package com.sysdig.jenkins.plugins.sysdig.scanner;

import com.google.common.base.Strings;
import com.sysdig.jenkins.plugins.sysdig.NewEngineBuildConfig;
import com.sysdig.jenkins.plugins.sysdig.log.SysdigLogger;
import hudson.AbortException;
import hudson.EnvVars;
import hudson.FilePath;
import hudson.remoting.Callable;
import java.io.BufferedReader;
import java.io.File;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.Serializable;
import java.net.InetSocketAddress;
import java.net.Proxy;
import java.net.URL;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.nio.file.attribute.FileAttribute;
import java.nio.file.attribute.PosixFilePermission;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.EnumSet;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.input.Tailer;
import org.apache.commons.io.input.TailerListenerAdapter;
import org.jenkinsci.remoting.RoleChecker;

/* loaded from: input_file:WEB-INF/lib/sysdig-secure.jar:com/sysdig/jenkins/plugins/sysdig/scanner/NewEngineRemoteExecutor.class */
public class NewEngineRemoteExecutor implements Callable<String, Exception>, Serializable {
    private static final String FIXED_SCANNED_VERSION = "1.3.4";
    private final ScannerPaths scannerPaths;
    private final String imageName;
    private final String dockerFile;
    private final NewEngineBuildConfig config;
    private final SysdigLogger logger;
    private final EnvVars envVars;
    private final String[] noProxy;

    /* loaded from: input_file:WEB-INF/lib/sysdig-secure.jar:com/sysdig/jenkins/plugins/sysdig/scanner/NewEngineRemoteExecutor$LogsFileToLoggerForwarder.class */
    public static class LogsFileToLoggerForwarder extends TailerListenerAdapter {
        private final SysdigLogger logger;

        public LogsFileToLoggerForwarder(SysdigLogger sysdigLogger) {
            this.logger = sysdigLogger;
        }

        public void handle(String str) {
            this.logger.logInfo(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/sysdig-secure.jar:com/sysdig/jenkins/plugins/sysdig/scanner/NewEngineRemoteExecutor$ScannerPaths.class */
    public static class ScannerPaths implements Serializable {
        private static final String SCANNER_EXEC_FOLDER_BASE_PATH_PATTERN = "sysdig-secure-scan-%d";
        private final String baseFolder;
        private final String binFolder;
        private final String databaseFolder;
        private final String cacheFolder;
        private final String tmpFolder;

        public ScannerPaths(FilePath filePath) {
            this.baseFolder = Paths.get(filePath.getRemote(), String.format(SCANNER_EXEC_FOLDER_BASE_PATH_PATTERN, Long.valueOf(System.currentTimeMillis()))).toString();
            this.binFolder = Paths.get(this.baseFolder, "bin").toString();
            this.databaseFolder = Paths.get(this.baseFolder, "db").toString();
            this.cacheFolder = Paths.get(this.baseFolder, "cache").toString();
            this.tmpFolder = Paths.get(this.baseFolder, "tmp").toString();
        }

        public String getBaseFolder() {
            return this.baseFolder;
        }

        public String getBinFolder() {
            return this.binFolder;
        }

        public String getDatabaseFolder() {
            return this.databaseFolder;
        }

        public String getCacheFolder() {
            return this.cacheFolder;
        }

        public String getTmpFolder() {
            return this.tmpFolder;
        }

        public void create() throws Exception {
            Files.createDirectories(Paths.get(this.baseFolder, new String[0]), new FileAttribute[0]);
            Files.createDirectory(Paths.get(this.binFolder, new String[0]), new FileAttribute[0]);
            Files.createDirectory(Paths.get(this.databaseFolder, new String[0]), new FileAttribute[0]);
            Files.createDirectory(Paths.get(this.cacheFolder, new String[0]), new FileAttribute[0]);
            Files.createDirectory(Paths.get(this.tmpFolder, new String[0]), new FileAttribute[0]);
        }

        public void purge() throws IOException {
            FileUtils.deleteDirectory(new File(this.baseFolder));
        }
    }

    public NewEngineRemoteExecutor(FilePath filePath, String str, String str2, NewEngineBuildConfig newEngineBuildConfig, SysdigLogger sysdigLogger, EnvVars envVars) {
        this.imageName = str;
        this.dockerFile = str2;
        this.config = newEngineBuildConfig;
        this.logger = sysdigLogger;
        this.envVars = envVars;
        this.scannerPaths = new ScannerPaths(filePath);
        if (envVars.containsKey("no_proxy") || envVars.containsKey("NO_PROXY")) {
            this.noProxy = ((String) envVars.getOrDefault("no_proxy", envVars.get("NO_PROXY"))).split(",");
        } else {
            this.noProxy = new String[0];
        }
    }

