package io.jenkins.plugins.csp;

import edu.umd.cs.findbugs.annotations.CheckForNull;
import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.Extension;
import hudson.ExtensionList;
import hudson.PluginManager;
import hudson.PluginWrapper;
import hudson.model.ManagementLink;
import hudson.model.PeriodicWork;
import hudson.model.User;
import io.jenkins.plugins.csp.ContentSecurityPolicyReceiver;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.LinkedList;
import java.util.List;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;
import jenkins.model.Jenkins;
import jenkins.util.SystemProperties;
import net.sf.json.JSONObject;
import org.jenkinsci.Symbol;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;
import org.kohsuke.stapler.HttpResponse;
import org.kohsuke.stapler.HttpResponses;
import org.kohsuke.stapler.StaplerProxy;
import org.kohsuke.stapler.interceptor.RequirePOST;

@Extension
@Restricted({NoExternalUse.class})
@Symbol({"contentSecurityPolicyManagementLink"})
/* loaded from: input_file:io/jenkins/plugins/csp/ContentSecurityPolicyManagementLink.class */
public class ContentSecurityPolicyManagementLink extends ManagementLink implements StaplerProxy, ContentSecurityPolicyReceiver {
    public static final Logger LOGGER = Logger.getLogger(ManagementLink.class.getName());
    public static final int ROTATE_PERIOD_HOURS = SystemProperties.getInteger(ContentSecurityPolicyManagementLink.class.getName() + ".ROTATE_PERIOD_HOURS", 6).intValue();
    private static int ROTATE_AFTER_HOURS = SystemProperties.getInteger(ContentSecurityPolicyManagementLink.class.getName() + ".ROTATE_AFTER_HOURS", 24).intValue();
    private final List<Record> records = new LinkedList();

    /* loaded from: input_file:io/jenkins/plugins/csp/ContentSecurityPolicyManagementLink$Record.class */
    public static final class Record {
        private final String contextClassName;
        private final String contextViewName;
        private final String violatedDirective;
        private final String blockedUri;
        private final String scriptSample;
        private final Instant time;
        private final String username;

        public Record(String str, String str2, String str3, String str4, String str5, Instant instant, String str6) {
            this.violatedDirective = str3;
            this.contextClassName = str;
            this.contextViewName = str2;
            this.blockedUri = str4;
            this.scriptSample = str5;
            this.time = instant;
            this.username = str6;
        }

        public String getContextClassName() {
            return this.contextClassName;
        }

        public String getContextViewName() {
            return this.contextViewName;
        }

        public String getViolatedDirective() {
            return this.violatedDirective;
        }

        public String getBlockedUri() {
            return this.blockedUri;
        }

        public String getScriptSample() {
            return this.scriptSample;
        }

        public Instant getTime() {
            return this.time;
        }

        public Date getDate() {
            return Date.from(this.time);
        }

        public String getUsername() {
            return this.username;
        }

        public PluginWrapper getContextPlugin() {
            if (this.contextClassName.isEmpty()) {
                return null;
            }
            try {
                PluginManager pluginManager = Jenkins.get().getPluginManager();
                return pluginManager.whichPlugin(pluginManager.uberClassLoader.loadClass(this.contextClassName));
            } catch (ClassNotFoundException e) {
                ContentSecurityPolicyManagementLink.LOGGER.log(Level.FINE, e, () -> {
                    return "Failed to determine plugin for class: " + this.contextClassName;
                });
                return null;
            }
        }

        public User getUser() {
            if (this.username == null) {
                return null;
            }
            return User.get(this.username, false, Collections.emptyMap());
        }
    }

    @Extension
    /* loaded from: input_file:io/jenkins/plugins/csp/ContentSecurityPolicyManagementLink$Rotator.class */
    public static class Rotator extends PeriodicWork {
        public long getRecurrencePeriod() {
            return TimeUnit.HOURS.toMillis(ContentSecurityPolicyManagementLink.ROTATE_PERIOD_HOURS);
        }

        protected void doRun() throws Exception {
            ((ContentSecurityPolicyManagementLink) ExtensionList.lookupSingleton(ContentSecurityPolicyManagementLink.class)).rotate();
        }
    }

    public String getIconFileName() {
        return "document.png";
    }

    public String getDisplayName() {
        return "Content Security Policy Report";
    }

    public String getUrlName() {
        return "content-security-policy-reports";
    }

    public String getDescription() {
        return "Review reported Content Security Policy violations.";
    }

    @NonNull
    public ManagementLink.Category getCategory() {
        return ManagementLink.Category.SECURITY;
    }

    public Object getTarget() {
        Jenkins.get().checkPermission(getRequiredPermission());
        return this;
    }

    @Override // io.jenkins.plugins.csp.ContentSecurityPolicyReceiver
    public void report(@NonNull ContentSecurityPolicyReceiver.ViewContext viewContext, @CheckForNull User user, @NonNull JSONObject jSONObject) {
        JSONObject jSONObject2 = jSONObject.getJSONObject("csp-report");
        Record record = new Record(viewContext.getClassName(), viewContext.getViewName(), jSONObject2.optString("violated-directive", "<UNKNOWN>"), jSONObject2.optString("blocked-uri", "<UNKNOWN>"), jSONObject2.optString("script-sample", "<UNKNOWN>"), Instant.now(), user == null ? null : user.getId());
        synchronized (this.records) {
            this.records.add(record);
        }
    }

    public List<Record> getRecords() {
        ArrayList arrayList;
        synchronized (this.records) {
            arrayList = new ArrayList(this.records);
        }
        return arrayList;
    }

    @RequirePOST
    public HttpResponse doClear() {
        synchronized (this.records) {
            this.records.clear();
        }
        return HttpResponses.forwardToPreviousPage();
    }

    public void rotate() {
        synchronized (this.records) {
            this.records.removeIf(record -> {
                return record.getTime().isBefore(Instant.now().minus(ROTATE_AFTER_HOURS, (TemporalUnit) ChronoUnit.HOURS));
            });
        }
    }
}
