package io.jenkins.plugins.casc.core;

import edu.umd.cs.findbugs.annotations.CheckForNull;
import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.Extension;
import hudson.model.User;
import hudson.model.UserProperty;
import hudson.security.HudsonPrivateSecurityRealm;
import io.jenkins.plugins.casc.Attribute;
import io.jenkins.plugins.casc.ConfigurationContext;
import io.jenkins.plugins.casc.impl.attributes.MultivaluedAttribute;
import io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator;
import io.jenkins.plugins.casc.model.CNode;
import java.io.IOException;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.stream.Collectors;
import org.apache.commons.lang.StringUtils;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;

@Extension
@Restricted({NoExternalUse.class})
/* loaded from: input_file:io/jenkins/plugins/casc/core/HudsonPrivateSecurityRealmConfigurator.class */
public class HudsonPrivateSecurityRealmConfigurator extends DataBoundConfigurator<HudsonPrivateSecurityRealm> {
    private static final Logger logger = Logger.getLogger(HudsonPrivateSecurityRealmConfigurator.class.getName());
    private static final String HASHED_PASSWORD_PREFIX = "#jbcrypt:";

    /* loaded from: input_file:io/jenkins/plugins/casc/core/HudsonPrivateSecurityRealmConfigurator$UserWithPassword.class */
    public static class UserWithPassword {
        private final String id;
        private final String password;
        private String name;
        private String description;
        private List<UserProperty> properties;

        @DataBoundConstructor
        public UserWithPassword(String str, String str2) {
            this.id = str;
            this.password = str2;
        }

        @DataBoundSetter
        public void setName(String str) {
            this.name = str;
        }

        @DataBoundSetter
        public void setDescription(String str) {
            this.description = str;
        }

        @DataBoundSetter
        public void setProperties(List<UserProperty> list) {
            this.properties = list;
        }

        public String getId() {
            return this.id;
        }

        public String getName() {
            return this.name;
        }

        public String getDescription() {
            return this.description;
        }

        public List<UserProperty> getProperties() {
            return this.properties;
        }
    }

    public HudsonPrivateSecurityRealmConfigurator() {
        super(HudsonPrivateSecurityRealm.class);
    }

    @Override // io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator, io.jenkins.plugins.casc.BaseConfigurator, io.jenkins.plugins.casc.Configurator
    @NonNull
    public Set<Attribute<HudsonPrivateSecurityRealm, ?>> describe() {
        Set<Attribute<HudsonPrivateSecurityRealm, ?>> describe = super.describe();
        describe.add(new MultivaluedAttribute("users", UserWithPassword.class).getter(HudsonPrivateSecurityRealmConfigurator::getter).setter(HudsonPrivateSecurityRealmConfigurator::setter));
        return describe;
    }

    @Override // io.jenkins.plugins.casc.impl.configurators.DataBoundConfigurator, io.jenkins.plugins.casc.Configurator
    @CheckForNull
    public CNode describe(HudsonPrivateSecurityRealm hudsonPrivateSecurityRealm, ConfigurationContext configurationContext) throws Exception {
        if (System.getProperty("io.jenkins.plugins.casc.core.HudsonPrivateSecurityRealmConfigurator.exportUsers", "false").equals("true")) {
            return super.describe((HudsonPrivateSecurityRealmConfigurator) hudsonPrivateSecurityRealm, configurationContext);
        }
        return null;
    }

    private static Collection<UserWithPassword> getter(HudsonPrivateSecurityRealm hudsonPrivateSecurityRealm) {
        return (Collection) hudsonPrivateSecurityRealm.getAllUsers().stream().map(user -> {
            UserWithPassword userWithPassword = new UserWithPassword(user.getId(), null);
            userWithPassword.setName(user.getFullName());
            userWithPassword.setDescription(user.getDescription());
            userWithPassword.setProperties((List) user.getAllProperties().stream().filter(userProperty -> {
                return !userProperty.getClass().getName().equals("com.cloudbees.plugins.credentials.UserCredentialsProvider$UserCredentialsProperty");
            }).collect(Collectors.toList()));
            return userWithPassword;
        }).collect(Collectors.toList());
    }

    private static void setter(HudsonPrivateSecurityRealm hudsonPrivateSecurityRealm, Collection<UserWithPassword> collection) throws IOException {
        for (UserWithPassword userWithPassword : collection) {
            User createAccountOrLookupById = createAccountOrLookupById(hudsonPrivateSecurityRealm, userWithPassword);
            createAccountOrLookupById.setFullName(userWithPassword.name);
            createAccountOrLookupById.setDescription(userWithPassword.description);
            if (userWithPassword.getProperties() != null) {
                Iterator<UserProperty> it = userWithPassword.getProperties().iterator();
                while (it.hasNext()) {
                    createAccountOrLookupById.addProperty(it.next());
                }
            }
        }
    }

    private static User createAccountOrLookupById(HudsonPrivateSecurityRealm hudsonPrivateSecurityRealm, UserWithPassword userWithPassword) throws IOException {
        User byId;
        if (!StringUtils.isNotBlank(userWithPassword.password)) {
            byId = User.getById(userWithPassword.id, false);
            if (byId == null) {
                throw new IllegalArgumentException("No password supplied for user: " + userWithPassword.id + " and couldn't find the user in the existing jenkins user database");
            }
        } else if (StringUtils.startsWith(userWithPassword.password, HASHED_PASSWORD_PREFIX)) {
            try {
                byId = hudsonPrivateSecurityRealm.createAccountWithHashedPassword(userWithPassword.id, userWithPassword.password);
            } catch (IOException | IllegalArgumentException e) {
                logger.log(Level.WARNING, "Failed to create user with presumed hashed password", e);
                byId = hudsonPrivateSecurityRealm.createAccount(userWithPassword.id, userWithPassword.password);
            }
        } else {
            byId = hudsonPrivateSecurityRealm.createAccount(userWithPassword.id, userWithPassword.password);
        }
        return byId;
    }
}
