package com.xliic.ci.jenkins;

import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.common.StandardListBoxModel;
import com.xliic.cicd.audit.AuditException;
import com.xliic.cicd.audit.AuditResults;
import com.xliic.cicd.audit.Auditor;
import com.xliic.cicd.audit.Logger;
import com.xliic.cicd.audit.Secret;
import com.xliic.cicd.audit.SharingType;
import com.xliic.common.Workspace;
import hudson.AbortException;
import hudson.EnvVars;
import hudson.Extension;
import hudson.FilePath;
import hudson.Launcher;
import hudson.ProxyConfiguration;
import hudson.Util;
import hudson.model.AbstractBuild;
import hudson.model.AbstractProject;
import hudson.model.Item;
import hudson.model.Run;
import hudson.model.TaskListener;
import hudson.security.ACL;
import hudson.tasks.BuildStepDescriptor;
import hudson.tasks.Builder;
import hudson.util.FormValidation;
import hudson.util.ListBoxModel;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.PrintStream;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import jenkins.model.Jenkins;
import jenkins.tasks.SimpleBuildStep;
import org.jenkinsci.Symbol;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;
import org.kohsuke.stapler.QueryParameter;

/* loaded from: input_file:WEB-INF/lib/42crunch-security-audit.jar:com/xliic/ci/jenkins/AuditBuilder.class */
public class AuditBuilder extends Builder implements SimpleBuildStep {
    private int minScore;
    private String credentialsId;
    private String platformUrl;
    private String logLevel;
    private String repositoryName = "${GIT_URL}";
    private String branchName = "${GIT_LOCAL_BRANCH}";
    private String shareEveryone;

    @Extension
    @Symbol({"audit"})
    /* loaded from: input_file:WEB-INF/lib/42crunch-security-audit.jar:com/xliic/ci/jenkins/AuditBuilder$DescriptorImpl.class */
    public static final class DescriptorImpl extends BuildStepDescriptor<Builder> {
        public String getDisplayName() {
            return Messages.descriptor_displayName();
        }

        public boolean isApplicable(Class<? extends AbstractProject> cls) {
            return true;
        }

        public ListBoxModel doFillCredentialsIdItems(@AncestorInPath Item item, @QueryParameter String str) {
            StandardListBoxModel standardListBoxModel = new StandardListBoxModel();
            if (item == null) {
                if (!Jenkins.get().hasPermission(Jenkins.ADMINISTER)) {
                    return standardListBoxModel.includeCurrentValue(str);
                }
            } else if (!item.hasPermission(Item.EXTENDED_READ) && !item.hasPermission(CredentialsProvider.USE_ITEM)) {
                return standardListBoxModel.includeCurrentValue(str);
            }
            return standardListBoxModel.includeMatchingAs(ACL.SYSTEM, item, ApiKey.class, Collections.emptyList(), CredentialsMatchers.always()).includeCurrentValue(str);
        }

        public FormValidation doCheckPlatformUrl(@QueryParameter String str) {
            String fixEmptyAndTrim = Util.fixEmptyAndTrim(str);
            if (fixEmptyAndTrim != null) {
                try {
                    new URI(fixEmptyAndTrim);
                } catch (URISyntaxException e) {
                    return FormValidation.error("Malformed URL");
                }
            }
            return FormValidation.ok();
        }
    }

    /* loaded from: input_file:WEB-INF/lib/42crunch-security-audit.jar:com/xliic/ci/jenkins/AuditBuilder$LoggerImpl.class */
    static class LoggerImpl implements Logger {
        private PrintStream logger;
        private int level;

        LoggerImpl(PrintStream printStream, String str) {
            this.logger = printStream;
            String upperCase = str.toUpperCase();
            boolean z = -1;
            switch (upperCase.hashCode()) {
                case 2251950:
                    if (upperCase.equals("INFO")) {
                        z = 3;
                        break;
                    }
                    break;
                case 2656902:
                    if (upperCase.equals("WARN")) {
                        z = 2;
                        break;
                    }
                    break;
                case 64921139:
                    if (upperCase.equals("DEBUG")) {
                        z = 4;
                        break;
                    }
                    break;
                case 66247144:
                    if (upperCase.equals("ERROR")) {
                        z = true;
                        break;
                    }
                    break;
                case 66665700:
                    if (upperCase.equals("FATAL")) {
                        z = false;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    this.level = 5;
                    return;
                case true:
                    this.level = 4;
                    return;
                case true:
                    this.level = 3;
                    return;
                case true:
                    this.level = 2;
                    return;
                case true:
                    this.level = 1;
                    return;
                default:
                    printStream.println("Unknown log level specified, setting log level to INFO");
                    this.level = 2;
                    return;
            }
        }

        @Override // com.xliic.cicd.audit.Logger
        public void setLevel(int i) {
            this.level = i;
        }

