package io.jenkins.plugins.zscaler;

import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials;
import com.google.common.annotations.VisibleForTesting;
import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.AbortException;
import hudson.EnvVars;
import hudson.Extension;
import hudson.FilePath;
import hudson.Launcher;
import hudson.ProxyConfiguration;
import hudson.model.AbstractProject;
import hudson.model.Computer;
import hudson.model.Node;
import hudson.model.Run;
import hudson.model.TaskListener;
import hudson.remoting.VirtualChannel;
import hudson.tasks.BuildWrapperDescriptor;
import io.jenkins.plugins.zscaler.models.BuildDetails;
import io.jenkins.plugins.zscaler.models.ScanResponse;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.attribute.FileAttribute;
import java.util.Locale;
import java.util.Optional;
import java.util.logging.Level;
import java.util.logging.Logger;
import jenkins.model.Jenkins;
import jenkins.tasks.SimpleBuildWrapper;
import org.apache.commons.io.IOUtils;
import org.json.JSONArray;
import org.json.JSONObject;
import org.json.XML;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;
import retrofit2.Response;

/* loaded from: input_file:io/jenkins/plugins/zscaler/ZscalerScan.class */
public class ZscalerScan extends SimpleBuildWrapper {
    private static final Logger LOGGER = Logger.getLogger(ZscalerScan.class.getName());
    private boolean failBuild;

    @Extension
    /* loaded from: input_file:io/jenkins/plugins/zscaler/ZscalerScan$DescriptorImpl.class */
    public static class DescriptorImpl extends BuildWrapperDescriptor {
        @NonNull
        public String getDisplayName() {
            return "Zscaler IaC scan";
        }

        public boolean isApplicable(AbstractProject<?, ?> abstractProject) {
            return true;
        }
    }

    @DataBoundConstructor
    public ZscalerScan(boolean z) {
        this.failBuild = z;
    }

    public void setUp(SimpleBuildWrapper.Context context, Run<?, ?> run, FilePath filePath, Launcher launcher, TaskListener taskListener, EnvVars envVars) throws IOException, InterruptedException {
        Node node;
        try {
            String createScan = createScan(run, taskListener);
            run.addAction(new Report(run));
            if (filePath != null) {
                FilePath filePath2 = null;
                VirtualChannel channel = launcher.getChannel();
                if (channel != null) {
                    Computer currentComputer = Computer.currentComputer();
                    if (currentComputer != null && (node = currentComputer.getNode()) != null) {
                        filePath2 = node.getRootPath();
                    }
                    if (filePath2 == null) {
                        filePath2 = filePath;
                    }
                    taskListener.getLogger().println("Zscaler IaC binary location set to - " + filePath2.toURI().getPath());
                    ProxyConfiguration proxyConfiguration = Jenkins.get().proxy;
                    channel.call(new ScannerSetupTask(taskListener, Configuration.get(), proxyConfiguration, filePath2.toURI().getPath(), resolveCredentials()));
                    String str = (String) channel.call(new RunScanTask(taskListener, filePath, Configuration.get(), filePath2.toURI().getPath(), proxyConfiguration, createScan));
                    postResultsToWorkspace(str, run.getParent().getBuildDir().getAbsolutePath(), run.getNumber());
                    validateAndFailBuild(str, taskListener);
                }
            }
        } catch (Exception e) {
            taskListener.getLogger().println(e.getMessage());
            throw e;
        }
    }

