package com.sysdig.jenkins.plugins.sysdig.scanner;

import com.github.dockerjava.core.DefaultDockerClientConfig;
import com.google.common.base.Strings;
import com.sysdig.jenkins.plugins.sysdig.BuildConfig;
import com.sysdig.jenkins.plugins.sysdig.Util;
import com.sysdig.jenkins.plugins.sysdig.containerrunner.Container;
import com.sysdig.jenkins.plugins.sysdig.containerrunner.ContainerRunner;
import com.sysdig.jenkins.plugins.sysdig.containerrunner.ContainerRunnerFactory;
import com.sysdig.jenkins.plugins.sysdig.containerrunner.DockerClientContainerFactory;
import com.sysdig.jenkins.plugins.sysdig.log.SysdigLogger;
import hudson.AbortException;
import hudson.EnvVars;
import hudson.remoting.Callable;
import java.io.File;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Timer;
import java.util.TimerTask;
import org.jenkinsci.remoting.RoleChecker;

/* loaded from: input_file:WEB-INF/lib/sysdig-secure.jar:com/sysdig/jenkins/plugins/sysdig/scanner/InlineScannerRemoteExecutor.class */
public class InlineScannerRemoteExecutor implements Callable<String, Exception>, Serializable {
    private static final String DUMMY_ENTRYPOINT = "cat";
    private static final String SCAN_COMMAND = "/sysdig-inline-scan.sh";
    private static final String VERBOSE_ARG = "--verbose";
    private static final String SKIP_TLS_ARG = "--sysdig-skip-tls";
    private static final String SYSDIG_URL_ARG = "--sysdig-url=%s";
    private static final String ON_PREM_ARG = "--on-prem";
    private static final String DOCKERFILE_ARG = "--dockerfile=/tmp/";
    private static final String DOCKERFILE_MOUNTPOINT = "/tmp/";
    private static final int STOP_SECONDS = 1;
    private final String imageName;
    private final String dockerFile;
    private final BuildConfig config;
    private final SysdigLogger logger;
    private final EnvVars envVars;
    static final String DEFAULT_DOCKER_VOLUME = "/var/run/docker.sock";
    private static final String[] MKDIR_COMMAND = {"mkdir", "-p", "/tmp/sysdig-inline-scan/logs"};
    private static final String[] TOUCH_COMMAND = {"touch", "/tmp/sysdig-inline-scan/logs/info.log"};
    private static final String[] TAIL_COMMAND = {"tail", "-f", "/tmp/sysdig-inline-scan/logs/info.log"};
    private static final String[] SCAN_ARGS = {"--storage-type=docker-daemon", "--format=JSON"};
    private static ContainerRunnerFactory containerRunnerFactory = new DockerClientContainerFactory();

    public static void setContainerRunnerFactory(ContainerRunnerFactory containerRunnerFactory2) {
        containerRunnerFactory = containerRunnerFactory2;
    }

    public InlineScannerRemoteExecutor(String str, String str2, BuildConfig buildConfig, SysdigLogger sysdigLogger, EnvVars envVars) {
        this.imageName = str;
        this.dockerFile = str2;
        this.config = buildConfig;
        this.logger = sysdigLogger;
        this.envVars = envVars;
    }

