package hudson.cli;

import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import hudson.cli.PlainCLIProtocol;
import io.jenkins.cli.shaded.jakarta.websocket.ClientEndpointConfig;
import io.jenkins.cli.shaded.jakarta.websocket.Endpoint;
import io.jenkins.cli.shaded.jakarta.websocket.EndpointConfig;
import io.jenkins.cli.shaded.jakarta.websocket.Session;
import io.jenkins.cli.shaded.org.glassfish.tyrus.client.ClientManager;
import io.jenkins.cli.shaded.org.glassfish.tyrus.client.ClientProperties;
import io.jenkins.cli.shaded.org.glassfish.tyrus.client.SslEngineConfigurator;
import io.jenkins.cli.shaded.org.glassfish.tyrus.container.jdk.client.JdkClientContainer;
import j2html.attributes.Attr;
import java.io.DataInputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.URI;
import java.net.URL;
import java.net.URLConnection;
import java.nio.ByteBuffer;
import java.nio.charset.Charset;
import java.nio.file.Files;
import java.nio.file.InvalidPathException;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Properties;
import java.util.logging.Handler;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;

@SuppressFBWarnings(value = {"CRLF_INJECTION_LOGS"}, justification = "We don't care about this behavior")
/* loaded from: input_file:WEB-INF/lib/cli-2.454-rc34828.08b_0e94ce531.jar:hudson/cli/CLI.class */
public class CLI {
    static final Logger LOGGER = Logger.getLogger(CLI.class.getName());
    private static final int PING_INTERVAL = Integer.getInteger(CLI.class.getName() + ".pingInterval", 3000).intValue();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/cli-2.454-rc34828.08b_0e94ce531.jar:hudson/cli/CLI$ClientSideImpl.class */
    public static final class ClientSideImpl extends PlainCLIProtocol.ClientSide {
        volatile boolean complete;
        private int exit;

        ClientSideImpl(PlainCLIProtocol.Output output) {
            super(output);
            this.exit = -1;
        }

        /* JADX WARN: Type inference failed for: r0v7, types: [hudson.cli.CLI$ClientSideImpl$1] */
        void start(List<String> list) throws IOException {
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                sendArg(it.next());
            }
            sendEncoding(Charset.defaultCharset().name());
            sendLocale(Locale.getDefault().toString());
            sendStart();
            new Thread("input reader") { // from class: hudson.cli.CLI.ClientSideImpl.1
                @Override // java.lang.Thread, java.lang.Runnable
                public void run() {
                    int read;
                    try {
                        OutputStream streamStdin = ClientSideImpl.this.streamStdin();
                        byte[] bArr = new byte[60000];
                        while (!ClientSideImpl.this.complete && (read = System.in.read(bArr)) != -1) {
                            streamStdin.write(bArr, 0, read);
                        }
                        ClientSideImpl.this.sendEndStdin();
                    } catch (IOException e) {
                        CLI.LOGGER.log(Level.WARNING, (String) null, (Throwable) e);
                    }
                }
            }.start();
        }

        @Override // hudson.cli.PlainCLIProtocol.ClientSide
        protected synchronized void onExit(int i) {
            this.exit = i;
            finished();
        }

        @Override // hudson.cli.PlainCLIProtocol.ClientSide
        protected void onStdout(byte[] bArr) throws IOException {
            System.out.write(bArr);
        }

        @Override // hudson.cli.PlainCLIProtocol.ClientSide
        protected void onStderr(byte[] bArr) throws IOException {
            System.err.write(bArr);
        }

        @Override // hudson.cli.PlainCLIProtocol.EitherSide
        protected void handleClose() {
            finished();
        }

        private synchronized void finished() {
            this.complete = true;
            notifyAll();
        }

        synchronized int exit() throws InterruptedException {
            while (!this.complete) {
                wait();
            }
            return this.exit;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/cli-2.454-rc34828.08b_0e94ce531.jar:hudson/cli/CLI$Mode.class */
    public enum Mode {
        HTTP,
        SSH,
        WEB_SOCKET
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/cli-2.454-rc34828.08b_0e94ce531.jar:hudson/cli/CLI$NotTalkingToJenkinsException.class */
    public static final class NotTalkingToJenkinsException extends IOException {
        /* JADX INFO: Access modifiers changed from: package-private */
        public NotTalkingToJenkinsException(String str) {
            super(str);
        }

