package hudson.plugins.ec2;

import com.amazonaws.AmazonClientException;
import com.amazonaws.ClientConfiguration;
import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.auth.DefaultAWSCredentialsProviderChain;
import com.amazonaws.auth.InstanceProfileCredentialsProvider;
import com.amazonaws.auth.STSAssumeRoleSessionCredentialsProvider;
import com.amazonaws.services.ec2.AmazonEC2;
import com.amazonaws.services.ec2.model.DescribeInstancesRequest;
import com.amazonaws.services.ec2.model.DescribeInstancesResult;
import com.amazonaws.services.ec2.model.DescribeSpotInstanceRequestsRequest;
import com.amazonaws.services.ec2.model.DescribeSpotInstanceRequestsResult;
import com.amazonaws.services.ec2.model.Filter;
import com.amazonaws.services.ec2.model.Instance;
import com.amazonaws.services.ec2.model.InstanceStateName;
import com.amazonaws.services.ec2.model.InstanceType;
import com.amazonaws.services.ec2.model.KeyPair;
import com.amazonaws.services.ec2.model.Reservation;
import com.amazonaws.services.ec2.model.SpotInstanceRequest;
import com.amazonaws.services.ec2.model.Tag;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.AmazonS3ClientBuilder;
import com.amazonaws.services.s3.model.GeneratePresignedUrlRequest;
import com.amazonaws.services.securitytoken.AWSSecurityTokenService;
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder;
import com.cloudbees.jenkins.plugins.awscredentials.AWSCredentialsImpl;
import com.cloudbees.jenkins.plugins.awscredentials.AmazonWebServicesCredentials;
import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.CredentialsScope;
import com.cloudbees.plugins.credentials.CredentialsStore;
import com.cloudbees.plugins.credentials.SystemCredentialsProvider;
import com.cloudbees.plugins.credentials.common.StandardListBoxModel;
import com.cloudbees.plugins.credentials.domains.Domain;
import hudson.Extension;
import hudson.ProxyConfiguration;
import hudson.model.Computer;
import hudson.model.Descriptor;
import hudson.model.Label;
import hudson.model.Node;
import hudson.model.PeriodicWork;
import hudson.model.TaskListener;
import hudson.plugins.ec2.SlaveTemplate;
import hudson.plugins.ec2.util.AmazonEC2Factory;
import hudson.security.ACL;
import hudson.slaves.Cloud;
import hudson.slaves.NodeProvisioner;
import hudson.util.FormValidation;
import hudson.util.HttpResponses;
import hudson.util.ListBoxModel;
import hudson.util.Secret;
import hudson.util.StreamTaskListener;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
import java.net.InetSocketAddress;
import java.net.MalformedURLException;
import java.net.Proxy;
import java.net.URL;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.EnumSet;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.Callable;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.locks.ReentrantLock;
import java.util.logging.Level;
import java.util.logging.LogRecord;
import java.util.logging.Logger;
import java.util.logging.SimpleFormatter;
import javax.annotation.CheckForNull;
import javax.servlet.ServletException;
import jenkins.model.Jenkins;
import jenkins.model.JenkinsLocationConfiguration;
import org.apache.commons.lang.StringUtils;
import org.kohsuke.stapler.HttpResponse;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.StaplerResponse;
import org.kohsuke.stapler.interceptor.RequirePOST;

/* loaded from: input_file:hudson/plugins/ec2/EC2Cloud.class */
public abstract class EC2Cloud extends Cloud {
    public static final String DEFAULT_EC2_HOST = "us-east-1";
    public static final String DEFAULT_EC2_ENDPOINT = "https://ec2.amazonaws.com";
    public static final String AWS_URL_HOST = "amazonaws.com";
    public static final String EC2_SLAVE_TYPE_SPOT = "spot";
    public static final String EC2_SLAVE_TYPE_DEMAND = "demand";
    private transient ReentrantLock slaveCountingLock;
    private final boolean useInstanceProfileForCredentials;
    private final String roleArn;
    private final String roleSessionName;

    @CheckForNull
    private String credentialsId;

    @CheckForNull
    @Deprecated
    private transient String accessId;

    @CheckForNull
    @Deprecated
    private transient Secret secretKey;
    private final EC2PrivateKey privateKey;
    private final int instanceCap;
    private final List<? extends SlaveTemplate> templates;
    private transient KeyPair usableKeyPair;
    private volatile transient AmazonEC2 connection;
    private static final Logger LOGGER = Logger.getLogger(EC2Cloud.class.getName());
    private static final SimpleFormatter sf = new SimpleFormatter();

