package org.jenkinsci.plugins.zanata.zanatareposync;

import com.google.common.base.Strings;
import hudson.Extension;
import hudson.model.Job;
import hudson.model.UnprotectedRootAction;
import hudson.security.ACL;
import hudson.util.Secret;
import java.io.IOException;
import java.util.Optional;
import jenkins.model.Jenkins;
import net.sf.json.JSONObject;
import org.acegisecurity.context.SecurityContext;
import org.acegisecurity.context.SecurityContextHolder;
import org.apache.commons.io.IOUtils;
import org.jenkinsci.plugins.zanata.webhook.HmacUtil;
import org.jenkinsci.plugins.zanata.webhook.Processor;
import org.jenkinsci.plugins.zanata.webhook.WebhookResult;
import org.jenkinsci.plugins.zanata.zanatareposync.ZanataWebhookProjectProperty;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.StaplerResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Extension
/* loaded from: input_file:org/jenkinsci/plugins/zanata/zanatareposync/ZanataWebhookJobTrigger.class */
public class ZanataWebhookJobTrigger implements UnprotectedRootAction {
    private static final Logger log = LoggerFactory.getLogger(ZanataWebhookJobTrigger.class);
    private static final String DEFAULT_CHARSET = "UTF-8";
    private Jenkins jenkins = Jenkins.getInstance();
    private StaplerResponse resp;

    public String getDisplayName() {
        return null;
    }

    public String getIconFileName() {
        return null;
    }

    public String getUrlName() {
        return ZanataWebhookProjectProperty.DescriptorImpl.URL_PATH;
    }

    public void doIndex(StaplerRequest staplerRequest, StaplerResponse staplerResponse) throws IOException {
        ZanataWebhookProjectProperty zanataWebhookProjectProperty;
        this.resp = staplerResponse;
        String parameter = staplerRequest.getParameter("job");
        if (Strings.isNullOrEmpty(parameter)) {
            exitWebHook(new WebhookResult(404, "Parameter 'job' is missing or no value assigned."));
            return;
        }
        String iOUtils = IOUtils.toString(staplerRequest.getInputStream(), DEFAULT_CHARSET);
        if (iOUtils.isEmpty() || !staplerRequest.getRequestURI().contains("/".concat(ZanataWebhookProjectProperty.DescriptorImpl.URL_PATH).concat("/"))) {
            exitWebHook(new WebhookResult(404, "No payload or URI contains invalid entries."));
            return;
        }
        String contentType = staplerRequest.getContentType();
        if (contentType == null || !contentType.startsWith("application/json")) {
            exitWebHook(new WebhookResult(415, "Only Accept JSON payload."));
            return;
        }
        JSONObject fromObject = JSONObject.fromObject(iOUtils);
        Secret secret = null;
        SecurityContext context = SecurityContextHolder.getContext();
        try {
            ACL.impersonate(ACL.SYSTEM);
            Optional findFirst = this.jenkins.getAllItems(Job.class).stream().filter(job -> {
                return job.getName().equals(parameter) && job.isBuildable();
            }).findFirst();
            if (findFirst.isPresent() && (zanataWebhookProjectProperty = (ZanataWebhookProjectProperty) ((Job) findFirst.get()).getProperty(ZanataWebhookProjectProperty.class)) != null) {
                secret = zanataWebhookProjectProperty.getZanataWebhookSecret();
            }
            if (!findFirst.isPresent()) {
                String format = String.format("Job '%s' is not defined in Jenkins or is not buildable", parameter);
                log.warn(format);
                exitWebHook(new WebhookResult(404, format));
            } else {
                String header = staplerRequest.getHeader("X-Zanata-Webhook");
                if (noWebhookSecret(secret, header) || webhookSHAMatchesSecret(secret, fromObject, staplerRequest.getRequestURI(), header)) {
                    exitWebHook(new Processor(Jenkins.getInstance(), (Job) findFirst.get()).triggerJobs(parameter, staplerRequest.getRemoteHost(), fromObject));
                } else {
                    exitWebHook(new WebhookResult(403, "Incorrect webhook secret"));
                }
            }
        } finally {
            SecurityContextHolder.setContext(context);
        }
    }

    private static boolean noWebhookSecret(Secret secret, String str) {
        return isNullOrEmpty(secret) && Strings.isNullOrEmpty(str);
    }

    private static boolean isNullOrEmpty(Secret secret) {
        return secret == null || Strings.isNullOrEmpty(secret.getPlainText());
    }

    private static boolean webhookSHAMatchesSecret(Secret secret, JSONObject jSONObject, String str, String str2) {
        if (isNullOrEmpty(secret)) {
            return true;
        }
        String str3 = jSONObject.toString() + str;
        try {
            String plainText = secret.getPlainText();
            return HmacUtil.hmacSha1(plainText, HmacUtil.hmacSha1(plainText, str3)).equals(str2);
        } catch (IllegalArgumentException e) {
            log.error("Unable to generate hmac sha1");
            throw new IllegalArgumentException(e);
        }
    }

    private void exitWebHook(WebhookResult webhookResult) throws IOException {
        if (webhookResult.getStatus() != 200) {
            log.warn(webhookResult.getMessage());
        }
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("result", webhookResult.getStatus() == 200 ? "OK" : "ERROR");
        jSONObject.put("message", webhookResult.getMessage());
        this.resp.setStatus(webhookResult.getStatus());
        this.resp.addHeader("Content-Type", "application/json");
        this.resp.getWriter().print(jSONObject.toString());
    }
}
