package io.jenkins.plugins.scanner;

import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.common.StandardListBoxModel;
import com.cloudbees.plugins.credentials.domains.URIRequirementBuilder;
import hudson.EnvVars;
import hudson.Extension;
import hudson.FilePath;
import hudson.Launcher;
import hudson.model.AbstractProject;
import hudson.model.BuildListener;
import hudson.model.Item;
import hudson.model.ItemGroup;
import hudson.model.Result;
import hudson.model.Run;
import hudson.model.TaskListener;
import hudson.security.ACL;
import hudson.security.AccessControlled;
import hudson.tasks.BuildStepDescriptor;
import hudson.tasks.Builder;
import hudson.util.ArgumentListBuilder;
import hudson.util.FormValidation;
import hudson.util.ListBoxModel;
import java.io.BufferedReader;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.StringReader;
import java.net.URL;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import jenkins.model.ArtifactManager;
import jenkins.model.Jenkins;
import jenkins.tasks.SimpleBuildStep;
import org.jenkinsci.Symbol;
import org.jenkinsci.plugins.plaincredentials.StringCredentials;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.verb.POST;

/* loaded from: input_file:WEB-INF/lib/appknox-scanner.jar:io/jenkins/plugins/scanner/AppknoxScanner.class */
public class AppknoxScanner extends Builder implements SimpleBuildStep {
    private final String credentialsId;
    private final String filePath;
    private final String riskThreshold;
    private final String region;

    @Extension
    @Symbol({"appKnoxScanner"})
    /* loaded from: input_file:WEB-INF/lib/appknox-scanner.jar:io/jenkins/plugins/scanner/AppknoxScanner$DescriptorImpl.class */
    public static final class DescriptorImpl extends BuildStepDescriptor<Builder> {
        public DescriptorImpl() {
            super(AppknoxScanner.class);
            load();
        }

        public boolean isApplicable(Class<? extends AbstractProject> cls) {
            return true;
        }

        public String getDisplayName() {
            return "Appknox Security Scanner";
        }

        @POST
        public ListBoxModel doFillRegionItems() {
            return new ListBoxModel(new ListBoxModel.Option[]{new ListBoxModel.Option("Global", "global"), new ListBoxModel.Option("Saudi", "saudi")});
        }

        @POST
        public ListBoxModel doFillCredentialsIdItems(@AncestorInPath ItemGroup<?> itemGroup) {
            if (itemGroup == null) {
                Jenkins.get().checkPermission(Jenkins.ADMINISTER);
            } else {
                ((AccessControlled) itemGroup).checkPermission(Item.CONFIGURE);
            }
            return new StandardListBoxModel().includeEmptyValue().includeMatchingAs(ACL.SYSTEM, itemGroup, StringCredentials.class, URIRequirementBuilder.fromUri("").build(), CredentialsMatchers.instanceOf(StringCredentials.class));
        }

        @POST
        public FormValidation doCheckCredentialsId(@QueryParameter String str) {
            Jenkins.get().checkPermission(Item.CONFIGURE);
            return str.isEmpty() ? FormValidation.error("Appknox Access Token must be selected") : FormValidation.ok();
        }

        @POST
        public FormValidation doCheckFilePath(@QueryParameter String str) {
            Jenkins.get().checkPermission(Item.CONFIGURE);
            return str.isEmpty() ? FormValidation.error("File Path must not be empty") : FormValidation.ok();
        }

        @POST
        public FormValidation doCheckRiskThreshold(@QueryParameter String str) {
            Jenkins.get().checkPermission(Item.CONFIGURE);
            return (str.isEmpty() || !(str.equals("LOW") || str.equals("MEDIUM") || str.equals("HIGH") || str.equals("CRITICAL"))) ? FormValidation.error("Risk Threshold must be one of: LOW, MEDIUM, HIGH, CRITICAL") : FormValidation.ok();
        }
    }

    @DataBoundConstructor
    public AppknoxScanner(String str, String str2, String str3, String str4) {
        this.credentialsId = str;
        this.filePath = str2;
        this.riskThreshold = str3;
        this.region = str4;
    }

    public String getCredentialsId() {
        return this.credentialsId;
    }

    public String getFilePath() {
        return this.filePath;
    }

    public String getRiskThreshold() {
        return this.riskThreshold;
    }

    public String getRegion() {
        return this.region;
    }

    public void perform(Run<?, ?> run, FilePath filePath, Launcher launcher, TaskListener taskListener) throws InterruptedException, IOException {
        if (filePath == null) {
            taskListener.getLogger().println("Workspace is null.");
            return;
        }
        if (filePath.isRemote()) {
            taskListener.getLogger().println("Running on Agent...");
        } else {
            taskListener.getLogger().println("Running on Controller...");
        }
        if (executeAppknoxCommands(run, filePath, "summary-report.csv", launcher, taskListener)) {
            archiveArtifact(run, filePath, "summary-report.csv", launcher, taskListener);
        } else if (run != null) {
            run.setResult(Result.FAILURE);
        }
    }

