package io.jenkins.plugins.harbor.steps;

import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials;
import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.AbortException;
import hudson.EnvVars;
import hudson.Launcher;
import hudson.model.Run;
import hudson.model.TaskListener;
import hudson.util.ArgumentListBuilder;
import io.jenkins.plugins.harbor.HarborException;
import io.jenkins.plugins.harbor.action.HarborBuildBadgeAction;
import io.jenkins.plugins.harbor.action.HarborWebHookAction;
import io.jenkins.plugins.harbor.action.HarborWebhookEvent;
import io.jenkins.plugins.harbor.action.model.EventType;
import io.jenkins.plugins.harbor.action.model.Resource;
import io.jenkins.plugins.harbor.action.model.VulnerabilityScanStatus;
import io.jenkins.plugins.harbor.client.HarborClientImpl;
import io.jenkins.plugins.harbor.client.models.Artifact;
import io.jenkins.plugins.harbor.client.models.NativeReportSummary;
import io.jenkins.plugins.harbor.client.models.Severity;
import io.jenkins.plugins.harbor.configuration.HarborPluginGlobalConfiguration;
import io.jenkins.plugins.harbor.configuration.HarborServer;
import io.jenkins.plugins.harbor.util.HarborConstants;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.nio.charset.Charset;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.function.Consumer;
import java.util.logging.Logger;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.jenkinsci.plugins.workflow.graph.FlowNode;
import org.jenkinsci.plugins.workflow.steps.StepContext;
import org.jenkinsci.plugins.workflow.steps.StepExecution;
import org.jenkinsci.plugins.workflow.support.actions.PauseAction;

/* loaded from: input_file:WEB-INF/lib/harbor.jar:io/jenkins/plugins/harbor/steps/WaitForHarborWebhookExecution.class */
public class WaitForHarborWebhookExecution extends StepExecution implements Consumer<HarborWebhookEvent> {
    private static final long serialVersionUID = 1;
    private static final Logger logger = Logger.getLogger(WaitForHarborWebhookExecution.class.getName());
    private static final int MAX_LOG_LINES = 1000;
    private static final String BUILD_IMAGE_NAME_PATTERN = "#\\d+ naming to (\\S+/\\S+/\\S+:\\S+) .*done";
    private static final String BUILD_IMAGE_DIGEST_PATTERN = "(\\d+): digest: (sha256:[a-f0-9]+) size: (\\d+)";
    private final WaitForHarborWebhookStep waitForHarborWebhookStep;
    private Image image;

    public WaitForHarborWebhookExecution(StepContext stepContext, WaitForHarborWebhookStep waitForHarborWebhookStep) {
        super(stepContext);
        this.waitForHarborWebhookStep = waitForHarborWebhookStep;
    }

    public boolean start() throws Exception {
        processStepParameters();
        if (checkScanCompleted()) {
            return true;
        }
        HarborWebhookEvent webhookEventForDigest = HarborWebHookAction.get().getWebhookEventForDigest(this.image.getImageDigest());
        if (webhookEventForDigest != null) {
            validateWebhookAndCheckSeverityIfValid(webhookEventForDigest, true);
            return true;
        }
        ((FlowNode) getContextClass(FlowNode.class)).addAction(new PauseAction("Harbor Scanner analysis"));
        return false;
    }

    private void processStepParameters() throws IOException {
        String fullImageName = this.waitForHarborWebhookStep.getFullImageName();
        String str = null;
        if (fullImageName == null) {
            List<String> log = ((Run) getContextClass(Run.class)).getLog(MAX_LOG_LINES);
            Pattern compile = Pattern.compile(BUILD_IMAGE_NAME_PATTERN);
            Pattern compile2 = Pattern.compile(BUILD_IMAGE_DIGEST_PATTERN);
            for (String str2 : log) {
                Matcher matcher = compile.matcher(str2);
                Matcher matcher2 = compile2.matcher(str2);
                if (matcher.find()) {
                    fullImageName = matcher.group(1);
                }
                if (matcher2.find()) {
                    str = matcher2.group(2);
                }
            }
        } else {
            str = getDigestByFullImageName(fullImageName);
        }
        if (fullImageName == null || str == null) {
            throw new ImageInfoExtractionException(String.format("Failed to extract image name(%s) or digest(%s). Image not found.", fullImageName, str));
        }
        this.image = new Image(fullImageName, str);
        ((Run) getContextClass(Run.class)).addAction(new HarborBuildBadgeAction(String.format("https://%s/harbor/projects/%s/repositories/%s/artifacts-tab/artifacts/%s", this.image.getRegistry(), this.image.getProjects(), this.image.getRepository(), str)));
    }

