package io.jenkins.plugins.gitlabserverconfig.servers;

import com.cloudbees.plugins.credentials.CredentialsMatcher;
import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.CredentialsScope;
import com.cloudbees.plugins.credentials.SystemCredentialsProvider;
import com.cloudbees.plugins.credentials.common.StandardCredentials;
import com.cloudbees.plugins.credentials.common.StandardListBoxModel;
import com.cloudbees.plugins.credentials.domains.URIRequirementBuilder;
import edu.umd.cs.findbugs.annotations.CheckForNull;
import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.Extension;
import hudson.Util;
import hudson.model.AbstractDescribableImpl;
import hudson.model.Descriptor;
import hudson.model.Item;
import hudson.model.ItemGroup;
import hudson.security.ACL;
import hudson.security.AccessControlled;
import hudson.util.FormValidation;
import hudson.util.ListBoxModel;
import hudson.util.Secret;
import io.jenkins.plugins.gitlabbranchsource.helpers.GitLabHelper;
import io.jenkins.plugins.gitlabserverconfig.credentials.helpers.GitLabCredentialMatcher;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.logging.Level;
import java.util.logging.Logger;
import jenkins.model.Jenkins;
import jenkins.scm.api.SCMName;
import org.apache.commons.lang.RandomStringUtils;
import org.apache.commons.lang.StringUtils;
import org.gitlab4j.api.GitLabApi;
import org.gitlab4j.api.GitLabApiException;
import org.gitlab4j.api.models.User;
import org.jenkinsci.Symbol;
import org.jenkinsci.plugins.plaincredentials.StringCredentials;
import org.jenkinsci.plugins.plaincredentials.impl.StringCredentialsImpl;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.DoNotUse;
import org.kohsuke.accmod.restrictions.NoExternalUse;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.interceptor.RequirePOST;

/* loaded from: input_file:WEB-INF/lib/gitlab-branch-source.jar:io/jenkins/plugins/gitlabserverconfig/servers/GitLabServer.class */
public class GitLabServer extends AbstractDescribableImpl<GitLabServer> {
    public static final String GITLAB_SERVER_DEFAULT_NAME = "default";
    public static final String GITLAB_SERVER_URL = "https://gitlab.com";
    public static final String EMPTY_TOKEN = "";
    private static final int SHORT_NAME_LENGTH = 4;

    @NonNull
    private final String name;

    @NonNull
    private final String serverUrl;
    private boolean manageWebHooks;
    private boolean manageSystemHooks;

    @NonNull
    private String credentialsId;
    private String hooksRootUrl;
    private transient Secret secretToken;

    @NonNull
    private String webhookSecretCredentialsId;
    private boolean immediateHookTrigger;
    private Integer hookTriggerDelay;
    public static final CredentialsMatcher CREDENTIALS_MATCHER = new GitLabCredentialMatcher();
    public static final Logger LOGGER = Logger.getLogger(GitLabServer.class.getName());
    private static final SecureRandom RANDOM = new SecureRandom();
    private static final String[] COMMON_PREFIX_HOSTNAMES = {"git.", "gitlab.", "vcs.", "scm.", "source."};
    public static final CredentialsMatcher WEBHOOK_SECRET_CREDENTIALS_MATCHER = CredentialsMatchers.instanceOf(StringCredentials.class);

    @Extension
    @Symbol({"gitLabServer"})
    /* loaded from: input_file:WEB-INF/lib/gitlab-branch-source.jar:io/jenkins/plugins/gitlabserverconfig/servers/GitLabServer$DescriptorImpl.class */
    public static class DescriptorImpl extends Descriptor<GitLabServer> {
        public static FormValidation doCheckServerUrl(@QueryParameter String str) {
            Jenkins.get().checkPermission(Jenkins.ADMINISTER);
            try {
                new URL(str);
                if (GitLabServer.GITLAB_SERVER_URL.equals(str)) {
                    GitLabServer.LOGGER.log(Level.FINEST, String.format("Community version of GitLab: %s", str));
                }
                try {
                    new GitLabApi(str, GitLabServer.EMPTY_TOKEN, (String) null, GitLabHelper.getProxyConfig(str)).getProjectApi().getProjects(1, 1);
                    return FormValidation.ok();
                } catch (GitLabApiException e) {
                    GitLabServer.LOGGER.log(Level.FINEST, String.format("Invalid GitLab Server Url: %s", str));
                    return FormValidation.error(Messages.GitLabServer_invalidUrl(str));
                }
            } catch (MalformedURLException e2) {
                GitLabServer.LOGGER.log(Level.SEVERE, "Incorrect url: %s", str);
                return FormValidation.error("Malformed url (%s)", new Object[]{e2.getMessage()});
            }
        }

