package io.jenkins.plugins.portshift_vulnerability_scanner;

import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.common.StandardListBoxModel;
import com.cloudbees.plugins.credentials.common.StandardUsernameCredentials;
import com.cloudbees.plugins.credentials.common.StandardUsernameListBoxModel;
import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials;
import hudson.AbortException;
import hudson.Extension;
import hudson.FilePath;
import hudson.Launcher;
import hudson.model.AbstractProject;
import hudson.model.Descriptor;
import hudson.model.Item;
import hudson.model.Run;
import hudson.model.TaskListener;
import hudson.model.TopLevelItem;
import hudson.security.ACL;
import hudson.tasks.BuildStepDescriptor;
import hudson.tasks.Builder;
import hudson.util.FormValidation;
import hudson.util.ListBoxModel;
import io.jenkins.DockerRiskSeverity;
import io.jenkins.VulnerabilitySeverity;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.UUID;
import javax.annotation.Nonnull;
import jenkins.model.Jenkins;
import jenkins.tasks.SimpleBuildStep;
import net.sf.json.JSONObject;
import org.apache.commons.lang.StringUtils;
import org.jenkinsci.Symbol;
import org.jenkinsci.plugins.plaincredentials.StringCredentials;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.StaplerRequest;

/* loaded from: input_file:io/jenkins/plugins/portshift_vulnerability_scanner/PortshiftVulnerabilityScannerBuilder.class */
public class PortshiftVulnerabilityScannerBuilder extends Builder implements SimpleBuildStep {
    protected static final String PLUGIN_NAME = "securecn-scanner";
    protected static final String DEFAULT_SECURE_CN_PRODUCTION_URL = "securecn.cisco.com";
    private String secureCnAccessKey;
    private String secureCnSecretKeyId;
    private String secretKey;
    private String imageName;
    private String url = "securecn.cisco.com";
    private String dockerRegistryPasswordId;
    private String dockerRegistryUsername;
    private String dockerRegistryPassword;
    private String highestSeverityAllowed;
    private String highestSeverityAllowedDf;
    private Boolean pushLocalImage;

    @Extension
    @Symbol({"secureCNVulnerabilityScanner"})
    /* loaded from: input_file:io/jenkins/plugins/portshift_vulnerability_scanner/PortshiftVulnerabilityScannerBuilder$DescriptorImpl.class */
    public static final class DescriptorImpl extends BuildStepDescriptor<Builder> {
        private String secureCnAccessKey;
        private String imageName;
        private String url;
        private String highestSeverityAllowed;
        private String highestSeverityAllowedDf;
        private Boolean pushLocalImage;

        public DescriptorImpl() {
            load();
        }

        public ListBoxModel doFillSecureCnSecretKeyIdItems(@AncestorInPath Item item, @QueryParameter String str) {
            return !hasPermission(item) ? new StandardListBoxModel().includeCurrentValue(str) : new StandardListBoxModel().includeEmptyValue().includeAs(ACL.SYSTEM, item, StringCredentials.class).includeCurrentValue(str);
        }

        public ListBoxModel doFillDockerRegistryPasswordIdItems(@AncestorInPath Item item, @QueryParameter String str) {
            return !hasPermission(item) ? new StandardUsernameListBoxModel().includeCurrentValue(str) : new StandardUsernameListBoxModel().includeMatchingAs(ACL.SYSTEM, item, StandardUsernameCredentials.class, Collections.emptyList(), CredentialsMatchers.instanceOf(StandardUsernamePasswordCredentials.class)).includeCurrentValue(str);
        }

        private boolean hasPermission(Item item) {
            return item != null ? item.hasPermission(Item.CONFIGURE) : Jenkins.getInstance().hasPermission(Jenkins.ADMINISTER);
        }

        public FormValidation doCheckSecureCnAccessKey(@QueryParameter String str) {
            try {
                UUID.fromString(str);
                return FormValidation.ok();
            } catch (Exception e) {
                return FormValidation.error(Messages.PortshiftVulnerabilityScannerBuilder_DescriptorImpl_errors_invalidSecureCnAccessKey());
            }
        }

        public FormValidation doCheckImageName(@QueryParameter String str) {
            try {
                return StringUtils.isEmpty(str) ? FormValidation.error(Messages.PortshiftVulnerabilityScannerBuilder_DescriptorImpl_errors_invalidImageName()) : FormValidation.ok();
            } catch (Exception e) {
                return FormValidation.error(Messages.PortshiftVulnerabilityScannerBuilder_DescriptorImpl_errors_invalidImageName());
            }
        }

