package com.sonatype.nexus.git.utils.api;

import com.sonatype.insight.scan.file.FileScanner;
import com.sonatype.insight.scan.file.ManifestContentProcessor;
import com.sonatype.insight.scan.model.ScanConfiguration;
import com.sonatype.nexus.git.utils.GitBranchNameValidator;
import java.io.File;
import java.io.IOException;
import java.io.UncheckedIOException;
import java.lang.reflect.Field;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.attribute.FileAttribute;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.Validate;
import org.eclipse.jgit.lib.Constants;
import org.eclipse.jgit.transport.WalkEncryption;
import org.slf4j.shaded.Logger;
import org.slf4j.shaded.LoggerFactory;
import org.zeroturnaround.exec.InvalidExitValueException;
import org.zeroturnaround.exec.MessageLogger;
import org.zeroturnaround.exec.MessageLoggers;
import org.zeroturnaround.exec.ProcessExecutor;
import org.zeroturnaround.exec.ProcessResult;

/* loaded from: input_file:com/sonatype/nexus/git/utils/api/NativeGitApi.class */
public class NativeGitApi implements GitApi {
    public static final String SSH_PREFIX = "ssh://";
    public static final String HTTPS_PREFIX = "https://";
    public static final String HTTP_PREFIX = "http://";
    public static final String SSH_REGEX = "^(?!http).*@?.+:.*";
    public static final String URL_SEPARATOR = "/";
    public static final String GIT_SUFFIX = ".git";
    public static final String EMPTY_STRING = "";
    private File tempDir;
    private final int timeout;
    private final String repositoryUrl;
    private final char[] token;
    private final String username;
    private final String gitExecutable;
    private final MessageLogger nativeGitLogger;
    public static final String GIT_IN_PATH = "git";
    private static final List<String> SUPPORTED_GIT_NAMES = Arrays.asList(GIT_IN_PATH, "git.exe");
    private static final Logger log = LoggerFactory.getLogger((Class<?>) NativeGitApi.class);
    static final Integer EXIT_CODE_SUCCESS = 0;
    private static final Integer EXIT_CODE_FAILURE_128 = 128;
    private static final Set<String> SPARSE_CHECKOUT_FILE_PATTERNS = loadSparseCheckoutFilePatterns();
    private static final List<String> WINDOWS_TOKEN_CREDENTIAL_CONTENTS = Arrays.asList("@echo \"%GIT_TOKEN%\"");
    private static final List<String> WINDOWS_USERNAME_TOKEN_CREDENTIAL_CONTENTS = Arrays.asList("@set arg=%~1", "@if (%arg:~0,8%)==(Password) echo %GIT_TOKEN%", "@if (%arg:~0,8%)==(Username) echo %GIT_USERNAME%");
    private static final List<String> NIX_TOKEN_CREDENTIAL_CONTENTS = Arrays.asList("#!/bin/sh", "echo \"$GIT_TOKEN\"");
    private static final List<String> NIX_USERNAME_TOKEN_CREDENTIAL_CONTENTS = Arrays.asList("#!/bin/sh", "case \"$1\" in", "Username*) echo \"$GIT_USERNAME\" ;;", "Password*) echo \"$GIT_TOKEN\" ;;", "esac");

    /* loaded from: input_file:com/sonatype/nexus/git/utils/api/NativeGitApi$NativeGitMessageLogger.class */
    static class NativeGitMessageLogger implements MessageLogger {
        MessageLogger logger = MessageLoggers.DEBUG;

        NativeGitMessageLogger() {
        }

        @Override // org.zeroturnaround.exec.MessageLogger
        public void message(Logger logger, String str, Object... objArr) {
            this.logger.message(logger, NativeGitApi.redactToken(str), objArr);
        }
    }

    private static Set<String> loadSparseCheckoutFilePatterns() {
        LinkedHashSet linkedHashSet = new LinkedHashSet(ManifestContentProcessor.SupportedManifest.getListing());
        linkedHashSet.add("*.csproj");
        linkedHashSet.add("*.tfplan");
        Iterator<String> it = new FileScanner(null, null).getSupportedArchiveTypes(new ScanConfiguration()).iterator();
        while (it.hasNext()) {
            linkedHashSet.add("*." + it.next());
        }
        linkedHashSet.add("*.dll");
        linkedHashSet.add("*.gem");
        linkedHashSet.add("*.js");
        linkedHashSet.add("*.rpm");
        linkedHashSet.add("build.gradle");
        linkedHashSet.add("gradle.properties");
        linkedHashSet.add("go.mod");
        return Collections.unmodifiableSet(linkedHashSet);
    }

