package io.jenkins.plugins.gitlabserverconfig.servers.helpers;

import com.cloudbees.plugins.credentials.Credentials;
import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.CredentialsScope;
import com.cloudbees.plugins.credentials.SystemCredentialsProvider;
import com.cloudbees.plugins.credentials.common.StandardListBoxModel;
import com.cloudbees.plugins.credentials.common.StandardUsernameListBoxModel;
import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials;
import com.cloudbees.plugins.credentials.domains.Domain;
import com.cloudbees.plugins.credentials.domains.HostnameSpecification;
import com.cloudbees.plugins.credentials.domains.SchemeSpecification;
import com.cloudbees.plugins.credentials.domains.URIRequirementBuilder;
import com.google.common.collect.ImmutableList;
import edu.umd.cs.findbugs.annotations.NonNull;
import edu.umd.cs.findbugs.annotations.Nullable;
import hudson.Extension;
import hudson.model.Describable;
import hudson.model.Descriptor;
import hudson.security.ACL;
import hudson.security.ACLContext;
import hudson.util.FormValidation;
import hudson.util.ListBoxModel;
import hudson.util.Secret;
import io.jenkins.plugins.gitlabserverconfig.credentials.PersonalAccessToken;
import io.jenkins.plugins.gitlabserverconfig.credentials.PersonalAccessTokenImpl;
import io.jenkins.plugins.gitlabserverconfig.servers.GitLabServer;
import java.io.IOException;
import java.net.URI;
import java.util.Arrays;
import java.util.List;
import java.util.Objects;
import java.util.UUID;
import java.util.logging.Level;
import java.util.logging.Logger;
import jenkins.model.Jenkins;
import org.apache.commons.lang.StringUtils;
import org.gitlab4j.api.GitLabApiException;
import org.gitlab4j.api.utils.AccessTokenUtils;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.interceptor.RequirePOST;

@Extension
/* loaded from: input_file:io/jenkins/plugins/gitlabserverconfig/servers/helpers/GitLabPersonalAccessTokenCreator.class */
public class GitLabPersonalAccessTokenCreator extends Descriptor<GitLabPersonalAccessTokenCreator> implements Describable<GitLabPersonalAccessTokenCreator> {
    private static final Logger LOGGER = Logger.getLogger(GitLabPersonalAccessTokenCreator.class.getName());
    private static final List<AccessTokenUtils.Scope> GL_PLUGIN_REQUIRED_SCOPE = ImmutableList.of(AccessTokenUtils.Scope.API, AccessTokenUtils.Scope.READ_REGISTRY, AccessTokenUtils.Scope.READ_USER, AccessTokenUtils.Scope.READ_REPOSITORY);

    public GitLabPersonalAccessTokenCreator() {
        super(GitLabPersonalAccessTokenCreator.class);
    }

    private String getShortName(String str) {
        return str.substring(0, 8);
    }

    public Descriptor<GitLabPersonalAccessTokenCreator> getDescriptor() {
        return this;
    }

    @NonNull
    public String getDisplayName() {
        return "Convert login and password to token";
    }

    public ListBoxModel doFillCredentialsIdItems(@QueryParameter String str, @QueryParameter String str2) {
        Jenkins jenkins = Jenkins.get();
        return !jenkins.hasPermission(Jenkins.ADMINISTER) ? new StandardListBoxModel().includeCurrentValue(str2) : new StandardUsernameListBoxModel().includeEmptyValue().includeMatchingAs(ACL.SYSTEM, jenkins, StandardUsernamePasswordCredentials.class, URIRequirementBuilder.fromUri(StringUtils.defaultIfBlank(str, GitLabServer.GITLAB_SERVER_URL)).build(), CredentialsMatchers.always()).includeMatchingAs(Jenkins.getAuthentication(), jenkins, StandardUsernamePasswordCredentials.class, URIRequirementBuilder.fromUri(StringUtils.defaultIfBlank(str, GitLabServer.GITLAB_SERVER_URL)).build(), CredentialsMatchers.always());
    }

