package com.sysdig.jenkins.plugins.sysdig.infrastructure.scanner;

import com.google.common.base.Strings;
import com.sysdig.jenkins.plugins.sysdig.application.vm.ImageScanningConfig;
import com.sysdig.jenkins.plugins.sysdig.domain.SysdigLogger;
import com.sysdig.jenkins.plugins.sysdig.domain.vm.ImageScanningResult;
import com.sysdig.jenkins.plugins.sysdig.domain.vm.report.JsonScanResult;
import com.sysdig.jenkins.plugins.sysdig.infrastructure.http.RetriableRemoteDownloader;
import com.sysdig.jenkins.plugins.sysdig.infrastructure.jenkins.RunContext;
import com.sysdig.jenkins.plugins.sysdig.infrastructure.json.GsonBuilder;
import com.sysdig.jenkins.plugins.sysdig.infrastructure.scanner.SysdigProcessBuilderBase;
import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.AbortException;
import hudson.FilePath;
import java.io.IOException;
import java.io.Serializable;
import java.net.MalformedURLException;
import java.net.URL;

/* loaded from: input_file:com/sysdig/jenkins/plugins/sysdig/infrastructure/scanner/RemoteSysdigImageScanner.class */
public class RemoteSysdigImageScanner {
    private static final String FIXED_SCANNED_VERSION = "1.22.1";
    private final ScannerPaths scannerPaths;
    private final String imageName;
    private final RetriableRemoteDownloader retriableRemoteDownloader;
    private final ImageScanningConfig config;
    private final SysdigLogger logger;
    private final RunContext runContext;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/sysdig/jenkins/plugins/sysdig/infrastructure/scanner/RemoteSysdigImageScanner$ScannerPaths.class */
    public static class ScannerPaths implements Serializable {
        private static final String SCANNER_EXEC_FOLDER_BASE_PATH_PATTERN = "sysdig-secure-scan-%d";
        private final FilePath baseFolder;
        private final FilePath databaseFolder;
        private final FilePath cacheFolder;

        public ScannerPaths(FilePath filePath) {
            this.baseFolder = filePath.child(String.format(SCANNER_EXEC_FOLDER_BASE_PATH_PATTERN, Long.valueOf(System.currentTimeMillis())));
            this.databaseFolder = this.baseFolder.child("db");
            this.cacheFolder = this.baseFolder.child("cache");
        }

        public FilePath getBaseFolder() {
            return this.baseFolder;
        }

        public FilePath getDatabaseFolder() {
            return this.databaseFolder;
        }

        public FilePath getCacheFolder() {
            return this.cacheFolder;
        }

        public void create() throws Exception {
            this.baseFolder.mkdirs();
            this.databaseFolder.mkdirs();
            this.cacheFolder.mkdirs();
        }
    }

    public RemoteSysdigImageScanner(@NonNull RunContext runContext, RetriableRemoteDownloader retriableRemoteDownloader, String str, ImageScanningConfig imageScanningConfig) {
        this.runContext = runContext;
        this.imageName = str;
        this.retriableRemoteDownloader = retriableRemoteDownloader;
        this.config = imageScanningConfig;
        this.scannerPaths = new ScannerPaths(runContext.getPathFromWorkspace(new String[0]));
        this.logger = runContext.getLogger();
    }

    public ImageScanningResult performScan() throws AbortException {
        createExecutionWorkspace();
        String executeScan = executeScan(retrieveScannerBinFile());
        return ImageScanningResult.fromReportResult(((JsonScanResult) GsonBuilder.build().fromJson(executeScan, JsonScanResult.class)).getResult().orElseThrow(() -> {
            return new AbortException(String.format("unable to obtain result from scan: %s", executeScan));
        }));
    }

    private FilePath downloadInlineScan(String str) throws IOException, UnsupportedOperationException, InterruptedException {
        return this.retriableRemoteDownloader.downloadExecutable(sysdigCLIScannerURLForVersion(str), String.format("inlinescan-%s.bin", str));
    }

    private static URL sysdigCLIScannerURLForVersion(String str) throws MalformedURLException {
        return new URL("https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/" + str + "/" + (System.getProperty("os.name").toLowerCase().startsWith("mac") ? "darwin" : "linux") + "/" + (System.getProperty("os.arch").toLowerCase().startsWith("aarch64") ? "arm64" : "amd64") + "/sysdig-cli-scanner");
    }

