package io.jenkins.plugins.venaficodesigning;

import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import hudson.AbortException;
import hudson.Extension;
import hudson.FilePath;
import hudson.Launcher;
import hudson.model.AbstractProject;
import hudson.model.Computer;
import hudson.model.Node;
import hudson.model.Run;
import hudson.model.TaskListener;
import hudson.tasks.BuildStepDescriptor;
import hudson.tasks.Builder;
import hudson.util.FormValidation;
import hudson.util.ListBoxModel;
import hudson.util.Secret;
import io.jenkins.plugins.venaficodesigning.AgentInfo;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import jenkins.tasks.SimpleBuildStep;
import org.apache.commons.lang.RandomStringUtils;
import org.jenkinsci.Symbol;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;
import org.kohsuke.stapler.QueryParameter;

/* loaded from: input_file:WEB-INF/lib/venafi-codesigning.jar:io/jenkins/plugins/venaficodesigning/SignToolBuilder.class */
public class SignToolBuilder extends Builder implements SimpleBuildStep {
    private static final String DEFAULT_DIGEST_ALGO = "sha256";
    private final String tppName;
    private final String fileOrGlob;

    @SuppressFBWarnings({"UUF_UNUSED_FIELD"})
    private String subjectName;

    @SuppressFBWarnings({"UUF_UNUSED_FIELD"})
    private String sha1;

    @SuppressFBWarnings({"UUF_UNUSED_FIELD"})
    private boolean appendSignatures;

    @SuppressFBWarnings({"UUF_UNUSED_FIELD"})
    private String signToolPath;

    @SuppressFBWarnings({"UUF_UNUSED_FIELD"})
    private String venafiClientToolsDir;

    @SuppressFBWarnings({"UUF_UNUSED_FIELD"})
    private boolean useMachineConfiguration;

    @SuppressFBWarnings({"UUF_UNUSED_FIELD"})
    private List<SigDigestAlgo> signatureDigestAlgos = new ArrayList();

    @SuppressFBWarnings({"UUF_UNUSED_FIELD"})
    private List<TimestampingServer> timestampingServers = new ArrayList();

    @SuppressFBWarnings({"UUF_UNUSED_FIELD"})
    private List<CmdArg> extraArgs = new ArrayList();

    @Extension
    @Symbol({"venafiCodeSignWithSignTool"})
    /* loaded from: input_file:WEB-INF/lib/venafi-codesigning.jar:io/jenkins/plugins/venaficodesigning/SignToolBuilder$DescriptorImpl.class */
    public static final class DescriptorImpl extends BuildStepDescriptor<Builder> {
        public boolean isApplicable(Class<? extends AbstractProject> cls) {
            return true;
        }

        public String getDisplayName() {
            return Messages.SignToolBuilder_displayName();
        }

        public ListBoxModel doFillTppNameItems() {
            ListBoxModel listBoxModel = new ListBoxModel();
            for (TppConfig tppConfig : PluginConfig.get().getTppConfigs()) {
                listBoxModel.add(tppConfig.getName(), tppConfig.getName());
            }
            return listBoxModel;
        }

        public FormValidation doCheckFileOrGlob(@QueryParameter String str) {
            return FormValidation.validateRequired(str);
        }

        public FormValidation doCheckSubjectName(@QueryParameter String str, @QueryParameter String str2) {
            return str2.isEmpty() ? FormValidation.validateRequired(str) : !str.isEmpty() ? FormValidation.error(Messages.SignToolBuilder_fileAndGlobMutuallyExclusive()) : FormValidation.ok();
        }

        public FormValidation doCheckSha1(@QueryParameter String str, @QueryParameter String str2) {
            return str2.isEmpty() ? FormValidation.validateRequired(str) : !str.isEmpty() ? FormValidation.error(Messages.SignToolBuilder_fileAndGlobMutuallyExclusive()) : FormValidation.ok();
        }
    }

