package hudson.model;

import com.trilead.ssh2.crypto.Base64;
import hudson.PluginWrapper;
import hudson.lifecycle.Lifecycle;
import hudson.model.UpdateCenter;
import hudson.util.FormValidation;
import hudson.util.HttpResponses;
import hudson.util.IOUtils;
import hudson.util.TextFile;
import hudson.util.TimeUnit2;
import hudson.util.VersionNumber;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.security.DigestOutputStream;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.TreeMap;
import java.util.concurrent.Future;
import java.util.logging.Level;
import java.util.logging.Logger;
import jenkins.model.Jenkins;
import net.sf.json.JSONException;
import net.sf.json.JSONObject;
import net.sf.json.util.JSONUtils;
import org.apache.commons.io.output.NullOutputStream;
import org.apache.commons.io.output.TeeOutputStream;
import org.apache.tools.ant.MagicNames;
import org.apache.xerces.impl.xs.SchemaSymbols;
import org.bouncycastle.i18n.MessageBundle;
import org.jvnet.hudson.crypto.CertificateUtil;
import org.jvnet.hudson.crypto.SignatureOutputStream;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.HttpResponse;
import org.kohsuke.stapler.StaplerRequest;
import org.sonatype.aether.repository.Proxy;

/* loaded from: input_file:WEB-INF/lib/jenkins-core-1.447.jar:hudson/model/UpdateSite.class */
public class UpdateSite {
    private transient long dataTimestamp = -1;
    private volatile transient long lastAttempt = -1;
    private final String id;
    private final String url;
    private static final long DAY = TimeUnit2.DAYS.toMillis(1);
    private static final Logger LOGGER = Logger.getLogger(UpdateSite.class.getName());
    public static boolean neverUpdate = Boolean.getBoolean(UpdateCenter.class.getName() + ".never");
    public static boolean signatureCheck = true;

    /* loaded from: input_file:WEB-INF/lib/jenkins-core-1.447.jar:hudson/model/UpdateSite$Data.class */
    public final class Data {
        public final String sourceId;
        public final Entry core;
        public final Map<String, Plugin> plugins = new TreeMap(String.CASE_INSENSITIVE_ORDER);
        public final String connectionCheckUrl;

        Data(JSONObject jSONObject) {
            this.sourceId = (String) jSONObject.get("id");
            if (this.sourceId.equals("default")) {
                this.core = new Entry(this.sourceId, jSONObject.getJSONObject("core"));
            } else {
                this.core = null;
            }
            for (Map.Entry<String, Object> entry : jSONObject.getJSONObject("plugins").entrySet()) {
                this.plugins.put(entry.getKey(), new Plugin(this.sourceId, (JSONObject) entry.getValue()));
            }
            this.connectionCheckUrl = (String) jSONObject.get("connectionCheckUrl");
        }

        public boolean hasCoreUpdates() {
            return this.core != null && this.core.isNewerThan(Jenkins.VERSION);
        }

        public boolean canUpgrade() {
            return Lifecycle.get().canRewriteHudsonWar();
        }
    }

    /* loaded from: input_file:WEB-INF/lib/jenkins-core-1.447.jar:hudson/model/UpdateSite$Entry.class */
    public static class Entry {
        public final String sourceId;
        public final String name;
        public final String version;
        public final String url;

        public Entry(String str, JSONObject jSONObject) {
            this.sourceId = str;
            this.name = jSONObject.getString("name");
            this.version = jSONObject.getString("version");
            this.url = jSONObject.getString(MagicNames.ANT_FILE_TYPE_URL);
        }

        public boolean isNewerThan(String str) {
            try {
                return new VersionNumber(str).compareTo(new VersionNumber(this.version)) < 0;
            } catch (IllegalArgumentException e) {
                return false;
            }
        }
    }

    /* loaded from: input_file:WEB-INF/lib/jenkins-core-1.447.jar:hudson/model/UpdateSite$Plugin.class */
    public final class Plugin extends Entry {
        public final String wiki;
        public final String title;
        public final String excerpt;
        public final String compatibleSinceVersion;
        public final String requiredCore;
        public final String[] categories;
        public final Map<String, String> dependencies;

