package com.cloudbees.plugins.credentials;

import com.cloudbees.plugins.credentials.CredentialsProviderFilter;
import com.cloudbees.plugins.credentials.CredentialsStoreAction;
import com.cloudbees.plugins.credentials.CredentialsTypeFilter;
import com.cloudbees.plugins.credentials.GlobalCredentialsConfiguration;
import edu.umd.cs.findbugs.annotations.CheckForNull;
import edu.umd.cs.findbugs.annotations.NonNull;
import edu.umd.cs.findbugs.annotations.Nullable;
import hudson.Extension;
import hudson.ExtensionList;
import hudson.XmlFile;
import hudson.model.Descriptor;
import hudson.model.DescriptorVisibilityFilter;
import hudson.model.Saveable;
import hudson.security.Permission;
import java.io.File;
import java.io.IOException;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.logging.Level;
import java.util.logging.Logger;
import jenkins.model.GlobalConfiguration;
import jenkins.model.GlobalConfigurationCategory;
import jenkins.model.Jenkins;
import net.sf.json.JSONArray;
import net.sf.json.JSONObject;
import org.kohsuke.stapler.StaplerRequest2;

@Extension
/* loaded from: input_file:com/cloudbees/plugins/credentials/CredentialsProviderManager.class */
public class CredentialsProviderManager extends DescriptorVisibilityFilter implements Serializable, Saveable {
    private static final Logger LOGGER = Logger.getLogger(CredentialsProviderManager.class.getName());
    private static final long serialVersionUID = 1;
    private CredentialsProviderFilter providerFilter;
    private CredentialsTypeFilter typeFilter;
    private List<CredentialsProviderTypeRestriction> restrictions;
    private transient Map<CredentialsProviderTypeRestrictionDescriptor, List<CredentialsProviderTypeRestriction>> restrictionGroups;

    @Extension
    /* loaded from: input_file:com/cloudbees/plugins/credentials/CredentialsProviderManager$Configuration.class */
    public static class Configuration extends GlobalConfiguration {
        public CredentialsProviderFilter getProviderFilter() {
            CredentialsProviderManager credentialsProviderManager = CredentialsProviderManager.getInstance();
            return credentialsProviderManager == null ? new CredentialsProviderFilter.None() : credentialsProviderManager.getProviderFilter();
        }

        public void setProviderFilter(CredentialsProviderFilter credentialsProviderFilter) {
            CredentialsProviderManager credentialsProviderManager = CredentialsProviderManager.getInstance();
            if (credentialsProviderManager != null) {
                credentialsProviderManager.setProviderFilter(credentialsProviderFilter);
            }
        }

        public CredentialsTypeFilter getTypeFilter() {
            CredentialsProviderManager credentialsProviderManager = CredentialsProviderManager.getInstance();
            return credentialsProviderManager == null ? new CredentialsTypeFilter.None() : credentialsProviderManager.getTypeFilter();
        }

        public void setTypeFilter(CredentialsTypeFilter credentialsTypeFilter) {
            CredentialsProviderManager credentialsProviderManager = CredentialsProviderManager.getInstance();
            if (credentialsProviderManager != null) {
                credentialsProviderManager.setTypeFilter(credentialsTypeFilter);
            }
        }

        public List<CredentialsProviderTypeRestriction> getRestrictions() {
            CredentialsProviderManager credentialsProviderManager = CredentialsProviderManager.getInstance();
            return credentialsProviderManager == null ? Collections.emptyList() : credentialsProviderManager.getRestrictions();
        }

        public void setRestrictions(List<CredentialsProviderTypeRestriction> list) {
            CredentialsProviderManager credentialsProviderManager = CredentialsProviderManager.getInstance();
            if (credentialsProviderManager != null) {
                credentialsProviderManager.setRestrictions(list);
            }
        }

        public boolean configure(StaplerRequest2 staplerRequest2, JSONObject jSONObject) throws Descriptor.FormException {
            if (!Jenkins.get().hasPermission(Jenkins.ADMINISTER)) {
                return false;
            }
            if (!jSONObject.has("restrictions")) {
                jSONObject.put("restrictions", new JSONArray());
            }
            staplerRequest2.bindJSON(this, jSONObject);
            return super.configure(staplerRequest2, jSONObject);
        }

        @NonNull
        public GlobalConfigurationCategory getCategory() {
            return GlobalConfigurationCategory.get(GlobalCredentialsConfiguration.Category.class);
        }
    }

    public CredentialsProviderManager() {
        try {
            XmlFile configFile = getConfigFile();
            if (configFile.exists()) {
                configFile.unmarshal(this);
            }
        } catch (IOException e) {
            LOGGER.log(Level.SEVERE, "Failed to read the existing credentials", (Throwable) e);
        }
    }

    public static boolean isEnabled(CredentialsProvider credentialsProvider) {
        CredentialsProviderManager credentialsProviderManager = getInstance();
        return credentialsProviderManager == null || credentialsProviderManager.providerFilter == null || credentialsProviderManager.providerFilter.filter(credentialsProvider);
    }

    @Nullable
    public static CredentialsProviderManager getInstance() {
        return (CredentialsProviderManager) ExtensionList.lookup(DescriptorVisibilityFilter.class).get(CredentialsProviderManager.class);
    }

