package org.jenkinsci.remoting.engine;

import hudson.remoting.Base64;
import java.io.IOException;
import java.net.ConnectException;
import java.net.HttpURLConnection;
import java.net.InetSocketAddress;
import java.net.MalformedURLException;
import java.net.NoRouteToHostException;
import java.net.Proxy;
import java.net.ProxySelector;
import java.net.SocketAddress;
import java.net.SocketTimeoutException;
import java.net.URI;
import java.net.URL;
import java.net.URLConnection;
import java.security.KeyFactory;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.StringJoiner;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Pattern;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import jenkins.model.ProjectNamingStrategy;
import org.apache.tools.ant.util.ProxySetup;
import org.fusesource.jansi.AnsiRenderer;
import org.jenkinsci.remoting.util.ThrowableUtils;
import org.jenkinsci.remoting.util.https.NoCheckHostnameVerifier;
import org.jenkinsci.remoting.util.https.NoCheckTrustManager;
import org.springframework.aop.framework.autoproxy.target.QuickTargetSourceCreator;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/jenkins-cli.jar:org/jenkinsci/remoting/engine/JnlpAgentEndpointResolver.class
 */
/* loaded from: input_file:WEB-INF/lib/remoting-3.19.jar:org/jenkinsci/remoting/engine/JnlpAgentEndpointResolver.class */
public class JnlpAgentEndpointResolver {

    @Nonnull
    private final List<String> jenkinsUrls;
    private SSLSocketFactory sslSocketFactory;
    private String credentials;
    private String proxyCredentials;
    private String tunnel;
    private boolean disableHttpsCertValidation;
    private static final Logger LOGGER = Logger.getLogger(JnlpAgentEndpointResolver.class.getName());
    private static String PROTOCOL_NAMES_TO_TRY = System.getProperty(JnlpAgentEndpointResolver.class.getName() + ".protocolNamesToTry");

    public JnlpAgentEndpointResolver(String... strArr) {
        this.jenkinsUrls = new ArrayList(Arrays.asList(strArr));
    }

    public JnlpAgentEndpointResolver(@Nonnull List<String> list) {
        this.jenkinsUrls = new ArrayList(list);
    }

    public SSLSocketFactory getSslSocketFactory() {
        return this.sslSocketFactory;
    }

    public void setSslSocketFactory(SSLSocketFactory sSLSocketFactory) {
        this.sslSocketFactory = sSLSocketFactory;
    }

    public String getCredentials() {
        return this.credentials;
    }

    public void setCredentials(String str) {
        this.credentials = str;
    }

    public void setCredentials(String str, String str2) {
        this.credentials = str + QuickTargetSourceCreator.PREFIX_COMMONS_POOL + str2;
    }

    public String getProxyCredentials() {
        return this.proxyCredentials;
    }

    public void setProxyCredentials(String str) {
        this.proxyCredentials = str;
    }

    public void setProxyCredentials(String str, String str2) {
        this.proxyCredentials = str + QuickTargetSourceCreator.PREFIX_COMMONS_POOL + str2;
    }

    public String getTunnel() {
        return this.tunnel;
    }

    public void setTunnel(String str) {
        this.tunnel = str;
    }

    public boolean isDisableHttpsCertValidation() {
        return this.disableHttpsCertValidation;
    }

    public void setDisableHttpsCertValidation(boolean z) {
        this.disableHttpsCertValidation = z;
    }

