package io.jenkins.blueocean.blueocean_git_pipeline;

import com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey;
import com.cloudbees.plugins.credentials.CredentialsMatcher;
import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.common.StandardCredentials;
import com.cloudbees.plugins.credentials.domains.DomainRequirement;
import com.cloudbees.plugins.credentials.domains.URIRequirementBuilder;
import com.jcraft.jsch.JSch;
import com.jcraft.jsch.JSchException;
import com.jcraft.jsch.KeyPair;
import com.jcraft.jsch.Session;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import hudson.EnvVars;
import hudson.model.ItemGroup;
import hudson.model.TaskListener;
import hudson.plugins.git.GitException;
import hudson.security.ACL;
import io.jenkins.blueocean.commons.ErrorMessage;
import io.jenkins.blueocean.commons.ServiceException;
import io.jenkins.blueocean.credential.CredentialsUtils;
import io.jenkins.blueocean.rest.impl.pipeline.credential.BlueOceanDomainRequirement;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.TimeZone;
import java.util.regex.Pattern;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.apache.commons.lang.StringUtils;
import org.eclipse.jgit.api.CheckoutCommand;
import org.eclipse.jgit.api.FetchCommand;
import org.eclipse.jgit.api.MergeCommand;
import org.eclipse.jgit.api.PushCommand;
import org.eclipse.jgit.api.TransportCommand;
import org.eclipse.jgit.api.TransportConfigCallback;
import org.eclipse.jgit.api.errors.ConcurrentRefUpdateException;
import org.eclipse.jgit.api.errors.GitAPIException;
import org.eclipse.jgit.api.errors.JGitInternalException;
import org.eclipse.jgit.api.errors.TransportException;
import org.eclipse.jgit.dircache.DirCache;
import org.eclipse.jgit.dircache.DirCacheBuilder;
import org.eclipse.jgit.dircache.DirCacheEditor;
import org.eclipse.jgit.dircache.DirCacheEntry;
import org.eclipse.jgit.internal.JGitText;
import org.eclipse.jgit.lib.AnyObjectId;
import org.eclipse.jgit.lib.CommitBuilder;
import org.eclipse.jgit.lib.Constants;
import org.eclipse.jgit.lib.FileMode;
import org.eclipse.jgit.lib.ObjectId;
import org.eclipse.jgit.lib.ObjectInserter;
import org.eclipse.jgit.lib.ObjectReader;
import org.eclipse.jgit.lib.PersonIdent;
import org.eclipse.jgit.lib.RefUpdate;
import org.eclipse.jgit.lib.Repository;
import org.eclipse.jgit.revwalk.RevCommit;
import org.eclipse.jgit.revwalk.RevWalk;
import org.eclipse.jgit.transport.JschConfigSessionFactory;
import org.eclipse.jgit.transport.OpenSshConfig;
import org.eclipse.jgit.transport.PushResult;
import org.eclipse.jgit.transport.RefSpec;
import org.eclipse.jgit.transport.RemoteConfig;
import org.eclipse.jgit.transport.RemoteRefUpdate;
import org.eclipse.jgit.transport.SshTransport;
import org.eclipse.jgit.transport.URIish;
import org.eclipse.jgit.treewalk.CanonicalTreeParser;
import org.eclipse.jgit.treewalk.TreeWalk;
import org.eclipse.jgit.util.FS;
import org.jenkinsci.plugins.gitclient.Git;
import org.jenkinsci.plugins.gitclient.GitClient;
import org.jenkinsci.plugins.gitclient.trilead.SmartCredentialsProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:io/jenkins/blueocean/blueocean_git_pipeline/GitUtils.class */
public class GitUtils {
    private static final Logger logger = LoggerFactory.getLogger(GitUtils.class);
    private static final Pattern SSH_URL_PATTERN = Pattern.compile("(\\Qssh://\\E.*|[^@:]+@.*)");

