package org.jenkinsci.plugins.stashNotifier;

import com.cloudbees.plugins.credentials.Credentials;
import com.cloudbees.plugins.credentials.common.CertificateCredentials;
import com.cloudbees.plugins.credentials.common.UsernamePasswordCredentials;
import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.ProxyConfiguration;
import java.io.PrintStream;
import java.net.InetSocketAddress;
import java.net.Proxy;
import java.net.SocketAddress;
import java.net.URI;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import javax.net.ssl.SSLContext;
import jenkins.model.Jenkins;
import net.sf.json.JSONObject;
import org.apache.http.HttpHost;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.AuthenticationException;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.TrustAllStrategy;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.auth.BasicScheme;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.client.ProxyAuthenticationStrategy;
import org.apache.http.impl.conn.BasicHttpClientConnectionManager;
import org.apache.http.protocol.HttpContext;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.SSLContexts;
import org.apache.http.util.EntityUtils;
import org.jenkinsci.plugins.plaincredentials.StringCredentials;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/jenkinsci/plugins/stashNotifier/DefaultApacheHttpNotifier.class */
class DefaultApacheHttpNotifier implements HttpNotifier {
    private static final Logger LOGGER = LoggerFactory.getLogger(DefaultApacheHttpNotifier.class);

    @Override // org.jenkinsci.plugins.stashNotifier.HttpNotifier
    @NonNull
    public NotificationResult send(@NonNull URI uri, @NonNull JSONObject jSONObject, @NonNull NotificationSettings notificationSettings, @NonNull NotificationContext notificationContext) {
        PrintStream logger = notificationContext.getLogger();
        try {
            CloseableHttpClient httpClient = getHttpClient(logger, uri, notificationSettings.isIgnoreUnverifiedSSL());
            try {
                CloseableHttpResponse execute = httpClient.execute(createRequest(uri, jSONObject, notificationSettings.getCredentials(), notificationContext));
                if (execute.getStatusLine().getStatusCode() != 204) {
                    NotificationResult newFailure = NotificationResult.newFailure(EntityUtils.toString(execute.getEntity()));
                    if (httpClient != null) {
                        httpClient.close();
                    }
                    return newFailure;
                }
                NotificationResult newSuccess = NotificationResult.newSuccess();
                if (httpClient != null) {
                    httpClient.close();
                }
                return newSuccess;
            } finally {
            }
        } catch (Exception e) {
            LOGGER.warn("{} failed to send {} to Bitbucket Server at {}", new Object[]{notificationContext.getRunId(), jSONObject, uri, e});
            logger.println("Failed to notify Bitbucket Server");
            return NotificationResult.newFailure(e.getMessage());
        }
    }

    HttpPost createRequest(URI uri, JSONObject jSONObject, Credentials credentials, @NonNull NotificationContext notificationContext) throws AuthenticationException {
        HttpPost httpPost = new HttpPost(uri.toString());
        if (credentials != null) {
            if (credentials instanceof UsernamePasswordCredentials) {
                LOGGER.debug("createRequest - UsernamePasswordCredentials");
                httpPost.addHeader(new BasicScheme().authenticate(new org.apache.http.auth.UsernamePasswordCredentials(((UsernamePasswordCredentials) credentials).getUsername(), ((UsernamePasswordCredentials) credentials).getPassword().getPlainText()), httpPost, (HttpContext) null));
            } else {
                if (!(credentials instanceof StringCredentials)) {
                    throw new AuthenticationException("Unsupported credials");
                }
                LOGGER.debug("createRequest - StringCredentials/secret text");
                httpPost.addHeader("Authorization", "Bearer " + ((StringCredentials) credentials).getSecret().getPlainText());
            }
        }
        httpPost.addHeader("Content-Type", "application/json");
        httpPost.setEntity(new StringEntity(jSONObject.toString(), "UTF-8"));
        return httpPost;
    }

    CloseableHttpClient getHttpClient(PrintStream printStream, URI uri, boolean z) throws Exception {
        RequestConfig.Builder cookieSpec = RequestConfig.custom().setSocketTimeout(60000).setConnectTimeout(60000).setConnectionRequestTimeout(60000).setCookieSpec("standard");
        HttpClientBuilder custom = HttpClients.custom();
        custom.setDefaultRequestConfig(cookieSpec.build());
        URL url = uri.toURL();
        if (url.getProtocol().equals("https") && z) {
            try {
                SSLConnectionSocketFactory sSLConnectionSocketFactory = new SSLConnectionSocketFactory(buildSslContext(z, null), new String[]{"TLSv1", "TLSv1.1", "TLSv1.2"}, (String[]) null, NoopHostnameVerifier.INSTANCE);
                custom.setSSLSocketFactory(sSLConnectionSocketFactory);
                custom.setConnectionManager(new BasicHttpClientConnectionManager(RegistryBuilder.create().register("https", sSLConnectionSocketFactory).register("http", PlainConnectionSocketFactory.INSTANCE).build()));
            } catch (KeyManagementException | KeyStoreException e) {
                printStream.println("Could not initialize SSL context");
                LOGGER.error("Could not initialize SSL context", e);
            } catch (NoSuchAlgorithmException e2) {
                printStream.println("Could not establish SSL context");
                LOGGER.error("Could not establish SSL context", e2);
            }
        }
        configureProxy(custom, url);
        return custom.build();
    }

    SSLContext buildSslContext(boolean z, Credentials credentials) throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
        SSLContextBuilder custom = SSLContexts.custom();
        custom.setProtocol("TLS");
        if (credentials instanceof CertificateCredentials) {
            custom.loadKeyMaterial(((CertificateCredentials) credentials).getKeyStore(), ((CertificateCredentials) credentials).getPassword().getPlainText().toCharArray());
        }
        if (z) {
            custom.loadTrustMaterial((KeyStore) null, TrustAllStrategy.INSTANCE);
        }
        return custom.build();
    }

    void configureProxy(HttpClientBuilder httpClientBuilder, URL url) {
        Proxy createProxy;
        ProxyConfiguration proxyConfiguration = Jenkins.get().proxy;
        if (proxyConfiguration == null || (createProxy = proxyConfiguration.createProxy(url.getHost())) == null || createProxy.type() != Proxy.Type.HTTP) {
            return;
        }
        SocketAddress address = createProxy.address();
        if (address instanceof InetSocketAddress) {
            InetSocketAddress inetSocketAddress = (InetSocketAddress) address;
            HttpHost httpHost = new HttpHost(inetSocketAddress.getAddress().getHostAddress(), inetSocketAddress.getPort());
            httpClientBuilder.setProxy(httpHost);
            String userName = proxyConfiguration.getUserName();
            if (userName != null) {
                String password = proxyConfiguration.getPassword();
                BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
                basicCredentialsProvider.setCredentials(new AuthScope(httpHost), new org.apache.http.auth.UsernamePasswordCredentials(userName, password));
                httpClientBuilder.setDefaultCredentialsProvider(basicCredentialsProvider).setProxyAuthenticationStrategy(new ProxyAuthenticationStrategy());
            }
        }
    }
}
