package com.crowdstrike.plugins.crwds;

import com.crowdstrike.plugins.crwds.freemarker.AssessmentData;
import com.crowdstrike.plugins.crwds.freemarker.PolicyData;
import com.crowdstrike.plugins.crwds.utils.DockerUtils;
import com.crowdstrike.plugins.crwds.utils.FileUtils;
import com.crowdstrike.plugins.crwds.utils.ProcessCodes;
import com.google.gson.Gson;
import hudson.AbortException;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.ExecutionException;
import org.json.JSONObject;

/* loaded from: input_file:com/crowdstrike/plugins/crwds/FalconScanner.class */
public class FalconScanner {
    public int execute(FalconContext falconContext, String str, String str2, Integer num, String str3, String str4, String str5, Boolean bool, String str6, String str7) throws IOException, InterruptedException, ExecutionException, NullPointerException {
        int code = ProcessCodes.BUILD_SUCCESS.getCode();
        String str8 = "https://container-upload." + str5;
        String str9 = str8 + "/reports?repository=" + str + "&tag=" + str2;
        String str10 = str8 + "/policy-checks?policy_type=image-prevention-policy&repository=" + str + "&tag=" + str2;
        String accessToken = getAccessToken(falconContext, str4, str3, str5, num);
        if (accessToken.equalsIgnoreCase(ProcessCodes.AUTHENTICATION_FAILURE.getDescription())) {
            falconContext.getLogger().println("[CRWDS::DEBUG] " + ProcessCodes.AUTHENTICATION_FAILURE.getDescription());
            return ProcessCodes.AUTHENTICATION_FAILURE.getCode();
        }
        falconContext.getLogger().println("[CRWDS::DEBUG] " + ProcessCodes.AUTHENTICATION_SUCCESS.getDescription());
        if (DockerUtils.dockerLogin(falconContext, str4, str3, str8).intValue() < 0) {
            return ProcessCodes.DOCKER_LOGIN_FAILURE.getCode();
        }
        if (DockerUtils.dockerPush(falconContext, str8, str, str2).intValue() < 0) {
            return ProcessCodes.DOCKER_PUSH_FAILURE.getCode();
        }
        String falconReport = getFalconReport(falconContext, accessToken, str9, true);
        if (falconReport.equalsIgnoreCase(ProcessCodes.FETCH_ASSESSMENT_REPORT_FAILURE.getDescription())) {
            return ProcessCodes.FETCH_ASSESSMENT_REPORT_FAILURE.getCode();
        }
        Gson gson = new Gson();
        String falconReport2 = getFalconReport(falconContext, accessToken, str10, false);
        if (falconReport2.equalsIgnoreCase(ProcessCodes.FETCH_POLICY_REPORT_FAILURE.getDescription())) {
            return ProcessCodes.FETCH_POLICY_REPORT_FAILURE.getCode();
        }
        PolicyData policyData = (PolicyData) gson.fromJson(falconReport2, PolicyData.class);
        boolean isDeny = policyData.getResources().get(0).isDeny();
        if (!bool.booleanValue() && isDeny && "block".equalsIgnoreCase(policyData.getResources().get(0).getAction())) {
            code = ProcessCodes.PREVENT_BUILD_DUE_TO_POLICY.getCode();
            falconContext.getLogger().println("[CRWDS::DEBUG] " + ProcessCodes.PREVENT_BUILD_DUE_TO_POLICY.getDescription());
        }
        if (!falconReport.equalsIgnoreCase(ProcessCodes.FETCH_ASSESSMENT_REPORT_FAILURE.getDescription())) {
            AssessmentData assessmentData = (AssessmentData) gson.fromJson(falconReport, AssessmentData.class);
            falconContext.getLogger().println("[CRWDS::DEBUG] There are " + assessmentData.getVulnerabilities().size() + " vulnerabilities in the image. Refer to the CrowdStrike Security tab on the side panel for more details.");
            archiveArtifacts(falconContext, code, str6, new ReportsGenerator(Integer.valueOf(code)).generateReport(falconContext, assessmentData, policyData, bool, str7, str6), falconReport, falconReport2, str7);
            addSidebarLink(falconContext, str6, str7);
        }
        return code;
    }

