package org.jenkinsci.plugins.ghprb;

import hudson.Extension;
import hudson.model.AbstractProject;
import hudson.model.UnprotectedRootAction;
import hudson.security.ACL;
import hudson.security.csrf.CrumbExclusion;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.StringReader;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import jenkins.model.Jenkins;
import org.acegisecurity.Authentication;
import org.acegisecurity.context.SecurityContextHolder;
import org.apache.commons.io.IOUtils;
import org.kohsuke.github.GHEventPayload;
import org.kohsuke.github.GHIssueState;
import org.kohsuke.github.GitHub;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.StaplerResponse;

@Extension
/* loaded from: input_file:org/jenkinsci/plugins/ghprb/GhprbRootAction.class */
public class GhprbRootAction implements UnprotectedRootAction {
    static final String URL = "ghprbhook";
    private static final Logger logger = Logger.getLogger(GhprbRootAction.class.getName());

    @Extension
    /* loaded from: input_file:org/jenkinsci/plugins/ghprb/GhprbRootAction$GhprbRootActionCrumbExclusion.class */
    public static class GhprbRootActionCrumbExclusion extends CrumbExclusion {
        public boolean process(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
            String pathInfo = httpServletRequest.getPathInfo();
            if (pathInfo == null || !pathInfo.equals(getExclusionPath())) {
                return false;
            }
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return true;
        }

        public String getExclusionPath() {
            return "/ghprbhook/";
        }
    }

    public String getIconFileName() {
        return null;
    }

    public String getDisplayName() {
        return null;
    }

    public String getUrlName() {
        return URL;
    }

    public void doIndex(StaplerRequest staplerRequest, StaplerResponse staplerResponse) {
        String header = staplerRequest.getHeader("X-GitHub-Event");
        String header2 = staplerRequest.getHeader("X-Hub-Signature");
        String contentType = staplerRequest.getContentType();
        String str = null;
        String str2 = null;
        if ("application/json".equals(contentType)) {
            str2 = extractRequestBody(staplerRequest);
            if (str2 == null) {
                logger.log(Level.SEVERE, "Can't get request body for application/json.");
                return;
            }
            str = str2;
        } else if ("application/x-www-form-urlencoded".equals(contentType)) {
            str2 = extractRequestBody(staplerRequest);
            if (str2 == null || str2.length() <= 8) {
                logger.log(Level.SEVERE, "Request doesn't contain payload. You're sending url encoded request, so you should pass github payload through 'payload' request parameter");
                return;
            }
            try {
                String characterEncoding = staplerRequest.getCharacterEncoding();
                str = URLDecoder.decode(str2.substring(8), characterEncoding != null ? characterEncoding : "UTF-8");
            } catch (UnsupportedEncodingException e) {
                logger.log(Level.SEVERE, "Error while trying to decode the payload");
                return;
            }
        }
        if (str == null) {
            logger.log(Level.SEVERE, "Payload is null, maybe content type '{0}' is not supported by this plugin. Please use 'application/json' or 'application/x-www-form-urlencoded'", new Object[]{contentType});
            return;
        }
        logger.log(Level.FINE, "Got payload event: {0}", header);
        try {
            GitHub connectAnonymously = GitHub.connectAnonymously();
            if (!"issue_comment".equals(header)) {
                if ("pull_request".equals(header)) {
                    GHEventPayload.PullRequest pullRequest = getPullRequest(str, connectAnonymously);
                    String fullName = pullRequest.getRepository().getFullName();
                    logger.log(Level.INFO, "Checking PR #{1} for {0}", new Object[]{fullName, Integer.valueOf(pullRequest.getNumber())});
                    for (GhprbWebHook ghprbWebHook : getWebHooks()) {
                        try {
                            if (ghprbWebHook.matchRepo(fullName) && ghprbWebHook.checkSignature(str2, header2)) {
                                ghprbWebHook.handlePR(getPullRequest(str, ghprbWebHook.getGitHub()));
                            }
                        } catch (Exception e2) {
                            logger.log(Level.SEVERE, "Unable to process web hook for: " + ghprbWebHook.getProjectName(), (Throwable) e2);
                        }
                    }
                } else {
                    logger.log(Level.WARNING, "Request not known");
                }
            }
            GHEventPayload.IssueComment issueComment = getIssueComment(str, connectAnonymously);
            if (issueComment.getIssue().getState() == GHIssueState.CLOSED) {
                logger.log(Level.INFO, "Skip comment on closed PR");
                return;
            }
            String fullName2 = issueComment.getRepository().getFullName();
            logger.log(Level.INFO, "Checking issue comment ''{0}'' for repo {1}", new Object[]{issueComment.getComment(), fullName2});
            for (GhprbWebHook ghprbWebHook2 : getWebHooks()) {
                try {
                    if (ghprbWebHook2.matchRepo(fullName2) && ghprbWebHook2.checkSignature(str2, header2)) {
                        ghprbWebHook2.handleComment(getIssueComment(str, ghprbWebHook2.getGitHub()));
                    }
                } catch (Exception e3) {
                    logger.log(Level.SEVERE, "Unable to process web hook for: " + ghprbWebHook2.getProjectName(), (Throwable) e3);
                }
            }
        } catch (IOException e4) {
            logger.log(Level.SEVERE, "Unable to connect to GitHub anonymously", (Throwable) e4);
        }
    }

    private GHEventPayload.PullRequest getPullRequest(String str, GitHub gitHub) throws IOException {
        return gitHub.parseEventPayload(new StringReader(str), GHEventPayload.PullRequest.class);
    }

    private GHEventPayload.IssueComment getIssueComment(String str, GitHub gitHub) throws IOException {
        return gitHub.parseEventPayload(new StringReader(str), GHEventPayload.IssueComment.class);
    }

    private String extractRequestBody(StaplerRequest staplerRequest) {
        String str;
        BufferedReader bufferedReader = null;
        try {
            bufferedReader = staplerRequest.getReader();
            str = IOUtils.toString(bufferedReader);
            IOUtils.closeQuietly(bufferedReader);
        } catch (IOException e) {
            str = null;
            IOUtils.closeQuietly(bufferedReader);
        } catch (Throwable th) {
            IOUtils.closeQuietly(bufferedReader);
            throw th;
        }
        return str;
    }

    private Set<GhprbWebHook> getWebHooks() {
        HashSet hashSet = new HashSet();
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        SecurityContextHolder.getContext().setAuthentication(ACL.SYSTEM);
        try {
            Iterator it = Jenkins.getInstance().getAllItems(AbstractProject.class).iterator();
            while (it.hasNext()) {
                GhprbTrigger ghprbTrigger = (GhprbTrigger) ((AbstractProject) it.next()).getTrigger(GhprbTrigger.class);
                if (ghprbTrigger != null && ghprbTrigger.getWebHook() != null) {
                    hashSet.add(ghprbTrigger.getWebHook());
                }
            }
            SecurityContextHolder.getContext().setAuthentication(authentication);
            if (hashSet.size() == 0) {
                logger.log(Level.WARNING, "No projects found using GitHub pull request trigger");
            }
            return hashSet;
        } catch (Throwable th) {
            SecurityContextHolder.getContext().setAuthentication(authentication);
            throw th;
        }
    }
}
