package hudson.plugins.swarm;

import com.sun.net.httpserver.HttpServer;
import hudson.remoting.Launcher;
import io.jenkins.remoting.shaded.org.glassfish.tyrus.spi.UpgradeRequest;
import io.micrometer.core.instrument.binder.jvm.ClassLoaderMetrics;
import io.micrometer.core.instrument.binder.jvm.JvmGcMetrics;
import io.micrometer.core.instrument.binder.jvm.JvmHeapPressureMetrics;
import io.micrometer.core.instrument.binder.jvm.JvmMemoryMetrics;
import io.micrometer.core.instrument.binder.jvm.JvmThreadMetrics;
import io.micrometer.core.instrument.binder.system.FileDescriptorMetrics;
import io.micrometer.core.instrument.binder.system.ProcessorMetrics;
import io.micrometer.core.instrument.binder.system.UptimeMetrics;
import io.micrometer.prometheus.PrometheusConfig;
import io.micrometer.prometheus.PrometheusMeterRegistry;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.UncheckedIOException;
import java.io.UnsupportedEncodingException;
import java.net.CookieManager;
import java.net.Inet4Address;
import java.net.Inet6Address;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.MalformedURLException;
import java.net.NetworkInterface;
import java.net.SocketException;
import java.net.URI;
import java.net.URL;
import java.net.URLEncoder;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;
import java.util.Properties;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.Text;

/* loaded from: input_file:swarm-client.jar:hudson/plugins/swarm/SwarmClient.class */
public class SwarmClient {
    private static final Logger logger = Logger.getLogger(SwarmClient.class.getName());
    private final Options options;
    private final String hash;
    private String secret;
    private String name;
    private HttpServer prometheusServer = null;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:swarm-client.jar:hudson/plugins/swarm/SwarmClient$Crumb.class */
    public static class Crumb {
        final String crumb;
        final String crumbRequestField;

        Crumb(String str, String str2) {
            this.crumbRequestField = str;
            this.crumb = str2;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:swarm-client.jar:hudson/plugins/swarm/SwarmClient$DefaultTrustManager.class */
    public static class DefaultTrustManager implements X509TrustManager {
        final List<String> allowedFingerprints = new ArrayList();
        final List<X509Certificate> acceptedIssuers = new ArrayList();

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            if (this.allowedFingerprints.isEmpty()) {
                return;
            }
            ArrayList arrayList = new ArrayList();
            for (X509Certificate x509Certificate : x509CertificateArr) {
                try {
                    String encodeHex = SwarmClient.encodeHex(MessageDigest.getInstance("SHA-256").digest(x509Certificate.getEncoded()));
                    SwarmClient.logger.fine("Check fingerprint: " + encodeHex);
                    if (this.allowedFingerprints.contains(encodeHex)) {
                        arrayList.add(x509Certificate);
                        SwarmClient.logger.fine("Found allowed certificate: " + String.valueOf(x509Certificate));
                    }
                } catch (NoSuchAlgorithmException e) {
                    throw new IllegalStateException(e);
                }
            }
            if (arrayList.isEmpty()) {
                throw new CertificateException("Fingerprint mismatch");
            }
            this.acceptedIssuers.addAll(arrayList);
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return (X509Certificate[]) this.acceptedIssuers.toArray(new X509Certificate[0]);
        }

        public DefaultTrustManager(String str) {
            if (str.isEmpty()) {
                return;
            }
            for (String str2 : str.split("\\s+")) {
                String replace = str2.toLowerCase().replace(":", "");
                SwarmClient.logger.fine("Add allowed fingerprint: " + replace);
                this.allowedFingerprints.add(replace);
            }
        }
    }

