package com.appiancorp.plugins;

import com.appian.logging.AppianLogger;
import com.appiancorp.common.ReactHashUtils;
import com.appiancorp.exceptions.InsufficientPrivilegesException;
import com.appiancorp.exceptions.ObjectNotFoundException;
import com.appiancorp.ix.ConflictDetectionHaul;
import com.appiancorp.objectstorage.ObjectStorageClientManager;
import com.appiancorp.security.auth.SecurityContextProvider;
import com.appiancorp.suite.cfg.ConfigurationFactory;
import com.appiancorp.suiteapi.common.exceptions.AppianException;
import com.appiancorp.suiteapi.common.exceptions.ErrorCode;
import com.appiancorp.suiteapi.common.exceptions.PrivilegeException;
import com.atlassian.plugin.Plugin;
import com.google.common.annotations.VisibleForTesting;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URISyntaxException;
import java.net.URL;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.StandardCopyOption;
import java.nio.file.attribute.FileAttribute;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.text.ParseException;
import java.util.AbstractMap;
import java.util.ArrayList;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.function.Supplier;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.IOUtils;
import org.apache.http.Header;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.MethodNotSupportedException;
import org.apache.http.message.BasicNameValuePair;
import org.json.JSONObject;

/* loaded from: input_file:com/appiancorp/plugins/DeployPluginService.class */
public class DeployPluginService {
    private static final String TEMP_PLUGINS_DIR = "tempPlugins";
    private static final String RESPONSE_VALIDATION = "validation";
    private SecurityContextProvider scp;
    private Path tempDirectory;
    private Supplier<ContainerManager> containerManagerSupplier;
    private final ObjectStorageClientManager objectStorageClientManager;
    private final PluginObjectStorage pluginObjectStorage;
    private final PluginApiValidator pluginApiValidator;
    private final DeployCloudPluginHttpGetRequestor httpGetRequestor = new DeployCloudPluginHttpGetRequestor();
    private PluginConfiguration pluginConfiguration;
    private static final Pattern CONTENT_DISPOSITION_HEADER_REGEX = Pattern.compile("(.*)(filename=)(\\S+).*");
    private static final AppianLogger LOG = AppianLogger.getLogger(DeployPluginService.class);

    public DeployPluginService(Supplier<ContainerManager> supplier, SecurityContextProvider securityContextProvider, ObjectStorageClientManager objectStorageClientManager, PluginObjectStorage pluginObjectStorage, PluginConfiguration pluginConfiguration, PluginApiValidator pluginApiValidator) {
        this.containerManagerSupplier = supplier;
        this.objectStorageClientManager = objectStorageClientManager;
        this.pluginObjectStorage = pluginObjectStorage;
        this.pluginApiValidator = pluginApiValidator;
        this.scp = securityContextProvider;
        this.pluginConfiguration = pluginConfiguration;
    }

    private boolean isSysAdmin() {
        return this.scp.get().isSysAdmin();
    }

    public String installCloudPlugin(String str) throws IOException, InsufficientPrivilegesException {
        Map.Entry<String, InputStream> readCloudHostedPlugin = readCloudHostedPlugin(str);
        return installPlugin(readCloudHostedPlugin.getValue(), readCloudHostedPlugin.getKey());
    }

    private Map.Entry<String, InputStream> readCloudHostedPlugin(String str) throws IOException {
        LOG.debug("Attempting to read cloud hosted plugin at {}", str);
        HttpResponse sendHttpRequest = this.httpGetRequestor.sendHttpRequest(str, true);
        HttpEntity entity = sendHttpRequest.getEntity();
        if (entity != null) {
            return new AbstractMap.SimpleEntry(parseFilename(sendHttpRequest, str), entity.getContent());
        }
        throw new IOException("Unable to read plugin from: " + str);
    }

