package com.netflix.spinnaker.clouddriver.artifacts.gitRepo;

import com.netflix.spinnaker.clouddriver.jobs.JobExecutor;
import com.netflix.spinnaker.clouddriver.jobs.JobRequest;
import com.netflix.spinnaker.clouddriver.jobs.JobResult;
import java.io.File;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URLEncoder;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
import lombok.Generated;
import org.apache.commons.io.FileUtils;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.StringUtils;

/* loaded from: input_file:com/netflix/spinnaker/clouddriver/artifacts/gitRepo/GitJobExecutor.class */
public class GitJobExecutor {
    private static final String SSH_KEY_PWD_ENV_VAR = "SSH_KEY_PWD";
    private static Path genericAskPassBinary;
    private final GitRepoArtifactAccount account;
    private final JobExecutor jobExecutor;
    private final String gitExecutable;
    private final AuthType authType;
    private final Path askPassBinary;

    @Generated
    private static final Logger log = LoggerFactory.getLogger(GitJobExecutor.class);
    private static final Pattern FULL_SHA_PATTERN = Pattern.compile("[0-9a-f]{40}");
    private static final Pattern SHORT_SHA_PATTERN = Pattern.compile("[0-9a-f]{7}");

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/netflix/spinnaker/clouddriver/artifacts/gitRepo/GitJobExecutor$AuthType.class */
    public enum AuthType {
        USER_PASS,
        USER_TOKEN,
        TOKEN,
        SSH,
        NONE
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/netflix/spinnaker/clouddriver/artifacts/gitRepo/GitJobExecutor$CommandChain.class */
    public class CommandChain {
        private final Collection<JobRequest> commands = new ArrayList();
        private final Path workingDir;

        CommandChain(Path path) {
            this.workingDir = path;
        }

        CommandChain addCommand(String str) {
            this.commands.add(new JobRequest(GitJobExecutor.this.cmdToList(str), GitJobExecutor.this.addEnvVars(System.getenv()), this.workingDir.toFile()));
            return this;
        }

        void runAllOrFail() throws IOException {
            for (JobRequest jobRequest : this.commands) {
                GitJobExecutor.log.debug("Executing command: \"{}\"", String.join(" ", jobRequest.getTokenizedCommand()));
                JobResult runJob = GitJobExecutor.this.jobExecutor.runJob(jobRequest);
                if (runJob.getResult() != JobResult.Result.SUCCESS) {
                    throw new IOException(String.format("%s failed. Error: %s Output: %s", jobRequest.getTokenizedCommand(), runJob.getError(), runJob.getOutput()));
                }
            }
        }

        JobResult<String> runAll() {
            JobResult<String> jobResult = null;
            for (JobRequest jobRequest : this.commands) {
                GitJobExecutor.log.debug("Executing command: \"{}\"", String.join(" ", jobRequest.getTokenizedCommand()));
                jobResult = GitJobExecutor.this.jobExecutor.runJob(jobRequest);
                if (jobResult.getResult() != JobResult.Result.SUCCESS) {
                    break;
                }
            }
            return jobResult;
        }
    }

    public GitJobExecutor(GitRepoArtifactAccount gitRepoArtifactAccount, JobExecutor jobExecutor, String str) throws IOException {
        this.account = gitRepoArtifactAccount;
        this.jobExecutor = jobExecutor;
        this.gitExecutable = str;
        if (!StringUtils.isEmpty(gitRepoArtifactAccount.getUsername()) && !StringUtils.isEmpty(gitRepoArtifactAccount.getPassword())) {
            this.authType = AuthType.USER_PASS;
        } else if (!StringUtils.isEmpty(gitRepoArtifactAccount.getUsername()) && gitRepoArtifactAccount.getTokenAsString().filter(str2 -> {
            return !StringUtils.isEmpty(str2);
        }).isPresent()) {
            this.authType = AuthType.USER_TOKEN;
        } else if (gitRepoArtifactAccount.getTokenAsString().filter(str3 -> {
            return !StringUtils.isEmpty(str3);
        }).isPresent()) {
            this.authType = AuthType.TOKEN;
        } else if (StringUtils.isEmpty(gitRepoArtifactAccount.getSshPrivateKeyFilePath())) {
            this.authType = AuthType.NONE;
        } else {
            this.authType = AuthType.SSH;
        }
        this.askPassBinary = initAskPass();
    }

    public void cloneOrPull(String str, String str2, Path path, String str3) throws IOException {
        File file = path.toFile();
        if (!file.exists()) {
            clone(str, str2, path, str3);
            return;
        }
        if (!file.isDirectory()) {
            throw new IllegalArgumentException("Local path " + path.toString() + " is not a directory");
        }
        File[] listFiles = file.listFiles();
        if (listFiles == null || listFiles.length == 0) {
            clone(str, str2, path, str3);
            return;
        }
        Path path2 = Paths.get(path.toString(), str3, ".git");
        if (path2.toFile().exists()) {
            pull(str, str2, path2.getParent());
        } else {
            log.warn("Directory {} for git/repo {}, branch {} has files or directories but {} was not found. The directory will be recreated to start with a new clone.", new Object[]{path.toString(), str, str2, path2.toString()});
            clone(str, str2, path, str3);
        }
    }

