package hudson.plugins.audit_trail;

import com.cloudbees.plugins.credentials.CredentialsMatcher;
import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.common.StandardCertificateCredentials;
import com.cloudbees.plugins.credentials.common.StandardCredentials;
import com.cloudbees.plugins.credentials.common.StandardListBoxModel;
import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials;
import com.cloudbees.plugins.credentials.domains.URIRequirementBuilder;
import hudson.Extension;
import hudson.model.Descriptor;
import hudson.security.ACL;
import hudson.util.FormValidation;
import hudson.util.ListBoxModel;
import hudson.util.Secret;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.io.PrintStream;
import java.net.MalformedURLException;
import java.net.URISyntaxException;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.util.Calendar;
import java.util.Collections;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLContext;
import jenkins.model.Jenkins;
import net.sf.json.JSONObject;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.exception.ExceptionUtils;
import org.apache.commons.lang.time.FastDateFormat;
import org.apache.hc.client5.http.classic.methods.HttpPost;
import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
import org.apache.hc.client5.http.impl.classic.HttpClientBuilder;
import org.apache.hc.client5.http.impl.classic.HttpClients;
import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder;
import org.apache.hc.client5.http.ssl.NoopHostnameVerifier;
import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactoryBuilder;
import org.apache.hc.client5.http.ssl.TrustSelfSignedStrategy;
import org.apache.hc.core5.http.ClassicHttpResponse;
import org.apache.hc.core5.http.ContentType;
import org.apache.hc.core5.http.io.entity.StringEntity;
import org.apache.hc.core5.ssl.SSLContextBuilder;
import org.apache.hc.core5.ssl.SSLContexts;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;
import org.kohsuke.stapler.QueryParameter;

/* loaded from: input_file:WEB-INF/lib/audit-trail.jar:hudson/plugins/audit_trail/ElasticSearchAuditLogger.class */
public class ElasticSearchAuditLogger extends AuditLogger {
    private String url;
    private String usernamePasswordCredentialsId;
    private String clientCertificateCredentialsId;
    private boolean skipCertificateValidation;
    transient ElasticSearchSender elasticSearchSender;
    protected static final Logger LOGGER = Logger.getLogger(ElasticSearchAuditLogger.class.getName());
    private static final FastDateFormat DATE_FORMATTER = FastDateFormat.getInstance("yyyy-MM-dd'T'HH:mm:ssZ");

    @Extension
    /* loaded from: input_file:WEB-INF/lib/audit-trail.jar:hudson/plugins/audit_trail/ElasticSearchAuditLogger$DescriptorImpl.class */
    public static class DescriptorImpl extends Descriptor<AuditLogger> {
        public String getDisplayName() {
            return "Elastic Search server";
        }

        public ListBoxModel doFillUsernamePasswordCredentialsIdItems(@QueryParameter String str, @QueryParameter String str2) {
            if (!Jenkins.get().hasPermission(Jenkins.ADMINISTER)) {
                return new StandardListBoxModel().includeCurrentValue(str);
            }
            return new StandardListBoxModel().includeEmptyValue().includeMatchingAs(ACL.SYSTEM, Jenkins.get(), StandardCredentials.class, URIRequirementBuilder.fromUri(str2).build(), CredentialsMatchers.anyOf(new CredentialsMatcher[]{CredentialsMatchers.instanceOf(StandardUsernamePasswordCredentials.class)})).includeCurrentValue(str);
        }

        public ListBoxModel doFillClientCertificateCredentialsIdItems(@QueryParameter String str, @QueryParameter String str2) {
            if (!Jenkins.get().hasPermission(Jenkins.ADMINISTER)) {
                return new StandardListBoxModel().includeCurrentValue(str);
            }
            return new StandardListBoxModel().includeEmptyValue().includeMatchingAs(ACL.SYSTEM, Jenkins.get(), StandardCertificateCredentials.class, URIRequirementBuilder.fromUri(str2).build(), CredentialsMatchers.anyOf(new CredentialsMatcher[]{CredentialsMatchers.instanceOf(StandardCertificateCredentials.class)})).includeCurrentValue(str);
        }