        public FormValidation doCheckUrl(@QueryParameter String str) {
            try {
                return (isValidUrl(str) || isValidUrl(new StringBuilder().append("https://").append(str).toString())) ? FormValidation.ok() : FormValidation.error(Messages.PortshiftVulnerabilityScannerBuilder_DescriptorImpl_errors_invalidUrl());
            } catch (Exception e) {
                return FormValidation.error(Messages.PortshiftVulnerabilityScannerBuilder_DescriptorImpl_errors_invalidUrl());
            }
        }

        public FormValidation doCheckHighestSeverityAllowed(@QueryParameter String str) {
            try {
                return (StringUtils.isEmpty(str) || isValidSeverity(str)) ? FormValidation.ok() : FormValidation.error(Messages.PortshiftVulnerabilityScannerBuilder_DescriptorImpl_errors_invalidSeverity());
            } catch (Exception e) {
                return FormValidation.error(Messages.PortshiftVulnerabilityScannerBuilder_DescriptorImpl_errors_invalidSeverity());
            }
        }

        public FormValidation doCheckHighestSeverityAllowedDf(@QueryParameter String str) {
            try {
                return (StringUtils.isEmpty(str) || isValidSeverityDf(str)) ? FormValidation.ok() : FormValidation.error(Messages.PortshiftVulnerabilityScannerBuilder_DescriptorImpl_errors_invalidDfSeverity());
            } catch (Exception e) {
                return FormValidation.error(Messages.PortshiftVulnerabilityScannerBuilder_DescriptorImpl_errors_invalidSeverity());
            }
        }

        private boolean isValidUrl(String str) {
            try {
                new URL(str);
                return true;
            } catch (MalformedURLException e) {
                return false;
            }
        }

        private boolean isValidSeverity(String str) {
            for (VulnerabilitySeverity vulnerabilitySeverity : VulnerabilitySeverity.values()) {
                if (vulnerabilitySeverity.name().equals(str)) {
                    return true;
                }
            }
            return false;
        }

        private boolean isValidSeverityDf(String str) {
            for (DockerRiskSeverity dockerRiskSeverity : DockerRiskSeverity.values()) {
                if (dockerRiskSeverity.name().equals(str)) {
                    return true;
                }
            }
            return false;
        }

        public boolean isApplicable(Class<? extends AbstractProject> cls) {
            return true;
        }

        @Nonnull
        public String getDisplayName() {
            return Messages.PortshiftVulnerabilityScannerBuilder_DescriptorImpl_DisplayName();
        }

        public boolean configure(StaplerRequest staplerRequest, JSONObject jSONObject) throws Descriptor.FormException {
            this.secureCnAccessKey = jSONObject.getString("secureCnAccessKey");
            this.imageName = jSONObject.getString("imageName");
            this.url = jSONObject.getString("url");
            this.highestSeverityAllowed = jSONObject.getString("highestSeverityAllowed");
            this.highestSeverityAllowedDf = jSONObject.getString("highestSeverityAllowedDf");
            this.pushLocalImage = Boolean.valueOf(jSONObject.getBoolean("pushLocalImage"));
            save();
            return super.configure(staplerRequest, jSONObject);
        }

        public String getSecureCnAccessKey() {
            return this.secureCnAccessKey;
        }

        public String getImageName() {
            return this.imageName;
        }

        public String getUrl() {
            return this.url;
        }

        public String getHighestSeverityAllowed() {
            return this.highestSeverityAllowed;
        }

        public String getHighestSeverityAllowedDf() {
            return this.highestSeverityAllowedDf;
        }

        public Boolean getPushLocalImage() {
            return this.pushLocalImage;
        }
    }

    @DataBoundConstructor
    public PortshiftVulnerabilityScannerBuilder(String str, String str2, String str3) {
        this.secureCnAccessKey = str;
        this.secureCnSecretKeyId = str2;
        this.imageName = str3;
    }

    @DataBoundSetter
    public void setSecureCnAccessKey(String str) {
        this.secureCnAccessKey = str;
    }

    @DataBoundSetter
    public void setSecureCnSecretKeyId(String str) {
        this.secureCnSecretKeyId = str;
    }

    @DataBoundSetter
    public void setImageName(String str) {
        this.imageName = str;
    }

    @DataBoundSetter
    public void setUrl(String str) {
        if (StringUtils.isEmpty(str)) {
            return;
        }
        this.url = str;
    }

    @DataBoundSetter
    public void setDockerRegistryPasswordId(String str) {
        this.dockerRegistryPasswordId = str;
    }

    @DataBoundSetter
    public void setHighestSeverityAllowed(String str) {
        this.highestSeverityAllowed = str;
    }

    @DataBoundSetter
    public void setHighestSeverityAllowedDf(String str) {
        this.highestSeverityAllowedDf = str;
    }

