package com.amazon.inspector.jenkins.amazoninspectorbuildstep;

import com.amazon.inspector.jenkins.amazoninspectorbuildstep.csvconversion.CsvConverter;
import com.amazon.inspector.jenkins.amazoninspectorbuildstep.html.HtmlGenerator;
import com.amazon.inspector.jenkins.amazoninspectorbuildstep.html.HtmlJarHandler;
import com.amazon.inspector.jenkins.amazoninspectorbuildstep.models.html.HtmlData;
import com.amazon.inspector.jenkins.amazoninspectorbuildstep.models.html.components.ImageMetadata;
import com.amazon.inspector.jenkins.amazoninspectorbuildstep.models.html.components.SeverityValues;
import com.amazon.inspector.jenkins.amazoninspectorbuildstep.models.sbom.Sbom;
import com.amazon.inspector.jenkins.amazoninspectorbuildstep.models.sbom.SbomData;
import com.amazon.inspector.jenkins.amazoninspectorbuildstep.requests.SdkRequests;
import com.amazon.inspector.jenkins.amazoninspectorbuildstep.sbomgen.SbomgenRunner;
import com.amazon.inspector.jenkins.amazoninspectorbuildstep.sbomparsing.SbomOutputParser;
import com.amazon.inspector.jenkins.amazoninspectorbuildstep.sbomparsing.Severity;
import com.amazon.inspector.jenkins.amazoninspectorbuildstep.sbomparsing.SeverityCounts;
import com.amazon.inspector.jenkins.amazoninspectorbuildstep.utils.HtmlConversionUtils;
import com.amazon.inspector.jenkins.amazoninspectorbuildstep.utils.InspectorRegions;
import com.amazon.inspector.jenkins.amazoninspectorbuildstep.utils.Sanitizer;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials;
import com.cloudbees.plugins.credentials.domains.DomainRequirement;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import hudson.EnvVars;
import hudson.Extension;
import hudson.FilePath;
import hudson.Launcher;
import hudson.model.AbstractProject;
import hudson.model.Job;
import hudson.model.Result;
import hudson.model.Run;
import hudson.model.TaskListener;
import hudson.security.ACL;
import hudson.security.Permission;
import hudson.tasks.BuildStepDescriptor;
import hudson.tasks.Builder;
import hudson.util.ListBoxModel;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.io.PrintStream;
import java.io.PrintWriter;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import jenkins.model.Jenkins;
import jenkins.tasks.SimpleBuildStep;
import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.text.lookup.StringLookupFactory;
import org.jenkinsci.Symbol;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.verb.POST;
import software.amazon.awssdk.core.internal.util.ChunkContentUtils;

/* loaded from: input_file:WEB-INF/lib/amazon-inspector-image-scanner.jar:com/amazon/inspector/jenkins/amazoninspectorbuildstep/AmazonInspectorBuilder.class */
public class AmazonInspectorBuilder extends Builder implements SimpleBuildStep {
    public static PrintStream logger;
    private final String archivePath;
    private final String iamRole;
    private final String awsRegion;
    private final String credentialId;
    private String sbomgenPath;
    private final int countCritical;
    private final int countHigh;
    private final int countMedium;
    private final int countLow;
    private Job<?, ?> job;

    @Extension
    @Symbol({"Amazon Inspector"})
    /* loaded from: input_file:WEB-INF/lib/amazon-inspector-image-scanner.jar:com/amazon/inspector/jenkins/amazoninspectorbuildstep/AmazonInspectorBuilder$DescriptorImpl.class */
    public static class DescriptorImpl extends BuildStepDescriptor<Builder> {
        public DescriptorImpl() {
            load();
        }

        private ListBoxModel getCredentialIdModels() {
            ListBoxModel listBoxModel = new ListBoxModel();
            List<StandardUsernamePasswordCredentials> lookupCredentials = CredentialsProvider.lookupCredentials(StandardUsernamePasswordCredentials.class, Jenkins.getInstance(), ACL.SYSTEM, Collections.emptyList());
            listBoxModel.add("Select Docker Username", (String) null);
            for (StandardUsernamePasswordCredentials standardUsernamePasswordCredentials : lookupCredentials) {
                if (standardUsernamePasswordCredentials.getUsername() != null && !standardUsernamePasswordCredentials.getUsername().isEmpty()) {
                    listBoxModel.add(String.format("[%s] %s/*****", standardUsernamePasswordCredentials.getId(), standardUsernamePasswordCredentials.getUsername()), standardUsernamePasswordCredentials.getId());
                }
            }
            return listBoxModel;
        }

