package com.dubture.jenkins.digitalocean;

import com.cloudbees.jenkins.plugins.sshcredentials.SSHUserPrivateKey;
import com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey;
import com.cloudbees.plugins.credentials.Credentials;
import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.CredentialsScope;
import com.cloudbees.plugins.credentials.CredentialsStore;
import com.cloudbees.plugins.credentials.SystemCredentialsProvider;
import com.cloudbees.plugins.credentials.common.StandardListBoxModel;
import com.cloudbees.plugins.credentials.domains.Domain;
import com.google.common.base.Strings;
import com.myjeeva.digitalocean.exception.DigitalOceanException;
import com.myjeeva.digitalocean.exception.RequestUnsuccessfulException;
import com.myjeeva.digitalocean.impl.DigitalOceanClient;
import com.myjeeva.digitalocean.pojo.Droplet;
import com.myjeeva.digitalocean.pojo.Key;
import com.thoughtworks.xstream.converters.UnmarshallingContext;
import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.Extension;
import hudson.model.Computer;
import hudson.model.Descriptor;
import hudson.model.Label;
import hudson.model.Node;
import hudson.security.ACL;
import hudson.slaves.Cloud;
import hudson.slaves.NodeProvisioner;
import hudson.util.FormValidation;
import hudson.util.ListBoxModel;
import hudson.util.Secret;
import hudson.util.XStream2;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.StringReader;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import java.util.UUID;
import java.util.logging.Level;
import java.util.logging.Logger;
import jenkins.model.Jenkins;
import org.apache.commons.lang3.StringUtils;
import org.jenkinsci.plugins.cloudstats.ProvisioningActivity;
import org.jenkinsci.plugins.cloudstats.TrackedPlannedNode;
import org.jenkinsci.plugins.plaincredentials.StringCredentials;
import org.jenkinsci.plugins.plaincredentials.impl.StringCredentialsImpl;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;
import org.kohsuke.stapler.QueryParameter;

/* loaded from: input_file:com/dubture/jenkins/digitalocean/DigitalOceanCloud.class */
public class DigitalOceanCloud extends Cloud {

    @Deprecated
    private transient String authToken;
    private String authTokenCredentialId;
    private final Integer sshKeyId;

    @Deprecated
    private transient String privateKey;
    private String privateKeyCredentialId;
    private final Integer instanceCap;
    private Boolean usePrivateNetworking;
    private final Integer timeoutMinutes;
    private Integer connectionRetryWait;
    private final List<? extends SlaveTemplate> templates;
    private static final Logger LOGGER = Logger.getLogger(DigitalOceanCloud.class.getName());
    private static final Object provisionSynchronizor = new Object();

    /* loaded from: input_file:com/dubture/jenkins/digitalocean/DigitalOceanCloud$ConverterImpl.class */
    public static final class ConverterImpl extends XStream2.PassthruConverter<DigitalOceanCloud> {
        public ConverterImpl(XStream2 xStream2) {
            super(xStream2);
        }

        public boolean canConvert(Class cls) {
            return cls == DigitalOceanCloud.class;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        public void callback(DigitalOceanCloud digitalOceanCloud, UnmarshallingContext unmarshallingContext) {
            if (null == digitalOceanCloud.connectionRetryWait) {
                digitalOceanCloud.connectionRetryWait = 10;
            }
            if (null == digitalOceanCloud.usePrivateNetworking) {
                digitalOceanCloud.usePrivateNetworking = false;
            }
        }
    }

