package com.sysdig.jenkins.plugins.sysdig.client;

import com.google.common.base.Strings;
import com.sysdig.jenkins.plugins.sysdig.SysdigBuilder;
import com.sysdig.jenkins.plugins.sysdig.log.SysdigLogger;
import hudson.ProxyConfiguration;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.util.Iterator;
import java.util.Map;
import java.util.regex.Pattern;
import jenkins.model.Jenkins;
import net.sf.json.JSONArray;
import net.sf.json.JSONObject;
import org.apache.http.HttpException;
import org.apache.http.HttpHost;
import org.apache.http.HttpRequest;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.conn.routing.HttpRoute;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.client.ProxyAuthenticationStrategy;
import org.apache.http.impl.conn.DefaultProxyRoutePlanner;
import org.apache.http.protocol.HttpContext;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.util.EntityUtils;

/* loaded from: input_file:com/sysdig/jenkins/plugins/sysdig/client/SysdigSecureClientImpl.class */
public class SysdigSecureClientImpl implements SysdigSecureClient {
    private final String token;
    private final String apiURL;
    private final boolean verifySSL;
    private final SysdigLogger logger;

    public SysdigSecureClientImpl(String str, String str2, boolean z, SysdigLogger sysdigLogger) {
        this.token = str;
        this.apiURL = str2.replaceAll("/+$", SysdigBuilder.DescriptorImpl.EMPTY_STRING);
        this.verifySSL = z;
        this.logger = sysdigLogger;
    }

    @Override // com.sysdig.jenkins.plugins.sysdig.client.SysdigSecureClient
    public String submitImageForScanning(String str, String str2, Map<String, String> map, boolean z) throws ImageScanningException {
        try {
            CloseableHttpClient makeHttpClient = makeHttpClient(this.verifySSL);
            try {
                String format = String.format("%s/api/scanning/v1/anchore/images?force=%b", this.apiURL, Boolean.valueOf(z));
                JSONObject jSONObject = new JSONObject();
                jSONObject.put("tag", str);
                if (null != str2) {
                    jSONObject.put("dockerfile", str2);
                }
                if (null != map) {
                    jSONObject.put("annotations", map);
                }
                String jSONObject2 = jSONObject.toString();
                HttpPost httpPost = new HttpPost(format);
                httpPost.addHeader("Content-Type", "application/json");
                httpPost.addHeader("Authorization", String.format("Bearer %s", this.token));
                httpPost.setEntity(new StringEntity(jSONObject2));
                this.logger.logDebug("Sending request: " + httpPost.toString());
                this.logger.logDebug("Body:\n" + jSONObject2);
                CloseableHttpResponse execute = makeHttpClient.execute(httpPost);
                try {
                    String entityUtils = EntityUtils.toString(execute.getEntity());
                    this.logger.logDebug("Response: " + execute.getStatusLine().toString());
                    this.logger.logDebug("Response body:\n" + entityUtils);
                    if (execute.getStatusLine().getStatusCode() != 200) {
                        throw new ImageScanningException(String.format("sysdig-secure-engine add image failed. URL: %s, status: %s, error: %s", format, execute.getStatusLine(), entityUtils));
                    }
                    String string = JSONObject.fromObject(JSONArray.fromObject(entityUtils).get(0)).getString("imageDigest");
                    if (execute != null) {
                        execute.close();
                    }
                    if (makeHttpClient != null) {
                        makeHttpClient.close();
                    }
                    return string;
                } catch (Throwable th) {
                    if (execute != null) {
                        try {
                            execute.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } finally {
            }
        } catch (RuntimeException e) {
            throw e;
        } catch (Exception e2) {
            this.logger.logDebug("Error: ", e2);
            throw new ImageScanningException(e2);
        }
    }

    @Override // com.sysdig.jenkins.plugins.sysdig.client.SysdigSecureClient
    public JSONObject retrieveImageScanningVulnerabilities(String str) throws ImageScanningException {
        try {
            CloseableHttpClient makeHttpClient = makeHttpClient(this.verifySSL);
            try {
                HttpGet httpGet = new HttpGet(String.format("%s/api/scanning/v1/anchore/images/%s/vuln/all", this.apiURL, str));
                httpGet.addHeader("Content-Type", "application/json");
                httpGet.addHeader("Authorization", String.format("Bearer %s", this.token));
                this.logger.logDebug("Sending request: " + httpGet.toString());
                CloseableHttpResponse execute = makeHttpClient.execute(httpGet);
                try {
                    String entityUtils = EntityUtils.toString(execute.getEntity());
                    this.logger.logDebug("Response: " + execute.getStatusLine().toString());
                    this.logger.logDebug("Response body:\n" + entityUtils);
                    if (execute.getStatusLine().getStatusCode() != 200) {
                        throw new ImageScanningException(String.format("Error while retrieving the image vulnerabilities: %s", entityUtils));
                    }
                    JSONObject fromObject = JSONObject.fromObject(entityUtils);
                    if (execute != null) {
                        execute.close();
                    }
                    if (makeHttpClient != null) {
                        makeHttpClient.close();
                    }
                    return fromObject;
                } catch (Throwable th) {
                    if (execute != null) {
                        try {
                            execute.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } finally {
            }
        } catch (RuntimeException e) {
            throw e;
        } catch (Exception e2) {
            this.logger.logDebug("Error: ", e2);
            throw new ImageScanningException(e2);
        }
    }

