package io.jenkins.plugins.yc;

import com.cloudbees.jenkins.plugins.sshcredentials.SSHUserPrivateKey;
import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import edu.umd.cs.findbugs.annotations.CheckForNull;
import hudson.model.Computer;
import hudson.model.Descriptor;
import hudson.model.ItemGroup;
import hudson.model.Label;
import hudson.model.Node;
import hudson.security.ACL;
import hudson.slaves.Cloud;
import hudson.slaves.NodeProvisioner;
import hudson.util.FormValidation;
import io.jenkins.plugins.yc.YandexTemplate;
import io.jenkins.plugins.yc.exception.LoginFailed;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.StringReader;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.EnumSet;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.concurrent.Callable;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.locks.ReentrantLock;
import java.util.logging.Level;
import java.util.logging.Logger;
import jenkins.model.Jenkins;
import org.apache.commons.lang.StringUtils;
import org.jenkinsci.plugins.plaincredentials.impl.FileCredentialsImpl;
import org.json.JSONObject;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.verb.POST;
import org.springframework.security.core.Authentication;
import yandex.cloud.api.compute.v1.InstanceOuterClass;
import yandex.cloud.sdk.auth.provider.CredentialProvider;

/* loaded from: input_file:io/jenkins/plugins/yc/AbstractCloud.class */
public abstract class AbstractCloud extends Cloud {
    private static final Logger LOGGER = Logger.getLogger(AbstractCloud.class.getName());
    private final List<? extends YandexTemplate> templates;
    private transient ReentrantLock slaveCountingLock;
    private final String credentialsId;
    private final int authSleepMs;
    private final int delayForRetry = 10000;

    @CheckForNull
    private final String sshKeysCredentialsId;

    /* loaded from: input_file:io/jenkins/plugins/yc/AbstractCloud$DescriptorImpl.class */
    public static abstract class DescriptorImpl extends Descriptor<Cloud> {
        @CheckForNull
        public static ServiceAccount getCredentials(@CheckForNull String str) throws Exception {
            if (StringUtils.isBlank(str)) {
                return null;
            }
            FileCredentialsImpl firstOrNull = CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentialsInItemGroup(FileCredentialsImpl.class, Jenkins.get(), ACL.SYSTEM2), CredentialsMatchers.withId(str));
            if (firstOrNull == null) {
                throw new LoginFailed("File not found");
            }
            try {
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(firstOrNull.getContent(), StandardCharsets.UTF_8));
                try {
                    StringBuilder sb = new StringBuilder();
                    while (true) {
                        String readLine = bufferedReader.readLine();
                        if (readLine == null) {
                            JSONObject jSONObject = new JSONObject(sb.toString());
                            ServiceAccount serviceAccount = new ServiceAccount(firstOrNull.getScope(), jSONObject.getString("id"), firstOrNull.getDescription(), jSONObject.getString("created_at"), jSONObject.getString("key_algorithm"), jSONObject.getString("service_account_id"), jSONObject.getString("private_key"), jSONObject.getString("public_key"));
                            bufferedReader.close();
                            return serviceAccount;
                        }
                        sb.append(readLine);
                    }
                } finally {
                }
            } catch (IOException e) {
                throw new IOException(e);
            }
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @POST
        public FormValidation doTestConnection(@AncestorInPath ItemGroup itemGroup, String str) {
            Jenkins.get().checkPermission(Jenkins.ADMINISTER);
            try {
                ServiceAccount credentials = getCredentials(str);
                if (credentials == null) {
                    throw new LoginFailed("Failed find serviceAccount");
                }
                CredentialProvider buildCredentialProvider = credentials.buildCredentialProvider();
                try {
                    if (buildCredentialProvider.get().getToken() == null) {
                        throw new LoginFailed("Failed to login!");
                    }
                    FormValidation ok = FormValidation.ok(Messages.YCloud_Success());
                    if (buildCredentialProvider != null) {
                        buildCredentialProvider.close();
                    }
                    return ok;
                } finally {
                }
            } catch (Exception e) {
                return FormValidation.error(e.getMessage());
            }
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @POST
        public FormValidation doCheckSshKeysCredentialsId(@AncestorInPath ItemGroup itemGroup, String str) throws IOException {
            String readLine;
            Jenkins.get().checkPermission(Jenkins.ADMINISTER);
            if (str == null || str.isEmpty()) {
                return FormValidation.error("No ssh credentials selected");
            }
            SSHUserPrivateKey sshCredential = AbstractCloud.getSshCredential(str);
            if (sshCredential == null) {
                return FormValidation.error("Failed to find credential \"" + str + "\" in store.");
            }
            boolean z = false;
            boolean z2 = false;
            BufferedReader bufferedReader = new BufferedReader(new StringReader((String) sshCredential.getPrivateKeys().get(0)));
            do {
                readLine = bufferedReader.readLine();
                if (readLine == null) {
                    return !z ? FormValidation.error("This doesn't look like a private key at all") : !z2 ? FormValidation.error("The private key is missing the trailing 'END RSA PRIVATE KEY' marker. Copy&paste error?") : FormValidation.ok();
                }
                if (readLine.equals("-----BEGIN RSA PRIVATE KEY-----")) {
                    z = true;
                }
                if (readLine.equals("-----END RSA PRIVATE KEY-----")) {
                    z2 = true;
                }
            } while (!readLine.equals("-----BEGIN OPENSSH PRIVATE KEY-----"));
            return FormValidation.error("OPENSSH is a proprietary format. YC Integration requires the keys to be in PEM format");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractCloud(String str, List<? extends YandexTemplate> list, String str2, String str3, int i) {
        super(str);
        this.slaveCountingLock = new ReentrantLock();
        this.delayForRetry = 10000;
        this.templates = (List) Objects.requireNonNullElse(list, Collections.emptyList());
        this.credentialsId = str2;
        this.sshKeysCredentialsId = str3;
        this.authSleepMs = i != 0 ? i : 300000;
        readResolve();
    }

