package org.jenkinsci.plugins;

import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import com.squareup.okhttp.OkHttpClient;
import com.squareup.okhttp.OkUrlFactory;
import hudson.security.SecurityRealm;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.Proxy;
import java.net.URL;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.Callable;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.annotation.Nonnull;
import jenkins.model.Jenkins;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.GrantedAuthorityImpl;
import org.acegisecurity.providers.AbstractAuthenticationToken;
import org.kohsuke.github.GHMyself;
import org.kohsuke.github.GHOrganization;
import org.kohsuke.github.GHRepository;
import org.kohsuke.github.GHTeam;
import org.kohsuke.github.GHUser;
import org.kohsuke.github.GitHub;
import org.kohsuke.github.GitHubBuilder;
import org.kohsuke.github.RateLimitHandler;
import org.kohsuke.github.extras.OkHttpConnector;

/* loaded from: input_file:WEB-INF/lib/github-oauth.jar:org/jenkinsci/plugins/GithubAuthenticationToken.class */
public class GithubAuthenticationToken extends AbstractAuthenticationToken {
    private static final long serialVersionUID = 2;
    private final String accessToken;
    private final String githubServer;
    private final String userName;
    private transient GitHub gh;
    private transient GHMyself me;
    private transient GithubSecurityRealm myRealm;
    public static final TimeUnit CACHE_EXPIRY;
    private static final Cache<String, Set<String>> userOrganizationCache;
    private static final Cache<String, Set<String>> repositoryCollaboratorsCache;
    private static final Cache<String, Set<String>> repositoriesByUserCache;
    private static final Cache<String, Boolean> publicRepositoryCache;
    private static final Cache<String, GithubUser> usersByIdCache;
    private final List<GrantedAuthority> authorities;
    private static final GithubUser UNKNOWN_USER;
    private static final Logger LOGGER;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/github-oauth.jar:org/jenkinsci/plugins/GithubAuthenticationToken$GithubUser.class */
    public static class GithubUser {
        public final GHUser user;

        public GithubUser(GHUser gHUser) {
            this.user = gHUser;
        }
    }

    public GithubAuthenticationToken(String str, String str2) throws IOException {
        super(new GrantedAuthority[0]);
        this.myRealm = null;
        this.authorities = new ArrayList();
        this.accessToken = str;
        this.githubServer = str2;
        this.me = getGitHub().getMyself();
        if (!$assertionsDisabled && this.me == null) {
            throw new AssertionError();
        }
        setAuthenticated(true);
        this.userName = this.me.getLogin();
        this.authorities.add(SecurityRealm.AUTHENTICATED_AUTHORITY);
        Jenkins jenkins = Jenkins.getInstance();
        if (jenkins == null) {
            throw new IllegalStateException("Jenkins not started");
        }
        if (jenkins.getSecurityRealm() instanceof GithubSecurityRealm) {
            if (this.myRealm == null) {
                this.myRealm = jenkins.getSecurityRealm();
            }
            if (this.myRealm.hasScope("read:org") || this.myRealm.hasScope("admin:org") || this.myRealm.hasScope("user") || this.myRealm.hasScope("repo")) {
                Map myOrganizations = getGitHub().getMyOrganizations();
                Map myTeams = getGitHub().getMyTeams();
                for (String str3 : myOrganizations.keySet()) {
                    if (!myTeams.containsKey(str3)) {
                        myTeams.put(str3, Collections.emptySet());
                    }
                }
                for (Map.Entry entry : myTeams.entrySet()) {
                    String str4 = (String) entry.getKey();
                    LOGGER.log(Level.FINE, "Fetch teams for user " + this.userName + " in organization " + str4);
                    this.authorities.add(new GrantedAuthorityImpl(str4));
                    Iterator it = ((Set) entry.getValue()).iterator();
                    while (it.hasNext()) {
                        this.authorities.add(new GrantedAuthorityImpl(str4 + "*" + ((GHTeam) it.next()).getName()));
                    }
                }
            }
        }
    }

    public static void clearCaches() {
        userOrganizationCache.invalidateAll();
        repositoryCollaboratorsCache.invalidateAll();
        repositoriesByUserCache.invalidateAll();
        usersByIdCache.invalidateAll();
    }

    public String getAccessToken() {
        return this.accessToken;
    }

    public String getGithubServer() {
        return this.githubServer;
    }

    public GitHub getGitHub() throws IOException {
        if (this.gh == null) {
            try {
                this.gh = GitHubBuilder.fromEnvironment().withEndpoint(this.githubServer).withOAuthToken(this.accessToken).withRateLimitHandler(RateLimitHandler.FAIL).withConnector(new OkHttpConnector(new OkUrlFactory(new OkHttpClient().setProxy(getProxy(new URL(this.githubServer).getHost()))))).build();
            } catch (MalformedURLException e) {
                throw new IOException("Invalid GitHub API URL: " + this.githubServer, e);
            }
        }
        return this.gh;
    }