        public static FormValidation doCheckHooksRootUrl(@QueryParameter String str) {
            if (StringUtils.isBlank(str)) {
                return FormValidation.ok();
            }
            try {
                new URL(str);
                if (!str.endsWith("/post") && !str.contains("/gitlab-webhook") && !str.contains("/gitlab-systemhook")) {
                    return FormValidation.ok();
                }
                GitLabServer.LOGGER.log(Level.FINEST, "Dubious hooks root URL: {0}", str);
                return FormValidation.warning("This looks like a full webhook URL, it should only be a root URL.");
            } catch (MalformedURLException e) {
                GitLabServer.LOGGER.log(Level.FINEST, "Malformed hooks root URL: {0}", str);
                return FormValidation.error("Malformed url (%s)", new Object[]{e.getMessage()});
            }
        }

        public static FormValidation doCheckHookTriggerDelay(@QueryParameter String str) {
            try {
                if (!str.isEmpty()) {
                    Integer.parseInt(str);
                }
                return FormValidation.ok();
            } catch (NumberFormatException e) {
                GitLabServer.LOGGER.log(Level.FINEST, "Invalid hook trigger delay: {0}", str);
                return FormValidation.error("Invalid hook trigger delay (%s)", new Object[]{e.getMessage()});
            }
        }

        @NonNull
        public String getDisplayName() {
            return Messages.GitLabServer_displayName();
        }

        @RequirePOST
        @Restricted({DoNotUse.class})
        public FormValidation doTestConnection(@QueryParameter String str, @QueryParameter String str2) {
            String privateTokenAsPlainText = GitLabHelper.getPrivateTokenAsPlainText(getCredentials(str, str2));
            if (privateTokenAsPlainText.equals(GitLabServer.EMPTY_TOKEN)) {
                try {
                    new GitLabApi(str, GitLabServer.EMPTY_TOKEN, (String) null, GitLabHelper.getProxyConfig(str)).getProjectApi().getProjects(1, 1);
                    return FormValidation.ok("Valid GitLab Server but no credentials specified");
                } catch (GitLabApiException e) {
                    GitLabServer.LOGGER.log(Level.SEVERE, "Invalid GitLab Server Url");
                    return FormValidation.errorWithMarkup(Messages.GitLabServer_credentialsNotResolved(Util.escape(str2)));
                }
            }
            try {
                User currentUser = new GitLabApi(str, privateTokenAsPlainText, (String) null, GitLabHelper.getProxyConfig(str)).getUserApi().getCurrentUser();
                GitLabServer.LOGGER.log(Level.FINEST, String.format("Connection established with the GitLab Server for %s", currentUser.getUsername()));
                return FormValidation.ok(String.format("Credentials verified for user %s", currentUser.getUsername()));
            } catch (GitLabApiException e2) {
                GitLabServer.LOGGER.log(Level.SEVERE, "Failed to connect with GitLab Server - %s", e2.getMessage());
                return FormValidation.error(e2, Messages.GitLabServer_failedValidation(Util.escape(e2.getMessage())));
            }
        }

        @Restricted({NoExternalUse.class})
        public ListBoxModel doFillCredentialsIdItems(@QueryParameter String str, @QueryParameter String str2) {
            Jenkins jenkins = Jenkins.get();
            return !jenkins.hasPermission(Jenkins.ADMINISTER) ? new StandardListBoxModel().includeCurrentValue(str2) : new StandardListBoxModel().includeEmptyValue().includeMatchingAs(ACL.SYSTEM, jenkins, StandardCredentials.class, URIRequirementBuilder.fromUri(str).build(), GitLabServer.CREDENTIALS_MATCHER);
        }