    private String createScan(Run run, TaskListener taskListener) throws IOException {
        JSONObject optJSONObject;
        JSONObject optJSONObject2;
        String optString;
        CWPService cWPService = (CWPService) CwpClient.getClient(Configuration.get(), Jenkins.get().proxy, resolveCredentials()).create(CWPService.class);
        BuildDetails buildDetails = new BuildDetails();
        buildDetails.setIntegrationId(Configuration.get().getIntegrationId());
        buildDetails.setJobName(run.getParent().getDisplayName());
        buildDetails.setBuildNumber(String.valueOf(run.getNumber()));
        buildDetails.setBuildRunTimestamp(run.getTimestampString2());
        buildDetails.setSubType(1);
        buildDetails.setStatus(0);
        try {
            String configXml = getConfigXml(run);
            if (configXml != null) {
                SCMDetails.populateSCMDetails(buildDetails, configXml);
                JSONObject optJSONObject3 = XML.toJSONObject(configXml).optJSONObject("project");
                if (optJSONObject3 != null && (optJSONObject = optJSONObject3.optJSONObject("buildWrappers")) != null && (optJSONObject2 = optJSONObject.optJSONObject("io.jenkins.plugins.zscaler.ZscalerScan")) != null && (optString = optJSONObject2.optString("failBuild")) != null) {
                    buildDetails.addAdditionalDetails("fail_build", optString);
                }
            } else {
                taskListener.getLogger().format("Config xml for the job %s not found.", run.getParent().getName());
            }
        } catch (Exception e) {
            taskListener.getLogger().println("Failed to populate config information due to - " + e.getMessage());
        }
        Response execute = cWPService.createScan(buildDetails).execute();
        if (execute.code() == 200) {
            if (execute.body() != null) {
                return ((ScanResponse) execute.body()).getId();
            }
            throw new AbortException("Failed to create scan");
        }
        String str = null;
        if (execute.errorBody() != null) {
            str = IOUtils.toString(execute.errorBody().byteStream(), Charset.defaultCharset());
        }
        throw new AbortException(String.format("Received http status code %d with error message %s while creating scan", Integer.valueOf(execute.code()), str));
    }

    private StandardUsernamePasswordCredentials resolveCredentials() throws AbortException {
        Optional<StandardUsernamePasswordCredentials> resolveUserNamePassword = Configuration.resolveUserNamePassword(Configuration.get().getCredentialsId());
        if (resolveUserNamePassword.isPresent()) {
            return resolveUserNamePassword.get();
        }
        throw new AbortException("Invalid credentials to connect to Zscaler");
    }

    @VisibleForTesting
    void postResultsToWorkspace(String str, String str2, int i) throws IOException {
        Path path = Paths.get(str2, String.valueOf(i), "iac-scan-results", i + ".json");
        Path parent = path.getParent();
        if (parent != null) {
            Files.createDirectories(parent, new FileAttribute[0]);
        }
        Files.write(path, str.getBytes(StandardCharsets.UTF_8), new OpenOption[0]);
    }

    @VisibleForTesting
    void validateAndFailBuild(String str, TaskListener taskListener) throws IOException {
        taskListener.getLogger().println(str);
        if (!isFailBuild()) {
            taskListener.getLogger().println("Zscaler IaC scan found violations");
            return;
        }
        JSONArray optJSONArray = new JSONObject(str).getJSONObject("results").optJSONArray("violations");
        if (optJSONArray == null || optJSONArray.length() <= 0) {
            return;
        }
        for (int i = 0; i < optJSONArray.length(); i++) {
            String optString = optJSONArray.optJSONObject(i).optString("severity");
            if (optString != null && "HIGH".equals(optString.toUpperCase(Locale.ROOT))) {
                throw new AbortException("Zscaler IaC scan found violations, they need to be fixed");
            }
        }
    }

    private String getConfigXml(Run run) {
        File[] listFiles = run.getParent().getRootDir().listFiles();
        if (listFiles == null) {
            return null;
        }
        for (File file : listFiles) {
            if (file.getName().equals("config.xml")) {
                try {
                    FileInputStream fileInputStream = new FileInputStream(file);
                    try {
                        String iOUtils = IOUtils.toString(fileInputStream, Charset.defaultCharset());
                        fileInputStream.close();
                        return iOUtils;
                    } finally {
                    }
                } catch (IOException e) {
                    LOGGER.log(Level.SEVERE, String.format("Failed to read file - %s/%s ", file.getAbsolutePath(), file.getName()));
                }
            }
        }
        return null;
    }

    public boolean isFailBuild() {
        return this.failBuild;
    }

    @DataBoundSetter
    public void setFailBuild(boolean z) {
        this.failBuild = z;
    }
}