    private String getDigestByFullImageName(String str) {
        ArgumentListBuilder argumentListBuilder = new ArgumentListBuilder();
        argumentListBuilder.add(new String[]{"docker", "inspect", "-f", "{{.RepoDigests}}", str});
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            try {
                if (((Launcher) getContextClass(Launcher.class)).launch().cmds(argumentListBuilder).envs((Map) getContextClass(EnvVars.class)).quiet(true).stdout(byteArrayOutputStream).stderr(new ByteArrayOutputStream()).start().join() != 0) {
                    throw new HarborException("Run docker command fail, Unable to get image digest.");
                }
                String trim = byteArrayOutputStream.toString(Charset.defaultCharset().name()).trim();
                for (String str2 : trim.substring(1, trim.length() - 1).split(" ")) {
                    if (str2.startsWith(str.split(":")[0])) {
                        return str2.split("@")[1];
                    }
                }
                throw new HarborException(String.format("Unable to get matching image digest. repoDigests: %s%n", trim));
            } catch (IOException | InterruptedException e) {
                throw new HarborException("Run command error, Unable to get command execution results", e);
            }
        } catch (UnsupportedEncodingException e2) {
            throw new HarborException("Encoding error, unable to read command result.", e2);
        }
    }

    private boolean checkScanCompleted() {
        HarborWebHookAction.get().addListener(this);
        writeLogToConsole("Checking scan status of Harbor artifact '%s' on server '%s'%n", this.image.getImageName(), this.image.getRegistry());
        try {
            try {
                HarborServer harborServerByName = HarborPluginGlobalConfiguration.getHarborServerByName(this.waitForHarborWebhookStep.getServer());
                Artifact artifact = new HarborClientImpl(harborServerByName.getBaseUrl(), getCredentials(this.waitForHarborWebhookStep.getCredentialsId()), harborServerByName.isSkipTlsVerify(), harborServerByName.isDebugLogging()).getArtifact(this.image.getProjects(), this.image.getRepository(), this.image.getImageDigest(), new HashMap<String, String>() { // from class: io.jenkins.plugins.harbor.steps.WaitForHarborWebhookExecution.1
                    {
                        put("with_scan_overview", "true");
                        put("page_size", "15");
                        put("page", "1");
                    }
                });
                logger.info(artifact.toString());
                HashMap<String, NativeReportSummary> scanOverview = artifact.getScanOverview();
                if (scanOverview == null || scanOverview.isEmpty()) {
                    writeLogToConsole("The Artifact api cannot get scan overview, Please check whether you have enabled image scanning.", new Object[0]);
                    return false;
                }
                NativeReportSummary nativeReportSummary = scanOverview.get(HarborConstants.HarborVulnerabilityReportV11MimeType);
                return checkScanStatus(nativeReportSummary.getScanStatus(), nativeReportSummary.getSeverity(), true);
            } catch (IOException e) {
                throw new HarborException("Interrupted on checkScanCompleted.", e);
            }
        } catch (KeyManagementException | NoSuchAlgorithmException e2) {
            throw new HarborException("Connect to harbor server Failed.", e2);
        }
    }

    private StandardUsernamePasswordCredentials getCredentials(String str) {
        return CredentialsProvider.findCredentialById(str, StandardUsernamePasswordCredentials.class, (Run) Objects.requireNonNull((Run) getContextClass(Run.class)), Collections.emptyList());
    }

    public boolean checkScanStatus(VulnerabilityScanStatus vulnerabilityScanStatus, Severity severity, boolean z) {
        writeLogToConsole("Harbor artifact '%s' scan result is '%s'%n", this.image.getImageName(), vulnerabilityScanStatus);
        switch (vulnerabilityScanStatus) {
            case SUCCESS:
                writeLogToConsole("Harbor artifact '%s' scan completed. Severity is %s%n", this.image.getImageName(), severity);
                handleSeverity(severity);
                return true;
            case STOPPED:
            case ERROR:
            case NOT_SCANNED:
                HarborException harborException = new HarborException("Trivy analysis '" + this.image.getImageName() + "' failed: " + vulnerabilityScanStatus);
                if (z) {
                    throw harborException;
                }
                getContext().onFailure(harborException);
                return true;
            default:
                if (z) {
                    return false;
                }
                throw new IllegalStateException("Unexpected task status: " + vulnerabilityScanStatus);
        }
    }

