package jenkins.plugins.git;

import com.cloudbees.jenkins.plugins.sshcredentials.SSHUserPrivateKey;
import com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.CredentialsScope;
import com.cloudbees.plugins.credentials.CredentialsStore;
import com.cloudbees.plugins.credentials.domains.Domain;
import hudson.model.Action;
import hudson.model.FreeStyleProject;
import hudson.plugins.git.GitTool;
import hudson.tasks.BatchFile;
import hudson.tasks.Shell;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.zip.ZipEntry;
import java.util.zip.ZipFile;
import jenkins.model.Jenkins;
import org.apache.commons.codec.digest.DigestUtils;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.jenkinsci.plugins.credentialsbinding.MultiBinding;
import org.jenkinsci.plugins.credentialsbinding.impl.SecretBuildWrapper;
import org.jenkinsci.plugins.gitclient.JGitApacheTool;
import org.jenkinsci.plugins.gitclient.JGitTool;
import org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition;
import org.jenkinsci.plugins.workflow.job.WorkflowJob;
import org.jenkinsci.plugins.workflow.job.WorkflowRun;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import org.jvnet.hudson.test.JenkinsRule;

@RunWith(Parameterized.class)
/* loaded from: input_file:jenkins/plugins/git/GitSSHPrivateKeyBindingTest.class */
public class GitSSHPrivateKeyBindingTest {
    private final String privateKey;
    private final String privatekeyPassphrase;
    private final GitTool gitToolInstance;
    private final String credentialID = DigestUtils.sha256Hex("Git SSH Private Key Binding".getBytes(StandardCharsets.UTF_8));
    private SSHUserPrivateKey credentials = null;
    private BasicSSHUserPrivateKey.DirectEntryPrivateKeySource privateKeySource = null;

    @Rule
    public JenkinsRule r = new JenkinsRule();

    @Rule
    public GitSampleRepoRule g = new GitSampleRepoRule();

    @Parameterized.Parameters(name = "PrivateKey-Name {0}: Passphrase {1}: GitToolInstance {2}")
    public static Collection<Object[]> data() throws IOException {
        return Arrays.asList(new Object[]{privateKeyFileRead("rsa_openssh_enc"), "Dummy", new GitTool("git", "git", (List) null)}, new Object[]{privateKeyFileRead("rsa_openssh_uenc"), "", new GitTool("Default", "git", (List) null)}, new Object[]{privateKeyFileRead("rsa_openssh_enc"), "Dummy", new JGitTool()}, new Object[]{privateKeyFileRead("rsa_openssh_uenc"), "Dummy", new JGitApacheTool()});
    }

    public GitSSHPrivateKeyBindingTest(String str, String str2, GitTool gitTool) {
        this.privateKey = str;
        this.privatekeyPassphrase = str2;
        this.gitToolInstance = gitTool;
    }

    private static String privateKeyFileRead(String str) throws IOException {
        ZipFile zipFile = new ZipFile(new File("src/test/resources/jenkins/plugins/git/GitSSHPrivateKeyBindingTest/sshKeys.zip"), 1);
        ZipEntry entry = zipFile.getEntry(str);
        InputStream inputStream = zipFile.getInputStream(entry);
        byte[] bArr = new byte[(int) entry.getSize()];
        inputStream.read(bArr);
        inputStream.close();
        zipFile.close();
        return new String(bArr, StandardCharsets.UTF_8);
    }

    @Before
    public void basicSetup() throws IOException {
        this.privateKeySource = new BasicSSHUserPrivateKey.DirectEntryPrivateKeySource(this.privateKey);
        this.credentials = new BasicSSHUserPrivateKey(CredentialsScope.GLOBAL, this.credentialID, "GitSSHPrivateKey", this.privateKeySource, this.privatekeyPassphrase, "Git SSH Private Key Binding");
        ((CredentialsStore) CredentialsProvider.lookupStores(this.r.jenkins).iterator().next()).addCredentials(Domain.global(), this.credentials);
        Jenkins.get().getDescriptorByType(GitTool.DescriptorImpl.class).getDefaultInstallers().clear();
        Jenkins.get().getDescriptorByType(GitTool.DescriptorImpl.class).setInstallations(new GitTool[]{this.gitToolInstance});
    }

    private String batchCheck(boolean z) {
        return z ? "set | findstr GCM_INTERACTIVE >> sshAuth.txt" : "set > sshAuth.txt";
    }

    private String shellCheck() {
        return "env | grep -zE \"GIT_TERMINAL_PROMPT|\" > sshAuth.txt";
    }

