package io.jenkins.blueocean.blueocean_github_pipeline;

import com.cloudbees.plugins.credentials.CredentialsScope;
import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials;
import com.cloudbees.plugins.credentials.domains.DomainRequirement;
import com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl;
import com.fasterxml.jackson.annotation.JsonAutoDetect;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.introspect.VisibilityChecker;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableList;
import hudson.Extension;
import hudson.model.User;
import hudson.tasks.Mailer;
import io.jenkins.blueocean.commons.ErrorMessage;
import io.jenkins.blueocean.commons.ServiceException;
import io.jenkins.blueocean.credential.CredentialsUtils;
import io.jenkins.blueocean.rest.Reachable;
import io.jenkins.blueocean.rest.hal.Link;
import io.jenkins.blueocean.rest.impl.pipeline.credential.BlueOceanDomainRequirement;
import io.jenkins.blueocean.rest.impl.pipeline.credential.BlueOceanDomainSpecification;
import io.jenkins.blueocean.rest.impl.pipeline.scm.AbstractScm;
import io.jenkins.blueocean.rest.impl.pipeline.scm.Scm;
import io.jenkins.blueocean.rest.impl.pipeline.scm.ScmFactory;
import io.jenkins.blueocean.rest.impl.pipeline.scm.ScmOrganization;
import io.jenkins.blueocean.rest.impl.pipeline.scm.ScmServerEndpointContainer;
import io.jenkins.blueocean.rest.model.Container;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.net.UnknownHostException;
import java.util.AbstractMap;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.Map;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.sf.json.JSONObject;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.kohsuke.github.GHMyself;
import org.kohsuke.github.GHOrganization;
import org.kohsuke.github.GHUser;
import org.kohsuke.github.GitHub;
import org.kohsuke.github.HttpException;
import org.kohsuke.stapler.HttpResponse;
import org.kohsuke.stapler.Stapler;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.json.JsonBody;

/* loaded from: input_file:io/jenkins/blueocean/blueocean_github_pipeline/GithubScm.class */
public class GithubScm extends AbstractScm {
    public static final String ID = "github";
    private static final String USER_EMAIL_SCOPE = "user:email";
    private static final String USER_SCOPE = "user";
    private static final String REPO_SCOPE = "repo";
    static final String DOMAIN_NAME = "blueocean-github-domain";
    static final String CREDENTIAL_DESCRIPTION = "GitHub Access Token";
    static final ObjectMapper om = new ObjectMapper();
    protected final Reachable parent;

    @Extension
    /* loaded from: input_file:io/jenkins/blueocean/blueocean_github_pipeline/GithubScm$GithubScmFactory.class */
    public static class GithubScmFactory extends ScmFactory {
        public Scm getScm(@Nonnull String str, @Nonnull Reachable reachable) {
            if (str.equals(GithubScm.ID)) {
                return new GithubScm(reachable);
            }
            return null;
        }

        @Nonnull
        public Scm getScm(Reachable reachable) {
            return new GithubScm(reachable);
        }
    }

    public GithubScm(Reachable reachable) {
        this.parent = reachable;
    }

    public Link getLink() {
        return this.parent.getLink().rel(ID);
    }

    @Nonnull
    public String getId() {
        return ID;
    }

    @Nonnull
    public String getUri() {
        String customApiUri = getCustomApiUri();
        return !StringUtils.isEmpty(customApiUri) ? customApiUri : "https://api.github.com";
    }

    public String getCredentialDomainName() {
        return DOMAIN_NAME;
    }

    public String getCredentialId() {
        StandardUsernamePasswordCredentials credential = getCredential(getUri());
        if (credential != null) {
            return credential.getId();
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public StandardUsernamePasswordCredentials getCredential(String str) {
        return CredentialsUtils.findCredential(createCredentialId(str), StandardUsernamePasswordCredentials.class, new DomainRequirement[]{new BlueOceanDomainRequirement()});
    }

    public Object getState() {
        validateExistingAccessToken();
        return super.getState();
    }

