package com.qualys.plugins.containerSecurity.util;

import hudson.AbortException;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.PrintStream;
import java.util.Iterator;
import java.util.logging.Logger;
import qshaded.com.google.gson.JsonElement;
import qshaded.com.google.gson.JsonObject;
import qshaded.com.google.gson.JsonParser;

/* loaded from: input_file:com/qualys/plugins/containerSecurity/util/ContainerdNerdctlClientHelper.class */
public class ContainerdNerdctlClientHelper {
    private static final Logger logger = Logger.getLogger(ContainerdNerdctlClientHelper.class.getName());
    private static final String EXPORT_PATH_CMD = "export PATH=$PATH:";
    private static final String NERDCTL_VERSION_CMD = "nerdctl --version";
    private static final String LIST_CONTAINER_CMD = "nerdctl -n k8s.io ps --filter label=io.kubernetes.container.name=qualys-container-sensor --filter status=running --format=json";
    private static final String INSPECT_CONTAINER_CMD = "nerdctl -n k8s.io inspect ";
    private static final String INSPECT_IMAGE_CMD = "nerdctl -n k8s.io image inspect ";
    private static final String TAG_IMAGE_CMD = "nerdctl -n k8s.io tag ";
    private final PrintStream buildLogger;
    private final String nerdctlBinaryPath;
    private static final String IMAGE_SHA_ERROR_MSG = "Failed to extract image sha associated with ";
    private static final String NERDCTL_PATH_ERROR_MSG = "Failed to get containers list .Please check if nerdctl binary is added to the path.";

    public ContainerdNerdctlClientHelper(PrintStream printStream, String str) {
        this.buildLogger = printStream;
        this.nerdctlBinaryPath = str;
    }

    public boolean isCICDSensorUp() throws AbortException {
        validateNerdctlBinaryPath();
        JsonObject containerAsJsonObject = getContainerAsJsonObject();
        if (containerAsJsonObject == null) {
            this.buildLogger.println("Qualys CS sensor is not available on the host. Sensor won't be able to scan the image. Please check the sensor container.");
            throw new AbortException("Qualys CS sensor is not available on the host. Sensor won't be able to scan the image. Please check the sensor container.");
        }
        if (containerAsJsonObject.has("Labels") && containerAsJsonObject.get("Labels").getAsString().contains("io.kubernetes.container.name=qualys-container-sensor")) {
            return checkForCICDMode(containerAsJsonObject.get("ID").getAsString());
        }
        this.buildLogger.println("Qualys CS sensor container is not runnning. Sensor won't be able to scan the image. Please check the sensor container.");
        throw new AbortException("Qualys CS sensor container is not runnning. Sensor won't be able to scan the image. Please check the sensor container.");
    }

    private JsonObject getContainerAsJsonObject() {
        String str = EXPORT_PATH_CMD + this.nerdctlBinaryPath + ";" + LIST_CONTAINER_CMD;
        String executeCommand = executeCommand(str);
        try {
            if (executeCommand.startsWith("{")) {
                return JsonParser.parseString(executeCommand).getAsJsonObject();
            }
            this.buildLogger.println(NERDCTL_PATH_ERROR_MSG);
            throw new AbortException(NERDCTL_PATH_ERROR_MSG);
        } catch (IOException e) {
            this.buildLogger.println("Failed to parse the " + str + " output " + NERDCTL_PATH_ERROR_MSG);
            return null;
        }
    }

    private boolean checkForCICDMode(String str) throws AbortException {
        try {
            Iterator it = JsonParser.parseString(executeCommand(EXPORT_PATH_CMD + this.nerdctlBinaryPath + ";" + INSPECT_CONTAINER_CMD + str + " --format=json")).getAsJsonObject().get("Args").getAsJsonArray().iterator();
            while (it.hasNext()) {
                JsonElement jsonElement = (JsonElement) it.next();
                if (jsonElement.getAsString().equals("--cicd-deployed-sensor") || jsonElement.getAsString().equals("-c")) {
                    return true;
                }
            }
            return false;
        } catch (Exception e) {
            String str2 = "Failed to check if the sensor is running in CICD mode ; Reason : " + e.getMessage();
            logger.info(str2);
            throw new AbortException(str2);
        }
    }

    public String fetchImageSha(String str) throws AbortException {
        String executeCommand = executeCommand(EXPORT_PATH_CMD + this.nerdctlBinaryPath + ";" + INSPECT_IMAGE_CMD + str + " --format=json");
        try {
            if (!executeCommand.contains("Id")) {
                this.buildLogger.println(IMAGE_SHA_ERROR_MSG + str + " check if the image is available on the host.");
                throw new AbortException(IMAGE_SHA_ERROR_MSG + str);
            }
            String str2 = JsonParser.parseString(executeCommand).getAsJsonObject().get("Id").getAsString().split(":")[1];
            this.buildLogger.println("### Image sha for " + str + " is = " + str2);
            return str2;
        } catch (Exception e) {
            String str3 = IMAGE_SHA_ERROR_MSG + str + " ; Reason : " + e.getMessage();
            logger.info(str3);
            throw new AbortException(str3);
        }
    }

    public void tagImage(String str, String str2) throws AbortException {
        try {
            executeCommand(EXPORT_PATH_CMD + this.nerdctlBinaryPath + ";" + TAG_IMAGE_CMD + str + " qualys_scan_target:" + str2);
            this.buildLogger.println("Image " + str + " tagged successfully ");
        } catch (Exception e) {
            for (StackTraceElement stackTraceElement : e.getStackTrace()) {
                logger.info("\tat " + stackTraceElement);
            }
            this.buildLogger.println("Failed to tag the image " + str + " with qualys_scan_target.. Reason : " + e.getMessage());
            throw new AbortException("Failed to tag the image " + str + " with qualys_scan_target.. Reason : " + e.getMessage());
        }
    }

    public void validateNerdctlBinaryPath() throws AbortException {
        if (!executeCommand(EXPORT_PATH_CMD + this.nerdctlBinaryPath + ";" + NERDCTL_VERSION_CMD).toLowerCase().contains("version")) {
            throw new AbortException("Crictl Binary path is not set properly.");
        }
    }

    private String executeCommand(String str) {
        try {
            ProcessBuilder processBuilder = new ProcessBuilder(new String[0]);
            processBuilder.command("bash", "-c", str);
            Process start = processBuilder.start();
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(start.getInputStream()));
            String str2 = "";
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    start.destroy();
                    return str2;
                }
                str2 = str2 + readLine;
            }
        } catch (IOException e) {
            throw new RuntimeException("Failed to execute command " + str + e.getMessage());
        }
    }
}