    public NativeGitApi(int i, String str, String str2, String str3, String str4) {
        this.nativeGitLogger = new NativeGitMessageLogger();
        this.timeout = i;
        this.repositoryUrl = (String) Validate.notEmpty(str, "Repository url is required", new Object[0]);
        this.token = ((String) Validate.notEmpty(str2, "Token is required", new Object[0])).toCharArray();
        this.username = str3;
        this.gitExecutable = str4 != null ? validateGitExecutable(str4) : GIT_IN_PATH;
        log.debug("Created NativeGitApi for repository '{}' using git executable '{}'.", str, this.gitExecutable);
    }

    public NativeGitApi(String str, String str2, String str3, String str4) {
        this(300, str, str2, str3, str4);
    }

    public NativeGitApi(String str, String str2, String str3) {
        this(str, str2, str3, null);
    }

    @Override // com.sonatype.nexus.git.utils.api.GitApi
    public String cloneOrPullRepository(File file, String str) throws GitException {
        GitBranchNameValidator.validate(str);
        validateTarget(file);
        Validate.notEmpty(str, "Branch is required", new Object[0]);
        return repositoryExists(file) ? cleanResetAndPull(file, str) : cloneRepo(file, str);
    }

    @Override // com.sonatype.nexus.git.utils.api.GitApi
    public String cloneOrPullRepository(File file, String str, String str2) throws GitException {
        GitBranchNameValidator.validate(str);
        validateTarget(file);
        Validate.notEmpty(str, "Branch is required", new Object[0]);
        enforceCommitHash(str2, "Invalid commit hash provided");
        return repositoryExists(file) ? cleanResetAndPull(file, str, str2) : cloneRepo(file, str, str2);
    }

    @Override // com.sonatype.nexus.git.utils.api.GitApi
    public String branch(File file, String str) throws GitException {
        GitBranchNameValidator.validate(str);
        checkRepositoryAndRemoteUrl(file);
        if (branchExists(file, str)) {
            throw new GitException("Branch already exists: " + str);
        }
        return gitCreateBranch(file, str);
    }

    @Override // com.sonatype.nexus.git.utils.api.GitApi
    public String commit(File file, String str, String str2, String str3) throws GitException {
        if (StringUtils.isAnyBlank(str, str3)) {
            throw new IllegalArgumentException("Parameters username and message are required.");
        }
        checkRepositoryAndRemoteUrl(file);
        if (isCleanRepository(file)) {
            throw new GitException("Nothing to commit, working tree clean.");
        }
        return gitCommit(file, str, str2, str3);
    }

    @Override // com.sonatype.nexus.git.utils.api.GitApi
    public String push(File file) throws GitException {
        checkRepositoryAndRemoteUrl(file);
        return gitPush(file);
    }

    @Override // com.sonatype.nexus.git.utils.api.GitApi
    public Map<String, String> getHeadCommitsForAllBranches(String str) throws GitException {
        HashMap hashMap = new HashMap();
        String gitLsRemote = gitLsRemote(str);
        if (StringUtils.isNotBlank(gitLsRemote)) {
            processLsRemoteOutput(gitLsRemote, hashMap);
        }
        return hashMap;
    }

    @Override // com.sonatype.nexus.git.utils.api.GitApi
    public String getCommonAncestorCommit(File file, String str, String str2) throws GitException {
        if (StringUtils.isAnyBlank(str, str2)) {
            throw new IllegalArgumentException("Parameters branchOne and branchTwo are required.");
        }
        GitBranchNameValidator.validate(str);
        GitBranchNameValidator.validate(str2);
        checkRepositoryAndRemoteUrl(file);
        gitFetch(file, str, false);
        gitFetch(file, str2, false);
        String gitMergeBase = gitMergeBase(file, str, str2);
        if (StringUtils.isBlank(gitMergeBase)) {
            return null;
        }
        return gitMergeBase;
    }

    private String gitMergeBase(File file, String str, String str2) throws GitException {
        return runCommand(file, NativeGitCommands.MERGE_BASE.with("origin/" + str, "origin/" + str2)).outputUTF8().trim();
    }

    private String gitLsRemote(String str) throws GitException {
        return runCommand(getTemporaryTarget(), NativeGitCommands.LS_REMOTE.with(str)).outputUTF8().trim();
    }

