package org.jenkinsci.plugins.ghprb;

import com.cloudbees.plugins.credentials.CredentialsMatcher;
import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.common.IdCredentials;
import com.cloudbees.plugins.credentials.common.StandardCredentials;
import com.cloudbees.plugins.credentials.common.StandardListBoxModel;
import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials;
import com.cloudbees.plugins.credentials.domains.URIRequirementBuilder;
import com.google.common.base.Joiner;
import hudson.Extension;
import hudson.Util;
import hudson.model.AbstractDescribableImpl;
import hudson.model.Descriptor;
import hudson.model.Item;
import hudson.security.ACL;
import hudson.util.FormValidation;
import hudson.util.ListBoxModel;
import hudson.util.Secret;
import java.io.IOException;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.UUID;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.lang.StringUtils;
import org.apache.http.protocol.HTTP;
import org.jenkinsci.plugins.plaincredentials.StringCredentials;
import org.kohsuke.github.GHAuthorization;
import org.kohsuke.github.GHCommitState;
import org.kohsuke.github.GHIssue;
import org.kohsuke.github.GHMyself;
import org.kohsuke.github.GHRepository;
import org.kohsuke.github.GitHub;
import org.kohsuke.github.GitHubBuilder;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.export.Exported;

/* loaded from: input_file:WEB-INF/lib/ghprb.jar:org/jenkinsci/plugins/ghprb/GhprbGitHubAuth.class */
public class GhprbGitHubAuth extends AbstractDescribableImpl<GhprbGitHubAuth> {
    private static final Logger logger = Logger.getLogger(GhprbGitHubAuth.class.getName());

    @Extension
    public static final DescriptorImpl DESCRIPTOR = new DescriptorImpl();
    private final String serverAPIUrl;
    private final String jenkinsUrl;
    private final String credentialsId;
    private final String id;
    private final String description;
    private final Secret secret;
    private transient GitHub gh;

    /* loaded from: input_file:WEB-INF/lib/ghprb.jar:org/jenkinsci/plugins/ghprb/GhprbGitHubAuth$DescriptorImpl.class */
    public static final class DescriptorImpl extends Descriptor<GhprbGitHubAuth> {
        public String getDisplayName() {
            return "GitHub Auth";
        }

        public ListBoxModel doFillCredentialsIdItems(@AncestorInPath Item item, @QueryParameter String str, @QueryParameter String str2) throws URISyntaxException {
            List build = URIRequirementBuilder.fromUri(str).build();
            ArrayList arrayList = new ArrayList(3);
            if (!StringUtils.isEmpty(str2)) {
                arrayList.add(0, CredentialsMatchers.withId(str2));
            }
            arrayList.add(CredentialsMatchers.instanceOf(StandardUsernamePasswordCredentials.class));
            arrayList.add(CredentialsMatchers.instanceOf(StringCredentials.class));
            return new StandardListBoxModel().withMatching(CredentialsMatchers.anyOf((CredentialsMatcher[]) arrayList.toArray(new CredentialsMatcher[0])), CredentialsProvider.lookupCredentials(StandardCredentials.class, item, ACL.SYSTEM, build));
        }

        public FormValidation doCreateApiToken(@QueryParameter("serverAPIUrl") String str, @QueryParameter("credentialsId") String str2, @QueryParameter("username") String str3, @QueryParameter("password") String str4) {
            String str5;
            try {
                GitHubBuilder withConnector = new GitHubBuilder().withEndpoint(str).withConnector(new HttpConnectorWithJenkinsProxy());
                if (!StringUtils.isEmpty(str2)) {
                    StandardUsernamePasswordCredentials lookupCredentials = Ghprb.lookupCredentials(null, str2, str);
                    if (!(lookupCredentials instanceof StandardUsernamePasswordCredentials)) {
                        return FormValidation.error("No username/password credentials provided");
                    }
                    StandardUsernamePasswordCredentials standardUsernamePasswordCredentials = lookupCredentials;
                    withConnector.withPassword(standardUsernamePasswordCredentials.getUsername(), standardUsernamePasswordCredentials.getPassword().getPlainText());
                } else {
                    if (StringUtils.isEmpty(str3) || StringUtils.isEmpty(str4)) {
                        return FormValidation.error("Username and Password required");
                    }
                    withConnector.withPassword(str3, str4);
                }
                GHAuthorization createToken = withConnector.build().createToken(Arrays.asList("repo:status", "repo"), "Jenkins GitHub Pull Request Builder", (String) null);
                try {
                    str5 = Ghprb.createCredentials(str, createToken.getToken());
                } catch (Exception e) {
                    str5 = "Unable to create credentials: " + e.getMessage();
                }
                return FormValidation.ok("Access token created: " + createToken.getToken() + " token CredentialsID: " + str5);
            } catch (IOException e2) {
                return FormValidation.error("GitHub API token couldn't be created: " + e2.getMessage());
            }
        }