    /* loaded from: input_file:hudson/plugins/ec2/EC2Cloud$DescriptorImpl.class */
    public static abstract class DescriptorImpl extends Descriptor<Cloud> {
        public InstanceType[] getInstanceTypes() {
            return InstanceType.values();
        }

        public FormValidation doCheckUseInstanceProfileForCredentials(@QueryParameter boolean z) {
            if (z) {
                try {
                    new InstanceProfileCredentialsProvider(false).getCredentials();
                } catch (AmazonClientException e) {
                    return FormValidation.error(Messages.EC2Cloud_FailedToObtainCredentialsFromEC2(), new Object[]{e.getMessage()});
                }
            }
            return FormValidation.ok();
        }

        public FormValidation doCheckPrivateKey(@QueryParameter String str) throws IOException, ServletException {
            boolean z = false;
            boolean z2 = false;
            BufferedReader bufferedReader = new BufferedReader(new StringReader(str));
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                }
                if (readLine.equals("-----BEGIN RSA PRIVATE KEY-----")) {
                    z = true;
                }
                if (readLine.equals("-----END RSA PRIVATE KEY-----")) {
                    z2 = true;
                }
            }
            return !z ? FormValidation.error("This doesn't look like a private key at all") : !z2 ? FormValidation.error("The private key is missing the trailing 'END RSA PRIVATE KEY' marker. Copy&paste error?") : FormValidation.ok();
        }

        /* JADX INFO: Access modifiers changed from: protected */
        public FormValidation doTestConnection(URL url, boolean z, String str, String str2, String str3, String str4, String str5) throws IOException, ServletException {
            Jenkins.get().checkPermission(Jenkins.ADMINISTER);
            try {
                AmazonEC2 connect = AmazonEC2Factory.getInstance().connect(EC2Cloud.createCredentialsProvider(z, str, str3, str4, str5), url);
                connect.describeInstances();
                if (str2 == null) {
                    return FormValidation.error("Private key is not specified. Please fill the private key field with a valid one.");
                }
                if (str2.trim().length() > 0) {
                    EC2PrivateKey eC2PrivateKey = new EC2PrivateKey(str2);
                    if (eC2PrivateKey.find(connect) == null) {
                        return FormValidation.error("The EC2 key pair private key isn't registered to this EC2 region (fingerprint is " + eC2PrivateKey.getFingerprint() + ")");
                    }
                }
                return FormValidation.ok(Messages.EC2Cloud_Success());
            } catch (AmazonClientException e) {
                EC2Cloud.LOGGER.log(Level.WARNING, "Failed to check EC2 credential", e);
                return FormValidation.error(e.getMessage());
            }
        }

        @RequirePOST
        public ListBoxModel doFillCredentialsIdItems() {
            Jenkins.get().checkPermission(Jenkins.ADMINISTER);
            return new StandardListBoxModel().withEmptySelection().withMatching(CredentialsMatchers.always(), CredentialsProvider.lookupCredentials(AmazonWebServicesCredentials.class, Jenkins.get(), ACL.SYSTEM, Collections.emptyList()));
        }
    }

    @Extension
    /* loaded from: input_file:hudson/plugins/ec2/EC2Cloud$EC2ConnectionUpdater.class */
    public static class EC2ConnectionUpdater extends PeriodicWork {
        public long getRecurrencePeriod() {
            return TimeUnit.SECONDS.toMillis(60L);
        }

        protected void doRun() throws IOException {
            Jenkins jenkins = Jenkins.get();
            if (jenkins.clouds != null) {
                Iterator it = jenkins.clouds.iterator();
                while (it.hasNext()) {
                    Cloud cloud = (Cloud) it.next();
                    if (cloud instanceof EC2Cloud) {
                        EC2Cloud eC2Cloud = (EC2Cloud) cloud;
                        EC2Cloud.LOGGER.finer(() -> {
                            return "Checking EC2 Connection on: " + eC2Cloud.getDisplayName();
                        });
                        try {
                            if (eC2Cloud.connection != null) {
                                eC2Cloud.connection.describeInstances();
                            }
                        } catch (AmazonClientException e) {
                            EC2Cloud.LOGGER.finer(() -> {
                                return "Reconnecting to EC2 on: " + eC2Cloud.getDisplayName();
                            });
                            eC2Cloud.reconnectToEc2();
                        }
                    }
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public EC2Cloud(String str, boolean z, String str2, String str3, String str4, List<? extends SlaveTemplate> list, String str5, String str6) {
        super(str);
        this.slaveCountingLock = new ReentrantLock();
        this.useInstanceProfileForCredentials = z;
        this.roleArn = str5;
        this.roleSessionName = str6;
        this.credentialsId = str2;
        this.privateKey = new EC2PrivateKey(str3);
        if (list == null) {
            this.templates = Collections.emptyList();
        } else {
            this.templates = list;
        }
        if (str4 == null || str4.isEmpty()) {
            this.instanceCap = Integer.MAX_VALUE;
        } else {
            this.instanceCap = Integer.parseInt(str4);
        }
        readResolve();
    }

    public abstract URL getEc2EndpointUrl() throws IOException;

    public abstract URL getS3EndpointUrl() throws IOException;

