package com.trendmicro.deepsecurity.smartcheck.workflow;

import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials;
import com.cloudbees.plugins.credentials.domains.URIRequirementBuilder;
import com.trendmicro.deepsecurity.smartcheck.Messages;
import com.trendmicro.deepsecurity.smartcheck.SmartCheckAction;
import hudson.AbortException;
import hudson.Extension;
import hudson.FilePath;
import hudson.Launcher;
import hudson.model.Item;
import hudson.model.Run;
import hudson.model.TaskListener;
import hudson.security.ACL;
import hudson.tasks.ArtifactArchiver;
import hudson.util.ArgumentListBuilder;
import hudson.util.Secret;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.PrintStream;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.Arrays;
import java.util.Collections;
import java.util.Set;
import java.util.logging.Logger;
import java.util.stream.Collectors;
import javax.annotation.Nonnull;
import org.apache.commons.lang.StringUtils;
import org.jenkinsci.plugins.workflow.steps.Step;
import org.jenkinsci.plugins.workflow.steps.StepContext;
import org.jenkinsci.plugins.workflow.steps.StepDescriptor;
import org.jenkinsci.plugins.workflow.steps.StepExecution;
import org.jenkinsci.plugins.workflow.steps.SynchronousNonBlockingStepExecution;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;

/* loaded from: input_file:com/trendmicro/deepsecurity/smartcheck/workflow/SmartCheckScanStep.class */
public class SmartCheckScanStep extends Step {
    private static final Logger LOGGER = Logger.getLogger(SmartCheckScanStep.class.getName());
    private static final String DSSC_SCAN_IMAGE = "deepsecurity/smartcheck-scan-action";
    private static final String DEFAULT_RESULTS_FILE = "scan-results.json";
    private String smartcheckHost;

    @Deprecated
    private String smartcheckUser;

    @Deprecated
    private String smartcheckPassword;
    private String smartcheckCredentialsId;
    private String imageName;
    private String imagePullAuth;
    private String resultsFile;
    private String findingsThreshold;
    private String preregistryHost;

    @Deprecated
    private String preregistryUser;

    @Deprecated
    private String preregistryPassword;
    private String preregistryCredentialsId;
    private boolean insecureSkipTLSVerify = false;
    private boolean insecureSkipRegistryTLSVerify = false;
    private boolean preregistryScan = false;
    private boolean debug = false;

    @Extension
    /* loaded from: input_file:com/trendmicro/deepsecurity/smartcheck/workflow/SmartCheckScanStep$DescriptorImpl.class */
    public static class DescriptorImpl extends StepDescriptor {
        public Set<? extends Class<?>> getRequiredContext() {
            return Collections.unmodifiableSet((Set) Arrays.asList(Run.class, TaskListener.class).stream().collect(Collectors.toSet()));
        }

        public String getFunctionName() {
            return "smartcheckScan";
        }

        @Nonnull
        public String getDisplayName() {
            return Messages.SmartCheckBuilder_DescriptorImpl_DisplayName();
        }
    }

    /* loaded from: input_file:com/trendmicro/deepsecurity/smartcheck/workflow/SmartCheckScanStep$SmartCheckScanStepExecution.class */
    public static class SmartCheckScanStepExecution extends SynchronousNonBlockingStepExecution<Void> {
        private static final long serialVersionUID = 1;
        private static final int EXIT_OK = 0;
        private static final int EXIT_THRESHOLD_FAILURE = 2;
        private transient SmartCheckScanStep step;

        protected SmartCheckScanStepExecution(StepContext stepContext, SmartCheckScanStep smartCheckScanStep) {
            super(stepContext);
            this.step = smartCheckScanStep;
        }

        private String getURIForHost(String str) {
            try {
                if (new URI(str).getHost() != null) {
                    return str;
                }
            } catch (URISyntaxException e) {
            }
            return "https://" + str;
        }

        private String derivePreregistryHost(String str) {
            try {
                URI uri = new URI(getURIForHost(str));
                return new URI(uri.getScheme(), uri.getUserInfo(), uri.getHost(), 5000, uri.getPath(), uri.getQuery(), uri.getFragment()).toString();
            } catch (URISyntaxException e) {
                return str;
            }
        }

