package io.jenkins.plugins.venaficodesigning;

import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import hudson.AbortException;
import hudson.Extension;
import hudson.FilePath;
import hudson.Launcher;
import hudson.model.AbstractProject;
import hudson.model.Computer;
import hudson.model.Node;
import hudson.model.Run;
import hudson.model.TaskListener;
import hudson.tasks.BuildStepDescriptor;
import hudson.tasks.Builder;
import hudson.util.FormValidation;
import hudson.util.ListBoxModel;
import hudson.util.Secret;
import io.jenkins.plugins.venaficodesigning.AgentInfo;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import jenkins.tasks.SimpleBuildStep;
import org.apache.commons.lang.RandomStringUtils;
import org.jenkinsci.Symbol;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;
import org.kohsuke.stapler.QueryParameter;

/* loaded from: input_file:io/jenkins/plugins/venaficodesigning/JarSignerBuilder.class */
public class JarSignerBuilder extends Builder implements SimpleBuildStep {
    private final String tppName;
    private final String certLabel;

    @SuppressFBWarnings({"UUF_UNUSED_FIELD"})
    private String file;

    @SuppressFBWarnings({"UUF_UNUSED_FIELD"})
    private String glob;

    @SuppressFBWarnings({"UUF_UNUSED_FIELD"})
    private List<TimestampingServer> timestampingServers = new ArrayList();

    @SuppressFBWarnings({"UUF_UNUSED_FIELD"})
    private List<CmdArg> extraArgs = new ArrayList();

    @SuppressFBWarnings({"UUF_UNUSED_FIELD"})
    private String venafiClientToolsDir;

    @Extension
    @Symbol({"venafiCodeSignWithJarSigner"})
    /* loaded from: input_file:io/jenkins/plugins/venaficodesigning/JarSignerBuilder$DescriptorImpl.class */
    public static final class DescriptorImpl extends BuildStepDescriptor<Builder> {
        public boolean isApplicable(Class<? extends AbstractProject> cls) {
            return true;
        }

        public String getDisplayName() {
            return Messages.JarSignerBuilder_displayName();
        }

        public ListBoxModel doFillTppNameItems() {
            ListBoxModel listBoxModel = new ListBoxModel();
            for (TppConfig tppConfig : PluginConfig.get().getTppConfigs()) {
                listBoxModel.add(tppConfig.getName(), tppConfig.getName());
            }
            return listBoxModel;
        }

        public FormValidation doCheckFile(@QueryParameter String str, @QueryParameter String str2) {
            return str2.isEmpty() ? FormValidation.validateRequired(str) : !str.isEmpty() ? FormValidation.error(Messages.JarSignerBuilder_fileAndGlobMutuallyExclusive()) : FormValidation.ok();
        }

        public FormValidation doCheckGlob(@QueryParameter String str, @QueryParameter String str2) {
            return str2.isEmpty() ? FormValidation.validateRequired(str) : !str.isEmpty() ? FormValidation.error(Messages.JarSignerBuilder_fileAndGlobMutuallyExclusive()) : FormValidation.ok();
        }

        public FormValidation doCheckCertLabel(@QueryParameter String str) {
            return FormValidation.validateRequired(str);
        }
    }

    @DataBoundConstructor
    public JarSignerBuilder(String str, String str2) {
        this.tppName = str;
        this.certLabel = str2;
    }

    public String getTppName() {
        return this.tppName;
    }

    public String getFile() {
        return this.file;
    }

    @DataBoundSetter
    public void setFile(String str) {
        if (str.equals("")) {
            this.file = null;
        } else {
            this.file = str;
        }
    }

    public String getGlob() {
        return this.glob;
    }

    @DataBoundSetter
    public void setGlob(String str) {
        if (str.equals("")) {
            this.glob = null;
        } else {
            this.glob = str;
        }
    }

    public String getCertLabel() {
        return this.certLabel;
    }

    public List<TimestampingServer> getTimestampingServers() {
        return this.timestampingServers;
    }

    @DataBoundSetter
    public void setTimestampingServers(List<TimestampingServer> list) {
        this.timestampingServers = list;
    }

    public List<CmdArg> getExtraArgs() {
        return this.extraArgs;
    }

    @DataBoundSetter
    public void setExtraArgs(List<CmdArg> list) {
        this.extraArgs = list;
    }

    public String getVenafiClientToolsDir() {
        return this.venafiClientToolsDir;
    }