    private String getInlineScanPinnedVersion() {
        return FIXED_SCANNED_VERSION;
    }

    private String getInlineScanVersion() {
        if (!Strings.isNullOrEmpty(this.config.getCliVersionToApply()) && this.config.getCliVersionToApply().equals("custom") && !this.config.getCustomCliVersion().isEmpty()) {
            return this.config.getCustomCliVersion();
        }
        return getInlineScanPinnedVersion();
    }

    private void createExecutionWorkspace() throws AbortException {
        try {
            this.scannerPaths.create();
        } catch (Exception e) {
            this.logger.logError("Unable to create scanner execution workspace", e);
            throw new AbortException("Unable to create scanner execution workspace");
        }
    }

    private FilePath retrieveScannerBinFile() throws AbortException {
        if (!Strings.isNullOrEmpty(this.config.getScannerBinaryPath())) {
            FilePath pathFromWorkspace = this.runContext.getPathFromWorkspace(this.config.getScannerBinaryPath());
            this.logger.logInfo("Inlinescan binary globally defined to* " + pathFromWorkspace.getRemote());
            return pathFromWorkspace;
        }
        try {
            String inlineScanVersion = getInlineScanVersion();
            this.logger.logInfo("Downloading inlinescan v" + inlineScanVersion);
            FilePath downloadInlineScan = downloadInlineScan(inlineScanVersion);
            this.logger.logInfo("Inlinescan binary downloaded to " + downloadInlineScan.getRemote());
            return downloadInlineScan;
        } catch (IOException | InterruptedException e) {
            throw new AbortException("Error downloading inlinescan binary: " + e);
        }
    }

    private String executeScan(FilePath filePath) throws AbortException {
        try {
            FilePath child = this.scannerPaths.getBaseFolder().child("inlinescan.json");
            SysdigImageScanningProcessBuilder createProcessBuilder = createProcessBuilder(filePath, child);
            this.logger.logInfo("Executing: " + String.join(" ", createProcessBuilder.toCommandLineArguments()));
            this.logger.logInfo("Waiting for scanner execution to be completed...");
            int launchAndWait = createProcessBuilder.launchAndWait(this.runContext.getLauncher());
            this.logger.logInfo(String.format("Scanner exit code: %d", Integer.valueOf(launchAndWait)));
            String readToString = child.exists() ? child.readToString() : "";
            this.logger.logDebug("Inline scan JSON output:\n" + readToString);
            if (launchAndWait == 2) {
                readToString = "{error:\"Wrong parameters in call to inline scanner\"}";
            } else if (launchAndWait == 3) {
                readToString = "{error:\"Unexpected error when executing scan. Check that the API token is provided and is valid for the specified URL.\"}";
            } else if (launchAndWait != 0 && launchAndWait != 1) {
                throw new Exception("Cannot manage return code");
            }
            return readToString;
        } catch (Exception e) {
            throw new AbortException("Error executing inlinescan binary: " + e);
        }
    }

    private SysdigImageScanningProcessBuilder createProcessBuilder(FilePath filePath, FilePath filePath2) {
        return new SysdigImageScanningProcessBuilder(filePath.getRemote(), this.config.getSysdigToken()).withExtraEnvVars(this.runContext.getEnvVars()).withEngineURL(this.config.getEngineurl()).withDBPath(this.scannerPaths.getDatabaseFolder().getRemote()).withCachePath(this.scannerPaths.getCacheFolder().getRemote()).withScanResultOutputPath(filePath2.getRemote()).withConsoleLog().withExtraParametersSeparatedBySpace(this.config.getInlineScanExtraParams()).withPoliciesToApplySeparatedBySpace(this.config.getPoliciesToApply()).withStdoutRedirectedTo(this.logger).withStderrRedirectedTo(this.logger).withLogLevel(this.config.getDebug() ? SysdigProcessBuilderBase.LogLevel.DEBUG : SysdigProcessBuilderBase.LogLevel.INFO).withTLSVerification(this.config.getEngineverify()).withImageToScan(this.imageName);
    }
}
