package com.walmartlabs.concord.repository;

import com.google.common.collect.ImmutableSet;
import com.walmartlabs.concord.common.IOUtils;
import com.walmartlabs.concord.common.LogUtils;
import com.walmartlabs.concord.common.secret.BinaryDataSecret;
import com.walmartlabs.concord.common.secret.KeyPair;
import com.walmartlabs.concord.common.secret.UsernamePassword;
import com.walmartlabs.concord.repository.FetchRequest;
import com.walmartlabs.concord.repository.ImmutableCommand;
import com.walmartlabs.concord.repository.ImmutableCommitInfo;
import com.walmartlabs.concord.repository.ImmutableFetchResult;
import com.walmartlabs.concord.repository.ImmutableRef;
import com.walmartlabs.concord.sdk.Secret;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.io.StringReader;
import java.nio.charset.Charset;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.nio.file.attribute.PosixFilePermission;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
import java.util.concurrent.TimeUnit;
import javax.annotation.Nullable;
import org.immutables.value.Value;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/walmartlabs/concord/repository/GitClient.class */
public class GitClient {
    private static final Logger log = LoggerFactory.getLogger(GitClient.class);
    private static final int OBJECT_ID_LENGTH = 20;
    private static final int OBJECT_ID_STRING_LENGTH = 40;
    private static final int SUCCESS_EXIT_CODE = 0;
    private final GitClientConfiguration cfg;
    private final List<String> sensitiveData;
    private final ExecutorService executor;

    /* JADX INFO: Access modifiers changed from: package-private */
    @Value.Style(jdkOnly = true)
    @Value.Immutable
    /* loaded from: input_file:com/walmartlabs/concord/repository/GitClient$Command.class */
    public interface Command {
        Path workDir();

        @Value.Default
        default List<String> args() {
            return Collections.emptyList();
        }

        @Value.Default
        default Map<String, String> env() {
            return Collections.emptyMap();
        }

        Duration timeout();

        static ImmutableCommand.Builder builder() {
            return ImmutableCommand.builder();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Value.Style(jdkOnly = true)
    @Value.Immutable
    /* loaded from: input_file:com/walmartlabs/concord/repository/GitClient$CommitInfo.class */
    public interface CommitInfo {
        @Nullable
        String message();

        @Nullable
        String author();

        static ImmutableCommitInfo.Builder builder() {
            return ImmutableCommitInfo.builder();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Value.Style(jdkOnly = true)
    @Value.Immutable
    /* loaded from: input_file:com/walmartlabs/concord/repository/GitClient$NormalizedVersion.class */
    public interface NormalizedVersion {
        static NormalizedVersion from(FetchRequest.Version version, Ref ref) {
            return ImmutableNormalizedVersion.builder().commitId((ref != null) && version.value().equals(version.ref()) ? null : version.value()).branchOrTag(version.ref()).build();
        }

        @Nullable
        String commitId();

        @Nullable
        String branchOrTag();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Value.Style(jdkOnly = true)
    @Value.Immutable
    /* loaded from: input_file:com/walmartlabs/concord/repository/GitClient$Ref.class */
    public interface Ref {
        String commitId();

        String ref();

        String name();

        default boolean tag() {
            return ref().equals("refs/tags/" + name());
        }

        static ImmutableRef.Builder builder() {
            return ImmutableRef.builder();
        }
    }

    public GitClient(GitClientConfiguration gitClientConfiguration) {
        this.cfg = gitClientConfiguration;
        this.sensitiveData = gitClientConfiguration.oauthToken() != null ? Collections.singletonList(gitClientConfiguration.oauthToken()) : Collections.emptyList();
        this.executor = Executors.newCachedThreadPool();
    }