    protected Object readResolve() {
        this.slaveCountingLock = new ReentrantLock();
        Iterator<? extends SlaveTemplate> it = this.templates.iterator();
        while (it.hasNext()) {
            it.next().parent = this;
        }
        if (this.accessId != null && this.secretKey != null && this.credentialsId == null) {
            String encryptedValue = this.secretKey.getEncryptedValue();
            for (AmazonWebServicesCredentials amazonWebServicesCredentials : SystemCredentialsProvider.getInstance().getCredentials()) {
                if (amazonWebServicesCredentials instanceof AmazonWebServicesCredentials) {
                    AmazonWebServicesCredentials amazonWebServicesCredentials2 = amazonWebServicesCredentials;
                    AWSCredentials credentials = amazonWebServicesCredentials2.getCredentials();
                    if (this.accessId.equals(credentials.getAWSAccessKeyId()) && Secret.toString(this.secretKey).equals(credentials.getAWSSecretKey())) {
                        this.credentialsId = amazonWebServicesCredentials2.getId();
                        this.accessId = null;
                        this.secretKey = null;
                        return this;
                    }
                }
            }
            for (CredentialsStore credentialsStore : CredentialsProvider.lookupStores(Jenkins.get())) {
                if (credentialsStore instanceof SystemCredentialsProvider.StoreImpl) {
                    try {
                        String uuid = UUID.randomUUID().toString();
                        credentialsStore.addCredentials(Domain.global(), new AWSCredentialsImpl(CredentialsScope.SYSTEM, uuid, this.accessId, encryptedValue, "EC2 Cloud - " + getDisplayName()));
                        this.credentialsId = uuid;
                        this.accessId = null;
                        this.secretKey = null;
                        return this;
                    } catch (IOException e) {
                        this.credentialsId = null;
                        LOGGER.log(Level.WARNING, "Exception converting legacy configuration to the new credentials API", (Throwable) e);
                    }
                }
            }
            LOGGER.log(Level.WARNING, "EC2 Plugin could not migrate credentials to the Jenkins Global Credentials Store, EC2 Plugin for cloud {0} must be manually reconfigured", getDisplayName());
        }
        return this;
    }

    public boolean isUseInstanceProfileForCredentials() {
        return this.useInstanceProfileForCredentials;
    }

    public String getRoleArn() {
        return this.roleArn;
    }

    public String getRoleSessionName() {
        return this.roleSessionName;
    }

    public String getCredentialsId() {
        return this.credentialsId;
    }

    public EC2PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    public String getInstanceCapStr() {
        return this.instanceCap == Integer.MAX_VALUE ? "" : String.valueOf(this.instanceCap);
    }

    public int getInstanceCap() {
        return this.instanceCap;
    }

    public List<SlaveTemplate> getTemplates() {
        return Collections.unmodifiableList(this.templates);
    }

    @CheckForNull
    public SlaveTemplate getTemplate(String str) {
        for (SlaveTemplate slaveTemplate : this.templates) {
            if (slaveTemplate.description.equals(str)) {
                return slaveTemplate;
            }
        }
        return null;
    }

    public SlaveTemplate getTemplate(Label label) {
        for (SlaveTemplate slaveTemplate : this.templates) {
            if (slaveTemplate.getMode() == Node.Mode.NORMAL) {
                if (label == null || label.matches(slaveTemplate.getLabelSet())) {
                    return slaveTemplate;
                }
            } else if (slaveTemplate.getMode() == Node.Mode.EXCLUSIVE && label != null && label.matches(slaveTemplate.getLabelSet())) {
                return slaveTemplate;
            }
        }
        return null;
    }

    public synchronized KeyPair getKeyPair() throws AmazonClientException, IOException {
        if (this.usableKeyPair == null) {
            this.usableKeyPair = this.privateKey.find(connect());
        }
        return this.usableKeyPair;
    }

    @RequirePOST
    public void doAttach(StaplerRequest staplerRequest, StaplerResponse staplerResponse, @QueryParameter String str) throws ServletException, IOException, AmazonClientException {
        checkPermission(PROVISION);
        EC2AbstractSlave attach = getTemplates().get(0).attach(str, new StreamTaskListener(new StringWriter()));
        Jenkins.get().addNode(attach);
        staplerResponse.sendRedirect2(staplerRequest.getContextPath() + "/computer/" + attach.getNodeName());
    }

    @RequirePOST
    public HttpResponse doProvision(@QueryParameter String str) throws ServletException, IOException {
        checkPermission(PROVISION);
        if (str == null) {
            throw HttpResponses.error(400, "The 'template' query parameter is missing");
        }
        SlaveTemplate template = getTemplate(str);
        if (template == null) {
            throw HttpResponses.error(400, "No such template: " + str);
        }
        Jenkins jenkins = Jenkins.get();
        if (jenkins.isQuietingDown()) {
            throw HttpResponses.error(400, "Jenkins instance is quieting down");
        }
        if (jenkins.isTerminating()) {
            throw HttpResponses.error(400, "Jenkins instance is terminating");
        }
        try {
            List<EC2AbstractSlave> newOrExistingAvailableSlave = getNewOrExistingAvailableSlave(template, 1, true);
            if (newOrExistingAvailableSlave == null || newOrExistingAvailableSlave.isEmpty()) {
                throw HttpResponses.error(400, "Cloud or AMI instance cap would be exceeded for: " + str);
            }
            Computer computer = newOrExistingAvailableSlave.get(0).toComputer();
            if (newOrExistingAvailableSlave.get(0).getStopOnTerminate() && computer != null) {
                computer.connect(false);
            }
            jenkins.addNode(newOrExistingAvailableSlave.get(0));
            return HttpResponses.redirectViaContextPath("/computer/" + newOrExistingAvailableSlave.get(0).getNodeName());
        } catch (AmazonClientException e) {
            throw HttpResponses.error(500, e);
        }
    }

