package com.google.jenkins.plugins.credentials.oauth;

import com.cloudbees.plugins.credentials.CredentialsScope;
import com.cloudbees.plugins.credentials.NameWith;
import com.cloudbees.plugins.credentials.domains.Domain;
import com.cloudbees.plugins.credentials.domains.DomainRequirement;
import com.cloudbees.plugins.credentials.domains.DomainRestrictedCredentials;
import com.google.api.client.googleapis.compute.ComputeCredential;
import com.google.api.services.oauth2.Oauth2;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Splitter;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Lists;
import com.google.jenkins.plugins.util.ExecutorException;
import hudson.Extension;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.List;
import javax.annotation.Nullable;
import org.kohsuke.stapler.DataBoundConstructor;

@NameWith(value = GoogleRobotNameProvider.class, priority = 50)
/* loaded from: input_file:WEB-INF/lib/google-oauth-plugin.jar:com/google/jenkins/plugins/credentials/oauth/GoogleRobotMetadataCredentials.class */
public final class GoogleRobotMetadataCredentials extends GoogleRobotCredentials implements DomainRestrictedCredentials {

    @Nullable
    private transient Domain metadataScopes;
    private static final String IDENTITY_PATH = "/instance/service-accounts/default/email";
    private static final long serialVersionUID = 1;

    /* loaded from: input_file:WEB-INF/lib/google-oauth-plugin.jar:com/google/jenkins/plugins/credentials/oauth/GoogleRobotMetadataCredentials$Descriptor.class */
    public static class Descriptor extends AbstractGoogleRobotCredentialsDescriptor {

        @VisibleForTesting
        static boolean disableForTesting = false;
        private static final String PROJECT_ID_PATH = "/project/project-id";
        private static final String SCOPES_PATH = "/instance/service-accounts/default/scopes";

        @Extension
        @Nullable
        public static Descriptor metadataDescriptor() throws IOException {
            if (disableForTesting) {
                return null;
            }
            GoogleRobotMetadataCredentialsModule googleRobotMetadataCredentialsModule = new GoogleRobotMetadataCredentialsModule();
            if (googleRobotMetadataCredentialsModule.getMetadataReader().hasMetadata()) {
                return new Descriptor(googleRobotMetadataCredentialsModule);
            }
            return null;
        }

        @VisibleForTesting
        Descriptor(GoogleRobotMetadataCredentialsModule googleRobotMetadataCredentialsModule) {
            super(GoogleRobotMetadataCredentials.class, googleRobotMetadataCredentialsModule);
        }

        public String getDisplayName() {
            return Messages.GoogleRobotMetadataCredentials_DisplayName();
        }

        @Override // com.google.jenkins.plugins.credentials.oauth.AbstractGoogleRobotCredentialsDescriptor
        public GoogleRobotMetadataCredentialsModule getModule() {
            return (GoogleRobotMetadataCredentialsModule) super.getModule();
        }

        @Nullable
        public String defaultProject() {
            try {
                return getModule().getMetadataReader().readMetadata(PROJECT_ID_PATH);
            } catch (ExecutorException | IOException e) {
                return null;
            }
        }

        public List<String> defaultScopes() {
            try {
                return Lists.newArrayList(Splitter.on('\n').trimResults().omitEmptyStrings().split(getModule().getMetadataReader().readMetadata(SCOPES_PATH)));
            } catch (ExecutorException | IOException e) {
                return ImmutableList.of();
            }
        }
    }

    @DataBoundConstructor
    public GoogleRobotMetadataCredentials(String str, @Nullable GoogleRobotMetadataCredentialsModule googleRobotMetadataCredentialsModule) throws Exception {
        super(str, googleRobotMetadataCredentialsModule);
    }

    @Override // com.google.jenkins.plugins.credentials.oauth.GoogleRobotCredentials
    public GoogleRobotMetadataCredentialsModule getModule() {
        return (GoogleRobotMetadataCredentialsModule) super.getModule();
    }

    public synchronized boolean matches(List<DomainRequirement> list) {
        if (this.metadataScopes == null) {
            this.metadataScopes = new Domain("metadata", Oauth2.DEFAULT_SERVICE_PATH, ImmutableList.of(new GoogleOAuth2ScopeSpecification(mo335getDescriptor().defaultScopes())));
        }
        return this.metadataScopes.test(list);
    }

    public String getUsername() {
        try {
            return getModule().getMetadataReader().readMetadata(IDENTITY_PATH);
        } catch (ExecutorException | IOException e) {
            throw new IllegalStateException(Messages.GoogleRobotMetadataCredentials_DefaultIdentityError(), e);
        }
    }

    public CredentialsScope getScope() {
        return CredentialsScope.GLOBAL;
    }

    @Override // com.google.jenkins.plugins.credentials.oauth.GoogleOAuth2Credentials
    public ComputeCredential getGoogleCredential(GoogleOAuth2ScopeRequirement googleOAuth2ScopeRequirement) throws GeneralSecurityException {
        return new ComputeCredential(getModule().getHttpTransport(), getModule().getJsonFactory());
    }

    @Override // com.google.jenkins.plugins.credentials.oauth.GoogleRobotCredentials
    /* renamed from: getDescriptor */
    public Descriptor mo335getDescriptor() {
        return (Descriptor) super.mo335getDescriptor();
    }
}