    public FetchResult fetch(FetchRequest fetchRequest) {
        assertSecret(fetchRequest.url(), fetchRequest.secret());
        try {
            boolean exists = Files.exists(fetchRequest.destination().resolve(".git"), new LinkOption[SUCCESS_EXIT_CODE]);
            if (!exists) {
                Files.createDirectories(fetchRequest.destination(), new FileAttribute[SUCCESS_EXIT_CODE]);
                init(fetchRequest.destination());
            }
            configure(fetchRequest.destination());
            configureRemote(fetchRequest.destination(), updateUrl(fetchRequest.url(), fetchRequest.secret()));
            Ref headRef = getHeadRef(fetchRequest.destination(), fetchRequest.version().ref(), fetchRequest.secret());
            configureFetch(fetchRequest.destination(), getRefSpec(headRef));
            NormalizedVersion from = NormalizedVersion.from(fetchRequest.version(), headRef);
            if (!(exists && fetchRequest.checkAlreadyFetched() && alreadyFetched(fetchRequest.destination(), headRef, from))) {
                fetch(fetchRequest.destination(), fetchRequest.shallow() && from.commitId() == null, fetchRequest.secret());
                checkout(fetchRequest.destination(), fetchRequest.version().value());
                if (from.commitId() == null) {
                    reset(fetchRequest.destination(), headRef.tag() ? "origin/tags/" + headRef.name() : "origin/" + headRef.name());
                }
                cleanup(fetchRequest.destination());
                if (fetchRequest.includeSubmodules() && hasSubmodules(fetchRequest.destination())) {
                    updateSubmodules(fetchRequest.destination(), fetchRequest.secret());
                    resetSubmodules(fetchRequest.destination());
                }
            }
            ImmutableFetchResult.Builder branchOrTag = FetchResult.builder().head(revParse(fetchRequest.destination(), "HEAD")).branchOrTag(headRef != null ? headRef.name() : null);
            if (fetchRequest.withCommitInfo()) {
                CommitInfo commitInfo = getCommitInfo(fetchRequest.destination());
                branchOrTag.message(commitInfo.message()).author(commitInfo.author());
            }
            return branchOrTag.build();
        } catch (RepositoryException e) {
            throw e;
        } catch (Exception e2) {
            log.error("fetch ['{}'] -> error", fetchRequest, e2);
            throw new RepositoryException("Error while fetching a repository: " + e2.getMessage());
        }
    }

    private boolean alreadyFetched(Path path, Ref ref, NormalizedVersion normalizedVersion) {
        String revParse = revParse(path, "HEAD");
        if (normalizedVersion.commitId() != null) {
            return revParse.equalsIgnoreCase(normalizedVersion.commitId());
        }
        if (ref == null) {
            return false;
        }
        return ref.commitId().equals(revParse);
    }

    private void init(Path path) {
        exec(Command.builder().workDir(path).timeout(this.cfg.defaultOperationTimeout()).addArgs("init").build());
    }

    private void configure(Path path) {
        exec(Command.builder().workDir(path).timeout(this.cfg.defaultOperationTimeout()).addArgs("config", "advice.detachedHead", "false").build());
        exec(Command.builder().workDir(path).timeout(this.cfg.defaultOperationTimeout()).addArgs("config", "maintenance.auto", "false").build());
        exec(Command.builder().workDir(path).timeout(this.cfg.defaultOperationTimeout()).addArgs("config", "gc.auto", "0").build());
    }

    private void configureRemote(Path path, String str) {
        exec(Command.builder().workDir(path).timeout(this.cfg.defaultOperationTimeout()).addArgs("config", "remote.origin.url", str).build());
    }

    private void configureFetch(Path path, String str) {
        exec(Command.builder().workDir(path).timeout(this.cfg.defaultOperationTimeout()).addArgs("config", "--replace-all", "remote.origin.fetch", str).build());
    }

