package org.sonarsource.scanner.jenkins.pipeline;

import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.common.StandardListBoxModel;
import com.cloudbees.plugins.credentials.common.StandardUsernameCredentials;
import com.cloudbees.plugins.credentials.domains.DomainRequirement;
import com.google.common.collect.ImmutableSet;
import hudson.AbortException;
import hudson.Extension;
import hudson.Util;
import hudson.model.FreeStyleProject;
import hudson.model.Item;
import hudson.model.Queue;
import hudson.model.Run;
import hudson.model.TaskListener;
import hudson.model.queue.Tasks;
import hudson.plugins.sonar.SonarInstallation;
import hudson.plugins.sonar.action.SonarAnalysisAction;
import hudson.plugins.sonar.client.HttpClient;
import hudson.plugins.sonar.client.OkHttpClientSingleton;
import hudson.plugins.sonar.client.WsClient;
import hudson.plugins.sonar.utils.SonarUtils;
import hudson.security.ACL;
import hudson.util.FormValidation;
import hudson.util.ListBoxModel;
import java.io.IOException;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.UUID;
import java.util.function.Consumer;
import java.util.function.Supplier;
import java.util.logging.Logger;
import javax.annotation.Nullable;
import jenkins.model.Jenkins;
import org.apache.commons.codec.digest.HmacAlgorithms;
import org.apache.commons.codec.digest.HmacUtils;
import org.apache.commons.lang.StringUtils;
import org.jenkinsci.plugins.plaincredentials.StringCredentials;
import org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.Whitelisted;
import org.jenkinsci.plugins.workflow.graph.FlowNode;
import org.jenkinsci.plugins.workflow.steps.Step;
import org.jenkinsci.plugins.workflow.steps.StepContext;
import org.jenkinsci.plugins.workflow.steps.StepDescriptor;
import org.jenkinsci.plugins.workflow.steps.StepExecution;
import org.jenkinsci.plugins.workflow.support.actions.PauseAction;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;
import org.kohsuke.stapler.QueryParameter;
import org.sonarsource.scanner.jenkins.pipeline.SonarQubeWebHook;

/* loaded from: input_file:WEB-INF/lib/sonar.jar:org/sonarsource/scanner/jenkins/pipeline/WaitForQualityGateStep.class */
public class WaitForQualityGateStep extends Step implements Serializable {
    private static final Logger LOGGER = Logger.getLogger(WaitForQualityGateStep.class.getName());
    private String taskId;
    private String installationName;
    private String serverUrl;
    private boolean abortPipeline;
    private String credentialsId;
    private String webhookSecretId;

    @Extension(optional = true)
    /* loaded from: input_file:WEB-INF/lib/sonar.jar:org/sonarsource/scanner/jenkins/pipeline/WaitForQualityGateStep$DescriptorImpl.class */
    public static final class DescriptorImpl extends StepDescriptor {
        public String getDisplayName() {
            return "Wait for SonarQube analysis to be completed and return quality gate status";
        }

        public ListBoxModel doFillCredentialsIdItems(@AncestorInPath Item item, @QueryParameter String str) {
            if ((item == null && !Jenkins.getActiveInstance().hasPermission(Jenkins.ADMINISTER)) || (item != null && !item.hasPermission(Item.EXTENDED_READ))) {
                return new StandardListBoxModel().includeCurrentValue(str);
            }
            if (item == null) {
                item = new FreeStyleProject(Jenkins.getInstance(), "fake-" + UUID.randomUUID().toString());
            }
            return new StandardListBoxModel().includeEmptyValue().includeMatchingAs(item instanceof Queue.Task ? Tasks.getAuthenticationOf((Queue.Task) item) : ACL.SYSTEM, item, StringCredentials.class, Collections.emptyList(), CredentialsMatchers.always()).includeCurrentValue(str);
        }