    private boolean executeAppknoxCommands(Run<?, ?> run, FilePath filePath, String str, Launcher launcher, TaskListener taskListener) {
        try {
            String accessToken = getAccessToken(taskListener);
            if (accessToken == null) {
                return false;
            }
            EnvVars envVars = new EnvVars();
            envVars.put("APPKNOX_ACCESS_TOKEN", accessToken);
            String downloadAndInstallAppknox = downloadAndInstallAppknox(filePath, taskListener, launcher);
            taskListener.getLogger().println("Selected Region: " + this.region);
            String findAppFilePath = findAppFilePath(filePath, this.filePath, taskListener);
            if (findAppFilePath == null) {
                taskListener.getLogger().println("Neither APK nor IPA file found in the expected directories.");
                return false;
            }
            String extractFileID = extractFileID(uploadFile(downloadAndInstallAppknox, taskListener, envVars, findAppFilePath, launcher, filePath), taskListener);
            if (extractFileID == null) {
                return false;
            }
            if (!runCICheck(downloadAndInstallAppknox, run, extractFileID, taskListener, envVars, launcher, filePath) && run != null) {
                taskListener.getLogger().println("Vulnerabilities detected. Aborting the build process.");
                run.setResult(Result.FAILURE);
            }
            String extractReportID = extractReportID(createReport(downloadAndInstallAppknox, extractFileID, taskListener, envVars, launcher, filePath), taskListener);
            if (extractReportID == null) {
                return false;
            }
            downloadReportSummaryCSV(downloadAndInstallAppknox, str, extractReportID, run, filePath, taskListener, envVars, launcher);
            return true;
        } catch (Exception e) {
            taskListener.getLogger().println("Error executing Appknox commands: " + e.getMessage());
            return false;
        }
    }

    private String downloadAndInstallAppknox(FilePath filePath, TaskListener taskListener, Launcher launcher) throws IOException, InterruptedException {
        String oSName = getOSName(launcher, taskListener);
        String appknoxDownloadURL = getAppknoxDownloadURL(oSName);
        FilePath child = filePath.child(getBinaryName(oSName));
        if (child.exists()) {
            taskListener.getLogger().println("Appknox CLI already exists at: " + child.getRemote());
        } else {
            taskListener.getLogger().println("Downloading Appknox CLI from: " + appknoxDownloadURL);
            downloadFile(appknoxDownloadURL, child, taskListener);
            taskListener.getLogger().println("Appknox CLI downloaded successfully.");
        }
        if (launcher.isUnix()) {
            child.chmod(493);
        }
        taskListener.getLogger().println("Appknox CLI located at: " + child.getRemote());
        return child.getRemote();
    }

    private String getBinaryName(String str) {
        if (str.contains("win")) {
            return "appknox-Windows-x86_64.exe";
        }
        if (str.contains("mac")) {
            return "appknox-Darwin-x86_64";
        }
        if (str.contains("linux")) {
            return "appknox-Linux-x86_64";
        }
        throw new UnsupportedOperationException("Unsupported operating system for Appknox CLI download.");
    }

    private String getOSName(Launcher launcher, TaskListener taskListener) throws IOException, InterruptedException {
        if (!launcher.isUnix()) {
            return "win";
        }
        Launcher.ProcStarter launch = launcher.launch();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        launch.cmds(new String[]{"uname", "-s"});
        launch.stdout(byteArrayOutputStream);
        launch.stderr(taskListener.getLogger());
        if (launch.join() != 0) {
            taskListener.getLogger().println("Failed to determine OS using 'uname -s', defaulting to 'linux'");
            return "linux";
        }
        String trim = byteArrayOutputStream.toString("UTF-8").trim();
        taskListener.getLogger().println("Detected OS: " + trim);
        return trim.equalsIgnoreCase("Darwin") ? "mac" : "linux";
    }

    private void downloadFile(String str, FilePath filePath, TaskListener taskListener) throws IOException, InterruptedException {
        InputStream openStream = new URL(str).openStream();
        try {
            filePath.copyFrom(openStream);
            if (openStream != null) {
                openStream.close();
            }
        } catch (Throwable th) {
            if (openStream != null) {
                try {
                    openStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private String getAppknoxDownloadURL(String str) {
        Object obj;
        if (str.contains("win")) {
            obj = "appknox-Windows-x86_64.exe";
        } else if (str.contains("mac")) {
            obj = "appknox-Darwin-x86_64";
        } else {
            if (!str.contains("linux")) {
                throw new UnsupportedOperationException("Unsupported operating system for Appknox CLI download.");
            }
            obj = "appknox-Linux-x86_64";
        }
        return "https://github.com/appknox/appknox-go/releases/latest/download/" + obj;
    }