        NotTalkingToJenkinsException(URLConnection uRLConnection) {
            super("There's no Jenkins running at " + uRLConnection.getURL().toString());
        }
    }

    private CLI() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void verifyJenkinsConnection(URLConnection uRLConnection) throws IOException {
        if (uRLConnection.getHeaderField("X-Hudson") == null && uRLConnection.getHeaderField("X-Jenkins") == null) {
            throw new NotTalkingToJenkinsException(uRLConnection);
        }
    }

    public static void main(String[] strArr) throws Exception {
        try {
            System.exit(_main(strArr));
        } catch (NotTalkingToJenkinsException e) {
            System.err.println(e.getMessage());
            System.exit(3);
        } catch (Throwable th) {
            th.printStackTrace();
            System.exit(-1);
        }
    }

    public static int _main(String[] strArr) throws Exception {
        List asList = Arrays.asList(strArr);
        PrivateKeyProvider privateKeyProvider = new PrivateKeyProvider();
        String str = System.getenv("JENKINS_URL");
        if (str == null) {
            str = System.getenv("HUDSON_URL");
        }
        boolean z = false;
        Mode mode = null;
        String str2 = null;
        String str3 = null;
        String str4 = null;
        String str5 = System.getenv("JENKINS_USER_ID");
        String str6 = System.getenv("JENKINS_API_TOKEN");
        boolean z2 = false;
        boolean z3 = false;
        while (!asList.isEmpty()) {
            String str7 = (String) asList.get(0);
            if (str7.equals("-version")) {
                System.out.println("Version: " + computeVersion());
                return 0;
            }
            if (str7.equals("-http")) {
                if (mode != null) {
                    printUsage("-http clashes with previously defined mode " + mode);
                    return -1;
                }
                mode = Mode.HTTP;
                asList = asList.subList(1, asList.size());
            } else if (str7.equals("-ssh")) {
                if (mode != null) {
                    printUsage("-ssh clashes with previously defined mode " + mode);
                    return -1;
                }
                mode = Mode.SSH;
                asList = asList.subList(1, asList.size());
            } else if (str7.equals("-webSocket")) {
                if (mode != null) {
                    printUsage("-webSocket clashes with previously defined mode " + mode);
                    return -1;
                }
                mode = Mode.WEB_SOCKET;
                asList = asList.subList(1, asList.size());
            } else {
                if (str7.equals("-remoting")) {
                    printUsage("-remoting mode is no longer supported");
                    return -1;
                }
                if (str7.equals("-s") && asList.size() >= 2) {
                    str = (String) asList.get(1);
                    asList = asList.subList(2, asList.size());
                } else if (str7.equals("-noCertificateCheck")) {
                    LOGGER.info("Skipping HTTPS certificate checks altogether. Note that this is not secure at all.");
                    z3 = true;
                    asList = asList.subList(1, asList.size());
                } else if (str7.equals("-noKeyAuth")) {
                    z = true;
                    asList = asList.subList(1, asList.size());
                } else if (str7.equals("-i") && asList.size() >= 2) {
                    File fileFromArguments = getFileFromArguments(asList);
                    if (!fileFromArguments.exists()) {
                        printUsage(hudson.cli.client.Messages.CLI_NoSuchFileExists(fileFromArguments));
                        return -1;
                    }
                    privateKeyProvider.readFrom(fileFromArguments);
                    asList = asList.subList(2, asList.size());
                } else if (str7.equals("-strictHostKey")) {
                    z2 = true;
                    asList = asList.subList(1, asList.size());
                } else if (str7.equals("-user") && asList.size() >= 2) {
                    str2 = (String) asList.get(1);
                    asList = asList.subList(2, asList.size());
                } else if (str7.equals("-auth") && asList.size() >= 2) {
                    str3 = (String) asList.get(1);
                    asList = asList.subList(2, asList.size());
                } else if (str7.equals("-bearer") && asList.size() >= 2) {
                    str4 = (String) asList.get(1);
                    asList = asList.subList(2, asList.size());
                } else {
                    if (!str7.equals("-logger") || asList.size() < 2) {
                        break;
                    }
                    Level parse = Level.parse((String) asList.get(1));
                    for (Handler handler : Logger.getLogger("").getHandlers()) {
                        handler.setLevel(parse);
                    }
                    for (Logger logger : new Logger[]{LOGGER, FullDuplexHttpStream.LOGGER, PlainCLIProtocol.LOGGER, Logger.getLogger("io.jenkins.cli.shaded.org.apache.sshd")}) {
                        logger.setLevel(parse);
                    }
                    asList = asList.subList(2, asList.size());
                }
            }
        }
        if (str == null) {
            printUsage(hudson.cli.client.Messages.CLI_NoURL());
            return -1;
        }
        if (str3 != null && str4 != null) {
            LOGGER.warning("-auth and -bearer are mutually exclusive");
        }
        if (str3 == null && str4 == null) {
            if (str5 != null && !str5.isBlank() && str6 != null && !str6.isBlank()) {
                str3 = str5.concat(":").concat(str6);
            } else if ((str5 != null && !str5.isBlank()) || (str6 != null && !str6.isBlank())) {
                printUsage(hudson.cli.client.Messages.CLI_BadAuth());
                return -1;
            }
        }
        if (!str.endsWith("/")) {
            str = str + "/";
        }
        if (asList.isEmpty()) {
            asList = List.of("help");
        }
        if (mode == null) {
            mode = Mode.WEB_SOCKET;
        }
        LOGGER.log(Level.FINE, "using connection mode {0}", mode);
        if (str2 != null && str3 != null) {
            LOGGER.warning("-user and -auth are mutually exclusive");
        }
        if (mode == Mode.SSH) {
            if (str2 == null) {
                LOGGER.warning("-user required when using -ssh");
                return -1;
            }
            if (!z && !privateKeyProvider.hasKeys()) {
                privateKeyProvider.readFromDefaultLocations();
            }
            return SSHCLI.sshConnection(str, str2, asList, privateKeyProvider, z2);
        }
        if (z2) {
            LOGGER.warning("-strictHostKey meaningful only with -ssh");
        }
        if (z) {
            LOGGER.warning("-noKeyAuth meaningful only with -ssh");
        }
        if (str2 != null) {
            LOGGER.warning("Warning: -user ignored unless using -ssh");
        }
        CLIConnectionFactory noCertificateCheck = new CLIConnectionFactory().noCertificateCheck(z3);
        String userInfo = new URL(str).getUserInfo();
        if (userInfo != null) {
            noCertificateCheck = noCertificateCheck.basicAuth(userInfo);
        } else if (str3 != null) {
            noCertificateCheck = noCertificateCheck.basicAuth(str3.startsWith("@") ? readAuthFromFile(str3).trim() : str3);
        } else if (str4 != null) {
            noCertificateCheck = noCertificateCheck.bearerAuth(str4.startsWith("@") ? readAuthFromFile(str4).trim() : str4);
        }
        if (mode == Mode.HTTP) {
            return plainHttpConnection(str, asList, noCertificateCheck);
        }
        if (mode == Mode.WEB_SOCKET) {
            return webSocketConnection(str, asList, noCertificateCheck);
        }
        throw new AssertionError();
    }