        public FormValidation doCheckUrl(@QueryParameter("value") String str) {
            if (StringUtils.isBlank(str)) {
                return FormValidation.warning("URL must be set");
            }
            try {
                URL url = new URL(str);
                if (url.getUserInfo() != null) {
                    return FormValidation.error("Please specify user and password not as part of the url.");
                }
                if (StringUtils.isBlank(url.getPath()) || url.getPath().trim().matches("^\\/+$")) {
                    return FormValidation.warning("Elastic Search requires an index name and document type to be able to index the logs.  eg. https://elastic.mydomain.com/myindex/jenkinslog/");
                }
                url.toURI();
                return FormValidation.ok();
            } catch (MalformedURLException | URISyntaxException e) {
                return FormValidation.error(e.getMessage());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/audit-trail.jar:hudson/plugins/audit_trail/ElasticSearchAuditLogger$ElasticSearchSender.class */
    public static class ElasticSearchSender {
        private final CloseableHttpClient httpClient;
        private final String url;
        private final String auth;
        private final boolean skipCertificateValidation;

        public ElasticSearchSender(String str, String str2, String str3, KeyStore keyStore, String str4, boolean z) throws IOException, GeneralSecurityException {
            this.url = str;
            if (StringUtils.isNotBlank(str2)) {
                this.auth = Base64.encodeBase64String((str2 + ":" + StringUtils.defaultString(str3)).getBytes(StandardCharsets.UTF_8));
            } else {
                this.auth = null;
            }
            this.skipCertificateValidation = z;
            this.httpClient = createHttpClient(keyStore, str4, z);
        }

        public String getUrl() {
            return this.url;
        }

        public boolean getSkipCertificateValidation() {
            return this.skipCertificateValidation;
        }

        private CloseableHttpClient createHttpClient(KeyStore keyStore, String str, boolean z) throws GeneralSecurityException {
            TrustSelfSignedStrategy trustSelfSignedStrategy = null;
            if (z) {
                trustSelfSignedStrategy = TrustSelfSignedStrategy.INSTANCE;
            }
            SSLContextBuilder custom = SSLContexts.custom();
            custom.loadTrustMaterial(keyStore, trustSelfSignedStrategy);
            if (keyStore != null) {
                custom.loadKeyMaterial(keyStore, str.toCharArray());
            }
            SSLContext build = custom.build();
            HttpClientBuilder custom2 = HttpClients.custom();
            SSLConnectionSocketFactoryBuilder sslContext = SSLConnectionSocketFactoryBuilder.create().setSslContext(build);
            if (z) {
                sslContext.setHostnameVerifier(NoopHostnameVerifier.INSTANCE);
            }
            custom2.setConnectionManager(PoolingHttpClientConnectionManagerBuilder.create().setSSLSocketFactory(sslContext.build()).build());
            return custom2.build();
        }

        public void sendMessage(String str) throws IOException {
            this.httpClient.execute(getHttpPost(str), classicHttpResponse -> {
                int code = classicHttpResponse.getCode();
                if (code < 200 || code >= 300) {
                    throw new IOException(getErrorMessage(classicHttpResponse));
                }
                ElasticSearchAuditLogger.LOGGER.log(Level.FINE, "Response: {0}", classicHttpResponse);
                return classicHttpResponse;
            });
        }

