package jp.ikedam.jenkins.plugins.updatesitesmanager;

import com.cloudbees.plugins.credentials.CredentialsMatcher;
import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.common.StandardListBoxModel;
import com.cloudbees.plugins.credentials.common.StandardUsernameCredentials;
import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials;
import com.cloudbees.plugins.credentials.domains.URIRequirementBuilder;
import edu.umd.cs.findbugs.annotations.CheckForNull;
import edu.umd.cs.findbugs.annotations.NonNull;
import edu.umd.cs.findbugs.annotations.Nullable;
import hudson.Extension;
import hudson.ProxyConfiguration;
import hudson.model.Item;
import hudson.model.Queue;
import hudson.model.queue.Tasks;
import hudson.security.ACL;
import hudson.util.FormValidation;
import hudson.util.ListBoxModel;
import java.io.IOException;
import java.net.URISyntaxException;
import java.net.URL;
import java.net.URLConnection;
import java.net.http.HttpResponse;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.List;
import jenkins.model.Jenkins;
import org.apache.commons.lang.StringUtils;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.DataBoundSetter;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.interceptor.RequirePOST;
import org.springframework.security.core.Authentication;

/* loaded from: input_file:WEB-INF/lib/update-sites-manager.jar:jp/ikedam/jenkins/plugins/updatesitesmanager/CredentialRequiredUpdateSite.class */
public class CredentialRequiredUpdateSite extends ManagedUpdateSite {
    private String credentialsId;

    @Extension
    /* loaded from: input_file:WEB-INF/lib/update-sites-manager.jar:jp/ikedam/jenkins/plugins/updatesitesmanager/CredentialRequiredUpdateSite$DescriptorImpl.class */
    public static class DescriptorImpl extends DescribedUpdateSiteDescriptor {
        @NonNull
        public String getDisplayName() {
            return Messages.CredentialRequiredUpdateSite_DisplayName();
        }

        @RequirePOST
        public FormValidation doCheckCredentialsId(@CheckForNull @AncestorInPath Item item, @QueryParameter String str, @QueryParameter String str2) {
            if (item == null) {
                if (!Jenkins.get().hasPermission(Jenkins.ADMINISTER)) {
                    return FormValidation.ok();
                }
            } else if (!item.hasPermission(Item.EXTENDED_READ) && !item.hasPermission(CredentialsProvider.USE_ITEM)) {
                return FormValidation.ok();
            }
            if (!StringUtils.isBlank(str)) {
                if (CredentialsProvider.listCredentialsInItem(StandardUsernameCredentials.class, item, getAuthentication(item), URIRequirementBuilder.fromUri(str2).build(), CredentialsMatchers.withId(str)).isEmpty()) {
                    return FormValidation.error("invalid credentials");
                }
            }
            return FormValidation.ok();
        }

        @RequirePOST
        public ListBoxModel doFillCredentialsIdItems(@AncestorInPath Item item, @QueryParameter String str, @QueryParameter String str2) {
            StandardListBoxModel standardListBoxModel = new StandardListBoxModel();
            String trimToEmpty = StringUtils.trimToEmpty(str);
            if (item == null) {
                if (!Jenkins.get().hasPermission(Jenkins.ADMINISTER)) {
                    return standardListBoxModel.includeCurrentValue(trimToEmpty);
                }
            } else if (!item.hasPermission(Item.EXTENDED_READ) && !item.hasPermission(CredentialsProvider.USE_ITEM)) {
                return standardListBoxModel.includeCurrentValue(trimToEmpty);
            }
            Authentication authentication = getAuthentication(item);
            List build = URIRequirementBuilder.fromUri(str2).build();
            CredentialsMatcher always = CredentialsMatchers.always();
            standardListBoxModel.includeEmptyValue();
            if (item != null) {
                standardListBoxModel.includeMatchingAs(authentication, item, StandardUsernameCredentials.class, build, always);
            } else {
                standardListBoxModel.includeMatchingAs(authentication, Jenkins.get(), StandardUsernameCredentials.class, build, always);
            }
            return standardListBoxModel;
        }

        protected Authentication getAuthentication(Item item) {
            return item instanceof Queue.Task ? Tasks.getAuthenticationOf2((Queue.Task) item) : ACL.SYSTEM2;
        }
    }

    public CredentialRequiredUpdateSite(String str, String str2, boolean z, String str3, String str4, boolean z2) {
        super(str, str2, z, str3, str4, z2);
    }

    public String getCredentialsId() {
        return this.credentialsId;
    }

    @DataBoundSetter
    public void setCredentialsId(String str) {
        this.credentialsId = str;
    }

    @Nullable
    private StandardUsernamePasswordCredentials getCredential() {
        return CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentialsInItem(StandardUsernamePasswordCredentials.class, (Item) null, ACL.SYSTEM2, (List) null), CredentialsMatchers.withId(this.credentialsId));
    }

    @NonNull
    public FormValidation updateDirectlyNow(boolean z) throws IOException {
        URL url = new URL(getUrl());
        if (this.credentialsId == null) {
            return FormValidation.error(Messages.CredentialRequiredUpdateSite_credentialsNotFound());
        }
        StandardUsernamePasswordCredentials credential = getCredential();
        if (credential == null) {
            return FormValidation.error(Messages.CredentialRequiredUpdateSite_invalidCredentials(this.credentialsId));
        }
        try {
            try {
                String str = (String) ProxyConfiguration.newHttpClient().send(ProxyConfiguration.newHttpRequestBuilder(url.toURI()).headers(new String[]{"Accept", "application/json", "Authorization", String.format("Basic %s", Base64.getEncoder().encodeToString(String.format("%s:%s", credential.getUsername(), credential.getPassword().getPlainText()).getBytes(StandardCharsets.UTF_8)))}).GET().build(), HttpResponse.BodyHandlers.ofString()).body();
                int indexOf = str.indexOf(123);
                int lastIndexOf = str.lastIndexOf(125);
                if (indexOf < 0 || lastIndexOf <= indexOf) {
                    throw new IOException("Could not find JSON in " + String.valueOf(url));
                }
                return updateData(str.substring(indexOf, lastIndexOf + 1), z);
            } catch (IOException | InterruptedException e) {
                return FormValidation.error(e.getMessage());
            }
        } catch (IllegalArgumentException | URISyntaxException e2) {
            return FormValidation.error(e2.getMessage());
        }
    }

    public URLConnection connect(URL url) throws IOException {
        URLConnection open = ProxyConfiguration.open(url);
        StandardUsernamePasswordCredentials credential = getCredential();
        if (credential == null) {
            throw new IOException(Messages.CredentialRequiredUpdateSite_invalidCredentials(this.credentialsId));
        }
        open.setRequestProperty("Authorization", "Basic " + Base64.getEncoder().encodeToString((credential.getUsername() + ":" + credential.getPassword().getPlainText()).getBytes(StandardCharsets.UTF_8)));
        return open;
    }
}
