package com.xliic.ci.jenkins;

import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.common.StandardListBoxModel;
import com.xliic.cicd.audit.Secret;
import com.xliic.cicd.common.Logger;
import hudson.AbortException;
import hudson.EnvVars;
import hudson.Extension;
import hudson.FilePath;
import hudson.Launcher;
import hudson.ProxyConfiguration;
import hudson.Util;
import hudson.model.AbstractBuild;
import hudson.model.AbstractProject;
import hudson.model.Item;
import hudson.model.Run;
import hudson.model.TaskListener;
import hudson.remoting.VirtualChannel;
import hudson.security.ACL;
import hudson.tasks.BuildStepDescriptor;
import hudson.tasks.Builder;
import hudson.util.FormValidation;
import hudson.util.ListBoxModel;
import java.io.IOException;
import java.io.Serializable;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Collections;
import java.util.regex.Pattern;
import jenkins.model.Jenkins;
import jenkins.tasks.SimpleBuildStep;
import org.jenkinsci.Symbol;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;
import org.kohsuke.stapler.QueryParameter;

/* loaded from: input_file:WEB-INF/lib/42crunch-security-audit.jar:com/xliic/ci/jenkins/AuditBuilder.class */
public class AuditBuilder extends Builder implements SimpleBuildStep {
    private int minScore;
    private String credentialsId;
    private String platformUrl;
    private String logLevel;
    private String jsonReport;
    private String apiTags;
    private String shareEveryone;
    private String repositoryName = "${GIT_URL}";
    private String branchName = "";
    private String tagName = "";
    private String prId = "";
    private String prTargetBranch = "";
    private String defaultCollectionName = "";
    private String rootDirectory = "";
    private boolean skipLocalChecks = false;
    private boolean ignoreNetworkErrors = false;
    private boolean ignoreFailures = false;

    @Extension
    @Symbol({"audit"})
    /* loaded from: input_file:WEB-INF/lib/42crunch-security-audit.jar:com/xliic/ci/jenkins/AuditBuilder$DescriptorImpl.class */
    public static final class DescriptorImpl extends BuildStepDescriptor<Builder> {
        public String getDisplayName() {
            return Messages.descriptor_displayName();
        }

        public boolean isApplicable(Class<? extends AbstractProject> cls) {
            return true;
        }

        public ListBoxModel doFillCredentialsIdItems(@AncestorInPath Item item, @QueryParameter String str) {
            StandardListBoxModel standardListBoxModel = new StandardListBoxModel();
            if (item == null) {
                if (!Jenkins.get().hasPermission(Jenkins.ADMINISTER)) {
                    return standardListBoxModel.includeCurrentValue(str);
                }
            } else if (!item.hasPermission(Item.EXTENDED_READ) && !item.hasPermission(CredentialsProvider.USE_ITEM)) {
                return standardListBoxModel.includeCurrentValue(str);
            }
            return standardListBoxModel.includeMatchingAs(ACL.SYSTEM, item, ApiKey.class, Collections.emptyList(), CredentialsMatchers.always()).includeCurrentValue(str);
        }

        public FormValidation doCheckPlatformUrl(@QueryParameter String str) {
            String fixEmptyAndTrim = Util.fixEmptyAndTrim(str);
            if (fixEmptyAndTrim != null) {
                try {
                    new URI(fixEmptyAndTrim);
                } catch (URISyntaxException e) {
                    return FormValidation.error("Malformed URL");
                }
            }
            return FormValidation.ok();
        }

        public FormValidation doCheckApiTags(@QueryParameter String str) {
            String fixEmptyAndTrim = Util.fixEmptyAndTrim(str);
            return (fixEmptyAndTrim == null || Pattern.compile("^[\\w]+:[\\w]+( [\\w]+:[\\w]+)*$").matcher(fixEmptyAndTrim).matches()) ? FormValidation.ok() : FormValidation.error("Please use the pattern 'category:tag category2:tag2...'");
        }
    }

    /* loaded from: input_file:WEB-INF/lib/42crunch-security-audit.jar:com/xliic/ci/jenkins/AuditBuilder$SecretImpl.class */
    static class SecretImpl implements Secret, Serializable {
        private hudson.util.Secret secret;

        public SecretImpl(hudson.util.Secret secret) {
            this.secret = secret;
        }

        @Override // com.xliic.cicd.audit.Secret
        public String getPlainText() {
            return this.secret.getPlainText();
        }
    }

    @DataBoundConstructor
    public AuditBuilder(String str, int i, String str2) {
        this.minScore = 75;
        this.platformUrl = "https://platform.42crunch.com";
        this.credentialsId = str;
        this.minScore = i;
        this.platformUrl = str2;
    }

    public String getCredentialsId() {
        return this.credentialsId;
    }

    @DataBoundSetter
    public void setCredentialsId(String str) {
        this.credentialsId = str;
    }

    public int getMinScore() {
        return this.minScore;
    }

    @DataBoundSetter
    public void setMinScore(int i) {
        this.minScore = i;
    }

    public String getPlatformUrl() {
        return this.platformUrl;
    }

    @DataBoundSetter
    public void setPlatformUrl(String str) {
        this.platformUrl = str;
    }

    public String getLogLevel() {
        return this.logLevel == null ? "INFO" : this.logLevel;
    }

    @DataBoundSetter
    public void setSkipLocalChecks(boolean z) {
        this.skipLocalChecks = z;
    }

    public boolean getSkipLocalChecks() {
        return this.skipLocalChecks;
    }

    @DataBoundSetter
    public void setIgnoreNetworkErrors(boolean z) {
        this.ignoreNetworkErrors = z;
    }

    public boolean getIgnoreNetworkErrors() {
        return this.ignoreNetworkErrors;
    }