    public Container<ScmOrganization> getOrganizations() {
        String computeCredentialId = GithubCredentialUtils.computeCredentialId(getCredentialIdFromRequest(Stapler.getCurrentRequest()), getId(), getUri());
        User authenticatedUser = getAuthenticatedUser();
        StandardUsernamePasswordCredentials findCredential = CredentialsUtils.findCredential(computeCredentialId, StandardUsernamePasswordCredentials.class, new DomainRequirement[]{new BlueOceanDomainRequirement()});
        if (findCredential == null) {
            throw new ServiceException.BadRequestException(String.format("Credential id: %s not found for user %s", computeCredentialId, authenticatedUser.getId()));
        }
        try {
            GitHub connect = GitHubFactory.connect(findCredential.getPassword().getPlainText(), getUri());
            final Link rel = getLink().rel("organizations");
            AbstractMap linkedHashMap = new LinkedHashMap();
            for (Map.Entry entry : connect.getMyOrganizations().entrySet()) {
                linkedHashMap.put(entry.getKey(), new GithubOrganization(this, (GHOrganization) entry.getValue(), findCredential, rel));
            }
            GHMyself myself = connect.getMyself();
            if (linkedHashMap.get(myself.getLogin()) == null) {
                linkedHashMap = new HashMap(linkedHashMap);
                linkedHashMap.put(myself.getLogin(), new GithubUserOrganization(myself, findCredential, this));
            }
            final AbstractMap abstractMap = linkedHashMap;
            return new Container<ScmOrganization>() { // from class: io.jenkins.blueocean.blueocean_github_pipeline.GithubScm.1
                /* renamed from: get, reason: merged with bridge method [inline-methods] */
                public ScmOrganization m7get(String str) {
                    ScmOrganization scmOrganization = (ScmOrganization) abstractMap.get(str);
                    if (scmOrganization == null) {
                        throw new ServiceException.NotFoundException(String.format("GitHub organization %s not found", str));
                    }
                    return scmOrganization;
                }

                public Link getLink() {
                    return rel;
                }

                public Iterator<ScmOrganization> iterator() {
                    return abstractMap.values().iterator();
                }
            };
        } catch (IOException e) {
            if (e instanceof HttpException) {
                HttpException httpException = e;
                if (httpException.getResponseCode() == 401) {
                    throw new ServiceException.PreconditionRequired("Invalid Github accessToken", httpException);
                }
                if (httpException.getResponseCode() == 403) {
                    throw new ServiceException.PreconditionRequired("Github accessToken does not have required scopes. Expected scopes 'user:email, repo'", httpException);
                }
            }
            throw new ServiceException.UnexpectedErrorException(e.getMessage(), e);
        }
    }

    public ScmServerEndpointContainer getServers() {
        return null;
    }

    public boolean isOrganizationAvatarSupported() {
        return true;
    }

    @Nonnull
    protected String createCredentialId(@Nonnull String str) {
        return GithubCredentialUtils.computeCredentialId(null, ID, str);
    }

    @Nonnull
    protected String getCredentialDescription() {
        return CREDENTIAL_DESCRIPTION;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Nonnull
    public String getCustomApiUri() {
        String normalizeUrl;
        StaplerRequest currentRequest = Stapler.getCurrentRequest();
        Preconditions.checkNotNull(currentRequest, "Must be called in HTTP request context");
        String parameter = currentRequest.getParameter("apiUrl");
        if (StringUtils.isEmpty(parameter)) {
            normalizeUrl = "";
        } else {
            try {
                new URI(parameter);
                normalizeUrl = normalizeUrl(parameter);
            } catch (URISyntaxException e) {
                throw new ServiceException.BadRequestException(new ErrorMessage(400, "Invalid URI: " + parameter));
            }
        }
        return normalizeUrl;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String normalizeUrl(@Nonnull String str) {
        if (str.endsWith("/")) {
            str = str.substring(0, str.length() - 1);
        }
        return str;
    }