    @Extension
    /* loaded from: input_file:com/dubture/jenkins/digitalocean/DigitalOceanCloud$DescriptorImpl.class */
    public static final class DescriptorImpl extends Descriptor<Cloud> {
        public DescriptorImpl() {
            load();
        }

        public String getDisplayName() {
            return "Digital Ocean";
        }

        public FormValidation doTestConnection(@QueryParameter String str) {
            try {
                new DigitalOceanClient(DigitalOceanCloud.getAuthTokenFromCredentialId(str)).getAvailableDroplets(1, 10);
                return FormValidation.ok("Digital Ocean API request succeeded.");
            } catch (Exception e) {
                DigitalOceanCloud.LOGGER.log(Level.WARNING, "Failed to connect to DigitalOcean API", (Throwable) e);
                return FormValidation.error(e.getMessage());
            }
        }

        public FormValidation doCheckName(@QueryParameter String str) {
            return Strings.isNullOrEmpty(str) ? FormValidation.error("Must be set") : !DropletName.isValidCloudName(str) ? FormValidation.error("Must consist of A-Z, a-z, 0-9 and . symbols") : FormValidation.ok();
        }

        public static FormValidation doCheckAuthToken(@QueryParameter String str) {
            return Strings.isNullOrEmpty(str) ? FormValidation.error("Auth token must be set") : FormValidation.ok();
        }

        public FormValidation doCheckPrivateKey(@QueryParameter String str) throws IOException {
            boolean z = false;
            boolean z2 = false;
            BufferedReader bufferedReader = new BufferedReader(new StringReader(str));
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                }
                if (readLine.equals("-----BEGIN RSA PRIVATE KEY-----")) {
                    z = true;
                }
                if (readLine.equals("-----END RSA PRIVATE KEY-----")) {
                    z2 = true;
                }
            }
            return !z ? FormValidation.error("This doesn't look like a private key at all") : !z2 ? FormValidation.error("The private key is missing the trailing 'END RSA PRIVATE KEY' marker. Copy&paste error?") : FormValidation.ok();
        }

        public FormValidation doCheckSshKeyId(@QueryParameter String str) {
            return doCheckAuthToken(DigitalOceanCloud.getAuthTokenFromCredentialId(str));
        }

        public FormValidation doCheckInstanceCap(@QueryParameter String str) {
            if (Strings.isNullOrEmpty(str)) {
                return FormValidation.error("Instance cap must be set");
            }
            try {
                return Integer.parseInt(str) < 0 ? FormValidation.error("Instance cap must be a positive number") : FormValidation.ok();
            } catch (Exception e) {
                return FormValidation.error("Instance cap must be a number");
            }
        }

        public ListBoxModel doFillSshKeyIdItems(@QueryParameter String str) throws RequestUnsuccessfulException, DigitalOceanException {
            ListBoxModel listBoxModel = new ListBoxModel();
            if (Strings.isNullOrEmpty(str)) {
                return listBoxModel;
            }
            for (Key key : DigitalOcean.getAvailableKeys(DigitalOceanCloud.getAuthTokenFromCredentialId(str))) {
                listBoxModel.add(key.getName() + " (" + key.getFingerprint() + ")", key.getId().toString());
            }
            return listBoxModel;
        }

        public ListBoxModel doFillPrivateKeyCredentialIdItems(@QueryParameter String str) {
            StandardListBoxModel standardListBoxModel = new StandardListBoxModel();
            return !Jenkins.get().hasPermission(Jenkins.ADMINISTER) ? standardListBoxModel.includeCurrentValue(str) : standardListBoxModel.includeEmptyValue().includeMatchingAs(Jenkins.getAuthentication(), Jenkins.get(), SSHUserPrivateKey.class, Collections.emptyList(), CredentialsMatchers.always()).includeMatchingAs(ACL.SYSTEM, Jenkins.get(), SSHUserPrivateKey.class, Collections.emptyList(), CredentialsMatchers.always()).includeCurrentValue(str);
        }

        public ListBoxModel doFillAuthTokenCredentialIdItems(@QueryParameter String str) {
            StandardListBoxModel standardListBoxModel = new StandardListBoxModel();
            return !Jenkins.get().hasPermission(Jenkins.ADMINISTER) ? standardListBoxModel.includeCurrentValue(str) : standardListBoxModel.includeEmptyValue().includeMatchingAs(Jenkins.getAuthentication(), Jenkins.get(), StringCredentials.class, Collections.emptyList(), CredentialsMatchers.always()).includeMatchingAs(ACL.SYSTEM, Jenkins.get(), StringCredentials.class, Collections.emptyList(), CredentialsMatchers.always()).includeCurrentValue(str);
        }
    }