    @SuppressFBWarnings(value = {"PATH_TRAVERSAL_IN", "URLCONNECTION_SSRF_FD"}, justification = "User provided values for running the program.")
    private static String readAuthFromFile(String str) throws IOException {
        try {
            return Files.readString(Paths.get(str.substring(1), new String[0]), Charset.defaultCharset());
        } catch (InvalidPathException e) {
            throw new IOException(e);
        }
    }

    @SuppressFBWarnings(value = {"PATH_TRAVERSAL_IN", "URLCONNECTION_SSRF_FD"}, justification = "User provided values for running the program.")
    private static File getFileFromArguments(List<String> list) {
        return new File(list.get(1));
    }

    private static int webSocketConnection(String str, List<String> list, final CLIConnectionFactory cLIConnectionFactory) throws Exception {
        LOGGER.fine(() -> {
            return "Trying to connect to " + str + " via plain protocol over WebSocket";
        });
        ClientManager createClient = ClientManager.createClient(JdkClientContainer.class.getName());
        createClient.getProperties().put(ClientProperties.REDIRECT_ENABLED, true);
        if (cLIConnectionFactory.noCertificateCheck) {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, new TrustManager[]{new NoCheckTrustManager()}, new SecureRandom());
            SslEngineConfigurator sslEngineConfigurator = new SslEngineConfigurator(sSLContext);
            sslEngineConfigurator.setHostnameVerifier((str2, sSLSession) -> {
                return true;
            });
            createClient.getProperties().put("io.jenkins.cli.shaded.org.glassfish.tyrus.client.sslEngineConfigurator", sslEngineConfigurator);
        }
        final Session connectToServer = createClient.connectToServer(new Endpoint() { // from class: hudson.cli.CLI.1CLIEndpoint
            @Override // io.jenkins.cli.shaded.jakarta.websocket.Endpoint
            public void onOpen(Session session, EndpointConfig endpointConfig) {
            }
        }, ClientEndpointConfig.Builder.create().configurator(new ClientEndpointConfig.Configurator() { // from class: hudson.cli.CLI.1Authenticator
            @Override // io.jenkins.cli.shaded.jakarta.websocket.ClientEndpointConfig.Configurator
            public void beforeRequest(Map<String, List<String>> map) {
                if (CLIConnectionFactory.this.authorization != null) {
                    map.put("Authorization", List.of(CLIConnectionFactory.this.authorization));
                }
            }
        }).build(), URI.create(str.replaceFirst("^http", "ws") + "cli/ws"));
        ClientSideImpl clientSideImpl = new ClientSideImpl(new PlainCLIProtocol.Output() { // from class: hudson.cli.CLI.1
            @Override // hudson.cli.PlainCLIProtocol.Output
            public void send(byte[] bArr) throws IOException {
                Session.this.getBasicRemote().sendBinary(ByteBuffer.wrap(bArr));
            }