    @DataBoundConstructor
    public SignToolBuilder(String str, String str2) {
        this.tppName = str;
        this.fileOrGlob = str2;
    }

    public String getTppName() {
        return this.tppName;
    }

    public String getFileOrGlob() {
        return this.fileOrGlob;
    }

    public String getSubjectName() {
        return this.subjectName;
    }

    @DataBoundSetter
    public void setSubjectName(String str) {
        if (str.equals("")) {
            this.subjectName = null;
        } else {
            this.subjectName = str;
        }
    }

    public String getSha1() {
        return this.sha1;
    }

    @DataBoundSetter
    public void setSha1(String str) {
        if (str.equals("")) {
            this.sha1 = null;
        } else {
            this.sha1 = str;
        }
    }

    public List<SigDigestAlgo> getSignatureDigestAlgos() {
        return this.signatureDigestAlgos;
    }

    public List<SigDigestAlgo> getSignatureDigestAlgosWithDefaultFallback() {
        if (this.signatureDigestAlgos != null && !this.signatureDigestAlgos.isEmpty()) {
            return this.signatureDigestAlgos;
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(new SigDigestAlgo(DEFAULT_DIGEST_ALGO));
        return arrayList;
    }

    @DataBoundSetter
    public void setSignatureDigestAlgos(List<SigDigestAlgo> list) {
        this.signatureDigestAlgos = list;
    }

    public boolean getAppendSignatures() {
        return this.appendSignatures;
    }

    @DataBoundSetter
    public void setAppendSignatures(boolean z) {
        this.appendSignatures = z;
    }

    public List<TimestampingServer> getTimestampingServers() {
        return this.timestampingServers;
    }

    @DataBoundSetter
    public void setTimestampingServers(List<TimestampingServer> list) {
        this.timestampingServers = list;
    }

    public List<CmdArg> getExtraArgs() {
        return this.extraArgs;
    }

    @DataBoundSetter
    public void setExtraArgs(List<CmdArg> list) {
        this.extraArgs = list;
    }

    public String getSignToolPath() {
        return this.signToolPath;
    }

    @DataBoundSetter
    public void setSignToolPath(String str) {
        if (str.equals("")) {
            this.signToolPath = null;
        } else {
            this.signToolPath = str;
        }
    }

    public String getVenafiClientToolsDir() {
        return this.venafiClientToolsDir;
    }

    @DataBoundSetter
    public void setVenafiClientToolsDir(String str) {
        if (str.equals("")) {
            this.venafiClientToolsDir = null;
        } else {
            this.venafiClientToolsDir = str;
        }
    }

    public boolean getUseMachineConfiguration() {
        return this.useMachineConfiguration;
    }

    @DataBoundSetter
    public void setUseMachineConfiguration(boolean z) {
        this.useMachineConfiguration = z;
    }

    public void perform(Run<?, ?> run, FilePath filePath, Launcher launcher, TaskListener taskListener) throws InterruptedException, IOException {
        Logger logger = new Logger(taskListener.getLogger(), Messages.SignToolBuilder_functionName());
        FilePath nodeRoot = getNodeRoot(getNode(getComputer(filePath)));
        TppConfig tppConfigByName = PluginConfig.get().getTppConfigByName(getTppName());
        if (tppConfigByName == null) {
            throw new AbortException("No Venafi TPP configuration with name '" + getTppName() + "' found");
        }
        StandardUsernamePasswordCredentials findCredentials = Utils.findCredentials(tppConfigByName.getCredentialsId());
        if (findCredentials == null) {
            throw new AbortException("No credentials with ID '" + tppConfigByName.getCredentialsId() + "' found");
        }
        String random = RandomStringUtils.random(24, true, true);
        AgentInfo agentInfo = (AgentInfo) nodeRoot.act(new AgentInfo.GetAgentInfo());
        logger.log("Session ID: %s", random);
        logger.log("Detected node info: %s", agentInfo);
        try {
            loginTpp(logger, launcher, filePath, nodeRoot, run, random, agentInfo, tppConfigByName, findCredentials);
            invokeCspConfigSync(logger, launcher, filePath, random, agentInfo, nodeRoot);
            invokeSignTool(logger, launcher, filePath, random, agentInfo, nodeRoot);
            logoutTpp(logger, launcher, filePath, random, agentInfo, nodeRoot);
        } catch (Throwable th) {
            logoutTpp(logger, launcher, filePath, random, agentInfo, nodeRoot);
            throw th;
        }
    }