    public boolean canProvision(Cloud.CloudState cloudState) {
        return !getTemplates(cloudState.getLabel()).isEmpty();
    }

    public YCAbstractSlave getNewOrExistingAvailableSlave(YandexTemplate yandexTemplate, int i, boolean z) throws Exception {
        try {
            this.slaveCountingLock.lock();
            try {
                EnumSet<YandexTemplate.ProvisionOptions> of = z ? EnumSet.of(YandexTemplate.ProvisionOptions.FORCE_CREATE) : EnumSet.of(YandexTemplate.ProvisionOptions.ALLOW_CREATE);
                if (i > 1) {
                    LOGGER.log(Level.INFO, String.format("%d nodes were requested for the template %s, but because of instance cap only %d can be provisioned", Integer.valueOf(i), yandexTemplate, 1));
                    i = 1;
                }
                YCAbstractSlave provision = yandexTemplate.provision(i, of);
                this.slaveCountingLock.unlock();
                return provision;
            } catch (Exception e) {
                LOGGER.log(Level.WARNING, yandexTemplate + ". Exception during provisioning", (Throwable) e);
                throw e;
            }
        } catch (Throwable th) {
            this.slaveCountingLock.unlock();
            throw th;
        }
    }

    protected Object readResolve() {
        this.slaveCountingLock = new ReentrantLock();
        Iterator<? extends YandexTemplate> it = this.templates.iterator();
        while (it.hasNext()) {
            it.next().parent = this;
        }
        return this;
    }

    @CheckForNull
    public YCPrivateKey resolvePrivateKey() {
        SSHUserPrivateKey sshCredential;
        if (this.sshKeysCredentialsId == null || (sshCredential = getSshCredential(this.sshKeysCredentialsId)) == null) {
            return null;
        }
        return new YCPrivateKey((String) sshCredential.getPrivateKeys().get(0), sshCredential.getUsername());
    }