        @POST
        public ListBoxModel doFillCredentialIdItems() {
            return Jenkins.get().hasPermission(Permission.READ) ? getCredentialIdModels() : new ListBoxModel();
        }

        public ListBoxModel doFillAwsRegionItems() {
            ListBoxModel listBoxModel = new ListBoxModel();
            listBoxModel.add("Select AWS Region", (String) null);
            for (String str : InspectorRegions.INSPECTOR_REGIONS) {
                listBoxModel.add(str, str);
            }
            return listBoxModel;
        }

        public boolean isApplicable(Class<? extends AbstractProject> cls) {
            return true;
        }

        public String getDisplayName() {
            return "Amazon Inspector Scan";
        }
    }

    @DataBoundConstructor
    public AmazonInspectorBuilder(String str, String str2, String str3, String str4, String str5, int i, int i2, int i3, int i4) {
        this.archivePath = str;
        this.credentialId = str5;
        this.sbomgenPath = str2;
        this.iamRole = str3;
        this.awsRegion = str4;
        this.countCritical = i;
        this.countHigh = i2;
        this.countMedium = i3;
        this.countLow = i4;
    }

    private boolean doesBuildFail(Map<Severity, Integer> map) {
        return (map.get(Severity.CRITICAL).intValue() > this.countCritical) || (map.get(Severity.HIGH).intValue() > this.countHigh) || (map.get(Severity.MEDIUM).intValue() > this.countMedium) || (map.get(Severity.LOW).intValue() > this.countLow);
    }