        private StandardUsernamePasswordCredentials getCredentials(String str, String str2, Item item) {
            if (str == null) {
                return null;
            }
            return CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(StandardUsernamePasswordCredentials.class, item, ACL.SYSTEM, URIRequirementBuilder.fromUri(getURIForHost(str2)).build()), CredentialsMatchers.withId(str));
        }

        private boolean addUsernamePasswordArgs(ArgumentListBuilder argumentListBuilder, String str, String str2, String str3, String str4, String str5, Run<?, ?> run, String str6, String str7, boolean z) {
            if (str3 != null) {
                StandardUsernamePasswordCredentials credentials = getCredentials(str3, str5, run.getParent());
                if (credentials == null) {
                    getContext().onFailure(new AbortException("Could not find credentials with id " + str3 + " for host " + str5.replace("https://", "")));
                    return false;
                }
                CredentialsProvider.track(run, credentials);
                argumentListBuilder.add(new String[]{"-e", str + "=" + credentials.getUsername()});
                argumentListBuilder.add(new String[]{"-e", str2 + "=" + Secret.toString(credentials.getPassword())});
                return true;
            }
            if (z && (str6 == null || str7 == null)) {
                getContext().onFailure(new AbortException("Credentials are required, use " + str4 + " to provide them."));
                return false;
            }
            if (str6 != null) {
                argumentListBuilder.add(new String[]{"-e", str + "=" + str6});
            }
            if (str7 == null) {
                return true;
            }
            argumentListBuilder.add(new String[]{"-e", str2 + "=" + str7});
            return true;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        /* renamed from: run, reason: merged with bridge method [inline-methods] */
        public Void m3run() throws IOException, InterruptedException {
            String str;
            SmartCheckScanStep.LOGGER.fine("Starting scan step");
            TaskListener taskListener = (TaskListener) getContext().get(TaskListener.class);
            PrintStream logger = taskListener.getLogger();
            Launcher launcher = (Launcher) getContext().get(Launcher.class);
            Run<?, ?> run = (Run) getContext().get(Run.class);
            FilePath filePath = (FilePath) getContext().get(FilePath.class);
            if (filePath == null) {
                getContext().onFailure(new AbortException("No workspace found. Please check your pipeline script and ensure it's running within a `node` block."));
                return null;
            }
            String remote = filePath.getRemote();
            ArgumentListBuilder argumentListBuilder = new ArgumentListBuilder();
            argumentListBuilder.add(new String[]{"docker", "run", "-i", "--rm", "--read-only"});
            argumentListBuilder.add(new String[]{"--cap-drop", "ALL"});
            argumentListBuilder.add(new String[]{"-e", "DSSC_SMARTCHECK_HOST=" + this.step.getSmartcheckHost()});
            argumentListBuilder.add(new String[]{"-e", "DSSC_IMAGE_NAME=" + this.step.getImageName()});
            if (!addUsernamePasswordArgs(argumentListBuilder, "DSSC_SMARTCHECK_USER", "DSSC_SMARTCHECK_PASSWORD", this.step.getSmartcheckCredentialsId(), "smartcheckCredentialsId", this.step.getSmartcheckHost(), run, this.step.getSmartcheckUser(), this.step.getSmartcheckPassword(), true)) {
                return null;
            }
            if (this.step.isInsecureSkipTLSVerify()) {
                argumentListBuilder.add(new String[]{"-e", "DSSC_INSECURE_SKIP_TLS_VERIFY=" + this.step.isInsecureSkipTLSVerify()});
            }
            if (this.step.isInsecureSkipRegistryTLSVerify()) {
                argumentListBuilder.add(new String[]{"-e", "DSSC_INSECURE_SKIP_REGISTRY_TLS_VERIFY=" + this.step.isInsecureSkipRegistryTLSVerify()});
            }
            if (StringUtils.stripToNull(this.step.getImagePullAuth()) != null) {
                argumentListBuilder.add(new String[]{"-e", "DSSC_IMAGE_PULL_AUTH=" + this.step.getImagePullAuth()});
            }
            if (StringUtils.stripToNull(this.step.getFindingsThreshold()) != null) {
                argumentListBuilder.add(new String[]{"-e", "DSSC_FINDINGS_THRESHOLD=" + this.step.getFindingsThreshold()});
            }
            if (this.step.isPreregistryScan()) {
