package com.sonatype.insight.scan.file;

import com.google.gson.GsonBuilder;
import com.neuvector.Scanner;
import com.neuvector.model.Image;
import com.neuvector.model.NVScanner;
import com.neuvector.model.Registry;
import com.neuvector.model.ScanRepoReportData;
import de.schlichtherle.truezip.file.TFile;
import org.apache.commons.compress.java.util.jar.Pack200;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.shaded.Logger;
import org.sonatype.plexus.components.sec.dispatcher.shaded.SecUtil;

/* loaded from: input_file:com/sonatype/insight/scan/file/ContainerFileProcessor.class */
public class ContainerFileProcessor {
    private final ScanSession scanSession;
    private final Logger log;
    public static final String NEXUS_CONTAINER_SCANNING_SCANNER_IMAGE = "NEXUS_CONTAINER_SCANNING_SCANNER_IMAGE";
    public static final String NEXUS_CONTAINER_SCANNING_REGISTRY_URL = "NEXUS_CONTAINER_SCANNING_REGISTRY_URL";
    public static final String NEXUS_CONTAINER_SCANNING_REGISTRY_USER = "NEXUS_CONTAINER_SCANNING_REGISTRY_USER";
    public static final String NEXUS_CONTAINER_SCANNING_REGISTRY_PASSWORD = "NEXUS_CONTAINER_SCANNING_REGISTRY_PASSWORD";
    public static final String NEXUS_CONTAINER_IMAGE_REGISTRY_USER = "NEXUS_CONTAINER_IMAGE_REGISTRY_USER";
    public static final String NEXUS_CONTAINER_IMAGE_REGISTRY_PASSWORD = "NEXUS_CONTAINER_IMAGE_REGISTRY_PASSWORD";
    public static final String NEXUS_CONTAINER_SCANNING_MOUNT_PATH = "NEXUS_CONTAINER_SCANNING_MOUNT_PATH";
    public static final String DEFAULT_MOUNT_PATH = "/tmp";
    public static final String JENKINS_TMP_WORKSPACE = "WORKSPACE_TMP";
    public static final String NEUVECTOR_IMAGE = "neuvector.image";
    public static final String DEFAULT_SCANNER_IMAGE = "scanner:latest";
    public static final String DEFAULT_REGISTRY_URL = "http://registry.hub.docker.com/neuvector";
    private String nvScannerImage;
    private String nvRegistryURL;
    private String nvRegistryUser;
    private String nvRegistryPassword;
    private String nvMountPath = DEFAULT_MOUNT_PATH;
    private String imageRegistryUserName;
    private String imageRegistryUserPassword;

    /* loaded from: input_file:com/sonatype/insight/scan/file/ContainerFileProcessor$RegistryImageTagDto.class */
    public static class RegistryImageTagDto {
        String remoteRegistry;
        String image;
        String tag;
    }

    public ContainerFileProcessor(Logger logger, ScanSession scanSession) {
        this.log = logger;
        this.scanSession = scanSession;
    }

    public String process(TFile tFile) {
        String value = getValue(NEXUS_CONTAINER_SCANNING_SCANNER_IMAGE);
        String value2 = getValue(NEXUS_CONTAINER_SCANNING_REGISTRY_URL);
        this.nvScannerImage = value == null ? DEFAULT_SCANNER_IMAGE : value;
        this.nvRegistryURL = value2 == null ? DEFAULT_REGISTRY_URL : value2;
        this.nvRegistryUser = getValue(NEXUS_CONTAINER_SCANNING_REGISTRY_USER);
        this.nvRegistryPassword = getValue(NEXUS_CONTAINER_SCANNING_REGISTRY_PASSWORD);
        this.imageRegistryUserName = getValue(NEXUS_CONTAINER_IMAGE_REGISTRY_USER);
        this.imageRegistryUserPassword = getValue(NEXUS_CONTAINER_IMAGE_REGISTRY_PASSWORD);
        if (getValue(NEXUS_CONTAINER_SCANNING_MOUNT_PATH) != null) {
            this.nvMountPath = getValue(NEXUS_CONTAINER_SCANNING_MOUNT_PATH);
        } else if (this.scanSession.getEnvVar(JENKINS_TMP_WORKSPACE) != null) {
            this.nvMountPath = this.scanSession.getEnvVar(JENKINS_TMP_WORKSPACE);
        }
        this.log.info("Using mount path: {}", this.nvMountPath);
        return getNeuVectorContainerScanReport(tFile);
    }