    @DataBoundSetter
    public void setPushLocalImage(Boolean bool) {
        this.pushLocalImage = bool;
    }

    public String getSecureCnAccessKey() {
        return this.secureCnAccessKey;
    }

    public String getSecretKey() {
        return this.secretKey;
    }

    public String getImageName() {
        return this.imageName;
    }

    public String getUrl() {
        return this.url;
    }

    public String getHighestSeverityAllowed() {
        return this.highestSeverityAllowed;
    }

    public String getDockerRegistryUsername() {
        return this.dockerRegistryUsername;
    }

    public String getHighestSeverityAllowedDf() {
        return this.highestSeverityAllowedDf;
    }

    public void perform(@Nonnull Run<?, ?> run, @Nonnull FilePath filePath, @Nonnull Launcher launcher, @Nonnull TaskListener taskListener) throws AbortException {
        checkConfiguration();
        setSecrets();
        int execute = PortshiftVulnerabilityScanExecuter.execute(run, filePath, launcher, taskListener, this.secureCnAccessKey, this.secretKey, this.imageName, this.url, this.highestSeverityAllowed, this.dockerRegistryUsername, this.dockerRegistryPassword, this.highestSeverityAllowedDf, this.pushLocalImage);
        taskListener.getLogger().println("exitCode: " + execute);
        switch (execute) {
            case 0:
                taskListener.getLogger().println("Vulnerability scan has completed successfully.");
                return;
            case 4:
                throw new AbortException("Vulnerability scan has failed.");
            default:
                throw new AbortException("Vulnerability scan has failed.");
        }
    }

    private void checkConfiguration() throws AbortException {
        if (StringUtils.isEmpty(this.secureCnAccessKey)) {
            throwMissingConfiguration("secureCnAccessKey");
        }
        if (StringUtils.isEmpty(this.secureCnSecretKeyId)) {
            throwMissingConfiguration("secureCnSecretKeyId");
        }
        if (StringUtils.isEmpty(this.imageName)) {
            throwMissingConfiguration("imageName");
        }
    }

    private void throwMissingConfiguration(String str) throws AbortException {
        throw new AbortException("Missing configuration. Please set the plugin configuration parameters before continuing.\nempty field: " + str);
    }

    private void setSecrets() throws AbortException {
        Collection values = Jenkins.get().getItemMap().values();
        Iterator it = values.iterator();
        while (it.hasNext()) {
            this.secretKey = getSecureCnSecretFromKey((TopLevelItem) it.next());
            if (this.secretKey != null) {
                break;
            }
        }
        if (this.secretKey == null) {
            throw new AbortException("SecureCn credentials has not found for secret Id = " + this.secureCnSecretKeyId);
        }
        if (StringUtils.isEmpty(this.dockerRegistryPasswordId)) {
            return;
        }
        Iterator it2 = values.iterator();
        while (true) {
            if (!it2.hasNext()) {
                break;
            }
            StandardUsernamePasswordCredentials dockerCredentialsFromKey = getDockerCredentialsFromKey((TopLevelItem) it2.next());
            if (dockerCredentialsFromKey != null) {
                this.dockerRegistryPassword = dockerCredentialsFromKey.getPassword().getPlainText();
                this.dockerRegistryUsername = dockerCredentialsFromKey.getUsername();
                break;
            }
        }
        if (this.dockerRegistryPassword == null) {
            throw new AbortException("docker registry credentials has not found for secret Id = " + this.dockerRegistryPasswordId);
        }
    }

    private StandardUsernamePasswordCredentials getDockerCredentialsFromKey(TopLevelItem topLevelItem) {
        for (StandardUsernamePasswordCredentials standardUsernamePasswordCredentials : CredentialsProvider.lookupCredentials(StandardUsernamePasswordCredentials.class, topLevelItem, ACL.SYSTEM, Collections.emptyList())) {
            if (standardUsernamePasswordCredentials.getId().equals(this.dockerRegistryPasswordId)) {
                return standardUsernamePasswordCredentials;
            }
        }
        return null;
    }

    private String getSecureCnSecretFromKey(TopLevelItem topLevelItem) {
        for (StringCredentials stringCredentials : CredentialsProvider.lookupCredentials(StringCredentials.class, topLevelItem, ACL.SYSTEM, Collections.emptyList())) {
            if (stringCredentials.getId().equals(this.secureCnSecretKeyId)) {
                return stringCredentials.getSecret().getPlainText();
            }
        }
        return null;
    }

    /* renamed from: getDescriptor, reason: merged with bridge method [inline-methods] */
    public DescriptorImpl m3getDescriptor() {
        return super.getDescriptor();
    }
}