    @Test
    public void test_SSHBinding_FreeStyleProject() throws Exception {
        FreeStyleProject createFreeStyleProject = this.r.createFreeStyleProject();
        createFreeStyleProject.getBuildWrappersList().add(new SecretBuildWrapper(Collections.singletonList(new GitSSHPrivateKeyBinding(this.gitToolInstance.getName(), this.credentialID))));
        createFreeStyleProject.getBuildersList().add(isWindows() ? new BatchFile(batchCheck(isCliGitTool())) : new Shell(shellCheck()));
        this.r.configRoundtrip(createFreeStyleProject);
        SecretBuildWrapper secretBuildWrapper = createFreeStyleProject.getBuildWrappersList().get(SecretBuildWrapper.class);
        MatcherAssert.assertThat(secretBuildWrapper, Matchers.is(Matchers.notNullValue()));
        List bindings = secretBuildWrapper.getBindings();
        MatcherAssert.assertThat(Integer.valueOf(bindings.size()), Matchers.is(1));
        GitSSHPrivateKeyBinding gitSSHPrivateKeyBinding = (MultiBinding) bindings.get(0);
        if (isCliGitTool()) {
            MatcherAssert.assertThat(gitSSHPrivateKeyBinding.getGitToolName(), Matchers.equalTo(this.gitToolInstance.getName()));
        } else {
            MatcherAssert.assertThat(gitSSHPrivateKeyBinding.getGitToolName(), Matchers.equalTo(""));
        }
        String trim = this.r.buildAndAssertSuccess(createFreeStyleProject).getWorkspace().child("sshAuth.txt").readToString().trim();
        if (isCliGitTool()) {
            if (isWindows()) {
                MatcherAssert.assertThat(trim, Matchers.containsString("GCM_INTERACTIVE=false"));
            } else if (this.g.gitVersionAtLeast(2, 3, 0)) {
                MatcherAssert.assertThat(trim, Matchers.containsString("GIT_TERMINAL_PROMPT=false"));
            }
        }
    }

    @Test
    public void test_SSHBinding_PipelineJob() throws Exception {
        WorkflowJob createProject = this.r.createProject(WorkflowJob.class);
        createProject.setDefinition(new CpsFlowDefinition("node {\n  withCredentials([gitSshPrivateKey(credentialsId: '" + this.credentialID + "'" + (!isCliGitTool() ? "" : ", gitToolName: '" + this.gitToolInstance.getName() + "'") + ")]) {\n    if (isUnix()) {\n      sh '" + shellCheck() + "'\n    } else {\n      bat '" + batchCheck(isCliGitTool()) + "'\n    }\n  }\n}", true));
        WorkflowRun waitForStart = createProject.scheduleBuild2(0, new Action[0]).waitForStart();
        this.r.waitForCompletion(waitForStart);
        this.r.assertBuildStatusSuccess(waitForStart);
        String trim = this.r.jenkins.getWorkspaceFor(createProject).child("sshAuth.txt").readToString().trim();
        if (isCliGitTool()) {
            if (isWindows()) {
                MatcherAssert.assertThat(trim, Matchers.containsString("GCM_INTERACTIVE=false"));
            } else if (this.g.gitVersionAtLeast(2, 3, 0)) {
                MatcherAssert.assertThat(trim, Matchers.containsString("GIT_TERMINAL_PROMPT=false"));
            }
        }
    }

    private static boolean isWindows() {
        return File.pathSeparatorChar == ';';
    }

    private boolean isCliGitTool() {
        return this.gitToolInstance.getClass().equals(GitTool.class);
    }
}