    private File getTemporaryTarget() {
        return this.tempDir != null ? this.tempDir : new File(System.getProperty("java.io.tmpdir"));
    }

    private void processLsRemoteOutput(String str, Map<String, String> map) {
        for (String str2 : str.split("\\r?\\n")) {
            if (!str2.startsWith("warning: redirecting")) {
                String[] split = str2.split(WalkEncryption.Vals.REGEX_WS);
                if (split.length == 2) {
                    map.put(split[1].substring(11), split[0]);
                }
            }
        }
    }

    private void checkRepositoryAndRemoteUrl(File file) throws GitException {
        validateTarget(file);
        if (!repositoryExists(file)) {
            throw new GitException("No repository present in target directory: " + file.getAbsolutePath());
        }
        checkAndUpdateRemoteUrl(file);
    }

    private boolean repositoryExists(File file) {
        File file2 = new File(file, ".git");
        return file2.exists() && file2.isDirectory();
    }

    private boolean branchExists(File file, String str) throws GitException {
        return runCommand(file, NativeGitCommands.HEAD_EXISTS.with(new StringBuilder(Constants.R_HEADS).append(str).toString()), Arrays.asList(EXIT_CODE_SUCCESS, EXIT_CODE_FAILURE_128)).getExitValue() == EXIT_CODE_SUCCESS.intValue();
    }

    private boolean isCleanRepository(File file) throws GitException {
        return "".equals(runCommand(file, NativeGitCommands.GIT_STATUS.getCommands()).outputString());
    }

    private String cleanResetAndPull(File file, String str) throws GitException {
        return cleanResetAndPull(file, str, null);
    }

    private String cleanResetAndPull(File file, String str, String str2) throws GitException {
        checkAndUpdateRemoteUrl(file);
        validateRepository(file);
        enableSparseCheckout(file);
        gitClean(file);
        ensureAllBranchesAreFetched(file);
        gitFetch(file, str, str2 == null);
        gitCheckout(file, str2 == null ? str : str2);
        gitReset(file, str, str2);
        return str2 == null ? getHeadRef(file) : str2;
    }

    private String cloneRepo(File file, String str) throws GitException {
        return cloneRepo(file, str, null);
    }

    private String cloneRepo(File file, String str, String str2) throws GitException {
        try {
            if (!isDirEmpty(file.toPath())) {
                throw new IllegalStateException("Target directory for new clone is not empty: " + file.getAbsolutePath());
            }
            cloneNoCheckout(file, str, str2 == null);
            enableSparseCheckout(file);
            gitCheckout(file, str2 == null ? str : str2);
            return str2 == null ? getHeadRef(file) : str2;
        } catch (IOException e) {
            throw new GitException("Failed to check if target path '" + file.getAbsolutePath() + "' is empty", e);
        }
    }

    private void validateRepository(File file) throws GitException {
        String trim = StringUtils.trim(runCommand(file, NativeGitCommands.GET_ORIGIN.getCommands()).outputUTF8());
        Validate.isTrue(trim.equalsIgnoreCase(this.repositoryUrl), "This repository is configured for a different remote url: %s than the one specified: %s", trim, this.repositoryUrl);
    }

    private void ensureAllBranchesAreFetched(File file) throws GitException {
        runCommand(file, NativeGitCommands.CONFIG_LOCAL.with("remote.origin.fetch", "+refs/heads/*:refs/remotes/origin/*"));
    }

    private void gitClean(File file) throws GitException {
        runCommand(file, NativeGitCommands.CLEAN.getCommands());
    }

    private void gitCheckout(File file, String str) throws GitException {
        runCommand(file, NativeGitCommands.CHECKOUT.with(str));
    }

    private void gitFetch(File file, String str, boolean z) throws GitException {
        if (z) {
            runCommand(file, NativeGitCommands.SHALLOW_FETCH.with(str));
        } else {
            runCommand(file, NativeGitCommands.DEEP_FETCH.with(str));
        }
    }

    private void gitReset(File file, String str, String str2) throws GitException {
        if (str2 == null) {
            runCommand(file, NativeGitCommands.HARD_RESET.with("origin/" + str));
        } else {
            runCommand(file, NativeGitCommands.HARD_RESET.with(str2));
        }
    }

    private String gitCreateBranch(File file, String str) throws GitException {
        runCommand(file, NativeGitCommands.CREATE_BRANCH_AND_CHECKOUT.with(str));
        return getHeadRef(file);
    }