    @Override // com.sysdig.jenkins.plugins.sysdig.client.SysdigSecureClient
    public JSONArray retrieveImageScanningResults(String str, String str2) throws ImageScanningException {
        try {
            CloseableHttpClient makeHttpClient = makeHttpClient(this.verifySSL);
            try {
                HttpGet httpGet = new HttpGet(String.format("%s/api/scanning/v1/anchore/images/%s/check?tag=%s&detail=true", this.apiURL, str2, str));
                httpGet.addHeader("Content-Type", "application/json");
                httpGet.addHeader("Authorization", String.format("Bearer %s", this.token));
                this.logger.logDebug("Sending request: " + httpGet.toString());
                CloseableHttpResponse execute = makeHttpClient.execute(httpGet);
                try {
                    String entityUtils = EntityUtils.toString(execute.getEntity());
                    this.logger.logDebug("Response: " + execute.getStatusLine().toString());
                    this.logger.logDebug("Response body:\n" + entityUtils);
                    if (execute.getStatusLine().getStatusCode() != 200) {
                        throw new ImageScanningException(String.format("Error while retrieving the image scanning results: %s", entityUtils));
                    }
                    JSONArray fromObject = JSONArray.fromObject(entityUtils);
                    if (execute != null) {
                        execute.close();
                    }
                    if (makeHttpClient != null) {
                        makeHttpClient.close();
                    }
                    return fromObject;
                } catch (Throwable th) {
                    if (execute != null) {
                        try {
                            execute.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } finally {
            }
        } catch (RuntimeException e) {
            throw e;
        } catch (Exception e2) {
            this.logger.logDebug("Error: ", e2);
            throw new ImageScanningException(e2);
        }
    }

    private static CloseableHttpClient makeHttpClient(boolean z) throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
        HttpClientBuilder custom = HttpClients.custom();
        if (!z) {
            SSLContextBuilder sSLContextBuilder = new SSLContextBuilder();
            sSLContextBuilder.loadTrustMaterial((KeyStore) null, new TrustSelfSignedStrategy());
            custom.setSSLSocketFactory(new SSLConnectionSocketFactory(sSLContextBuilder.build(), NoopHostnameVerifier.INSTANCE));
        }
        custom.useSystemProperties();
        final ProxyConfiguration proxyConfiguration = Jenkins.get().proxy;
        if (proxyConfiguration != null && !Strings.isNullOrEmpty(proxyConfiguration.name)) {
            HttpHost httpHost = new HttpHost(proxyConfiguration.name, proxyConfiguration.port, "http");
            if (proxyConfiguration.getNoProxyHostPatterns().size() > 0) {
                custom.setRoutePlanner(new DefaultProxyRoutePlanner(httpHost) { // from class: com.sysdig.jenkins.plugins.sysdig.client.SysdigSecureClientImpl.1
                    public HttpRoute determineRoute(HttpHost httpHost2, HttpRequest httpRequest, HttpContext httpContext) throws HttpException {
                        String hostName = httpHost2.getHostName();
                        Iterator it = proxyConfiguration.getNoProxyHostPatterns().iterator();
                        while (it.hasNext()) {
                            if (((Pattern) it.next()).matcher(hostName).matches()) {
                                return new HttpRoute(httpHost2);
                            }
                        }
                        return super.determineRoute(httpHost2, httpRequest, httpContext);
                    }
                });
            }
            custom.setProxy(httpHost);
            if (!Strings.isNullOrEmpty(proxyConfiguration.getUserName())) {
                UsernamePasswordCredentials usernamePasswordCredentials = new UsernamePasswordCredentials(proxyConfiguration.getUserName(), proxyConfiguration.getPassword());
                BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
                basicCredentialsProvider.setCredentials(new AuthScope(proxyConfiguration.name, proxyConfiguration.port), usernamePasswordCredentials);
                custom.setDefaultCredentialsProvider(basicCredentialsProvider);
                custom.setProxyAuthenticationStrategy(new ProxyAuthenticationStrategy());
            }
        }
        return custom.build();
    }
}
