package hudson.cli;

import hudson.Extension;
import hudson.cli.CliProtocol;
import java.io.DataOutputStream;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.net.Socket;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.Signature;
import javax.crypto.spec.SecretKeySpec;
import jenkins.model.Jenkins;
import org.apache.sshd.common.config.keys.loader.AESPrivateKeyObfuscator;
import org.apache.sshd.common.signature.SignatureRSA;
import org.jenkinsci.Symbol;
import org.jenkinsci.remoting.engine.LegacyJnlpProtocolHandler;
import org.jenkinsci.remoting.nio.NioChannelHub;

@Extension
@Deprecated
@Symbol({"cli2"})
/* loaded from: input_file:WEB-INF/lib/jenkins-core-2.141-rc27252.5fdbc16fe5c5.jar:hudson/cli/CliProtocol2.class */
public class CliProtocol2 extends CliProtocol {

    /* loaded from: input_file:WEB-INF/lib/jenkins-core-2.141-rc27252.5fdbc16fe5c5.jar:hudson/cli/CliProtocol2$Handler2.class */
    protected static class Handler2 extends CliProtocol.Handler {
        @Deprecated
        public Handler2(Socket socket) {
            super(socket);
        }

        public Handler2(NioChannelHub nioChannelHub, Socket socket) {
            super(nioChannelHub, socket);
        }

        @Override // hudson.cli.CliProtocol.Handler
        public void run() throws IOException, InterruptedException {
            try {
                new DataOutputStream(this.socket.getOutputStream()).writeUTF(LegacyJnlpProtocolHandler.GREETING_SUCCESS);
                Connection connection = new Connection(this.socket);
                byte[] generateSecret = connection.diffieHellman(true).generateSecret();
                Connection encryptConnection = connection.encryptConnection(new SecretKeySpec(Connection.fold(generateSecret, 16), AESPrivateKeyObfuscator.CIPHER_NAME), "AES/CFB8/NoPadding");
                try {
                    Class<?> loadClass = Jenkins.getActiveInstance().pluginManager.uberClassLoader.loadClass("org.jenkinsci.main.modules.instance_identity.InstanceIdentity");
                    PrivateKey privateKey = (PrivateKey) loadClass.getDeclaredMethod("getPrivate", new Class[0]).invoke(loadClass.getDeclaredMethod("get", new Class[0]).invoke(null, new Object[0]), new Object[0]);
                    Signature signature = Signature.getInstance(SignatureRSA.DEFAULT_ALGORITHM);
                    signature.initSign(privateKey);
                    signature.update(generateSecret);
                    encryptConnection.writeByteArray(signature.sign());
                    runCli(encryptConnection);
                } catch (ClassNotFoundException | IllegalAccessException | NoSuchMethodException | InvocationTargetException e) {
                    throw new Error(e);
                }
            } catch (GeneralSecurityException e2) {
                throw new IOException("Failed to encrypt the CLI channel", e2);
            }
        }
    }

    @Override // hudson.cli.CliProtocol, jenkins.AgentProtocol
    public String getName() {
        if (jenkins.CLI.get().isEnabled()) {
            return "CLI2-connect";
        }
        return null;
    }

    @Override // hudson.cli.CliProtocol, jenkins.AgentProtocol
    public boolean isOptIn() {
        return true;
    }

    @Override // hudson.cli.CliProtocol, jenkins.AgentProtocol
    public boolean isDeprecated() {
        return true;
    }

    @Override // hudson.cli.CliProtocol, jenkins.AgentProtocol
    public String getDisplayName() {
        return "Jenkins CLI Protocol/2 (deprecated)";
    }

    @Override // hudson.cli.CliProtocol, jenkins.AgentProtocol
    public void handle(Socket socket) throws IOException, InterruptedException {
        new Handler2(this.nio.getHub(), socket).run();
    }
}