    /* renamed from: io.jenkins.blueocean.blueocean_git_pipeline.GitUtils$2, reason: invalid class name */
    /* loaded from: input_file:io/jenkins/blueocean/blueocean_git_pipeline/GitUtils$2.class */
    static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] $SwitchMap$org$eclipse$jgit$lib$RefUpdate$Result = new int[RefUpdate.Result.values().length];

        static {
            try {
                $SwitchMap$org$eclipse$jgit$lib$RefUpdate$Result[RefUpdate.Result.NEW.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$eclipse$jgit$lib$RefUpdate$Result[RefUpdate.Result.FORCED.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$eclipse$jgit$lib$RefUpdate$Result[RefUpdate.Result.FAST_FORWARD.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$eclipse$jgit$lib$RefUpdate$Result[RefUpdate.Result.REJECTED.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$eclipse$jgit$lib$RefUpdate$Result[RefUpdate.Result.LOCK_FAILURE.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
        }
    }

    GitUtils() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<ErrorMessage.Error> validateCredentials(@Nonnull String str, @Nullable StandardCredentials standardCredentials) throws GitException {
        ArrayList arrayList = new ArrayList();
        try {
            GitClient client = new Git(TaskListener.NULL, new EnvVars()).getClient();
            if (standardCredentials != null) {
                client.addCredentials(str, standardCredentials);
            }
            client.getRemoteReferences(str, (String) null, true, false);
        } catch (IOException | InterruptedException e) {
            logger.error("Error running git remote-ls: " + e.getMessage(), e);
            throw new ServiceException.UnexpectedErrorException("Failed to create pipeline due to unexpected error: " + e.getMessage(), e);
        } catch (IllegalStateException | GitException e2) {
            logger.error("Error running git remote-ls: " + e2.getMessage(), e2);
            if (standardCredentials != null) {
                if ((e2 instanceof IllegalStateException) || e2.getMessage().endsWith("not authorized") || e2.getMessage().endsWith("not authenticated") || ((e2 instanceof GitException) && checkCauseNotAuthenticated(e2))) {
                    arrayList.add(new ErrorMessage.Error("scmConfig.credentialId", ErrorMessage.Error.ErrorCodes.INVALID.toString(), "Invalid credentialId: " + standardCredentials.getId()));
                } else {
                    arrayList.add(new ErrorMessage.Error("scmConfig.uri", ErrorMessage.Error.ErrorCodes.INVALID.toString(), e2.getMessage()));
                }
            } else if (e2.getMessage().contains("Authentication is required") || e2.getMessage().contains("connection is not authenticated")) {
                arrayList.add(new ErrorMessage.Error("scmConfig.credentialId", ErrorMessage.Error.ErrorCodes.INVALID.toString(), e2.getMessage()));
            } else {
                arrayList.add(new ErrorMessage.Error("scmConfig.uri", ErrorMessage.Error.ErrorCodes.INVALID.toString(), e2.getMessage()));
            }
        }
        return arrayList;
    }

    private static boolean checkCauseNotAuthenticated(GitException gitException) {
        IllegalStateException illegalStateException;
        if (!(gitException.getCause() instanceof TransportException) || (illegalStateException = getIllegalStateException(gitException.getCause().getCause())) == null) {
            return false;
        }
        return StringUtils.contains(illegalStateException.getMessage(), "not authenticated.");
    }

    private static IllegalStateException getIllegalStateException(Throwable th) {
        if (th instanceof IllegalStateException) {
            return (IllegalStateException) th;
        }
        if (th.getCause() == null) {
            return null;
        }
        return getIllegalStateException(th.getCause());
    }

    public static void validatePushAccess(@Nonnull Repository repository, @Nonnull String str, @Nullable StandardCredentials standardCredentials) throws GitException {
        try {
            org.eclipse.jgit.api.Git git = new org.eclipse.jgit.api.Git(repository);
            try {
                PushCommand push = git.push();
                addCredential(repository, push, standardCredentials);
                PushResult pushResult = (PushResult) push.setRefSpecs(new RefSpec[]{new RefSpec(":this-branch-is-only-to-test-if-jenkins-has-push-access")}).setRemote(str).setDryRun(true).call().iterator().next();
                if (pushResult.getRemoteUpdates().isEmpty()) {
                    System.out.println("No remote updates occurred");
                } else {
                    for (RemoteRefUpdate remoteRefUpdate : pushResult.getRemoteUpdates()) {
                        if (!RemoteRefUpdate.Status.NON_EXISTING.equals(remoteRefUpdate.getStatus()) && !RemoteRefUpdate.Status.OK.equals(remoteRefUpdate.getStatus())) {
                            throw new ServiceException.UnexpectedErrorException("Expected non-existent ref but got: " + remoteRefUpdate.getStatus().name() + ": " + remoteRefUpdate.getMessage());
                        }
                    }
                }
                git.close();
            } finally {
            }
        } catch (GitAPIException e) {
            if (!e.getMessage().toLowerCase().contains("auth")) {
                throw new ServiceException.UnexpectedErrorException("Unable to access and push to: " + str + " - " + e.getMessage(), e);
            }
            throw new ServiceException.UnauthorizedException(e.getMessage(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isSshUrl(@Nullable String str) {
        return str != null && SSH_URL_PATTERN.matcher(str).matches();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isLocalUnixFileUrl(@Nullable String str) {
        return str != null && str.startsWith("/");
    }