    @Nonnull
    private static Proxy getProxy(@Nonnull String str) {
        Jenkins jenkins = Jenkins.getInstance();
        return jenkins.proxy == null ? Proxy.NO_PROXY : jenkins.proxy.createProxy(str);
    }

    public GrantedAuthority[] getAuthorities() {
        return (GrantedAuthority[]) this.authorities.toArray(new GrantedAuthority[this.authorities.size()]);
    }

    public Object getCredentials() {
        return "";
    }

    /* renamed from: getPrincipal, reason: merged with bridge method [inline-methods] */
    public String m4getPrincipal() {
        return this.userName;
    }

    public GHMyself getMyself() throws IOException {
        if (this.me == null) {
            this.me = getGitHub().getMyself();
        }
        return this.me;
    }

    public boolean hasOrganizationPermission(String str, String str2) {
        try {
            return ((Set) userOrganizationCache.get(str, new Callable<Set<String>>() { // from class: org.jenkinsci.plugins.GithubAuthenticationToken.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.util.concurrent.Callable
                public Set<String> call() throws Exception {
                    return GithubAuthenticationToken.this.getGitHub().getMyOrganizations().keySet();
                }
            })).contains(str2);
        } catch (ExecutionException e) {
            throw new RuntimeException("authorization failed for user = " + str, e);
        }
    }

    public boolean hasRepositoryPermission(String str) {
        return myRepositories().contains(str);
    }

    public Set<String> myRepositories() {
        try {
            return (Set) repositoriesByUserCache.get(getName(), new Callable<Set<String>>() { // from class: org.jenkinsci.plugins.GithubAuthenticationToken.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.util.concurrent.Callable
                public Set<String> call() throws Exception {
                    Set<String> listToNames = GithubAuthenticationToken.this.listToNames(GithubAuthenticationToken.this.getMyself().listRepositories().asList());
                    Iterator it = GithubAuthenticationToken.this.getMyself().getAllOrganizations().iterator();
                    while (it.hasNext()) {
                        listToNames.addAll(GithubAuthenticationToken.this.listToNames(((GHOrganization) it.next()).listRepositories().asList()));
                    }
                    return listToNames;
                }
            });
        } catch (ExecutionException e) {
            LOGGER.log(Level.SEVERE, "an exception was thrown", (Throwable) e);
            throw new RuntimeException("authorization failed for user = " + getName(), e);
        }
    }

    public Set<String> listToNames(Collection<GHRepository> collection) throws IOException {
        HashSet hashSet = new HashSet();
        for (GHRepository gHRepository : collection) {
            hashSet.add(gHRepository.getOwner().getLogin() + "/" + gHRepository.getName());
        }
        return hashSet;
    }

    public boolean isPublicRepository(final String str) {
        try {
            return ((Boolean) publicRepositoryCache.get(str, new Callable<Boolean>() { // from class: org.jenkinsci.plugins.GithubAuthenticationToken.3
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.util.concurrent.Callable
                public Boolean call() throws Exception {
                    GHRepository loadRepository = GithubAuthenticationToken.this.loadRepository(str);
                    return Boolean.valueOf((loadRepository == null || loadRepository.isPrivate()) ? false : true);
                }
            })).booleanValue();
        } catch (ExecutionException e) {
            LOGGER.log(Level.SEVERE, "an exception was thrown", (Throwable) e);
            throw new RuntimeException("authorization failed for user = " + getName(), e);
        }
    }

    public GHUser loadUser(String str) throws IOException {
        GithubUser githubUser;
        try {
            githubUser = (GithubUser) usersByIdCache.getIfPresent(str);
            if (this.gh != null && githubUser == null && isAuthenticated()) {
                githubUser = new GithubUser(getGitHub().getUser(str));
                usersByIdCache.put(str, githubUser);
            }
        } catch (IOException e) {
            LOGGER.log(Level.FINEST, e.getMessage(), (Throwable) e);
            githubUser = UNKNOWN_USER;
            usersByIdCache.put(str, UNKNOWN_USER);
        }
        if (githubUser != null) {
            return githubUser.user;
        }
        return null;
    }

    public GHOrganization loadOrganization(String str) {
        try {
            if (this.gh == null || !isAuthenticated()) {
                return null;
            }
            return getGitHub().getOrganization(str);
        } catch (IOException | RuntimeException e) {
            LOGGER.log(Level.FINEST, e.getMessage(), (Throwable) e);
            return null;
        }
    }

    public GHRepository loadRepository(String str) {
        try {
            if (this.gh == null || !isAuthenticated()) {
                return null;
            }
            return getGitHub().getRepository(str);
        } catch (IOException e) {
            LOGGER.log(Level.WARNING, "Looks like a bad GitHub URL OR the Jenkins user does not have access to the repository{0}", str);
            return null;
        }
    }

    public GHTeam loadTeam(String str, String str2) {
        try {
            GHOrganization loadOrganization = loadOrganization(str);
            if (loadOrganization != null) {
                return loadOrganization.getTeamByName(str2);
            }
            return null;
        } catch (IOException e) {
            LOGGER.log(Level.FINEST, e.getMessage(), (Throwable) e);
            return null;
        }
    }

    public GithubOAuthUserDetails getUserDetails(String str) throws IOException {
        GHUser loadUser = loadUser(str);
        if (loadUser != null) {
            return new GithubOAuthUserDetails(loadUser.getLogin(), this);
        }
        return null;
    }

    static {
        $assertionsDisabled = !GithubAuthenticationToken.class.desiredAssertionStatus();
        CACHE_EXPIRY = TimeUnit.HOURS;
        userOrganizationCache = CacheBuilder.newBuilder().expireAfterWrite(1L, CACHE_EXPIRY).build();
        repositoryCollaboratorsCache = CacheBuilder.newBuilder().expireAfterWrite(1L, CACHE_EXPIRY).build();
        repositoriesByUserCache = CacheBuilder.newBuilder().expireAfterWrite(1L, CACHE_EXPIRY).build();
        publicRepositoryCache = CacheBuilder.newBuilder().expireAfterWrite(1L, CACHE_EXPIRY).build();
        usersByIdCache = CacheBuilder.newBuilder().expireAfterWrite(1L, CACHE_EXPIRY).build();
        UNKNOWN_USER = new GithubUser(null);
        LOGGER = Logger.getLogger(GithubAuthenticationToken.class.getName());
    }
}
