package io.jenkins.blueocean.blueocean_github_pipeline;

import com.cloudbees.plugins.credentials.CredentialsScope;
import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials;
import com.cloudbees.plugins.credentials.domains.DomainRequirement;
import com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl;
import com.fasterxml.jackson.annotation.JsonAutoDetect;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.introspect.VisibilityChecker;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import hudson.Extension;
import hudson.model.User;
import hudson.tasks.Mailer;
import io.jenkins.blueocean.commons.ErrorMessage;
import io.jenkins.blueocean.commons.JsonConverter;
import io.jenkins.blueocean.commons.ServiceException;
import io.jenkins.blueocean.credential.CredentialsUtils;
import io.jenkins.blueocean.rest.Reachable;
import io.jenkins.blueocean.rest.hal.Link;
import io.jenkins.blueocean.rest.impl.pipeline.credential.BlueOceanDomainRequirement;
import io.jenkins.blueocean.rest.impl.pipeline.credential.BlueOceanDomainSpecification;
import io.jenkins.blueocean.rest.impl.pipeline.scm.Scm;
import io.jenkins.blueocean.rest.impl.pipeline.scm.ScmFactory;
import io.jenkins.blueocean.rest.impl.pipeline.scm.ScmOrganization;
import io.jenkins.blueocean.rest.model.Container;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.util.AbstractMap;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.Map;
import javax.annotation.Nonnull;
import javax.servlet.ServletException;
import net.sf.json.JSONObject;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.HttpStatus;
import org.apache.http.client.methods.HttpGet;
import org.kohsuke.github.GHMyself;
import org.kohsuke.github.GHOrganization;
import org.kohsuke.github.GHUser;
import org.kohsuke.github.GitHub;
import org.kohsuke.github.GitHubBuilder;
import org.kohsuke.github.HttpException;
import org.kohsuke.github.RateLimitHandler;
import org.kohsuke.stapler.HttpResponse;
import org.kohsuke.stapler.Stapler;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.StaplerResponse;
import org.kohsuke.stapler.json.JsonBody;

/* loaded from: input_file:WEB-INF/lib/blueocean-github-pipeline.jar:io/jenkins/blueocean/blueocean_github_pipeline/GithubScm.class */
public class GithubScm extends Scm {
    static final String GITHUB_API_URL_PROPERTY = "blueocean.github.url";
    static final String DEFAULT_API_URI = "https://api.github.com";
    private static final String ID = "github";
    private static final String USER_EMAIL_SCOPE = "user:email";
    private static final String USER_SCOPE = "user";
    private static final String REPO_SCOPE = "repo";
    static final String DOMAIN_NAME = "blueocean-github-domain";
    private final Link self;
    static final ObjectMapper om = new ObjectMapper();

    @Extension
    /* loaded from: input_file:WEB-INF/lib/blueocean-github-pipeline.jar:io/jenkins/blueocean/blueocean_github_pipeline/GithubScm$GithubScmFactory.class */
    public static class GithubScmFactory extends ScmFactory {
        public Scm getScm(@Nonnull String str, @Nonnull Reachable reachable) {
            if (str.equals(GithubScm.ID)) {
                return new GithubScm(reachable);
            }
            return null;
        }

        @Nonnull
        public Scm getScm(Reachable reachable) {
            return new GithubScm(reachable);
        }
    }

    /* loaded from: input_file:WEB-INF/lib/blueocean-github-pipeline.jar:io/jenkins/blueocean/blueocean_github_pipeline/GithubScm$RateLimitHandlerImpl.class */
    static class RateLimitHandlerImpl extends RateLimitHandler {
        RateLimitHandlerImpl() {
        }

        @Override // org.kohsuke.github.RateLimitHandler
        public void onError(IOException iOException, HttpURLConnection httpURLConnection) throws IOException {
            throw new ServiceException.BadRequestException("API rate limit reached." + iOException.getMessage(), iOException);
        }
    }

    public GithubScm(Reachable reachable) {
        this.self = reachable.getLink().rel(ID);
    }

    public Link getLink() {
        return this.self;
    }

    @Nonnull
    public String getId() {
        return ID;
    }

    @Nonnull
    public String getUri() {
        String property = System.getProperty(GITHUB_API_URL_PROPERTY);
        return property != null ? property : DEFAULT_API_URI;
    }