            @Override // java.io.Closeable, java.lang.AutoCloseable
            public void close() throws IOException {
                Session.this.close();
            }
        });
        try {
            connectToServer.addMessageHandler(InputStream.class, inputStream -> {
                try {
                    clientSideImpl.handle(new DataInputStream(inputStream));
                } catch (IOException e) {
                    LOGGER.log(Level.WARNING, (String) null, (Throwable) e);
                }
            });
            clientSideImpl.start(list);
            int exit = clientSideImpl.exit();
            clientSideImpl.close();
            return exit;
        } catch (Throwable th) {
            try {
                clientSideImpl.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    /* JADX WARN: Type inference failed for: r0v14, types: [hudson.cli.CLI$2] */
    private static int plainHttpConnection(String str, List<String> list, CLIConnectionFactory cLIConnectionFactory) throws GeneralSecurityException, IOException, InterruptedException {
        LOGGER.log(Level.FINE, "Trying to connect to {0} via plain protocol over HTTP", str);
        if (cLIConnectionFactory.noCertificateCheck) {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, new TrustManager[]{new NoCheckTrustManager()}, new SecureRandom());
            HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
            HttpsURLConnection.setDefaultHostnameVerifier((str2, sSLSession) -> {
                return true;
            });
        }
        FullDuplexHttpStream fullDuplexHttpStream = new FullDuplexHttpStream(new URL(str), "cli?remoting=false", cLIConnectionFactory.authorization);
        final ClientSideImpl clientSideImpl = new ClientSideImpl(new PlainCLIProtocol.FramedOutput(fullDuplexHttpStream.getOutputStream()));
        try {
            clientSideImpl.start(list);
            InputStream inputStream = fullDuplexHttpStream.getInputStream();
            if (inputStream.read() != 0) {
                throw new IOException("expected to see initial zero byte; perhaps you are connecting to an old server which does not support -http?");
            }
            new PlainCLIProtocol.FramedReader(clientSideImpl, inputStream).start();
            new Thread(Attr.PING) { // from class: hudson.cli.CLI.2
                @Override // java.lang.Thread, java.lang.Runnable
                public void run() {
                    try {
                        Thread.sleep(CLI.PING_INTERVAL);
                        while (!clientSideImpl.complete) {
                            CLI.LOGGER.fine("sending ping");
                            clientSideImpl.sendEncoding(Charset.defaultCharset().name());
                            Thread.sleep(CLI.PING_INTERVAL);
                        }
                    } catch (IOException | InterruptedException e) {
                        CLI.LOGGER.log(Level.WARNING, (String) null, e);
                    }
                }
            }.start();
            int exit = clientSideImpl.exit();
            clientSideImpl.close();
            return exit;
        } catch (Throwable th) {
            try {
                clientSideImpl.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private static String computeVersion() {
        Properties properties = new Properties();
        try {
            InputStream resourceAsStream = CLI.class.getResourceAsStream("/jenkins/cli/jenkins-cli-version.properties");
            if (resourceAsStream != null) {
                try {
                    properties.load(resourceAsStream);
                } finally {
                }
            }
            if (resourceAsStream != null) {
                resourceAsStream.close();
            }
        } catch (IOException e) {
            e.printStackTrace();
        }
        return properties.getProperty("version", "?");
    }

    public static KeyPair loadKey(File file, String str) throws IOException, GeneralSecurityException {
        return PrivateKeyProvider.loadKey(file, str);
    }

    public static KeyPair loadKey(File file) throws IOException, GeneralSecurityException {
        return loadKey(file, (String) null);
    }

    public static KeyPair loadKey(String str, String str2) throws IOException, GeneralSecurityException {
        return PrivateKeyProvider.loadKey(str, str2);
    }

    public static KeyPair loadKey(String str) throws IOException, GeneralSecurityException {
        return loadKey(str, (String) null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String usage() {
        return hudson.cli.client.Messages.CLI_Usage();
    }

    private static void printUsage(String str) {
        if (str != null) {
            System.out.println(str);
        }
        System.err.println(usage());
    }
}