    private void fetch(Path path, boolean z, Secret secret) {
        ArrayList arrayList = new ArrayList();
        arrayList.add("fetch");
        if (z) {
            arrayList.add("--depth=1");
        } else if (isShallowRepo(path)) {
            arrayList.add("--unshallow");
        }
        arrayList.add("--quiet");
        arrayList.add("origin");
        execWithCredentials(Command.builder().workDir(path).timeout(this.cfg.fetchTimeout()).addAllArgs(arrayList).build(), secret);
    }

    private boolean isShallowRepo(Path path) {
        return Boolean.parseBoolean(exec(Command.builder().workDir(path).timeout(this.cfg.defaultOperationTimeout()).addArgs("rev-parse", "--is-shallow-repository").build()).trim());
    }

    private void checkout(Path path, String str) {
        exec(Command.builder().workDir(path).timeout(this.cfg.defaultOperationTimeout()).addArgs("checkout", "-q", "-f", str).build());
    }

    private void reset(Path path, String str) {
        exec(Command.builder().workDir(path).timeout(this.cfg.defaultOperationTimeout()).addArgs("reset", "--hard", str).build());
    }

    private void cleanup(Path path) {
        exec(Command.builder().workDir(path).timeout(this.cfg.defaultOperationTimeout()).addArgs("clean", "-fdx").build());
    }

    private String revParse(Path path, String str) {
        String trim = exec(Command.builder().workDir(path).timeout(this.cfg.defaultOperationTimeout()).addArgs("rev-parse", str).build()).trim();
        if (trim.isEmpty()) {
            throw new RepositoryException("rev-parse no content returned for '" + str + "'");
        }
        return fromString(trim);
    }

    /* JADX WARN: Code restructure failed: missing block: B:12:0x0083, code lost:
    
        throw new com.walmartlabs.concord.repository.RepositoryException("invalid response: " + r0);
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.util.List<com.walmartlabs.concord.repository.GitClient.Ref> getRefs(java.nio.file.Path r8, java.lang.String r9, com.walmartlabs.concord.sdk.Secret r10) {
        /*
            Method dump skipped, instructions count: 228
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.walmartlabs.concord.repository.GitClient.getRefs(java.nio.file.Path, java.lang.String, com.walmartlabs.concord.sdk.Secret):java.util.List");
    }

    private Ref getHeadRef(Path path, String str, Secret secret) {
        if (str == null) {
            return null;
        }
        String str2 = "refs/heads/" + str;
        String str3 = "refs/tags/" + str;
        return getRefs(path, str, secret).stream().filter(ref -> {
            return ref.ref().equalsIgnoreCase(str2) || ref.ref().equalsIgnoreCase(str3);
        }).findFirst().orElse(null);
    }

    private static String getRefSpec(Ref ref) {
        return ref == null ? "+refs/heads/*:refs/remotes/origin/*" : ref.tag() ? String.format("+refs/tags/%s:refs/remotes/origin/tags/%s", ref.name(), ref.name()) : String.format("+refs/heads/%s:refs/remotes/origin/%s", ref.name(), ref.name());
    }

    private String updateUrl(String str, Secret secret) {
        String trim = str.trim();
        return (secret != null || this.cfg.oauthToken() == null || trim.contains("@") || !trim.startsWith("https://")) ? trim : "https://" + this.cfg.oauthToken() + "@" + trim.substring("https://".length());
    }