    public SwarmClient(Options options) {
        this.options = options;
        if (options.disableClientsUniqueId) {
            this.hash = "";
        } else {
            this.hash = hash(options.fsroot);
        }
        this.name = options.name;
        if (options.labelsFile != null) {
            logger.info("Loading labels from " + options.labelsFile + "...");
            try {
                String readString = Files.readString(Paths.get(options.labelsFile, new String[0]), StandardCharsets.UTF_8);
                options.labels.addAll(List.of((Object[]) readString.trim().split("\\s+")));
                logger.info("Labels found in file: " + readString);
                logger.info("Effective label list: " + Arrays.toString(options.labels.toArray()));
            } catch (IOException e) {
                throw new UncheckedIOException("Problem reading labels from file " + options.labelsFile, e);
            }
        }
        if (options.prometheusPort > 0) {
            startPrometheusService(options.prometheusPort);
        }
    }

    public String getName() {
        return this.name;
    }

    public List<String> getOptionsLabels() {
        return this.options.labels;
    }

    public URL getUrl() {
        logger.config("getUrl() invoked");
        if (!this.options.url.endsWith("/")) {
            this.options.url += "/";
        }
        try {
            return new URL(this.options.url);
        } catch (MalformedURLException e) {
            throw new UncheckedIOException(String.format("The URL %s is invalid", this.options.url), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void connect(URL url) throws IOException, RetryException {
        ArrayList arrayList = new ArrayList();
        arrayList.add("-url");
        arrayList.add(url.toString());
        if (this.secret != null) {
            arrayList.add("-secret");
            arrayList.add(this.secret);
        }
        arrayList.add("-name");
        arrayList.add(this.name);
        if (this.options.disableSslVerification) {
            arrayList.add("-noCertificateCheck");
        }
        if (this.options.tunnel != null) {
            arrayList.add("-tunnel");
            arrayList.add(this.options.tunnel);
            logger.fine("Using tunnel through " + this.options.tunnel);
        }
        if (this.options.username != null && this.options.password != null && !this.options.webSocket) {
            arrayList.add("-credentials");
            arrayList.add(this.options.username + ":" + this.options.password);
        }
        if (!this.options.disableWorkDir) {
            String path = this.options.workDir != null ? this.options.workDir.getPath() : this.options.fsroot.getPath();
            arrayList.add("-workDir");
            arrayList.add(path);
            if (this.options.internalDir != null) {
                arrayList.add("-internalDir");
                arrayList.add(this.options.internalDir.getPath());
            }
            if (this.options.failIfWorkDirIsMissing) {
                arrayList.add("-failIfWorkDirIsMissing");
            }
        }
        if (this.options.jarCache != null) {
            arrayList.add("-jar-cache");
            arrayList.add(this.options.jarCache.getPath());
        }
        arrayList.add("-headless");
        arrayList.add("-noReconnect");
        if (this.options.webSocket) {
            arrayList.add("-webSocket");
            if (this.options.webSocketHeaders != null) {
                for (Map.Entry<String, String> entry : this.options.webSocketHeaders.entrySet()) {
                    arrayList.add("-webSocketHeader");
                    arrayList.add(entry.getKey() + "=" + entry.getValue());
                }
            }
        }
        try {
            Launcher.main((String[]) arrayList.toArray(new String[0]));
        } catch (InterruptedException | RuntimeException e) {
            throw new RetryException("Failed to establish connection to " + String.valueOf(url), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static HttpClient createHttpClient(Options options) {
        logger.fine("createHttpClient() invoked");
        HttpClient.Builder newBuilder = HttpClient.newBuilder();
        newBuilder.cookieHandler(new CookieManager());
        if (options.disableSslVerification || !options.sslFingerprints.isEmpty()) {
            try {
                SSLContext sSLContext = SSLContext.getInstance("TLS");
                sSLContext.init(new KeyManager[0], new TrustManager[]{new DefaultTrustManager(options.disableSslVerification ? "" : options.sslFingerprints)}, new SecureRandom());
                newBuilder.sslContext(sSLContext);
                SSLContext.setDefault(sSLContext);
                if (options.disableSslVerification) {
                    System.setProperty("jdk.internal.httpclient.disableHostnameVerification", Boolean.toString(true));
                }
            } catch (GeneralSecurityException e) {
                logger.log(Level.SEVERE, "An error occurred", (Throwable) e);
                throw new IllegalStateException(e);
            }
        }
        return newBuilder.build();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void addAuthorizationHeader(HttpRequest.Builder builder, Options options) {
        logger.fine("addAuthorizationHeader() invoked");
        if (options.username == null || options.password == null) {
            return;
        }
        logger.fine("Setting HttpClient credentials based on options passed");
        builder.header(UpgradeRequest.AUTHORIZATION, "Basic " + Base64.getEncoder().encodeToString((options.username + ":" + options.password).getBytes(StandardCharsets.UTF_8)));
    }

