package com.google.jenkins.plugins.credentials.oauth;

import com.cloudbees.plugins.credentials.SecretBytes;
import com.google.api.client.util.Strings;
import com.google.api.services.oauth2.Oauth2;
import com.google.jenkins.plugins.credentials.oauth.ServiceAccountConfig;
import edu.umd.cs.findbugs.annotations.CheckForNull;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import hudson.Extension;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.util.logging.Level;
import java.util.logging.Logger;
import jenkins.model.Jenkins;
import org.apache.commons.fileupload.FileItem;
import org.apache.commons.io.IOUtils;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.DoNotUse;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;

/* loaded from: input_file:WEB-INF/lib/google-oauth-plugin.jar:com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfig.class */
public class P12ServiceAccountConfig extends ServiceAccountConfig {
    private static final long serialVersionUID = 8706353638974721795L;
    private static final Logger LOGGER = Logger.getLogger(P12ServiceAccountConfig.class.getSimpleName());
    private static final String DEFAULT_P12_SECRET = "notasecret";
    private static final String DEFAULT_P12_ALIAS = "privatekey";
    private final String emailAddress;

    @CheckForNull
    private String filename;

    @CheckForNull
    private SecretBytes secretP12Key;

    @CheckForNull
    @Deprecated
    private transient String p12KeyFile;

    @Extension
    /* loaded from: input_file:WEB-INF/lib/google-oauth-plugin.jar:com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfig$DescriptorImpl.class */
    public static final class DescriptorImpl extends ServiceAccountConfig.Descriptor {
        public String getDisplayName() {
            return Messages.P12ServiceAccountConfig_DisplayName();
        }
    }

    @DataBoundConstructor
    public P12ServiceAccountConfig(String str) {
        this.emailAddress = str;
    }

    @Deprecated
    public P12ServiceAccountConfig(String str, FileItem fileItem, String str2) {
        this(str);
        setP12KeyFileUpload(fileItem);
        if (this.filename != null || str2 == null) {
            return;
        }
        setFilename(str2);
        setSecretP12Key(getSecretBytesFromFile(str2));
    }

    @DataBoundSetter
    @Deprecated
    public void setP12KeyFileUpload(FileItem fileItem) {
        if (fileItem == null || fileItem.getSize() <= 0) {
            return;
        }
        this.filename = extractFilename(fileItem.getName());
        this.secretP12Key = SecretBytes.fromBytes(fileItem.get());
    }

    @DataBoundSetter
    public void setFilename(String str) {
        if (Strings.isNullOrEmpty(str)) {
            return;
        }
        this.filename = extractFilename(str);
    }

    @DataBoundSetter
    public void setSecretP12Key(SecretBytes secretBytes) {
        if (secretBytes == null || secretBytes.getPlainData().length <= 0) {
            return;
        }
        this.secretP12Key = secretBytes;
    }

    @CheckForNull
    private static String extractFilename(@CheckForNull String str) {
        if (str == null) {
            return null;
        }
        return str.replaceFirst("^.+[/\\\\]", Oauth2.DEFAULT_SERVICE_PATH);
    }

    @SuppressFBWarnings({"RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE"})
    private Object readResolve() {
        return this.secretP12Key == null ? new P12ServiceAccountConfig(getEmailAddress(), null, getP12KeyFile()) : this;
    }

    /* renamed from: getDescriptor, reason: merged with bridge method [inline-methods] */
    public DescriptorImpl m383getDescriptor() {
        return (DescriptorImpl) Jenkins.get().getDescriptorOrDie(P12ServiceAccountConfig.class);
    }

    public String getEmailAddress() {
        return this.emailAddress;
    }

    @CheckForNull
    public String getFilename() {
        return this.filename;
    }

    @CheckForNull
    @Restricted({DoNotUse.class})
    public SecretBytes getSecretP12Key() {
        return this.secretP12Key;
    }

    @Deprecated
    public String getP12KeyFile() {
        return this.p12KeyFile;
    }

    @Restricted({DoNotUse.class})
    @Deprecated
    public FileItem getP12KeyFileUpload() {
        return null;
    }

    @Override // com.google.jenkins.plugins.credentials.oauth.ServiceAccountConfig
    public String getAccountId() {
        return getEmailAddress();
    }

    @Override // com.google.jenkins.plugins.credentials.oauth.ServiceAccountConfig
    public PrivateKey getPrivateKey() {
        try {
            KeyStore p12KeyStore = getP12KeyStore();
            if (p12KeyStore == null) {
                return null;
            }
            return (PrivateKey) p12KeyStore.getKey(DEFAULT_P12_ALIAS, DEFAULT_P12_SECRET.toCharArray());
        } catch (IOException | GeneralSecurityException e) {
            LOGGER.log(Level.SEVERE, "Failed to read private key", e);
            return null;
        }
    }

    @CheckForNull
    private KeyStore getP12KeyStore() throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException {
        ByteArrayInputStream byteArrayInputStream = null;
        if (this.secretP12Key == null) {
            return null;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            byteArrayInputStream = new ByteArrayInputStream(this.secretP12Key.getPlainData());
            keyStore.load(byteArrayInputStream, DEFAULT_P12_SECRET.toCharArray());
            IOUtils.closeQuietly(byteArrayInputStream);
            return keyStore;
        } catch (Throwable th) {
            IOUtils.closeQuietly(byteArrayInputStream);
            throw th;
        }
    }
}