    private int countCurrentEC2Slaves(SlaveTemplate slaveTemplate) throws AmazonClientException {
        DescribeInstancesResult describeInstances;
        String url = JenkinsLocationConfiguration.get().getUrl();
        if (url == null) {
            LOGGER.log(Level.WARNING, "No Jenkins server URL specified, it is strongly recommended to open /configure and set the server URL. Not having has disabled the per-master instance cap counting (cf. https://github.com/jenkinsci/ec2-plugin/pull/310)");
        }
        LOGGER.log(Level.FINE, "Counting current slaves: " + (slaveTemplate != null ? " AMI: " + slaveTemplate.getAmi() + " TemplateDesc: " + slaveTemplate.description : " All AMIS") + " Jenkins Server: " + url);
        int i = 0;
        HashSet hashSet = new HashSet();
        String str = slaveTemplate != null ? slaveTemplate.description : null;
        List<Filter> genericFilters = getGenericFilters(url, slaveTemplate);
        genericFilters.add(new Filter("instance-state-name").withValues(new String[]{"running", "pending", "stopping"}));
        DescribeInstancesRequest withFilters = new DescribeInstancesRequest().withFilters(genericFilters);
        do {
            describeInstances = connect().describeInstances(withFilters);
            withFilters.setNextToken(describeInstances.getNextToken());
            Iterator it = describeInstances.getReservations().iterator();
            while (it.hasNext()) {
                for (Instance instance : ((Reservation) it.next()).getInstances()) {
                    if (isEc2ProvisionedAmiSlave(instance.getTags(), str)) {
                        LOGGER.log(Level.FINE, "Existing instance found: " + instance.getInstanceId() + " AMI: " + instance.getImageId() + (slaveTemplate != null ? " Template: " + str : "") + " Jenkins Server: " + url);
                        i++;
                        hashSet.add(instance.getInstanceId());
                    }
                }
            }
        } while (describeInstances.getNextToken() != null);
        return i + countCurrentEC2SpotSlaves(slaveTemplate, url, hashSet);
    }

    private int countCurrentEC2SpotSlaves(SlaveTemplate slaveTemplate, String str, Set<String> set) throws AmazonClientException {
        DescribeSpotInstanceRequestsResult describeSpotInstanceRequests;
        int i = 0;
        String str2 = slaveTemplate != null ? slaveTemplate.description : null;
        List<Filter> genericFilters = getGenericFilters(str, slaveTemplate);
        if (slaveTemplate != null) {
            genericFilters.add(new Filter("launch.image-id").withValues(new String[]{slaveTemplate.getAmi()}));
        }
        DescribeSpotInstanceRequestsRequest withMaxResults = new DescribeSpotInstanceRequestsRequest().withFilters(genericFilters).withMaxResults(100);
        HashSet hashSet = new HashSet();
        do {
            try {
                describeSpotInstanceRequests = connect().describeSpotInstanceRequests(withMaxResults);
                List<SpotInstanceRequest> spotInstanceRequests = describeSpotInstanceRequests.getSpotInstanceRequests();
                withMaxResults.setNextToken(describeSpotInstanceRequests.getNextToken());
                if (spotInstanceRequests != null) {
                    for (SpotInstanceRequest spotInstanceRequest : spotInstanceRequests) {
                        hashSet.add(spotInstanceRequest);
                        if (!spotInstanceRequest.getState().equals("open") && !spotInstanceRequest.getState().equals("active")) {
                            Iterator it = Jenkins.get().getNodes().iterator();
                            while (true) {
                                if (it.hasNext()) {
                                    EC2SpotSlave eC2SpotSlave = (Node) it.next();
                                    try {
                                        if ((eC2SpotSlave instanceof EC2SpotSlave) && eC2SpotSlave.getSpotInstanceRequestId().equals(spotInstanceRequest.getSpotInstanceRequestId())) {
                                            LOGGER.log(Level.INFO, "Removing dead request: " + spotInstanceRequest.getSpotInstanceRequestId() + " AMI: " + spotInstanceRequest.getInstanceId() + " state: " + spotInstanceRequest.getState() + " status: " + spotInstanceRequest.getStatus());
                                            Jenkins.get().removeNode(eC2SpotSlave);
                                            break;
                                        }
                                    } catch (IOException e) {
                                        LOGGER.log(Level.WARNING, "Failed to remove node for dead request: " + spotInstanceRequest.getSpotInstanceRequestId() + " AMI: " + spotInstanceRequest.getInstanceId() + " state: " + spotInstanceRequest.getState() + " status: " + spotInstanceRequest.getStatus(), (Throwable) e);
                                    }
                                }
                            }
                        } else if (spotInstanceRequest.getInstanceId() == null || !set.contains(spotInstanceRequest.getInstanceId())) {
                            if (isEc2ProvisionedAmiSlave(spotInstanceRequest.getTags(), str2)) {
                                LOGGER.log(Level.FINE, "Spot instance request found: " + spotInstanceRequest.getSpotInstanceRequestId() + " AMI: " + spotInstanceRequest.getInstanceId() + " state: " + spotInstanceRequest.getState() + " status: " + spotInstanceRequest.getStatus());
                                i++;
                                if (spotInstanceRequest.getInstanceId() != null) {
                                    set.add(spotInstanceRequest.getInstanceId());
                                }
                            }
                        }
                    }
                }
            } catch (Exception e2) {
                LOGGER.log(Level.FINEST, "Describe spot instance requests failed", (Throwable) e2);
            }
        } while (describeSpotInstanceRequests.getNextToken() != null);
        return i + countJenkinsNodeSpotInstancesWithoutRequests(slaveTemplate, hashSet, set);
    }

