr. Fu Manchu", "foo", "manchu"));
        FreeStyleProject createProject = createFolder.createProject(FreeStyleProject.class, "job");
        createProject.getBuildersList().add(new HasCredentialBuilder("foo-manchu"));
        this.r.jenkins.setSecurityRealm(this.r.createDummySecurityRealm());
        MockAuthorizationStrategy mockAuthorizationStrategy = new MockAuthorizationStrategy();
        mockAuthorizationStrategy.grant(new Permission[]{Item.BUILD}).everywhere().to(new String[]{"bob"});
        mockAuthorizationStrategy.grant(new Permission[]{Computer.BUILD}).everywhere().to(new String[]{"bob"});
        this.r.jenkins.setAuthorizationStrategy(mockAuthorizationStrategy);
        HashMap hashMap = new HashMap();
        hashMap.put(createProject.getFullName(), User.getOrCreateByIdOrFullName("bob").impersonate());
        MockQueueItemAuthenticator mockQueueItemAuthenticator = new MockQueueItemAuthenticator(hashMap);
        QueueItemAuthenticatorConfiguration.get().getAuthenticators().clear();
        QueueItemAuthenticatorConfiguration.get().getAuthenticators().add(mockQueueItemAuthenticator);
        this.r.assertBuildStatus(Result.FAILURE, (FreeStyleBuild) createProject.scheduleBuild2(0).get());
    }

    @Test
    public void given_folderAndSystemCredentials_when_builtAsUserWithUseItem_then_folderCredentialFound() throws Exception {
        SystemCredentialsProvider.getInstance().getCredentials().add(new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, "foo-manchu", "You don't want me", "bar", "fly"));
        Folder createFolder = createFolder();
        getFolderStore(createFolder).addCredentials(Domain.global(), new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, "foo-manchu", "Dr. Fu Manchu", "foo", "manchu"));
        FreeStyleProject createProject = createFolder.createProject(FreeStyleProject.class, "job");
        createProject.getBuildersList().add(new HasCredentialBuilder("foo-manchu", Matchers.hasProperty("username", Matchers.is("foo"))));
        this.r.jenkins.setSecurityRealm(this.r.createDummySecurityRealm());
        MockAuthorizationStrategy mockAuthorizationStrategy = new MockAuthorizationStrategy();
        mockAuthorizationStrategy.grant(new Permission[]{CredentialsProvider.USE_ITEM}).everywhere().to(new String[]{"bob"});
        mockAuthorizationStrategy.grant(new Permission[]{Item.BUILD}).everywhere().to(new String[]{"bob"});
        mockAuthorizationStrategy.grant(new Permission[]{Computer.BUILD}).everywhere().to(new String[]{"bob"});
        this.r.jenkins.setAuthorizationStrategy(mockAuthorizationStrategy);
        HashMap hashMap = new HashMap();
        hashMap.put(createProject.getFullName(), User.getOrCreateByIdOrFullName("bob").impersonate());
        MockQueueItemAuthenticator mockQueueItemAuthenticator = new MockQueueItemAuthenticator(hashMap);
        QueueItemAuthenticatorConfiguration.get().getAuthenticators().clear();
        QueueItemAuthenticatorConfiguration.get().getAuthenticators().add(mockQueueItemAuthenticator);
        try {
            this.r.buildAndAssertSuccess(createProject);
        } catch (Exception e) {
            FreeStyleBuild lastBuild = createProject.getLastBuild();
            if (lastBuild != null) {
                System.out.println(JenkinsRule.getLog(lastBuild));
            }
            throw e;
        }
    }

    @Test
    public void given_nestedFolderAndSystemCredentials_when_builtAsUserWithUseItem_then_folderCredentialFound() throws Exception {
        SystemCredentialsProvider.getInstance().getCredentials().add(new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, "foo-manchu", "You don't want me", "bar", "fly"));
        Folder createFolder = createFolder();
        getFolderStore(createFolder).addCredentials(Domain.global(), new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, "foo-manchu", "Prof. Xavier", "prof", "xavier"));
        Folder folder = (Folder) createFolder.createProject(Folder.class, "child");
        getFolderStore(folder).addCredentials(Domain.global(), new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, "foo-manchu", "Dr. Fu Manchu", "foo", "manchu"));
        FreeStyleProject createProject = folder.createProject(FreeStyleProject.class, "job");
        createProject.getBuildersList().add(new HasCredentialBuilder("foo-manchu", Matchers.hasProperty("username", Matchers.is("foo"))));
        this.r.jenkins.setSecurityRealm(this.r.createDummySecurityRealm());
        MockAuthorizationStrategy mockAuthorizationStrategy = new MockAuthorizationStrategy();
        mockAuthorizationStrategy.grant(new Permission[]{CredentialsProvider.USE_ITEM}).everywhere().to(new String[]{"bob"});
        mockAuthorizationStrategy.grant(new Permission[]{Item.BUILD}).everywhere().to(new String[]{"bob"});
        mockAuthorizationStrategy.grant(new Permission[]{Computer.BUILD}).everywhere().to(new String[]{"bob"});
        this.r.jenkins.setAuthorizationStrategy(mockAuthorizationStrategy);
        HashMap hashMap = new HashMap();
        hashMap.put(createProject.getFullName(), User.getOrCreateByIdOrFullName("bob").impersonate());
        MockQueueItemAuthenticator mockQueueItemAuthenticator = new MockQueueItemAuthenticator(hashMap);
        QueueItemAuthenticatorConfiguration.get().getAuthenticators().clear();
        QueueItemAuthenticatorConfiguration.get().getAuthenticators().add(mockQueueItemAuthenticator);
        try {
            this.r.buildAndAssertSuccess(createProject);
        } catch (Exception e) {
            FreeStyleBuild lastBuild = createProject.getLastBuild();
            if (lastBuild != null) {
                System.out.println(JenkinsRule.getLog(lastBuild));
            }
            throw e;
        }
    }

    @Test
    public void cannotUpdateCredentialsId() throws Exception {
        UsernamePasswordCredentialsImpl usernamePasswordCredentialsImpl = new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, "cred1", "Cred 1", "foo", "bar");
        UsernamePasswordCredentialsImpl usernamePasswordCredentialsImpl2 = new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, "cred2", "Cred 2", "fee", "baz");
        CredentialsStore folderStore = getFolderStore(createFolder());
        folderStore.addCredentials(Domain.global(), usernamePasswordCredentialsImpl);
        Assert.assertThrows(IllegalArgumentException.class, () -> {
            folderStore.updateCredentials(Domain.global(), usernamePasswordCredentialsImpl, usernamePasswordCredentialsImpl2);
        });
    }

    private CredentialsStore getFolderStore(Folder folder) {
        CredentialsStore credentialsStore = null;
        Iterator it = CredentialsProvider.lookupStores(folder).iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            CredentialsStore credentialsStore2 = (CredentialsStore) it.next();
            if ((credentialsStore2.getProvider() instanceof FolderCredentialsProvider) && credentialsStore2.getContext() == folder) {
                credentialsStore = credentialsStore2;
                break;
            }
        }
        return credentialsStore;
    }

    private Folder createFolder() throws IOException {
        return this.r.jenkins.createProject(Folder.class, "folder" + this.r.jenkins.getItems().size());
    }
}