                argumentListBuilder.add(new String[]{"--mount", "type=tmpfs,destination=/root/.docker"});
                argumentListBuilder.add(new String[]{"-v", "/var/run/docker.sock:/var/run/docker.sock"});
                argumentListBuilder.add(new String[]{"-e", "DSSC_PREREGISTRY_SCAN=true"});
            }
            String stripToNull = StringUtils.stripToNull(this.step.getPreregistryHost());
            if (stripToNull != null) {
                argumentListBuilder.add(new String[]{"-e", "DSSC_PREREGISTRY_HOST=" + stripToNull});
            }
            if (!addUsernamePasswordArgs(argumentListBuilder, "DSSC_PREREGISTRY_USER", "DSSC_PREREGISTRY_PASSWORD", this.step.getPreregistryCredentialsId(), "preregistryCredentialsId", stripToNull != null ? stripToNull : derivePreregistryHost(this.step.getSmartcheckHost()), run, this.step.getPreregistryUser(), this.step.getPreregistryPassword(), false)) {
                return null;
            }
            argumentListBuilder.add(SmartCheckScanStep.DSSC_SCAN_IMAGE);
            if (this.step.isDebug()) {
                logger.println("command = " + argumentListBuilder.toString());
            }
            logger.println("Starting Deep Security Smart Check scan...");
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            int join = launcher.launch().cmds(argumentListBuilder).stderr(logger).stdout(byteArrayOutputStream).quiet(!this.step.isDebug()).join();
            String str2 = new String(byteArrayOutputStream.toByteArray(), "UTF-8");
            if (this.step.isDebug()) {
                logger.println("Status code was: " + join);
            }
            if (this.step.getResultsFile() != null) {
                Path normalize = Paths.get(remote, this.step.getResultsFile()).normalize();
                if (!normalize.startsWith(remote)) {
                    getContext().onFailure(new IllegalArgumentException("Results file must be in the current workspace."));
                    return null;
                }
                str = Paths.get(remote, new String[EXIT_OK]).relativize(normalize).toString();
            } else {
                str = SmartCheckScanStep.DEFAULT_RESULTS_FILE;
            }
            if (str2.length() > 0) {
                boolean z = EXIT_OK;
                try {
                    filePath.child(str).write(str2, "UTF-8");
                    z = true;
                } catch (IOException e) {
                    logger.println("Failed to write results to file.");
                    if (this.step.isDebug()) {
                        logger.println(e);
                    }
                }
                if (z) {
                    ArtifactArchiver artifactArchiver = new ArtifactArchiver(str);
                    if (this.step.isDebug()) {
                        logger.println(String.format("Build root directory: %s", run.getRootDir()));
                        logger.println(String.format("Workspace remote: %s", filePath.getRemote()));
                        logger.println(String.format("Archiving artifacts: %s", artifactArchiver.getArtifacts()));
                    }
                    SmartCheckScanStep.LOGGER.fine(String.format("Archiving artifacts: %s", artifactArchiver.getArtifacts()));
                    try {
                        artifactArchiver.perform(run, filePath, launcher, taskListener);
                    } catch (IOException e2) {
                        logger.println("Failed to archive results file");
                        if (this.step.isDebug()) {
                            logger.println(e2);
                        }
                    }
                    SmartCheckScanStep.LOGGER.fine("Archiving complete.");
                }
            }
            if (join != 0 && join != EXIT_THRESHOLD_FAILURE) {
                logger.println("Deep Security Smart Check scan returned an error.");
                logger.println(str2);
                throw new AbortException("Deep Security Smart Check scan returned an error.");
            }
            run.addAction(new SmartCheckAction(remote, str2, this.step.getSmartcheckHost()));
            if (join == 0) {
                logger.println("Scan successful");
                getContext().onSuccess((Object) null);
                return null;
            }
            if (join != EXIT_THRESHOLD_FAILURE) {
                return null;
            }
            logger.println("Deep Security Smart Check scan found issues with the image");
            throw new AbortException("Deep Security Smart Check scan found issues with the image");
        }
    }