    @CheckForNull
    private static SSHUserPrivateKey getSshCredential(String str) {
        SSHUserPrivateKey firstOrNull = CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentialsInItemGroup(SSHUserPrivateKey.class, Jenkins.get(), (Authentication) null), CredentialsMatchers.withId(str));
        if (firstOrNull == null) {
            LOGGER.log(Level.WARNING, "YC Plugin could not find the specified credentials ({0}) in the Jenkins Global Credentials Store, YC Plugin for cloud must be manually reconfigured", (Object[]) new String[]{str});
        }
        return firstOrNull;
    }

    public List<YandexTemplate> getTemplates() {
        return Collections.unmodifiableList(this.templates);
    }

    @javax.annotation.CheckForNull
    public YandexTemplate getTemplate(String str) {
        for (YandexTemplate yandexTemplate : this.templates) {
            if (yandexTemplate.getDescription().equals(str)) {
                return yandexTemplate;
            }
        }
        return null;
    }

    public Collection<YandexTemplate> getTemplates(Label label) {
        ArrayList arrayList = new ArrayList();
        for (YandexTemplate yandexTemplate : this.templates) {
            if (yandexTemplate.getMode() == Node.Mode.NORMAL) {
                if (label == null || label.matches(yandexTemplate.getLabelSet())) {
                    arrayList.add(yandexTemplate);
                }
            } else if (yandexTemplate.getMode() == Node.Mode.EXCLUSIVE && label != null && label.matches(yandexTemplate.getLabelSet())) {
                arrayList.add(yandexTemplate);
            }
        }
        return arrayList;
    }

    public NodeProvisioner.PlannedNode createPlannedNode(final YandexTemplate yandexTemplate, final YCAbstractSlave yCAbstractSlave) {
        return new NodeProvisioner.PlannedNode(yandexTemplate.parent.getDisplayName(), Computer.threadPoolForRemoting.submit(new Callable<Node>() { // from class: io.jenkins.plugins.yc.AbstractCloud.1
            private static final int DESCRIBE_LIMIT = 5;
            int retryCount = 0;

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public Node call() throws Exception {
                while (true) {
                    String instanceId = yCAbstractSlave.getInstanceId();
                    InstanceOuterClass.Instance instanceResponse = yandexTemplate.getInstanceResponse(instanceId);
                    if (instanceResponse == null) {
                        AbstractCloud.LOGGER.log(Level.WARNING, "{0} Can't find instance with instance id `{1}` in cloud {2}. Terminate provisioning ", new Object[]{yandexTemplate, instanceId, yCAbstractSlave.getCloudName()});
                        return null;
                    }
                    String name = instanceResponse.getStatus().name();
                    if (name.equals("RUNNING")) {
                        Computer computer = yCAbstractSlave.toComputer();
                        if (yCAbstractSlave.getStopOnTerminate() && computer != null) {
                            computer.connect(false);
                        }
                        AbstractCloud.LOGGER.log(Level.INFO, "{0} Node {1} moved to RUNNING state in {2} seconds and is ready to be connected by Jenkins", new Object[]{yandexTemplate, yCAbstractSlave.getNodeName(), Long.valueOf(TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis()))});
                        return yCAbstractSlave;
                    }
                    if (!name.equals("PROVISIONING")) {
                        if (this.retryCount >= DESCRIBE_LIMIT) {
                            AbstractCloud.LOGGER.log(Level.WARNING, "Instance {0} did not move to running after 1 attempts, terminating provisioning", new Object[]{instanceId});
                            return null;
                        }
                        AbstractCloud.LOGGER.log(Level.INFO, "Attempt {0}: {1}. Node {2} is neither pending, neither running, it''s {3}. Will try again after 10000s", new Object[]{Integer.valueOf(this.retryCount), yandexTemplate, yCAbstractSlave.getNodeName(), name});
                        this.retryCount++;
                    }
                    Thread.sleep(10000L);
                }
            }
        }), yandexTemplate.getNumExecutors());
    }

    @CheckForNull
    public String getSshKeysCredentialsId() {
        return this.sshKeysCredentialsId;
    }

    public ReentrantLock getSlaveCountingLock() {
        return this.slaveCountingLock;
    }

    public String getCredentialsId() {
        return this.credentialsId;
    }

    public int getAuthSleepMs() {
        return this.authSleepMs;
    }
}
