package org.marvelution.jji.tunnel;

import com.fasterxml.jackson.databind.ObjectMapper;
import hudson.Extension;
import hudson.Plugin;
import hudson.PluginWrapper;
import hudson.XmlFile;
import hudson.init.InitMilestone;
import hudson.init.Initializer;
import hudson.model.Saveable;
import hudson.model.listeners.SaveableListener;
import hudson.util.PluginServletFilter;
import java.io.IOException;
import java.net.URI;
import java.net.URL;
import java.net.URLClassLoader;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.annotation.Nullable;
import javax.inject.Inject;
import javax.servlet.ServletException;
import jenkins.model.Jenkins;
import jenkins.model.JenkinsLocationConfiguration;
import okhttp3.OkHttpClient;
import okhttp3.Response;
import okhttp3.ResponseBody;
import org.marvelution.jji.JiraIntegrationPlugin;
import org.marvelution.jji.Messages;
import org.marvelution.jji.configuration.JiraSite;
import org.marvelution.jji.configuration.JiraSitesConfiguration;
import org.springframework.security.access.AccessDeniedException;

@Extension
/* loaded from: input_file:WEB-INF/lib/jira-integration.jar:org/marvelution/jji/tunnel/TunnelManager.class */
public class TunnelManager extends SaveableListener {
    private static final Logger LOGGER = Logger.getLogger(TunnelManager.class.getName());
    private static final String UNKNOWN = "unknown";
    private ClassLoader tunnelClassLoader;
    private String forwardTo;
    private OkHttpClient httpClient;
    private ObjectMapper objectMapper;
    private final Map<String, NgrokConnector> tunnels = new ConcurrentHashMap();
    private boolean loadedTunnelFilter = false;

    public void onChange(Saveable saveable, XmlFile xmlFile) {
        if (!(saveable instanceof JiraSitesConfiguration)) {
            if (saveable instanceof JenkinsLocationConfiguration) {
                String forwardTo = getForwardTo((JenkinsLocationConfiguration) saveable);
                if (Objects.equals(this.forwardTo, forwardTo)) {
                    return;
                }
                LOGGER.info("Jenkins url change detected, reconnecting existing tunnels.");
                this.forwardTo = forwardTo;
                this.tunnels.values().forEach((v0) -> {
                    v0.reconnect();
                });
                return;
            }
            return;
        }
        LOGGER.info("Jira Sites configuration change detected, connecting new tunnels and disconnecting old once.");
        Set<JiraSite> sites = ((JiraSitesConfiguration) saveable).getSites();
        sites.forEach(this::connectTunnelIfNeeded);
        Iterator<Map.Entry<String, NgrokConnector>> it = this.tunnels.entrySet().iterator();
        while (it.hasNext()) {
            Map.Entry<String, NgrokConnector> next = it.next();
            if (sites.stream().noneMatch(jiraSite -> {
                return Objects.equals(jiraSite.getIdentifier(), next.getKey());
            })) {
                next.getValue().close();
                it.remove();
            }
        }
    }

    public void verifyTunnelToken(String str, String str2) {
        NgrokConnector ngrokConnector = this.tunnels.get(str);
        if (ngrokConnector == null) {
            throw new AccessDeniedException("unknown tunnel id");
        }
        ngrokConnector.verifyTunnelToken(str, str2);
    }

    public String getForwardTo() {
        if (this.forwardTo == null) {
            this.forwardTo = getForwardTo(JenkinsLocationConfiguration.get());
        }
        return this.forwardTo;
    }

    private String getForwardTo(JenkinsLocationConfiguration jenkinsLocationConfiguration) {
        URI create = URI.create((String) Optional.ofNullable(jenkinsLocationConfiguration.getUrl()).orElse("http://localhost:8080/"));
        String str = create.getHost() + ":";
        return create.getPort() != -1 ? str + create.getPort() : "https".equals(create.getScheme()) ? str + "443" : str + "80";
    }

    private static String normalizeOs(String str) {
        String normalize = normalize(str);
        return normalize.startsWith("linux") ? "linux" : (normalize.startsWith("mac") || normalize.startsWith("osx")) ? "osx" : normalize.startsWith("windows") ? "windows" : UNKNOWN;
    }

    private static String normalizeArch(String str) {
        String normalize = normalize(str);
        return normalize.matches("^(x8664|amd64|ia32e|em64t|x64)$") ? "x86_64" : normalize.matches("^(x8632|x86|i[3-6]86|ia32|x32)$") ? "x86_32" : "aarch64".equals(normalize) ? "aarch_64" : UNKNOWN;
    }

    public ClassLoader getTunnelClassLoader() {
        return this.tunnelClassLoader;
    }

    private static String normalize(String str) {
        return str == null ? "" : str.toLowerCase(Locale.US).replaceAll("[^a-z0-9]+", "");
    }

    @Initializer(after = InitMilestone.PLUGINS_PREPARED)
    public void loadNgrokNativeLibrary() {
        Plugin plugin = Jenkins.get().getPlugin(JiraIntegrationPlugin.SHORT_NAME);
        if (plugin == null) {
            throw new IllegalStateException("Unable to locate plugin jira-integration");
        }
        PluginWrapper wrapper = plugin.getWrapper();
        String str = "WEB-INF/ngrok/ngrok-java-native-" + normalizeOs(System.getProperty("os.name")) + "-" + normalizeArch(System.getProperty("os.arch")) + ".jar";
        try {
            URL url = new URL(wrapper.baseResourceURL, str);
            LOGGER.info("Created classloader to support tunneling using " + url);
            this.tunnelClassLoader = new URLClassLoader(new URL[]{url}, wrapper.classLoader);
        } catch (Exception e) {
            LOGGER.log(Level.WARNING, "Disabling tunneling, unable to add ngrok-java-native library to plugin classpath: " + str, (Throwable) e);
        }
    }