    @DataBoundConstructor
    @Deprecated
    public SmartCheckScanStep(String str, String str2) {
        if (StringUtils.stripToNull(str) == null) {
            throw new IllegalArgumentException("imageName cannot be empty");
        }
        if (StringUtils.stripToNull(str2) == null) {
            throw new IllegalArgumentException("smartcheckHost cannot be empty");
        }
        SmartCheckAction.validateSmartcheckUrl(str2);
        this.imageName = str;
        this.smartcheckHost = str2;
    }

    public String getSmartcheckHost() {
        return this.smartcheckHost;
    }

    @DataBoundSetter
    public void setSmartCheckHost(String str) {
        this.smartcheckHost = str;
    }

    public boolean isInsecureSkipTLSVerify() {
        return this.insecureSkipTLSVerify;
    }

    @DataBoundSetter
    public void setInsecureSkipTLSVerify(boolean z) {
        this.insecureSkipTLSVerify = z;
    }

    @Deprecated
    public String getSmartcheckUser() {
        return this.smartcheckUser;
    }

    @DataBoundSetter
    @Deprecated
    public void setSmartcheckUser(String str) {
        this.smartcheckUser = str;
    }

    @Deprecated
    public String getSmartcheckPassword() {
        return this.smartcheckPassword;
    }

    @DataBoundSetter
    @Deprecated
    public void setSmartcheckPassword(String str) {
        this.smartcheckPassword = str;
    }

    public String getSmartcheckCredentialsId() {
        return this.smartcheckCredentialsId;
    }

    @DataBoundSetter
    public void setSmartcheckCredentialsId(String str) {
        this.smartcheckCredentialsId = str;
    }

    public String getImageName() {
        return this.imageName;
    }

    @DataBoundSetter
    public void setImageName(String str) {
        this.imageName = str;
    }

    public String getImagePullAuth() {
        return this.imagePullAuth;
    }

    @DataBoundSetter
    public void setImagePullAuth(String str) {
        this.imagePullAuth = str;
    }

    public boolean isInsecureSkipRegistryTLSVerify() {
        return this.insecureSkipRegistryTLSVerify;
    }

    @DataBoundSetter
    public void setInsecureSkipRegistryTLSVerify(boolean z) {
        this.insecureSkipRegistryTLSVerify = z;
    }

    public String getResultsFile() {
        return this.resultsFile;
    }

    @DataBoundSetter
    public void setResultsFile(String str) {
        this.resultsFile = str;
    }

    public String getFindingsThreshold() {
        return this.findingsThreshold;
    }

    @DataBoundSetter
    public void setFindingsThreshold(String str) {
        this.findingsThreshold = str;
    }

    public boolean isDebug() {
        return this.debug;
    }

    @DataBoundSetter
    public void setDebug(boolean z) {
        this.debug = z;
    }

    public boolean isPreregistryScan() {
        return this.preregistryScan;
    }

    @DataBoundSetter
    public void setPreregistryScan(boolean z) {
        this.preregistryScan = z;
    }

    public String getPreregistryHost() {
        return this.preregistryHost;
    }

    @DataBoundSetter
    public void setPreregistryHost(String str) {
        this.preregistryHost = str;
    }

    @Deprecated
    public String getPreregistryUser() {
        return this.preregistryUser;
    }

    @DataBoundSetter
    @Deprecated
    public void setPreregistryUser(String str) {
        this.preregistryUser = str;
    }

    @Deprecated
    public String getPreregistryPassword() {
        return this.preregistryPassword;
    }

    @DataBoundSetter
    @Deprecated
    public void setPreregistryPassword(String str) {
        this.preregistryPassword = str;
    }

    public String getPreregistryCredentialsId() {
        return this.preregistryCredentialsId;
    }

    @DataBoundSetter
    public void setPreregistryCredentialsId(String str) {
        this.preregistryCredentialsId = str;
    }

    public StepExecution start(StepContext stepContext) throws Exception {
        return new SmartCheckScanStepExecution(stepContext, this);
    }
}