        HttpPost getHttpPost(String str) {
            HttpPost httpPost = new HttpPost(this.url);
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("message", str);
            jSONObject.put("@timestamp", ElasticSearchAuditLogger.DATE_FORMATTER.format(Calendar.getInstance().getTime()));
            httpPost.setEntity(new StringEntity(jSONObject.toString(), ContentType.APPLICATION_JSON, StandardCharsets.UTF_8.name(), false));
            if (this.auth != null) {
                httpPost.addHeader("Authorization", "Basic " + this.auth);
            }
            return httpPost;
        }

        private String getErrorMessage(ClassicHttpResponse classicHttpResponse) {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            PrintStream printStream = new PrintStream((OutputStream) byteArrayOutputStream, true, StandardCharsets.UTF_8);
            try {
                try {
                    printStream.print("HTTP error code: ");
                    printStream.println(classicHttpResponse.getCode());
                    printStream.print("URL: ");
                    printStream.println(this.url);
                    printStream.println("RESPONSE: " + String.valueOf(classicHttpResponse));
                    classicHttpResponse.getEntity().writeTo(printStream);
                } catch (IOException e) {
                    printStream.println(ExceptionUtils.getStackTrace(e));
                }
                printStream.flush();
                String byteArrayOutputStream2 = byteArrayOutputStream.toString(StandardCharsets.UTF_8);
                printStream.close();
                return byteArrayOutputStream2;
            } catch (Throwable th) {
                try {
                    printStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        }
    }

    @DataBoundConstructor
    public ElasticSearchAuditLogger(String str, boolean z) {
        this.skipCertificateValidation = false;
        this.url = str;
        this.skipCertificateValidation = z;
    }

    private Object readResolve() {
        configure();
        return this;
    }

    @Override // hudson.plugins.audit_trail.AuditLogger
    public void log(String str) {
        if (this.elasticSearchSender == null) {
            configure();
            if (this.elasticSearchSender == null) {
                LOGGER.log(Level.FINER, "skip log {0}, elasticSearchSender not configured", str);
                return;
            }
        }
        LOGGER.log(Level.FINER, "Send audit message \"{0}\" to Elastic Search server {1}", new Object[]{str, this.elasticSearchSender.getUrl()});
        try {
            this.elasticSearchSender.sendMessage(str);
        } catch (IOException e) {
            LOGGER.log(Level.WARNING, "Audit event not sent to Elastic Search server: " + str + " - " + this.elasticSearchSender.toString(), (Throwable) e);
        }
    }

    public void configure() {
        if (this.url == null || this.url.length() == 0) {
            LOGGER.fine("Elastic Search Logger not configured");
            return;
        }
        String str = null;
        String str2 = null;
        if (!StringUtils.isBlank(this.usernamePasswordCredentialsId)) {
            LOGGER.fine("Username/password credentials specified: " + this.usernamePasswordCredentialsId);
            StandardUsernamePasswordCredentials usernamePasswordCredentials = getUsernamePasswordCredentials(this.usernamePasswordCredentialsId);
            if (usernamePasswordCredentials != null) {
                str = usernamePasswordCredentials.getUsername();
                str2 = Secret.toString(usernamePasswordCredentials.getPassword());
            }
        }
        KeyStore keyStore = null;
        String str3 = null;
        if (!StringUtils.isBlank(this.clientCertificateCredentialsId)) {
            LOGGER.fine("Client certificate specified: " + this.clientCertificateCredentialsId);
            StandardCertificateCredentials certificateCredentials = getCertificateCredentials(this.clientCertificateCredentialsId);
            if (certificateCredentials == null) {
                LOGGER.log(Level.SEVERE, "Unable to find certificate credentials: " + this.clientCertificateCredentialsId + " - Not creating ElasticSearchSender");
                return;
            } else {
                keyStore = certificateCredentials.getKeyStore();
                str3 = certificateCredentials.getPassword().getPlainText();
                LOGGER.fine("Client certificate keystore loaded");
            }
        }
        try {
            this.elasticSearchSender = new ElasticSearchSender(this.url, str, str2, keyStore, str3, this.skipCertificateValidation);
            LOGGER.log(Level.FINE, "ElasticSearchAuditLogger: {0}", this);
        } catch (IOException e) {
            LOGGER.log(Level.SEVERE, "Unable to create ElasticSearchSender", (Throwable) e);
        } catch (GeneralSecurityException e2) {
            LOGGER.log(Level.SEVERE, "Unable to create ElasticSearchSender", (Throwable) e2);
        }
    }

