package io.jenkins.plugins.wiz;

import hudson.AbortException;
import hudson.FilePath;
import hudson.ProxyConfiguration;
import hudson.model.TaskListener;
import io.jenkins.plugins.wiz.PGPVerifier;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.util.logging.Level;
import java.util.logging.Logger;
import jenkins.model.Jenkins;
import jenkins.security.MasterToSlaveCallable;
import org.apache.commons.lang3.SystemUtils;

/* loaded from: input_file:io/jenkins/plugins/wiz/WizCliDownloader.class */
public class WizCliDownloader {
    private static final Logger LOGGER = Logger.getLogger(WizCliDownloader.class.getName());
    private static final int DOWNLOAD_TIMEOUT = 60000;
    private static final int CONNECT_TIMEOUT = 10000;
    private static final String PUBLIC_KEY_RESOURCE = "/io/jenkins/plugins/wiz/public_key.asc";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/jenkins/plugins/wiz/WizCliDownloader$VerifySignatureCallable.class */
    public static class VerifySignatureCallable extends MasterToSlaveCallable<Boolean, IOException> {
        private final FilePath sha256File;
        private final FilePath signaturePath;
        private final FilePath publicKeyPath;

        public VerifySignatureCallable(FilePath filePath, FilePath filePath2, FilePath filePath3) {
            this.sha256File = filePath;
            this.signaturePath = filePath2;
            this.publicKeyPath = filePath3;
        }

        /* renamed from: call, reason: merged with bridge method [inline-methods] */
        public Boolean m5call() throws IOException {
            try {
                return Boolean.valueOf(new PGPVerifier().verifySignatureFromFiles(this.sha256File.getRemote(), this.signaturePath.getRemote(), this.publicKeyPath.getRemote()));
            } catch (PGPVerifier.PGPVerificationException e) {
                throw new IOException("PGP verification failed", e);
            }
        }
    }

    public static WizCliSetup setupWizCli(FilePath filePath, String str, TaskListener taskListener) throws IOException {
        try {
            WizInputValidator.validateWizCliUrl(str);
            boolean parseBoolean = Boolean.parseBoolean(((String[]) filePath.act(new MasterToSlaveCallable<String[], IOException>() { // from class: io.jenkins.plugins.wiz.WizCliDownloader.1
                /* renamed from: call, reason: merged with bridge method [inline-methods] */
                public String[] m4call() {
                    return new String[]{String.valueOf(SystemUtils.IS_OS_WINDOWS)};
                }
            }))[0]);
            FilePath child = filePath.child(parseBoolean ? WizCliSetup.WIZCLI_WINDOWS_PATH : WizCliSetup.WIZCLI_UNIX_PATH);
            downloadAndVerifyWizCli(str, child, filePath, taskListener);
            if (!parseBoolean) {
                child.chmod(493);
            }
            return new WizCliSetup(parseBoolean);
        } catch (InterruptedException e) {
            throw new RuntimeException(e);
        } catch (AbortException e2) {
            taskListener.error("Invalid Wiz CLI URL format: " + e2.getMessage());
            throw e2;
        }
    }

    private static void downloadAndVerifyWizCli(String str, FilePath filePath, FilePath filePath2, TaskListener taskListener) throws IOException {
        try {
            taskListener.getLogger().println("Downloading Wiz CLI from: " + str);
            downloadFile(str, filePath);
            taskListener.getLogger().println("Download completed successfully");
            String str2 = str + "-sha256";
            String str3 = str2 + ".sig";
            FilePath child = filePath2.child("wizcli-sha256");
            FilePath child2 = filePath2.child("wizcli-sha256.sig");
            FilePath child3 = filePath2.child("public_key.asc");
            try {
                downloadFile(str2, child);
                downloadFile(str3, child2);
                extractPublicKey(child3);
                verifySignatureAndChecksum(taskListener, filePath, child, child2, child3, filePath2);
                cleanupVerificationFiles(filePath2, taskListener);
            } catch (Throwable th) {
                cleanupVerificationFiles(filePath2, taskListener);
                throw th;
            }
        } catch (Exception e) {
            taskListener.error("Failed to download or verify Wiz CLI: " + e.getMessage());
            throw new AbortException("Failed to setup Wiz CLI: " + e.getMessage());
        }
    }

    private static void extractPublicKey(FilePath filePath) throws IOException {
        try {
            InputStream resourceAsStream = WizCliDownloader.class.getResourceAsStream(PUBLIC_KEY_RESOURCE);
            try {
                if (resourceAsStream == null) {
                    throw new IOException("Could not find public key resource");
                }
                filePath.write(new String(resourceAsStream.readAllBytes(), StandardCharsets.UTF_8), StandardCharsets.UTF_8.name());
                LOGGER.log(Level.FINE, "Public key extracted successfully");
                if (resourceAsStream != null) {
                    resourceAsStream.close();
                }
            } finally {
            }
        } catch (Exception e) {
            LOGGER.log(Level.SEVERE, "Failed to extract public key", (Throwable) e);
            throw new IOException("Failed to extract public key from resources", e);
        }
    }

