package io.jenkins.blueocean.blueocean_git_pipeline;

import com.cloudbees.plugins.credentials.CredentialsMatcher;
import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.CredentialsScope;
import com.cloudbees.plugins.credentials.common.StandardCredentials;
import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials;
import com.cloudbees.plugins.credentials.domains.DomainRequirement;
import com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableList;
import hudson.Extension;
import hudson.model.User;
import hudson.util.HttpResponses;
import io.jenkins.blueocean.commons.ErrorMessage;
import io.jenkins.blueocean.commons.ServiceException;
import io.jenkins.blueocean.credential.CredentialsUtils;
import io.jenkins.blueocean.rest.Reachable;
import io.jenkins.blueocean.rest.hal.Link;
import io.jenkins.blueocean.rest.impl.pipeline.credential.BlueOceanDomainRequirement;
import io.jenkins.blueocean.rest.impl.pipeline.credential.BlueOceanDomainSpecification;
import io.jenkins.blueocean.rest.impl.pipeline.scm.AbstractScm;
import io.jenkins.blueocean.rest.impl.pipeline.scm.Scm;
import io.jenkins.blueocean.rest.impl.pipeline.scm.ScmFactory;
import io.jenkins.blueocean.rest.impl.pipeline.scm.ScmOrganization;
import io.jenkins.blueocean.rest.impl.pipeline.scm.ScmServerEndpointContainer;
import io.jenkins.blueocean.rest.model.Container;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.List;
import java.util.Locale;
import javax.annotation.Nonnull;
import jenkins.model.Jenkins;
import jenkins.plugins.git.AbstractGitSCMSource;
import jenkins.plugins.git.GitSCMFileSystem;
import jenkins.plugins.git.GitSCMSource;
import jenkins.scm.api.SCMSourceOwner;
import net.sf.json.JSONException;
import net.sf.json.JSONObject;
import org.apache.commons.codec.digest.DigestUtils;
import org.eclipse.jgit.lib.Repository;
import org.kohsuke.stapler.HttpResponse;
import org.kohsuke.stapler.Stapler;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.json.JsonBody;

/* loaded from: input_file:io/jenkins/blueocean/blueocean_git_pipeline/GitScm.class */
public class GitScm extends AbstractScm {
    public static final String ID = "git";
    static final String CREDENTIAL_DOMAIN_NAME = "blueocean-git-domain";
    static final String CREDENTIAL_DESCRIPTION_PW = "Git username/password";
    protected final Reachable parent;

    @Extension
    /* loaded from: input_file:io/jenkins/blueocean/blueocean_git_pipeline/GitScm$GitScmFactory.class */
    public static class GitScmFactory extends ScmFactory {
        public Scm getScm(@Nonnull String str, @Nonnull Reachable reachable) {
            if (str.equals(GitScm.ID)) {
                return new GitScm(reachable);
            }
            return null;
        }

        @Nonnull
        public Scm getScm(Reachable reachable) {
            return new GitScm(reachable);
        }
    }

    public GitScm(Reachable reachable) {
        this.parent = reachable;
    }

    public static String makeCredentialId(String str) {
        String scheme;
        String normalizeServerUrl = normalizeServerUrl(str);
        try {
            URI uri = new URI(normalizeServerUrl);
            String host = uri.getHost();
            if (host == null || host.length() == 0 || (scheme = uri.getScheme()) == null || !scheme.startsWith("http")) {
                return null;
            }
            return String.format("%s:%s", ID, DigestUtils.sha256Hex(normalizeServerUrl));
        } catch (URISyntaxException e) {
            return null;
        }
    }

    private static String normalizeServerUrl(String str) {
        if (str == null) {
            return "";
        }
        try {
            URI normalize = new URI(str).normalize();
            String scheme = normalize.getScheme();
            String lowerCase = normalize.getHost() == null ? null : normalize.getHost().toLowerCase(Locale.ENGLISH);
            int port = normalize.getPort();
            if ("http".equals(scheme) && port == 80) {
                port = -1;
            } else if ("https".equals(scheme) && port == 443) {
                port = -1;
            } else if ("ssh".equals(scheme) && port == 22) {
                port = -1;
            } else if (ID.equals(scheme) && port == 9418) {
                port = -1;
            }
            return new URI(scheme, normalize.getUserInfo(), lowerCase, port, null, null, null).toASCIIString().replaceAll("/$", "");
        } catch (URISyntaxException e) {
            return "";
        }
    }

    public Link getLink() {
        return this.parent.getLink().rel(ID);
    }

    @Nonnull
    public String getId() {
        return ID;
    }

    @Nonnull
    public String getUri() {
        return "";
    }

    protected StaplerRequest getStaplerRequest() {
        StaplerRequest currentRequest = Stapler.getCurrentRequest();
        Preconditions.checkNotNull(currentRequest, "Must be called in HTTP request context");
        return currentRequest;
    }

    public String getCredentialId() {
        StandardCredentials credentialForCurrentRequest = getCredentialForCurrentRequest();
        if (credentialForCurrentRequest != null) {
            return credentialForCurrentRequest.getId();
        }
        return null;
    }

