package jenkins.security;

import groovy.ui.text.StructuredSyntaxHandler;
import hudson.Extension;
import hudson.Functions;
import hudson.Util;
import hudson.init.InitMilestone;
import hudson.init.Initializer;
import hudson.model.TaskListener;
import hudson.util.HttpResponses;
import hudson.util.SecretRewriter;
import hudson.util.VersionNumber;
import java.io.File;
import java.io.IOException;
import java.io.PrintStream;
import java.security.GeneralSecurityException;
import java.util.Date;
import java.util.logging.Level;
import java.util.logging.Logger;
import jenkins.management.AsynchronousAdministrativeMonitor;
import jenkins.model.Jenkins;
import jenkins.util.io.FileBoolean;
import org.jenkinsci.Symbol;
import org.kohsuke.stapler.HttpResponse;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.interceptor.RequirePOST;

@Extension
@Symbol({"rekeySecret"})
/* loaded from: input_file:WEB-INF/lib/jenkins-core-2.390-rc33332.0f6b_b_e65529d.jar:jenkins/security/RekeySecretAdminMonitor.class */
public class RekeySecretAdminMonitor extends AsynchronousAdministrativeMonitor {
    private final FileBoolean needed = state("needed");
    private final FileBoolean done = state("done");
    private final FileBoolean scanOnBoot = state("scanOnBoot");
    private static final Logger LOGGER = Logger.getLogger(RekeySecretAdminMonitor.class.getName());

    public RekeySecretAdminMonitor() throws IOException {
        Jenkins jenkins2 = Jenkins.get();
        if (jenkins2.isUpgradedFromBefore(new VersionNumber("1.496.*")) && new FileBoolean(new File(jenkins2.getRootDir(), "secret.key.not-so-secret")).isOff()) {
            this.needed.on();
        }
        Util.deleteRecursive(new File(getBaseDir(), "backups"));
    }

    @Override // hudson.model.AdministrativeMonitor
    public boolean isActivated() {
        return this.needed.isOn();
    }

    public boolean isDone() {
        return this.done.isOn();
    }

    public void setNeeded() {
        this.needed.on();
    }

    public boolean isScanOnBoot() {
        return this.scanOnBoot.isOn();
    }

    @Override // hudson.model.AdministrativeMonitor
    public boolean isSecurity() {
        return true;
    }

    @RequirePOST
    public HttpResponse doScan(StaplerRequest staplerRequest) throws IOException, GeneralSecurityException {
        if (staplerRequest.hasParameter(StructuredSyntaxHandler.BACKGROUND)) {
            start(false);
        } else if (staplerRequest.hasParameter("schedule")) {
            this.scanOnBoot.on();
        } else {
            if (!staplerRequest.hasParameter("dismiss")) {
                throw HttpResponses.error(400, "Invalid request submission: " + staplerRequest.getParameterMap());
            }
            disable(true);
        }
        return HttpResponses.redirectViaContextPath("/manage");
    }

    private FileBoolean state(String str) {
        return new FileBoolean(new File(getBaseDir(), str));
    }

    @Initializer(fatal = false, after = InitMilestone.PLUGINS_STARTED, before = InitMilestone.EXTENSIONS_AUGMENTED)
    public void scanOnReboot() throws InterruptedException, IOException, GeneralSecurityException {
        FileBoolean fileBoolean = this.scanOnBoot;
        if (fileBoolean.isOn()) {
            fileBoolean.off();
            start(false).join();
        }
    }

    @Override // jenkins.management.AsynchronousAdministrativeMonitor, hudson.model.AdministrativeMonitor, hudson.model.ModelObject
    public String getDisplayName() {
        return Messages.RekeySecretAdminMonitor_DisplayName();
    }

    @Override // jenkins.management.AsynchronousAdministrativeMonitor
    protected File getLogFile() {
        return new File(getBaseDir(), "rekey.log");
    }

    @Override // jenkins.management.AsynchronousAdministrativeMonitor
    protected void fix(TaskListener taskListener) throws Exception {
        LOGGER.info("Initiating a re-keying of secrets. See " + getLogFile());
        SecretRewriter secretRewriter = new SecretRewriter();
        try {
            PrintStream logger = taskListener.getLogger();
            logger.println("Started re-keying " + new Date());
            logger.printf("Completed re-keying %d files on %s%n", Integer.valueOf(secretRewriter.rewriteRecursive(Jenkins.get().getRootDir(), taskListener)), new Date());
            new RekeySecretAdminMonitor().done.on();
            LOGGER.info("Secret re-keying completed");
        } catch (Exception e) {
            LOGGER.log(Level.SEVERE, "Fatal failure in re-keying secrets", (Throwable) e);
            Functions.printStackTrace(e, taskListener.error("Fatal failure in rewriting secrets"));
        }
    }
}