    public void checkRoles(RoleChecker roleChecker) throws SecurityException {
    }

    /* renamed from: call, reason: merged with bridge method [inline-methods] */
    public String m487call() throws InterruptedException, AbortException {
        if (!Strings.isNullOrEmpty(this.dockerFile) && !new File(this.dockerFile).exists()) {
            throw new AbortException("Dockerfile '" + this.dockerFile + "' does not exist");
        }
        ArrayList arrayList = new ArrayList();
        String str = null;
        if (this.envVars.containsKey(DefaultDockerClientConfig.DOCKER_HOST)) {
            String str2 = (String) this.envVars.get(DefaultDockerClientConfig.DOCKER_HOST);
            if (Util.isExistingFile(str2)) {
                arrayList.add(str2 + ":" + DEFAULT_DOCKER_VOLUME);
            } else {
                if (str2.startsWith("/")) {
                    throw new AbortException("Daemon socket '" + str2 + "' does not exist");
                }
                str = str2;
            }
        } else {
            arrayList.add("/var/run/docker.sock:/var/run/docker.sock");
        }
        ContainerRunner containerRunner = containerRunnerFactory.getContainerRunner(this.logger, this.envVars, str);
        Timer timer = null;
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(SCAN_COMMAND);
        arrayList2.addAll(Arrays.asList(SCAN_ARGS));
        if (this.config.getDebug()) {
            arrayList2.add(VERBOSE_ARG);
        }
        if (!this.config.getEngineverify()) {
            arrayList2.add(SKIP_TLS_ARG);
        }
        arrayList2.add(this.imageName);
        if (!this.config.getEngineurl().equals("https://secure.sysdig.com")) {
            arrayList2.add(String.format(SYSDIG_URL_ARG, this.config.getEngineurl()));
            arrayList2.add(ON_PREM_ARG);
        }
        ArrayList arrayList3 = new ArrayList();
        arrayList3.add("SYSDIG_API_TOKEN=" + this.config.getSysdigToken());
        arrayList3.add("SYSDIG_ADDED_BY=cicd-inline-scan");
        addProxyVars(this.envVars, arrayList3, this.logger);
        this.logger.logDebug("System environment: " + System.getenv().toString());
        this.logger.logDebug("Final environment: " + this.envVars);
        this.logger.logDebug("Creating container with environment: " + arrayList3);
        this.logger.logDebug("Bind mounts: " + arrayList);
        final Container createContainer = containerRunner.createContainer(this.envVars.get("SYSDIG_OVERRIDE_INLINE_SCAN_IMAGE", this.config.getInlineScanImage()), Collections.singletonList(DUMMY_ENTRYPOINT), null, arrayList3, this.config.getRunAsUser(), arrayList);
        if (!Strings.isNullOrEmpty(this.dockerFile)) {
            File file = new File(this.dockerFile);
            this.logger.logDebug("Copying Dockerfile from " + file.getAbsolutePath() + " to " + DOCKERFILE_MOUNTPOINT + file.getName() + " inside container");
            createContainer.copy(this.dockerFile, DOCKERFILE_MOUNTPOINT);
            arrayList2.add(DOCKERFILE_ARG + file.getName());
        }
        if (!Strings.isNullOrEmpty(this.config.getInlineScanExtraParams())) {
            arrayList2.addAll(Arrays.asList(this.config.getInlineScanExtraParams().split(" ")));
        }
        StringBuilder sb = new StringBuilder();
        try {
            createContainer.runAsync(str3 -> {
                sendToLog(this.logger, str3);
            }, str4 -> {
                sendToLog(this.logger, str4);
            });
            createContainer.exec(Arrays.asList(MKDIR_COMMAND), null, str5 -> {
                sendToLog(this.logger, str5);
            }, str6 -> {
                sendToLog(this.logger, str6);
            });
            createContainer.exec(Arrays.asList(TOUCH_COMMAND), null, str7 -> {
                sendToLog(this.logger, str7);
            }, str8 -> {
                sendToLog(this.logger, str8);
            });
            createContainer.execAsync(Arrays.asList(TAIL_COMMAND), null, str9 -> {
                sendToLog(this.logger, str9);
            }, str10 -> {
                sendToLog(this.logger, str10);
            });
            if (this.envVars.get("DOCKER_CMD_EXEC_PING_DELAY") != null) {
                String str11 = (String) this.envVars.get("DOCKER_CMD_EXEC_PING_DELAY");
                try {
                    long parseLong = Long.parseLong(str11);
                    timer = new Timer();
                    timer.scheduleAtFixedRate(new TimerTask() { // from class: com.sysdig.jenkins.plugins.sysdig.scanner.InlineScannerRemoteExecutor.1
                        @Override // java.util.TimerTask, java.lang.Runnable
                        public void run() {
                            createContainer.ping();
                        }
                    }, parseLong * 1000, parseLong * 1000);
                    this.logger.logDebug("Starting pinging to keep connection alive during command execution...");
                } catch (NumberFormatException e) {
                    this.logger.logWarn(String.format("DOCKER_CMD_EXEC_PING_DELAY=%s is not valid", str11));
                }
            }
            this.logger.logDebug("Executing command in container: " + arrayList2);
            createContainer.exec(arrayList2, null, str12 -> {
                sendToBuilder(sb, str12);
            }, str13 -> {
                sendToDebugLog(this.logger, str13);
            });
            if (timer != null) {
                timer.cancel();
            }
            createContainer.stop(1);
            return sb.toString();
        } catch (Throwable th) {
            if (timer != null) {
                timer.cancel();
            }
            createContainer.stop(1);
            throw th;
        }
    }