        public FormValidation doCheckServerAPIUrl(@QueryParameter String str) {
            return "https://api.github.com".equals(str) ? FormValidation.ok() : (str.endsWith("/api/v3") || str.endsWith("/api/v3/")) ? FormValidation.ok() : FormValidation.warning("GitHub API URI is \"https://api.github.com\". GitHub Enterprise API URL ends with \"/api/v3\"");
        }

        public FormValidation doCheckRepoAccess(@QueryParameter("serverAPIUrl") String str, @QueryParameter("credentialsId") String str2, @QueryParameter("repo") String str3) {
            try {
                GitHubBuilder builder = GhprbGitHubAuth.getBuilder(null, str, str2);
                if (builder == null) {
                    return FormValidation.error("Unable to look up GitHub credentials using ID: " + str2 + "!!");
                }
                GHRepository repository = builder.build().getRepository(str3);
                StringBuilder sb = new StringBuilder();
                sb.append("User has access to: ");
                ArrayList arrayList = new ArrayList(3);
                if (repository.hasAdminAccess()) {
                    arrayList.add("Admin");
                }
                if (repository.hasPushAccess()) {
                    arrayList.add("Push");
                }
                if (repository.hasPullAccess()) {
                    arrayList.add("Pull");
                }
                sb.append(Joiner.on(", ").join(arrayList));
                return FormValidation.ok(sb.toString());
            } catch (Exception e) {
                return FormValidation.error("Unable to connect to GitHub API: " + e);
            }
        }

        public FormValidation doTestGithubAccess(@QueryParameter("serverAPIUrl") String str, @QueryParameter("credentialsId") String str2) {
            try {
                GitHubBuilder builder = GhprbGitHubAuth.getBuilder(null, str, str2);
                if (builder == null) {
                    return FormValidation.error("Unable to look up GitHub credentials using ID: " + str2 + "!!");
                }
                GHMyself myself = builder.build().getMyself();
                return FormValidation.ok(String.format("Connected to %s as %s (%s) login: %s", str, myself.getName(), myself.getEmail(), myself.getLogin()));
            } catch (Exception e) {
                return FormValidation.error("Unable to connect to GitHub API: " + e);
            }
        }

        public FormValidation doTestComment(@QueryParameter("serverAPIUrl") String str, @QueryParameter("credentialsId") String str2, @QueryParameter("repo") String str3, @QueryParameter("issueId") int i, @QueryParameter("message1") String str4) {
            try {
                GitHubBuilder builder = GhprbGitHubAuth.getBuilder(null, str, str2);
                if (builder == null) {
                    return FormValidation.error("Unable to look up GitHub credentials using ID: " + str2 + "!!");
                }
                GHIssue issue = builder.build().getRepository(str3).getIssue(i);
                issue.comment(str4);
                return FormValidation.ok("Issued comment to issue: " + issue.getHtmlUrl());
            } catch (Exception e) {
                return FormValidation.error("Unable to issue comment: " + e);
            }
        }

        public FormValidation doTestUpdateStatus(@QueryParameter("serverAPIUrl") String str, @QueryParameter("credentialsId") String str2, @QueryParameter("repo") String str3, @QueryParameter("sha1") String str4, @QueryParameter("state") GHCommitState gHCommitState, @QueryParameter("url") String str5, @QueryParameter("message2") String str6, @QueryParameter("context") String str7) {
            try {
                GitHubBuilder builder = GhprbGitHubAuth.getBuilder(null, str, str2);
                if (builder == null) {
                    return FormValidation.error("Unable to look up GitHub credentials using ID: " + str2 + "!!");
                }
                builder.build().getRepository(str3).createCommitStatus(str4, gHCommitState, str5, str6, str7);
                return FormValidation.ok("Updated status of: " + str4);
            } catch (Exception e) {
                return FormValidation.error("Unable to update status: " + e);
            }
        }

        public ListBoxModel doFillStateItems(@QueryParameter("state") String str) {
            ListBoxModel listBoxModel = new ListBoxModel();
            for (GHCommitState gHCommitState : GHCommitState.values()) {
                listBoxModel.add(gHCommitState.toString(), gHCommitState.toString());
                if (str.equals(gHCommitState.toString())) {
                    ((ListBoxModel.Option) listBoxModel.get(listBoxModel.size() - 1)).selected = true;
                }
            }
            return listBoxModel;
        }
    }