    private static synchronized Crumb getCsrfCrumb(HttpClient httpClient, Options options, URL url) throws IOException, InterruptedException, RetryException {
        logger.finer("getCsrfCrumb() invoked");
        HttpRequest.Builder GET = HttpRequest.newBuilder(URI.create(String.valueOf(url) + "crumbIssuer/api/xml?xpath=" + URLEncoder.encode("concat(//crumbRequestField,\":\",//crumb)", StandardCharsets.UTF_8))).GET();
        addAuthorizationHeader(GET, options);
        HttpResponse send = httpClient.send(GET.build(), HttpResponse.BodyHandlers.ofString());
        if (send.statusCode() != 200) {
            logger.log(Level.SEVERE, String.format("Could not obtain CSRF crumb. Response code: %s%n%s", Integer.valueOf(send.statusCode()), send.body()));
            if (send.statusCode() < 500 || send.statusCode() >= 600) {
                return null;
            }
            throw new RetryException("Failed to obtain CSRF crumb due to an Internal Server Error or similar condition. Response code: " + send.statusCode());
        }
        String str = (String) send.body();
        String[] split = str.split(":");
        if (split.length == 2) {
            return new Crumb(split[0], split[1]);
        }
        logger.log(Level.SEVERE, "Unexpected CSRF crumb response: " + str);
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void createSwarmAgent(URL url) throws IOException, InterruptedException, RetryException {
        logger.fine("createSwarmAgent() invoked");
        String join = String.join(" ", this.options.labels);
        StringBuilder sb = new StringBuilder();
        if (this.options.toolLocations != null) {
            for (Map.Entry<String, String> entry : this.options.toolLocations.entrySet()) {
                sb.append(param("toolLocation", entry.getKey() + ":" + entry.getValue()));
            }
        }
        StringBuilder sb2 = new StringBuilder();
        if (this.options.environmentVariables != null) {
            for (Map.Entry<String, String> entry2 : this.options.environmentVariables.entrySet()) {
                sb2.append(param("environmentVariable", entry2.getKey() + ":" + entry2.getValue()));
            }
        }
        String str = join;
        if (str.length() > 1000) {
            str = "";
        }
        Properties properties = new Properties();
        HttpClient createHttpClient = createHttpClient(this.options);
        HttpRequest.Builder POST = HttpRequest.newBuilder(URI.create(String.valueOf(url) + "plugin/swarm/createSlave?name=" + this.options.name + "&executors=" + this.options.executors + param("remoteFsRoot", this.options.fsroot.getAbsolutePath()) + param("description", this.options.description) + param("labels", str) + String.valueOf(sb) + String.valueOf(sb2) + param("mode", this.options.mode.toUpperCase(Locale.ENGLISH)) + param("hash", this.hash) + param("deleteExistingClients", Boolean.toString(this.options.deleteExistingClients)) + param("keepDisconnectedClients", Boolean.toString(this.options.keepDisconnectedClients)))).POST(HttpRequest.BodyPublishers.noBody());
        addAuthorizationHeader(POST, this.options);
        Crumb csrfCrumb = getCsrfCrumb(createHttpClient, this.options, url);
        if (csrfCrumb != null) {
            POST.header(csrfCrumb.crumbRequestField, csrfCrumb.crumb);
        }
        HttpResponse send = createHttpClient.send(POST.build(), HttpResponse.BodyHandlers.ofInputStream());
        if (send.statusCode() != 200) {