        public FormValidation doCheckCredentialsId(@AncestorInPath Item item, @QueryParameter String str) {
            if ((item == null && !Jenkins.getActiveInstance().hasPermission(Jenkins.ADMINISTER)) || (item != null && !item.hasPermission(Item.EXTENDED_READ))) {
                return FormValidation.ok();
            }
            String fixEmptyAndTrim = Util.fixEmptyAndTrim(str);
            if (fixEmptyAndTrim == null) {
                return FormValidation.ok();
            }
            Iterator it = CredentialsProvider.listCredentials(StandardUsernameCredentials.class, item, item instanceof Queue.Task ? Tasks.getAuthenticationOf((Queue.Task) item) : ACL.SYSTEM, Collections.emptyList(), CredentialsMatchers.always()).iterator();
            while (it.hasNext()) {
                if (StringUtils.equals(fixEmptyAndTrim, ((ListBoxModel.Option) it.next()).value)) {
                    return FormValidation.ok();
                }
            }
            return FormValidation.warning("Cannot find any credentials with id " + fixEmptyAndTrim);
        }

        public String getFunctionName() {
            return "waitForQualityGate";
        }

        public Set<Class<?>> getRequiredContext() {
            return ImmutableSet.of(FlowNode.class, Run.class, TaskListener.class);
        }
    }

    /* loaded from: input_file:WEB-INF/lib/sonar.jar:org/sonarsource/scanner/jenkins/pipeline/WaitForQualityGateStep$Execution.class */
    private static class Execution extends StepExecution implements Consumer<SonarQubeWebHook.WebhookEvent> {
        private static final String PLEASE_USE_THE_WITH_SONAR_QUBE_ENV_WRAPPER_TO_RUN_YOUR_ANALYSIS = "Please use the 'withSonarQubeEnv' wrapper to run your analysis.";
        private static final long serialVersionUID = 1;
        private WaitForQualityGateStep step;

        public Execution(WaitForQualityGateStep waitForQualityGateStep, StepContext stepContext) {
            super(stepContext);
            this.step = waitForQualityGateStep;
        }

        public boolean start() {
            processStepParameters();
            if (checkTaskCompleted()) {
                return true;
            }
            SonarQubeWebHook.WebhookEvent webhookEventForTaskId = SonarQubeWebHook.get().getWebhookEventForTaskId(this.step.taskId);
            if (webhookEventForTaskId != null) {
                validateWebhookAndCheckQualityGateIfValid(webhookEventForTaskId, true);
                return true;
            }
            ((FlowNode) getContextClass(FlowNode.class)).addAction(new PauseAction("SonarQube analysis"));
            return false;
        }

        private void processStepParameters() {
            List actions = ((Run) getContextClass(Run.class)).getActions(SonarAnalysisAction.class);
            if (actions.isEmpty()) {
                throw new IllegalStateException("No previous SonarQube analysis found on this pipeline execution. Please use the 'withSonarQubeEnv' wrapper to run your analysis.");
            }
            String str = null;
            String str2 = null;
            String str3 = null;
            String str4 = null;
            ArrayList arrayList = new ArrayList(actions);
            Collections.reverse(arrayList);
            Iterator it = arrayList.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                SonarAnalysisAction sonarAnalysisAction = (SonarAnalysisAction) it.next();
                str = sonarAnalysisAction.getCeTaskId();
                if (str != null) {
                    str2 = sonarAnalysisAction.getInstallationUrl();
                    str3 = sonarAnalysisAction.getInstallationName();
                    str4 = sonarAnalysisAction.getCredentialsId();
                    break;
                }
            }
            if (str == null || str2 == null || str3 == null) {
                throw new IllegalStateException("Unable to guess SonarQube task id and/or SQ server details. Please use the 'withSonarQubeEnv' wrapper to run your analysis.");
            }
            this.step.setTaskId(str);
            this.step.setServerUrl(str2);
            this.step.setInstallationName(str3);
            this.step.setCredentialsId(str4);
            if (this.step.webhookSecretId == null) {
                this.step.webhookSecretId = getInstallation().getWebhookSecretId();
            }
        }