    @DataBoundSetter
    public void setVenafiClientToolsDir(String str) {
        if (str.equals("")) {
            this.venafiClientToolsDir = null;
        } else {
            this.venafiClientToolsDir = str;
        }
    }

    public void perform(Run<?, ?> run, FilePath filePath, Launcher launcher, TaskListener taskListener) throws InterruptedException, IOException {
        Logger logger = new Logger(taskListener.getLogger(), Messages.JarSignerBuilder_functionName());
        Computer computer = filePath.toComputer();
        if (computer == null) {
            throw new AbortException("Unable to retrieve computer for workspace");
        }
        Node node = computer.getNode();
        if (node == null) {
            throw new AbortException("Unable to retrieve node for workspace");
        }
        FilePath rootPath = node.getRootPath();
        if (rootPath == null) {
            throw new AbortException("Unable to retrieve root path of node");
        }
        TppConfig tppConfigByName = getTppConfigByName(getTppName());
        if (tppConfigByName == null) {
            throw new AbortException("No Venafi TPP configuration with name '" + getTppName() + "' found");
        }
        StandardUsernamePasswordCredentials findCredentials = findCredentials(tppConfigByName);
        if (findCredentials == null) {
            throw new AbortException("No credentials with ID '" + tppConfigByName.getCredentialsId() + "' found");
        }
        String random = RandomStringUtils.random(24, true, true);
        AgentInfo agentInfo = (AgentInfo) rootPath.act(new AgentInfo.GetAgentInfo());
        logger.log("Session ID: %s", random);
        logger.log("Detected node info: %s", agentInfo);
        FilePath filePath2 = null;
        try {
            Collection<FilePath> filesToSign = getFilesToSign(filePath);
            filePath2 = filePath.createTempFile("pkcs11-provider", ".conf");
            Utils.createPkcs11ProviderConfig(launcher, agentInfo, rootPath, filePath2, getVenafiClientToolsDir());
            loginTpp(logger, launcher, filePath, rootPath, run, random, agentInfo, tppConfigByName, findCredentials);
            invokeJarSigner(logger, launcher, filePath, random, agentInfo, filePath2, filesToSign);
            logoutTpp(logger, launcher, filePath, rootPath, random, agentInfo);
            Utils.deleteFileOrPrintStackTrace(logger, filePath2);
        } catch (Throwable th) {
            logoutTpp(logger, launcher, filePath, rootPath, random, agentInfo);
            Utils.deleteFileOrPrintStackTrace(logger, filePath2);
            throw th;
        }
    }

    TppConfig getTppConfigByName(String str) {
        return PluginConfig.get().getTppConfigByName(str);
    }

    StandardUsernamePasswordCredentials findCredentials(TppConfig tppConfig) {
        return Utils.findCredentials(tppConfig.getCredentialsId());
    }

    private void loginTpp(Logger logger, Launcher launcher, FilePath filePath, FilePath filePath2, Run<?, ?> run, String str, AgentInfo agentInfo, TppConfig tppConfig, StandardUsernamePasswordCredentials standardUsernamePasswordCredentials) throws InterruptedException, IOException, RuntimeException {
        invokePkcs11ConfigGetGrant(logger, launcher, filePath, filePath2, run, tppConfig, str, agentInfo, standardUsernamePasswordCredentials);
    }

    private void invokePkcs11ConfigGetGrant(Logger logger, Launcher launcher, FilePath filePath, FilePath filePath2, Run<?, ?> run, TppConfig tppConfig, String str, AgentInfo agentInfo, StandardUsernamePasswordCredentials standardUsernamePasswordCredentials) throws InterruptedException, IOException {
        FilePath pkcs11ConfigToolPath = Utils.getPkcs11ConfigToolPath(launcher, agentInfo, filePath2, getVenafiClientToolsDir());
        CredentialsProvider.track(run, standardUsernamePasswordCredentials);
        String secret = Secret.toString(standardUsernamePasswordCredentials.getPassword());
        HashMap hashMap = new HashMap();
        hashMap.put("LIBHSMINSTANCE", str);
        invokeCommand(logger, launcher, filePath, "Logging into TPP: configuring client: requesting grant from server.", "Successfully obtained grant from TPP.", "Error requesting grant from TPP", "pkcs11config getgrant", new String[]{pkcs11ConfigToolPath.getRemote(), "getgrant", "--force", "--authurl=" + tppConfig.getAuthUrl(), "--hsmurl=" + tppConfig.getHsmUrl(), "--username=" + standardUsernamePasswordCredentials.getUsername(), "--password", secret}, new boolean[]{false, false, false, false, false, false, false, true}, hashMap);
    }

