package io.prismacloud.iac.commons.service.impl;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import hudson.EnvVars;
import hudson.FilePath;
import hudson.ProxyConfiguration;
import io.prismacloud.iac.commons.config.PrismaCloudConfiguration;
import io.prismacloud.iac.commons.model.IacTemplateParameters;
import io.prismacloud.iac.commons.model.JsonApiModelAsyncScanRequest;
import io.prismacloud.iac.commons.model.JsonApiModelAsyncScanRequestData;
import io.prismacloud.iac.commons.model.JsonApiModelAsyncScanRequestDataAttributes;
import io.prismacloud.iac.commons.model.JsonApiModelFailureCriteria;
import io.prismacloud.iac.commons.model.JsonApiModelScanAttributes;
import io.prismacloud.iac.commons.model.JsonApiModelScanTrigger;
import io.prismacloud.iac.commons.model.JsonApiModelScanTriggerData;
import io.prismacloud.iac.commons.model.JsonApiModelScanTriggerDataAttributes;
import io.prismacloud.iac.commons.service.PrismaCloudService;
import io.prismacloud.iac.commons.util.ConfigYmlTagsUtil;
import io.prismacloud.iac.commons.util.JSONUtils;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.util.HashMap;
import java.util.Locale;
import java.util.Map;
import java.util.UUID;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import jenkins.model.Jenkins;
import org.apache.commons.io.FileUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.HttpHeaders;
import org.apache.http.HttpHost;
import org.apache.http.ParseException;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpPut;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.entity.ContentType;
import org.apache.http.entity.FileEntity;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.ProxyAuthenticationStrategy;
import org.apache.http.util.EntityUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/prisma-cloud-iac-scan.jar:io/prismacloud/iac/commons/service/impl/PrismaCloudServiceImpl.class */
public class PrismaCloudServiceImpl implements PrismaCloudService {
    private static final String HTTP_PROXY = "HTTP_PROXY";
    private static final String HTTP_PROXY_LC = "http_proxy";
    private static final String HTTPS_PROXY = "HTTPS_PROXY";
    private static final String HTTPS_PROXY_LC = "https_proxy";
    private static final String NO_PROXY = "NO_PROXY";
    private static final String NO_PROXY_LC = "no_proxy";
    private static final int HTTP_PORT = 80;
    private static final int HTTPS_PORT = 443;
    private static final Pattern PROXY_PATTERN = Pattern.compile("(https?)://(([^:]+)(:(.+))?@)?([\\da-zA-Z.-]+)(:(\\d+))?/?");
    private static final Logger logger = LoggerFactory.getLogger(PrismaCloudServiceImpl.class);

    @Override // io.prismacloud.iac.commons.service.PrismaCloudService
    public String getAccessToken(PrismaCloudConfiguration prismaCloudConfiguration) throws IOException {
        logger.info("Entered into PrismaCloudServiceImpl.getAccessToken");
        CloseableHttpClient createHttpClient = createHttpClient(null, prismaCloudConfiguration.getAuthUrl());
        try {
            String generateToken = generateToken(createHttpClient, prismaCloudConfiguration);
            if (createHttpClient != null) {
                createHttpClient.close();
            }
            return generateToken;
        } catch (Throwable th) {
            if (createHttpClient != null) {
                try {
                    createHttpClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Override // io.prismacloud.iac.commons.service.PrismaCloudService
    public String getScanDetails(EnvVars envVars, PrismaCloudConfiguration prismaCloudConfiguration, FilePath filePath) throws IOException, InterruptedException {
        logger.info("Entered into PrismaCloudServiceImpl.getScanDetails");
        CloseableHttpClient createHttpClient = createHttpClient(envVars, prismaCloudConfiguration.getAuthUrl());
        try {
            String scanResult = getScanResult(createHttpClient, prismaCloudConfiguration, filePath);
            if (createHttpClient != null) {
                createHttpClient.close();
            }
            return scanResult;
        } catch (Throwable th) {
            if (createHttpClient != null) {
                try {
                    createHttpClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @SuppressFBWarnings({"RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE"})
    private String generateToken(CloseableHttpClient closeableHttpClient, PrismaCloudConfiguration prismaCloudConfiguration) throws ParseException, IOException {
        logger.debug("Entered into PrismaCloudServiceImpl.generateToken");
        CloseableHttpResponse jwtToken = getJwtToken(closeableHttpClient, prismaCloudConfiguration);
        try {
            if (jwtToken.getStatusLine().getStatusCode() != 200) {
                if (jwtToken == null) {
                    return "";
                }
                jwtToken.close();
                return "";
            }
            String asString = new JsonParser().parse(JSONUtils.parseJSONWitReader(EntityUtils.toString(jwtToken.getEntity()))).getAsJsonObject().get("token").getAsString();
            if (jwtToken != null) {
                jwtToken.close();
            }
            return asString;
        } catch (Throwable th) {
            if (jwtToken != null) {
                try {
                    jwtToken.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private CloseableHttpResponse getJwtToken(CloseableHttpClient closeableHttpClient, PrismaCloudConfiguration prismaCloudConfiguration) throws IOException {
        logger.debug("Entered into PrismaCloudServiceImpl.getJwtToken");
        JsonObject jsonObject = new JsonObject();
        jsonObject.addProperty("username", prismaCloudConfiguration.getAccessKey());
        jsonObject.addProperty("password", prismaCloudConfiguration.getSecretKey());
        StringEntity stringEntity = new StringEntity(jsonObject.toString());
        HttpPost httpPost = new HttpPost(prismaCloudConfiguration.getAuthUrl());
        httpPost.setHeader(HttpHeaders.ACCEPT, "application/json");
        httpPost.setHeader("Content-Type", "application/json");
        httpPost.setHeader("x-redlock-auth", null);
        httpPost.setEntity(stringEntity);
        return closeableHttpClient.execute((HttpUriRequest) httpPost);
    }