    @Deprecated
    public DigitalOceanCloud(String str, String str2, String str3, String str4, String str5, Boolean bool, String str6, String str7, List<? extends SlaveTemplate> list) {
        this(str, str4, str5, bool, str6, str7, list);
    }

    @DataBoundConstructor
    public DigitalOceanCloud(String str, String str2, String str3, Boolean bool, String str4, String str5, List<? extends SlaveTemplate> list) {
        super(str);
        LOGGER.log(Level.INFO, "Constructing new DigitalOceanCloud(name = {0}, <token>, <privateKey>, <keyId>, instanceCap = {1}, ...)", new Object[]{str, str3});
        this.sshKeyId = Integer.valueOf(str2 == null ? 0 : Integer.parseInt(str2));
        this.instanceCap = Integer.valueOf(str3 == null ? 0 : Integer.parseInt(str3));
        this.usePrivateNetworking = bool;
        this.timeoutMinutes = Integer.valueOf((str4 == null || str4.isEmpty()) ? 5 : Integer.parseInt(str4));
        this.connectionRetryWait = Integer.valueOf((str5 == null || str5.isEmpty()) ? 10 : Integer.parseInt(str5));
        if (list == null) {
            this.templates = Collections.emptyList();
        } else {
            this.templates = list;
        }
        LOGGER.info("Creating DigitalOcean cloud with " + this.templates.size() + " templates");
    }

    @DataBoundSetter
    public void setPrivateKeyCredentialId(String str) {
        this.privateKeyCredentialId = str;
    }

    public String getPrivateKeyCredentialId() {
        return this.privateKeyCredentialId;
    }

    @DataBoundSetter
    public void setAuthTokenCredentialId(String str) {
        this.authTokenCredentialId = str;
    }

    public String getAuthTokenCredentialId() {
        return this.authTokenCredentialId;
    }

    public String getDisplayName() {
        return this.name;
    }

    private boolean isInstanceCapReachedLocal() {
        if (this.instanceCap.intValue() == 0) {
            return false;
        }
        int i = 0;
        LOGGER.log(Level.INFO, "cloud limit check");
        Iterator it = Jenkins.getInstance().getNodes().iterator();
        while (it.hasNext()) {
            if (DropletName.isDropletInstanceOfCloud(((Node) it.next()).getDisplayName(), this.name)) {
                i++;
            }
        }
        return i >= Math.min(this.instanceCap.intValue(), getSlaveInstanceCap());
    }

    private boolean isInstanceCapReachedRemote(List<Droplet> list) {
        int i = 0;
        LOGGER.log(Level.INFO, "cloud limit check");
        for (Droplet droplet : list) {
            if (droplet.isActive() || droplet.isNew()) {
                if (DropletName.isDropletInstanceOfCloud(droplet.getName(), this.name)) {
                    i++;
                }
            }
        }
        return i >= Math.min(this.instanceCap.intValue(), getSlaveInstanceCap());
    }

    private int getSlaveInstanceCap() {
        int i = 0;
        Iterator<? extends SlaveTemplate> it = this.templates.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            SlaveTemplate next = it.next();
            if (next.getInstanceCap() == 0) {
                i = Integer.MAX_VALUE;
                break;
            }
            i += next.getInstanceCap();
        }
        return i;
    }