        @Restricted({NoExternalUse.class})
        public ListBoxModel doFillWebhookSecretCredentialsIdItems(@QueryParameter String str, @QueryParameter String str2) {
            Jenkins jenkins = Jenkins.get();
            return !jenkins.hasPermission(Jenkins.ADMINISTER) ? new StandardListBoxModel().includeCurrentValue(str2) : new StandardListBoxModel().includeEmptyValue().includeMatchingAs(ACL.SYSTEM, jenkins, StringCredentials.class, URIRequirementBuilder.fromUri(str).build(), GitLabServer.WEBHOOK_SECRET_CREDENTIALS_MATCHER);
        }

        private StandardCredentials getCredentials(String str, String str2) {
            Jenkins jenkins = Jenkins.get();
            jenkins.checkPermission(Jenkins.ADMINISTER);
            if (StringUtils.isBlank(str2)) {
                return null;
            }
            return CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(StandardCredentials.class, jenkins, ACL.SYSTEM, URIRequirementBuilder.fromUri(StringUtils.defaultIfBlank(str, GitLabServer.GITLAB_SERVER_URL)).build()), CredentialsMatchers.withId(str2));
        }
    }

    @DataBoundConstructor
    public GitLabServer(@NonNull String str, @NonNull String str2, @NonNull String str3) {
        this.serverUrl = StringUtils.defaultIfBlank(StringUtils.trim(str), GITLAB_SERVER_URL);
        this.name = StringUtils.isBlank(str2) ? getRandomName() : StringUtils.trim(str2);
        this.credentialsId = str3;
        this.webhookSecretCredentialsId = EMPTY_TOKEN;
    }

    private String getRandomName() {
        return String.format("%s-%s", SCMName.fromUrl(this.serverUrl, COMMON_PREFIX_HOSTNAMES), RandomStringUtils.randomNumeric(SHORT_NAME_LENGTH));
    }

    @NonNull
    public String getName() {
        return this.name;
    }

    @NonNull
    public String getServerUrl() {
        return this.serverUrl;
    }

    public boolean isManageWebHooks() {
        return this.manageWebHooks;
    }

    @DataBoundSetter
    public void setManageWebHooks(boolean z) {
        this.manageWebHooks = z;
    }

    public boolean isManageSystemHooks() {
        return this.manageSystemHooks;
    }

    @DataBoundSetter
    public void setManageSystemHooks(boolean z) {
        this.manageSystemHooks = z;
    }

    @NonNull
    public String getCredentialsId() {
        return this.credentialsId;
    }

    public StandardCredentials getCredentials(AccessControlled accessControlled) {
        Jenkins jenkins = Jenkins.get();
        if (accessControlled == null) {
            jenkins.checkPermission(CredentialsProvider.USE_OWN);
        } else {
            accessControlled.checkPermission(CredentialsProvider.USE_OWN);
        }
        if (StringUtils.isBlank(this.credentialsId)) {
            return null;
        }
        return CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(StandardCredentials.class, jenkins, ACL.SYSTEM, URIRequirementBuilder.fromUri(StringUtils.defaultIfBlank(this.serverUrl, GITLAB_SERVER_URL)).build()), CredentialsMatchers.withId(this.credentialsId));
    }

    @DataBoundSetter
    public void setHooksRootUrl(String str) {
        this.hooksRootUrl = Util.fixEmptyAndTrim(str);
    }

    @CheckForNull
    public String getHooksRootUrl() {
        return Util.ensureEndsWith(Util.fixEmptyAndTrim(this.hooksRootUrl), "/");
    }

    @DataBoundSetter
    @Deprecated
    public void setSecretToken(Secret secret) {
        this.secretToken = secret;
    }