    private String getValue(String str) {
        if (this.scanSession.getEnvVar(str) != null) {
            this.log.info("{} found in provided environmental variables.", str);
            return this.scanSession.getEnvVar(str);
        }
        if (System.getenv(str) != null) {
            this.log.info("{} found in host machine environmental variables.", str);
            return System.getenv(str);
        }
        this.log.info("{} missing.", str);
        return null;
    }

    private String getNeuVectorContainerScanReport(TFile tFile) {
        RegistryImageTagDto registryImageTag = getRegistryImageTag(tFile.getPath().replace('\\', '/'));
        String str = registryImageTag.image;
        String str2 = registryImageTag.tag;
        String str3 = registryImageTag.remoteRegistry;
        if (str3 != null) {
            this.log.info("Invoking remote registry scanning for: {}", tFile.getPath());
            return getNeuVectorContainerScanReportFromRegistry(str, str2, str3);
        }
        this.log.info("Invoking local scan for: {}", tFile.getPath());
        return getNeuVectorContainerScanReportFromLocal(str, str2);
    }

    RegistryImageTagDto getRegistryImageTag(String str) {
        String str2;
        this.log.info("Extracting registry, image and tag from: {}", str);
        String replace = str.replace("container:", "");
        String substring = replace.startsWith("/") ? replace.substring(1) : replace;
        RegistryImageTagDto registryImageTagDto = new RegistryImageTagDto();
        if (substring.startsWith("http")) {
            String substring2 = substring.replace("//", "/").substring(substring.indexOf("/") + 1);
            registryImageTagDto.remoteRegistry = "http" + (substring.contains("https") ? "s" : "") + SecUtil.PROTOCOL_DELIM + substring2.substring(0, substring2.indexOf("/"));
            str2 = substring2.substring(substring2.indexOf("/") + 1);
        } else {
            str2 = substring;
        }
        if (str2.contains(":")) {
            registryImageTagDto.image = str2.substring(0, str2.indexOf(":"));
            registryImageTagDto.tag = str2.substring(str2.indexOf(":") + 1);
        } else {
            registryImageTagDto.image = str2;
            registryImageTagDto.tag = Pack200.Packer.LATEST;
        }
        this.log.info("Extracted registry:{}, image:{}, tag:{}", registryImageTagDto.remoteRegistry, registryImageTagDto.image, registryImageTagDto.tag);
        return registryImageTagDto;
    }

    private String getNeuVectorContainerScanReportFromLocal(String str, String str2) {
        ScanRepoReportData scanLocalImage = Scanner.scanLocalImage(new Image(str, str2), new NVScanner(this.nvScannerImage, this.nvRegistryURL, this.nvRegistryUser, this.nvRegistryPassword, this.nvMountPath, this.log), "");
        deleteDockerImagesByLabelKey();
        if (StringUtils.isNotEmpty(scanLocalImage.getError_message())) {
            throw new RuntimeException(scanLocalImage.getError_message());
        }
        return new GsonBuilder().setPrettyPrinting().create().toJson(scanLocalImage);
    }

    private String getNeuVectorContainerScanReportFromRegistry(String str, String str2, String str3) {
        ScanRepoReportData scanRegistry = Scanner.scanRegistry(new Registry(str3, this.imageRegistryUserName, this.imageRegistryUserPassword, str, str2), new NVScanner(this.nvScannerImage, this.nvRegistryURL, this.nvRegistryUser, this.nvRegistryPassword, this.nvMountPath, this.log), "", true);
        deleteDockerImagesByLabelKey();
        if (StringUtils.isNotEmpty(scanRegistry.getError_message())) {
            throw new RuntimeException(scanRegistry.getError_message());
        }
        return new GsonBuilder().setPrettyPrinting().create().toJson(scanRegistry);
    }

    private void deleteDockerImagesByLabelKey() {
        String deleteDockerImagesByLabelKey = Scanner.deleteDockerImagesByLabelKey(NEUVECTOR_IMAGE);
        if (deleteDockerImagesByLabelKey.length() > 0) {
            this.log.warn("Failed to delete Docker Image {}", deleteDockerImagesByLabelKey);
        }
    }
}
