package org.jenkinsci.plugins.registry.notification.token;

import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.Extension;
import hudson.Util;
import hudson.model.PersistentDescriptor;
import hudson.util.HttpResponses;
import java.io.Serializable;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.UUID;
import java.util.logging.Level;
import java.util.logging.Logger;
import jenkins.model.GlobalConfiguration;
import jenkins.model.GlobalConfigurationCategory;
import jenkins.model.Jenkins;
import net.jcip.annotations.GuardedBy;
import net.sf.json.JSONObject;
import org.apache.commons.lang.StringUtils;
import org.jenkinsci.Symbol;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;
import org.kohsuke.stapler.HttpResponse;
import org.kohsuke.stapler.StaplerRequest2;
import org.kohsuke.stapler.verb.POST;

@Extension
@Restricted({NoExternalUse.class})
@Symbol({"dockerHubApiTokens"})
/* loaded from: input_file:org/jenkinsci/plugins/registry/notification/token/ApiTokens.class */
public class ApiTokens extends GlobalConfiguration implements PersistentDescriptor {
    private static final Logger LOGGER;
    private static final SecureRandom RANDOM;
    private static final String HASH_ALGORITHM = "SHA-256";

    @GuardedBy("this")
    private final List<HashedApiToken> apiTokens = new ArrayList();
    static final /* synthetic */ boolean $assertionsDisabled;

    /* loaded from: input_file:org/jenkinsci/plugins/registry/notification/token/ApiTokens$HashedApiToken.class */
    public static class HashedApiToken implements Serializable {
        private static final long serialVersionUID = 1;
        private final String uuid;
        private final String name;
        private final String hash;
        private final Date created;

        private HashedApiToken(String str, String str2) {
            this.uuid = UUID.randomUUID().toString();
            this.name = str;
            this.hash = str2;
            this.created = new Date();
        }

        private HashedApiToken(String str, String str2, String str3, Date date) {
            this.uuid = str;
            this.name = str2;
            this.hash = str3;
            this.created = date;
        }

        public String getUuid() {
            return this.uuid;
        }

        public String getName() {
            return this.name;
        }

        public String getHash() {
            return this.hash;
        }

        public Date getCreated() {
            return new Date(this.created.getTime());
        }

        /* JADX INFO: Access modifiers changed from: private */
        public boolean match(byte[] bArr) {
            try {
                return MessageDigest.isEqual(Util.fromHexString(this.hash), bArr);
            } catch (NumberFormatException e) {
                ApiTokens.LOGGER.log(Level.WARNING, "The API token with name=[{0}] is not in hex-format and so cannot be used", this.name);
                return false;
            }
        }
    }

    @NonNull
    public GlobalConfigurationCategory getCategory() {
        return GlobalConfigurationCategory.get(GlobalConfigurationCategory.Security.class);
    }

    public static ApiTokens get() {
        return (ApiTokens) GlobalConfiguration.all().get(ApiTokens.class);
    }

    @POST
    public HttpResponse doGenerate(StaplerRequest2 staplerRequest2) {
        Jenkins.get().checkPermission(Jenkins.ADMINISTER);
        JSONObject generateApiToken = generateApiToken(staplerRequest2.getParameter("apiTokenName"));
        save();
        return HttpResponses.okJSON(generateApiToken);
    }

    public JSONObject generateApiToken(@NonNull String str) {
        byte[] bArr = new byte[16];
        RANDOM.nextBytes(bArr);
        String hexString = Util.toHexString(bArr);
        if (!$assertionsDisabled && hexString.length() != 32) {
            throw new AssertionError();
        }
        HashedApiToken hashedApiToken = new HashedApiToken(str, Util.toHexString(hashedBytes(hexString.getBytes(StandardCharsets.US_ASCII))));
        synchronized (this) {
            this.apiTokens.add(hashedApiToken);
        }
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("uuid", hashedApiToken.getUuid());
        jSONObject.put("name", hashedApiToken.getName());
        jSONObject.put("value", hexString);
        return jSONObject;
    }

    @NonNull
    private static byte[] hashedBytes(byte[] bArr) {
        try {
            return MessageDigest.getInstance(HASH_ALGORITHM).digest(bArr);
        } catch (NoSuchAlgorithmException e) {
            throw new AssertionError("There is no SHA-256 available in this system", e);
        }
    }

    @POST
    public HttpResponse doRevoke(StaplerRequest2 staplerRequest2) {
        Jenkins.get().checkPermission(Jenkins.ADMINISTER);
        String parameter = staplerRequest2.getParameter("apiTokenUuid");
        if (StringUtils.isBlank(parameter)) {
            return HttpResponses.errorWithoutStack(400, "API token UUID cannot be empty");
        }
        synchronized (this) {
            this.apiTokens.removeIf(hashedApiToken -> {
                return hashedApiToken.getUuid().equals(parameter);
            });
        }
        save();
        return HttpResponses.ok();
    }

    public synchronized Collection<HashedApiToken> getApiTokens() {
        return Collections.unmodifiableList(new ArrayList(this.apiTokens));
    }

    public boolean isValidApiToken(String str) {
        if (StringUtils.isBlank(str)) {
            return false;
        }
        return hasMatchingApiToken(str);
    }

    public synchronized boolean hasMatchingApiToken(@NonNull String str) {
        byte[] hashedBytes = hashedBytes(str.getBytes(StandardCharsets.US_ASCII));
        return this.apiTokens.stream().anyMatch(hashedApiToken -> {
            return hashedApiToken.match(hashedBytes);
        });
    }

    static {
        $assertionsDisabled = !ApiTokens.class.desiredAssertionStatus();
        LOGGER = Logger.getLogger(ApiTokens.class.getName());
        RANDOM = new SecureRandom();
    }
}