    /* JADX WARN: Code restructure failed: missing block: B:100:0x0274, code lost:
    
        io.prismacloud.iac.commons.service.impl.PrismaCloudServiceImpl.logger.info("Get job status failed");
        r0 = org.apache.http.util.EntityUtils.toString(r0.getEntity(), java.nio.charset.StandardCharsets.UTF_8);
     */
    /* JADX WARN: Code restructure failed: missing block: B:101:0x028f, code lost:
    
        if (r0 == null) goto L32;
     */
    /* JADX WARN: Code restructure failed: missing block: B:102:0x0292, code lost:
    
        r0.close();
     */
    /* JADX WARN: Code restructure failed: missing block: B:104:0x029b, code lost:
    
        if (r0 == null) goto L35;
     */
    /* JADX WARN: Code restructure failed: missing block: B:105:0x029e, code lost:
    
        r0.close();
     */
    /* JADX WARN: Code restructure failed: missing block: B:107:0x02a7, code lost:
    
        if (r0 == null) goto L38;
     */
    /* JADX WARN: Code restructure failed: missing block: B:108:0x02aa, code lost:
    
        r0.close();
     */
    /* JADX WARN: Code restructure failed: missing block: B:110:0x02b3, code lost:
    
        if (r0 == null) goto L41;
     */
    /* JADX WARN: Code restructure failed: missing block: B:111:0x02b6, code lost:
    
        r0.close();
     */
    /* JADX WARN: Code restructure failed: missing block: B:113:0x02bf, code lost:
    
        return r0;
     */
    @edu.umd.cs.findbugs.annotations.SuppressFBWarnings({"RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE"})
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.lang.String getScanResult(org.apache.http.impl.client.CloseableHttpClient r8, io.prismacloud.iac.commons.config.PrismaCloudConfiguration r9, hudson.FilePath r10) throws java.io.IOException, java.lang.InterruptedException {
        /*
            Method dump skipped, instructions count: 1312
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: io.prismacloud.iac.commons.service.impl.PrismaCloudServiceImpl.getScanResult(org.apache.http.impl.client.CloseableHttpClient, io.prismacloud.iac.commons.config.PrismaCloudConfiguration, hudson.FilePath):java.lang.String");
    }

    private CloseableHttpResponse getPrismaCloudScanDetails(CloseableHttpClient closeableHttpClient, PrismaCloudConfiguration prismaCloudConfiguration, String str) throws IOException {
        logger.info("Entered into PrismaCloudServiceImpl.getScanResult");
        StringEntity request = getRequest(prismaCloudConfiguration);
        logger.info("HTTP Post on : " + prismaCloudConfiguration.getScanUrl());
        HttpPost httpPost = new HttpPost(prismaCloudConfiguration.getScanUrl());
        httpPost.setHeader(HttpHeaders.ACCEPT, "application/vnd.api+json");
        httpPost.setHeader("Content-Type", "application/vnd.api+json");
        httpPost.setHeader("x-redlock-auth", str);
        httpPost.setEntity(request);
        return closeableHttpClient.execute((HttpUriRequest) httpPost);
    }