    @Initializer(after = InitMilestone.SYSTEM_CONFIG_ADAPTED)
    public void addTunnelAuthenticationFilter() {
        if (this.tunnelClassLoader == null) {
            LOGGER.log(Level.WARNING, "Skipping set up of tunnel authentication servlet filter, required libraries are not loaded.");
            return;
        }
        LOGGER.log(Level.INFO, "Adding tunnel authentication filter");
        TunnelAuthenticationFilter tunnelAuthenticationFilter = new TunnelAuthenticationFilter(this);
        if (PluginServletFilter.hasFilter(tunnelAuthenticationFilter)) {
            return;
        }
        try {
            PluginServletFilter.addFilter(tunnelAuthenticationFilter);
            this.loadedTunnelFilter = true;
        } catch (ServletException e) {
            LOGGER.log(Level.WARNING, "Failed to set up tunnel authentication servlet filter", e);
        }
    }

    @Initializer(after = InitMilestone.JOB_CONFIG_ADAPTED)
    public void connectRequiredTunnels() {
        if (this.tunnelClassLoader == null || !this.loadedTunnelFilter) {
            LOGGER.log(Level.WARNING, "Not connecting any required tunnels, required libraries are not loaded.");
            return;
        }
        LOGGER.log(Level.INFO, "Connecting any required tunnels");
        JiraSitesConfiguration.get().getSites().forEach(this::connectTunnelIfNeeded);
        Runtime.getRuntime().addShutdownHook(new Thread(this::stopTunneling));
    }

    public void disconnectTunnelForSite(JiraSite jiraSite) {
        NgrokConnector remove = this.tunnels.remove(jiraSite.getIdentifier());
        if (remove != null) {
            remove.close();
        }
    }

    public void connectTunnelIfNeeded(JiraSite jiraSite) {
        if (jiraSite.isTunneled()) {
            if (this.tunnelClassLoader != null && this.loadedTunnelFilter) {
                this.tunnels.computeIfAbsent(jiraSite.getIdentifier(), str -> {
                    try {
                        Response execute = this.httpClient.newCall(jiraSite.createGetTunnelDetailsRequest()).execute();
                        try {
                            ResponseBody body = execute.body();
                            try {
                                if (!execute.isSuccessful() || body == null) {
                                    LOGGER.severe(String.format("Failed to load tunnel details for %s [%d]", jiraSite, Integer.valueOf(execute.code())));
                                    if (body != null) {
                                        body.close();
                                    }
                                    if (execute != null) {
                                        execute.close();
                                    }
                                    return null;
                                }
                                NgrokConnector ngrokConnector = new NgrokConnector(this, jiraSite, (TunnelDetails) this.objectMapper.readValue(body.byteStream(), TunnelDetails.class));
                                ngrokConnector.connect();
                                if (body != null) {
                                    body.close();
                                }
                                if (execute != null) {
                                    execute.close();
                                }
                                return ngrokConnector;
                            } catch (Throwable th) {
                                if (body != null) {
                                    try {
                                        body.close();
                                    } catch (Throwable th2) {
                                        th.addSuppressed(th2);
                                    }
                                }
                                throw th;
                            }
                        } finally {
                        }
                    } catch (IOException e) {
                        LOGGER.log(Level.SEVERE, String.format("Failed to load tunnel details for %s", jiraSite), (Throwable) e);
                        return null;
                    }
                });
            } else if (this.tunnelClassLoader == null) {
                LOGGER.log(Level.WARNING, "Cannot connect tunnel for " + jiraSite + ", required libraries are not loaded.");
            } else {
                LOGGER.log(Level.WARNING, "Cannot connect tunnel for " + jiraSite + ", required security filter is not loaded.");
            }
        }
    }

    public void refreshTunnel(JiraSite jiraSite) {
        disconnectTunnelForSite(jiraSite);
        connectTunnelIfNeeded(jiraSite);
    }

    @Nullable
    public String getSiteConnectionError(JiraSite jiraSite) {
        if (!jiraSite.isTunneled()) {
            return null;
        }
        NgrokConnector ngrokConnector = this.tunnels.get(jiraSite.getIdentifier());
        return ngrokConnector == null ? Messages.site_tunnel_not_connected() : (String) Optional.ofNullable(ngrokConnector.getConnectException()).map(th -> {
            return isUnsatisfiedLinkError(th) ? Messages.site_tunnel_unsatisfied_link_error() : th.getMessage();
        }).orElse(null);
    }

    private boolean isUnsatisfiedLinkError(Throwable th) {
        if (th instanceof UnsatisfiedLinkError) {
            return true;
        }
        if (th.getCause() != null) {
            return isUnsatisfiedLinkError(th.getCause());
        }
        return false;
    }

    private void stopTunneling() {
        LOGGER.info("Disconnecting and Closing all tunnels");
        this.tunnels.forEach((str, ngrokConnector) -> {
            ngrokConnector.close();
        });
        this.tunnels.clear();
    }

    @Inject
    public void setHttpClient(OkHttpClient okHttpClient) {
        this.httpClient = okHttpClient;
    }

    @Inject
    public void setObjectMapper(ObjectMapper objectMapper) {
        this.objectMapper = objectMapper;
    }
}
