package org.jenkinsci.remoting.engine;

import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import hudson.remoting.Channel;
import hudson.remoting.SocketChannelStream;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.Socket;
import java.nio.charset.Charset;
import java.security.SecureRandom;
import java.util.Random;
import java.util.concurrent.ExecutorService;
import javax.annotation.Nonnull;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import org.jenkinsci.remoting.nio.NioChannelHub;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/jenkins-cli.jar:org/jenkinsci/remoting/engine/JnlpServer3Handshake.class
  input_file:WEB-INF/lib/remoting-2.62.jar:org/jenkinsci/remoting/engine/JnlpServer3Handshake.class
  input_file:WEB-INF/slave.jar:org/jenkinsci/remoting/engine/JnlpServer3Handshake.class
 */
/* loaded from: input_file:WEB-INF/remoting.jar:org/jenkinsci/remoting/engine/JnlpServer3Handshake.class */
public abstract class JnlpServer3Handshake extends JnlpServerHandshake {
    protected String cookie;
    private HandshakeCiphers handshakeCiphers;
    private String nodeName;
    static final String COOKIE_NAME = JnlpProtocol3.class.getName() + ".cookie";
    private static final Random RANDOM = new SecureRandom();

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Classes with same name are omitted:
      input_file:WEB-INF/jenkins-cli.jar:org/jenkinsci/remoting/engine/JnlpServer3Handshake$Failure.class
      input_file:WEB-INF/lib/remoting-2.62.jar:org/jenkinsci/remoting/engine/JnlpServer3Handshake$Failure.class
      input_file:WEB-INF/slave.jar:org/jenkinsci/remoting/engine/JnlpServer3Handshake$Failure.class
     */
    @SuppressFBWarnings(value = {"SIC_INNER_SHOULD_BE_STATIC"}, justification = "It's an issue, but the class is being used in the core now")
    /* loaded from: input_file:WEB-INF/remoting.jar:org/jenkinsci/remoting/engine/JnlpServer3Handshake$Failure.class */
    public class Failure extends Exception {
        public Failure(String str) {
            super(str);
        }
    }

    public JnlpServer3Handshake(NioChannelHub nioChannelHub, ExecutorService executorService, Socket socket) throws IOException {
        super(nioChannelHub, executorService, socket);
    }

    public String getNodeName() {
        return this.nodeName;
    }

    public Channel connect() throws IOException, InterruptedException {
        try {
            this.out.println("Negotiate");
            this.request.load(new ByteArrayInputStream(this.in.readUTF().getBytes(Charset.forName("UTF-8"))));
            this.nodeName = this.request.getProperty(JnlpProtocol3.SLAVE_NAME_KEY);
            this.handshakeCiphers = HandshakeCiphers.create(this.nodeName, getNodeSecret(this.nodeName));
            authenticateToSlave();
            if (getRequestProperty("Cookie") != null) {
                this.cookie = this.handshakeCiphers.decrypt(getRequestProperty("Cookie"));
            }
            validateSlave();
            this.out.println("Welcome");
            String str = null;
            String str2 = null;
            for (int i = 0; i < 110; i++) {
                if (i >= 100) {
                    throw new IOException("JENKINS-37140 got really unlucky with the random number generator");
                }
                str = generateCookie();
                str2 = this.handshakeCiphers.encrypt(str);
                if (str2.indexOf(10) == -1) {
                    break;
                }
            }
            this.out.println(str2);
            ChannelCiphers create = ChannelCiphers.create(Jnlp3Util.keyFromString(this.handshakeCiphers.decrypt(this.in.readUTF())), Jnlp3Util.keyFromString(this.handshakeCiphers.decrypt(this.in.readUTF())));
            Channel build = createChannelBuilder(this.nodeName).build(new CipherInputStream(SocketChannelStream.in(this.socket), create.getDecryptCipher()), new CipherOutputStream(SocketChannelStream.out(this.socket), create.getEncryptCipher()));
            build.setProperty(COOKIE_NAME, str);
            return build;
        } catch (Failure e) {
            error(e.getMessage());
            return null;
        }
    }

    protected abstract String getNodeSecret(String str) throws Failure;

    private void authenticateToSlave() throws IOException, Failure {
        String encrypt = this.handshakeCiphers.encrypt(Jnlp3Util.createChallengeResponse(this.handshakeCiphers.decrypt(this.request.getProperty(JnlpProtocol3.CHALLENGE_KEY))));
        this.out.println(encrypt.getBytes(Charset.forName("UTF-8")).length);
        this.out.print(encrypt);
        this.out.flush();
        if (!this.in.readUTF().equals("Welcome")) {
            throw new Failure("Slave did not accept our challenge response");
        }
    }

    protected void validateSlave() throws IOException, Failure {
        String generateChallenge = Jnlp3Util.generateChallenge();
        String encrypt = this.handshakeCiphers.encrypt(generateChallenge);
        this.out.println(encrypt.getBytes(Charset.forName("UTF-8")).length);
        this.out.print(encrypt);
        this.out.flush();
        if (!Jnlp3Util.validateChallengeResponse(generateChallenge, this.handshakeCiphers.decrypt(this.in.readUTF()))) {
            throw new Failure("Incorrect master challenge response from slave");
        }
    }

    private String generateCookie() {
        byte[] bArr = new byte[32];
        RANDOM.nextBytes(bArr);
        return toHexString(bArr);
    }

    @Nonnull
    private String toHexString(@Nonnull byte[] bArr) {
        StringBuilder sb = new StringBuilder();
        for (byte b : bArr) {
            int i = b & 255;
            if (i < 16) {
                sb.append('0');
            }
            sb.append(Integer.toHexString(i));
        }
        return sb.toString();
    }
}