    @DataBoundSetter
    public void setIgnoreFailures(boolean z) {
        this.ignoreFailures = z;
    }

    public boolean getIgnoreFailures() {
        return this.ignoreFailures;
    }

    @DataBoundSetter
    public void setLogLevel(String str) {
        this.logLevel = str;
    }

    public String getRepositoryName() {
        return this.repositoryName;
    }

    @DataBoundSetter
    public void setRepositoryName(String str) {
        this.repositoryName = str;
    }

    public String getBranchName() {
        return this.branchName;
    }

    @DataBoundSetter
    public void setBranchName(String str) {
        this.branchName = str;
    }

    public String getTagName() {
        return this.tagName;
    }

    @DataBoundSetter
    public void setTagName(String str) {
        this.tagName = str;
    }

    public String getPrId() {
        return this.prId;
    }

    @DataBoundSetter
    public void setPrId(String str) {
        this.prId = str;
    }

    public String getPrTargetBranch() {
        return this.prTargetBranch;
    }

    @DataBoundSetter
    public void setPrTargetBranch(String str) {
        this.prTargetBranch = str;
    }

    public String getDefaultCollectionName() {
        return this.defaultCollectionName;
    }

    @DataBoundSetter
    public void setDefaultCollectionName(String str) {
        this.defaultCollectionName = str;
    }

    public String getRootDirectory() {
        return this.rootDirectory;
    }

    @DataBoundSetter
    public void setRootDirectory(String str) {
        this.rootDirectory = str;
    }

    public String getJsonReport() {
        return this.jsonReport;
    }

    @DataBoundSetter
    public void setJsonReport(String str) {
        this.jsonReport = str;
    }

    public String getApiTags() {
        return this.apiTags;
    }

    @DataBoundSetter
    public void setApiTags(String str) {
        this.apiTags = str;
    }

    public String getShareEveryone() {
        return this.shareEveryone == null ? "OFF" : this.shareEveryone;
    }

    @DataBoundSetter
    public void setShareEveryone(String str) {
        this.shareEveryone = str;
    }

    private String expandVariable(String str, String str2, Run<?, ?> run, TaskListener taskListener, Logger logger) throws IOException, InterruptedException {
        if (!(run instanceof AbstractBuild) || str2 == null || str2.equals("")) {
            return str2;
        }
        EnvVars environment = run.getEnvironment(taskListener);
        environment.overrideAll(((AbstractBuild) run).getBuildVariables());
        String expand = environment.expand(str2);
        logger.debug(String.format("Expanded %s parameter '%s' to '%s'", str, str2, expand));
        return expand;
    }

    public void perform(Run<?, ?> run, FilePath filePath, Launcher launcher, TaskListener taskListener) throws InterruptedException, IOException {
        LoggerImpl loggerImpl = new LoggerImpl(taskListener.getLogger(), this.logLevel);
        ApiKey findCredentialById = CredentialsProvider.findCredentialById(this.credentialsId, ApiKey.class, run, Collections.emptyList());
        if (findCredentialById == null) {
            throw new AbortException("Unable to load API Token credential: " + this.credentialsId);
        }
        SecretImpl secretImpl = new SecretImpl(findCredentialById.getApiKey());
        if (!secretImpl.getPlainText().matches(ApiKey.UUID_PATTERN)) {
            throw new AbortException("Invalid format of API Token");
        }
        String fixEmptyAndTrim = Util.fixEmptyAndTrim(this.platformUrl);
        if (fixEmptyAndTrim != null) {
            try {
                URI uri = new URI(fixEmptyAndTrim);
                if (uri.getScheme() == null || !uri.getScheme().equals("https")) {
                    throw new AbortException(String.format("Bad platform URL '%s': only https:// URLs are allowed", uri));
                }
                this.platformUrl = String.format("%s://%s", uri.getScheme(), uri.getRawAuthority());
            } catch (URISyntaxException e) {
                throw new AbortException(String.format("Malformed platform URL '%s': %s", fixEmptyAndTrim, e.getMessage()));
            }
        }
        String expandVariable = expandVariable("repositoryName", this.repositoryName, run, taskListener, loggerImpl);
        if (expandVariable == null || expandVariable.length() == 0) {
            throw new AbortException(String.format("Parameter repositoryName must be set", new Object[0]));
        }
        String expandVariable2 = expandVariable("branchName", this.branchName, run, taskListener, loggerImpl);
        String expandVariable3 = expandVariable("tagName", this.tagName, run, taskListener, loggerImpl);
        String expandVariable4 = expandVariable("prId", this.prId, run, taskListener, loggerImpl);
        String expandVariable5 = expandVariable("prTargetBranch", this.prTargetBranch, run, taskListener, loggerImpl);
        ProxyConfiguration proxyConfiguration = Jenkins.get().proxy;
        VirtualChannel channel = launcher.getChannel();
        if (channel == null) {
            throw new AbortException("Unable to get channel to launch AuditTask");
        }
        channel.call(new RemoteAuditTask(filePath, taskListener, secretImpl, getPlatformUrl(), getLogLevel(), getDefaultCollectionName(), getRootDirectory(), getJsonReport(), getApiTags(), getSkipLocalChecks(), getIgnoreNetworkErrors(), getIgnoreFailures(), getShareEveryone(), this.minScore, proxyConfiguration, expandVariable, expandVariable2, expandVariable3, expandVariable4, expandVariable5));
    }
}