    private void addProxyVars(EnvVars envVars, List<String> list, SysdigLogger sysdigLogger) {
        String str = (String) envVars.get("http_proxy");
        if (Strings.isNullOrEmpty(str)) {
            str = (String) envVars.get("HTTP_PROXY");
            if (!Strings.isNullOrEmpty(str)) {
                sysdigLogger.logDebug("HTTP proxy setting from env var HTTP_PROXY (http_proxy empty): " + str);
            }
        } else {
            sysdigLogger.logDebug("HTTP proxy setting from env var http_proxy: " + str);
        }
        if (!Strings.isNullOrEmpty(str)) {
            list.add("http_proxy=" + str);
        }
        String str2 = (String) envVars.get("https_proxy");
        if (Strings.isNullOrEmpty(str2)) {
            str2 = (String) envVars.get("HTTPS_PROXY");
            if (!Strings.isNullOrEmpty(str2)) {
                sysdigLogger.logDebug("HTTPS proxy setting from env var HTTPS_PROXY (https_proxy empty): " + str2);
            }
        } else {
            sysdigLogger.logDebug("HTTPS proxy setting from env var https_proxy: " + str2);
        }
        if (Strings.isNullOrEmpty(str2)) {
            str2 = str;
            if (!Strings.isNullOrEmpty(str2)) {
                sysdigLogger.logDebug("HTTPS proxy setting from env var http_proxy (https_proxy and HTTPS_PROXY empty): " + str2);
            }
        }
        if (!Strings.isNullOrEmpty(str2)) {
            list.add("https_proxy=" + str2);
        }
        String str3 = (String) envVars.get("no_proxy");
        if (Strings.isNullOrEmpty(str3)) {
            str3 = (String) envVars.get("NO_PROXY");
            if (!Strings.isNullOrEmpty(str3)) {
                sysdigLogger.logDebug("NO proxy setting from env var NO_PROXY (no_proxy empty): " + str3);
            }
        } else {
            sysdigLogger.logDebug("NO proxy setting from env var no_proxy: " + str3);
        }
        if (Strings.isNullOrEmpty(str3)) {
            return;
        }
        list.add("no_proxy=" + str3);
    }

    private void sendToBuilder(StringBuilder sb, String str) {
        for (String str2 : str.split("[\n\r]")) {
            if (!str2.startsWith("+ ")) {
                sb.append(str2);
            }
        }
    }

    private void sendToLog(SysdigLogger sysdigLogger, String str) {
        for (String str2 : str.split("[\n\r]")) {
            sysdigLogger.logInfo(str2);
        }
    }

    private void sendToDebugLog(SysdigLogger sysdigLogger, String str) {
        for (String str2 : str.split("[\n\r]")) {
            sysdigLogger.logDebug(str2);
        }
    }
}