    @RequirePOST
    public FormValidation doCreateTokenByCredentials(@QueryParameter String str, @QueryParameter String str2) {
        Jenkins jenkins = Jenkins.get();
        jenkins.checkPermission(Jenkins.ADMINISTER);
        if (StringUtils.isEmpty(str2)) {
            return FormValidation.error("Please specify credentials to create token");
        }
        StandardUsernamePasswordCredentials firstOrNull = CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(StandardUsernamePasswordCredentials.class, jenkins, ACL.SYSTEM, URIRequirementBuilder.fromUri(StringUtils.defaultIfBlank(str, GitLabServer.GITLAB_SERVER_URL)).build()), CredentialsMatchers.withId(str2));
        if (firstOrNull == null) {
            firstOrNull = (StandardUsernamePasswordCredentials) CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(StandardUsernamePasswordCredentials.class, jenkins, Jenkins.getAuthentication(), URIRequirementBuilder.fromUri(StringUtils.defaultIfBlank(str, GitLabServer.GITLAB_SERVER_URL)).build()), CredentialsMatchers.withId(str2));
        }
        if (Objects.isNull(firstOrNull)) {
            return FormValidation.error("Can't create GitLab token, credentials are null");
        }
        try {
            String uuid = UUID.randomUUID().toString();
            String createPersonalAccessToken = AccessTokenUtils.createPersonalAccessToken(StringUtils.defaultIfBlank(str, GitLabServer.GITLAB_SERVER_URL), firstOrNull.getUsername(), Secret.toString(firstOrNull.getPassword()), uuid, GL_PLUGIN_REQUIRED_SCOPE);
            String shortName = getShortName(uuid);
            createCredentials(str, createPersonalAccessToken, firstOrNull.getUsername(), shortName);
            return FormValidation.ok("Created credentials with id %s ", new Object[]{shortName});
        } catch (GitLabApiException e) {
            return FormValidation.error(e, "Can't create GL token - %s", new Object[]{e.getMessage()});
        }
    }

    @RequirePOST
    public FormValidation doCreateTokenByPassword(@QueryParameter String str, @QueryParameter String str2, @QueryParameter String str3) {
        Jenkins.get().checkPermission(Jenkins.ADMINISTER);
        try {
            String uuid = UUID.randomUUID().toString();
            String createPersonalAccessToken = AccessTokenUtils.createPersonalAccessToken(StringUtils.defaultIfBlank(str, GitLabServer.GITLAB_SERVER_URL), str2, str3, uuid, GL_PLUGIN_REQUIRED_SCOPE);
            String shortName = getShortName(uuid);
            createCredentials(str, createPersonalAccessToken, str2, shortName);
            return FormValidation.ok("Created credentials with id %s", new Object[]{shortName});
        } catch (GitLabApiException e) {
            return FormValidation.error(e, "Can't create GL token for %s - %s", new Object[]{str2, e.getMessage()});
        }
    }

    private void createCredentials(@Nullable String str, String str2, String str3, String str4) {
        String defaultIfBlank = StringUtils.defaultIfBlank(str, GitLabServer.GITLAB_SERVER_URL);
        saveCredentials(defaultIfBlank, new PersonalAccessTokenImpl(CredentialsScope.GLOBAL, str4, String.format("Auto Generated by %s server for %s user", defaultIfBlank, str3), str2));
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void saveCredentials(String str, PersonalAccessToken personalAccessToken) {
        URI create = URI.create(StringUtils.defaultIfBlank(str, GitLabServer.GITLAB_SERVER_URL));
        Domain domain = new Domain(create.getHost(), "GitLab domain (autogenerated)", Arrays.asList(new SchemeSpecification(create.getScheme()), new HostnameSpecification(create.getHost(), (String) null)));
        try {
            ACLContext as = ACL.as(ACL.SYSTEM);
            try {
                new SystemCredentialsProvider.StoreImpl().addDomain(domain, new Credentials[]{personalAccessToken});
                if (as != null) {
                    as.close();
                }
            } finally {
            }
        } catch (IOException e) {
            LOGGER.log(Level.SEVERE, "Can't add credentials for domain", (Throwable) e);
        }
    }
}