        private void log(String str, Object... objArr) {
            ((TaskListener) getContextClass(TaskListener.class)).getLogger().printf(str, objArr);
            ((TaskListener) getContextClass(TaskListener.class)).getLogger().println();
        }

        private boolean checkTaskCompleted() {
            SonarQubeWebHook.get().addListener(this);
            log("Checking status of SonarQube task '%s' on server '%s'", this.step.taskId, this.step.getInstallationName());
            WsClient wsClient = new WsClient(new HttpClient(OkHttpClientSingleton.getInstance()), this.step.getServerUrl(), SonarUtils.getAuthenticationToken((Run) getContextClass(Run.class), getInstallation(), this.step.credentialsId));
            WsClient.CETask cETask = wsClient.getCETask(this.step.getTaskId());
            return checkQualityGate(cETask.getStatus(), () -> {
                return wsClient.requestQualityGateStatus(cETask.getAnalysisId());
            }, true);
        }

        private void handleQGStatus(String str) {
            if (!this.step.isAbortPipeline() || "OK".equals(str)) {
                getContext().onSuccess(new QGStatus(str));
            } else {
                getContext().onFailure(new AbortException("Pipeline aborted due to quality gate failure: " + str));
            }
        }

        public void onResume() {
            SonarQubeWebHook.get().addListener(this);
            try {
                checkTaskCompleted();
            } catch (Exception e) {
                throw new IllegalStateException("Unable to restore step", e);
            }
        }

        public void stop(Throwable th) throws Exception {
            PauseAction.endCurrentPause((FlowNode) getContextClass(FlowNode.class));
            SonarQubeWebHook.get().removeListener(this);
            getContext().onFailure(th);
        }

        @Override // java.util.function.Consumer
        public void accept(SonarQubeWebHook.WebhookEvent webhookEvent) {
            if (webhookEvent.getPayload().getTaskId().equals(this.step.taskId)) {
                try {
                    PauseAction.endCurrentPause((FlowNode) getContextClass(FlowNode.class));
                    validateWebhookAndCheckQualityGateIfValid(webhookEvent, false);
                } catch (IOException e) {
                    getContext().onFailure(e);
                    throw new IllegalStateException(e);
                }
            }
        }

        private void validateWebhookAndCheckQualityGateIfValid(SonarQubeWebHook.WebhookEvent webhookEvent, boolean z) {
            SonarQubeWebHook.get().removeListener(this);
            if (validateWebhook(webhookEvent)) {
                String taskStatus = webhookEvent.getPayload().getTaskStatus();
                SonarQubeWebHook.Payload payload = webhookEvent.getPayload();
                Objects.requireNonNull(payload);
                checkQualityGate(taskStatus, payload::getQualityGateStatus, z);
            }
        }

        private boolean checkQualityGate(String str, Supplier<String> supplier, boolean z) {
            log("SonarQube task '%s' status is '%s'", this.step.taskId, str);
            boolean z2 = -1;
            switch (str.hashCode()) {
                case -1149187101:
                    if (str.equals(WsClient.CETask.STATUS_SUCCESS)) {
                        z2 = false;
                        break;
                    }
                    break;
                case 659453081:
                    if (str.equals(WsClient.CETask.STATUS_CANCELED)) {
                        z2 = 2;
                        break;
                    }
                    break;
                case 2066319421:
                    if (str.equals(WsClient.CETask.STATUS_FAILURE)) {
                        z2 = true;
                        break;
                    }
                    break;
            }
            switch (z2) {
                case false:
                    String str2 = supplier.get();
                    log("SonarQube task '%s' completed. Quality gate is '%s'", this.step.taskId, str2);
                    handleQGStatus(str2);
                    return true;
                case true:
                case true:
                    IllegalStateException illegalStateException = new IllegalStateException("SonarQube analysis '" + this.step.getTaskId() + "' failed: " + str);
                    if (z) {
                        throw illegalStateException;
                    }
                    getContext().onFailure(illegalStateException);
                    return true;
                default:
                    if (z) {
                        return false;
                    }
                    throw new IllegalStateException("Unexpected task status: " + str);
            }
        }

