package hudson.plugins.repo;

import hudson.AbortException;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.util.Locale;
import jenkins.util.xml.XMLUtils;
import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;

/* loaded from: input_file:hudson/plugins/repo/ManifestValidator.class */
public final class ManifestValidator {
    private ManifestValidator() {
    }

    public static void validate(byte[] bArr, String str) throws IOException {
        if (bArr.length > 0) {
            try {
                NodeList elementsByTagName = XMLUtils.parse(new ByteArrayInputStream(bArr)).getElementsByTagName("remote");
                for (int i = 0; i < elementsByTagName.getLength(); i++) {
                    NamedNodeMap attributes = elementsByTagName.item(i).getAttributes();
                    for (int i2 = 0; i2 < attributes.getLength(); i2++) {
                        if ("fetch".equals(attributes.item(i2).getNodeName()) && attributes.item(i2).getNodeValue().toLowerCase(Locale.ENGLISH).startsWith("file://")) {
                            throw new AbortException("Checkout of Repo url '" + str + "' aborted because manifest references a local directory, which may be insecure. You can allow local checkouts anyway by setting the system property '" + RepoScm.ALLOW_LOCAL_CHECKOUT_PROPERTY + "' to true.");
                        }
                    }
                }
            } catch (SAXException e) {
                throw new IOException("Could not validate manifest");
            }
        }
    }
}
