package com.redhat.jenkins.plugins.ci.authentication.rabbitmq;

import com.rabbitmq.client.Channel;
import com.rabbitmq.client.Connection;
import com.rabbitmq.client.ConnectionFactory;
import com.rabbitmq.client.DefaultSaslConfig;
import com.redhat.jenkins.plugins.ci.Messages;
import com.redhat.jenkins.plugins.ci.authentication.AuthenticationMethod;
import com.redhat.jenkins.plugins.ci.authentication.rabbitmq.RabbitMQAuthenticationMethod;
import hudson.Extension;
import hudson.model.Descriptor;
import hudson.util.FormValidation;
import hudson.util.Secret;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.annotation.Nonnull;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import jenkins.model.Jenkins;
import net.sf.json.JSONObject;
import org.jenkinsci.Symbol;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.interceptor.RequirePOST;

/* loaded from: input_file:com/redhat/jenkins/plugins/ci/authentication/rabbitmq/SSLCertificateAuthenticationMethod.class */
public class SSLCertificateAuthenticationMethod extends RabbitMQAuthenticationMethod {
    private static final long serialVersionUID = -5934219869726669459L;
    private static final transient Logger log = Logger.getLogger(SSLCertificateAuthenticationMethod.class.getName());
    private String username;
    private String keystore;
    private String truststore;
    private Secret keypwd = Secret.fromString("");
    private Secret trustpwd = Secret.fromString("");

    @Extension
    @Symbol({"sslCertificate"})
    /* loaded from: input_file:com/redhat/jenkins/plugins/ci/authentication/rabbitmq/SSLCertificateAuthenticationMethod$SSLCertificateAuthenticationMethodDescriptor.class */
    public static class SSLCertificateAuthenticationMethodDescriptor extends RabbitMQAuthenticationMethod.AuthenticationMethodDescriptor {
        @Nonnull
        public String getDisplayName() {
            return "SSL Certificate Authentication";
        }

        /* renamed from: newInstance, reason: merged with bridge method [inline-methods] */
        public SSLCertificateAuthenticationMethod m22newInstance(StaplerRequest staplerRequest, JSONObject jSONObject) {
            return new SSLCertificateAuthenticationMethod(jSONObject.getString("username"), jSONObject.getString("keystore"), Secret.fromString(jSONObject.getString("keypwd")), jSONObject.getString("truststore"), Secret.fromString(jSONObject.getString("trustpwd")));
        }

        public String getConfigPage() {
            return "sslcert.jelly";
        }

        @RequirePOST
        public FormValidation doTestConnection(@QueryParameter("username") String str, @QueryParameter("hostname") String str2, @QueryParameter("portNumber") Integer num, @QueryParameter("virtualHost") String str3, @QueryParameter("keystore") String str4, @QueryParameter("keypwd") String str5, @QueryParameter("truststore") String str6, @QueryParameter("trustpwd") String str7) {
            AuthenticationMethod.checkAdmin();
            Connection connection = null;
            Channel channel = null;
            try {
                try {
                    connection = new SSLCertificateAuthenticationMethod(str, str4, Secret.fromString(str5), str6, Secret.fromString(str7)).getConnectionFactory(str2, num, str3).newConnection();
                    channel = connection.createChannel();
                    channel.close();
                    connection.close();
                    FormValidation ok = FormValidation.ok(Messages.SuccessBrokerConnect(str2 + ":" + num));
                    if (channel != null) {
                        try {
                            channel.close();
                        } catch (Exception e) {
                        }
                    }
                    if (connection != null) {
                        connection.close();
                    }
                    return ok;
                } catch (Exception e2) {
                    SSLCertificateAuthenticationMethod.log.log(Level.SEVERE, "Unhandled exception in SSLCertificateAuthenticationMethod.doTestConnection: ", (Throwable) e2);
                    FormValidation error = FormValidation.error(Messages.Error() + ": " + e2);
                    if (channel != null) {
                        try {
                            channel.close();
                        } catch (Exception e3) {
                            return error;
                        }
                    }
                    if (connection != null) {
                        connection.close();
                    }
                    return error;
                }
            } catch (Throwable th) {
                if (channel != null) {
                    try {
                        channel.close();
                    } catch (Exception e4) {
                        throw th;
                    }
                }
                if (connection != null) {
                    connection.close();
                }
                throw th;
            }
        }
    }

    @DataBoundConstructor
    public SSLCertificateAuthenticationMethod(String str, String str2, Secret secret, String str3, Secret secret2) {
        setUsername(str);
        setKeystore(str2);
        setKeypwd(secret);
        setTruststore(str3);
        setTrustpwd(secret2);
    }

    public String getUsername() {
        return this.username;
    }

    public void setUsername(String str) {
        this.username = str;
    }

    public String getKeystore() {
        return this.keystore;
    }

    public void setKeystore(String str) {
        this.keystore = str;
    }

    public Secret getKeypwd() {
        return this.keypwd;
    }

    public void setKeypwd(Secret secret) {
        this.keypwd = secret;
    }

    public String getTruststore() {
        return this.truststore;
    }

    public void setTruststore(String str) {
        this.truststore = str;
    }

    public Secret getTrustpwd() {
        return this.trustpwd;
    }

    public void setTrustpwd(Secret secret) {
        this.trustpwd = secret;
    }

    @Override // com.redhat.jenkins.plugins.ci.authentication.rabbitmq.RabbitMQAuthenticationMethod
    public ConnectionFactory getConnectionFactory(String str, Integer num, String str2) {
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            keyStore.load(new FileInputStream(getKeystore()), getKeypwd().getPlainText().toCharArray());
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
            keyManagerFactory.init(keyStore, getKeypwd().getPlainText().toCharArray());
            KeyStore keyStore2 = KeyStore.getInstance("JKS");
            keyStore2.load(new FileInputStream(getTruststore()), getTrustpwd().getPlainText().toCharArray());
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
            trustManagerFactory.init(keyStore2);
            SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
            sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
            ConnectionFactory connectionFactory = new ConnectionFactory();
            connectionFactory.setUsername(getUsername());
            connectionFactory.setHost(str);
            connectionFactory.setPort(num.intValue());
            connectionFactory.setVirtualHost(str2);
            connectionFactory.useSslProtocol(sSLContext);
            connectionFactory.setSaslConfig(DefaultSaslConfig.EXTERNAL);
            connectionFactory.enableHostnameVerification();
            return connectionFactory;
        } catch (Exception e) {
            log.log(Level.SEVERE, "Unhandled exception creating connection factory.", (Throwable) e);
            return null;
        }
    }

    public Descriptor<RabbitMQAuthenticationMethod> getDescriptor() {
        return Jenkins.get().getDescriptorByType(SSLCertificateAuthenticationMethodDescriptor.class);
    }
}