    public void checkRoles(RoleChecker roleChecker) throws SecurityException {
    }

    /* renamed from: call, reason: merged with bridge method [inline-methods] */
    public String m261call() throws AbortException {
        if (!Strings.isNullOrEmpty(this.dockerFile) && !new File(this.dockerFile).exists()) {
            throw new AbortException("Dockerfile '" + this.dockerFile + "' does not exist");
        }
        try {
            createExecutionWorkspace();
            return executeScan(retrieveScannerBinFile());
        } finally {
            purgeExecutionWorkspace();
        }
    }

    private File downloadInlineScan(String str) throws IOException, UnsupportedOperationException, InterruptedException {
        File file = Files.createFile(Paths.get(this.scannerPaths.getBinFolder(), String.format("inlinescan-%s.bin", str)), new FileAttribute[0]).toFile();
        this.logger.logInfo(System.getProperty("os.name"));
        URL url = new URL("https://download.sysdig.com/scanning/bin/sysdig-cli-scanner/" + str + "/" + (System.getProperty("os.name").toLowerCase().startsWith("mac") ? "darwin" : "linux") + "/amd64/sysdig-cli-scanner");
        Proxy httpProxy = getHttpProxy();
        boolean z = Arrays.asList(this.noProxy).contains("sysdig.com") || Arrays.asList(this.noProxy).contains("download.sysdig.com");
        int i = 5;
        while (true) {
            try {
                if (httpProxy == Proxy.NO_PROXY || httpProxy.type() == Proxy.Type.DIRECT || z) {
                    FileUtils.copyURLToFile(url, file);
                } else {
                    FileUtils.copyInputStreamToFile(url.openConnection(httpProxy).getInputStream(), file);
                }
                Files.setPosixFilePermissions(file.toPath(), EnumSet.of(PosixFilePermission.OWNER_EXECUTE));
                return file;
            } catch (Exception e) {
                i--;
                if (i <= 0) {
                    throw e;
                }
                TimeUnit.SECONDS.sleep(2L);
            }
        }
    }

    private String getInlineScanLatestVersion() throws IOException {
        URL url = new URL("https://download.sysdig.com/scanning/sysdig-cli-scanner/latest_version.txt");
        Proxy httpProxy = getHttpProxy();
        boolean z = Arrays.asList(this.noProxy).contains("sysdig.com") || Arrays.asList(this.noProxy).contains("download.sysdig.com");
        if (httpProxy != Proxy.NO_PROXY && httpProxy.type() != Proxy.Type.DIRECT && !z) {
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(url.openConnection(httpProxy).getInputStream(), StandardCharsets.UTF_8));
            Throwable th = null;
            try {
                String readLine = bufferedReader.readLine();
                if (bufferedReader != null) {
                    if (0 != 0) {
                        try {
                            bufferedReader.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        bufferedReader.close();
                    }
                }
                return readLine;
            } catch (Throwable th3) {
                if (bufferedReader != null) {
                    if (0 != 0) {
                        try {
                            bufferedReader.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        bufferedReader.close();
                    }
                }
                throw th3;
            }
        }
        BufferedReader bufferedReader2 = new BufferedReader(new InputStreamReader(url.openStream(), StandardCharsets.UTF_8));
        Throwable th5 = null;
        try {
            try {
                String readLine2 = bufferedReader2.readLine();
                if (bufferedReader2 != null) {
                    if (0 != 0) {
                        try {
                            bufferedReader2.close();
                        } catch (Throwable th6) {
                            th5.addSuppressed(th6);
                        }
                    } else {
                        bufferedReader2.close();
                    }
                }
                return readLine2;
            } finally {
            }
        } catch (Throwable th7) {
            if (bufferedReader2 != null) {
                if (th5 != null) {
                    try {
                        bufferedReader2.close();
                    } catch (Throwable th8) {
                        th5.addSuppressed(th8);
                    }
                } else {
                    bufferedReader2.close();
                }
            }
            throw th7;
        }
    }

    private String getInlineScanPinnedVersion() {
        return FIXED_SCANNED_VERSION;
    }

    private Proxy getHttpProxy() throws IOException {
        Proxy proxy;
        String str = "";
        if (this.envVars.containsKey("https_proxy") || this.envVars.containsKey("HTTPS_PROXY")) {
            str = (String) this.envVars.getOrDefault("https_proxy", this.envVars.get("HTTPS_PROXY"));
        } else if (this.envVars.containsKey("http_proxy") || this.envVars.containsKey("HTTP_PROXY")) {
            str = (String) this.envVars.getOrDefault("https_proxy", this.envVars.get("HTTPS_PROXY"));
        }
        if (str.isEmpty()) {
            proxy = Proxy.NO_PROXY;
        } else {
            if (!str.startsWith("http://") && !str.startsWith("https://")) {
                str = "http://" + str;
            }
            URL url = new URL(str);
            proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(url.getHost(), url.getPort() != -1 ? url.getPort() : 80));
        }
        this.logger.logDebug("Inline scan proxy: " + proxy);
        return proxy;
    }