    private Computer getComputer(FilePath filePath) throws AbortException {
        Computer computer = filePath.toComputer();
        if (computer == null) {
            throw new AbortException("Unable to retrieve computer for workspace");
        }
        return computer;
    }

    private Node getNode(Computer computer) throws AbortException {
        Node node = computer.getNode();
        if (node == null) {
            throw new AbortException("Unable to retrieve node for workspace");
        }
        return node;
    }

    private FilePath getNodeRoot(Node node) throws AbortException {
        FilePath rootPath = node.getRootPath();
        if (rootPath == null) {
            throw new AbortException("Unable to retrieve root path of node");
        }
        return rootPath;
    }

    private void loginTpp(Logger logger, Launcher launcher, FilePath filePath, FilePath filePath2, Run<?, ?> run, String str, AgentInfo agentInfo, TppConfig tppConfig, StandardUsernamePasswordCredentials standardUsernamePasswordCredentials) throws InterruptedException, IOException, RuntimeException {
        FilePath cspConfigToolPath = Utils.getCspConfigToolPath(launcher, agentInfo, filePath2, getVenafiClientToolsDir());
        CredentialsProvider.track(run, standardUsernamePasswordCredentials);
        String secret = Secret.toString(standardUsernamePasswordCredentials.getPassword());
        ArrayList arrayList = new ArrayList();
        arrayList.add(cspConfigToolPath.getRemote());
        arrayList.add("getgrant");
        if (getUseMachineConfiguration()) {
            arrayList.add("-machine");
        }
        arrayList.add("-force");
        arrayList.add("-authurl:" + tppConfig.getAuthUrl());
        arrayList.add("-hsmurl:" + tppConfig.getHsmUrl());
        arrayList.add("-username:" + standardUsernamePasswordCredentials.getUsername());
        arrayList.add("-password");
        arrayList.add(secret);
        boolean[] zArr = new boolean[arrayList.size()];
        for (int i = 0; i < arrayList.size() - 1; i++) {
            zArr[i] = false;
        }
        zArr[arrayList.size() - 1] = true;
        HashMap hashMap = new HashMap();
        hashMap.put("LIBHSMINSTANCE", str);
        invokeCommand(logger, launcher, filePath, "Logging into TPP: configuring client: requesting grant from server.", "Successfully obtained grant from TPP.", "Error requesting grant from TPP", "cspconfig getgrant", false, (String[]) arrayList.toArray(new String[0]), zArr, hashMap);
    }

    private void invokeCspConfigSync(Logger logger, Launcher launcher, FilePath filePath, String str, AgentInfo agentInfo, FilePath filePath2) throws InterruptedException, IOException, RuntimeException {
        FilePath cspConfigToolPath = Utils.getCspConfigToolPath(launcher, agentInfo, filePath2, getVenafiClientToolsDir());
        ArrayList arrayList = new ArrayList();
        arrayList.add(cspConfigToolPath.getRemote());
        arrayList.add("sync");
        if (getUseMachineConfiguration()) {
            arrayList.add("-machine");
        }
        HashMap hashMap = new HashMap();
        hashMap.put("LIBHSMINSTANCE", str);
        invokeCommand(logger, launcher, filePath, "Synchronizing local certificate store with TPP.", "Successfully synchronized local certificate store with TPP.", "Error synchronizing local certificate store with TPP", "cspconfig sync", false, (String[]) arrayList.toArray(new String[0]), null, hashMap);
    }

    private void logoutTpp(Logger logger, Launcher launcher, FilePath filePath, String str, AgentInfo agentInfo, FilePath filePath2) {
        try {
            invokeCspConfigRevokeGrant(logger, launcher, filePath, str, agentInfo, filePath2);
        } catch (InterruptedException e) {
            logger.log("Error logging out of TPP: operation interrupted.", new Object[0]);
        } catch (Exception e2) {
            e2.printStackTrace(logger.getOutput());
        }
    }