    public String getCredentialDomainName() {
        return DOMAIN_NAME;
    }

    public String getCredentialId() {
        StandardUsernamePasswordCredentials findCredential = CredentialsUtils.findCredential(getId(), StandardUsernamePasswordCredentials.class, new DomainRequirement[]{new BlueOceanDomainRequirement()});
        if (findCredential != null) {
            return findCredential.getId();
        }
        return null;
    }

    public Container<ScmOrganization> getOrganizations() {
        String credentialIdFromRequest = getCredentialIdFromRequest(Stapler.getCurrentRequest());
        User authenticatedUser = getAuthenticatedUser();
        StandardUsernamePasswordCredentials findCredential = CredentialsUtils.findCredential(credentialIdFromRequest, StandardUsernamePasswordCredentials.class, new DomainRequirement[]{new BlueOceanDomainRequirement()});
        if (findCredential == null) {
            throw new ServiceException.BadRequestException(String.format("Credential id: %s not found for user %s", credentialIdFromRequest, authenticatedUser.getId()));
        }
        try {
            GitHub build = new GitHubBuilder().withOAuthToken(findCredential.getPassword().getPlainText()).withRateLimitHandler(new RateLimitHandlerImpl()).withEndpoint(getUri()).build();
            final Link rel = getLink().rel("organizations");
            AbstractMap linkedHashMap = new LinkedHashMap();
            for (Map.Entry<String, GHOrganization> entry : build.getMyOrganizations().entrySet()) {
                linkedHashMap.put(entry.getKey(), new GithubOrganization(this, entry.getValue(), findCredential, rel));
            }
            GHMyself m694getMyself = build.m694getMyself();
            if (linkedHashMap.get(m694getMyself.getLogin()) == null) {
                linkedHashMap = new HashMap(linkedHashMap);
                linkedHashMap.put(m694getMyself.getLogin(), new GithubUserOrganization(m694getMyself, findCredential, this));
            }
            final AbstractMap abstractMap = linkedHashMap;
            return new Container<ScmOrganization>() { // from class: io.jenkins.blueocean.blueocean_github_pipeline.GithubScm.1
                /* renamed from: get, reason: merged with bridge method [inline-methods] */
                public ScmOrganization m407get(String str) {
                    ScmOrganization scmOrganization = (ScmOrganization) abstractMap.get(str);
                    if (scmOrganization == null) {
                        throw new ServiceException.NotFoundException(String.format("GitHub organization %s not found", str));
                    }
                    return scmOrganization;
                }

                public Link getLink() {
                    return rel;
                }

                public Iterator<ScmOrganization> iterator() {
                    return abstractMap.values().iterator();
                }
            };
        } catch (IOException e) {
            if (e instanceof HttpException) {
                HttpException httpException = (HttpException) e;
                if (httpException.getResponseCode() == 401) {
                    throw new ServiceException.PreconditionRequired("Invalid Github accessToken", httpException);
                }
                if (httpException.getResponseCode() == 403) {
                    throw new ServiceException.PreconditionRequired("Github accessToken does not have required scopes. Expected scopes 'user:email, repo'", httpException);
                }
            }
            throw new ServiceException.UnexpectedErrorException(e.getMessage(), e);
        }
    }

    private static String getCredentialIdFromRequest(StaplerRequest staplerRequest) {
        String parameter = staplerRequest.getParameter("credentialId");
        if (parameter == null) {
            parameter = staplerRequest.getHeader("X-CREDENTIAL-NAME");
        }
        if (parameter == null) {
            throw new ServiceException.BadRequestException("Missing credential id. It must be provided either as HTTP header: X-CREDENTIAL-NAME or as query parameter 'credentialId'");
        }
        return parameter;
    }

