package io.jenkins.plugins.adobe.cloudmanager.webhook;

import io.adobe.cloudmanager.CloudManagerApiException;
import io.adobe.cloudmanager.event.CloudManagerEvent;
import io.jenkins.plugins.adobe.cloudmanager.config.AdobeIOConfig;
import io.jenkins.plugins.adobe.cloudmanager.util.CredentialsUtil;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
import java.lang.reflect.InvocationTargetException;
import java.util.List;
import java.util.Optional;
import java.util.stream.Collectors;
import javax.annotation.Nonnull;
import javax.servlet.ServletException;
import org.apache.commons.lang3.StringUtils;
import org.kohsuke.stapler.HttpResponses;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.StaplerResponse;
import org.kohsuke.stapler.interceptor.Interceptor;
import org.kohsuke.stapler.interceptor.InterceptorAnnotation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Target({ElementType.METHOD})
@InterceptorAnnotation(Processor.class)
@Retention(RetentionPolicy.RUNTIME)
/* loaded from: input_file:io/jenkins/plugins/adobe/cloudmanager/webhook/RequireCMEventPayload.class */
public @interface RequireCMEventPayload {

    /* loaded from: input_file:io/jenkins/plugins/adobe/cloudmanager/webhook/RequireCMEventPayload$Processor.class */
    public static class Processor extends Interceptor {
        private static final Logger LOGGER = LoggerFactory.getLogger(Processor.class);

        private static void isTrue(boolean z, String str) throws InvocationTargetException {
            if (!z) {
                throw new InvocationTargetException(HttpResponses.error(400, str));
            }
        }

        public Object invoke(StaplerRequest staplerRequest, StaplerResponse staplerResponse, Object obj, Object[] objArr) throws IllegalAccessException, InvocationTargetException, ServletException {
            requiresWebhookEnabled();
            requiresValidPayload(objArr);
            requiresValidSignature(objArr);
            return this.target.invoke(staplerRequest, staplerResponse, obj, objArr);
        }

        protected void requiresWebhookEnabled() throws InvocationTargetException {
            AdobeIOConfig adobeIOConfig = (AdobeIOConfig) AdobeIOConfig.all().get(AdobeIOConfig.class);
            if (adobeIOConfig == null || !adobeIOConfig.isWebhookEnabled()) {
                LOGGER.warn(Messages.RequireCMEventPayload_Processor_warn_webhookDisabled());
                throw new InvocationTargetException(HttpResponses.error(404, "Not Found"));
            }
        }

        protected void requiresValidPayload(@Nonnull Object[] objArr) throws InvocationTargetException {
            isTrue(objArr.length == 2, Messages.RequireCMEventPayload_Processor_error_invalidArgs());
            isTrue(objArr[1] instanceof CMEvent, Messages.RequireCMEventPayload_Processor_error_invalidArgs());
            CMEvent cMEvent = (CMEvent) objArr[1];
            isTrue(cMEvent != null, Messages.RequireCMEventPayload_Processor_error_missingBody());
            if ("POST".equals(((StaplerRequest) objArr[0]).getMethod())) {
                isTrue(cMEvent.getEventType() != null, Messages.RequireCMEventPayload_Processor_error_missingBody());
            }
        }

        protected void requiresValidSignature(Object[] objArr) throws InvocationTargetException {
            Optional ofNullable = Optional.ofNullable(((StaplerRequest) objArr[0]).getHeader("X-Adobe-Signature"));
            isTrue(ofNullable.isPresent(), Messages.RequireCMEventPayload_Processor_error_missingSignature());
            CMEvent cMEvent = (CMEvent) objArr[1];
            List list = (List) AdobeIOConfig.configuration().getProjectConfigs().stream().filter(adobeIOProjectConfig -> {
                return StringUtils.isBlank(cMEvent.getImsOrg()) || StringUtils.equals(adobeIOProjectConfig.getImsOrganizationId(), cMEvent.getImsOrg());
            }).map((v0) -> {
                return v0.getClientSecretCredentialsId();
            }).map(CredentialsUtil::clientSecretFor).filter((v0) -> {
                return v0.isPresent();
            }).map((v0) -> {
                return v0.get();
            }).collect(Collectors.toList());
            isTrue(!list.isEmpty(), Messages.RequireCMEventPayload_Processor_error_missingAIOProject());
            String str = (String) ofNullable.get();
            isTrue(list.stream().anyMatch(secret -> {
                try {
                    return CloudManagerEvent.isValidSignature(cMEvent.getPayload(), str, secret.getPlainText());
                } catch (CloudManagerApiException e) {
                    LOGGER.warn(Messages.RequireCMEventPayload_Processor_warn_signatureValidationError(e.getLocalizedMessage()));
                    return false;
                }
            }), Messages.RequireCMEventPayload_Processor_error_missingSignature());
        }
    }
}