    @DataBoundConstructor
    public GhprbGitHubAuth(String str, String str2, String str3, String str4, String str5, Secret secret) {
        this.serverAPIUrl = Util.fixEmptyAndTrim(StringUtils.isEmpty(str) ? "https://api.github.com" : str);
        this.jenkinsUrl = Util.fixEmptyAndTrim(str2);
        this.credentialsId = Util.fixEmpty(str3);
        this.id = IdCredentials.Helpers.fixEmptyId(StringUtils.isEmpty(str5) ? UUID.randomUUID().toString() : str5);
        this.description = str4;
        this.secret = secret;
    }

    @Exported
    public String getServerAPIUrl() {
        return this.serverAPIUrl;
    }

    @Exported
    public String getJenkinsUrl() {
        return this.jenkinsUrl;
    }

    @Exported
    public String getCredentialsId() {
        return this.credentialsId;
    }

    @Exported
    public String getDescription() {
        return this.description;
    }

    @Exported
    public String getId() {
        return this.id;
    }

    @Exported
    public Secret getSecret() {
        return this.secret;
    }

    public boolean checkSignature(String str, String str2) {
        if (this.secret == null || StringUtils.isEmpty(this.secret.getPlainText())) {
            return true;
        }
        if (str2 == null || !str2.startsWith("sha1=")) {
            logger.log(Level.SEVERE, "Request doesn't contain a signature. Check that github has a secret that should be attached to the hook");
            return false;
        }
        String substring = str2.substring(5);
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(this.secret.getPlainText().getBytes(), "HmacSHA1");
            Mac mac = Mac.getInstance("HmacSHA1");
            mac.init(secretKeySpec);
            String encodeHexString = Hex.encodeHexString(mac.doFinal(str.getBytes(HTTP.UTF_8)));
            if (encodeHexString.equals(substring)) {
                logger.log(Level.INFO, "Signatures checking OK");
                return true;
            }
            logger.log(Level.SEVERE, "Local signature {0} does not match external signature {1}", new Object[]{encodeHexString, substring});
            return false;
        } catch (Exception e) {
            logger.log(Level.SEVERE, "Couldn't match both signatures");
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static GitHubBuilder getBuilder(Item item, String str, String str2) {
        GitHubBuilder withConnector = new GitHubBuilder().withEndpoint(str).withConnector(new HttpConnectorWithJenkinsProxy());
        String fullDisplayName = item == null ? "(Jenkins.instance)" : item.getFullDisplayName();
        if (StringUtils.isEmpty(str2)) {
            logger.log(Level.WARNING, "credentialsId not set for context {0}, using anonymous connection", fullDisplayName);
            return withConnector;
        }
        StandardUsernamePasswordCredentials lookupCredentials = Ghprb.lookupCredentials(item, str2, str);
        if (lookupCredentials == null) {
            logger.log(Level.SEVERE, "Failed to look up credentials for context {0} using id: {1}", new Object[]{fullDisplayName, str2});
        } else if (lookupCredentials instanceof StandardUsernamePasswordCredentials) {
            logger.log(Level.FINEST, "Using username/password for context {0}", fullDisplayName);
            StandardUsernamePasswordCredentials standardUsernamePasswordCredentials = lookupCredentials;
            withConnector.withPassword(standardUsernamePasswordCredentials.getUsername(), standardUsernamePasswordCredentials.getPassword().getPlainText());
        } else {
            if (!(lookupCredentials instanceof StringCredentials)) {
                logger.log(Level.SEVERE, "Unknown credential type for context {0} using id: {1}: {2}", new Object[]{fullDisplayName, str2, lookupCredentials.getClass().getName()});
                return null;
            }
            logger.log(Level.FINEST, "Using OAuth token for context {0}", fullDisplayName);
            withConnector.withOAuthToken(((StringCredentials) lookupCredentials).getSecret().getPlainText());
        }
        return withConnector;
    }

    private void buildConnection(Item item) {
        GitHubBuilder builder = getBuilder(item, this.serverAPIUrl, this.credentialsId);
        if (builder == null) {
            logger.log(Level.SEVERE, "Unable to get builder using credentials: {0}", this.credentialsId);
            return;
        }
        try {
            this.gh = builder.build();
        } catch (IOException e) {
            logger.log(Level.SEVERE, "Unable to connect using credentials: " + this.credentialsId, (Throwable) e);
        }
    }

    public GitHub getConnection(Item item) throws IOException {
        GitHub gitHub;
        synchronized (this) {
            if (this.gh == null) {
                buildConnection(item);
            }
            gitHub = this.gh;
        }
        return gitHub;
    }

    /* renamed from: getDescriptor, reason: merged with bridge method [inline-methods] */
    public DescriptorImpl m21getDescriptor() {
        return DESCRIPTOR;
    }
}