    public String installPlugin(InputStream inputStream, String str) throws PrivilegeException, IOException {
        Throwable th = null;
        try {
            if (!isSysAdmin()) {
                throw new PrivilegeException("Install plugins failed, administrator privileges needed");
            }
            if (this.objectStorageClientManager.isObjectStorageEnabledForPlugins()) {
                this.pluginObjectStorage.upload(str, inputStream);
            } else {
                FileUtils.copyInputStreamToFile(inputStream, this.pluginConfiguration.getPluginDirectory().toPath().resolve(str).toFile());
            }
            this.containerManagerSupplier.get().getPluginController().scanForNewPlugins();
            return ((Plugin) this.containerManagerSupplier.get().getPluginAccessor().getEnabledPlugins().stream().filter(plugin -> {
                return plugin.getPluginArtifact() != null;
            }).filter(plugin2 -> {
                return plugin2.getPluginArtifact().getName().equalsIgnoreCase(str);
            }).findFirst().orElseThrow(() -> {
                return new IllegalStateException("Plugin was deployed but not successfully enabled");
            })).getKey();
        } finally {
            if (inputStream != null) {
                if (0 != 0) {
                    try {
                        inputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    inputStream.close();
                }
            }
        }
    }

    public String installPlugin(File file) throws AppianException, IOException {
        validatePluginApis(file, file.getName());
        return installPlugin(Files.newInputStream(file.toPath(), new OpenOption[0]), file.getName());
    }

    public void validatePluginApis(File file, String str) throws AppianException {
        if (this.objectStorageClientManager.isObjectStorageEnabledForContentDocs() && this.pluginApiValidator.isPluginUsingBlockedApis(file)) {
            throw new AppianException(ErrorCode.PLUGIN_MANAGEMENT_DEPLOY_INVALID_API_ERROR, new Object[]{str});
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    public File downloadPlugin(Path path, String str) throws IOException, ObjectNotFoundException, InsufficientPrivilegesException, MethodNotSupportedException, URISyntaxException {
        LOG.debug("Attempting to download plugin from {}", str);
        Map.Entry<String, InputStream> readCloudHostedPlugin = readCloudHostedPlugin(str);
        InputStream value = readCloudHostedPlugin.getValue();
        Throwable th = null;
        try {
            try {
                File file = path.resolve(readCloudHostedPlugin.getKey()).toFile();
                Files.copy(value, file.toPath(), StandardCopyOption.REPLACE_EXISTING);
                if (value != null) {
                    if (0 != 0) {
                        try {
                            value.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        value.close();
                    }
                }
                LOG.debug("Successfully downloaded plugin from {} to local disk: {}", str, path.toString());
                return file;
            } finally {
            }
        } catch (Throwable th3) {
            if (value != null) {
                if (th != null) {
                    try {
                        value.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    value.close();
                }
            }
            throw th3;
        }
    }

    @VisibleForTesting
    String parseFilename(HttpResponse httpResponse, String str) throws MalformedURLException {
        Header firstHeader = httpResponse.getFirstHeader("Content-Disposition");
        if (firstHeader != null) {
            Matcher matcher = CONTENT_DISPOSITION_HEADER_REGEX.matcher(firstHeader.getValue());
            if (matcher.find()) {
                return matcher.group(3);
            }
        }
        String[] split = new URL(str).getPath().split("/");
        return split[split.length - 1];
    }

    public void copyPluginAndInstall(InputStream inputStream, String str, DeployCloudPluginHttpPostRequestor deployCloudPluginHttpPostRequestor) throws IOException, NoSuchAlgorithmException, AppianException {
        if (!isSysAdmin()) {
            throw new PrivilegeException("Copy plugin and install failed, admin privileges needed to perform this");
        }
        File file = getOrCreateTempDir().resolve(str).toFile();
        copyValidatedPluginFile(inputStream, file, str, deployCloudPluginHttpPostRequestor);
        validatePluginApis(file, str);
        installPlugin(Files.newInputStream(file.toPath(), new OpenOption[0]), file.getName());
    }