        @Override // com.xliic.cicd.audit.Logger
        public void fatal(String str) {
            if (5 >= this.level) {
                this.logger.println(str);
            }
        }

        @Override // com.xliic.cicd.audit.Logger
        public void error(String str) {
            if (4 >= this.level) {
                this.logger.println(str);
            }
        }

        @Override // com.xliic.cicd.audit.Logger
        public void warn(String str) {
            if (3 >= this.level) {
                this.logger.println(str);
            }
        }

        @Override // com.xliic.cicd.audit.Logger
        public void info(String str) {
            if (2 >= this.level) {
                this.logger.println(str);
            }
        }

        @Override // com.xliic.cicd.audit.Logger
        public void debug(String str) {
            if (1 >= this.level) {
                this.logger.println(str);
            }
        }
    }

    /* loaded from: input_file:WEB-INF/lib/42crunch-security-audit.jar:com/xliic/ci/jenkins/AuditBuilder$SecretImpl.class */
    static class SecretImpl implements Secret {
        private hudson.util.Secret secret;

        public SecretImpl(hudson.util.Secret secret) {
            this.secret = secret;
        }

        @Override // com.xliic.cicd.audit.Secret
        public String getPlainText() {
            return this.secret.getPlainText();
        }
    }

    /* loaded from: input_file:WEB-INF/lib/42crunch-security-audit.jar:com/xliic/ci/jenkins/AuditBuilder$WorkspaceImpl.class */
    static class WorkspaceImpl implements Workspace {
        private FilePath workspace;

        WorkspaceImpl(FilePath filePath) {
            this.workspace = filePath;
        }

        @Override // com.xliic.common.Workspace
        public String read(URI uri) throws IOException, InterruptedException {
            InputStream read = new FilePath(this.workspace, uri.getPath()).read();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byte[] bArr = new byte[16384];
            while (true) {
                int read2 = read.read(bArr, 0, bArr.length);
                if (read2 == -1) {
                    byteArrayOutputStream.flush();
                    return new String(byteArrayOutputStream.toByteArray(), StandardCharsets.UTF_8);
                }
                byteArrayOutputStream.write(bArr, 0, read2);
            }
        }

        @Override // com.xliic.common.Workspace
        public boolean exists(URI uri) throws IOException, InterruptedException {
            return new FilePath(this.workspace, uri.getPath()).exists();
        }

        @Override // com.xliic.common.Workspace
        public URI resolve(String str) {
            try {
                return this.workspace.toURI().resolve(new URI(null, str, null).getRawSchemeSpecificPart());
            } catch (IOException | InterruptedException | URISyntaxException e) {
                throw ((IllegalArgumentException) new IllegalArgumentException().initCause(e));
            }
        }

        @Override // com.xliic.common.Workspace
        public URI relativize(URI uri) {
            try {
                return this.workspace.toURI().relativize(uri);
            } catch (IOException | InterruptedException e) {
                throw ((IllegalArgumentException) new IllegalArgumentException().initCause(e));
            }
        }
    }

    @DataBoundConstructor
    public AuditBuilder(String str, int i, String str2) {
        this.minScore = 75;
        this.platformUrl = "https://platform.42crunch.com";
        this.credentialsId = str;
        this.minScore = i;
        this.platformUrl = str2;
    }

    public String getCredentialsId() {
        return this.credentialsId;
    }

    @DataBoundSetter
    public void setCredentialsId(String str) {
        this.credentialsId = str;
    }

    public int getMinScore() {
        return this.minScore;
    }

    @DataBoundSetter
    public void setMinScore(int i) {
        this.minScore = i;
    }

    public String getPlatformUrl() {
        return this.platformUrl;
    }

    @DataBoundSetter
    public void setPlatformUrl(String str) {
        this.platformUrl = str;
    }

    public String getLogLevel() {
        return this.logLevel == null ? "INFO" : this.logLevel;
    }

    @DataBoundSetter
    public void setLogLevel(String str) {
        this.logLevel = str;
    }

    public String getRepositoryName() {
        return this.repositoryName;
    }

    @DataBoundSetter
    public void setRepositoryName(String str) {
        this.repositoryName = str;
    }

    public String getBranchName() {
        return this.branchName;
    }

    @DataBoundSetter
    public void setBranchName(String str) {
        this.branchName = str;
    }

    public String getShareEveryone() {
        return this.shareEveryone == null ? "OFF" : this.shareEveryone;
    }