    public HttpResponse validateAndCreate(@JsonBody JSONObject jSONObject) {
        String str = (String) jSONObject.get("accessToken");
        if (str == null) {
            throw new ServiceException.BadRequestException("accessToken is required");
        }
        try {
            User authenticatedUser = getAuthenticatedUser();
            HttpURLConnection connect = connect(String.format("%s/%s", getUri(), "user"), str);
            validateAccessTokenScopes(connect);
            GHUser gHUser = (GHUser) om.readValue(IOUtils.toString(connect.getInputStream()), GHUser.class);
            if (gHUser.getEmail() != null && authenticatedUser.getProperty(Mailer.UserProperty.class) == null) {
                authenticatedUser.addProperty(new Mailer.UserProperty(gHUser.getEmail()));
            }
            StandardUsernamePasswordCredentials findCredential = CredentialsUtils.findCredential(getId(), StandardUsernamePasswordCredentials.class, new DomainRequirement[]{new BlueOceanDomainRequirement()});
            UsernamePasswordCredentialsImpl usernamePasswordCredentialsImpl = new UsernamePasswordCredentialsImpl(CredentialsScope.USER, ID, "Github Access Token", authenticatedUser.getId(), str);
            if (findCredential == null) {
                CredentialsUtils.createCredentialsInUserStore(usernamePasswordCredentialsImpl, authenticatedUser, getCredentialsDomainName(getUri()), ImmutableList.of(new BlueOceanDomainSpecification()));
            } else {
                CredentialsUtils.updateCredentialsInUserStore(findCredential, usernamePasswordCredentialsImpl, authenticatedUser, getCredentialsDomainName(getUri()), ImmutableList.of(new BlueOceanDomainSpecification()));
            }
            return createResponse(usernamePasswordCredentialsImpl.getId());
        } catch (IOException e) {
            throw new ServiceException.UnexpectedErrorException(e.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static HttpURLConnection connect(String str, String str2) throws IOException {
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
        httpURLConnection.setDoOutput(true);
        httpURLConnection.setRequestMethod(HttpGet.METHOD_NAME);
        httpURLConnection.setRequestProperty("Content-type", "application/json");
        httpURLConnection.setRequestProperty("Authorization", "token " + str2);
        httpURLConnection.connect();
        int responseCode = httpURLConnection.getResponseCode();
        if (responseCode == 401) {
            throw new ServiceException.PreconditionRequired("Invalid accessToken");
        }
        if (responseCode == 403) {
            throw new ServiceException.PreconditionRequired("Github accessToken does not have required scopes. Expected scopes 'user:email, repo'");
        }
        if (responseCode == 404) {
            throw new ServiceException.NotFoundException("Not Found");
        }
        if (responseCode != 200) {
            throw new ServiceException.BadRequestException(String.format("Github Api returned error: %s. Error message: %s.", Integer.valueOf(httpURLConnection.getResponseCode()), httpURLConnection.getResponseMessage()));
        }
        return httpURLConnection;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void validateAccessTokenScopes(HttpURLConnection httpURLConnection) {
        String headerField = httpURLConnection.getHeaderField("X-OAuth-Scopes");
        if (headerField == null) {
            throw new ServiceException.PreconditionRequired("No scopes associated with this token. Expected scopes 'user:email, repo'.");
        }
        ArrayList arrayList = new ArrayList();
        for (String str : headerField.split(",")) {
            arrayList.add(str.trim());
        }
        ArrayList arrayList2 = new ArrayList();
        if (!arrayList.contains("user:email") && !arrayList.contains("user")) {
            arrayList2.add("user:email");
        }
        if (!arrayList.contains("repo")) {
            arrayList2.add("repo");
        }
        if (!arrayList2.isEmpty()) {
            throw new ServiceException.PreconditionRequired("Invalid token, its missing scopes: " + StringUtils.join(arrayList2, ","));
        }
    }

    private HttpResponse createResponse(final String str) {
        return new HttpResponse() { // from class: io.jenkins.blueocean.blueocean_github_pipeline.GithubScm.2
            public void generateResponse(StaplerRequest staplerRequest, StaplerResponse staplerResponse, Object obj) throws IOException, ServletException {
                staplerResponse.setStatus(HttpStatus.SC_OK);
                staplerResponse.getWriter().print(JsonConverter.toJson(ImmutableMap.of("credentialId", str)));
            }
        };
    }

    static User getAuthenticatedUser() {
        User current = User.current();
        if (current == null) {
            throw new ServiceException.UnauthorizedException("No logged in user found");
        }
        return current;
    }

    private String getCredentialsDomainName(String str) {
        try {
            URI uri = new URI(str);
            String credentialDomainName = getCredentialDomainName();
            return this instanceof GithubEnterpriseScm ? credentialDomainName + "-" + uri.getHost() : credentialDomainName;
        } catch (URISyntaxException e) {
            throw new ServiceException.UnexpectedErrorException(new ErrorMessage(Integer.valueOf(HttpStatus.SC_BAD_REQUEST), "Invalid URI: " + str));
        }
    }

    static {
        om.setVisibilityChecker(new VisibilityChecker.Std(JsonAutoDetect.Visibility.NONE, JsonAutoDetect.Visibility.NONE, JsonAutoDetect.Visibility.NONE, JsonAutoDetect.Visibility.NONE, JsonAutoDetect.Visibility.ANY));
        om.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
    }
}