    private int countJenkinsNodeSpotInstancesWithoutRequests(SlaveTemplate slaveTemplate, Set<SpotInstanceRequest> set, Set<String> set2) throws AmazonClientException {
        int i = 0;
        for (EC2SpotSlave eC2SpotSlave : Jenkins.get().getNodes()) {
            if (eC2SpotSlave instanceof EC2SpotSlave) {
                EC2SpotSlave eC2SpotSlave2 = eC2SpotSlave;
                SpotInstanceRequest spotRequest = eC2SpotSlave2.getSpotRequest();
                if (spotRequest == null) {
                    LOGGER.log(Level.FINE, "Found spot node without request: " + eC2SpotSlave2.getSpotInstanceRequestId());
                    i++;
                } else if (!set.contains(spotRequest)) {
                    set.add(spotRequest);
                    if (spotRequest.getState().equals("open") || spotRequest.getState().equals("active")) {
                        if (slaveTemplate != null) {
                            for (Tag tag : spotRequest.getTags()) {
                                if (StringUtils.equals(tag.getKey(), EC2Tag.TAG_NAME_JENKINS_SLAVE_TYPE) && StringUtils.equals(tag.getValue(), getSlaveTypeTagValue(EC2_SLAVE_TYPE_SPOT, slaveTemplate.description)) && spotRequest.getLaunchSpecification().getImageId().equals(slaveTemplate.getAmi()) && (spotRequest.getInstanceId() == null || !set2.contains(spotRequest.getInstanceId()))) {
                                    LOGGER.log(Level.FINE, "Spot instance request found (from node): " + spotRequest.getSpotInstanceRequestId() + " AMI: " + spotRequest.getInstanceId() + " state: " + spotRequest.getState() + " status: " + spotRequest.getStatus());
                                    i++;
                                    if (spotRequest.getInstanceId() != null) {
                                        set2.add(spotRequest.getInstanceId());
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
        return i;
    }

    private List<Filter> getGenericFilters(String str, SlaveTemplate slaveTemplate) {
        List<EC2Tag> tags;
        ArrayList arrayList = new ArrayList();
        arrayList.add(new Filter("tag-key").withValues(new String[]{EC2Tag.TAG_NAME_JENKINS_SLAVE_TYPE}));
        if (str != null) {
            arrayList.add(new Filter("tag:jenkins_server_url").withValues(new String[]{str}));
        } else {
            arrayList.add(new Filter("tag-key").withValues(new String[]{EC2Tag.TAG_NAME_JENKINS_SERVER_URL}));
        }
        if (slaveTemplate != null && (tags = slaveTemplate.getTags()) != null) {
            for (EC2Tag eC2Tag : tags) {
                if (eC2Tag.getName() != null && eC2Tag.getValue() != null) {
                    arrayList.add(new Filter("tag:" + eC2Tag.getName()).withValues(new String[]{eC2Tag.getValue()}));
                }
            }
        }
        return arrayList;
    }

    private boolean isEc2ProvisionedAmiSlave(List<Tag> list, String str) {
        for (Tag tag : list) {
            if (StringUtils.equals(tag.getKey(), EC2Tag.TAG_NAME_JENKINS_SLAVE_TYPE)) {
                return str == null || StringUtils.equals(tag.getValue(), EC2_SLAVE_TYPE_DEMAND) || StringUtils.equals(tag.getValue(), EC2_SLAVE_TYPE_SPOT) || StringUtils.equals(tag.getValue(), getSlaveTypeTagValue(EC2_SLAVE_TYPE_DEMAND, str)) || StringUtils.equals(tag.getValue(), getSlaveTypeTagValue(EC2_SLAVE_TYPE_SPOT, str));
            }
        }
        return false;
    }

