package jenkins.security.apitoken;

import edu.umd.cs.findbugs.annotations.NonNull;
import edu.umd.cs.findbugs.annotations.Nullable;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import hudson.Extension;
import hudson.model.AdministrativeMonitor;
import hudson.model.User;
import hudson.util.HttpResponses;
import java.io.IOException;
import java.util.Date;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.stream.Collectors;
import jenkins.security.ApiTokenProperty;
import jenkins.security.apitoken.ApiTokenStore;
import org.jenkinsci.Symbol;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;
import org.kohsuke.stapler.HttpRedirect;
import org.kohsuke.stapler.HttpResponse;
import org.kohsuke.stapler.interceptor.RequirePOST;
import org.kohsuke.stapler.json.JsonBody;

@Extension
@Restricted({NoExternalUse.class})
@Symbol({"legacyApiTokenUsage"})
/* loaded from: input_file:WEB-INF/lib/jenkins-core-2.452-rc34776.648950e81cd5.jar:jenkins/security/apitoken/LegacyApiTokenAdministrativeMonitor.class */
public class LegacyApiTokenAdministrativeMonitor extends AdministrativeMonitor {
    private static final Logger LOGGER = Logger.getLogger(LegacyApiTokenAdministrativeMonitor.class.getName());

    @Restricted({NoExternalUse.class})
    /* loaded from: input_file:WEB-INF/lib/jenkins-core-2.452-rc34776.648950e81cd5.jar:jenkins/security/apitoken/LegacyApiTokenAdministrativeMonitor$RevokeAllSelectedModel.class */
    public static final class RevokeAllSelectedModel {
        public RevokeAllSelectedUserAndUuid[] values;
    }

    @Restricted({NoExternalUse.class})
    /* loaded from: input_file:WEB-INF/lib/jenkins-core-2.452-rc34776.648950e81cd5.jar:jenkins/security/apitoken/LegacyApiTokenAdministrativeMonitor$RevokeAllSelectedUserAndUuid.class */
    public static final class RevokeAllSelectedUserAndUuid {
        public String userId;
        public String uuid;
    }

    public LegacyApiTokenAdministrativeMonitor() {
        super("legacyApiToken");
    }

    @Override // hudson.model.AdministrativeMonitor, hudson.model.ModelObject
    public String getDisplayName() {
        return Messages.LegacyApiTokenAdministrativeMonitor_displayName();
    }

    @Override // hudson.model.AdministrativeMonitor
    public boolean isActivated() {
        return User.getAll().stream().anyMatch(user -> {
            ApiTokenProperty apiTokenProperty = (ApiTokenProperty) user.getProperty(ApiTokenProperty.class);
            return apiTokenProperty != null && apiTokenProperty.hasLegacyToken();
        });
    }

    @Override // hudson.model.AdministrativeMonitor
    public boolean isSecurity() {
        return true;
    }

    public HttpResponse doIndex() throws IOException {
        return new HttpRedirect("manage");
    }

    @Restricted({NoExternalUse.class})
    public List<User> getImpactedUserList() {
        return (List) User.getAll().stream().filter(user -> {
            ApiTokenProperty apiTokenProperty = (ApiTokenProperty) user.getProperty(ApiTokenProperty.class);
            return apiTokenProperty != null && apiTokenProperty.hasLegacyToken();
        }).collect(Collectors.toList());
    }

    @Restricted({NoExternalUse.class})
    @Nullable
    public ApiTokenStore.HashedToken getLegacyTokenOf(@NonNull User user) {
        return ((ApiTokenProperty) user.getProperty(ApiTokenProperty.class)).getTokenStore().getLegacyToken();
    }

    @Restricted({NoExternalUse.class})
    @Nullable
    public ApiTokenProperty.TokenInfoAndStats getLegacyStatsOf(@NonNull User user, ApiTokenStore.HashedToken hashedToken) {
        ApiTokenProperty apiTokenProperty = (ApiTokenProperty) user.getProperty(ApiTokenProperty.class);
        if (hashedToken != null) {
            return new ApiTokenProperty.TokenInfoAndStats(hashedToken, apiTokenProperty.getTokenStats().findTokenStatsById(hashedToken.getUuid()));
        }
        return null;
    }

    @Restricted({NoExternalUse.class})
    public boolean hasFreshToken(@NonNull User user, ApiTokenProperty.TokenInfoAndStats tokenInfoAndStats) {
        if (tokenInfoAndStats == null) {
            return false;
        }
        return ((ApiTokenProperty) user.getProperty(ApiTokenProperty.class)).getTokenList().stream().filter(tokenInfoAndStats2 -> {
            return !tokenInfoAndStats2.isLegacy;
        }).anyMatch(tokenInfoAndStats3 -> {
            Date date = tokenInfoAndStats3.creationDate;
            Date date2 = tokenInfoAndStats.lastUseDate;
            if (date2 == null) {
                date2 = tokenInfoAndStats.creationDate;
            }
            return (date == null || date2 == null || !date.after(date2)) ? false : true;
        });
    }

    @Restricted({NoExternalUse.class})
    public boolean hasMoreRecentlyUsedToken(@NonNull User user, ApiTokenProperty.TokenInfoAndStats tokenInfoAndStats) {
        if (tokenInfoAndStats == null) {
            return false;
        }
        return ((ApiTokenProperty) user.getProperty(ApiTokenProperty.class)).getTokenList().stream().filter(tokenInfoAndStats2 -> {
            return !tokenInfoAndStats2.isLegacy;
        }).anyMatch(tokenInfoAndStats3 -> {
            Date date = tokenInfoAndStats3.lastUseDate;
            Date date2 = tokenInfoAndStats.lastUseDate;
            if (date2 == null) {
                date2 = tokenInfoAndStats.creationDate;
            }
            return (date == null || date2 == null || !date.after(date2)) ? false : true;
        });
    }

    @RequirePOST
    @SuppressFBWarnings(value = {"NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD", "UWF_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD"}, justification = "written to by Stapler")
    public HttpResponse doRevokeAllSelected(@JsonBody RevokeAllSelectedModel revokeAllSelectedModel) throws IOException {
        for (RevokeAllSelectedUserAndUuid revokeAllSelectedUserAndUuid : revokeAllSelectedModel.values) {
            if (revokeAllSelectedUserAndUuid.userId == null) {
                revokeAllSelectedUserAndUuid.userId = "null";
            }
            User byId = User.getById(revokeAllSelectedUserAndUuid.userId, false);
            if (byId == null) {
                LOGGER.log(Level.INFO, "User not found id={0}", revokeAllSelectedUserAndUuid.userId);
            } else {
                ApiTokenProperty apiTokenProperty = (ApiTokenProperty) byId.getProperty(ApiTokenProperty.class);
                if (apiTokenProperty == null) {
                    LOGGER.log(Level.INFO, "User without apiTokenProperty found id={0}", revokeAllSelectedUserAndUuid.userId);
                } else if (apiTokenProperty.getTokenStore().revokeToken(revokeAllSelectedUserAndUuid.uuid) == null) {
                    LOGGER.log(Level.INFO, "User without selected token id={0}, tokenUuid={1}", new Object[]{revokeAllSelectedUserAndUuid.userId, revokeAllSelectedUserAndUuid.uuid});
                } else {
                    apiTokenProperty.deleteApiToken();
                    byId.save();
                    LOGGER.log(Level.INFO, "Revocation success for user id={0}, tokenUuid={1}", new Object[]{revokeAllSelectedUserAndUuid.userId, revokeAllSelectedUserAndUuid.uuid});
                }
            }
        }
        return HttpResponses.ok();
    }
}