    private static boolean isSshUrl(Repository repository) {
        try {
            org.eclipse.jgit.api.Git git = new org.eclipse.jgit.api.Git(repository);
            try {
                boolean isSshUrl = isSshUrl(((URIish) ((RemoteConfig) git.remoteList().call().get(0)).getURIs().get(0)).toString());
                git.close();
                return isSshUrl;
            } finally {
            }
        } catch (IndexOutOfBoundsException | GitAPIException e) {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static StandardCredentials getCredentials(ItemGroup itemGroup, String str, String str2) {
        StandardCredentials findCredential = CredentialsUtils.findCredential(str2, StandardCredentials.class, new DomainRequirement[]{new BlueOceanDomainRequirement()});
        if (findCredential == null) {
            findCredential = (StandardCredentials) CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(StandardCredentials.class, itemGroup, ACL.SYSTEM, URIRequirementBuilder.fromUri(str).build()), CredentialsMatchers.allOf(new CredentialsMatcher[]{CredentialsMatchers.withId(str2), GitClient.CREDENTIALS_MATCHER}));
        }
        return findCredential;
    }

    private static TransportConfigCallback getSSHKeyTransport(final BasicSSHUserPrivateKey basicSSHUserPrivateKey) {
        JschConfigSessionFactory jschConfigSessionFactory = new JschConfigSessionFactory() { // from class: io.jenkins.blueocean.blueocean_git_pipeline.GitUtils.1
            protected void configure(OpenSshConfig.Host host, Session session) {
                session.setConfig("StrictHostKeyChecking", "no");
            }

            protected JSch getJSch(OpenSshConfig.Host host, FS fs) throws JSchException {
                JSch jSch = new JSch();
                configureJSch(jSch);
                KeyPair load = KeyPair.load(jSch, basicSSHUserPrivateKey.getPrivateKey().getBytes(StandardCharsets.UTF_8), (byte[]) null);
                jSch.addIdentity(basicSSHUserPrivateKey.getUsername(), load.forSSHAgent(), (byte[]) null, new byte[0]);
                return jSch;
            }
        };
        return transport -> {
            if (transport instanceof SshTransport) {
                ((SshTransport) transport).setSshSessionFactory(jschConfigSessionFactory);
            }
        };
    }

    public static void fetch(Repository repository, StandardCredentials standardCredentials) {
        try {
            org.eclipse.jgit.api.Git git = new org.eclipse.jgit.api.Git(repository);
            try {
                FetchCommand fetch = git.fetch();
                addCredential(repository, fetch, standardCredentials);
                fetch.setRemote("origin").setRemoveDeletedRefs(true).setRefSpecs(new RefSpec[]{new RefSpec("+refs/heads/*:refs/remotes/origin/*")}).call();
                git.close();
            } finally {
            }
        } catch (GitAPIException e) {
            if (!e.getMessage().contains("Auth fail")) {
                throw new RuntimeException((Throwable) e);
            }
            throw new ServiceException.UnauthorizedException("Not authorized", e);
        }
    }

    private static void addCredential(Repository repository, TransportCommand transportCommand, StandardCredentials standardCredentials) {
        if (isSshUrl(repository) && (standardCredentials instanceof BasicSSHUserPrivateKey)) {
            transportCommand.setTransportConfigCallback(getSSHKeyTransport((BasicSSHUserPrivateKey) standardCredentials));
        } else if (standardCredentials != null) {
            SmartCredentialsProvider smartCredentialsProvider = new SmartCredentialsProvider((TaskListener) null);
            smartCredentialsProvider.addDefaultCredentials(standardCredentials);
            transportCommand.setCredentialsProvider(smartCredentialsProvider);
        }
    }