        @DataBoundConstructor
        public Plugin(String str, JSONObject jSONObject) {
            super(str, jSONObject);
            this.dependencies = new HashMap();
            this.wiki = get(jSONObject, "wiki");
            this.title = get(jSONObject, MessageBundle.TITLE_ENTRY);
            this.excerpt = get(jSONObject, "excerpt");
            this.compatibleSinceVersion = get(jSONObject, "compatibleSinceVersion");
            this.requiredCore = get(jSONObject, "requiredCore");
            this.categories = jSONObject.has("labels") ? (String[]) jSONObject.getJSONArray("labels").toArray(new String[0]) : null;
            Iterator it = jSONObject.getJSONArray("dependencies").iterator();
            while (it.hasNext()) {
                JSONObject jSONObject2 = (JSONObject) it.next();
                if (get(jSONObject2, "name") != null && !get(jSONObject2, "name").equals("maven-plugin") && get(jSONObject2, SchemaSymbols.ATTVAL_OPTIONAL).equals("false")) {
                    this.dependencies.put(get(jSONObject2, "name"), get(jSONObject2, "version"));
                }
            }
        }

        private String get(JSONObject jSONObject, String str) {
            if (jSONObject.has(str)) {
                return jSONObject.getString(str);
            }
            return null;
        }

        public String getDisplayName() {
            return this.title != null ? this.title : this.name;
        }

        public PluginWrapper getInstalled() {
            return Jenkins.getInstance().getPluginManager().getPlugin(this.name);
        }

        public boolean isCompatibleWithInstalledVersion() {
            PluginWrapper installed = getInstalled();
            return installed == null || this.compatibleSinceVersion == null || !new VersionNumber(installed.getVersion()).isOlderThan(new VersionNumber(this.compatibleSinceVersion));
        }

        public List<Plugin> getNeededDependencies() {
            ArrayList arrayList = new ArrayList();
            for (Map.Entry<String, String> entry : this.dependencies.entrySet()) {
                Plugin plugin = Jenkins.getInstance().getUpdateCenter().getPlugin(entry.getKey());
                VersionNumber versionNumber = new VersionNumber(entry.getValue());
                PluginWrapper installed = plugin.getInstalled();
                if (installed == null) {
                    arrayList.add(plugin);
                } else if (installed.isOlderThan(versionNumber)) {
                    arrayList.add(plugin);
                }
            }
            return arrayList;
        }

        public boolean isForNewerHudson() {
            try {
                if (this.requiredCore != null) {
                    if (new VersionNumber(this.requiredCore).isNewerThan(new VersionNumber(Jenkins.VERSION.replaceFirst("SHOT *\\(private.*\\)", "SHOT")))) {
                        return true;
                    }
                }
                return false;
            } catch (NumberFormatException e) {
                return true;
            }
        }

        public void install() {
            deploy();
        }

        public Future<UpdateCenter.UpdateCenterJob> deploy() {
            return deploy(false);
        }

        public Future<UpdateCenter.UpdateCenterJob> deploy(boolean z) {
            Jenkins.getInstance().checkPermission(Jenkins.ADMINISTER);
            UpdateCenter updateCenter = Jenkins.getInstance().getUpdateCenter();
            for (Plugin plugin : getNeededDependencies()) {
                UpdateSite.LOGGER.log(Level.WARNING, "Adding dependent install of " + plugin.name + " for plugin " + this.name);
                plugin.deploy(z);
            }
            updateCenter.getClass();
            return updateCenter.addJob(new UpdateCenter.InstallationJob(this, UpdateSite.this, Jenkins.getAuthentication(), z));
        }

        public Future<UpdateCenter.UpdateCenterJob> deployBackup() {
            Jenkins.getInstance().checkPermission(Jenkins.ADMINISTER);
            UpdateCenter updateCenter = Jenkins.getInstance().getUpdateCenter();
            updateCenter.getClass();
            return updateCenter.addJob(new UpdateCenter.PluginDowngradeJob(this, UpdateSite.this, Jenkins.getAuthentication()));
        }

        public HttpResponse doInstall() throws IOException {
            deploy(false);
            return HttpResponses.redirectTo("../..");
        }

        public HttpResponse doInstallNow() throws IOException {
            deploy(true);
            return HttpResponses.redirectTo("../..");
        }

