package net.nemerosa.jenkins.seed.triggering.connector.github;

import hudson.Extension;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Iterator;
import java.util.logging.Logger;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import net.nemerosa.jenkins.seed.triggering.SeedChannel;
import net.nemerosa.jenkins.seed.triggering.SeedEvent;
import net.nemerosa.jenkins.seed.triggering.SeedEventType;
import net.nemerosa.jenkins.seed.triggering.SeedService;
import net.nemerosa.jenkins.seed.triggering.connector.AbstractEndPoint;
import net.nemerosa.jenkins.seed.triggering.connector.CannotHandleRequestException;
import net.nemerosa.jenkins.seed.triggering.connector.RequestNonAuthorizedException;
import net.nemerosa.jenkins.seed.triggering.connector.UnknownRequestException;
import net.sf.json.JSONArray;
import net.sf.json.JSONObject;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.kohsuke.stapler.StaplerRequest;

@Extension
/* loaded from: input_file:net/nemerosa/jenkins/seed/triggering/connector/github/GitHubEndPoint.class */
public class GitHubEndPoint extends AbstractEndPoint {
    private static final String X_GIT_HUB_EVENT = "X-GitHub-Event";
    private static final String X_GIT_HUB_SIGNATURE = "X-Hub-Signature";
    private static final Logger LOGGER = Logger.getLogger(GitHubEndPoint.class.getName());
    private static final SeedChannel SEED_CHANNEL = SeedChannel.of("github", "Seed GitHub end point");

    public GitHubEndPoint(SeedService seedService) {
        super(seedService);
    }

    public GitHubEndPoint() {
    }

    public String getUrlName() {
        return "seed-github-api";
    }

    @Override // net.nemerosa.jenkins.seed.triggering.connector.AbstractEndPoint
    protected SeedEvent extractEvent(StaplerRequest staplerRequest) throws IOException {
        String header = staplerRequest.getHeader(X_GIT_HUB_EVENT);
        LOGGER.finer("GitHub event: " + header);
        String iOUtils = IOUtils.toString(staplerRequest.getReader());
        JSONObject fromObject = JSONObject.fromObject(iOUtils);
        checkSignature(staplerRequest, iOUtils, getProject(fromObject));
        if ("ping".equals(header)) {
            return testEvent(fromObject);
        }
        if ("create".equals(header)) {
            return createEvent(fromObject);
        }
        if ("delete".equals(header)) {
            return deleteEvent(fromObject);
        }
        if ("push".equals(header)) {
            return pushEvent(fromObject);
        }
        throw new UnknownRequestException("Unknown event: " + header);
    }

    protected void checkSignature(StaplerRequest staplerRequest, String str, String str2) throws UnsupportedEncodingException {
        String secretKey = this.seedService.getSecretKey(str2, "github");
        if (StringUtils.isBlank(secretKey)) {
            return;
        }
        String header = staplerRequest.getHeader(X_GIT_HUB_SIGNATURE);
        SecretKeySpec secretKeySpec = new SecretKeySpec(secretKey.getBytes("UTF-8"), "HmacSHA1");
        try {
            Mac mac = Mac.getInstance("HmacSHA1");
            mac.init(secretKeySpec);
            if (StringUtils.equals("sha1=" + Hex.encodeHexString(mac.doFinal(str.getBytes("UTF-8"))), header)) {
            } else {
                throw new RequestNonAuthorizedException();
            }
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new CannotHandleRequestException(e);
        }
    }

    private SeedEvent pushEvent(JSONObject jSONObject) {
        if (jSONObject.getBoolean("created") || jSONObject.getBoolean("deleted")) {
            return null;
        }
        String removeStart = StringUtils.removeStart(jSONObject.getString("ref"), "refs/heads/");
        JSONArray optJSONArray = jSONObject.optJSONArray("commits");
        CommitContext commitContext = new CommitContext();
        if (optJSONArray != null) {
            Iterator it = optJSONArray.iterator();
            while (it.hasNext()) {
                JSONObject jSONObject2 = (JSONObject) it.next();
                scanCommits(commitContext, jSONObject2, "added");
                scanCommits(commitContext, jSONObject2, "removed");
                scanCommits(commitContext, jSONObject2, "modified");
            }
        }
        return commitContext.isSeed() ? new SeedEvent(getProject(jSONObject), removeStart, SeedEventType.SEED, SEED_CHANNEL) : new SeedEvent(getProject(jSONObject), removeStart, SeedEventType.COMMIT, SEED_CHANNEL).withParam(SeedEvent.EVENT_COMMIT_PARAMETER, jSONObject.getJSONObject("head_commit").getString("id"));
    }

    private void scanCommits(CommitContext commitContext, JSONObject jSONObject, String str) {
        JSONArray optJSONArray = jSONObject.optJSONArray(str);
        if (optJSONArray != null) {
            Iterator it = optJSONArray.iterator();
            while (it.hasNext()) {
                commitContext.feed(StringUtils.startsWith((String) it.next(), "seed/"));
            }
        }
    }

    private SeedEvent testEvent(JSONObject jSONObject) {
        return new SeedEvent(getProject(jSONObject), "", SeedEventType.TEST, SEED_CHANNEL);
    }

    private SeedEvent createEvent(JSONObject jSONObject) {
        return branchEvent(jSONObject, SeedEventType.CREATION);
    }

    private SeedEvent deleteEvent(JSONObject jSONObject) {
        return branchEvent(jSONObject, SeedEventType.DELETION);
    }

    private SeedEvent branchEvent(JSONObject jSONObject, SeedEventType seedEventType) {
        if ("branch".equals(jSONObject.getString("ref_type"))) {
            return new SeedEvent(getProject(jSONObject), jSONObject.getString("ref"), seedEventType, SEED_CHANNEL);
        }
        return null;
    }

    private String getProject(JSONObject jSONObject) {
        return jSONObject.getJSONObject("repository").getString("full_name");
    }
}