    public static void merge(Repository repository, String str, String str2) {
        try {
            org.eclipse.jgit.api.Git git = new org.eclipse.jgit.api.Git(repository);
            try {
                CheckoutCommand checkout = git.checkout();
                checkout.setCreateBranch(false);
                checkout.setName(str);
                checkout.call();
                if (git.merge().include(repository.exactRef(str2)).setFastForward(MergeCommand.FastForwardMode.FF_ONLY).call().getConflicts() != null) {
                    throw new RuntimeException("Merge has conflicts");
                }
                git.close();
            } finally {
            }
        } catch (Exception e) {
            throw new ServiceException.UnexpectedErrorException("Unable to merge: " + str2 + " to: " + str, e);
        }
    }

    @SuppressFBWarnings(value = {"RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE"}, justification = "JDK11 produces different bytecode - https://github.com/spotbugs/spotbugs/issues/756")
    public static void commit(Repository repository, String str, String str2, byte[] bArr, String str3, String str4, String str5, TimeZone timeZone, Date date) {
        PersonIdent buildPersonIdent = buildPersonIdent(repository, str3, str4, timeZone, date);
        try {
            ObjectInserter newObjectInserter = repository.newObjectInserter();
            try {
                ObjectId resolve = repository.resolve(str + "^{commit}");
                ObjectId writeTree = createTemporaryIndex(repository, resolve, str2, bArr).writeTree(newObjectInserter);
                CommitBuilder commitBuilder = new CommitBuilder();
                commitBuilder.setAuthor(buildPersonIdent);
                commitBuilder.setCommitter(buildPersonIdent);
                commitBuilder.setEncoding(Constants.CHARACTER_ENCODING);
                commitBuilder.setMessage(str5);
                if (resolve != null) {
                    commitBuilder.setParentId(resolve);
                }
                commitBuilder.setTreeId(writeTree);
                ObjectId insert = newObjectInserter.insert(commitBuilder);
                newObjectInserter.flush();
                RevWalk revWalk = new RevWalk(repository);
                try {
                    RevCommit parseCommit = revWalk.parseCommit(insert);
                    RefUpdate updateRef = repository.updateRef(str);
                    if (resolve == null) {
                        updateRef.setExpectedOldObjectId(ObjectId.zeroId());
                    } else {
                        updateRef.setExpectedOldObjectId(resolve);
                    }
                    updateRef.setNewObjectId(insert);
                    updateRef.setRefLogMessage("commit: " + parseCommit.getShortMessage(), false);
                    RefUpdate.Result forceUpdate = updateRef.forceUpdate();
                    switch (AnonymousClass2.$SwitchMap$org$eclipse$jgit$lib$RefUpdate$Result[forceUpdate.ordinal()]) {
                        case 1:
                        case 2:
                        case 3:
                            revWalk.close();
                            if (newObjectInserter != null) {
                                newObjectInserter.close();
                            }
                            return;
                        case 4:
                        case 5:
                            throw new ConcurrentRefUpdateException(JGitText.get().couldNotLockHEAD, updateRef.getRef(), forceUpdate);
                        default:
                            throw new JGitInternalException(MessageFormat.format(JGitText.get().updatingRefFailed, "HEAD", insert.toString(), forceUpdate));
                    }
                } catch (Throwable th) {
                    try {
                        revWalk.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } finally {
            }
        } catch (ConcurrentRefUpdateException | IOException | JGitInternalException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    private static PersonIdent buildPersonIdent(Repository repository, String str, String str2, TimeZone timeZone, Date date) {
        return str != null ? date != null ? new PersonIdent(str, str2, date, timeZone == null ? TimeZone.getDefault() : timeZone) : new PersonIdent(str, str2) : new PersonIdent(repository);
    }