    private CloseableHttpResponse uploadFileToS3(CloseableHttpClient closeableHttpClient, String str, FilePath filePath) throws IOException, InterruptedException {
        logger.info("Entered into PrismaCloudServiceImpl.uploadFileToS3");
        HttpPut httpPut = new HttpPut(str);
        Path path = null;
        try {
            path = Files.createTempFile("iacscan", ".zip", new FileAttribute[0]);
            FileUtils.copyInputStreamToFile(filePath.read(), path.toFile());
            httpPut.setEntity(new FileEntity(path.toFile(), ContentType.APPLICATION_OCTET_STREAM));
            CloseableHttpResponse execute = closeableHttpClient.execute((HttpUriRequest) httpPut);
            if (null != path) {
                Files.deleteIfExists(path);
            }
            return execute;
        } catch (Throwable th) {
            if (null != path) {
                Files.deleteIfExists(path);
            }
            throw th;
        }
    }

    private CloseableHttpResponse triggerScan(CloseableHttpClient closeableHttpClient, String str, String str2, PrismaCloudConfiguration prismaCloudConfiguration) throws IOException {
        logger.info("Entered into PrismaCloudServiceImpl.triggerScan");
        JsonApiModelScanTrigger jsonApiModelScanTrigger = new JsonApiModelScanTrigger();
        JsonApiModelScanTriggerData jsonApiModelScanTriggerData = new JsonApiModelScanTriggerData();
        jsonApiModelScanTriggerData.setId(UUID.fromString(str));
        JsonApiModelScanTriggerDataAttributes jsonApiModelScanTriggerDataAttributes = new JsonApiModelScanTriggerDataAttributes();
        if (prismaCloudConfiguration.getTemplateType().equalsIgnoreCase("tf")) {
            jsonApiModelScanTriggerDataAttributes.setTemplateType("tf");
        } else if (prismaCloudConfiguration.getTemplateType().equalsIgnoreCase("cft")) {
            jsonApiModelScanTriggerDataAttributes.setTemplateType("cft");
        } else if (prismaCloudConfiguration.getTemplateType().equalsIgnoreCase("k8s")) {
            jsonApiModelScanTriggerDataAttributes.setTemplateType("k8s");
        } else {
            jsonApiModelScanTriggerDataAttributes.setTemplateType("");
        }
        logger.info("Model Scan Trigger Data Attributes Template Type Set to : " + prismaCloudConfiguration.getTemplateType());
        jsonApiModelScanTriggerDataAttributes.setTemplateVersion(prismaCloudConfiguration.getTemplateVersion());
        IacTemplateParameters iacTemplateParameters = prismaCloudConfiguration.getIacTemplateParameters();
        logger.info("IaCTemplate Parameter values : ");
        logger.info("Variables : ");
        if (iacTemplateParameters != null && iacTemplateParameters.getVariables() != null && iacTemplateParameters.getVariables().size() > 0) {
            iacTemplateParameters.getVariables().forEach((str3, str4) -> {
                logger.info("Key : " + str3 + ", Value : " + str4);
            });
        }
        logger.info("Variable Files : ");
        if (iacTemplateParameters != null && iacTemplateParameters.getVariableFiles() != null && iacTemplateParameters.getVariableFiles().size() > 0) {
            iacTemplateParameters.getVariableFiles().forEach(str5 -> {
                logger.info("Value : " + str5);
            });
        }
        logger.info("Setting IaC Template Parameters");
        jsonApiModelScanTriggerDataAttributes.setTemplateParameters(iacTemplateParameters);
        jsonApiModelScanTriggerDataAttributes.setTemplateVersion(prismaCloudConfiguration.getTemplateVersion());
        jsonApiModelScanTriggerData.setAttributes(jsonApiModelScanTriggerDataAttributes);
        jsonApiModelScanTrigger.setData(jsonApiModelScanTriggerData);
        ObjectMapper objectMapper = new ObjectMapper();
        StringEntity stringEntity = new StringEntity(objectMapper.writeValueAsString(jsonApiModelScanTrigger));
        logger.debug("Trigger Scan (Entity JSON Object ) : " + objectMapper.writeValueAsString(jsonApiModelScanTrigger));
        HttpPost httpPost = new HttpPost(prismaCloudConfiguration.getScanUrl().concat("/").concat(str));
        httpPost.setHeader(HttpHeaders.ACCEPT, "application/vnd.api+json");
        httpPost.setHeader("Content-Type", "application/vnd.api+json");
        httpPost.setHeader("x-redlock-auth", str2);
        httpPost.setEntity(stringEntity);
        return closeableHttpClient.execute((HttpUriRequest) httpPost);
    }

