package com.google.jenkins.plugins.credentials.oauth;

import com.cloudbees.plugins.credentials.SecretBytes;
import com.google.api.client.json.jackson2.JacksonFactory;
import com.google.api.client.util.PemReader;
import com.google.api.client.util.Strings;
import com.google.api.services.oauth2.Oauth2;
import com.google.jenkins.plugins.credentials.oauth.ServiceAccountConfig;
import edu.umd.cs.findbugs.annotations.CheckForNull;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import hudson.Extension;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.StringReader;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.logging.Level;
import java.util.logging.Logger;
import jenkins.model.Jenkins;
import org.apache.commons.fileupload.FileItem;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.DoNotUse;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;

/* loaded from: input_file:WEB-INF/lib/google-oauth-plugin.jar:com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfig.class */
public class JsonServiceAccountConfig extends ServiceAccountConfig {
    private static final long serialVersionUID = 6818111194672325387L;
    private static final Logger LOGGER = Logger.getLogger(JsonServiceAccountConfig.class.getSimpleName());

    @CheckForNull
    private String filename;

    @CheckForNull
    private SecretBytes secretJsonKey;

    @CheckForNull
    @Deprecated
    private transient String jsonKeyFile;
    private transient JsonKey jsonKey;

    @Extension
    /* loaded from: input_file:WEB-INF/lib/google-oauth-plugin.jar:com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfig$DescriptorImpl.class */
    public static final class DescriptorImpl extends ServiceAccountConfig.Descriptor {
        public String getDisplayName() {
            return Messages.JsonServiceAccountConfig_DisplayName();
        }
    }

    @DataBoundConstructor
    public JsonServiceAccountConfig() {
    }

    @Deprecated
    public JsonServiceAccountConfig(FileItem fileItem, String str) {
        setJsonKeyFileUpload(fileItem);
        if (this.filename != null || str == null) {
            return;
        }
        this.filename = extractFilename(str);
        this.secretJsonKey = getSecretBytesFromFile(str);
    }

    @DataBoundSetter
    public void setJsonKeyFileUpload(FileItem fileItem) {
        if (fileItem == null || fileItem.getSize() <= 0) {
            return;
        }
        try {
            JsonKey load = JsonKey.load(new JacksonFactory(), fileItem.getInputStream());
            if (load.getClientEmail() != null && load.getPrivateKey() != null) {
                this.filename = extractFilename(fileItem.getName());
                this.secretJsonKey = SecretBytes.fromBytes(fileItem.get());
            }
        } catch (IOException e) {
            LOGGER.log(Level.SEVERE, "Failed to read JSON key from file", (Throwable) e);
        }
    }

    @DataBoundSetter
    public void setFilename(String str) {
        String extractFilename = extractFilename(str);
        if (Strings.isNullOrEmpty(extractFilename)) {
            return;
        }
        this.filename = extractFilename;
    }

    @DataBoundSetter
    public void setSecretJsonKey(SecretBytes secretBytes) {
        if (secretBytes == null || secretBytes.getPlainData().length <= 0) {
            return;
        }
        this.secretJsonKey = secretBytes;
    }

    @CheckForNull
    private static String extractFilename(@CheckForNull String str) {
        if (str == null) {
            return null;
        }
        return str.replaceFirst("^.+[/\\\\]", Oauth2.DEFAULT_SERVICE_PATH);
    }

    @SuppressFBWarnings({"RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE"})
    private Object readResolve() {
        return this.secretJsonKey == null ? new JsonServiceAccountConfig(null, getJsonKeyFile()) : this;
    }

    /* renamed from: getDescriptor, reason: merged with bridge method [inline-methods] */
    public DescriptorImpl m384getDescriptor() {
        return (DescriptorImpl) Jenkins.get().getDescriptorOrDie(JsonServiceAccountConfig.class);
    }

    @CheckForNull
    public String getFilename() {
        return this.filename;
    }

    @CheckForNull
    @Restricted({DoNotUse.class})
    public SecretBytes getSecretJsonKey() {
        return this.secretJsonKey;
    }

    @Deprecated
    public String getJsonKeyFile() {
        return this.jsonKeyFile;
    }

    @Restricted({DoNotUse.class})
    @Deprecated
    public FileItem getJsonKeyFileUpload() {
        return null;
    }

    @Override // com.google.jenkins.plugins.credentials.oauth.ServiceAccountConfig
    public String getAccountId() {
        JsonKey jsonKey = getJsonKey();
        if (jsonKey != null) {
            return jsonKey.getClientEmail();
        }
        return null;
    }

    @Override // com.google.jenkins.plugins.credentials.oauth.ServiceAccountConfig
    public PrivateKey getPrivateKey() {
        String privateKey;
        JsonKey jsonKey = getJsonKey();
        if (jsonKey == null || (privateKey = jsonKey.getPrivateKey()) == null || privateKey.isEmpty()) {
            return null;
        }
        try {
            PemReader.Section readNextSection = new PemReader(new StringReader(privateKey)).readNextSection();
            if (readNextSection != null) {
                return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(readNextSection.getBase64DecodedBytes()));
            }
            LOGGER.severe("The provided private key is malformed.");
            return null;
        } catch (IOException | NoSuchAlgorithmException | InvalidKeySpecException e) {
            LOGGER.log(Level.SEVERE, "Failed to read private key", e);
            return null;
        }
    }

    private JsonKey getJsonKey() {
        if (this.jsonKey == null && this.secretJsonKey != null && this.secretJsonKey.getPlainData().length > 0) {
            try {
                this.jsonKey = JsonKey.load(new JacksonFactory(), new ByteArrayInputStream(this.secretJsonKey.getPlainData()));
            } catch (IOException e) {
            }
        }
        return this.jsonKey;
    }
}
