package io.jenkins.blueocean.plugin.diagnosis;

import com.cloudbees.plugins.credentials.Credentials;
import com.cloudbees.plugins.credentials.CredentialsMatcher;
import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.CredentialsScope;
import com.cloudbees.plugins.credentials.common.StandardCredentials;
import hudson.Extension;
import hudson.ExtensionList;
import hudson.init.InitMilestone;
import hudson.init.Initializer;
import hudson.model.AdministrativeMonitor;
import hudson.model.User;
import hudson.security.ACL;
import hudson.security.ACLContext;
import hudson.util.HttpResponses;
import io.jenkins.blueocean.rest.impl.pipeline.credential.BlueOceanCredentialsProvider;
import java.lang.reflect.InvocationTargetException;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.TimeUnit;
import jenkins.model.Jenkins;
import jenkins.scm.api.SCMSource;
import jenkins.util.SystemProperties;
import jenkins.util.Timer;
import org.apache.commons.lang.StringUtils;
import org.jenkinsci.Symbol;
import org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;
import org.kohsuke.stapler.HttpResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Extension
@Restricted({NoExternalUse.class})
@Symbol({"bo-credentials"})
/* loaded from: input_file:WEB-INF/lib/blueocean.jar:io/jenkins/blueocean/plugin/diagnosis/BlueOceanCredentialsMonitor.class */
public class BlueOceanCredentialsMonitor extends AdministrativeMonitor {
    private final Map<String, String> projectsNamesUrlsWithBoFolderCred = new ConcurrentHashMap();
    private static final Logger LOGGER = LoggerFactory.getLogger(BlueOceanCredentialsProvider.class);
    private static final long SCANNING_INTERVAL = SystemProperties.getLong(BlueOceanCredentialsMonitor.class.getName() + ".scanning.interval.minutes", 30L).longValue();

    public String getDisplayName() {
        return "Blue Ocean credentials provider";
    }

    public boolean isBlueOceanCredentialsProvidedEnabled() {
        return ((BlueOceanCredentialsProvider) ExtensionList.lookupSingleton(BlueOceanCredentialsProvider.class)).isEnabled((Object) null);
    }

    public boolean isActivated() {
        return !this.projectsNamesUrlsWithBoFolderCred.isEmpty() || isBlueOceanCredentialsProvidedEnabled();
    }

    public boolean isSecurity() {
        return true;
    }

    public Map<String, String> getProjectsNamesUrlsWithBoFolderCred() {
        return this.projectsNamesUrlsWithBoFolderCred;
    }

    @Initializer(after = InitMilestone.JOB_LOADED)
    public void scanBlueOceanCredentials() {
        if (SCANNING_INTERVAL < 1) {
            LOGGER.info("BlueOceanCredentialsMonitor scanning is deactivated");
        } else {
            Timer.get().scheduleAtFixedRate(this::scanInstance, 0L, SCANNING_INTERVAL, TimeUnit.MINUTES);
        }
    }

    public HttpResponse doScan() {
        Jenkins.get().checkPermission(Jenkins.ADMINISTER);
        scanInstance();
        return HttpResponses.redirectToDot();
    }

    private void scanInstance() {
        LOGGER.debug("scan multibranch projects");
        List<WorkflowMultiBranchProject> items = Jenkins.get().getItems(WorkflowMultiBranchProject.class);
        HashMap hashMap = new HashMap();
        for (WorkflowMultiBranchProject workflowMultiBranchProject : items) {
            for (SCMSource sCMSource : workflowMultiBranchProject.getSCMSources()) {
                try {
                    String str = (String) sCMSource.getClass().getDeclaredMethod("getCredentialsId", null).invoke(sCMSource, null);
                    BlueOceanCredentialsProvider.FolderPropertyImpl folderPropertyImpl = workflowMultiBranchProject.getProperties().get(BlueOceanCredentialsProvider.FolderPropertyImpl.class);
                    if (folderPropertyImpl != null && StringUtils.equals(folderPropertyImpl.getId(), str) && findCredentials(folderPropertyImpl.getUser(), str) != null) {
                        hashMap.put(workflowMultiBranchProject.getDisplayName(), workflowMultiBranchProject.getUrl());
                    }
                } catch (IllegalAccessException | IllegalArgumentException | InvocationTargetException e) {
                    LOGGER.debug("SCMSource: '" + sCMSource.getClass().getName() + "' cannot retrieve credentialId via getCredentialsId", e);
                } catch (NoSuchMethodException e2) {
                    LOGGER.debug("SCMSource: {} do not have method getCredentialsId", sCMSource.getClass().getName());
                }
            }
        }
        this.projectsNamesUrlsWithBoFolderCred.clear();
        this.projectsNamesUrlsWithBoFolderCred.putAll(hashMap);
        LOGGER.debug("end scan multibranch projects, projects found {}", Integer.valueOf(hashMap.size()));
    }

    private Credentials findCredentials(String str, String str2) {
        ACLContext as = ACL.as(User.get(str, false, Collections.emptyMap()).impersonate());
        Throwable th = null;
        try {
            StandardCredentials firstOrNull = CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(StandardCredentials.class, Jenkins.get(), Jenkins.getAuthentication(), (List) null), CredentialsMatchers.allOf(new CredentialsMatcher[]{CredentialsMatchers.withId(str2), CredentialsMatchers.withScope(CredentialsScope.USER)}));
            if (firstOrNull != null) {
                LOGGER.debug("find standardCredentials for user {} with id {} and description {}", new Object[]{str, str2, firstOrNull.getDescription()});
            } else {
                LOGGER.debug("find standardCredentials for user {} with id {}", str, str2);
            }
            return firstOrNull;
        } finally {
            if (as != null) {
                if (0 != 0) {
                    try {
                        as.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    as.close();
                }
            }
        }
    }
}
