package io.jenkins.plugins.gitlabbranchsource;

import hudson.Extension;
import hudson.model.UnprotectedRootAction;
import hudson.security.csrf.CrumbExclusion;
import hudson.util.HttpResponses;
import io.jenkins.plugins.gitlabserverconfig.servers.GitLabServer;
import io.jenkins.plugins.gitlabserverconfig.servers.GitLabServers;
import java.io.IOException;
import java.util.Iterator;
import java.util.Objects;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import jenkins.scm.api.SCMEvent;
import org.apache.commons.lang.StringUtils;
import org.gitlab4j.api.GitLabApiException;
import org.gitlab4j.api.webhook.WebHookManager;
import org.kohsuke.stapler.HttpResponse;
import org.kohsuke.stapler.StaplerRequest;

@Extension
/* loaded from: input_file:WEB-INF/lib/gitlab-branch-source.jar:io/jenkins/plugins/gitlabbranchsource/GitLabWebHookAction.class */
public final class GitLabWebHookAction extends CrumbExclusion implements UnprotectedRootAction {
    public static final Logger LOGGER = Logger.getLogger(GitLabWebHookAction.class.getName());

    public String getIconFileName() {
        return null;
    }

    public String getDisplayName() {
        return null;
    }

    public String getUrlName() {
        return "gitlab-webhook";
    }

    public boolean process(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        String pathInfo = httpServletRequest.getPathInfo();
        if (pathInfo == null || !pathInfo.startsWith("/" + getUrlName() + "/post")) {
            return false;
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
        return true;
    }

    public HttpResponse doPost(StaplerRequest staplerRequest) throws IOException, GitLabApiException {
        if (!staplerRequest.getMethod().equals("POST")) {
            return HttpResponses.error(400, "Only POST requests are supported, this was a " + staplerRequest.getMethod() + " request");
        }
        if (!"application/json".equals(staplerRequest.getContentType())) {
            return HttpResponses.error(400, "Only application/json content is supported, this was " + staplerRequest.getContentType());
        }
        if (StringUtils.isBlank(staplerRequest.getHeader("X-Gitlab-Event"))) {
            return HttpResponses.error(400, "Expecting a GitLab event, missing expected X-Gitlab-Event header");
        }
        if (!isValidToken(staplerRequest.getHeader("X-Gitlab-Token"))) {
            return HttpResponses.error(401, "Expecting a valid secret token");
        }
        String originOf = SCMEvent.originOf(staplerRequest);
        WebHookManager webHookManager = new WebHookManager();
        webHookManager.addListener(new GitLabWebHookListener(originOf));
        webHookManager.handleEvent(staplerRequest);
        return HttpResponses.ok();
    }

    private boolean isValidToken(String str) {
        try {
            Iterator<GitLabServer> it = GitLabServers.get().getServers().iterator();
            while (it.hasNext()) {
                String secretTokenAsPlainText = it.next().getSecretTokenAsPlainText();
                if (Objects.equals(str, secretTokenAsPlainText)) {
                    return true;
                }
                if (secretTokenAsPlainText != null && secretTokenAsPlainText.isEmpty() && str == null) {
                    return true;
                }
            }
            return false;
        } catch (Exception e) {
            LOGGER.log(Level.WARNING, String.format("Error while validating token: %s", e.getMessage()));
            return false;
        }
    }
}