    @DataBoundSetter
    public void setShareEveryone(String str) {
        this.shareEveryone = str;
    }

    private String actualBranchName(Run<?, ?> run, TaskListener taskListener, Logger logger) throws IOException, InterruptedException {
        if (!(run instanceof AbstractBuild)) {
            return this.branchName;
        }
        EnvVars environment = run.getEnvironment(taskListener);
        environment.overrideAll(((AbstractBuild) run).getBuildVariables());
        String expand = environment.expand(this.branchName);
        logger.debug(String.format("Expanded branchName parameter '%s' to '%s'", this.branchName, expand));
        return expand;
    }

    private String actualRepositoryName(Run<?, ?> run, TaskListener taskListener, Logger logger) throws IOException, InterruptedException {
        if (!(run instanceof AbstractBuild)) {
            return this.repositoryName;
        }
        EnvVars environment = run.getEnvironment(taskListener);
        environment.overrideAll(((AbstractBuild) run).getBuildVariables());
        String expand = environment.expand(this.repositoryName);
        logger.debug(String.format("Expanded repositoryName parameter '%s' to '%s'", this.repositoryName, expand));
        return expand;
    }

    public void perform(Run<?, ?> run, FilePath filePath, Launcher launcher, TaskListener taskListener) throws InterruptedException, IOException {
        LoggerImpl loggerImpl = new LoggerImpl(taskListener.getLogger(), getLogLevel());
        ApiKey findCredentialById = CredentialsProvider.findCredentialById(this.credentialsId, ApiKey.class, run, Collections.emptyList());
        if (findCredentialById == null) {
            throw new AbortException("Unable to load API Token credential: " + this.credentialsId);
        }
        SecretImpl secretImpl = new SecretImpl(findCredentialById.getApiKey());
        if (!secretImpl.getPlainText().matches(ApiKey.UUID_PATTERN)) {
            throw new AbortException("Invalid format of API Token");
        }
        String fixEmptyAndTrim = Util.fixEmptyAndTrim(this.platformUrl);
        if (fixEmptyAndTrim != null) {
            try {
                URI uri = new URI(fixEmptyAndTrim);
                if (uri.getScheme() == null || !uri.getScheme().equals("https")) {
                    throw new AbortException(String.format("Bad platform URL '%s': only https:// URLs are allowed", uri));
                }
                this.platformUrl = String.format("%s://%s", uri.getScheme(), uri.getRawAuthority());
            } catch (URISyntaxException e) {
                throw new AbortException(String.format("Malformed platform URL '%s': %s", fixEmptyAndTrim, e.getMessage()));
            }
        }
        String actualRepositoryName = actualRepositoryName(run, taskListener, loggerImpl);
        if (actualRepositoryName == null || actualRepositoryName.length() == 0) {
            throw new AbortException(String.format("Parameter repositoryName must be set", new Object[0]));
        }
        String actualBranchName = actualBranchName(run, taskListener, loggerImpl);
        if (actualBranchName == null || actualBranchName.length() == 0) {
            throw new AbortException(String.format("Parameter branchName must be set", new Object[0]));
        }
        WorkspaceImpl workspaceImpl = new WorkspaceImpl(filePath);
        Auditor auditor = new Auditor(new Finder(filePath), loggerImpl, secretImpl, this.platformUrl, "Jenkins-CICD/2.0", "jenkins");
        auditor.setMinScore(this.minScore);
        if (getShareEveryone().equals("READ_ONLY")) {
            auditor.setShareEveryone(SharingType.READ_ONLY);
        } else if (getShareEveryone().equals("READ_WRITE")) {
            auditor.setShareEveryone(SharingType.READ_WRITE);
        }
        ProxyConfiguration proxyConfiguration = Jenkins.get().proxy;
        if (proxyConfiguration != null) {
            auditor.setProxy(proxyConfiguration.name, proxyConfiguration.port);
        }
        try {
            AuditResults audit = auditor.audit(workspaceImpl, actualRepositoryName, actualBranchName);
            displayReport(audit, loggerImpl, workspaceImpl);
            if (audit.failures > 0) {
                throw new AbortException(String.format("Detected %d failure(s) in the %d OpenAPI file(s) checked", Integer.valueOf(audit.failures), Integer.valueOf(audit.summary.size())));
            }
            if (audit.summary.size() == 0) {
                throw new AbortException("No OpenAPI files found.");
            }
        } catch (AuditException e2) {
            throw new AbortException(e2.getMessage());
        }
    }

    private void displayReport(AuditResults auditResults, Logger logger, Workspace workspace) {
        auditResults.summary.forEach((uri, auditResult) -> {
            logger.error(String.format("Audited %s, the API score is %d", workspace.relativize(uri).getPath(), Integer.valueOf(auditResult.score)));
            if (auditResult.failures.length > 0) {
                for (String str : auditResult.failures) {
                    logger.error("    " + str);
                }
            } else {
                logger.error("    No blocking issues found.");
            }
            if (auditResult.reportUrl != null) {
                logger.error("    Details:");
                logger.error(String.format("    %s", auditResult.reportUrl));
            }
            logger.error("");
        });
    }
}