    public Collection<NodeProvisioner.PlannedNode> provision(Label label, int i) {
        ArrayList arrayList;
        synchronized (provisionSynchronizor) {
            String authTokenFromCredentialId = getAuthTokenFromCredentialId(this.authTokenCredentialId);
            String privateKeyFromCredentialId = getPrivateKeyFromCredentialId(this.privateKeyCredentialId);
            arrayList = new ArrayList();
            while (i > 0) {
                try {
                    List<Droplet> droplets = DigitalOcean.getDroplets(authTokenFromCredentialId);
                    if (isInstanceCapReachedLocal() || isInstanceCapReachedRemote(droplets)) {
                        LOGGER.log(Level.INFO, "Instance cap reached, not provisioning.");
                        break;
                    }
                    SlaveTemplate templateBelowInstanceCap = getTemplateBelowInstanceCap(droplets, label);
                    if (templateBelowInstanceCap == null) {
                        break;
                    }
                    String generateDropletName = DropletName.generateDropletName(this.name, templateBelowInstanceCap.getName());
                    ProvisioningActivity.Id id = new ProvisioningActivity.Id(this.name, templateBelowInstanceCap.getName(), generateDropletName);
                    arrayList.add(new TrackedPlannedNode(id, templateBelowInstanceCap.getNumExecutors(), Computer.threadPoolForRemoting.submit(() -> {
                        synchronized (provisionSynchronizor) {
                            List<Droplet> droplets2 = DigitalOcean.getDroplets(authTokenFromCredentialId);
                            if (isInstanceCapReachedLocal() || isInstanceCapReachedRemote(droplets2)) {
                                LOGGER.log(Level.INFO, "Instance cap reached, not provisioning.");
                                return null;
                            }
                            Slave provision = templateBelowInstanceCap.provision(id, generateDropletName, this.name, authTokenFromCredentialId, privateKeyFromCredentialId, this.sshKeyId, droplets2, this.usePrivateNetworking);
                            Jenkins.getInstance().addNode(provision);
                            provision.toComputer().connect(false).get();
                            return provision;
                        }
                    })));
                    i -= templateBelowInstanceCap.getNumExecutors();
                } catch (Exception e) {
                    LOGGER.log(Level.WARNING, e.getMessage(), (Throwable) e);
                    return Collections.emptyList();
                }
            }
            LOGGER.info("Provisioning " + arrayList.size() + " DigitalOcean nodes");
        }
        return arrayList;
    }

    public boolean canProvision(Label label) {
        boolean z = !getTemplates(label).isEmpty();
        LOGGER.log(Level.INFO, "canProvision " + label + " :: " + z);
        return z;
    }

    private List<SlaveTemplate> getTemplates(Label label) {
        ArrayList arrayList = new ArrayList();
        for (SlaveTemplate slaveTemplate : this.templates) {
            if ((label == null && slaveTemplate.getLabelSet().size() == 0) || ((label == null && slaveTemplate.isLabellessJobsAllowed()) || (label != null && label.matches(slaveTemplate.getLabelSet())))) {
                arrayList.add(slaveTemplate);
            }
        }
        return arrayList;
    }

    private SlaveTemplate getTemplateBelowInstanceCap(List<Droplet> list, Label label) {
        try {
            for (SlaveTemplate slaveTemplate : getTemplates(label)) {
                if (!slaveTemplate.isInstanceCapReachedLocal(this.name) && !slaveTemplate.isInstanceCapReachedRemote(list, this.name)) {
                    return slaveTemplate;
                }
            }
            return null;
        } catch (Exception e) {
            LOGGER.log(Level.WARNING, e.getMessage(), (Throwable) e);
            return null;
        }
    }

    private SlaveTemplate getTemplateBelowInstanceCapLocal(Label label) {
        try {
            for (SlaveTemplate slaveTemplate : getTemplates(label)) {
                if (!slaveTemplate.isInstanceCapReachedLocal(this.name)) {
                    return slaveTemplate;
                }
            }
            return null;
        } catch (Exception e) {
            LOGGER.log(Level.WARNING, e.getMessage(), (Throwable) e);
            return null;
        }
    }

    public String getName() {
        return this.name;
    }

    public static String getAuthTokenFromCredentialId(String str) {
        StringCredentials firstOrNull;
        if (StringUtils.isBlank(str) || (firstOrNull = CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(StringCredentials.class, Jenkins.get(), ACL.SYSTEM, Collections.emptyList()), CredentialsMatchers.withId(str))) == null) {
            return null;
        }
        return firstOrNull.getSecret().getPlainText();
    }