    private void invokeCspConfigRevokeGrant(Logger logger, Launcher launcher, FilePath filePath, String str, AgentInfo agentInfo, FilePath filePath2) throws IOException, InterruptedException {
        FilePath cspConfigToolPath = Utils.getCspConfigToolPath(launcher, agentInfo, filePath2, getVenafiClientToolsDir());
        ArrayList arrayList = new ArrayList();
        arrayList.add(cspConfigToolPath.getRemote());
        arrayList.add("revokegrant");
        if (getUseMachineConfiguration()) {
            arrayList.add("-machine");
        }
        arrayList.add("-force");
        arrayList.add("-clear");
        HashMap hashMap = new HashMap();
        hashMap.put("LIBHSMINSTANCE", str);
        invokeCommand(logger, launcher, filePath, "Logging out of TPP: revoking server grant.", "Successfully revoked server grant.", "Error revoking grant from TPP", "cspconfig revokegrant", false, (String[]) arrayList.toArray(new String[0]), null, hashMap);
    }

    private void invokeSignTool(Logger logger, Launcher launcher, FilePath filePath, String str, AgentInfo agentInfo, FilePath filePath2) throws InterruptedException, IOException {
        String signToolPath = Utils.getSignToolPath(getSignToolPath());
        HashMap hashMap = new HashMap();
        hashMap.put("VENAFICSPSilent", "1");
        hashMap.put("LIBHSMINSTANCE", str);
        int i = 0;
        for (SigDigestAlgo sigDigestAlgo : getSignatureDigestAlgosWithDefaultFallback()) {
            ArrayList arrayList = new ArrayList();
            boolean z = getAppendSignatures() || i > 0;
            arrayList.add(signToolPath);
            arrayList.add("sign");
            arrayList.add("/v");
            arrayList.add("/fd");
            arrayList.add(sigDigestAlgo.getAlgorithm());
            if (!getTimestampingServers().isEmpty()) {
                TimestampingServer timestampingServer = getTimestampingServers().get((int) (Math.random() * getTimestampingServers().size()));
                arrayList.add("/tr");
                arrayList.add(timestampingServer.getAddress());
                arrayList.add("/td");
                arrayList.add(sigDigestAlgo.getAlgorithm());
            }
            if (z) {
                arrayList.add("/as");
            }
            if (getSubjectName() != null) {
                arrayList.add("/n");
                arrayList.add(getSubjectName());
            } else {
                arrayList.add("/sha1");
                arrayList.add(getSha1());
            }
            if (getUseMachineConfiguration()) {
                arrayList.add("/sm");
            }
            Iterator<CmdArg> it = getExtraArgs().iterator();
            while (it.hasNext()) {
                arrayList.add(it.next().getArgument());
            }
            arrayList.add(getFileOrGlob());
            invokeCommand(logger, launcher, filePath, "Signing with signtool: " + getFileOrGlob() + "", "Successfully signed '" + getFileOrGlob() + "'.", "Error signing '" + getFileOrGlob() + "'", "signtool", true, (String[]) arrayList.toArray(new String[0]), null, hashMap);
            i++;
        }
    }

    private String invokeCommand(Logger logger, Launcher launcher, FilePath filePath, String str, String str2, String str3, String str4, boolean z, String[] strArr, boolean[] zArr, Map<String, String> map) throws InterruptedException, IOException {
        logger.log("%s", str);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        Launcher.ProcStarter pwd = launcher.launch().cmds(strArr).stdout(byteArrayOutputStream).pwd(filePath);
        if (zArr != null) {
            pwd.masks(zArr);
        }
        if (map != null) {
            pwd.envs(map);
        }
        try {
            int join = pwd.start().join();
            String trim = byteArrayOutputStream.toString("UTF-8").trim();
            if (join != 0) {
                logger.log("%s: command exited with code %d. Output from command '%s' is as follows:\n%s", str3, Integer.valueOf(join), str4, trim);
                throw new AbortException(str3 + ": command exited with code " + join);
            }
            if (z) {
                logger.log("%s", trim);
            }
            logger.log("%s", str2);
            return trim;
        } catch (IOException e) {
            logger.log("%s: %s", str3, e.getMessage());
            throw e;
        }
    }
}