        public HttpResponse doDowngrade() throws IOException {
            deployBackup();
            return HttpResponses.redirectTo("../..");
        }
    }

    public UpdateSite(String str, String str2) {
        this.id = str;
        this.url = str2;
    }

    private Object readResolve() {
        this.lastAttempt = -1L;
        this.dataTimestamp = -1L;
        return this;
    }

    public String getId() {
        return this.id;
    }

    public long getDataTimestamp() {
        return this.dataTimestamp;
    }

    public FormValidation doPostBack(StaplerRequest staplerRequest) throws IOException, GeneralSecurityException {
        this.dataTimestamp = System.currentTimeMillis();
        String iOUtils = IOUtils.toString(staplerRequest.getInputStream(), "UTF-8");
        JSONObject fromObject = JSONObject.fromObject(iOUtils);
        int i = fromObject.getInt("updateCenterVersion");
        if (i != 1) {
            throw new IllegalArgumentException("Unrecognized update center version: " + i);
        }
        if (signatureCheck) {
            FormValidation verifySignature = verifySignature(fromObject);
            if (verifySignature.kind != FormValidation.Kind.OK) {
                LOGGER.severe(verifySignature.renderHtml());
                return verifySignature;
            }
        }
        LOGGER.info("Obtained the latest update center data file for UpdateSource " + this.id);
        getDataFile().write(iOUtils);
        return FormValidation.ok();
    }

    public FormValidation doVerifySignature() throws IOException {
        return verifySignature(getJSONObject());
    }

    private FormValidation verifySignature(JSONObject jSONObject) throws IOException {
        try {
            FormValidation formValidation = null;
            JSONObject jSONObject2 = jSONObject.getJSONObject("signature");
            if (jSONObject2.isNullObject()) {
                return FormValidation.error("No signature block found in update center '" + this.id + JSONUtils.SINGLE_QUOTE);
            }
            jSONObject.remove("signature");
            ArrayList arrayList = new ArrayList();
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
            Iterator it = jSONObject2.getJSONArray("certificates").iterator();
            while (it.hasNext()) {
                Object next = it.next();
                X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(Base64.decode(next.toString().toCharArray())));
                try {
                    x509Certificate.checkValidity();
                } catch (CertificateExpiredException e) {
                    formValidation = FormValidation.warning(e, String.format("Certificate %s has expired in update center '%s'", next.toString(), this.id));
                } catch (CertificateNotYetValidException e2) {
                    formValidation = FormValidation.warning(e2, String.format("Certificate %s is not yet valid in update center '%s'", next.toString(), this.id));
                }
                arrayList.add(x509Certificate);
            }
            HashSet hashSet = new HashSet();
            Jenkins jenkins2 = Jenkins.getInstance();
            for (String str : jenkins2.servletContext.getResourcePaths("/WEB-INF/update-center-rootCAs")) {
                if (!str.endsWith(".txt")) {
                    hashSet.add(new TrustAnchor((X509Certificate) certificateFactory.generateCertificate(jenkins2.servletContext.getResourceAsStream(str)), null));
                }
            }
            File[] listFiles = new File(jenkins2.root, "update-center-rootCAs").listFiles();
            if (listFiles != null) {
                for (File file : listFiles) {
                    if (!file.getName().endsWith(".txt")) {
                        FileInputStream fileInputStream = new FileInputStream(file);
                        try {
                            hashSet.add(new TrustAnchor((X509Certificate) certificateFactory.generateCertificate(fileInputStream), null));
                            fileInputStream.close();
                        } catch (Throwable th) {
                            fileInputStream.close();
                            throw th;
                        }
                    }
                }
            }
            CertificateUtil.validatePath(arrayList, hashSet);
            MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
            DigestOutputStream digestOutputStream = new DigestOutputStream(new NullOutputStream(), messageDigest);
            Signature signature = Signature.getInstance("SHA1withRSA");
            signature.initVerify((Certificate) arrayList.get(0));
            jSONObject.writeCanonical(new OutputStreamWriter(new TeeOutputStream(digestOutputStream, new SignatureOutputStream(signature)), "UTF-8")).close();
            String str2 = new String(Base64.encode(messageDigest.digest()));
            String optString = jSONObject2.optString("correct_digest");
            return optString == null ? FormValidation.error("No correct_digest parameter in update center '" + this.id + "'. This metadata appears to be old.") : !str2.equalsIgnoreCase(optString) ? FormValidation.error("Digest mismatch: " + str2 + " vs " + optString + " in update center '" + this.id + JSONUtils.SINGLE_QUOTE) : !signature.verify(Base64.decode(jSONObject2.getString("correct_signature").toCharArray())) ? FormValidation.error("Signature in the update center doesn't match with the certificate in update center '" + this.id + JSONUtils.SINGLE_QUOTE) : formValidation != null ? formValidation : FormValidation.ok();
        } catch (GeneralSecurityException e3) {
            return FormValidation.error(e3, "Signature verification failed in the update center '" + this.id + JSONUtils.SINGLE_QUOTE);
        }
    }