            throw new RetryException(String.format("Failed to create a Swarm agent on Jenkins. Response code: %s%n%s", Integer.valueOf(send.statusCode()), new String(((InputStream) send.body()).readAllBytes(), StandardCharsets.UTF_8)));
        }
        InputStream inputStream = (InputStream) send.body();
        try {
            properties.load(inputStream);
            if (inputStream != null) {
                inputStream.close();
            }
            String property = properties.getProperty("secret");
            if (property != null) {
                this.secret = property.trim();
            }
            String property2 = properties.getProperty("name");
            if (property2 == null) {
                this.name = this.options.name;
                return;
            }
            String trim = property2.trim();
            if (trim.isEmpty()) {
                this.name = this.options.name;
                return;
            }
            this.name = trim;
            if (str.length() != 0 || join.length() <= 0) {
                return;
            }
            String[] split = join.split("\\s+");
            StringBuilder sb3 = new StringBuilder();
            for (String str2 : split) {
                sb3.append(str2);
                sb3.append(" ");
                if (sb3.length() > 1000) {
                    postLabelAppend(trim, sb3.toString(), createHttpClient, this.options, url);
                    sb3 = new StringBuilder();
                }
            }
            if (sb3.length() > 0) {
                postLabelAppend(trim, sb3.toString(), createHttpClient, this.options, url);
            }
        } catch (Throwable th) {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static synchronized void postLabelRemove(String str, String str2, HttpClient httpClient, Options options, URL url) throws IOException, InterruptedException, RetryException {
        HttpRequest.Builder POST = HttpRequest.newBuilder(URI.create(String.valueOf(url) + "plugin/swarm/removeSlaveLabels?name=" + str + param("labels", str2))).POST(HttpRequest.BodyPublishers.noBody());
        addAuthorizationHeader(POST, options);
        Crumb csrfCrumb = getCsrfCrumb(httpClient, options, url);
        if (csrfCrumb != null) {
            POST.header(csrfCrumb.crumbRequestField, csrfCrumb.crumb);
        }
        HttpResponse send = httpClient.send(POST.build(), HttpResponse.BodyHandlers.ofString());
        if (send.statusCode() != 200) {
            throw new RetryException(String.format("Failed to remove agent labels. Response code: %s%n%s", Integer.valueOf(send.statusCode()), send.body()));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static synchronized void postLabelAppend(String str, String str2, HttpClient httpClient, Options options, URL url) throws IOException, InterruptedException, RetryException {
        HttpRequest.Builder POST = HttpRequest.newBuilder(URI.create(String.valueOf(url) + "plugin/swarm/addSlaveLabels?name=" + str + param("labels", str2))).POST(HttpRequest.BodyPublishers.noBody());
        addAuthorizationHeader(POST, options);
        Crumb csrfCrumb = getCsrfCrumb(httpClient, options, url);
        if (csrfCrumb != null) {
            POST.header(csrfCrumb.crumbRequestField, csrfCrumb.crumb);
        }
        HttpResponse send = httpClient.send(POST.build(), HttpResponse.BodyHandlers.ofString());
        if (send.statusCode() != 200) {
            throw new RetryException(String.format("Failed to update agent labels. Response code: %s%n%s", Integer.valueOf(send.statusCode()), send.body()));
        }
    }