    private void createExecutionWorkspace() throws AbortException {
        try {
            this.scannerPaths.create();
        } catch (Exception e) {
            this.logger.logError("Unable to create scanner execution workspace", e);
            throw new AbortException("Unable to create scanner execution workspace");
        }
    }

    private void purgeExecutionWorkspace() {
        try {
            this.scannerPaths.purge();
        } catch (IOException e) {
            this.logger.logError("Unable to delete scanner execution workspace", e);
        }
    }

    private File retrieveScannerBinFile() throws AbortException {
        File downloadInlineScan;
        if (this.config.getScannerBinaryPath().isEmpty()) {
            try {
                String inlineScanPinnedVersion = getInlineScanPinnedVersion();
                this.logger.logInfo("Downloading inlinescan v" + inlineScanPinnedVersion);
                downloadInlineScan = downloadInlineScan(inlineScanPinnedVersion);
                this.logger.logInfo("Inlinescan binary downloaded to " + downloadInlineScan.getPath());
            } catch (IOException | InterruptedException e) {
                throw new AbortException("Error downloading inlinescan binary: " + e);
            }
        } else {
            downloadInlineScan = new File(this.config.getScannerBinaryPath());
            this.logger.logInfo("Inlinescan binary globally defined to* " + downloadInlineScan.getPath());
        }
        return downloadInlineScan;
    }

    private String executeScan(File file) throws AbortException {
        try {
            File file2 = Files.createFile(Paths.get(this.scannerPaths.getBaseFolder(), "inlinescan.json"), new FileAttribute[0]).toFile();
            File file3 = Files.createFile(Paths.get(this.scannerPaths.getBaseFolder(), "inlinescan-logs.log"), new FileAttribute[0]).toFile();
            Tailer create = Tailer.create(file3, new LogsFileToLoggerForwarder(this.logger), 500L);
            ArrayList arrayList = new ArrayList();
            arrayList.add(file.getPath());
            arrayList.add(String.format("--apiurl=%s", this.config.getEngineurl()));
            arrayList.add(String.format("--dbpath=%s", this.scannerPaths.getDatabaseFolder()));
            arrayList.add(String.format("--cachepath=%s", this.scannerPaths.getCacheFolder()));
            arrayList.add(String.format("--output-json=%s", file2.getAbsolutePath()));
            arrayList.add("--console-log");
            if (this.config.getDebug()) {
                arrayList.add("--loglevel=debug");
            }
            if (!this.config.getEngineverify()) {
                arrayList.add("--skiptlsverify");
            }
            for (String str : this.config.getInlineScanExtraParams().split(" ")) {
                if (!Strings.isNullOrEmpty(str)) {
                    arrayList.add(str);
                }
            }
            for (String str2 : this.config.getPoliciesToApply().split(" ")) {
                if (!Strings.isNullOrEmpty(str2)) {
                    arrayList.add(String.format("--policy=%s", str2));
                }
            }
            arrayList.add(this.imageName);
            ProcessBuilder redirectError = new ProcessBuilder(new String[0]).command(arrayList).redirectOutput(file3).redirectError(file3);
            Map<String, String> environment = redirectError.environment();
            environment.putAll(this.envVars);
            environment.put("TMPDIR", this.scannerPaths.getTmpFolder());
            environment.put("SECURE_API_TOKEN", this.config.getSysdigToken());
            this.logger.logInfo("Executing: " + String.join(" ", arrayList));
            Process start = redirectError.start();
            this.logger.logInfo("Waiting for scanner execution to be completed...");
            int waitFor = start.waitFor();
            create.stop();
            this.logger.logInfo(String.format("Scanner exit code: %d", Integer.valueOf(waitFor)));
            String str3 = new String(Files.readAllBytes(Paths.get(file2.getAbsolutePath(), new String[0])), Charset.defaultCharset());
            this.logger.logDebug("Inline scan JSON output:\n" + str3);
            if (waitFor == 2) {
                str3 = "{error:\"Wrong parameters in call to inline scanner\"}";
            } else if (waitFor == 3) {
                str3 = "{error:\"Unexpected error when executing scan\"}";
            } else if (waitFor != 0 && waitFor != 1) {
                throw new Exception("Cannot manage return code");
            }
            return str3;
        } catch (Exception e) {
            throw new AbortException("Error executing inlinescan binary: " + e);
        }
    }
}
