package io.jenkins.plugins.csp;

import hudson.Extension;
import hudson.ExtensionList;
import hudson.model.InvisibleAction;
import hudson.model.UnprotectedRootAction;
import hudson.model.User;
import hudson.security.csrf.CrumbExclusion;
import hudson.util.HttpResponses;
import io.jenkins.plugins.csp.ContentSecurityPolicyReceiver;
import io.jenkins.plugins.csp.Context;
import java.io.BufferedReader;
import java.io.IOException;
import java.util.Iterator;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.sf.json.JSONObject;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.jenkinsci.Symbol;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;
import org.kohsuke.stapler.HttpResponse;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.verb.POST;

@Extension
@Restricted({NoExternalUse.class})
@Symbol({"contentSecurityPolicyRootAction"})
/* loaded from: input_file:io/jenkins/plugins/csp/ContentSecurityPolicyRootAction.class */
public class ContentSecurityPolicyRootAction extends InvisibleAction implements UnprotectedRootAction {
    public static final String URL = "content-security-policy-reporting-endpoint";
    public static final Logger LOGGER = Logger.getLogger(ContentSecurityPolicyRootAction.class.getName());

    @Extension
    /* loaded from: input_file:io/jenkins/plugins/csp/ContentSecurityPolicyRootAction$CrumbExclusionImpl.class */
    public static class CrumbExclusionImpl extends CrumbExclusion {
        public boolean process(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
            String pathInfo = httpServletRequest.getPathInfo();
            if (pathInfo == null || !pathInfo.startsWith("/content-security-policy-reporting-endpoint/")) {
                return false;
            }
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return true;
        }
    }

    public String getUrlName() {
        return URL;
    }

    @POST
    public HttpResponse doDynamic(StaplerRequest staplerRequest) {
        String removeStart = StringUtils.removeStart(staplerRequest.getRestOfPath(), "/");
        try {
            Context.DecodedContext decodeContext = Context.decodeContext(removeStart);
            ContentSecurityPolicyReceiver.ViewContext viewContext = new ContentSecurityPolicyReceiver.ViewContext(decodeContext.contextClassName, decodeContext.restOfPath);
            try {
                BufferedReader reader = staplerRequest.getReader();
                try {
                    String iOUtils = IOUtils.toString(reader);
                    LOGGER.log(Level.FINE, () -> {
                        return viewContext + " " + iOUtils;
                    });
                    JSONObject fromObject = JSONObject.fromObject(iOUtils);
                    Iterator it = ExtensionList.lookup(ContentSecurityPolicyReceiver.class).iterator();
                    while (it.hasNext()) {
                        ContentSecurityPolicyReceiver contentSecurityPolicyReceiver = (ContentSecurityPolicyReceiver) it.next();
                        try {
                            contentSecurityPolicyReceiver.report(viewContext, decodeContext.userId == null ? null : User.getById(decodeContext.userId, false), fromObject);
                        } catch (Exception e) {
                            LOGGER.log(Level.WARNING, e, () -> {
                                return "Error reporting CSP to " + contentSecurityPolicyReceiver;
                            });
                        }
                    }
                    if (reader != null) {
                        reader.close();
                    }
                } catch (Throwable th) {
                    if (reader != null) {
                        try {
                            reader.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } catch (IOException e2) {
                LOGGER.log(Level.WARNING, e2, () -> {
                    return "Failed to read request body for /content-security-policy-reporting-endpoint/" + removeStart;
                });
            }
            return HttpResponses.ok();
        } catch (RuntimeException e3) {
            LOGGER.log(Level.FINE, "Unexpected rest of path failed to decode: " + removeStart + " with exception: " + e3.getMessage());
            return HttpResponses.ok();
        }
    }
}