    private void logoutTpp(Logger logger, Launcher launcher, FilePath filePath, FilePath filePath2, String str, AgentInfo agentInfo) {
        try {
            invokePkcs11ConfigRevokeGrant(logger, launcher, filePath, filePath2, str, agentInfo);
        } catch (InterruptedException e) {
            logger.log("Error logging out of TPP: operation interrupted.", new Object[0]);
        } catch (Exception e2) {
            e2.printStackTrace(logger.getOutput());
        }
    }

    private void invokePkcs11ConfigRevokeGrant(Logger logger, Launcher launcher, FilePath filePath, FilePath filePath2, String str, AgentInfo agentInfo) throws IOException, InterruptedException {
        FilePath pkcs11ConfigToolPath = Utils.getPkcs11ConfigToolPath(launcher, agentInfo, filePath2, getVenafiClientToolsDir());
        HashMap hashMap = new HashMap();
        hashMap.put("LIBHSMINSTANCE", str);
        invokeCommand(logger, launcher, filePath, "Logging out of TPP: revoking server grant.", "Successfully revoked server grant.", "Error revoking grant from TPP", "pkcs11config revokegrant", new String[]{pkcs11ConfigToolPath.getRemote(), "revokegrant", "-force", "-clear"}, null, hashMap);
    }

    private Collection<FilePath> getFilesToSign(FilePath filePath) throws IOException, InterruptedException {
        ArrayList arrayList = new ArrayList();
        if (getFile() != null) {
            arrayList.add(filePath.child(getFile()));
        } else {
            for (FilePath filePath2 : filePath.list(getGlob(), (String) null, false)) {
                arrayList.add(filePath2);
            }
        }
        return arrayList;
    }

    private void invokeJarSigner(Logger logger, Launcher launcher, FilePath filePath, String str, AgentInfo agentInfo, FilePath filePath2, Collection<FilePath> collection) throws InterruptedException, IOException {
        HashMap hashMap = new HashMap();
        hashMap.put("LIBHSMINSTANCE", str);
        for (FilePath filePath3 : collection) {
            ArrayList arrayList = new ArrayList();
            arrayList.add("jarsigner");
            arrayList.add("-verbose");
            arrayList.add("-keystore");
            arrayList.add("NONE");
            arrayList.add("-storetype");
            arrayList.add("PKCS11");
            arrayList.add("-storepass");
            arrayList.add("none");
            arrayList.add("-providerclass");
            arrayList.add("sun.security.pkcs11.SunPKCS11");
            arrayList.add("-providerArg");
            arrayList.add(filePath2.getRemote());
            arrayList.add("-certs");
            if (!getTimestampingServers().isEmpty()) {
                TimestampingServer timestampingServer = getTimestampingServers().get((int) (Math.random() * getTimestampingServers().size()));
                arrayList.add("-tsa");
                arrayList.add(timestampingServer.getAddress());
            }
            Iterator<CmdArg> it = getExtraArgs().iterator();
            while (it.hasNext()) {
                arrayList.add(it.next().getArgument());
            }
            arrayList.add(filePath3.getRemote());
            arrayList.add(getCertLabel());
            invokeCommand(logger, launcher, filePath, "Signing with jarsigner: " + filePath3.getRemote(), "Successfully signed '" + filePath3.getRemote() + "'.", "Error signing '" + filePath3.getRemote() + "'", "jarsigner", (String[]) arrayList.toArray(new String[0]), null, hashMap);
        }
    }

    private String invokeCommand(Logger logger, Launcher launcher, FilePath filePath, String str, String str2, String str3, String str4, String[] strArr, boolean[] zArr, Map<String, String> map) throws InterruptedException, IOException {
        logger.log("%s", str);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        Launcher.ProcStarter pwd = launcher.launch().cmds(strArr).stdout(byteArrayOutputStream).pwd(filePath);
        if (zArr != null) {
            pwd.masks(zArr);
        }
        if (map != null) {
            pwd.envs(map);
        }
        try {
            int startAndJoinProc = startAndJoinProc(pwd);
            if (startAndJoinProc == 0) {
                logger.log("%s", str2);
                return byteArrayOutputStream.toString("UTF-8");
            }
            logger.log("%s: command exited with code %d. Output from command '%s' is as follows:\n%s", str3, Integer.valueOf(startAndJoinProc), str4, byteArrayOutputStream.toString("UTF-8"));
            throw new AbortException(str3 + ": command exited with code " + startAndJoinProc);
        } catch (IOException e) {
            logger.log("%s: %s", str3, e.getMessage());
            throw e;
        }
    }

    int startAndJoinProc(Launcher.ProcStarter procStarter) throws IOException, InterruptedException {
        return procStarter.start().join();
    }
}