    private void updateSubmodules(Path path, Secret secret) {
        exec(Command.builder().workDir(path).timeout(this.cfg.defaultOperationTimeout()).addArgs("submodule", "init").build());
        exec(Command.builder().workDir(path).timeout(this.cfg.defaultOperationTimeout()).addArgs("submodule", "sync").build());
        try {
            String[] split = exec(Command.builder().workDir(path).timeout(this.cfg.defaultOperationTimeout()).addArgs("config", "--file", ".gitmodules", "--name-only", "--get-regexp", "path").build()).split("\\r?\\n");
            ArrayList arrayList = new ArrayList();
            arrayList.add("submodule");
            arrayList.add("update");
            arrayList.add("--init");
            arrayList.add("--recursive");
            int length = split.length;
            for (int i = SUCCESS_EXIT_CODE; i < length; i++) {
                String str = split[i];
                if (!str.trim().isEmpty()) {
                    String substring = str.substring("submodule.".length(), str.length() - ".path".length());
                    String submoduleUrl = getSubmoduleUrl(path, substring);
                    if (submoduleUrl == null) {
                        throw new RepositoryException("Empty repository for " + substring);
                    }
                    String updateUrl = updateUrl(submoduleUrl, secret);
                    if (!updateUrl.equals(submoduleUrl)) {
                        exec(Command.builder().workDir(path).timeout(this.cfg.defaultOperationTimeout()).addArgs("config", "submodule." + substring + ".url", updateUrl).build());
                    }
                    String submodulePath = getSubmodulePath(path, substring);
                    ArrayList arrayList2 = new ArrayList(arrayList);
                    arrayList2.add(submodulePath);
                    execWithCredentials(Command.builder().workDir(path).timeout(this.cfg.fetchTimeout()).addAllArgs(arrayList2).build(), secret);
                }
            }
        } catch (RepositoryException e) {
            log.warn("updateSubmodules ['{}'] -> error while retrieving the list of submodules: {}", path, e.getMessage());
        }
    }

    private void resetSubmodules(Path path) {
        exec(Command.builder().workDir(path).timeout(this.cfg.defaultOperationTimeout()).addArgs("submodule", "foreach", "git", "reset", "--hard").build());
    }

    private String getSubmoduleUrl(Path path, String str) {
        String firstLine = firstLine(exec(Command.builder().workDir(path).timeout(this.cfg.defaultOperationTimeout()).addArgs("config", "-f", ".gitmodules", "--get", "submodule." + str + ".url").build()));
        if (firstLine != null) {
            return firstLine.trim();
        }
        return null;
    }

    private String getSubmodulePath(Path path, String str) {
        String firstLine = firstLine(exec(Command.builder().workDir(path).timeout(this.cfg.defaultOperationTimeout()).addArgs("config", "-f", ".gitmodules", "--get", "submodule." + str + ".path").build()));
        if (firstLine != null) {
            return firstLine.trim();
        }
        return null;
    }

    private CommitInfo getCommitInfo(Path path) {
        String[] split = exec(Command.builder().workDir(path).timeout(this.cfg.defaultOperationTimeout()).addArgs("log", "-1", "--format=%an (%ae)%n%s%n%b").build()).split("\n");
        if (split.length < 1) {
            return CommitInfo.builder().build();
        }
        String str = split[SUCCESS_EXIT_CODE];
        StringBuilder sb = new StringBuilder();
        for (int i = 1; i < split.length; i++) {
            sb.append(split[i]).append("\n");
        }
        return CommitInfo.builder().message(sb.toString()).author(str).build();
    }