    private int getPossibleNewSlavesCount(SlaveTemplate slaveTemplate) throws AmazonClientException {
        int countCurrentEC2Slaves = countCurrentEC2Slaves(null);
        int countCurrentEC2Slaves2 = countCurrentEC2Slaves(slaveTemplate);
        int i = this.instanceCap - countCurrentEC2Slaves;
        int instanceCap = slaveTemplate.getInstanceCap() - countCurrentEC2Slaves2;
        LOGGER.log(Level.FINE, "Available Total Slaves: " + i + " Available AMI slaves: " + instanceCap + " AMI: " + slaveTemplate.getAmi() + " TemplateDesc: " + slaveTemplate.description);
        return Math.min(instanceCap, i);
    }

    private List<EC2AbstractSlave> getNewOrExistingAvailableSlave(SlaveTemplate slaveTemplate, int i, boolean z) {
        try {
            this.slaveCountingLock.lock();
            int possibleNewSlavesCount = getPossibleNewSlavesCount(slaveTemplate);
            if (possibleNewSlavesCount <= 0) {
                LOGGER.log(Level.INFO, "{0}. Cannot provision - no capacity for instances: " + possibleNewSlavesCount, slaveTemplate);
                this.slaveCountingLock.unlock();
                return null;
            }
            try {
                EnumSet<SlaveTemplate.ProvisionOptions> of = z ? EnumSet.of(SlaveTemplate.ProvisionOptions.FORCE_CREATE) : EnumSet.of(SlaveTemplate.ProvisionOptions.ALLOW_CREATE);
                if (i > possibleNewSlavesCount) {
                    LOGGER.log(Level.INFO, String.format("%d nodes were requested for the template %s, but because of instance cap only %d can be provisioned", Integer.valueOf(i), slaveTemplate, Integer.valueOf(possibleNewSlavesCount)));
                    i = possibleNewSlavesCount;
                }
                List<EC2AbstractSlave> provision = slaveTemplate.provision(i, of);
                this.slaveCountingLock.unlock();
                return provision;
            } catch (IOException e) {
                LOGGER.log(Level.WARNING, slaveTemplate + ". Exception during provisioning", (Throwable) e);
                this.slaveCountingLock.unlock();
                return null;
            }
        } catch (Throwable th) {
            this.slaveCountingLock.unlock();
            throw th;
        }
    }

    public Collection<NodeProvisioner.PlannedNode> provision(Label label, int i) {
        SlaveTemplate template = getTemplate(label);
        ArrayList arrayList = new ArrayList();
        Jenkins jenkins = Jenkins.get();
        if (jenkins.isQuietingDown()) {
            LOGGER.log(Level.FINE, "Not provisioning nodes, Jenkins instance is quieting down");
            return Collections.emptyList();
        }
        if (jenkins.isTerminating()) {
            LOGGER.log(Level.FINE, "Not provisioning nodes, Jenkins instance is terminating");
            return Collections.emptyList();
        }
        try {
            LOGGER.log(Level.INFO, "{0}. Attempting to provision slave needed by excess workload of " + i + " units", template);
            List<EC2AbstractSlave> newOrExistingAvailableSlave = getNewOrExistingAvailableSlave(template, Math.max(i / template.getNumExecutors(), 1), false);
            if (newOrExistingAvailableSlave == null || newOrExistingAvailableSlave.isEmpty()) {
                LOGGER.warning("Can't raise nodes for " + template);
                return Collections.emptyList();
            }
            for (EC2AbstractSlave eC2AbstractSlave : newOrExistingAvailableSlave) {
                if (eC2AbstractSlave == null) {
                    LOGGER.warning("Can't raise node for " + template);
                } else {
                    arrayList.add(createPlannedNode(template, eC2AbstractSlave));
                    i -= template.getNumExecutors();
                }
            }
            LOGGER.log(Level.INFO, "{0}. Attempting provision finished, excess workload: " + i, template);
            LOGGER.log(Level.INFO, "We have now {0} computers, waiting for {1} more", new Object[]{Integer.valueOf(jenkins.getComputers().length), Integer.valueOf(arrayList.size())});
            return arrayList;
        } catch (AmazonClientException e) {
            LOGGER.log(Level.WARNING, template + ". Exception during provisioning", e);
            return Collections.emptyList();
        }
    }

