package io.jenkins.plugins.intotorecorder;

import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.google.gson.Gson;
import com.google.gson.reflect.TypeToken;
import hudson.EnvVars;
import hudson.Extension;
import hudson.FilePath;
import hudson.Launcher;
import hudson.model.AbstractProject;
import hudson.model.Run;
import hudson.model.TaskListener;
import hudson.remoting.VirtualChannel;
import hudson.security.ACL;
import hudson.tasks.BuildWrapperDescriptor;
import io.github.in_toto.keys.Key;
import io.github.in_toto.keys.RSAKey;
import io.github.in_toto.models.Artifact;
import io.github.in_toto.models.Link;
import io.jenkins.plugins.intotorecorder.transport.Transport;
import java.io.File;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.Reader;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import jenkins.MasterToSlaveFileCallable;
import jenkins.model.Jenkins;
import jenkins.tasks.SimpleBuildWrapper;
import org.jenkinsci.Symbol;
import org.jenkinsci.plugins.plaincredentials.FileCredentials;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;

/* loaded from: input_file:io/jenkins/plugins/intotorecorder/InTotoWrapper.class */
public class InTotoWrapper extends SimpleBuildWrapper {

    @DataBoundSetter
    private String keyPath;

    @DataBoundSetter
    private String credentialId;

    @DataBoundSetter
    private String stepName;

    @DataBoundSetter
    private String transport;
    private Link link;
    private Key key;
    private FilePath cwd;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/jenkins/plugins/intotorecorder/InTotoWrapper$ArtifactCollector.class */
    public static final class ArtifactCollector extends MasterToSlaveFileCallable<String> {
        private static final long serialVersionUID = 1;

        private ArtifactCollector() {
        }

        /* renamed from: invoke, reason: merged with bridge method [inline-methods] */
        public String m3invoke(File file, VirtualChannel virtualChannel) {
            HashMap hashMap = new HashMap();
            recurseAndCollect(file, hashMap);
            return new Gson().toJson(hashMap);
        }

        private static void recurseAndCollect(File file, HashMap<String, Artifact.ArtifactHash> hashMap) {
            File[] listFiles;
            if (file.exists() && file.isFile()) {
                Artifact artifact = new Artifact(file.toString());
                hashMap.put(artifact.getURI(), artifact.getArtifactHashes());
            } else if (file.exists() && file.isDirectory() && (listFiles = file.listFiles()) != null) {
                for (File file2 : listFiles) {
                    recurseAndCollect(file2, hashMap);
                }
            }
        }
    }

    @Extension
    @Symbol({"in_toto_wrap"})
    /* loaded from: input_file:io/jenkins/plugins/intotorecorder/InTotoWrapper$DescriptorImpl.class */
    public static final class DescriptorImpl extends BuildWrapperDescriptor {
        public DescriptorImpl() {
            super(InTotoWrapper.class);
            load();
        }

        public String getDisplayName() {
            return "in-toto record wrapper";
        }

        public boolean isApplicable(AbstractProject<?, ?> abstractProject) {
            return true;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/jenkins/plugins/intotorecorder/InTotoWrapper$LinkSerializer.class */
    public static final class LinkSerializer extends MasterToSlaveFileCallable<String> {
        private static final long serialVersionUID = 2;
        String linkData;
        String keyPath;
        String transportURL;

        private LinkSerializer(String str, String str2, String str3) {
            this.linkData = str;
            this.keyPath = str2;
            this.transportURL = str3;
        }

        /* renamed from: invoke, reason: merged with bridge method [inline-methods] */
        public String m4invoke(File file, VirtualChannel virtualChannel) {
            RSAKey loadKey = loadKey(this.keyPath);
            Gson gson = new Gson();
            System.out.println(this.linkData);
            Link link = (Link) gson.fromJson(this.linkData, Link.class);
            link.sign(loadKey);
            if (this.transportURL == null) {
                link.dump();
            }
            return link.dumpString();
        }

        private RSAKey loadKey(String str) {
            if (new File(str).exists()) {
                return RSAKey.read(str);
            }
            throw new RuntimeException(" This signing keypath (" + str + ") does not exist!");
        }
    }

