package io.jenkins.plugins.cyberchief;

import com.fasterxml.jackson.databind.ObjectMapper;
import hudson.model.Action;
import hudson.model.TaskListener;
import hudson.util.Secret;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.codehaus.jettison.json.JSONArray;
import org.codehaus.jettison.json.JSONException;
import org.codehaus.jettison.json.JSONObject;

/* loaded from: input_file:io/jenkins/plugins/cyberchief/CyberChiefScanAction.class */
public class CyberChiefScanAction implements Action {
    private Secret token;
    private String scope;
    private String apiResponse;

    private String buildQueryString(Map<String, String> map) throws UnsupportedEncodingException {
        StringBuilder sb = new StringBuilder();
        boolean z = true;
        for (Map.Entry<String, String> entry : map.entrySet()) {
            if (z) {
                z = false;
            } else {
                sb.append("&");
            }
            sb.append(URLEncoder.encode(entry.getKey(), "UTF-8")).append("=").append(URLEncoder.encode(entry.getValue(), "UTF-8"));
        }
        return "?" + sb.toString();
    }

    private void printVulnerabilitiesDetails(JSONArray jSONArray, TaskListener taskListener) {
        for (int i = 0; i < jSONArray.length(); i++) {
            try {
                JSONObject jSONObject = jSONArray.getJSONObject(i);
                String optString = jSONObject.optString("id", "");
                String optString2 = jSONObject.optString("title", "");
                String optString3 = jSONObject.optString("risk", "");
                String optString4 = jSONObject.optString("link", "");
                taskListener.getLogger().println("ID: " + optString);
                taskListener.getLogger().println("Title: " + optString2);
                taskListener.getLogger().println("Risk: " + optString3);
                taskListener.getLogger().println("Original Link: " + optString4);
            } catch (JSONException e) {
                e.printStackTrace();
                throw new RuntimeException("Error parsing JSON response: " + e.getMessage());
            }
        }
    }

    public CyberChiefScanAction(Secret secret, String str) {
        this.token = secret;
        this.scope = str;
    }

    public Secret getToken() {
        return this.token;
    }

    public String getScope() {
        return this.scope;
    }

    public String getApiResponse() {
        return this.apiResponse;
    }

    public String getIconFileName() {
        return null;
    }

    public String getDisplayName() {
        return "Cyber Chief Security Scanner";
    }

    public String getUrlName() {
        return "cyberchief";
    }

    public void makeWebAppScanRequest(String str, Secret secret, String str2, TaskListener taskListener) {
        try {
            HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
            httpURLConnection.setRequestMethod("POST");
            httpURLConnection.setRequestProperty("Authorization", "Token " + secret);
            httpURLConnection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
            httpURLConnection.setDoOutput(true);
            OutputStream outputStream = httpURLConnection.getOutputStream();
            try {
                byte[] bytes = ("test_scope=" + str2 + "&is_jenkins_scan=True").getBytes(StandardCharsets.UTF_8);
                outputStream.write(bytes, 0, bytes.length);
                if (outputStream != null) {
                    outputStream.close();
                }
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream(), StandardCharsets.UTF_8));
                StringBuilder sb = new StringBuilder();
                while (true) {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        bufferedReader.close();
                        System.out.println("API Response: " + sb.toString());
                        JSONObject jSONObject = new JSONObject(sb.toString());
                        String lowerCase = jSONObject.optString("message", "").toLowerCase();
                        String lowerCase2 = jSONObject.optString("status_url", "").toLowerCase();
                        taskListener.getLogger().println("Response: " + lowerCase);
                        taskListener.getLogger().println("Status URL: " + lowerCase2);
                        this.apiResponse = sb.toString();
                        httpURLConnection.disconnect();
                        return;
                    }
                    sb.append(readLine);
                }
            } finally {
            }
        } catch (RuntimeException e) {
            Thread.currentThread().interrupt();
            throw new RuntimeException("Polling interrupted.");
        } catch (Exception e2) {
            e2.printStackTrace();
            throw new RuntimeException("An error occurred: " + e2.getMessage());
        }
    }

    public void makeApiScanRequest(String str, Secret secret, String str2, TaskListener taskListener) {
        try {
            HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
            httpURLConnection.setRequestMethod("POST");
            httpURLConnection.setRequestProperty("Authorization", "Token " + secret);
            httpURLConnection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
            httpURLConnection.setDoOutput(true);
            OutputStream outputStream = httpURLConnection.getOutputStream();
            try {
                byte[] bytes = ("api_name=" + str2 + "&is_jenkins_scan=True").getBytes(StandardCharsets.UTF_8);
                outputStream.write(bytes, 0, bytes.length);
                if (outputStream != null) {
                    outputStream.close();
                }
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream(), StandardCharsets.UTF_8));
                StringBuilder sb = new StringBuilder();
                while (true) {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        bufferedReader.close();
                        System.out.println("API Response: " + sb.toString());
                        JSONObject jSONObject = new JSONObject(sb.toString());
                        String lowerCase = jSONObject.optString("message", "").toLowerCase();
                        String lowerCase2 = jSONObject.optString("status_url", "").toLowerCase();
                        taskListener.getLogger().println("Response: " + lowerCase);
                        taskListener.getLogger().println("Status URL: " + lowerCase2);
                        this.apiResponse = sb.toString();
                        httpURLConnection.disconnect();
                        return;
                    }
                    sb.append(readLine);
                }
            } finally {
            }
        } catch (RuntimeException e) {
            Thread.currentThread().interrupt();
            throw new RuntimeException("Polling interrupted.");
        } catch (Exception e2) {
            e2.printStackTrace();
            throw new RuntimeException("An error occurred: " + e2.getMessage());
        }
    }