    public void archiveArtifacts(FalconContext falconContext, int i, String str, String str2, String str3, String str4, String str5) throws AbortException {
        String str6 = "crwds_assessment_report_" + str5 + ".json";
        String str7 = "crwds_policy_check_" + str5 + ".json";
        try {
            if (i == ProcessCodes.BUILD_SUCCESS.getCode() || i == ProcessCodes.PREVENT_BUILD_RECOMMENDATION.getCode() || i == ProcessCodes.PREVENT_BUILD_DUE_TO_POLICY.getCode()) {
                FileUtils.createWorkSpaceArtifactAndArchive(falconContext, str6, str3);
                FileUtils.createWorkSpaceArtifactAndArchive(falconContext, str7, str4);
            }
            FileUtils.createWorkSpaceArtifactAndArchive(falconContext, str, str2);
        } catch (Exception e) {
            throw new AbortException("[CRWDS::ABORT] Failed to archive build artifacts - " + e.getMessage());
        }
    }

    private void addSidebarLink(FalconContext falconContext, String str, String str2) {
        falconContext.getRun().addOrReplaceAction(new CrowdStrikeSecurityAction(str, str2));
    }

    public static String getAccessToken(FalconContext falconContext, String str, String str2, String str3, Integer num) {
        String str4 = "https://api." + str3 + "/oauth2/token";
        if (str4.contains("us-1.")) {
            str4 = str4.replace("us-1.", "");
        }
        HashMap hashMap = new HashMap();
        hashMap.put("client_id", str);
        hashMap.put("client_secret", str2);
        try {
            StringBuilder sb = new StringBuilder();
            for (Map.Entry entry : hashMap.entrySet()) {
                if (sb.length() != 0) {
                    sb.append("&");
                }
                sb.append(URLEncoder.encode((String) entry.getKey(), StandardCharsets.UTF_8.toString())).append("=").append(URLEncoder.encode((String) entry.getValue(), StandardCharsets.UTF_8.toString()));
            }
            byte[] bytes = sb.toString().getBytes(StandardCharsets.UTF_8);
            HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str4).openConnection();
            httpURLConnection.setRequestMethod("POST");
            httpURLConnection.setDoOutput(true);
            httpURLConnection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
            httpURLConnection.setRequestProperty("User-Agent", "jenkins-ia-cicd-plugin/1.0");
            httpURLConnection.setConnectTimeout(num.intValue() * 1000);
            httpURLConnection.getOutputStream().write(bytes);
            if (httpURLConnection.getResponseCode() == 200 || httpURLConnection.getResponseCode() == 201) {
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream(), StandardCharsets.UTF_8));
                StringBuilder sb2 = new StringBuilder();
                while (true) {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        bufferedReader.close();
                        return parseFromJsonString(String.valueOf(sb2)).get("access_token").toString();
                    }
                    sb2.append(readLine);
                }
            }
        } catch (IOException e) {
            falconContext.getLogger().println("[CRWDS::DEBUG] " + e.getMessage());
        }
        return ProcessCodes.AUTHENTICATION_FAILURE.getDescription();
    }

    public static String getFalconReport(FalconContext falconContext, String str, String str2, boolean z) {
        int i = 720;
        String str3 = z ? "GET-ASSESSMENT-REPORT" : "GET-POLICY-REPORT";
        try {
            URL url = new URL(str2);
            while (i > 0) {
                HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();
                httpURLConnection.setRequestProperty("Authorization", "Bearer " + str);
                httpURLConnection.setRequestProperty("User-Agent", "jenkins-ia-cicd-plugin/1.0");
                falconContext.getLogger().println("[CRWDS::DEBUG] [" + (721 - i) + "]" + str3 + " API RESPONSE - " + httpURLConnection.getResponseCode());
                if (httpURLConnection.getResponseCode() == 200) {
                    BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream(), StandardCharsets.UTF_8));
                    StringBuilder sb = new StringBuilder();
                    while (true) {
                        String readLine = bufferedReader.readLine();
                        if (readLine == null) {
                            bufferedReader.close();
                            return String.valueOf(sb);
                        }
                        sb.append(readLine);
                    }
                } else {
                    if (!z) {
                        break;
                    }
                    i--;
                    Thread.sleep(10000L);
                }
            }
        } catch (IOException | InterruptedException e) {
            falconContext.getLogger().println("[CRWDS::DEBUG] Error in fetching the reports - " + e.getMessage());
        }
        return z ? ProcessCodes.FETCH_ASSESSMENT_REPORT_FAILURE.getDescription() : ProcessCodes.FETCH_POLICY_REPORT_FAILURE.getDescription();
    }

    public static JSONObject parseFromJsonString(String str) {
        return new JSONObject(str);
    }
}