    private static void downloadFile(String str, FilePath filePath) throws IOException {
        URL url = new URL(str);
        HttpURLConnection httpURLConnection = null;
        InputStream inputStream = null;
        OutputStream outputStream = null;
        try {
            ProxyConfiguration proxy = Jenkins.get().getProxy();
            try {
                httpURLConnection = (HttpURLConnection) (proxy != null ? url.openConnection(proxy.createProxy(url.getHost())) : url.openConnection());
                httpURLConnection.setConnectTimeout(CONNECT_TIMEOUT);
                httpURLConnection.setReadTimeout(DOWNLOAD_TIMEOUT);
                int responseCode = httpURLConnection.getResponseCode();
                if (responseCode != 200) {
                    throw new IOException("Download failed with HTTP code: " + responseCode);
                }
                FilePath parent = filePath.getParent();
                if (parent == null) {
                    throw new IOException("Invalid target path: parent directory is null");
                }
                try {
                    parent.mkdirs();
                    inputStream = httpURLConnection.getInputStream();
                    try {
                        outputStream = filePath.write();
                        byte[] bArr = new byte[8192];
                        while (true) {
                            int read = inputStream.read(bArr);
                            if (read == -1) {
                                break;
                            } else {
                                outputStream.write(bArr, 0, read);
                            }
                        }
                        if (inputStream != null) {
                            try {
                                inputStream.close();
                            } catch (IOException e) {
                                LOGGER.log(Level.WARNING, "Error closing input stream", (Throwable) e);
                            }
                        }
                        if (outputStream != null) {
                            try {
                                outputStream.close();
                            } catch (IOException e2) {
                                LOGGER.log(Level.WARNING, "Error closing output stream", (Throwable) e2);
                            }
                        }
                        if (httpURLConnection != null) {
                            httpURLConnection.disconnect();
                        }
                    } catch (InterruptedException e3) {
                        Thread.currentThread().interrupt();
                        throw new IOException("File download was interrupted", e3);
                    }
                } catch (InterruptedException e4) {
                    Thread.currentThread().interrupt();
                    throw new IOException("Directory creation was interrupted", e4);
                }
            } catch (IllegalArgumentException e5) {
                throw new IOException("Invalid proxy configuration", e5);
            }
        } catch (Throwable th) {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException e6) {
                    LOGGER.log(Level.WARNING, "Error closing input stream", (Throwable) e6);
                }
            }
            if (outputStream != null) {
                try {
                    outputStream.close();
                } catch (IOException e7) {
                    LOGGER.log(Level.WARNING, "Error closing output stream", (Throwable) e7);
                }
            }
            if (httpURLConnection != null) {
                httpURLConnection.disconnect();
            }
            throw th;
        }
    }

    private static void verifySignatureAndChecksum(TaskListener taskListener, FilePath filePath, FilePath filePath2, FilePath filePath3, FilePath filePath4, FilePath filePath5) throws IOException {
        try {
            if (!((Boolean) filePath5.act(new VerifySignatureCallable(filePath2, filePath3, filePath4))).booleanValue()) {
                throw new IOException("GPG signature verification failed");
            }
            verifyChecksum(filePath, filePath2);
            taskListener.getLogger().println("Successfully verified Wiz CLI signature and checksum");
        } catch (Exception e) {
            throw new IOException("GPG signature verification failed: " + e.getMessage(), e);
        }
    }

    private static void verifyChecksum(FilePath filePath, FilePath filePath2) throws IOException, InterruptedException {
        String trim = filePath2.readToString().trim();
        String calculateSHA256 = calculateSHA256(filePath);
        if (!trim.equals(calculateSHA256)) {
            throw new IOException("SHA256 checksum verification failed. Expected: " + trim + ", Actual: " + calculateSHA256);
        }
    }

    private static String calculateSHA256(FilePath filePath) throws IOException {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            byte[] bArr = new byte[8192];
            InputStream read = filePath.read();
            while (true) {
                try {
                    int read2 = read.read(bArr);
                    if (read2 == -1) {
                        break;
                    }
                    messageDigest.update(bArr, 0, read2);
                } finally {
                }
            }
            if (read != null) {
                read.close();
            }
            byte[] digest = messageDigest.digest();
            StringBuilder sb = new StringBuilder();
            for (byte b : digest) {
                String hexString = Integer.toHexString(255 & b);
                if (hexString.length() == 1) {
                    sb.append('0');
                }
                sb.append(hexString);
            }
            return sb.toString();
        } catch (Exception e) {
            throw new IOException("Failed to calculate SHA256: " + e.getMessage(), e);
        }
    }

    private static void cleanupVerificationFiles(FilePath filePath, TaskListener taskListener) {
        for (FilePath filePath2 : new FilePath[]{filePath.child("wizcli-sha256"), filePath.child("wizcli-sha256.sig"), filePath.child("public_key.asc")}) {
            try {
                if (filePath2.exists()) {
                    filePath2.delete();
                    LOGGER.log(Level.FINE, "Deleted verification file: {0}", filePath2.getRemote());
                }
            } catch (Exception e) {
                LOGGER.log(Level.WARNING, "Failed to delete verification file: " + filePath2.getRemote(), (Throwable) e);
                taskListener.getLogger().println("Warning: Failed to delete " + filePath2.getRemote());
            }
        }
    }
}