    private void copyValidatedPluginFile(InputStream inputStream, File file, String str, DeployCloudPluginHttpPostRequestor deployCloudPluginHttpPostRequestor) throws IOException, NoSuchAlgorithmException, AppianException {
        int read;
        FileOutputStream fileOutputStream = new FileOutputStream(file);
        Throwable th = null;
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(ConflictDetectionHaul.DIFF_ALGORITHM);
            byte[] bArr = new byte[4096];
            do {
                read = inputStream.read(bArr, 0, 4096);
                if (read == -1) {
                    break;
                }
                messageDigest.update(bArr, 0, read);
                fileOutputStream.write(bArr, 0, read);
            } while (read != -1);
            if (!isValidHash(Hex.encodeHexString(messageDigest.digest()), deployCloudPluginHttpPostRequestor)) {
                throw new AppianException(ErrorCode.DESIGN_DEPLOYMENT_INVALID_PLUGIN, new Object[]{str});
            }
            if (fileOutputStream != null) {
                if (0 == 0) {
                    fileOutputStream.close();
                    return;
                }
                try {
                    fileOutputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (fileOutputStream != null) {
                if (0 != 0) {
                    try {
                        fileOutputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileOutputStream.close();
                }
            }
            throw th3;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isValidHash(File file, DeployCloudPluginHttpPostRequestor deployCloudPluginHttpPostRequestor) throws IOException, AppianException {
        return isValidHash(FileChecksumGenerator.getFileChecksum512(file), deployCloudPluginHttpPostRequestor);
    }

    @VisibleForTesting
    boolean isValidHash(String str, DeployCloudPluginHttpPostRequestor deployCloudPluginHttpPostRequestor) throws AppianException, IOException {
        String validPluginHashesUrl = ((PluginConfiguration) ConfigurationFactory.getConfiguration(PluginConfigurationImpl.class)).getValidPluginHashesUrl();
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BasicNameValuePair(ReactHashUtils.KEY_HASH, str));
        HttpResponse sendHttpRequest = deployCloudPluginHttpPostRequestor.sendHttpRequest(validPluginHashesUrl, arrayList);
        int statusCode = sendHttpRequest.getStatusLine().getStatusCode();
        if (statusCode != 200) {
            throw new AppianException(ErrorCode.DESIGN_DEPLOYMENT_REQUEST_ERROR, new Object[]{Integer.valueOf(statusCode)});
        }
        InputStream content = sendHttpRequest.getEntity().getContent();
        try {
            try {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                Throwable th = null;
                try {
                    try {
                        IOUtils.copy(content, byteArrayOutputStream);
                        boolean validateResponseJson = validateResponseJson(new JSONObject(new String(byteArrayOutputStream.toByteArray(), "UTF-8")));
                        if (byteArrayOutputStream != null) {
                            if (0 != 0) {
                                try {
                                    byteArrayOutputStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                byteArrayOutputStream.close();
                            }
                        }
                        return validateResponseJson;
                    } finally {
                    }
                } catch (Throwable th3) {
                    if (byteArrayOutputStream != null) {
                        if (th != null) {
                            try {
                                byteArrayOutputStream.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            byteArrayOutputStream.close();
                        }
                    }
                    throw th3;
                }
            } catch (ParseException e) {
                throw new AppianException(ErrorCode.DESIGN_DEPLOYMENT_UNREADABLE_RESPONSE, new Object[0]);
            }
        } finally {
            content.close();
        }
    }

    boolean validateResponseJson(JSONObject jSONObject) throws AppianException {
        try {
            return "True".equals((String) jSONObject.get(RESPONSE_VALIDATION));
        } catch (NoSuchElementException e) {
            throw new AppianException(ErrorCode.DESIGN_DEPLOYMENT_UNREADABLE_RESPONSE, new Object[0]);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Path getOrCreateTempDir() throws IOException {
        if (this.tempDirectory == null) {
            this.tempDirectory = Files.createTempDirectory(TEMP_PLUGINS_DIR, new FileAttribute[0]);
        }
        return this.tempDirectory;
    }

    @VisibleForTesting
    public void uninstallPlugin(String str) throws PrivilegeException {
        if (!isSysAdmin()) {
            throw new PrivilegeException("Plugin uninstall failed, admin privileges needed to perform this");
        }
        AppianPluginManager pluginController = this.containerManagerSupplier.get().getPluginController();
        Plugin plugin = pluginController.getPlugin(str);
        if (plugin != null) {
            pluginController.uninstall(new ObsoletePluginWrapper(plugin));
        }
    }

    public void beginDeployingPlugins() {
        this.containerManagerSupplier.get().getPluginController().beginDeployingPlugins();
    }

    public void endDeployingPlugins() {
        this.containerManagerSupplier.get().getPluginController().endDeployingPlugins();
    }
}
