package org.jenkinsci.plugins;

import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import hudson.security.SecurityRealm;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.concurrent.Callable;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;
import jenkins.model.Jenkins;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.GrantedAuthorityImpl;
import org.acegisecurity.providers.AbstractAuthenticationToken;
import org.apache.commons.collections.CollectionUtils;
import org.gitlab.api.GitlabAPI;
import org.gitlab.api.TokenType;
import org.gitlab.api.models.GitlabGroup;
import org.gitlab.api.models.GitlabProject;
import org.gitlab.api.models.GitlabUser;

/* loaded from: input_file:org/jenkinsci/plugins/GitLabAuthenticationToken.class */
public class GitLabAuthenticationToken extends AbstractAuthenticationToken {
    private static final long serialVersionUID = 1;
    private final String accessToken;
    private final String userName;
    private final transient GitlabAPI gitLabAPI;
    private final transient GitlabUser me;
    private transient GitLabSecurityRealm myRealm;
    private static final Cache<String, Set<String>> userOrganizationCache;
    private static final Cache<String, Set<String>> repositoryCollaboratorsCache;
    private static final Cache<String, Set<String>> repositoriesByUserCache;
    private static final Cache<String, Boolean> publicRepositoryCache;
    private static final Cache<String, List<GitlabProject>> groupRepositoriesCache;
    private final List<GrantedAuthority> authorities;
    private static final Logger LOGGER;
    static final /* synthetic */ boolean $assertionsDisabled;

    public GitLabAuthenticationToken(String str, String str2, TokenType tokenType) throws IOException {
        super(new GrantedAuthority[0]);
        this.myRealm = null;
        this.authorities = new ArrayList();
        this.accessToken = str;
        this.gitLabAPI = GitlabAPI.connect(str2, str, tokenType);
        this.me = this.gitLabAPI.getUser();
        if (!$assertionsDisabled && this.me == null) {
            throw new AssertionError();
        }
        setAuthenticated(true);
        this.userName = this.me.getUsername();
        this.authorities.add(SecurityRealm.AUTHENTICATED_AUTHORITY);
        Jenkins jenkins = Jenkins.getInstance();
        if (jenkins == null || !(jenkins.getSecurityRealm() instanceof GitLabSecurityRealm)) {
            return;
        }
        if (this.myRealm == null) {
            this.myRealm = (GitLabSecurityRealm) jenkins.getSecurityRealm();
        }
        for (GitlabGroup gitlabGroup : this.gitLabAPI.getGroups()) {
            LOGGER.log(Level.FINE, "Fetch teams for user " + this.userName + " in organization " + gitlabGroup.getName());
            this.authorities.add(new GrantedAuthorityImpl(gitlabGroup.getName()));
            this.authorities.add(new GrantedAuthorityImpl(gitlabGroup + "*" + gitlabGroup.getName()));
        }
    }

    public static void clearCaches() {
        userOrganizationCache.invalidateAll();
        repositoryCollaboratorsCache.invalidateAll();
        repositoriesByUserCache.invalidateAll();
        groupRepositoriesCache.invalidateAll();
    }

    public String getAccessToken() {
        return this.accessToken;
    }

    public GitlabAPI getGitLabAPI() {
        return this.gitLabAPI;
    }

    public GrantedAuthority[] getAuthorities() {
        return (GrantedAuthority[]) this.authorities.toArray(new GrantedAuthority[this.authorities.size()]);
    }

    public Object getCredentials() {
        return "";
    }

    /* renamed from: getPrincipal, reason: merged with bridge method [inline-methods] */
    public String m1getPrincipal() {
        return this.userName;
    }

    public GitlabUser getMyself() {
        return this.me;
    }

    public boolean hasOrganizationPermission(String str, String str2) {
        try {
            return ((Set) userOrganizationCache.get(str, new Callable<Set<String>>() { // from class: org.jenkinsci.plugins.GitLabAuthenticationToken.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.util.concurrent.Callable
                public Set<String> call() throws Exception {
                    List groups = GitLabAuthenticationToken.this.gitLabAPI.getGroups();
                    HashSet hashSet = new HashSet();
                    Iterator it = groups.iterator();
                    while (it.hasNext()) {
                        hashSet.add(((GitlabGroup) it.next()).getName());
                    }
                    return hashSet;
                }
            })).contains(str2);
        } catch (ExecutionException e) {
            throw new RuntimeException("authorization failed for user = " + str, e);
        }
    }

    public boolean hasRepositoryPermission(String str) {
        return myRepositories().contains(str);
    }

    public Set<String> myRepositories() {
        try {
            return (Set) repositoriesByUserCache.get(getName(), new Callable<Set<String>>() { // from class: org.jenkinsci.plugins.GitLabAuthenticationToken.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.util.concurrent.Callable
                public Set<String> call() throws Exception {
                    List projects = GitLabAuthenticationToken.this.gitLabAPI.getProjects();
                    Set<String> emptySet = Collections.emptySet();
                    if (projects != null) {
                        emptySet = GitLabAuthenticationToken.this.listToNames(projects);
                    }
                    return emptySet;
                }
            });
        } catch (ExecutionException e) {
            LOGGER.log(Level.SEVERE, "an exception was thrown", (Throwable) e);
            throw new RuntimeException("authorization failed for user = " + getName(), e);
        }
    }

