package org.csanchez.jenkins.plugins.kubernetes.pipeline;

import edu.umd.cs.findbugs.annotations.CheckForNull;
import hudson.Extension;
import hudson.util.LogTaskListener;
import io.fabric8.kubernetes.api.model.Container;
import io.fabric8.kubernetes.api.model.EnvVar;
import io.fabric8.kubernetes.api.model.EnvVarSource;
import io.fabric8.kubernetes.api.model.Pod;
import io.fabric8.kubernetes.client.dsl.ContainerResource;
import io.fabric8.kubernetes.client.dsl.ExecListener;
import io.fabric8.kubernetes.client.dsl.ExecWatch;
import io.fabric8.kubernetes.client.dsl.Execable;
import io.fabric8.kubernetes.client.dsl.NonNamespaceOperation;
import io.fabric8.kubernetes.client.dsl.PodResource;
import io.fabric8.kubernetes.client.dsl.TtyExecErrorChannelable;
import io.fabric8.kubernetes.client.dsl.TtyExecErrorable;
import io.fabric8.kubernetes.client.dsl.TtyExecable;
import io.fabric8.kubernetes.client.utils.Serialization;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.io.PrintStream;
import java.nio.charset.StandardCharsets;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TreeSet;
import java.util.WeakHashMap;
import java.util.concurrent.Semaphore;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.csanchez.jenkins.plugins.kubernetes.KubernetesComputer;
import org.csanchez.jenkins.plugins.kubernetes.KubernetesSlave;
import org.csanchez.jenkins.plugins.kubernetes.PodTemplate;
import org.jenkinsci.plugins.credentialsbinding.masking.SecretPatterns;
import org.jenkinsci.plugins.kubernetes.auth.KubernetesAuthException;
import org.jenkinsci.plugins.workflow.log.TaskListenerDecorator;
import org.jenkinsci.plugins.workflow.steps.DynamicContext;

/* loaded from: input_file:org/csanchez/jenkins/plugins/kubernetes/pipeline/SecretsMasker.class */
public final class SecretsMasker extends TaskListenerDecorator {
    private static final Logger LOGGER;
    private static final long serialVersionUID = 1;
    private final Set<String> values;
    static final /* synthetic */ boolean $assertionsDisabled;

    @Extension
    /* loaded from: input_file:org/csanchez/jenkins/plugins/kubernetes/pipeline/SecretsMasker$Factory.class */
    public static final class Factory extends DynamicContext.Typed<TaskListenerDecorator> {
        private final Map<KubernetesComputer, Set<String>> secrets = new WeakHashMap();

        protected Class<TaskListenerDecorator> type() {
            return TaskListenerDecorator.class;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        /* renamed from: get, reason: merged with bridge method [inline-methods] */
        public TaskListenerDecorator m39get(DynamicContext.DelegatedContext delegatedContext) throws IOException, InterruptedException {
            KubernetesComputer kubernetesComputer = (KubernetesComputer) delegatedContext.get(KubernetesComputer.class);
            if (kubernetesComputer == null) {
                return null;
            }
            synchronized (this.secrets) {
                if (this.secrets.containsKey(kubernetesComputer)) {
                    Set<String> set = this.secrets.get(kubernetesComputer);
                    if (set == null) {
                        SecretsMasker.LOGGER.log(Level.FINE, "Cached absence of secrets for {0}", kubernetesComputer);
                        return null;
                    }
                    SecretsMasker.LOGGER.log(Level.FINE, "Using cached secrets for {0}", kubernetesComputer);
                    return TaskListenerDecorator.merge((TaskListenerDecorator) delegatedContext.get(TaskListenerDecorator.class), new SecretsMasker(set));
                }
                Set<String> secretsOf = secretsOf(kubernetesComputer);
                synchronized (this.secrets) {
                    this.secrets.put(kubernetesComputer, secretsOf);
                }
                if (secretsOf != null) {
                    SecretsMasker.LOGGER.fine("masking " + secretsOf.size() + " values");
                    return TaskListenerDecorator.merge((TaskListenerDecorator) delegatedContext.get(TaskListenerDecorator.class), new SecretsMasker(secretsOf));
                }
                SecretsMasker.LOGGER.fine("no values to mask");
                return null;
            }
        }