    private void clone(String str, String str2, Path path, String str3) throws IOException {
        if (!isValidReference(str)) {
            throw new IllegalArgumentException("Git reference \"" + str + "\" is invalid for credentials with auth type " + String.valueOf(this.authType));
        }
        File file = path.toFile();
        if (file.exists()) {
            FileUtils.deleteDirectory(file);
        }
        FileUtils.forceMkdir(file);
        if (FULL_SHA_PATTERN.matcher(str2).matches()) {
            fetchFullSha(str, str2, path, str3);
        } else {
            cloneBranchOrTag(str, str2, path, str3);
        }
    }

    private void cloneBranchOrTag(String str, String str2, Path path, String str3) throws IOException {
        log.info("Cloning git/repo {} into {}", str, path.toString());
        String str4 = this.gitExecutable + " clone --branch " + str2 + " --depth 1 " + repoUrlWithAuth(str);
        JobResult<String> runAll = new CommandChain(path).addCommand(str4).runAll();
        if (runAll.getResult() == JobResult.Result.SUCCESS) {
            return;
        }
        String str5 = str4 + " failed. Error: " + runAll.getError() + " Output: " + ((String) runAll.getOutput());
        if (!SHORT_SHA_PATTERN.matcher(str2).matches()) {
            throw new IOException(str5);
        }
        log.warn(str5 + ". Trying a full clone and checkout " + str2);
        File file = path.toFile();
        FileUtils.deleteDirectory(file);
        FileUtils.forceMkdir(file);
        cloneAndCheckoutSha(str, str2, path, str3);
    }

    private void fetchFullSha(String str, String str2, Path path, String str3) throws IOException {
        log.info("Fetching git/repo {} sha {} into {}", new Object[]{str, str2, path.toString()});
        Path path2 = Paths.get(path.toString(), str3);
        if (!path2.toFile().mkdirs()) {
            throw new IOException("Unable to create directory " + path2.toString());
        }
        JobResult<String> runAll = new CommandChain(path2).addCommand(this.gitExecutable + " init").addCommand(this.gitExecutable + " remote add origin " + repoUrlWithAuth(str)).addCommand(this.gitExecutable + " fetch --depth 1 origin " + str2).addCommand(this.gitExecutable + " reset --hard FETCH_HEAD").runAll();
        if (runAll.getResult() == JobResult.Result.SUCCESS) {
            return;
        }
        log.warn("Unable to directly fetch specific sha, trying full clone. Error: " + runAll.getError());
        FileUtils.forceDelete(path2.toFile());
        cloneAndCheckoutSha(str, str2, path, str3);
    }

    private void cloneAndCheckoutSha(String str, String str2, Path path, String str3) throws IOException {
        Path path2 = Paths.get(path.toString(), str3);
        new CommandChain(path).addCommand(this.gitExecutable + " clone " + repoUrlWithAuth(str)).runAllOrFail();
        new CommandChain(path2).addCommand(this.gitExecutable + " checkout " + str2).runAllOrFail();
    }

    private void pull(String str, String str2, Path path) throws IOException {
        if (FULL_SHA_PATTERN.matcher(str2).matches()) {
            log.info("Contents of git/repo {} for sha {} already downloaded, no \"git pull\" needed.", str, str2);
            return;
        }
        if (new CommandChain(path).addCommand(this.gitExecutable + " symbolic-ref HEAD").runAll().getResult() != JobResult.Result.SUCCESS) {
            log.info("git/repo {} is in detached HEAD state for version {}, skipping \"git pull\"", str, str2);
            return;
        }
        log.info("Pulling git/repo {} into {}", str, path.toString());
        new CommandChain(path).addCommand(this.gitExecutable + " pull").runAllOrFail();
        if (path.getParent().toFile().setLastModified(System.currentTimeMillis())) {
            return;
        }
        log.warn("Unable to set last modified time on {}", path.getParent().toString());
    }

    public void archive(Path path, String str, String str2, Path path2) throws IOException {
        String str3 = this.gitExecutable + " archive --format tgz --output " + path2.toString() + " " + str;
        if (!StringUtils.isEmpty(str2)) {
            str3 = str3 + " " + str2;
        }
        new CommandChain(path).addCommand(str3).runAllOrFail();
    }