    private String exec(Command command) {
        ArrayList arrayList = new ArrayList(command.args().size() + 1);
        arrayList.add("git");
        arrayList.addAll(command.args());
        ProcessBuilder directory = new ProcessBuilder(arrayList).directory(command.workDir().toFile());
        Map<String, String> environment = directory.environment();
        environment.putAll(command.env());
        if (!environment.containsKey("GIT_ASKPASS")) {
            environment.put("GIT_ASKPASS", "echo");
        }
        log.info("> {}", hideSensitiveData(String.join(" ", arrayList)));
        try {
            Process start = directory.start();
            Future submit = this.executor.submit(LogUtils.withMdc(() -> {
                StringBuilder sb = new StringBuilder();
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(start.getInputStream()));
                while (true) {
                    try {
                        String readLine = bufferedReader.readLine();
                        if (readLine == null) {
                            bufferedReader.close();
                            return sb;
                        }
                        log.info("GIT (stdout): {}", hideSensitiveData(readLine));
                        sb.append(readLine).append("\n");
                    } catch (Throwable th) {
                        try {
                            bufferedReader.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                        throw th;
                    }
                }
            }));
            Future submit2 = this.executor.submit(LogUtils.withMdc(() -> {
                StringBuilder sb = new StringBuilder();
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(start.getErrorStream()));
                while (true) {
                    try {
                        String readLine = bufferedReader.readLine();
                        if (readLine == null) {
                            bufferedReader.close();
                            return sb;
                        }
                        log.info("GIT (stderr): {}", hideSensitiveData(readLine));
                        sb.append(readLine).append("\n");
                    } catch (Throwable th) {
                        try {
                            bufferedReader.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                        throw th;
                    }
                }
            }));
            if (!start.waitFor(command.timeout().toMillis(), TimeUnit.MILLISECONDS)) {
                start.destroy();
                throw new RepositoryException(String.format("git operation timed out after %sms", command.timeout()));
            }
            int exitValue = start.exitValue();
            if (exitValue == 0) {
                return ((StringBuilder) submit.get()).toString();
            }
            String format = String.format("code: %d, %s", Integer.valueOf(exitValue), hideSensitiveData(((StringBuilder) submit2.get()).toString()));
            log.warn("exec ['{}'] -> finished with code {}, error: '{}'", new Object[]{hideSensitiveData(String.join(" ", arrayList)), Integer.valueOf(exitValue), format});
            throw new RepositoryException(format);
        } catch (IOException | InterruptedException | ExecutionException e) {
            log.error("exec ['{}'] -> error", hideSensitiveData(String.join(" ", arrayList)), e);
            throw new RepositoryException("git operation error: " + e.getMessage());
        }
    }

    private String execWithCredentials(Command command, Secret secret) {
        Path path = SUCCESS_EXIT_CODE;
        Path path2 = SUCCESS_EXIT_CODE;
        Path path3 = SUCCESS_EXIT_CODE;
        HashMap hashMap = new HashMap();
        hashMap.put("GIT_TERMINAL_PROMPT", "0");
        try {
            try {
                if (secret instanceof KeyPair) {
                    path = createSshKeyFile((KeyPair) secret);
                    path2 = createUnixGitSSH(path);
                    hashMap.put("GIT_SSH", path2.toAbsolutePath().toString());
                    hashMap.put("GIT_SSH_COMMAND", path2.toAbsolutePath().toString());
                    if (!hashMap.containsKey("DISPLAY")) {
                        hashMap.put("DISPLAY", ":");
                    }
                    log.info("using GIT_SSH to set credentials");
                } else if (secret instanceof UsernamePassword) {
                    path3 = createUnixStandardAskpass((UsernamePassword) secret);
                    hashMap.put("GIT_ASKPASS", path3.toAbsolutePath().toString());
                    hashMap.put("SSH_ASKPASS", path3.toAbsolutePath().toString());
                    log.info("using GIT_ASKPASS to set credentials ");
                } else if (secret instanceof BinaryDataSecret) {
                    path3 = createUnixStandardAskpass(new UsernamePassword(new String(((BinaryDataSecret) secret).getData()), "".toCharArray()));
                    hashMap.put("GIT_ASKPASS", path3.toAbsolutePath().toString());
                    log.info("using GIT_ASKPASS to set credentials ");
                }
                hashMap.put("GIT_HTTP_LOW_SPEED_LIMIT", String.valueOf(this.cfg.httpLowSpeedLimit()));
                hashMap.put("GIT_HTTP_LOW_SPEED_TIME", String.valueOf(this.cfg.httpLowSpeedTime().getSeconds()));
                String exec = exec(Command.builder().from(command).putAllEnv(hashMap).build());
                deleteTempFile(path);
                deleteTempFile(path2);
                deleteTempFile(path3);
                return exec;
            } catch (IOException e) {
                throw new RepositoryException("Failed to setup credentials", e);
            }
        } catch (Throwable th) {
            deleteTempFile(path);
            deleteTempFile(path2);
            deleteTempFile(path3);
            throw th;
        }
    }