    public void perform(Run<?, ?> run, FilePath filePath, EnvVars envVars, Launcher launcher, TaskListener taskListener) throws IOException, InterruptedException {
        logger = taskListener.getLogger();
        run.getEnvironment(taskListener).put("sbomgenPath", this.sbomgenPath);
        File file = new File(run.getRootDir(), "out");
        this.job = run.getParent();
        PrintStream printStream = new PrintStream(file, StandardCharsets.UTF_8);
        try {
            try {
                if (Jenkins.getInstanceOrNull() == null) {
                    throw new RuntimeException("No Jenkins instance found");
                }
                StandardUsernamePasswordCredentials findCredentialById = CredentialsProvider.findCredentialById(this.credentialId, StandardUsernamePasswordCredentials.class, run, new DomainRequirement[0]);
                String run2 = new SbomgenRunner(this.sbomgenPath, this.archivePath, findCredentialById.getUsername(), findCredentialById.getPassword().getPlainText()).run();
                JsonObject asJsonObject = JsonParser.parseString(run2).getAsJsonObject().get("metadata").getAsJsonObject().get("component").getAsJsonObject();
                String str = "No Sha Found";
                Iterator<JsonElement> it = asJsonObject.get(StringLookupFactory.KEY_PROPERTIES).getAsJsonArray().iterator();
                while (it.hasNext()) {
                    JsonElement next = it.next();
                    if (next.getAsJsonObject().get("name").getAsString().equals("amazon:inspector:sbom_collector:image_id")) {
                        str = next.getAsJsonObject().get("value").getAsString();
                    }
                }
                taskListener.getLogger().println("Sending SBOM to Inspector for validation");
                String requestSbom = new SdkRequests(this.awsRegion, this.iamRole).requestSbom(run2);
                Gson create = new GsonBuilder().setPrettyPrinting().disableHtmlEscaping().create();
                SbomData build = SbomData.builder().sbom((Sbom) create.fromJson(requestSbom, Sbom.class)).build();
                String format = String.format("%s/%s", envVars.get("WORKSPACE"), envVars.get("BUILD_NUMBER"));
                new File(format).mkdirs();
                String replaceAll = String.format("%s-%s-sbom.json", run.getParent().getDisplayName(), run.getDisplayName()).replaceAll("[ #]", "");
                writeSbomDataToFile(create.toJson(build.getSbom()), String.format("%s/%s", format, replaceAll));
                CsvConverter csvConverter = new CsvConverter(build);
                String replaceAll2 = String.format("%s-%s.csv", run.getParent().getDisplayName(), run.getDisplayName()).replaceAll("[ #]", "");
                String format2 = String.format("%s/%s", format, replaceAll2);
                logger.println("Converting SBOM Results to CSV.");
                csvConverter.convert(format2);
                SeverityCounts parseSbom = new SbomOutputParser(build).parseSbom();
                String asString = asJsonObject.get("name").getAsString();
                String[] split = (asString.endsWith(".tar") ? Sanitizer.sanitizeFilePath("file://" + asString) : Sanitizer.sanitizeText(asString)).split(ChunkContentUtils.HEADER_COLON_SEPARATOR);
                String str2 = null;
                if (split.length > 1) {
                    str2 = split[1];
                }
                String format3 = String.format("%sjob/%s/ws/%s", envVars.get("JENKINS_URL"), envVars.get("JOB_NAME"), envVars.get("BUILD_NUMBER"));
                HtmlData build2 = HtmlData.builder().jsonFilePath(format3 + "/" + replaceAll).csvFilePath(format3 + "/" + replaceAll2).imageMetadata(ImageMetadata.builder().id(split[0]).tags(str2).sha(str).build()).severityValues(SeverityValues.builder().critical(parseSbom.getCounts().get(Severity.CRITICAL).intValue()).high(parseSbom.getCounts().get(Severity.HIGH).intValue()).medium(parseSbom.getCounts().get(Severity.MEDIUM).intValue()).low(parseSbom.getCounts().get(Severity.LOW).intValue()).build()).vulnerabilities(HtmlConversionUtils.convertVulnerabilities(build.getSbom().getVulnerabilities(), build.getSbom().getComponents())).build();
                String copyHtmlToDir = new HtmlJarHandler(new File(HtmlJarHandler.class.getProtectionDomain().getCodeSource().getLocation().toURI()).getPath()).copyHtmlToDir(format);
                new HtmlGenerator(copyHtmlToDir).generateNewHtml(new Gson().toJson(build2));
                logger.println("Prefixing file paths with Jenkins URL from settings, currently: " + ((String) envVars.get("JENKINS_URL")));
                taskListener.getLogger().println("CSV Output File: " + format3 + "/" + replaceAll2);
                taskListener.getLogger().println("SBOM Output File: " + format3 + "/" + replaceAll);
                taskListener.getLogger().println("HTML Report File: " + format3 + "/index.html");
                taskListener.getLogger().println("Alternate Report Link: file://" + copyHtmlToDir);
                boolean z = !doesBuildFail(parseSbom.getCounts());
                taskListener.getLogger().printf("Results: %s\nDoes Build Pass: %s\n", parseSbom, Boolean.valueOf(z));
                if (z) {
                    run.setResult(Result.SUCCESS);
                } else {
                    run.setResult(Result.FAILURE);
                }
                printStream.close();
            } catch (Exception e) {
                taskListener.getLogger().println("Plugin execution ran into an error and is being aborted!");
                run.setResult(Result.ABORTED);
                taskListener.getLogger().println("Exception:" + e);
                e.printStackTrace(taskListener.getLogger());
                printStream.close();
            }
        } catch (Throwable th) {
            printStream.close();
            throw th;
        }
    }

    public static void writeSbomDataToFile(String str, String str2) {
        try {
            PrintWriter printWriter = new PrintWriter(new FileWriter(str2));
            try {
                for (String str3 : str.split("\n")) {
                    printWriter.println(StringEscapeUtils.unescapeJava(str3));
                }
                printWriter.close();
            } finally {
            }
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    public String getArchivePath() {
        return this.archivePath;
    }

    public String getIamRole() {
        return this.iamRole;
    }

    public String getAwsRegion() {
        return this.awsRegion;
    }

    public String getCredentialId() {
        return this.credentialId;
    }

    public String getSbomgenPath() {
        return this.sbomgenPath;
    }

    public int getCountCritical() {
        return this.countCritical;
    }

    public int getCountHigh() {
        return this.countHigh;
    }

    public int getCountMedium() {
        return this.countMedium;
    }

    public int getCountLow() {
        return this.countLow;
    }

    public Job<?, ?> getJob() {
        return this.job;
    }
}
