package jenkins.slaves;

import hudson.Util;
import hudson.security.AccessControlled;
import hudson.security.Permission;
import hudson.slaves.SlaveComputer;
import hudson.util.Secret;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.PrintWriter;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.WriteListener;
import javax.servlet.http.HttpServletResponseWrapper;
import org.apache.sshd.common.config.keys.loader.AESPrivateKeyObfuscator;
import org.kohsuke.stapler.HttpResponse;
import org.kohsuke.stapler.ResponseImpl;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.StaplerResponse;

/* loaded from: input_file:WEB-INF/lib/jenkins-core-2.172-rc28133.56107eab8796.jar:jenkins/slaves/EncryptedSlaveAgentJnlpFile.class */
public class EncryptedSlaveAgentJnlpFile implements HttpResponse {
    private static final Logger LOG = Logger.getLogger(EncryptedSlaveAgentJnlpFile.class.getName());
    private final AccessControlled it;
    private final String viewName;
    private final String slaveName;
    private final Permission connectPermission;

    /* loaded from: input_file:WEB-INF/lib/jenkins-core-2.172-rc28133.56107eab8796.jar:jenkins/slaves/EncryptedSlaveAgentJnlpFile$CapturingServletOutputStream.class */
    private static class CapturingServletOutputStream extends ServletOutputStream {
        private ByteArrayOutputStream baos;

        private CapturingServletOutputStream() {
            this.baos = new ByteArrayOutputStream();
        }

        @Override // javax.servlet.ServletOutputStream
        public boolean isReady() {
            return true;
        }

        @Override // javax.servlet.ServletOutputStream
        public void setWriteListener(WriteListener writeListener) {
            try {
                writeListener.onWritePossible();
            } catch (IOException e) {
                EncryptedSlaveAgentJnlpFile.LOG.log(Level.WARNING, "Failed to notify WriteListener.onWritePossible", (Throwable) e);
            }
        }

        @Override // java.io.OutputStream
        public void write(int i) throws IOException {
            this.baos.write(i);
        }

        @Override // java.io.OutputStream
        public void write(byte[] bArr) throws IOException {
            this.baos.write(bArr);
        }

        @Override // java.io.OutputStream
        public void write(byte[] bArr, int i, int i2) throws IOException {
            this.baos.write(bArr, i, i2);
        }

        byte[] getBytes() {
            return this.baos.toByteArray();
        }
    }

    public EncryptedSlaveAgentJnlpFile(AccessControlled accessControlled, String str, String str2, Permission permission) {
        this.it = accessControlled;
        this.viewName = str;
        this.connectPermission = permission;
        this.slaveName = str2;
    }

    @Override // org.kohsuke.stapler.HttpResponse
    public void generateResponse(StaplerRequest staplerRequest, StaplerResponse staplerResponse, Object obj) throws IOException, ServletException {
        RequestDispatcher view = staplerRequest.getView(this.it, this.viewName);
        if (!"true".equals(staplerRequest.getParameter("encrypt"))) {
            this.it.checkPermission(this.connectPermission);
            view.forward(staplerRequest, staplerResponse);
            return;
        }
        final CapturingServletOutputStream capturingServletOutputStream = new CapturingServletOutputStream();
        view.forward(staplerRequest, new ResponseImpl(staplerRequest.getStapler(), new HttpServletResponseWrapper(staplerResponse) { // from class: jenkins.slaves.EncryptedSlaveAgentJnlpFile.1
            @Override // javax.servlet.ServletResponseWrapper, javax.servlet.ServletResponse
            public ServletOutputStream getOutputStream() throws IOException {
                return capturingServletOutputStream;
            }

            @Override // javax.servlet.ServletResponseWrapper, javax.servlet.ServletResponse
            public PrintWriter getWriter() throws IOException {
                throw new IllegalStateException();
            }
        }));
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        SecretKeySpec secretKeySpec = new SecretKeySpec(this.it instanceof SlaveComputer ? Util.fromHexString(((SlaveComputer) this.it).getJnlpMac()) : JnlpSlaveAgentProtocol.SLAVE_SECRET.mac(this.slaveName.getBytes(StandardCharsets.UTF_8)), 0, 16, AESPrivateKeyObfuscator.CIPHER_NAME);
        try {
            Cipher cipher = Secret.getCipher("AES/CFB8/NoPadding");
            cipher.init(1, secretKeySpec, new IvParameterSpec(bArr));
            byte[] doFinal = cipher.doFinal(capturingServletOutputStream.getBytes());
            staplerResponse.setContentType("application/octet-stream");
            staplerResponse.getOutputStream().write(bArr);
            staplerResponse.getOutputStream().write(doFinal);
        } catch (GeneralSecurityException e) {
            throw new IOException(e);
        }
    }
}