    public boolean isDue() {
        if (neverUpdate) {
            return false;
        }
        if (this.dataTimestamp == -1) {
            this.dataTimestamp = getDataFile().file.lastModified();
        }
        long currentTimeMillis = System.currentTimeMillis();
        boolean z = currentTimeMillis - this.dataTimestamp > DAY && currentTimeMillis - this.lastAttempt > 15000;
        if (z) {
            this.lastAttempt = currentTimeMillis;
        }
        return z;
    }

    public HttpResponse doInvalidateData() {
        Jenkins.getInstance().checkPermission(Jenkins.ADMINISTER);
        this.dataTimestamp = 0L;
        return HttpResponses.ok();
    }

    public Data getData() {
        JSONObject jSONObject = getJSONObject();
        if (jSONObject != null) {
            return new Data(jSONObject);
        }
        return null;
    }

    public JSONObject getJSONObject() {
        TextFile dataFile = getDataFile();
        if (!dataFile.exists()) {
            return null;
        }
        try {
            return JSONObject.fromObject(dataFile.read());
        } catch (IOException e) {
            LOGGER.log(Level.SEVERE, "Failed to parse " + dataFile, (Throwable) e);
            dataFile.delete();
            return null;
        } catch (JSONException e2) {
            LOGGER.log(Level.SEVERE, "Failed to parse " + dataFile, (Throwable) e2);
            dataFile.delete();
            return null;
        }
    }

    public List<Plugin> getAvailables() {
        ArrayList arrayList = new ArrayList();
        Data data = getData();
        if (data == null) {
            return Collections.emptyList();
        }
        for (Plugin plugin : data.plugins.values()) {
            if (plugin.getInstalled() == null) {
                arrayList.add(plugin);
            }
        }
        return arrayList;
    }

    public Plugin getPlugin(String str) {
        Data data = getData();
        if (data == null) {
            return null;
        }
        return data.plugins.get(str);
    }

    public String getConnectionCheckUrl() {
        Data data = getData();
        return data == null ? "http://www.google.com/" : data.connectionCheckUrl;
    }

    private TextFile getDataFile() {
        return new TextFile(new File(Jenkins.getInstance().getRootDir(), "updates/" + getId() + ".json"));
    }

    public List<Plugin> getUpdates() {
        if (getData() == null) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList();
        Iterator<PluginWrapper> it = Jenkins.getInstance().getPluginManager().getPlugins().iterator();
        while (it.hasNext()) {
            Plugin updateInfo = it.next().getUpdateInfo();
            if (updateInfo != null) {
                arrayList.add(updateInfo);
            }
        }
        return arrayList;
    }

    public boolean hasUpdates() {
        if (getData() == null) {
            return false;
        }
        for (PluginWrapper pluginWrapper : Jenkins.getInstance().getPluginManager().getPlugins()) {
            if (!pluginWrapper.isBundled() && pluginWrapper.getUpdateInfo() != null) {
                return true;
            }
        }
        return false;
    }

    public String getUrl() {
        return this.url;
    }

    public String getDownloadUrl() {
        return (this.url.equals("http://updates.jenkins-ci.org/update-center.json") && Jenkins.getInstance().isRootUrlSecure()) ? Proxy.TYPE_HTTPS + this.url.substring(4) : this.url;
    }

    public boolean isLegacyDefault() {
        return (this.id.equals("default") && this.url.startsWith("http://hudson-ci.org/")) || this.url.startsWith("http://updates.hudson-labs.org/");
    }
}
