package io.jenkins.plugins.zscaler;

import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.common.StandardListBoxModel;
import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials;
import com.cloudbees.plugins.credentials.domains.URIRequirementBuilder;
import com.google.common.collect.Maps;
import hudson.AbortException;
import hudson.Extension;
import hudson.ExtensionList;
import hudson.ExtensionPoint;
import hudson.model.Job;
import hudson.security.ACL;
import hudson.util.FormValidation;
import hudson.util.ListBoxModel;
import io.jenkins.plugins.zscaler.models.CreateIntegrationResponse;
import io.jenkins.plugins.zscaler.models.Region;
import io.jenkins.plugins.zscaler.models.ValidateIntegrationRequest;
import java.io.Serializable;
import java.nio.charset.Charset;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.logging.Level;
import java.util.logging.Logger;
import jenkins.model.GlobalConfiguration;
import jenkins.model.Jenkins;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.DataBoundSetter;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.verb.POST;
import retrofit2.Response;

@Extension
/* loaded from: input_file:io/jenkins/plugins/zscaler/Configuration.class */
public class Configuration extends GlobalConfiguration implements Serializable, ExtensionPoint {
    private static final String CUSTOM_REGION = "custom";
    private String region;
    private String credentialsId;
    private String IntegrationId;
    private String apiUrl;
    private String authUrl;
    private String reportUrl;
    private static final Logger LOGGER = Logger.getLogger(Configuration.class.getName());
    private static final Map<String, Region> REGIONTOURLMAP = Maps.newHashMap();

    public static Configuration get() {
        return (Configuration) ExtensionList.lookupSingleton(Configuration.class);
    }

    public Configuration() {
        load();
    }

    public String getRegion() {
        return this.region;
    }

    @DataBoundSetter
    public void setRegion(String str) {
        this.region = str;
        save();
    }

    public String getCredentialsId() {
        return this.credentialsId;
    }

    @DataBoundSetter
    public void setCredentialsId(String str) {
        this.credentialsId = str;
        save();
    }

    @DataBoundSetter
    public void setApiUrl(String str) {
        this.apiUrl = str;
        save();
    }

    public String getApiUrl() {
        if (this.region == null) {
            return null;
        }
        return CUSTOM_REGION.equals(this.region) ? this.apiUrl : REGIONTOURLMAP.get(this.region).getApiUrl();
    }

    public String getAuthUrl() {
        if (this.region == null) {
            return null;
        }
        return CUSTOM_REGION.equals(this.region) ? this.authUrl : REGIONTOURLMAP.get(this.region).getAuthUrl();
    }

    @DataBoundSetter
    public void setAuthUrl(String str) {
        this.authUrl = str;
    }

    public String getIntegrationId() {
        return this.IntegrationId;
    }

    public void setIntegrationId(String str) {
        this.IntegrationId = str;
        save();
    }

    public String getReportUrl() {
        if (this.region == null) {
            return null;
        }
        return CUSTOM_REGION.equals(this.region) ? this.reportUrl != null ? this.reportUrl : Region.US.getReportUrl() : REGIONTOURLMAP.get(this.region).getReportUrl();
    }

    public void setReportUrl(String str) {
        this.reportUrl = str;
    }

    public ListBoxModel doFillCredentialsIdItems(@QueryParameter String str, @QueryParameter String str2) {
        return !Jenkins.get().hasPermission(Jenkins.ADMINISTER) ? new StandardListBoxModel().includeCurrentValue(str2) : new StandardListBoxModel().includeEmptyValue().includeMatchingAs(ACL.SYSTEM, Jenkins.get(), StandardUsernamePasswordCredentials.class, URIRequirementBuilder.create().build(), CredentialsMatchers.always());
    }

    @POST
    public FormValidation doValidate(@QueryParameter("region") String str, @QueryParameter("credentialsId") String str2, @QueryParameter("apiUrl") String str3, @QueryParameter("authUrl") String str4, @AncestorInPath Job job) {
        String apiUrl;
        String authUrl;
        Jenkins.get().checkPermission(Jenkins.ADMINISTER);
        if (CUSTOM_REGION.equals(str)) {
            apiUrl = str3;
            authUrl = str4;
        } else {
            apiUrl = REGIONTOURLMAP.get(str).getApiUrl();
            authUrl = REGIONTOURLMAP.get(str).getAuthUrl();
        }
        if (apiUrl == null || apiUrl.isEmpty()) {
            return FormValidation.error("Invalid region");
        }
        Optional<StandardUsernamePasswordCredentials> resolveUserNamePassword = resolveUserNamePassword(str2);
        if (!resolveUserNamePassword.isPresent()) {
            return FormValidation.error("Credentials not found");
        }
        String username = resolveUserNamePassword.get().getUsername();
        ClientCredAuthentication clientCredAuthentication = new ClientCredAuthentication(authUrl, username, resolveUserNamePassword.get().getPassword().getPlainText(), Jenkins.get().proxy);
        try {
            if (!StringUtils.isNotBlank(clientCredAuthentication.populateAccessToken())) {
                return FormValidation.error("Validation failed");
            }
            try {
                validateInstallation(apiUrl, username, Jenkins.get().getRootUrl(), clientCredAuthentication);
                return FormValidation.ok("Validation is successful");
            } catch (Exception e) {
                LOGGER.log(Level.SEVERE, "Validation failed due to - " + e.getMessage());
                return FormValidation.error("Validation Failed due to - " + e.getMessage());
            }
        } catch (AbortException e2) {
            LOGGER.log(Level.SEVERE, "Validation failed due to - " + e2.getMessage());
            return FormValidation.error("Validation failed");
        }
    }

    public static Optional<StandardUsernamePasswordCredentials> resolveUserNamePassword(String str) {
        List filter = CredentialsMatchers.filter(CredentialsProvider.lookupCredentials(StandardUsernamePasswordCredentials.class, Jenkins.get(), ACL.SYSTEM, Collections.emptyList()), CredentialsMatchers.withId(StringUtils.trimToEmpty(str)));
        return filter.isEmpty() ? Optional.empty() : Optional.of(filter.get(0));
    }

    private void validateInstallation(String str, String str2, String str3, ClientCredAuthentication clientCredAuthentication) throws Exception {
        Response execute = ((CWPService) ClientUtils.createRetrofit(str, ClientUtils.getAuthInterceptor(clientCredAuthentication), Jenkins.get().proxy).create(CWPService.class)).validateIntegration(new ValidateIntegrationRequest(str2, str3)).execute();
        if (execute.code() != 200) {
            throw new Exception(IOUtils.toString(execute.errorBody().byteStream(), Charset.defaultCharset()));
        }
        CreateIntegrationResponse createIntegrationResponse = (CreateIntegrationResponse) execute.body();
        if (createIntegrationResponse != null) {
            setIntegrationId(createIntegrationResponse.getIntegrationId());
        }
    }

    static {
        REGIONTOURLMAP.put("US", Region.US);
    }
}