    public void provision(SlaveTemplate slaveTemplate, int i) {
        Jenkins jenkins = Jenkins.get();
        if (jenkins.isQuietingDown()) {
            LOGGER.log(Level.FINE, "Not provisioning nodes, Jenkins instance is quieting down");
            return;
        }
        if (jenkins.isTerminating()) {
            LOGGER.log(Level.FINE, "Not provisioning nodes, Jenkins instance is terminating");
            return;
        }
        try {
            LOGGER.log(Level.INFO, "{0}. Attempting to provision {1} slave(s)", new Object[]{slaveTemplate, Integer.valueOf(i)});
            List<EC2AbstractSlave> newOrExistingAvailableSlave = getNewOrExistingAvailableSlave(slaveTemplate, i, false);
            if (newOrExistingAvailableSlave == null || newOrExistingAvailableSlave.isEmpty()) {
                LOGGER.warning("Can't raise nodes for " + slaveTemplate);
                return;
            }
            for (EC2AbstractSlave eC2AbstractSlave : newOrExistingAvailableSlave) {
                if (eC2AbstractSlave == null) {
                    LOGGER.warning("Can't raise node for " + slaveTemplate);
                } else {
                    Computer computer = eC2AbstractSlave.toComputer();
                    if (eC2AbstractSlave.getStopOnTerminate() && computer != null) {
                        computer.connect(false);
                    }
                    jenkins.addNode(eC2AbstractSlave);
                }
            }
            LOGGER.log(Level.INFO, "{0}. Attempting provision finished", slaveTemplate);
            LOGGER.log(Level.INFO, "We have now {0} computers, waiting for {1} more", new Object[]{Integer.valueOf(Jenkins.get().getComputers().length), Integer.valueOf(i)});
        } catch (AmazonClientException | IOException e) {
            LOGGER.log(Level.WARNING, slaveTemplate + ". Exception during provisioning", e);
        }
    }

    private NodeProvisioner.PlannedNode createPlannedNode(final SlaveTemplate slaveTemplate, final EC2AbstractSlave eC2AbstractSlave) {
        return new NodeProvisioner.PlannedNode(slaveTemplate.getDisplayName(), Computer.threadPoolForRemoting.submit(new Callable<Node>() { // from class: hudson.plugins.ec2.EC2Cloud.1
            int retryCount = 0;
            private static final int DESCRIBE_LIMIT = 2;

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public Node call() throws Exception {
                while (true) {
                    String instanceId = eC2AbstractSlave.getInstanceId();
                    if (eC2AbstractSlave instanceof EC2SpotSlave) {
                        if (((EC2SpotSlave) eC2AbstractSlave).isSpotRequestDead()) {
                            EC2Cloud.LOGGER.log(Level.WARNING, "{0} Spot request died, can't do anything. Terminate provisioning", slaveTemplate);
                            return null;
                        }
                        if (StringUtils.isEmpty(instanceId)) {
                            Thread.sleep(5000L);
                        }
                    }
                    Instance instanceWithRetry = CloudHelper.getInstanceWithRetry(instanceId, eC2AbstractSlave.getCloud());
                    if (instanceWithRetry == null) {
                        EC2Cloud.LOGGER.log(Level.WARNING, "{0} Can't find instance with instance id `{1}` in cloud {2}. Terminate provisioning ", new Object[]{slaveTemplate, instanceId, eC2AbstractSlave.cloudName});
                        return null;
                    }
                    InstanceStateName fromValue = InstanceStateName.fromValue(instanceWithRetry.getState().getName());
                    if (fromValue.equals(InstanceStateName.Running)) {
                        Computer computer = eC2AbstractSlave.toComputer();
                        if (eC2AbstractSlave.getStopOnTerminate() && computer != null) {
                            computer.connect(false);
                        }
                        EC2Cloud.LOGGER.log(Level.INFO, "{0} Node {1} moved to RUNNING state in {2} seconds and is ready to be connected by Jenkins", new Object[]{slaveTemplate, eC2AbstractSlave.getNodeName(), Long.valueOf(TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis() - instanceWithRetry.getLaunchTime().getTime()))});
                        return eC2AbstractSlave;
                    }
                    if (!fromValue.equals(InstanceStateName.Pending)) {
                        if (this.retryCount >= DESCRIBE_LIMIT) {
                            EC2Cloud.LOGGER.log(Level.WARNING, "Instance {0} did not move to running after {1} attempts, terminating provisioning", new Object[]{instanceId, Integer.valueOf(this.retryCount)});
                            return null;
                        }
                        EC2Cloud.LOGGER.log(Level.INFO, "Attempt {0}: {1}. Node {2} is neither pending, neither running, it''s {3}. Will try again after 5s", new Object[]{Integer.valueOf(this.retryCount), slaveTemplate, eC2AbstractSlave.getNodeName(), fromValue});
                        this.retryCount++;
                    }
                    Thread.sleep(5000L);
                }
            }
        }), slaveTemplate.getNumExecutors());
    }

    public boolean canProvision(Label label) {
        return getTemplate(label) != null;
    }

    protected AWSCredentialsProvider createCredentialsProvider() {
        return createCredentialsProvider(this.useInstanceProfileForCredentials, this.credentialsId);
    }

    public static String getSlaveTypeTagValue(String str, String str2) {
        return str2 != null ? str + "_" + str2 : str;
    }