    private String findAppFilePath(FilePath filePath, String str, TaskListener taskListener) throws IOException, InterruptedException {
        boolean endsWith = str.endsWith(".apk");
        boolean endsWith2 = str.endsWith(".ipa");
        ArrayList arrayList = new ArrayList();
        if (endsWith) {
            arrayList.addAll(Arrays.asList("app/build/outputs/apk/", "app/build/outputs/apk/release/", "app/build/outputs/apk/debug/"));
        } else if (endsWith2) {
            arrayList.addAll(Arrays.asList("Build/Products/", "Build/Products/Debug-iphoneos/", "Build/Products/Release-iphoneos/"));
        }
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            FilePath child = filePath.child((String) it.next()).child(str);
            if (child.exists() && !child.isDirectory()) {
                taskListener.getLogger().println("File found at: " + child.getRemote());
                return child.getRemote();
            }
        }
        String findAppFilePathRecursive = findAppFilePathRecursive(filePath.child(endsWith ? "app/build" : "Build"), str, taskListener);
        if (findAppFilePathRecursive != null) {
            taskListener.getLogger().println("File found during recursive search at: " + findAppFilePathRecursive);
            return findAppFilePathRecursive;
        }
        FilePath child2 = filePath.child(str);
        if (child2.exists() && !child2.isDirectory()) {
            taskListener.getLogger().println("File found at specified path: " + child2.getRemote());
            return child2.getRemote();
        }
        if (new File(str).isAbsolute()) {
            taskListener.getLogger().println("File not found at specified absolute path: " + str);
            return null;
        }
        taskListener.getLogger().println("File not found in specified directories, through recursive search, or at the specified path.");
        return null;
    }

    private String findAppFilePathRecursive(FilePath filePath, String str, TaskListener taskListener) throws IOException, InterruptedException {
        List<FilePath> list = filePath.list();
        if (list == null) {
            return null;
        }
        for (FilePath filePath2 : list) {
            if (filePath2.isDirectory()) {
                String findAppFilePathRecursive = findAppFilePathRecursive(filePath2, str, taskListener);
                if (findAppFilePathRecursive != null) {
                    return findAppFilePathRecursive;
                }
            } else if (filePath2.getName().equals(str)) {
                taskListener.getLogger().println("File found during recursive search at: " + filePath2.getRemote());
                return filePath2.getRemote();
            }
        }
        return null;
    }

    private String uploadFile(String str, TaskListener taskListener, EnvVars envVars, String str2, Launcher launcher, FilePath filePath) throws IOException, InterruptedException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(str);
        arrayList.add("upload");
        arrayList.add(str2);
        arrayList.add("--region");
        arrayList.add(this.region);
        ArgumentListBuilder argumentListBuilder = new ArgumentListBuilder((String[]) arrayList.toArray(new String[0]));
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        int join = launcher.launch().cmds(argumentListBuilder).envs(envVars).stdout(byteArrayOutputStream).pwd(filePath).quiet(true).start().join();
        if (join != 0) {
            taskListener.getLogger().println("Upload failed with exit code: " + join);
            return null;
        }
        String extractFileID = extractFileID(byteArrayOutputStream.toString("UTF-8").trim(), taskListener);
        if (extractFileID == null) {
            return null;
        }
        taskListener.getLogger().println("Upload Command Output:");
        taskListener.getLogger().println("File ID = " + extractFileID);
        return extractFileID;
    }

    private boolean runCICheck(String str, Run<?, ?> run, String str2, TaskListener taskListener, EnvVars envVars, Launcher launcher, FilePath filePath) throws IOException, InterruptedException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(str);
        arrayList.add("cicheck");
        arrayList.add(str2);
        arrayList.add("--risk-threshold");
        arrayList.add(this.riskThreshold);
        arrayList.add("--region");
        arrayList.add(this.region);
        ArgumentListBuilder argumentListBuilder = new ArgumentListBuilder((String[]) arrayList.toArray(new String[0]));
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        int join = launcher.launch().cmds(argumentListBuilder).envs(envVars).stdout(byteArrayOutputStream).pwd(filePath).quiet(true).start().join();
        String trim = byteArrayOutputStream.toString("UTF-8").trim();
        taskListener.getLogger().println("Ci Check Output:");
        BufferedReader bufferedReader = new BufferedReader(new StringReader(trim));
        StringBuilder sb = new StringBuilder();
        boolean z = false;
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                break;
            }
            if (z) {
                sb.append(readLine).append("\n");
            } else if (readLine.contains("Found") || readLine.contains("No")) {
                sb.append(readLine).append("\n");
                if (run != null) {
                    run.setDescription(sb.toString() + " Check Console Output for more details.");
                }
                taskListener.getLogger().println();
                z = true;
            }
        }
        if (z) {
            taskListener.getLogger().println(sb.toString().trim());
            return join == 0;
        }
        taskListener.getLogger().println("No line with 'Found' or 'No' encountered in the output.");
        return false;
    }