    public void makeRaiderScanRequest(String str, Secret secret, String str2, String[] strArr, String[] strArr2, String[] strArr3, TaskListener taskListener) {
        try {
            HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
            httpURLConnection.setRequestMethod("POST");
            httpURLConnection.setRequestProperty("Authorization", "Token " + secret);
            httpURLConnection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
            httpURLConnection.setDoOutput(true);
            OutputStream outputStream = httpURLConnection.getOutputStream();
            try {
                ObjectMapper objectMapper = new ObjectMapper();
                byte[] bytes = ("raider_name=" + str2 + "&regions=" + objectMapper.writeValueAsString(strArr) + "&frameworks=" + objectMapper.writeValueAsString(strArr2) + "&services=" + objectMapper.writeValueAsString(strArr3) + "&is_jenkins_scan=True").getBytes(StandardCharsets.UTF_8);
                outputStream.write(bytes, 0, bytes.length);
                if (outputStream != null) {
                    outputStream.close();
                }
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream(), StandardCharsets.UTF_8));
                StringBuilder sb = new StringBuilder();
                while (true) {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        bufferedReader.close();
                        System.out.println("API Response: " + sb.toString());
                        JSONObject jSONObject = new JSONObject(sb.toString());
                        String lowerCase = jSONObject.optString("message", "").toLowerCase();
                        String lowerCase2 = jSONObject.optString("status_url", "").toLowerCase();
                        taskListener.getLogger().println("Response: " + lowerCase);
                        taskListener.getLogger().println("Status URL: " + lowerCase2);
                        this.apiResponse = sb.toString();
                        httpURLConnection.disconnect();
                        return;
                    }
                    sb.append(readLine);
                }
            } finally {
            }
        } catch (RuntimeException e) {
            Thread.currentThread().interrupt();
            throw new RuntimeException("Polling interrupted.");
        } catch (Exception e2) {
            e2.printStackTrace();
            throw new RuntimeException("An error occurred: " + e2.getMessage());
        }
    }

    public String extractStatusUrl() {
        try {
            return new JSONObject(this.apiResponse).optString("status_url", (String) null);
        } catch (JSONException e) {
            e.printStackTrace();
            return null;
        }
    }

    public void pollStatusUrl(String str, Secret secret, boolean z, boolean z2, boolean z3, TaskListener taskListener) {
        while (!z) {
            try {
                HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str + buildQueryString(Map.of("failonHighVulns", StringUtils.capitalize(String.valueOf(z2)), "failOnHighMediumVulns", StringUtils.capitalize(String.valueOf(z3))))).openConnection();
                httpURLConnection.setRequestMethod("GET");
                httpURLConnection.setRequestProperty("Authorization", "Token " + secret);
                httpURLConnection.setRequestProperty("Retry-After", "60");
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream(), StandardCharsets.UTF_8));
                try {
                    StringBuilder sb = new StringBuilder();
                    while (true) {
                        String readLine = bufferedReader.readLine();
                        if (readLine == null) {
                            break;
                        } else {
                            sb.append(readLine);
                        }
                    }
                    z = isScanTaskComplete(sb.toString(), z2, z3, taskListener);
                    bufferedReader.close();
                    Thread.sleep(1000L);
                } finally {
                }
            } catch (InterruptedException e) {
                Thread.currentThread().interrupt();
                throw new RuntimeException("Polling interrupted.");
            } catch (Exception e2) {
                e2.printStackTrace();
                throw new RuntimeException("An error occurred: " + e2.getMessage());
            }
        }
    }

    private boolean isScanTaskComplete(String str, boolean z, boolean z2, TaskListener taskListener) {
        try {
            StringBuilder sb = new StringBuilder();
            JSONObject jSONObject = new JSONObject(str);
            String lowerCase = jSONObject.optString("status", "").toLowerCase();
            if (!"failed".equals(lowerCase) && !"completed".equals(lowerCase)) {
                return false;
            }
            JSONObject optJSONObject = jSONObject.optJSONObject("vulnerabilities");
            if (optJSONObject == null) {
                taskListener.getLogger().println("No vulnerabilities found. Build Success.");
                return true;
            }
            JSONArray optJSONArray = optJSONObject.optJSONArray("high");
            JSONArray optJSONArray2 = optJSONObject.optJSONArray("medium");
            if (optJSONArray != null) {
                if (optJSONArray.length() > 0) {
                    taskListener.getLogger().println("============= High Vulnerabilities ==================");
                    printVulnerabilitiesDetails(optJSONArray, taskListener);
                }
                sb.append("Number of High Vulnerabilities Found: " + optJSONArray.length());
            }
            if (optJSONArray2 != null) {
                if (optJSONArray2.length() > 0) {
                    taskListener.getLogger().println("============= Medium Vulnerabilities ===============");
                    printVulnerabilitiesDetails(optJSONArray2, taskListener);
                }
                sb.append(", Number of Medium Vulnerabilities Found: " + optJSONArray2.length());
            }
            taskListener.getLogger().println(sb);
            if (!z && !z2) {
                return true;
            }
            if (optJSONArray.length() > 0 || optJSONArray2.length() > 0) {
                throw new RuntimeException("High or Medium severity detected in the response. Failing the build.");
            }
            return true;
        } catch (JSONException e) {
            e.printStackTrace();
            throw new RuntimeException("Error parsing JSON response: " + e.getMessage());
        }
    }
}