    public static AWSCredentialsProvider createCredentialsProvider(boolean z, String str) {
        AmazonWebServicesCredentials credentials;
        if (z) {
            return new InstanceProfileCredentialsProvider(false);
        }
        if (!StringUtils.isBlank(str) && (credentials = getCredentials(str)) != null) {
            return new AWSStaticCredentialsProvider(credentials.getCredentials());
        }
        return new DefaultAWSCredentialsProviderChain();
    }

    public static AWSCredentialsProvider createCredentialsProvider(boolean z, String str, String str2, String str3, String str4) {
        AWSCredentialsProvider createCredentialsProvider = createCredentialsProvider(z, str);
        return (StringUtils.isNotEmpty(str2) && StringUtils.isNotEmpty(str3)) ? new STSAssumeRoleSessionCredentialsProvider.Builder(str2, str3).withStsClient((AWSSecurityTokenService) AWSSecurityTokenServiceClientBuilder.standard().withCredentials(createCredentialsProvider).withRegion(str4).withClientConfiguration(createClientConfiguration(convertHostName(str4))).build()).build() : createCredentialsProvider;
    }

    @CheckForNull
    private static AmazonWebServicesCredentials getCredentials(@CheckForNull String str) {
        if (StringUtils.isBlank(str)) {
            return null;
        }
        return CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(AmazonWebServicesCredentials.class, Jenkins.get(), ACL.SYSTEM, Collections.emptyList()), CredentialsMatchers.withId(str));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public AmazonEC2 reconnectToEc2() throws IOException {
        AmazonEC2 amazonEC2;
        synchronized (this) {
            this.connection = AmazonEC2Factory.getInstance().connect(createCredentialsProvider(), getEc2EndpointUrl());
            amazonEC2 = this.connection;
        }
        return amazonEC2;
    }

    public AmazonEC2 connect() throws AmazonClientException {
        try {
            return this.connection != null ? this.connection : reconnectToEc2();
        } catch (IOException e) {
            throw new AmazonClientException("Failed to retrieve the endpoint", e);
        }
    }

    public static ClientConfiguration createClientConfiguration(String str) {
        ClientConfiguration clientConfiguration = new ClientConfiguration();
        clientConfiguration.setMaxErrorRetry(16);
        clientConfiguration.setSignerOverride("AWS4SignerType");
        ProxyConfiguration proxyConfiguration = Jenkins.get().proxy;
        Proxy createProxy = proxyConfiguration == null ? Proxy.NO_PROXY : proxyConfiguration.createProxy(str);
        if (!createProxy.equals(Proxy.NO_PROXY) && (createProxy.address() instanceof InetSocketAddress)) {
            InetSocketAddress inetSocketAddress = (InetSocketAddress) createProxy.address();
            clientConfiguration.setProxyHost(inetSocketAddress.getHostName());
            clientConfiguration.setProxyPort(inetSocketAddress.getPort());
            if (null != proxyConfiguration.getUserName()) {
                clientConfiguration.setProxyUsername(proxyConfiguration.getUserName());
                clientConfiguration.setProxyPassword(proxyConfiguration.getPassword());
            }
        }
        return clientConfiguration;
    }

    public static String convertHostName(String str) {
        if (str == null || str.length() == 0) {
            str = DEFAULT_EC2_HOST;
        }
        if (!str.contains(".")) {
            str = "ec2." + str + "." + AWS_URL_HOST;
        }
        return str;
    }

    public static Integer convertPort(String str) {
        if (str == null || str.length() == 0) {
            return -1;
        }
        return Integer.valueOf(Integer.parseInt(str));
    }

    public URL buildPresignedURL(String str) throws AmazonClientException {
        AWSCredentialsProvider createCredentialsProvider = createCredentialsProvider();
        AWSCredentials credentials = createCredentialsProvider.getCredentials();
        long currentTimeMillis = System.currentTimeMillis() + TimeUnit.MINUTES.toMillis(60L);
        GeneratePresignedUrlRequest generatePresignedUrlRequest = new GeneratePresignedUrlRequest(str, credentials.getAWSSecretKey());
        generatePresignedUrlRequest.setExpiration(new Date(currentTimeMillis));
        return ((AmazonS3) AmazonS3ClientBuilder.standard().withCredentials(createCredentialsProvider).build()).generatePresignedUrl(generatePresignedUrlRequest);
    }

    public static URL checkEndPoint(String str) throws FormValidation {
        try {
            return new URL(str);
        } catch (MalformedURLException e) {
            throw FormValidation.error("Endpoint URL is not a valid URL");
        }
    }

    public static void log(Logger logger, Level level, TaskListener taskListener, String str) {
        log(logger, level, taskListener, str, null);
    }

    public static void log(Logger logger, Level level, TaskListener taskListener, String str, Throwable th) {
        logger.log(level, str, th);
        if (taskListener != null) {
            if (th != null) {
                str = str + " Exception: " + th;
            }
            LogRecord logRecord = new LogRecord(level, str);
            logRecord.setLoggerName(LOGGER.getName());
            taskListener.getLogger().print(sf.format(logRecord));
        }
    }
}