    private String getHeadRef(File file) throws GitException {
        return runCommand(file, NativeGitCommands.HEAD_REF.getCommands()).outputUTF8().trim();
    }

    private void cloneNoCheckout(File file, String str, boolean z) throws GitException {
        if (z) {
            runCommand(file, NativeGitCommands.SHALLOW_CLONE.with(str, this.repositoryUrl, "."));
        } else {
            runCommand(file, NativeGitCommands.DEEP_CLONE.with(str, this.repositoryUrl, "."));
        }
    }

    private String gitCommit(File file, String str, String str2, String str3) throws GitException {
        configUserEmail(file, str2);
        runCommand(file, NativeGitCommands.CONFIG_LOCAL.with("user.name", str));
        runCommand(file, NativeGitCommands.CONFIG_LOCAL.with("commit.gpgsign", "false"));
        runCommand(file, NativeGitCommands.COMMIT.with("-m", str3));
        return getHeadRef(file);
    }

    ProcessResult configUserEmail(File file, String str) throws GitException {
        if (Objects.equals("", str)) {
            str = getOSSpecificDefaultEmail(NativeGitUtils.IS_OS_WINDOWS);
        }
        return runCommand(file, NativeGitCommands.CONFIG_LOCAL.with("user.email", str));
    }

    String getOSSpecificDefaultEmail(boolean z) {
        return z ? "^<^>" : "\"<>\"";
    }

    private String gitPush(File file) throws GitException {
        runCommand(file, NativeGitCommands.PUSH.getCommands());
        return getHeadRef(file);
    }

    private void enableSparseCheckout(File file) throws GitException {
        runCommand(file, NativeGitCommands.SPARSE_CHECKOUT.getCommands());
        File file2 = new File(new File(file, ".git"), "info");
        File file3 = new File(file2, "sparse-checkout");
        try {
            if (!file2.exists()) {
                log.info("Created .git/info directory as it did not exist. Result: {}", Boolean.valueOf(file2.mkdirs()));
            }
            Files.write(file3.toPath(), SPARSE_CHECKOUT_FILE_PATTERNS, StandardCharsets.UTF_8, new OpenOption[0]);
        } catch (IOException e) {
            throw new GitException("Unable to write sparse checkout file", e);
        }
    }

    private ProcessResult runCommand(File file, List<String> list) throws GitException {
        return runCommand(file, list, Collections.singletonList(EXIT_CODE_SUCCESS));
    }

    private ProcessResult runCommand(File file, List<String> list, List<Integer> list2) throws GitException {
        File writeCredentialFile = writeCredentialFile();
        HashMap hashMap = new HashMap();
        hashMap.put("GIT_TOKEN", new String(this.token));
        hashMap.put("GIT_USERNAME", this.username);
        hashMap.put("GIT_TERMINAL_PROMPT", WalkEncryption.Vals.DEFAULT_VERS);
        hashMap.put("GIT_ASKPASS", writeCredentialFile.getAbsolutePath());
        hashMap.put("SSH_ASKPASS", writeCredentialFile.getAbsolutePath());
        hashMap.put("GIT_SSH_COMMAND", getGitSshCommand());
        List<String> createCommandList = NativeGitUtils.createCommandList(NativeGitUtils.IS_OS_WINDOWS, this.gitExecutable, list);
        String join = String.join(" ", createCommandList);
        String uuid = UUID.randomUUID().toString();
        log.trace("COMMAND ({}): {}", uuid, join);
        try {
            try {
                try {
                    ProcessResult execute = new ProcessExecutor().command(createCommandList).directory(file).environment(hashMap).timeout(this.timeout, TimeUnit.SECONDS).setMessageLogger(this.nativeGitLogger).exitValues(list2.stream().mapToInt(num -> {
                        return num.intValue();
                    }).toArray()).readOutput(true).execute();
                    if (log.isTraceEnabled()) {
                        String trim = execute.outputUTF8().trim();
                        log.trace("OUTPUT ({}): {}", uuid, trim.isEmpty() ? "<no output>" : redactToken(trim));
                    }
                    return execute;
                } catch (InvalidExitValueException e) {
                    log.debug("OUTPUT ERROR ({}): {}", uuid, redactToken(e.getResult().outputUTF8().trim()));
                    throw cleanGitException(String.format("Invalid exit code executing command '%s' in path '%s'.", join, file.getAbsolutePath()), e);
                }
            } catch (Exception e2) {
                throw cleanGitException(String.format("Failed to run command '%s' in path '%s'.", join, file.getAbsolutePath()), e2);
            }
        } finally {
            writeCredentialFile.delete();
        }
    }