    public static String getPrivateKeyFromCredentialId(String str) {
        SSHUserPrivateKey firstOrNull;
        if (StringUtils.isBlank(str) || (firstOrNull = CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(SSHUserPrivateKey.class, Jenkins.get(), ACL.SYSTEM, Collections.emptyList()), CredentialsMatchers.withId(str))) == null) {
            return null;
        }
        return (String) firstOrNull.getPrivateKeys().stream().findFirst().get();
    }

    public int getSshKeyId() {
        return this.sshKeyId.intValue();
    }

    public int getInstanceCap() {
        return this.instanceCap.intValue();
    }

    public DigitalOceanClient getApiClient() {
        return new DigitalOceanClient(getAuthTokenFromCredentialId(this.authTokenCredentialId));
    }

    public List<SlaveTemplate> getTemplates() {
        return Collections.unmodifiableList(this.templates);
    }

    public Integer getTimeoutMinutes() {
        return this.timeoutMinutes;
    }

    public Integer getConnectionRetryWait() {
        return this.connectionRetryWait;
    }

    public Boolean getUsePrivateNetworking() {
        return this.usePrivateNetworking;
    }

    private void migratePrivateSshKeyToCredential(final String str) {
        Optional findFirst = SystemCredentialsProvider.getInstance().getCredentials().stream().filter(credentials -> {
            return credentials instanceof SSHUserPrivateKey;
        }).filter(credentials2 -> {
            return ((SSHUserPrivateKey) credentials2).getPrivateKey().trim().equals(str.trim());
        }).map(credentials3 -> {
            return (SSHUserPrivateKey) credentials3;
        }).findFirst();
        if (findFirst.isPresent()) {
            this.privateKeyCredentialId = ((SSHUserPrivateKey) findFirst.get()).getId();
            return;
        }
        String uuid = UUID.randomUUID().toString();
        addNewGlobalCredential(new BasicSSHUserPrivateKey(CredentialsScope.SYSTEM, uuid, "key", new BasicSSHUserPrivateKey.PrivateKeySource() { // from class: com.dubture.jenkins.digitalocean.DigitalOceanCloud.1
            @NonNull
            public List<String> getPrivateKeys() {
                return Collections.singletonList(str.trim());
            }
        }, "", "DigitalOcean Cloud Private Key - " + getDisplayName()));
        this.privateKeyCredentialId = uuid;
    }

    protected Object readResolve() {
        if (this.privateKey != null) {
            migratePrivateSshKeyToCredential(this.privateKey);
        }
        this.privateKey = null;
        if (this.authToken != null) {
            for (StringCredentials stringCredentials : SystemCredentialsProvider.getInstance().getCredentials()) {
                if (stringCredentials instanceof StringCredentials) {
                    StringCredentials stringCredentials2 = stringCredentials;
                    if (this.authToken.equals(stringCredentials2.getSecret().toString())) {
                        this.authTokenCredentialId = stringCredentials2.getId();
                        this.authToken = null;
                        return this;
                    }
                }
            }
            String uuid = UUID.randomUUID().toString();
            addNewGlobalCredential(new StringCredentialsImpl(CredentialsScope.SYSTEM, uuid, "EC2 Cloud - " + getDisplayName(), Secret.fromString(this.authToken)));
            this.authTokenCredentialId = uuid;
            this.authToken = null;
            LOGGER.log(Level.WARNING, "DigitalOcean Plugin could not migrate credentials to the Jenkins Global Credentials Store, DigitalOcean Plugin for cloud {0} must be manually reconfigured", getDisplayName());
        }
        return this;
    }

    private void addNewGlobalCredential(Credentials credentials) {
        for (CredentialsStore credentialsStore : CredentialsProvider.lookupStores(Jenkins.get())) {
            if (credentialsStore instanceof SystemCredentialsProvider.StoreImpl) {
                try {
                    credentialsStore.addCredentials(Domain.global(), credentials);
                } catch (IOException e) {
                    LOGGER.log(Level.WARNING, "Exception converting legacy configuration to the new credentials API", (Throwable) e);
                }
            }
        }
    }
}