    public Set<String> listToNames(Collection<GitlabProject> collection) throws IOException {
        HashSet hashSet = new HashSet();
        Iterator<GitlabProject> it = collection.iterator();
        while (it.hasNext()) {
            hashSet.add(it.next().getPathWithNamespace());
        }
        return hashSet;
    }

    public boolean isPublicRepository(final String str) {
        try {
            return ((Boolean) publicRepositoryCache.get(str, new Callable<Boolean>() { // from class: org.jenkinsci.plugins.GitLabAuthenticationToken.3
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.util.concurrent.Callable
                public Boolean call() throws Exception {
                    GitlabProject loadRepository = GitLabAuthenticationToken.this.loadRepository(str);
                    return loadRepository == null ? Boolean.FALSE : Boolean.valueOf(Boolean.TRUE.equals(loadRepository.isPublic()));
                }
            })).booleanValue();
        } catch (ExecutionException e) {
            LOGGER.log(Level.SEVERE, "an exception was thrown", (Throwable) e);
            throw new RuntimeException("authorization failed for user = " + getName(), e);
        }
    }

    public GitlabUser loadUser(String str) {
        try {
            if (this.gitLabAPI == null || !isAuthenticated()) {
                return null;
            }
            List findUsers = this.gitLabAPI.findUsers(str);
            if (CollectionUtils.isNotEmpty(findUsers)) {
                return (GitlabUser) findUsers.get(0);
            }
            return null;
        } catch (IOException e) {
            LOGGER.log(Level.FINEST, e.getMessage(), (Throwable) e);
            return null;
        }
    }

    public GitlabGroup loadOrganization(String str) {
        try {
            if (this.gitLabAPI == null || !isAuthenticated() || this.gitLabAPI.getGroups().isEmpty()) {
                return null;
            }
            return (GitlabGroup) this.gitLabAPI.getGroups().get(0);
        } catch (IOException e) {
            LOGGER.log(Level.FINEST, e.getMessage(), (Throwable) e);
            return null;
        }
    }

    public GitlabProject loadRepository(String str) {
        try {
            if (this.gitLabAPI == null || !isAuthenticated()) {
                return null;
            }
            return this.gitLabAPI.getProject(str);
        } catch (IOException e) {
            LOGGER.log(Level.WARNING, "Looks like a bad GitLab URL OR the Jenkins user does not have access to the repository{0}", str);
            return null;
        }
    }

    public GitLabOAuthUserDetails getUserDetails(String str) {
        GitlabUser loadUser = loadUser(str);
        if (loadUser == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        try {
            Iterator it = this.gitLabAPI.getGroups().iterator();
            while (it.hasNext()) {
                arrayList.add(new GrantedAuthorityImpl(((GitlabGroup) it.next()).getName()));
            }
        } catch (IOException e) {
            LOGGER.log(Level.FINE, e.getMessage(), (Throwable) e);
        }
        return new GitLabOAuthUserDetails(loadUser, (GrantedAuthority[]) arrayList.toArray(new GrantedAuthority[arrayList.size()]));
    }

    public List<GitlabProject> getGroupProjects(final GitlabGroup gitlabGroup) {
        try {
            return (List) groupRepositoriesCache.get(gitlabGroup.getPath(), new Callable<List<GitlabProject>>() { // from class: org.jenkinsci.plugins.GitLabAuthenticationToken.4
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.util.concurrent.Callable
                public List<GitlabProject> call() throws Exception {
                    return GitLabAuthenticationToken.this.gitLabAPI.getGroupProjects(gitlabGroup);
                }
            });
        } catch (ExecutionException e) {
            LOGGER.log(Level.SEVERE, "an exception was thrown", (Throwable) e);
            throw new RuntimeException("authorization failed for user = " + getName(), e);
        }
    }

    static {
        $assertionsDisabled = !GitLabAuthenticationToken.class.desiredAssertionStatus();
        userOrganizationCache = CacheBuilder.newBuilder().expireAfterWrite(serialVersionUID, TimeUnit.HOURS).build();
        repositoryCollaboratorsCache = CacheBuilder.newBuilder().expireAfterWrite(serialVersionUID, TimeUnit.HOURS).build();
        repositoriesByUserCache = CacheBuilder.newBuilder().expireAfterWrite(serialVersionUID, TimeUnit.HOURS).build();
        publicRepositoryCache = CacheBuilder.newBuilder().expireAfterWrite(serialVersionUID, TimeUnit.HOURS).build();
        groupRepositoriesCache = CacheBuilder.newBuilder().expireAfterWrite(serialVersionUID, TimeUnit.HOURS).build();
        LOGGER = Logger.getLogger(GitLabAuthenticationToken.class.getName());
    }
}