    @DataBoundSetter
    public void setWebhookSecretCredentialsId(String str) {
        this.webhookSecretCredentialsId = str;
    }

    public String getWebhookSecretCredentialsId() {
        return this.webhookSecretCredentialsId;
    }

    public StringCredentials getWebhookSecretCredentials(AccessControlled accessControlled) {
        Jenkins jenkins = Jenkins.get();
        if (accessControlled == null) {
            jenkins.checkPermission(CredentialsProvider.USE_OWN);
            if (StringUtils.isBlank(this.webhookSecretCredentialsId)) {
                return null;
            }
            return CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(StringCredentials.class, jenkins, ACL.SYSTEM, URIRequirementBuilder.fromUri(StringUtils.defaultIfBlank(this.serverUrl, GITLAB_SERVER_URL)).build()), CredentialsMatchers.withId(this.webhookSecretCredentialsId));
        }
        accessControlled.checkPermission(CredentialsProvider.USE_OWN);
        if (accessControlled instanceof ItemGroup) {
            if (StringUtils.isBlank(this.webhookSecretCredentialsId)) {
                return null;
            }
            return CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(StringCredentials.class, (ItemGroup) accessControlled, ACL.SYSTEM, URIRequirementBuilder.fromUri(StringUtils.defaultIfBlank(this.serverUrl, GITLAB_SERVER_URL)).build()), CredentialsMatchers.withId(this.webhookSecretCredentialsId));
        }
        if (StringUtils.isBlank(this.webhookSecretCredentialsId)) {
            return null;
        }
        return CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(StringCredentials.class, (Item) accessControlled, ACL.SYSTEM, URIRequirementBuilder.fromUri(StringUtils.defaultIfBlank(this.serverUrl, GITLAB_SERVER_URL)).build()), CredentialsMatchers.withId(this.webhookSecretCredentialsId));
    }

    /* renamed from: getDescriptor, reason: merged with bridge method [inline-methods] */
    public DescriptorImpl m33getDescriptor() {
        return (DescriptorImpl) super.getDescriptor();
    }

    @Deprecated
    public Secret getSecretToken() {
        return this.secretToken;
    }

    private StringCredentials getWebhookSecretCredentials(String str) {
        Jenkins jenkins = Jenkins.get();
        if (StringUtils.isBlank(str)) {
            return null;
        }
        return CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(StringCredentials.class, jenkins, ACL.SYSTEM, new ArrayList()), CredentialsMatchers.withId(str));
    }

    public String getSecretTokenAsPlainText() {
        StringCredentials webhookSecretCredentials = getWebhookSecretCredentials(this.webhookSecretCredentialsId);
        if (webhookSecretCredentials != null) {
            return webhookSecretCredentials.getSecret().getPlainText();
        }
        return null;
    }

    private Object readResolve() {
        if (StringUtils.isBlank(this.webhookSecretCredentialsId) && this.secretToken != null) {
            migrateWebhookSecretCredentials();
        }
        return this;
    }

    private void migrateWebhookSecretCredentials() {
        Iterator it = CredentialsProvider.lookupCredentials(StringCredentials.class, Jenkins.get(), ACL.SYSTEM, Collections.emptyList()).iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            StringCredentials stringCredentials = (StringCredentials) it.next();
            if (StringUtils.equals(this.secretToken.getPlainText(), Secret.toString(stringCredentials.getSecret()))) {
                this.webhookSecretCredentialsId = stringCredentials.getId();
                break;
            }
        }
        if (StringUtils.isBlank(this.webhookSecretCredentialsId)) {
            StringCredentialsImpl stringCredentialsImpl = new StringCredentialsImpl(CredentialsScope.GLOBAL, (String) null, "Migrated from gitlab-branch-source-plugin webhook secret", this.secretToken);
            SystemCredentialsProvider.getInstance().getCredentials().add(stringCredentialsImpl);
            this.webhookSecretCredentialsId = stringCredentialsImpl.getId();
        }
        this.secretToken = null;
    }

    public boolean isImmediateHookTrigger() {
        return this.immediateHookTrigger;
    }

    @DataBoundSetter
    public void setImmediateHookTrigger(boolean z) {
        this.immediateHookTrigger = z;
    }

    @DataBoundSetter
    public void setHookTriggerDelay(String str) {
        try {
            this.hookTriggerDelay = Integer.valueOf(Integer.parseInt(str));
        } catch (NumberFormatException e) {
            this.hookTriggerDelay = null;
        }
    }

    @CheckForNull
    public Integer getHookTriggerDelay() {
        return this.hookTriggerDelay;
    }
}