    private CloseableHttpResponse getScanJobStatus(CloseableHttpClient closeableHttpClient, String str, String str2, PrismaCloudConfiguration prismaCloudConfiguration) throws IOException {
        logger.info("Entered into PrismaCloudServiceImpl.getScanJobStatus");
        new JsonObject().addProperty("scanId", str);
        HttpGet httpGet = new HttpGet(prismaCloudConfiguration.getScanUrl().concat("/").concat(str).concat("/status"));
        httpGet.setHeader(HttpHeaders.ACCEPT, "application/vnd.api+json");
        httpGet.setHeader("Content-Type", "application/vnd.api+json");
        httpGet.setHeader("x-redlock-auth", str2);
        return closeableHttpClient.execute((HttpUriRequest) httpGet);
    }

    private CloseableHttpResponse getScanResult(CloseableHttpClient closeableHttpClient, String str, String str2, PrismaCloudConfiguration prismaCloudConfiguration) throws IOException {
        logger.info("Entered into PrismaCloudServiceImpl.getScanResult");
        new JsonObject().addProperty("scanId", str);
        HttpGet httpGet = new HttpGet(prismaCloudConfiguration.getScanUrl().concat("/").concat(str).concat("/results"));
        httpGet.setHeader(HttpHeaders.ACCEPT, "application/vnd.api+json");
        httpGet.setHeader("Content-Type", "application/vnd.api+json");
        httpGet.setHeader("x-redlock-auth", str2);
        return closeableHttpClient.execute((HttpUriRequest) httpGet);
    }

    private StringEntity getRequest(PrismaCloudConfiguration prismaCloudConfiguration) throws UnsupportedEncodingException, JsonProcessingException {
        JsonApiModelAsyncScanRequest jsonApiModelAsyncScanRequest = new JsonApiModelAsyncScanRequest();
        JsonApiModelAsyncScanRequestData jsonApiModelAsyncScanRequestData = new JsonApiModelAsyncScanRequestData();
        JsonApiModelAsyncScanRequestDataAttributes jsonApiModelAsyncScanRequestDataAttributes = new JsonApiModelAsyncScanRequestDataAttributes();
        HashMap hashMap = new HashMap();
        Map<String, String> configFileTags = prismaCloudConfiguration.getConfigFileTags();
        if (configFileTags != null && !configFileTags.isEmpty()) {
            hashMap.putAll(configFileTags);
        }
        String tags = prismaCloudConfiguration.getTags();
        if (tags != null) {
            String trim = tags.trim();
            if (!trim.isEmpty()) {
                for (String str : trim.split(",")) {
                    ConfigYmlTagsUtil.parseAndSetTag(str, hashMap);
                }
            }
        }
        jsonApiModelAsyncScanRequestDataAttributes.setTags(hashMap);
        jsonApiModelAsyncScanRequestData.setType("async-scan");
        jsonApiModelAsyncScanRequestDataAttributes.setAssetName(prismaCloudConfiguration.getAssetName());
        jsonApiModelAsyncScanRequestDataAttributes.setAssetType(prismaCloudConfiguration.getAssetType());
        JsonApiModelScanAttributes jsonApiModelScanAttributes = new JsonApiModelScanAttributes();
        jsonApiModelScanAttributes.put("buildNumber", prismaCloudConfiguration.getBuildNumber());
        jsonApiModelScanAttributes.put("projectName", prismaCloudConfiguration.getJobName());
        jsonApiModelAsyncScanRequestDataAttributes.setScanAttributes(jsonApiModelScanAttributes);
        JsonApiModelFailureCriteria jsonApiModelFailureCriteria = new JsonApiModelFailureCriteria();
        jsonApiModelFailureCriteria.setHigh(Integer.valueOf(prismaCloudConfiguration.getHigh()));
        jsonApiModelFailureCriteria.setMedium(Integer.valueOf(prismaCloudConfiguration.getMedium()));
        jsonApiModelFailureCriteria.setLow(Integer.valueOf(prismaCloudConfiguration.getLow()));
        jsonApiModelFailureCriteria.setOperator(prismaCloudConfiguration.getOperator());
        jsonApiModelAsyncScanRequestDataAttributes.setFailureCriteria(jsonApiModelFailureCriteria);
        jsonApiModelAsyncScanRequestData.setAttributes(jsonApiModelAsyncScanRequestDataAttributes);
        jsonApiModelAsyncScanRequest.setData(jsonApiModelAsyncScanRequestData);
        return new StringEntity(new ObjectMapper().writeValueAsString(jsonApiModelAsyncScanRequest));
    }

