package org.jenkinsci.plugins;

import com.github.benmanes.caffeine.cache.Cache;
import com.github.benmanes.caffeine.cache.Caffeine;
import hudson.security.SecurityRealm;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;
import jenkins.model.Jenkins;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.GrantedAuthorityImpl;
import org.acegisecurity.providers.AbstractAuthenticationToken;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.gitlab4j.api.Constants;
import org.gitlab4j.api.GitLabApi;
import org.gitlab4j.api.GitLabApiException;
import org.gitlab4j.api.models.Group;
import org.gitlab4j.api.models.Project;
import org.gitlab4j.api.models.User;

/* loaded from: input_file:WEB-INF/lib/gitlab-oauth.jar:org/jenkinsci/plugins/GitLabAuthenticationToken.class */
public class GitLabAuthenticationToken extends AbstractAuthenticationToken {
    private final String accessToken;
    private final String userName;
    private final transient GitLabApi gitLabAPI;
    private final transient User me;
    private transient GitLabSecurityRealm myRealm;
    private final List<GrantedAuthority> authorities;
    private static final long serialVersionUID = 1;
    private static final Cache<String, Set<String>> userOrganizationCache = Caffeine.newBuilder().expireAfterWrite(serialVersionUID, TimeUnit.HOURS).build();
    private static final Cache<String, Set<String>> repositoryCollaboratorsCache = Caffeine.newBuilder().expireAfterWrite(serialVersionUID, TimeUnit.HOURS).build();
    private static final Cache<String, Set<String>> repositoriesByUserCache = Caffeine.newBuilder().expireAfterWrite(serialVersionUID, TimeUnit.HOURS).build();
    private static final Cache<String, Boolean> publicRepositoryCache = Caffeine.newBuilder().expireAfterWrite(serialVersionUID, TimeUnit.HOURS).build();
    private static final Cache<String, List<Project>> groupRepositoriesCache = Caffeine.newBuilder().expireAfterWrite(serialVersionUID, TimeUnit.HOURS).build();
    private static final Logger LOGGER = Logger.getLogger(GitLabAuthenticationToken.class.getName());

    public GitLabAuthenticationToken(String str, String str2, Constants.TokenType tokenType) throws GitLabApiException {
        super(new GrantedAuthority[0]);
        this.myRealm = null;
        this.authorities = new ArrayList();
        this.accessToken = str;
        this.gitLabAPI = new GitLabApi(str2, tokenType, str);
        this.me = (User) Objects.requireNonNull(this.gitLabAPI.getUserApi().getCurrentUser());
        setAuthenticated(true);
        this.userName = this.me.getUsername();
        this.authorities.add(SecurityRealm.AUTHENTICATED_AUTHORITY);
        Jenkins instanceOrNull = Jenkins.getInstanceOrNull();
        if (instanceOrNull == null || !(instanceOrNull.getSecurityRealm() instanceof GitLabSecurityRealm)) {
            return;
        }
        this.myRealm = (GitLabSecurityRealm) instanceOrNull.getSecurityRealm();
        for (Group group : this.gitLabAPI.getGroupApi().getGroups()) {
            LOGGER.log(Level.FINE, "Fetch teams for user " + this.userName + " in organization " + group.getName());
            this.authorities.add(new GitLabOAuthGroupDetails(group).getAuth());
        }
    }

    public static void clearCaches() {
        userOrganizationCache.invalidateAll();
        repositoryCollaboratorsCache.invalidateAll();
        repositoriesByUserCache.invalidateAll();
        groupRepositoriesCache.invalidateAll();
    }

    public String getAccessToken() {
        return this.accessToken;
    }

    public GitLabApi getGitLabAPI() {
        return this.gitLabAPI;
    }

    public GrantedAuthority[] getAuthorities() {
        return (GrantedAuthority[]) this.authorities.toArray(new GrantedAuthority[0]);
    }

    public Object getCredentials() {
        return "";
    }

    /* renamed from: getPrincipal, reason: merged with bridge method [inline-methods] */
    public String m1getPrincipal() {
        return this.userName;
    }