    protected StandardCredentials getCredentialForCurrentRequest() {
        String makeCredentialId;
        StaplerRequest staplerRequest = getStaplerRequest();
        if (staplerRequest.hasParameter("credentialId")) {
            makeCredentialId = staplerRequest.getParameter("credentialId");
        } else {
            if (!staplerRequest.hasParameter("repositoryUrl")) {
                return null;
            }
            makeCredentialId = makeCredentialId(staplerRequest.getParameter("repositoryUrl"));
        }
        if (makeCredentialId == null) {
            return null;
        }
        return CredentialsUtils.findCredential(makeCredentialId, StandardCredentials.class, new DomainRequirement[]{new BlueOceanDomainRequirement()});
    }

    public Container<ScmOrganization> getOrganizations() {
        return null;
    }

    public ScmServerEndpointContainer getServers() {
        return null;
    }

    public HttpResponse validateAndCreate(@JsonBody JSONObject jSONObject) {
        AbstractGitSCMSource abstractGitSCMSource;
        String remote;
        boolean has = jSONObject.has("requirePush");
        if (jSONObject.has("repositoryUrl")) {
            remote = jSONObject.getString("repositoryUrl");
            abstractGitSCMSource = new GitSCMSource(remote);
        } else {
            try {
                String string = jSONObject.getJSONObject("pipeline").getString("fullName");
                SCMSourceOwner itemByFullName = Jenkins.getInstance().getItemByFullName(string, SCMSourceOwner.class);
                if (itemByFullName == null) {
                    return HttpResponses.errorJSON("No repository found for: " + string);
                }
                abstractGitSCMSource = (AbstractGitSCMSource) itemByFullName.getSCMSources().iterator().next();
                remote = abstractGitSCMSource.getRemote();
            } catch (RuntimeException e) {
                return HttpResponses.errorWithoutStack(500, e.getMessage());
            } catch (JSONException e2) {
                return HttpResponses.errorJSON("No repositoryUrl or pipeline.fullName specified in request.");
            }
        }
        User current = User.current();
        if (current == null) {
            throw new ServiceException.UnauthorizedException("Not authenticated");
        }
        String str = null;
        if (jSONObject.has("credentialId")) {
            str = jSONObject.getString("credentialId");
        }
        if (str == null) {
            str = makeCredentialId(remote);
        }
        if (str == null) {
            throw new ServiceException.BadRequestException("Invalid URL \"" + remote + "\"");
        }
        if (jSONObject.has("userName") || jSONObject.has("password")) {
            createPWCredentials(str, current, jSONObject, remote);
        }
        final StandardCredentials firstOrNull = CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(StandardCredentials.class, Jenkins.getInstance(), Jenkins.getAuthentication(), (List) null), CredentialsMatchers.allOf(new CredentialsMatcher[]{CredentialsMatchers.withId(str)}));
        if (firstOrNull == null) {
            throw new ServiceException.NotFoundException("No credentials found for: " + str);
        }
        try {
            if (has) {
                String string2 = jSONObject.getString("branch");
                if (remote != null) {
                    ((GitSCMSource) abstractGitSCMSource).setCredentialsId(str);
                }
                final String str2 = remote;
                new GitBareRepoReadSaveRequest(abstractGitSCMSource, string2, null, string2, null, null).invokeOnScm(new GitSCMFileSystem.FSFunction<Void>() { // from class: io.jenkins.blueocean.blueocean_git_pipeline.GitScm.1
                    /* renamed from: invoke, reason: merged with bridge method [inline-methods] */
                    public Void m10invoke(Repository repository) throws IOException, InterruptedException {
                        GitUtils.validatePushAccess(repository, str2, firstOrNull);
                        return null;
                    }
                });
            } else {
                List<ErrorMessage.Error> validateCredentials = GitUtils.validateCredentials(remote, firstOrNull);
                if (!validateCredentials.isEmpty()) {
                    throw new ServiceException.UnauthorizedException(validateCredentials.get(0).getMessage());
                }
            }
            return HttpResponses.okJSON();
        } catch (Exception e3) {
            String message = e3.getMessage();
            if (message == null || !message.contains("TransportException")) {
                return HttpResponses.errorWithoutStack(428, message);
            }
            throw new ServiceException.PreconditionRequired("Repository URL unreachable: " + remote);
        }
    }

    private void createPWCredentials(String str, User user, @JsonBody JSONObject jSONObject, String str2) {
        StandardUsernamePasswordCredentials findCredential = CredentialsUtils.findCredential(str, StandardUsernamePasswordCredentials.class, new DomainRequirement[]{new BlueOceanDomainRequirement()});
        UsernamePasswordCredentialsImpl usernamePasswordCredentialsImpl = new UsernamePasswordCredentialsImpl(CredentialsScope.USER, str, String.format("%s for %s", CREDENTIAL_DESCRIPTION_PW, str2), jSONObject.getString("userName"), jSONObject.getString("password"));
        try {
            if (findCredential == null) {
                CredentialsUtils.createCredentialsInUserStore(usernamePasswordCredentialsImpl, user, CREDENTIAL_DOMAIN_NAME, ImmutableList.of(new BlueOceanDomainSpecification()));
            } else {
                CredentialsUtils.updateCredentialsInUserStore(findCredential, usernamePasswordCredentialsImpl, user, CREDENTIAL_DOMAIN_NAME, ImmutableList.of(new BlueOceanDomainSpecification()));
            }
        } catch (IOException e) {
            throw new ServiceException.UnexpectedErrorException("Could not persist credential", e);
        }
    }
}