    private String hideSensitiveData(String str) {
        if (str == null) {
            return null;
        }
        Iterator<String> it = this.sensitiveData.iterator();
        while (it.hasNext()) {
            str = str.replaceAll(it.next(), "***");
        }
        return str;
    }

    private Path createUnixGitSSH(Path path) throws IOException {
        Path createTempFile = IOUtils.createTempFile("ssh", ".sh");
        PrintWriter printWriter = new PrintWriter(createTempFile.toFile(), Charset.defaultCharset().toString());
        try {
            printWriter.println("#!/bin/sh");
            printWriter.println("if [ -z \"${DISPLAY}\" ]; then");
            printWriter.println("  DISPLAY=:123.456");
            printWriter.println("  export DISPLAY");
            printWriter.println("fi");
            printWriter.println("ssh -i \"" + path.toAbsolutePath().toString() + "\" -o ServerAliveCountMax=" + this.cfg.sshTimeoutRetryCount() + " -o ServerAliveInterval=" + this.cfg.sshTimeout().getSeconds() + " -o StrictHostKeyChecking=no \"$@\"");
            printWriter.close();
            Files.setPosixFilePermissions(createTempFile, ImmutableSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_EXECUTE));
            return createTempFile;
        } catch (Throwable th) {
            try {
                printWriter.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private static void assertSecret(String str, Secret secret) {
        if ((secret instanceof BinaryDataSecret) && !str.trim().startsWith("https://")) {
            throw new RepositoryException("Tokens can only be used for https:// Git URLs");
        }
    }

    private static Path createUnixStandardAskpass(UsernamePassword usernamePassword) throws IOException {
        Path createTempFile = IOUtils.createTempFile("pass", ".sh");
        PrintWriter printWriter = new PrintWriter(createTempFile.toFile(), Charset.defaultCharset().toString());
        try {
            printWriter.println("#!/bin/sh");
            printWriter.println("case \"$1\" in");
            printWriter.println("Username*) echo '" + quoteUnixCredentials(usernamePassword.getUsername()) + "' ;;");
            printWriter.println("Password*) echo '" + quoteUnixCredentials(new String(usernamePassword.getPassword())) + "' ;;");
            printWriter.println("esac");
            printWriter.close();
            Files.setPosixFilePermissions(createTempFile, ImmutableSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_EXECUTE));
            return createTempFile;
        } catch (Throwable th) {
            try {
                printWriter.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private static Path createSshKeyFile(KeyPair keyPair) throws IOException {
        Path createTempFile = IOUtils.createTempFile("ssh", ".key");
        Files.write(createTempFile, keyPair.getPrivateKey(), new OpenOption[SUCCESS_EXIT_CODE]);
        return createTempFile;
    }

    private static void deleteTempFile(Path path) {
        if (path == null) {
            return;
        }
        try {
            Files.delete(path);
        } catch (IOException e) {
            log.warn("can't delete tmp file: {}", path);
        }
    }

    private static String quoteUnixCredentials(String str) {
        return str.replace("'", "'\\''");
    }

    private static boolean hasSubmodules(Path path) {
        return Files.exists(path.resolve(".gitmodules"), new LinkOption[SUCCESS_EXIT_CODE]);
    }

    private static String firstLine(String str) {
        BufferedReader bufferedReader = new BufferedReader(new StringReader(str));
        try {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                return null;
            }
            if (bufferedReader.readLine() != null) {
                throw new RepositoryException("Unexpected multiple lines: " + str);
            }
            return readLine;
        } catch (IOException e) {
            throw new RepositoryException("Error parsing result", e);
        }
    }

    private static String fromString(String str) {
        if (str.length() != OBJECT_ID_STRING_LENGTH) {
            throw new RuntimeException("Invalid object id:" + str);
        }
        return str;
    }
}