    private static DirCache createTemporaryIndex(Repository repository, ObjectId objectId, String str, byte[] bArr) {
        DirCache newInCore = DirCache.newInCore();
        DirCacheBuilder builder = newInCore.builder();
        ObjectInserter newObjectInserter = repository.newObjectInserter();
        try {
            long currentTimeMillis = System.currentTimeMillis();
            if (bArr != null) {
                try {
                    DirCacheEntry dirCacheEntry = new DirCacheEntry(str);
                    dirCacheEntry.setLength(bArr.length);
                    dirCacheEntry.setLastModified(currentTimeMillis);
                    dirCacheEntry.setFileMode(FileMode.REGULAR_FILE);
                    ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
                    try {
                        dirCacheEntry.setObjectId(newObjectInserter.insert(3, bArr.length, byteArrayInputStream));
                        byteArrayInputStream.close();
                        builder.add(dirCacheEntry);
                    } catch (Throwable th) {
                        try {
                            byteArrayInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                        throw th;
                    }
                } catch (Exception e) {
                    throw new RuntimeException(e);
                }
            }
            if (objectId != null) {
                TreeWalk treeWalk = new TreeWalk(repository);
                int addTree = treeWalk.addTree(new RevWalk(repository).parseTree(objectId));
                treeWalk.setRecursive(true);
                while (treeWalk.next()) {
                    String pathString = treeWalk.getPathString();
                    CanonicalTreeParser tree = treeWalk.getTree(addTree, CanonicalTreeParser.class);
                    if (!pathString.equals(str)) {
                        DirCacheEntry dirCacheEntry2 = new DirCacheEntry(pathString);
                        dirCacheEntry2.setObjectId(tree.getEntryObjectId());
                        dirCacheEntry2.setFileMode(tree.getEntryFileMode());
                        builder.add(dirCacheEntry2);
                    }
                }
            }
            builder.finish();
            if (newObjectInserter != null) {
                newObjectInserter.close();
            }
            if (bArr == null) {
                DirCacheEditor editor = newInCore.editor();
                editor.add(new DirCacheEditor.DeleteTree(str));
                editor.finish();
            }
            return newInCore;
        } catch (Throwable th3) {
            if (newObjectInserter != null) {
                try {
                    newObjectInserter.close();
                } catch (Throwable th4) {
                    th3.addSuppressed(th4);
                }
            }
            throw th3;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @SuppressFBWarnings(value = {"RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE"}, justification = "JDK11 produces different bytecode - https://github.com/spotbugs/spotbugs/issues/756")
    public static byte[] readFile(Repository repository, String str, String str2) {
        TreeWalk forPath;
        try {
            ObjectReader newObjectReader = repository.newObjectReader();
            try {
                ObjectId resolve = repository.resolve(str);
                if (resolve == null || (forPath = TreeWalk.forPath(newObjectReader, str2, new AnyObjectId[]{new RevWalk(repository).parseCommit(resolve).getTree()})) == null) {
                    if (newObjectReader != null) {
                        newObjectReader.close();
                    }
                    return null;
                }
                byte[] bytes = newObjectReader.open(forPath.getObjectId(0)).getBytes();
                if (newObjectReader != null) {
                    newObjectReader.close();
                }
                return bytes;
            } finally {
            }
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    public static void push(String str, Repository repository, StandardCredentials standardCredentials, String str2, String str3) {
        try {
            org.eclipse.jgit.api.Git git = new org.eclipse.jgit.api.Git(repository);
            try {
                PushCommand push = git.push();
                addCredential(repository, push, standardCredentials);
                PushResult pushResult = (PushResult) push.setRefSpecs(new RefSpec[]{new RefSpec("+" + str2 + ":" + str3)}).setRemote(str).call().iterator().next();
                if (pushResult.getRemoteUpdates().isEmpty()) {
                    throw new RuntimeException("No remote updates occurred");
                }
                for (RemoteRefUpdate remoteRefUpdate : pushResult.getRemoteUpdates()) {
                    if (!RemoteRefUpdate.Status.OK.equals(remoteRefUpdate.getStatus())) {
                        throw new ServiceException.UnexpectedErrorException("Remote update failed: " + remoteRefUpdate.getStatus().name() + ": " + remoteRefUpdate.getMessage());
                    }
                }
                git.close();
            } finally {
            }
        } catch (GitAPIException e) {
            if (!e.getMessage().toLowerCase().contains("auth")) {
                throw new ServiceException.UnexpectedErrorException("Unable to save and push to: " + str + " - " + e.getMessage(), e);
            }
            throw new ServiceException.UnauthorizedException(e.getMessage(), e);
        }
    }
}