    private String createReport(String str, String str2, TaskListener taskListener, EnvVars envVars, Launcher launcher, FilePath filePath) throws IOException, InterruptedException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(str);
        arrayList.add("reports");
        arrayList.add("create");
        arrayList.add(str2);
        arrayList.add("--region");
        arrayList.add(this.region);
        ArgumentListBuilder argumentListBuilder = new ArgumentListBuilder((String[]) arrayList.toArray(new String[0]));
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        int join = launcher.launch().cmds(argumentListBuilder).envs(envVars).stdout(byteArrayOutputStream).pwd(filePath).quiet(true).start().join();
        String trim = byteArrayOutputStream.toString("UTF-8").trim();
        String extractReportID = extractReportID(trim, taskListener);
        if (extractReportID != null) {
            taskListener.getLogger().println("Create Report Command Output:");
            taskListener.getLogger().println("Report Id = " + extractReportID);
            taskListener.getLogger().println();
        } else {
            taskListener.getLogger().println("Failed to create report. Output: " + trim);
        }
        if (join == 0) {
            return extractReportID;
        }
        taskListener.getLogger().println("Report Creation failed with exit code: " + join);
        return null;
    }

    private void downloadReportSummaryCSV(String str, String str2, String str3, Run<?, ?> run, FilePath filePath, TaskListener taskListener, EnvVars envVars, Launcher launcher) throws IOException, InterruptedException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(str);
        arrayList.add("reports");
        arrayList.add("download");
        arrayList.add("summary-csv");
        arrayList.add(str3);
        arrayList.add("--output");
        arrayList.add(filePath.child(str2).getRemote());
        arrayList.add("--region");
        arrayList.add(this.region);
        ArgumentListBuilder argumentListBuilder = new ArgumentListBuilder((String[]) arrayList.toArray(new String[0]));
        int join = launcher.launch().cmds(argumentListBuilder).envs(envVars).stdout(new ByteArrayOutputStream()).pwd(filePath).quiet(true).start().join();
        if (join != 0) {
            taskListener.getLogger().println("Download CSV failed. Exit code: " + join);
        } else {
            taskListener.getLogger().println("Summary report saved at: " + filePath.child(str2).getRemote());
        }
    }

    private void archiveArtifact(Run<?, ?> run, FilePath filePath, String str, Launcher launcher, TaskListener taskListener) {
        try {
            FilePath child = filePath.child(str);
            if (!child.exists()) {
                taskListener.error("Artifact file does not exist: " + child.getRemote());
                return;
            }
            ArtifactManager artifactManager = run.getArtifactManager();
            HashMap hashMap = new HashMap();
            hashMap.put(str, child.getName());
            artifactManager.archive(filePath, launcher, (BuildListener) taskListener, hashMap);
            taskListener.getLogger().println("Artifact archived: " + child.getRemote());
        } catch (IOException | InterruptedException e) {
            taskListener.error("Error archiving artifact: " + e.getMessage());
            e.printStackTrace(taskListener.getLogger());
        }
    }

    private String getAccessToken(TaskListener taskListener) {
        StringCredentials firstOrNull = CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(StringCredentials.class, Jenkins.get(), ACL.SYSTEM, URIRequirementBuilder.create().build()), CredentialsMatchers.withId(this.credentialsId));
        if (firstOrNull != null) {
            return firstOrNull.getSecret().getPlainText();
        }
        taskListener.getLogger().println("Failed to retrieve access token from credentials.");
        return null;
    }

    private String extractFileID(String str, TaskListener taskListener) {
        String[] split = str.split("\\r?\\n");
        for (int length = split.length - 1; length >= 0; length--) {
            String trim = split[length].trim();
            if (trim.matches("\\d+")) {
                return trim;
            }
        }
        taskListener.getLogger().println("Could not extract file ID from upload output.");
        return null;
    }

    private String extractReportID(String str, TaskListener taskListener) {
        if (str != null && !str.isEmpty()) {
            return str.trim();
        }
        taskListener.getLogger().println("Report output does not contain any lines.");
        return null;
    }
}