        @CheckForNull
        private static Set<String> secretsOf(KubernetesComputer kubernetesComputer) throws IOException, InterruptedException {
            KubernetesSlave kubernetesSlave;
            PodTemplate templateOrNull;
            if (kubernetesComputer.getChannel() == null || (kubernetesSlave = (KubernetesSlave) kubernetesComputer.getNode()) == null || (templateOrNull = kubernetesSlave.getTemplateOrNull()) == null) {
                return null;
            }
            Pod build = templateOrNull.build(kubernetesSlave);
            HashSet hashSet = new HashSet();
            hashSet.add(kubernetesComputer.getJnlpMac());
            SecretsMasker.LOGGER.finer(() -> {
                return "inspecting " + Serialization.asYaml(build);
            });
            for (Container container : build.getSpec().getContainers()) {
                TreeSet treeSet = new TreeSet();
                List<EnvVar> env = container.getEnv();
                if (env != null) {
                    for (EnvVar envVar : env) {
                        EnvVarSource valueFrom = envVar.getValueFrom();
                        if (valueFrom != null && valueFrom.getSecretKeyRef() != null) {
                            treeSet.add(envVar.getName());
                        }
                    }
                }
                if (!treeSet.isEmpty()) {
                    String name = container.getName();
                    SecretsMasker.LOGGER.fine(() -> {
                        return "looking for " + kubernetesSlave.getNamespace() + "/" + kubernetesSlave.getPodName() + "/" + name + " secrets named " + treeSet;
                    });
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    final Semaphore semaphore = new Semaphore(0);
                    Boolean isUnix = kubernetesComputer.isUnix();
                    if (isUnix == null) {
                        return null;
                    }
                    try {
                        PrintStream logger = new LogTaskListener(SecretsMasker.LOGGER, Level.FINE).getLogger();
                        try {
                            ExecWatch execWatch = (ExecWatch) ((Execable) ((TtyExecable) ((TtyExecErrorChannelable) ((TtyExecErrorable) ((ContainerResource) ((PodResource) ((NonNamespaceOperation) kubernetesSlave.getKubernetesCloud().connect().pods().inNamespace(kubernetesSlave.getNamespace())).withName(kubernetesSlave.getPodName())).inContainer(name)).writingOutput(byteArrayOutputStream)).writingError(logger)).writingErrorChannel(logger)).usingListener(new ExecListener() { // from class: org.csanchez.jenkins.plugins.kubernetes.pipeline.SecretsMasker.Factory.1
                                public void onFailure(Throwable th, ExecListener.Response response) {
                                    semaphore.release();
                                }

                                public void onClose(int i, String str) {
                                    semaphore.release();
                                }
                            })).exec(isUnix.booleanValue() ? new String[]{"env"} : new String[]{"cmd", "/c", "set"});
                            try {
                                if (!semaphore.tryAcquire(10L, TimeUnit.SECONDS)) {
                                    SecretsMasker.LOGGER.fine(() -> {
                                        return "time out trying to find environment from " + kubernetesSlave.getNamespace() + "/" + kubernetesSlave.getPodName() + "/" + name;
                                    });
                                }
                                if (execWatch != null) {
                                    execWatch.close();
                                }
                                if (logger != null) {
                                    logger.close();
                                }
                            } catch (Throwable th) {
                                if (execWatch != null) {
                                    try {
                                        execWatch.close();
                                    } catch (Throwable th2) {
                                        th.addSuppressed(th2);
                                    }
                                }
                                throw th;
                                break;
                            }
                        } finally {
                        }
                    } catch (RuntimeException | KubernetesAuthException e) {
                        SecretsMasker.LOGGER.log(Level.FINE, "failed to find environment from " + kubernetesSlave.getNamespace() + "/" + kubernetesSlave.getPodName() + "/" + name, (Throwable) e);
                    }
                    for (String str : byteArrayOutputStream.toString(StandardCharsets.UTF_8.name()).split("\r?\n")) {
                        int indexOf = str.indexOf(61);
                        if (indexOf != -1) {
                            String substring = str.substring(0, indexOf);
                            if (treeSet.contains(substring)) {
                                SecretsMasker.LOGGER.fine(() -> {
                                    return "found value for " + substring;
                                });
                                String substring2 = str.substring(indexOf + 1);
                                if (!substring2.isEmpty()) {
                                    hashSet.add(substring2);
                                }
                            }
                        }
                    }
                }
            }
            return hashSet;
        }
    }

    private SecretsMasker(Set<String> set) {
        if (!$assertionsDisabled && set.isEmpty()) {
            throw new AssertionError();
        }
        this.values = set;
    }

    public OutputStream decorate(OutputStream outputStream) throws IOException, InterruptedException {
        return new SecretPatterns.MaskingOutputStream(outputStream, () -> {
            return SecretPatterns.getAggregateSecretPattern(this.values);
        }, "UTF-8");
    }

    static {
        $assertionsDisabled = !SecretsMasker.class.desiredAssertionStatus();
        LOGGER = Logger.getLogger(SecretsMasker.class.getName());
    }
}