    /* loaded from: input_file:io/jenkins/plugins/intotorecorder/InTotoWrapper$PostWrap.class */
    public static class PostWrap extends SimpleBuildWrapper.Disposer {
        private static final long serialVersionUID = 2;
        transient Link link;
        transient Key key;
        String keyPath;
        String transportURL;
        String stepName;

        public PostWrap(Link link, Key key, String str, String str2, String str3) {
            this.link = link;
            this.key = key;
            this.keyPath = str;
            this.stepName = str2;
            this.transportURL = str3 == null ? "" : str3;
        }

        public void tearDown(Run<?, ?> run, FilePath filePath, Launcher launcher, TaskListener taskListener) throws IOException, InterruptedException {
            this.link.setProducts(InTotoWrapper.collectArtifacts(filePath));
            Transport transport = null;
            try {
                transport = Transport.TransportFactory.transportForURI(new URI(this.transportURL));
            } catch (RuntimeException | URISyntaxException e) {
            }
            if (this.key != null) {
                this.link.sign(this.key);
            } else if (this.keyPath != null) {
                this.link = Link.read(dumpLink(filePath));
            } else {
                taskListener.getLogger().println("[in-toto] Warning! no keypath specified. Not signing...");
            }
            if (this.transportURL.length() == 0 || transport == null) {
                taskListener.getLogger().println("[in-toto] No transport specified (or transport not supported) Dumping metadata to local directory");
            } else {
                taskListener.getLogger().println("[in-toto] Dumping metadata to: " + transport);
                transport.submit(this.link);
            }
        }

        private String dumpLink(FilePath filePath) {
            try {
                return (String) filePath.child(this.link.getFullName()).act(new LinkSerializer(this.link.dumpString(), this.keyPath, this.transportURL));
            } catch (IOException | InterruptedException e) {
                throw new RuntimeException("Can't create child node for link metadata " + e.toString());
            }
        }
    }

    @DataBoundConstructor
    public InTotoWrapper(String str, String str2, String str3, String str4) {
        this.stepName = (str3 == null || str3.length() == 0) ? "step" : str3;
        this.credentialId = str;
        if (str != null && str.length() != 0) {
            try {
                loadKey(new InputStreamReader(getCredentials().getContent(), "UTF-8"));
            } catch (IOException e) {
                throw new RuntimeException("credential with Id '" + str + "' can't be read. ");
            }
        }
        this.keyPath = str2;
        this.transport = str4;
    }

    public void setUp(SimpleBuildWrapper.Context context, Run<?, ?> run, FilePath filePath, Launcher launcher, TaskListener taskListener, EnvVars envVars) throws IOException, InterruptedException {
        this.cwd = filePath;
        taskListener.getLogger().println("[in-toto] wrapping step ");
        taskListener.getLogger().println("[in-toto] using step name: " + this.stepName);
        taskListener.getLogger().println("[in-toto] transport: " + this.transport);
        if (this.credentialId != null && this.credentialId.length() != 0 && this.key != null) {
            taskListener.getLogger().println("[in-toto] Key fetched from credentialId " + this.credentialId);
        } else {
            if (this.keyPath == null || this.keyPath.length() == 0) {
                throw new RuntimeException("[in-toto] Neither credentialId nor keyPath found for signing key! ");
            }
            taskListener.getLogger().println("[in-toto] CredentialId not found, but the keyPath is " + this.keyPath);
        }
        this.link = new Link((HashMap) null, (HashMap) null, this.stepName, (HashMap) null, (ArrayList) null, (HashMap) null);
        this.link.setMaterials(collectArtifacts(this.cwd));
        taskListener.getLogger().println("[in-toto] Dumping metadata... ");
        context.setDisposer(new PostWrap(this.link, this.key, this.keyPath, this.stepName, this.transport));
    }

    private void loadKey(Reader reader) {
        this.key = RSAKey.readPemBuffer(reader);
    }

    public String getKeyPath() {
        return this.keyPath;
    }

    public String getStepName() {
        return this.stepName;
    }

    public String getTransport() {
        return this.transport;
    }

    protected final FileCredentials getCredentials() throws IOException {
        FileCredentials firstOrNull = CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(FileCredentials.class, Jenkins.getInstance(), ACL.SYSTEM, Collections.emptyList()), CredentialsMatchers.withId(this.credentialId));
        if (firstOrNull == null) {
            throw new RuntimeException(" Could not find credentials entry with ID '" + this.credentialId + "' ");
        }
        return firstOrNull;
    }

    /* JADX WARN: Type inference failed for: r0v2, types: [io.jenkins.plugins.intotorecorder.InTotoWrapper$1] */
    public static HashMap<String, Artifact.ArtifactHash> collectArtifacts(FilePath filePath) {
        try {
            return (HashMap) new Gson().fromJson((String) filePath.act(new ArtifactCollector()), new TypeToken<HashMap<String, Artifact.ArtifactHash>>() { // from class: io.jenkins.plugins.intotorecorder.InTotoWrapper.1
            }.getType());
        } catch (IOException | InterruptedException e) {
            throw new RuntimeException(e.toString());
        }
    }
}