    private Path initAskPass() throws IOException {
        if (this.authType != AuthType.SSH) {
            return null;
        }
        if (!StringUtils.isEmpty(this.account.getSshPrivateKeyPassphraseCmd())) {
            File file = new File(this.account.getSshPrivateKeyPassphraseCmd());
            if (file.exists() && file.isFile()) {
                return Paths.get(this.account.getSshPrivateKeyPassphraseCmd(), new String[0]);
            }
            throw new IOException("SshPrivateKeyPassphraseCmd doesn't exist or is not a file: " + this.account.getSshPrivateKeyPassphraseCmd());
        }
        if (genericAskPassBinary == null) {
            File createTempFile = File.createTempFile("askpass", null);
            if (!createTempFile.setExecutable(true)) {
                throw new IOException("Unable to make executable askpass script at " + createTempFile.toPath().toString());
            }
            FileUtils.writeStringToFile(createTempFile, "#!/bin/sh\necho \"$SSH_KEY_PWD\"", Charset.defaultCharset());
            genericAskPassBinary = createTempFile.toPath();
        }
        return genericAskPassBinary;
    }

    private boolean isValidReference(String str) {
        return (this.authType == AuthType.USER_PASS || this.authType == AuthType.USER_TOKEN || this.authType == AuthType.TOKEN) ? str.startsWith("http") : this.authType != AuthType.SSH || str.startsWith("ssh://") || str.startsWith("git@");
    }

    private List<String> cmdToList(String str) {
        ArrayList arrayList = new ArrayList();
        switch (this.authType) {
            case USER_PASS:
            case USER_TOKEN:
            case TOKEN:
                arrayList.add("sh");
                arrayList.add("-c");
                arrayList.add(str);
                break;
            case SSH:
            default:
                arrayList.addAll(Arrays.asList(str.split(" ")));
                break;
        }
        return arrayList;
    }

    private String repoUrlWithAuth(String str) {
        if (this.authType != AuthType.USER_PASS && this.authType != AuthType.USER_TOKEN && this.authType != AuthType.TOKEN) {
            return str;
        }
        String str2 = this.authType == AuthType.USER_PASS ? "$GIT_USER:$GIT_PASS" : this.authType == AuthType.USER_TOKEN ? "$GIT_USER:$GIT_TOKEN" : "token:$GIT_TOKEN";
        try {
            URI uri = new URI(str);
            Object[] objArr = new Object[5];
            objArr[0] = uri.getScheme();
            objArr[1] = str2;
            objArr[2] = uri.getHost();
            objArr[3] = uri.getPort() > 0 ? ":" + uri.getPort() : "";
            objArr[4] = uri.getRawPath();
            return String.format("%s://%s@%s%s%s", objArr);
        } catch (URISyntaxException e) {
            throw new IllegalArgumentException("Malformed git repo url " + str, e);
        }
    }

    private Map<String, String> addEnvVars(Map<String, String> map) {
        HashMap hashMap = new HashMap(map);
        switch (this.authType) {
            case USER_PASS:
                hashMap.put("GIT_USER", encodeURIComponent(this.account.getUsername()));
                hashMap.put("GIT_PASS", encodeURIComponent(this.account.getPassword()));
                break;
            case USER_TOKEN:
                hashMap.put("GIT_USER", encodeURIComponent(this.account.getUsername()));
                hashMap.put("GIT_TOKEN", encodeURIComponent(this.account.getTokenAsString().orElseThrow(() -> {
                    return new IllegalArgumentException("Token or TokenFile must be present if using token auth.");
                })));
                break;
            case TOKEN:
                hashMap.put("GIT_TOKEN", encodeURIComponent(this.account.getTokenAsString().orElseThrow(() -> {
                    return new IllegalArgumentException("Token or TokenFile must be present if using token auth.");
                })));
                break;
            case SSH:
                hashMap.put("GIT_SSH_COMMAND", buildSshCommand());
                hashMap.put("SSH_ASKPASS", this.askPassBinary.toString());
                hashMap.put("DISPLAY", ":0");
                if (!StringUtils.isEmpty(this.account.getSshPrivateKeyPassphrase())) {
                    hashMap.put(SSH_KEY_PWD_ENV_VAR, this.account.getSshPrivateKeyPassphrase());
                    break;
                }
                break;
        }
        if (log.isDebugEnabled()) {
            hashMap.put("GIT_CURL_VERBOSE", "1");
            hashMap.put("GIT_TRACE", "1");
        }
        return hashMap;
    }

    @NotNull
    private String buildSshCommand() {
        String str = "setsid ssh";
        if (this.account.isSshTrustUnknownHosts()) {
            str = str + " -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no";
        } else if (!StringUtils.isEmpty(this.account.getSshKnownHostsFilePath())) {
            str = str + " -o UserKnownHostsFile=" + this.account.getSshKnownHostsFilePath();
        }
        if (!StringUtils.isEmpty(this.account.getSshPrivateKeyFilePath())) {
            str = str + " -i " + this.account.getSshPrivateKeyFilePath();
        }
        return str;
    }

    private static String encodeURIComponent(String str) {
        return StringUtils.isEmpty(str) ? str : URLEncoder.encode(str, StandardCharsets.UTF_8).replaceAll("\\+", "%20").replaceAll("\\*", "%2A").replaceAll("%21", "!").replaceAll("%27", "'").replaceAll("%28", "(").replaceAll("%29", ")").replaceAll("%7E", "~");
    }

    @Generated
    public GitRepoArtifactAccount getAccount() {
        return this.account;
    }
}