    private void handleSeverity(Severity severity) {
        Severity severity2 = this.waitForHarborWebhookStep.getSeverity();
        List asList = Arrays.asList(Severity.values());
        boolean contains = asList.subList(asList.indexOf(severity2), asList.size()).contains(severity);
        if (this.waitForHarborWebhookStep.isAbortPipeline() && contains) {
            getContext().onFailure(new AbortException("Pipeline aborted due to severity failure: " + severity));
        } else {
            getContext().onSuccess(severity);
        }
    }

    private void validateWebhookAndCheckSeverityIfValid(HarborWebhookEvent harborWebhookEvent, boolean z) {
        HarborWebHookAction.get().removeListener(this);
        if (validateWebhook(harborWebhookEvent)) {
            for (Resource resource : harborWebhookEvent.getWebhookEventPayload().getEventData().getResources()) {
                HashMap<String, NativeReportSummary> scanOverview = resource.getScanOverview();
                if (scanOverview == null) {
                    throw new HarborException("The harbor webhook payload exception, Unable to get scan overview.");
                }
                NativeReportSummary nativeReportSummary = scanOverview.get(HarborConstants.HarborVulnerabilityReportV11MimeType);
                checkScanStatus(nativeReportSummary.getScanStatus(), nativeReportSummary.getSeverity(), z);
            }
        }
    }

    private boolean validateWebhook(HarborWebhookEvent harborWebhookEvent) {
        return true;
    }

    public void stop(@NonNull Throwable th) throws Exception {
        PauseAction.endCurrentPause((FlowNode) getContextClass(FlowNode.class));
        HarborWebHookAction.get().removeListener(this);
        super.stop(th);
    }

    public void onResume() {
        HarborWebHookAction.get().addListener(this);
        try {
            checkScanCompleted();
            super.onResume();
        } catch (Exception e) {
            throw new IllegalStateException("Unable to restore step", e);
        }
    }

    @Override // java.util.function.Consumer
    public void accept(HarborWebhookEvent harborWebhookEvent) {
        if (!harborWebhookEvent.getDigest().equals(this.image.getImageDigest())) {
            logger.info("harborWebhookEvent::getDigest: " + harborWebhookEvent.getDigest());
            logger.warning("Ignore docker image: " + this.image.getImageName() + ", digest: " + this.image.getImageDigest() + ".");
            return;
        }
        EventType type = harborWebhookEvent.getWebhookEventPayload().getType();
        if (type != EventType.SCANNING_COMPLETED) {
            logger.info(String.format("Ignore %s's Harbor Webhook event(%s)%n", harborWebhookEvent.getImageName(), type));
            return;
        }
        try {
            logger.info(String.format("Handle %s's Harbor Webhook event(%s)%n", harborWebhookEvent.getImageName(), type));
            HarborWebHookAction.getEventCache().put(harborWebhookEvent.getDigest(), harborWebhookEvent);
            PauseAction.endCurrentPause((FlowNode) getContextClass(FlowNode.class));
            validateWebhookAndCheckSeverityIfValid(harborWebhookEvent, false);
        } catch (IOException e) {
            getContext().onFailure(e);
            throw new IllegalStateException(e);
        }
    }

    private void writeLogToConsole(String str, Object... objArr) {
        ((TaskListener) getContextClass(TaskListener.class)).getLogger().printf(str, objArr);
    }

    private <T> T getContextClass(Class<T> cls) {
        try {
            return (T) Optional.ofNullable(getContext().get(cls)).orElseThrow(() -> {
                return new IllegalStateException(String.format("Could not get %s from the Jenkins context", cls.getName()));
            });
        } catch (IOException | IllegalStateException e) {
            getContext().onFailure(e);
            throw new IllegalStateException(e);
        } catch (InterruptedException e2) {
            Thread.currentThread().interrupt();
            getContext().onFailure(e2);
            throw new IllegalStateException(e2);
        }
    }
}