    @NonNull
    public static CredentialsProviderManager getInstanceOrDie() {
        CredentialsProviderManager credentialsProviderManager = getInstance();
        if (credentialsProviderManager == null) {
            throw new IllegalStateException("CredentialsProviderManager is not registered with Jenkins");
        }
        return credentialsProviderManager;
    }

    public boolean filter(Object obj, @NonNull Descriptor descriptor) {
        Map<CredentialsProviderTypeRestrictionDescriptor, List<CredentialsProviderTypeRestriction>> restrictions = restrictions();
        if (restrictions != null && (descriptor instanceof CredentialsDescriptor)) {
            CredentialsProvider credentialsProvider = null;
            if (obj instanceof CredentialsProvider) {
                credentialsProvider = (CredentialsProvider) obj;
            } else if (obj instanceof CredentialsStore) {
                credentialsProvider = ((CredentialsStore) obj).getProvider();
            } else if (obj instanceof CredentialsStoreAction.DomainWrapper) {
                credentialsProvider = ((CredentialsStoreAction.DomainWrapper) obj).getStore().getProvider();
            } else if (obj instanceof CredentialsStoreAction.CredentialsWrapper) {
                credentialsProvider = ((CredentialsStoreAction.CredentialsWrapper) obj).getStore().getProvider();
            }
            if (credentialsProvider != null) {
                CredentialsDescriptor credentialsDescriptor = (CredentialsDescriptor) descriptor;
                for (Map.Entry<CredentialsProviderTypeRestrictionDescriptor, List<CredentialsProviderTypeRestriction>> entry : restrictions.entrySet()) {
                    if (!entry.getKey().filter(entry.getValue(), credentialsProvider, credentialsDescriptor)) {
                        return false;
                    }
                }
            }
        }
        return descriptor instanceof CredentialsDescriptor ? this.typeFilter == null || this.typeFilter.filter((CredentialsDescriptor) descriptor) : !(descriptor instanceof CredentialsProvider) || !(obj instanceof Jenkins) || this.providerFilter == null || this.providerFilter.filter((CredentialsProvider) descriptor);
    }

    public static XmlFile getConfigFile() {
        return new XmlFile(Jenkins.XSTREAM2, new File(Jenkins.get().getRootDir(), "credentials-configuration.xml"));
    }

    private void checkPermission(Permission permission) {
        Jenkins.get().checkPermission(permission);
    }

    public void save() throws IOException {
        checkPermission(Jenkins.ADMINISTER);
        getConfigFile().write(this);
    }

    @NonNull
    public CredentialsProviderFilter getProviderFilter() {
        return this.providerFilter == null ? new CredentialsProviderFilter.None() : this.providerFilter;
    }

    public void setProviderFilter(@CheckForNull CredentialsProviderFilter credentialsProviderFilter) {
        if (credentialsProviderFilter == null) {
            credentialsProviderFilter = new CredentialsProviderFilter.None();
        }
        if (!Jenkins.get().hasPermission(Jenkins.ADMINISTER) || credentialsProviderFilter.equals(this.providerFilter)) {
            return;
        }
        this.providerFilter = credentialsProviderFilter;
        try {
            save();
        } catch (IOException e) {
        }
    }

    @NonNull
    public CredentialsTypeFilter getTypeFilter() {
        return this.typeFilter == null ? new CredentialsTypeFilter.None() : this.typeFilter;
    }

    public void setTypeFilter(@CheckForNull CredentialsTypeFilter credentialsTypeFilter) {
        if (credentialsTypeFilter == null) {
            credentialsTypeFilter = new CredentialsTypeFilter.None();
        }
        if (!Jenkins.get().hasPermission(Jenkins.ADMINISTER) || credentialsTypeFilter.equals(this.typeFilter)) {
            return;
        }
        this.typeFilter = credentialsTypeFilter;
        try {
            save();
        } catch (IOException e) {
        }
    }

    @NonNull
    public List<CredentialsProviderTypeRestriction> getRestrictions() {
        return this.restrictions == null ? Collections.emptyList() : Collections.unmodifiableList(this.restrictions);
    }

    public void setRestrictions(List<CredentialsProviderTypeRestriction> list) {
        if (Jenkins.get().hasPermission(Jenkins.ADMINISTER)) {
            if (list != null) {
                list.sort(new Comparator<CredentialsProviderTypeRestriction>() { // from class: com.cloudbees.plugins.credentials.CredentialsProviderManager.1
                    final ExtensionList<CredentialsProviderTypeRestrictionDescriptor> list = ExtensionList.lookup(CredentialsProviderTypeRestrictionDescriptor.class);

                    @Override // java.util.Comparator
                    public int compare(CredentialsProviderTypeRestriction credentialsProviderTypeRestriction, CredentialsProviderTypeRestriction credentialsProviderTypeRestriction2) {
                        int indexOf = this.list.indexOf(credentialsProviderTypeRestriction.mo7getDescriptor());
                        int indexOf2 = this.list.indexOf(credentialsProviderTypeRestriction2.mo7getDescriptor());
                        if (indexOf == -1) {
                            return indexOf2 == -1 ? 0 : 1;
                        }
                        if (indexOf2 == -1) {
                            return -1;
                        }
                        return Integer.compare(indexOf, indexOf2);
                    }
                });
            }
            if (Objects.equals(list, this.restrictions)) {
                return;
            }
            this.restrictions = list;
            this.restrictionGroups = null;
            try {
                save();
            } catch (IOException e) {
            }
        }
    }

    @CheckForNull
    private Map<CredentialsProviderTypeRestrictionDescriptor, List<CredentialsProviderTypeRestriction>> restrictions() {
        if (this.restrictionGroups == null && this.restrictions != null) {
            HashMap hashMap = new HashMap();
            for (CredentialsProviderTypeRestriction credentialsProviderTypeRestriction : this.restrictions) {
                ((List) hashMap.computeIfAbsent(credentialsProviderTypeRestriction.mo7getDescriptor(), credentialsProviderTypeRestrictionDescriptor -> {
                    return new ArrayList(1);
                })).add(credentialsProviderTypeRestriction);
            }
            this.restrictionGroups = hashMap;
        }
        return this.restrictionGroups;
    }
}