    private CloseableHttpClient createHttpClient(EnvVars envVars, String str) {
        ProxyConfiguration proxyConfiguration;
        String str2;
        HttpClientBuilder useSystemProperties = HttpClientBuilder.create().useSystemProperties();
        boolean z = false;
        if (envVars != null && !envVars.isEmpty()) {
            if ("true".equalsIgnoreCase(envVars.get("IGNORE_SYSTEM_PROXY", "false"))) {
                z = true;
            } else {
                String str3 = envVars.get(NO_PROXY, (String) envVars.get(NO_PROXY_LC));
                boolean z2 = false;
                if (str3 != null) {
                    for (String str4 : str3.split("[ \t\n,|]+")) {
                        if (str4.endsWith(".prismacloud.io") || str.contains("//" + str4)) {
                            z2 = true;
                            break;
                        }
                    }
                }
                if (!z2 && (str2 = envVars.get(HTTPS_PROXY_LC, envVars.get(HTTPS_PROXY, envVars.get(HTTP_PROXY_LC, (String) envVars.get(HTTP_PROXY))))) != null && !str2.isEmpty()) {
                    try {
                        Matcher matcher = PROXY_PATTERN.matcher(str2);
                        if (matcher.matches()) {
                            String lowerCase = matcher.group(1) != null ? matcher.group(1).toLowerCase(Locale.ROOT) : HttpHost.DEFAULT_SCHEME_NAME;
                            String group = matcher.group(3) != null ? matcher.group(3) : null;
                            String group2 = matcher.group(5) != null ? matcher.group(5) : null;
                            String lowerCase2 = matcher.group(6).toLowerCase(Locale.ROOT);
                            int parseInt = matcher.group(8) != null ? Integer.parseInt(matcher.group(8)) : "https".equalsIgnoreCase(lowerCase) ? HTTPS_PORT : 80;
                            if (lowerCase2 != null && !lowerCase2.isEmpty()) {
                                setProxyOnBuilder(useSystemProperties, lowerCase, lowerCase2, parseInt, group, group2);
                                z = true;
                                logger.info("Proxy set using build env");
                            }
                        }
                    } catch (Exception e) {
                        logger.warn("Not using Env HTTP_PROXY. Failed to parse value [{}] error: {}", str2, e.getMessage());
                    }
                }
            }
        }
        if (!z && Jenkins.getInstanceOrNull() != null && (proxyConfiguration = Jenkins.get().proxy) != null) {
            boolean z3 = false;
            if (proxyConfiguration.noProxyHost != null) {
                for (String str5 : proxyConfiguration.noProxyHost.split("[ \t\n,|]+")) {
                    if (str5.endsWith(".prismacloud.io") || str.contains("//" + str5)) {
                        z3 = true;
                        break;
                    }
                }
            }
            if (!z3) {
                setProxyOnBuilder(useSystemProperties, HttpHost.DEFAULT_SCHEME_NAME, proxyConfiguration.name, proxyConfiguration.port, proxyConfiguration.getUserName(), proxyConfiguration.getPassword());
                logger.info("Proxy set using Jenkins system settings");
            }
        }
        return useSystemProperties.build();
    }

    private void setProxyOnBuilder(HttpClientBuilder httpClientBuilder, String str, String str2, int i, String str3, String str4) {
        HttpHost httpHost = new HttpHost(str2, i, str);
        if (str3 == null || str3.isEmpty()) {
            logger.info("Using proxy: {}://{}:{}", new Object[]{str, str2, Integer.valueOf(i)});
        } else if (str4 == null || str4.isEmpty()) {
            logger.warn("Ignoring proxy credential as no password was provided");
            logger.info("Using proxy: {}://{}:{}", new Object[]{str, str2, Integer.valueOf(i)});
        } else {
            BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
            basicCredentialsProvider.setCredentials(new AuthScope(str2, i), new UsernamePasswordCredentials(str3, str4));
            httpClientBuilder.setDefaultCredentialsProvider(basicCredentialsProvider);
            httpClientBuilder.setProxyAuthenticationStrategy(new ProxyAuthenticationStrategy());
            logger.info("Using proxy: {}://{}:{}@{}:{}", new Object[]{str, str3, StringUtils.repeat('*', str4.length()), str2, Integer.valueOf(i)});
        }
        httpClientBuilder.setProxy(httpHost);
    }
}