        private boolean validateWebhook(SonarQubeWebHook.WebhookEvent webhookEvent) {
            if (this.step.webhookSecretId == null || this.step.webhookSecretId.isEmpty()) {
                return true;
            }
            StringCredentials findCredentialById = CredentialsProvider.findCredentialById(this.step.webhookSecretId, StringCredentials.class, (Run) getContextClass(Run.class), new DomainRequirement[0]);
            CredentialsProvider.track((Run) getContextClass(Run.class), findCredentialById);
            if (findCredentialById == null) {
                log("A webhook secret id was configured, but the corresponding credential could not be found", new Object[0]);
                getContext().onFailure(new AbortException("Pipeline aborted due to failed webhook verification"));
                return false;
            }
            boolean isValidSignature = isValidSignature(webhookEvent.getReceivedSignature(), webhookEvent.getPayload().getPayloadAsString(), findCredentialById.getSecret().getPlainText());
            if (isValidSignature) {
                log("The incoming webhook matched the configured webhook secret", new Object[0]);
            } else {
                log("The incoming webhook didn't match the configured webhook secret", new Object[0]);
                getContext().onFailure(new AbortException("Pipeline aborted due to failed webhook verification "));
            }
            return isValidSignature;
        }

        private static boolean isValidSignature(String str, String str2, String str3) {
            return Objects.equals(new HmacUtils(HmacAlgorithms.HMAC_SHA_256, str3).hmacHex(str2), str);
        }

        private SonarInstallation getInstallation() {
            return (SonarInstallation) Optional.ofNullable(SonarInstallation.get(this.step.getInstallationName())).orElseThrow(() -> {
                return new IllegalStateException("Invalid installation name: " + this.step.getInstallationName());
            });
        }

        private <T> T getContextClass(Class<T> cls) {
            try {
                return (T) Optional.ofNullable(getContext().get(cls)).orElseThrow(() -> {
                    return new IllegalStateException(String.format("Could not get %s from the Jenkins context", cls.getName()));
                });
            } catch (IOException | IllegalStateException e) {
                getContext().onFailure(e);
                throw new IllegalStateException(e);
            } catch (InterruptedException e2) {
                Thread.currentThread().interrupt();
                getContext().onFailure(e2);
                throw new IllegalStateException(e2);
            }
        }
    }

    /* loaded from: input_file:WEB-INF/lib/sonar.jar:org/sonarsource/scanner/jenkins/pipeline/WaitForQualityGateStep$QGStatus.class */
    public static class QGStatus implements Serializable {
        private static final long serialVersionUID = 1;
        private final String status;

        public QGStatus(String str) {
            this.status = str;
        }

        @Whitelisted
        public String getStatus() {
            return this.status;
        }
    }

    @DataBoundConstructor
    public WaitForQualityGateStep(boolean z) {
        this.abortPipeline = z;
    }

    @DataBoundSetter
    public void setWebhookSecretId(String str) {
        this.webhookSecretId = str;
    }

    public boolean isAbortPipeline() {
        return this.abortPipeline;
    }

    public void setTaskId(String str) {
        this.taskId = str;
    }

    public void setInstallationName(String str) {
        this.installationName = str;
    }

    public void setServerUrl(String str) {
        this.serverUrl = str;
    }

    public String getTaskId() {
        return this.taskId;
    }

    public String getInstallationName() {
        return this.installationName;
    }

    public String getServerUrl() {
        return this.serverUrl;
    }

    public String getCredentialsId() {
        return this.credentialsId;
    }

    public String getWebhookSecretId() {
        return this.webhookSecretId;
    }

    @DataBoundSetter
    public void setCredentialsId(@Nullable String str) {
        this.credentialsId = Util.fixEmpty(str);
    }

    public StepExecution start(StepContext stepContext) throws Exception {
        return new Execution(this, stepContext);
    }
}