    private String getGitSshCommand() {
        return NativeGitUtils.IS_OS_WINDOWS ? "ssh -o BatchMode=yes" : "ssh -oBatchMode=yes";
    }

    private GitException cleanGitException(String str, Exception exc) {
        String redactToken = redactToken(exc.getMessage());
        try {
            Field declaredField = Throwable.class.getDeclaredField("detailMessage");
            declaredField.setAccessible(true);
            declaredField.set(exc, redactToken);
            return new GitException(str, exc);
        } catch (IllegalAccessException | NoSuchFieldException unused) {
            RuntimeException runtimeException = new RuntimeException("An exception occurred but the git token was unable to be redacted so the exception has been suppressed\nThe original exception type was: " + exc.getClass().getName() + StringUtils.LF + "The original exception message (with token redacted) was: " + redactToken + StringUtils.LF + "The original exception stacktrace was: ");
            runtimeException.setStackTrace(exc.getStackTrace());
            return new GitException(str, runtimeException);
        }
    }

    private File writeCredentialFile() throws GitException {
        try {
            File createTempFile = File.createTempFile("nexus-iq-git-helper", NativeGitUtils.IS_OS_WINDOWS ? ".bat" : ".sh", this.tempDir);
            Files.write(createTempFile.toPath(), StringUtils.isEmpty(this.username) ? NativeGitUtils.IS_OS_WINDOWS ? WINDOWS_TOKEN_CREDENTIAL_CONTENTS : NIX_TOKEN_CREDENTIAL_CONTENTS : NativeGitUtils.IS_OS_WINDOWS ? WINDOWS_USERNAME_TOKEN_CREDENTIAL_CONTENTS : NIX_USERNAME_TOKEN_CREDENTIAL_CONTENTS, StandardCharsets.UTF_8, new OpenOption[0]);
            createTempFile.setExecutable(true);
            log.trace("Created credentials file: {}", createTempFile.getAbsolutePath());
            return createTempFile;
        } catch (IOException e) {
            throw new GitException("Unable to write Git Credential helper file", e);
        }
    }

    private String validateGitExecutable(String str) {
        File file = new File((String) Objects.requireNonNull(str));
        if (SUPPORTED_GIT_NAMES.contains(file.getName()) && file.exists()) {
            return str;
        }
        throw new IllegalArgumentException("gitExecutable must exist and be named 'git' or 'git.exe'. This value is not valid: " + str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String redactToken(String str) {
        if (str == null) {
            return null;
        }
        return str.replaceAll("(GIT_TOKEN=).*?([,}])", "$1<redacted>$2");
    }

    public void setTempDirectory(File file) {
        if (file != null) {
            if (file.isFile()) {
                throw new RuntimeException(String.valueOf(file.getAbsolutePath()) + " must be a directory.");
            }
            if (!file.exists()) {
                try {
                    Files.createDirectories(file.toPath(), new FileAttribute[0]);
                } catch (IOException e) {
                    throw new UncheckedIOException(e);
                }
            }
        }
        this.tempDir = file;
    }

    private void checkAndUpdateRemoteUrl(File file) throws GitException {
        String trim = StringUtils.trim(runCommand(file, NativeGitCommands.GET_ORIGIN.getCommands()).outputUTF8());
        if (isRepoNameEqualsToConfiguredRepoName(trim)) {
            if ((isHttpCloneUrl(trim) && isSshCloneUrl(this.repositoryUrl)) || (isSshCloneUrl(trim) && isHttpCloneUrl(this.repositoryUrl))) {
                runCommand(file, NativeGitCommands.SET_ORIGIN.with(this.repositoryUrl));
            }
        }
    }

    private boolean isRepoNameEqualsToConfiguredRepoName(String str) {
        return getRepoNameFromUrl(this.repositoryUrl).equals(getRepoNameFromUrl(str));
    }

    private String getRepoNameFromUrl(String str) {
        if (StringUtils.isEmpty(str)) {
            return null;
        }
        String[] split = str.split("/");
        return split[split.length - 1].replace(".git", "");
    }

    private boolean isHttpCloneUrl(String str) {
        return str.startsWith(HTTPS_PREFIX) || str.startsWith(HTTP_PREFIX);
    }

    private boolean isSshCloneUrl(String str) {
        return str.matches(SSH_REGEX) || str.startsWith(SSH_PREFIX);
    }
}