    public HttpResponse validateAndCreate(@JsonBody JSONObject jSONObject) {
        String str = (String) jSONObject.get("accessToken");
        if (str == null) {
            throw new ServiceException.BadRequestException("accessToken is required");
        }
        try {
            User authenticatedUser = getAuthenticatedUser();
            HttpURLConnection connect = connect(String.format("%s/%s", getUri(), USER_SCOPE), str);
            validateAccessTokenScopes(connect);
            GHUser gHUser = (GHUser) om.readValue(IOUtils.toString(connect.getInputStream()), GHUser.class);
            if (gHUser.getEmail() != null && authenticatedUser.getProperty(Mailer.UserProperty.class) == null) {
                authenticatedUser.addProperty(new Mailer.UserProperty(gHUser.getEmail()));
            }
            String createCredentialId = createCredentialId(getUri());
            StandardUsernamePasswordCredentials findCredential = CredentialsUtils.findCredential(createCredentialId, StandardUsernamePasswordCredentials.class, new DomainRequirement[]{new BlueOceanDomainRequirement()});
            UsernamePasswordCredentialsImpl usernamePasswordCredentialsImpl = new UsernamePasswordCredentialsImpl(CredentialsScope.USER, createCredentialId, getCredentialDescription(), authenticatedUser.getId(), str);
            if (findCredential == null) {
                CredentialsUtils.createCredentialsInUserStore(usernamePasswordCredentialsImpl, authenticatedUser, getCredentialDomainName(), ImmutableList.of(new BlueOceanDomainSpecification()));
            } else {
                CredentialsUtils.updateCredentialsInUserStore(findCredential, usernamePasswordCredentialsImpl, authenticatedUser, getCredentialDomainName(), ImmutableList.of(new BlueOceanDomainSpecification()));
            }
            return createResponse(usernamePasswordCredentialsImpl.getId());
        } catch (IOException e) {
            if ((e instanceof MalformedURLException) || (e instanceof UnknownHostException)) {
                throw new ServiceException.BadRequestException(new ErrorMessage(400, "Invalid apiUrl").add(new ErrorMessage.Error("apiUrl", ErrorMessage.Error.ErrorCodes.INVALID.toString(), e.getMessage())));
            }
            throw new ServiceException.UnexpectedErrorException(e.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static HttpURLConnection connect(String str, String str2) throws IOException {
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
        httpURLConnection.setDoOutput(true);
        httpURLConnection.setRequestMethod("GET");
        httpURLConnection.setRequestProperty("Content-type", "application/json");
        httpURLConnection.setRequestProperty("Authorization", "token " + str2);
        httpURLConnection.connect();
        int responseCode = httpURLConnection.getResponseCode();
        if (responseCode == 401) {
            throw new ServiceException.PreconditionRequired("Invalid accessToken");
        }
        if (responseCode == 403) {
            throw new ServiceException.PreconditionRequired("Github accessToken does not have required scopes. Expected scopes 'user:email, repo'");
        }
        if (responseCode == 404) {
            throw new ServiceException.NotFoundException(String.format("Remote server at %s responded with code 404.", str));
        }
        if (responseCode != 200) {
            throw new ServiceException.BadRequestException(String.format("Github Api returned error: %s. Error message: %s.", Integer.valueOf(httpURLConnection.getResponseCode()), httpURLConnection.getResponseMessage()));
        }
        return httpURLConnection;
    }

    protected void validateExistingAccessToken() {
        StandardUsernamePasswordCredentials findCredential = CredentialsUtils.findCredential(createCredentialId(getUri()), StandardUsernamePasswordCredentials.class, new DomainRequirement[]{new BlueOceanDomainRequirement()});
        if (findCredential != null) {
            try {
                validateAccessTokenScopes(connect(String.format("%s/%s", getUri(), USER_SCOPE), findCredential.getPassword().getPlainText()));
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void validateAccessTokenScopes(HttpURLConnection httpURLConnection) {
        String headerField = httpURLConnection.getHeaderField("X-OAuth-Scopes");
        if (headerField == null) {
            throw new ServiceException.PreconditionRequired("No scopes associated with this token. Expected scopes 'user:email, repo'.");
        }
        ArrayList arrayList = new ArrayList();
        for (String str : headerField.split(",")) {
            arrayList.add(str.trim());
        }
        ArrayList arrayList2 = new ArrayList();
        if (!arrayList.contains(USER_EMAIL_SCOPE) && !arrayList.contains(USER_SCOPE)) {
            arrayList2.add(USER_EMAIL_SCOPE);
        }
        if (!arrayList.contains(REPO_SCOPE)) {
            arrayList2.add(REPO_SCOPE);
        }
        if (!arrayList2.isEmpty()) {
            throw new ServiceException.PreconditionRequired("Invalid token, its missing scopes: " + StringUtils.join(arrayList2, ","));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void validateUserHasPushPermission(@Nonnull String str, @Nullable String str2, @Nullable String str3, @Nullable String str4) {
        try {
            if (!((GHRepoEx) HttpRequest.get(String.format("%s/repos/%s/%s", str, str3, str4)).withAuthorizationToken(str2).to(GHRepoEx.class)).hasPushAccess()) {
                throw new ServiceException.PreconditionRequired(String.format("You do not have permission to push changes to %s/%s", str3, str4));
            }
        } catch (IOException e) {
            throw new ServiceException.UnexpectedErrorException(String.format("Could not load repository metadata for %s/%s", str3, str4), e);
        }
    }

    static {
        om.setVisibilityChecker(new VisibilityChecker.Std(JsonAutoDetect.Visibility.NONE, JsonAutoDetect.Visibility.NONE, JsonAutoDetect.Visibility.NONE, JsonAutoDetect.Visibility.NONE, JsonAutoDetect.Visibility.ANY));
        om.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
    }
}
