package com.cloudbees.jenkins.plugins.bitbucket.impl.credentials;

import com.cloudbees.jenkins.plugins.bitbucket.api.BitbucketAuthenticator;
import com.cloudbees.jenkins.plugins.bitbucket.api.BitbucketException;
import com.cloudbees.jenkins.plugins.bitbucket.client.Cache;
import com.cloudbees.plugins.credentials.CredentialsScope;
import com.cloudbees.plugins.credentials.common.StandardUsernameCredentials;
import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials;
import com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl;
import com.github.scribejava.core.builder.ServiceBuilder;
import com.github.scribejava.core.httpclient.jdk.JDKHttpClientConfig;
import com.github.scribejava.core.model.OAuth2AccessToken;
import com.github.scribejava.core.model.OAuth2AccessTokenErrorResponse;
import com.github.scribejava.core.oauth.OAuth20Service;
import hudson.model.Descriptor;
import hudson.util.Secret;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import jenkins.util.SetContextClassLoader;
import jenkins.util.SystemProperties;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.hc.core5.http.HttpRequest;

/* loaded from: input_file:com/cloudbees/jenkins/plugins/bitbucket/impl/credentials/BitbucketOAuthAuthenticator.class */
public class BitbucketOAuthAuthenticator implements BitbucketAuthenticator {
    private static final String OAUTH2_CACHE_TIMEOUT_PROPERTY_NAME = "bitbucket.oauth2.cache.timeout";
    private static final Cache<String, OAuth2AccessToken> cacheToken = new Cache<>(SystemProperties.getInteger(OAUTH2_CACHE_TIMEOUT_PROPERTY_NAME, 300).intValue(), TimeUnit.SECONDS);
    private final String credentialsId;
    private final String username;
    private final Secret password;

    public BitbucketOAuthAuthenticator(StandardUsernamePasswordCredentials standardUsernamePasswordCredentials) {
        this.credentialsId = standardUsernamePasswordCredentials.getId();
        this.username = standardUsernamePasswordCredentials.getUsername();
        this.password = standardUsernamePasswordCredentials.getPassword();
    }

    private OAuth2AccessToken getToken() {
        try {
            String secret = Secret.toString(this.password);
            return cacheToken.get(DigestUtils.md2Hex(StringUtils.join(new String[]{this.credentialsId, this.username, secret}, '/')), () -> {
                SetContextClassLoader setContextClassLoader = new SetContextClassLoader(getClass());
                try {
                    OAuth20Service build = new ServiceBuilder(this.username).apiSecret(secret).httpClientConfig(JDKHttpClientConfig.defaultConfig()).build(BitbucketOAuth.instance());
                    try {
                        OAuth2AccessToken accessTokenClientCredentialsGrant = build.getAccessTokenClientCredentialsGrant();
                        if (build != null) {
                            build.close();
                        }
                        setContextClassLoader.close();
                        return accessTokenClientCredentialsGrant;
                    } finally {
                    }
                } catch (Throwable th) {
                    try {
                        setContextClassLoader.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            });
        } catch (ExecutionException e) {
            OAuth2AccessTokenErrorResponse unwrap = BitbucketAuthenticatorUtils.unwrap(e, OAuth2AccessTokenErrorResponse.class);
            if (unwrap != null) {
                throw new BitbucketException(unwrap.getErrorDescription() + ". Please check configured OAuth credentials client id and secret are correct.", e);
            }
            throw new RuntimeException(e);
        }
    }

    @Override // com.cloudbees.jenkins.plugins.bitbucket.api.BitbucketAuthenticator
    public void configureRequest(HttpRequest httpRequest) {
        httpRequest.addHeader("Authorization", "Bearer " + getToken().getAccessToken());
    }

    @Override // com.cloudbees.jenkins.plugins.bitbucket.api.BitbucketAuthenticator
    public StandardUsernameCredentials getCredentialsForSCM() {
        try {
            return new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, getId(), "OAuth2 token for " + getId(), "x-token-auth", getToken().getAccessToken());
        } catch (Descriptor.FormException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    @Override // com.cloudbees.jenkins.plugins.bitbucket.api.BitbucketAuthenticator
    public String getId() {
        return this.credentialsId;
    }
}