    private static synchronized String encode(String str) throws UnsupportedEncodingException {
        logger.finer("encode() invoked");
        return URLEncoder.encode(str, StandardCharsets.UTF_8);
    }

    private static synchronized String param(String str, String str2) throws UnsupportedEncodingException {
        logger.finer("param() invoked");
        return str2 == null ? "" : "&" + str + "=" + encode(str2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getChildElementString(Element element, String str) {
        logger.finer("getChildElementString() invoked");
        Node firstChild = element.getFirstChild();
        while (true) {
            Node node = firstChild;
            if (node == null) {
                return null;
            }
            if (node instanceof Element) {
                Element element2 = (Element) node;
                if (element2.getTagName().equals(str)) {
                    StringBuilder sb = new StringBuilder();
                    Node firstChild2 = element2.getFirstChild();
                    while (true) {
                        Node node2 = firstChild2;
                        if (node2 == null) {
                            return sb.toString();
                        }
                        if (node2 instanceof Text) {
                            sb.append(node2.getTextContent());
                        }
                        firstChild2 = node2.getNextSibling();
                    }
                }
            }
            firstChild = node.getNextSibling();
        }
    }

    private static String hash(File file) {
        logger.config("hash() invoked");
        StringBuilder sb = new StringBuilder();
        try {
            sb.append(file.getCanonicalPath()).append('\n');
        } catch (IOException e) {
            logger.log(Level.FINER, "hash() IOException - may be normal?", (Throwable) e);
            sb.append(file.getAbsolutePath()).append('\n');
        }
        try {
            Iterator it = Collections.list(NetworkInterface.getNetworkInterfaces()).iterator();
            while (it.hasNext()) {
                NetworkInterface networkInterface = (NetworkInterface) it.next();
                Iterator it2 = Collections.list(networkInterface.getInetAddresses()).iterator();
                while (it2.hasNext()) {
                    InetAddress inetAddress = (InetAddress) it2.next();
                    if (inetAddress instanceof Inet4Address) {
                        sb.append(inetAddress.getHostAddress()).append('\n');
                    } else if (inetAddress instanceof Inet6Address) {
                        sb.append(inetAddress.getHostAddress()).append('\n');
                    }
                }
                byte[] hardwareAddress = networkInterface.getHardwareAddress();
                if (hardwareAddress != null) {
                    sb.append(Arrays.toString(hardwareAddress));
                }
            }
        } catch (SocketException e2) {
            logger.log(Level.FINEST, "hash() SocketException - 'oh well we tried'", (Throwable) e2);
        }
        try {
            return encodeHex(MessageDigest.getInstance("MD5").digest(sb.toString().getBytes(StandardCharsets.UTF_8))).substring(0, 8);
        } catch (NoSuchAlgorithmException e3) {
            throw new IllegalStateException(e3);
        }
    }

    private static String encodeHex(byte[] bArr) {
        StringBuilder sb = new StringBuilder(bArr.length * 2);
        for (byte b : bArr) {
            sb.append(String.format("%02x", Byte.valueOf(b)));
        }
        return sb.toString();
    }

    public void exitWithStatus(int i) {
        if (this.prometheusServer != null) {
            this.prometheusServer.stop(1);
        }
        System.exit(i);
    }

    public void sleepSeconds(int i) throws InterruptedException {
        TimeUnit.SECONDS.sleep(i);
    }

    private void startPrometheusService(int i) {
        logger.fine("Starting Prometheus service on port " + i);
        PrometheusMeterRegistry prometheusMeterRegistry = new PrometheusMeterRegistry(PrometheusConfig.DEFAULT);
        new ClassLoaderMetrics().bindTo(prometheusMeterRegistry);
        new FileDescriptorMetrics().bindTo(prometheusMeterRegistry);
        new JvmGcMetrics().bindTo(prometheusMeterRegistry);
        new JvmHeapPressureMetrics().bindTo(prometheusMeterRegistry);
        new JvmMemoryMetrics().bindTo(prometheusMeterRegistry);
        new JvmThreadMetrics().bindTo(prometheusMeterRegistry);
        new ProcessorMetrics().bindTo(prometheusMeterRegistry);
        new UptimeMetrics().bindTo(prometheusMeterRegistry);
        try {
            this.prometheusServer = HttpServer.create(new InetSocketAddress(i), 0);
            this.prometheusServer.createContext("/prometheus", httpExchange -> {
                byte[] bytes = prometheusMeterRegistry.scrape().getBytes(StandardCharsets.UTF_8);
                httpExchange.sendResponseHeaders(200, bytes.length);
                OutputStream responseBody = httpExchange.getResponseBody();
                try {
                    responseBody.write(bytes);
                    if (responseBody != null) {
                        responseBody.close();
                    }
                } catch (Throwable th) {
                    if (responseBody != null) {
                        try {
                            responseBody.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            });
            HttpServer httpServer = this.prometheusServer;
            Objects.requireNonNull(httpServer);
            new Thread(httpServer::start).start();
            logger.info("Started Prometheus service on port " + i);
        } catch (IOException e) {
            logger.severe("Failed to start Prometheus service: " + e.getMessage());
            throw new UncheckedIOException(e);
        }
    }
}
