package hudson.cli;

import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import hudson.util.QuotedStringTokenizer;
import io.jenkins.cli.shaded.org.apache.sshd.client.SshClient;
import io.jenkins.cli.shaded.org.apache.sshd.client.channel.ChannelExec;
import io.jenkins.cli.shaded.org.apache.sshd.client.channel.ClientChannelEvent;
import io.jenkins.cli.shaded.org.apache.sshd.client.future.ConnectFuture;
import io.jenkins.cli.shaded.org.apache.sshd.client.keyverifier.DefaultKnownHostsServerKeyVerifier;
import io.jenkins.cli.shaded.org.apache.sshd.client.keyverifier.ServerKeyVerifier;
import io.jenkins.cli.shaded.org.apache.sshd.client.session.ClientSession;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.io.input.NoCloseInputStream;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.io.output.NoCloseOutputStream;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.security.SecurityUtils;
import java.io.IOException;
import java.net.SocketAddress;
import java.net.SocketTimeoutException;
import java.net.URL;
import java.net.URLConnection;
import java.security.KeyPair;
import java.security.PublicKey;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;

/* loaded from: input_file:WEB-INF/lib/cli-2.452-rc34819.13b_5760f87de.jar:hudson/cli/SSHCLI.class */
class SSHCLI {
    /* JADX INFO: Access modifiers changed from: package-private */
    public static int sshConnection(String str, String str2, List<String> list, PrivateKeyProvider privateKeyProvider, final boolean z) throws IOException {
        Logger.getLogger(SecurityUtils.class.getName()).setLevel(Level.WARNING);
        URLConnection openConnection = openConnection(new URL(str + "login"));
        CLI.verifyJenkinsConnection(openConnection);
        String headerField = openConnection.getHeaderField("X-SSH-Endpoint");
        if (headerField == null) {
            CLI.LOGGER.warning("No header 'X-SSH-Endpoint' returned by Jenkins");
            return -1;
        }
        CLI.LOGGER.log(Level.FINE, "Connecting via SSH to: {0}", headerField);
        int parseInt = Integer.parseInt(headerField.split(":")[1]);
        String str3 = headerField.split(":")[0];
        StringBuilder sb = new StringBuilder();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            sb.append(QuotedStringTokenizer.quote(it.next()));
            sb.append(' ');
        }
        SshClient upDefaultClient = SshClient.setUpDefaultClient();
        try {
            upDefaultClient.setServerKeyVerifier(new DefaultKnownHostsServerKeyVerifier(new ServerKeyVerifier() { // from class: hudson.cli.SSHCLI.1
                @Override // io.jenkins.cli.shaded.org.apache.sshd.client.keyverifier.ServerKeyVerifier
                public boolean verifyServerKey(ClientSession clientSession, SocketAddress socketAddress, PublicKey publicKey) {
                    CLI.LOGGER.log(Level.WARNING, "Unknown host key for {0}", socketAddress.toString());
                    return !z;
                }
            }, true));
            upDefaultClient.start();
            ConnectFuture connect = upDefaultClient.connect(str2, str3, parseInt);
            connect.await();
            try {
                ClientSession session = connect.getSession2();
                try {
                    for (KeyPair keyPair : privateKeyProvider.getKeys()) {
                        CLI.LOGGER.log(Level.FINE, "Offering {0} private key", keyPair.getPrivate().getAlgorithm());
                        session.addPublicKeyIdentity(keyPair);
                    }
                    session.auth().verify(10000L);
                    ChannelExec createExecChannel = session.createExecChannel(sb.toString());
                    try {
                        createExecChannel.setIn(new NoCloseInputStream(System.in));
                        createExecChannel.setOut(new NoCloseOutputStream(System.out));
                        createExecChannel.setErr(new NoCloseOutputStream(System.err));
                        createExecChannel.open().await();
                        if (createExecChannel.waitFor(List.of(ClientChannelEvent.CLOSED), 0L).contains(ClientChannelEvent.TIMEOUT)) {
                            throw new SocketTimeoutException("Failed to retrieve command result in time: " + sb);
                        }
                        int intValue = createExecChannel.getExitStatus().intValue();
                        if (createExecChannel != null) {
                            createExecChannel.close();
                        }
                        if (session != null) {
                            session.close();
                        }
                        if (upDefaultClient != null) {
                            upDefaultClient.close();
                        }
                        return intValue;
                    } catch (Throwable th) {
                        if (createExecChannel != null) {
                            try {
                                createExecChannel.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        }
                        throw th;
                    }
                } catch (Throwable th3) {
                    if (session != null) {
                        try {
                            session.close();
                        } catch (Throwable th4) {
                            th3.addSuppressed(th4);
                        }
                    }
                    throw th3;
                }
            } finally {
                upDefaultClient.stop();
            }
        } catch (Throwable th5) {
            if (upDefaultClient != null) {
                try {
                    upDefaultClient.close();
                } catch (Throwable th6) {
                    th5.addSuppressed(th6);
                }
            }
            throw th5;
        }
    }

    @SuppressFBWarnings(value = {"URLCONNECTION_SSRF_FD"}, justification = "Client-side code doesn't involve SSRF.")
    private static URLConnection openConnection(URL url) throws IOException {
        return url.openConnection();
    }

    private SSHCLI() {
    }
}