    private StandardUsernamePasswordCredentials getUsernamePasswordCredentials(String str) {
        return CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(StandardUsernamePasswordCredentials.class, Jenkins.get(), ACL.SYSTEM, Collections.emptyList()), CredentialsMatchers.withId(str));
    }

    private StandardCertificateCredentials getCertificateCredentials(String str) {
        return CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(StandardCertificateCredentials.class, Jenkins.get(), ACL.SYSTEM, Collections.emptyList()), CredentialsMatchers.withId(str));
    }

    public String getUrl() {
        return this.url;
    }

    @DataBoundSetter
    public void setUrl(String str) throws URISyntaxException, MalformedURLException {
        this.url = str;
        new URL(str).toURI();
    }

    public String getUsernamePasswordCredentialsId() {
        return this.usernamePasswordCredentialsId;
    }

    @DataBoundSetter
    public void setUsernamePasswordCredentialsId(String str) {
        this.usernamePasswordCredentialsId = str;
    }

    public String getClientCertificateCredentialsId() {
        return this.clientCertificateCredentialsId;
    }

    @DataBoundSetter
    public void setClientCertificateCredentialsId(String str) {
        this.clientCertificateCredentialsId = str;
    }

    public boolean getSkipCertificateValidation() {
        return this.skipCertificateValidation;
    }

    @DataBoundSetter
    public void setSkipCertificateValidation(boolean z) {
        this.skipCertificateValidation = z;
    }

    public String getDisplayName() {
        return "Elastic Search Logger";
    }

    ElasticSearchSender getElasticSearchSender() {
        return this.elasticSearchSender;
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (!(obj instanceof ElasticSearchAuditLogger)) {
            return false;
        }
        ElasticSearchAuditLogger elasticSearchAuditLogger = (ElasticSearchAuditLogger) obj;
        if (this.url != null) {
            if (!this.url.equals(elasticSearchAuditLogger.url)) {
                return false;
            }
        } else if (elasticSearchAuditLogger.url != null) {
            return false;
        }
        if (this.usernamePasswordCredentialsId != null) {
            if (!this.usernamePasswordCredentialsId.equals(elasticSearchAuditLogger.usernamePasswordCredentialsId)) {
                return false;
            }
        } else if (elasticSearchAuditLogger.usernamePasswordCredentialsId != null) {
            return false;
        }
        if (this.clientCertificateCredentialsId != null) {
            if (!this.clientCertificateCredentialsId.equals(elasticSearchAuditLogger.clientCertificateCredentialsId)) {
                return false;
            }
        } else if (elasticSearchAuditLogger.clientCertificateCredentialsId != null) {
            return false;
        }
        return this.skipCertificateValidation == elasticSearchAuditLogger.skipCertificateValidation;
    }

    public int hashCode() {
        return (31 * ((31 * ((31 * ((31 * super.hashCode()) + (this.url == null ? 0 : this.url.hashCode()))) + (this.usernamePasswordCredentialsId == null ? 0 : this.usernamePasswordCredentialsId.hashCode()))) + (this.clientCertificateCredentialsId == null ? 0 : this.clientCertificateCredentialsId.hashCode()))) + Boolean.hashCode(this.skipCertificateValidation);
    }

    public String toString() {
        return "ElasticSearchAuditLogger{url='" + this.url + "', usernamePasswordCredentialsId='" + this.usernamePasswordCredentialsId + "', clientCertificateCredentialsId='" + this.clientCertificateCredentialsId + "', skipCertificateValidation='" + this.skipCertificateValidation + "'}";
    }
}