    public User getMyself() {
        return this.me;
    }

    public boolean hasOrganizationPermission(String str, String str2) {
        Set set = (Set) userOrganizationCache.get(str, str3 -> {
            try {
                List groups = this.gitLabAPI.getGroupApi().getGroups();
                HashSet hashSet = new HashSet();
                Iterator it = groups.iterator();
                while (it.hasNext()) {
                    hashSet.add(((Group) it.next()).getName());
                }
                return hashSet;
            } catch (GitLabApiException e) {
                throw new RuntimeException("authorization failed for user = " + str, e);
            }
        });
        return set != null && set.contains(str2);
    }

    public boolean hasRepositoryPermission(String str) {
        return myRepositories().contains(str);
    }

    public Set<String> myRepositories() {
        return (Set) repositoriesByUserCache.get(getName(), str -> {
            try {
                List projects = this.gitLabAPI.getProjectApi().getProjects();
                Set<String> emptySet = Collections.emptySet();
                if (projects != null) {
                    emptySet = listToNames(projects);
                }
                return emptySet;
            } catch (GitLabApiException e) {
                throw new RuntimeException((Throwable) e);
            }
        });
    }

    public Set<String> listToNames(Collection<Project> collection) {
        HashSet hashSet = new HashSet();
        Iterator<Project> it = collection.iterator();
        while (it.hasNext()) {
            hashSet.add(it.next().getPathWithNamespace());
        }
        return hashSet;
    }

    public boolean isPublicRepository(String str) {
        Boolean bool = (Boolean) publicRepositoryCache.get(str, str2 -> {
            Project loadRepository = loadRepository(str);
            return loadRepository == null ? Boolean.FALSE : Boolean.valueOf(Boolean.TRUE.equals(loadRepository.getPublic()));
        });
        return bool != null && bool.booleanValue();
    }

    public User loadUser(String str) {
        try {
            if (this.gitLabAPI == null || !isAuthenticated()) {
                return null;
            }
            List findUsers = this.gitLabAPI.getUserApi().findUsers(str);
            if (CollectionUtils.isNotEmpty(findUsers)) {
                return (User) findUsers.get(0);
            }
            return null;
        } catch (GitLabApiException e) {
            LOGGER.log(Level.FINEST, e.getMessage(), e);
            return null;
        }
    }

    public Group loadOrganization(String str) {
        if (StringUtils.isEmpty(str)) {
            return null;
        }
        try {
            if (this.gitLabAPI == null || !isAuthenticated()) {
                return null;
            }
            List groups = this.gitLabAPI.getGroupApi().getGroups();
            if (groups.isEmpty()) {
                return null;
            }
            return (Group) groups.stream().filter(group -> {
                return group.getName().equalsIgnoreCase(str);
            }).findFirst().orElse(null);
        } catch (GitLabApiException e) {
            LOGGER.log(Level.FINEST, e.getMessage(), e);
            return null;
        }
    }

    public Project loadRepository(String str) {
        try {
            if (this.gitLabAPI == null || !isAuthenticated()) {
                return null;
            }
            return this.gitLabAPI.getProjectApi().getProject(str);
        } catch (GitLabApiException e) {
            LOGGER.log(Level.WARNING, "Looks like a bad GitLab URL OR the Jenkins user does not have access to the repository{0}", str);
            return null;
        }
    }

    public GitLabOAuthUserDetails getUserDetails(String str) {
        User loadUser = loadUser(str);
        if (loadUser == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        try {
            Iterator it = this.gitLabAPI.getGroupApi().getGroups().iterator();
            while (it.hasNext()) {
                arrayList.add(new GrantedAuthorityImpl(((Group) it.next()).getName()));
            }
        } catch (GitLabApiException e) {
            LOGGER.log(Level.FINE, e.getMessage(), e);
        }
        return new GitLabOAuthUserDetails(loadUser, (GrantedAuthority[]) arrayList.toArray(new GrantedAuthority[0]));
    }

    public List<Project> getGroupProjects(Group group) {
        return (List) groupRepositoriesCache.get(group.getFullPath(), str -> {
            try {
                return this.gitLabAPI.getGroupApi().getProjects(group);
            } catch (GitLabApiException e) {
                throw new RuntimeException((Throwable) e);
            }
        });
    }
}