    @CheckForNull
    public JnlpAgentEndpoint resolve() throws IOException {
        IOException iOException = null;
        for (final String str : this.jenkinsUrls) {
            if (str != null) {
                try {
                    URL url = new URL(str);
                    URL agentListenerURL = toAgentListenerURL(str);
                    HttpURLConnection httpURLConnection = (HttpURLConnection) openURLConnection(agentListenerURL, this.credentials, this.proxyCredentials, this.sslSocketFactory, this.disableHttpsCertValidation);
                    try {
                        try {
                            httpURLConnection.setConnectTimeout(30000);
                            httpURLConnection.setReadTimeout(60000);
                            httpURLConnection.connect();
                            if (httpURLConnection.getResponseCode() != 200) {
                                iOException = (IOException) ThrowableUtils.chain(iOException, new IOException(agentListenerURL + " is invalid: " + httpURLConnection.getResponseCode() + AnsiRenderer.CODE_TEXT_SEPARATOR + httpURLConnection.getResponseMessage()));
                                httpURLConnection.disconnect();
                            } else {
                                HashSet hashSet = null;
                                String first = first(header(httpURLConnection, "X-Jenkins-JNLP-Port", "X-Hudson-JNLP-Port"));
                                String defaultString = defaultString(first(header(httpURLConnection, "X-Jenkins-JNLP-Host")), agentListenerURL.getHost());
                                List<String> header = header(httpURLConnection, "X-Jenkins-Agent-Protocols");
                                if (header != null) {
                                    hashSet = new HashSet();
                                    Iterator<String> it = header.iterator();
                                    while (it.hasNext()) {
                                        for (String str2 : it.next().split(",")) {
                                            String trim = str2.trim();
                                            if (!trim.isEmpty()) {
                                                hashSet.add(trim);
                                            }
                                        }
                                    }
                                    if (hashSet.isEmpty()) {
                                        LOGGER.log(Level.WARNING, "Received the empty list of supported protocols from the server. All protocols are disabled on the master side OR the 'X-Jenkins-Agent-Protocols' header is corrupted (JENKINS-41730). In the case of the header corruption as a workaround you can use the 'org.jenkinsci.remoting.engine.JnlpAgentEndpointResolver.protocolNamesToTry' system property to define the supported protocols.");
                                    } else {
                                        LOGGER.log(Level.INFO, "Remoting server accepts the following protocols: {0}", hashSet);
                                    }
                                }
                                if (PROTOCOL_NAMES_TO_TRY != null) {
                                    hashSet = new HashSet();
                                    LOGGER.log(Level.INFO, "Ignoring the list of supported remoting protocols provided by the server, because the 'org.jenkinsci.remoting.engine.JnlpAgentEndpointResolver.protocolNamesToTry' property is defined. Will try {0}", PROTOCOL_NAMES_TO_TRY);
                                    for (String str3 : PROTOCOL_NAMES_TO_TRY.split(",")) {
                                        String trim2 = str3.trim();
                                        if (!trim2.isEmpty()) {
                                            hashSet.add(trim2);
                                        }
                                    }
                                }
                                String first2 = first(header(httpURLConnection, "X-Instance-Identity"));
                                RSAPublicKey rSAPublicKey = null;
                                if (first2 != null) {
                                    try {
                                        byte[] decode = Base64.decode(first2);
                                        if (decode == null) {
                                            iOException = (IOException) ThrowableUtils.chain(iOException, new IOException(agentListenerURL + " appears to be publishing an invalid X-Instance-Identity."));
                                            httpURLConnection.disconnect();
                                        } else {
                                            rSAPublicKey = (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(decode));
                                        }
                                    } catch (NoSuchAlgorithmException e) {
                                        throw new IllegalStateException("The Java Language Specification mandates RSA as a supported algorithm", e);
                                    } catch (InvalidKeySpecException e2) {
                                        iOException = (IOException) ThrowableUtils.chain(iOException, new IOException(agentListenerURL + " appears to be publishing an invalid X-Instance-Identity."));
                                        httpURLConnection.disconnect();
                                    }
                                }
                                if (first == null) {
                                    iOException = (IOException) ThrowableUtils.chain(iOException, new IOException(str + " is not Jenkins"));
                                    httpURLConnection.disconnect();
                                } else {
                                    try {
                                        int parseInt = Integer.parseInt(first);
                                        if (parseInt > 0 && 65536 > parseInt) {
                                            Collections.sort(this.jenkinsUrls, new Comparator<String>() { // from class: org.jenkinsci.remoting.engine.JnlpAgentEndpointResolver.1
                                                @Override // java.util.Comparator
                                                public int compare(String str4, String str5) {
                                                    if (str.equals(str4)) {
                                                        return -1;
                                                    }
                                                    return str.equals(str5) ? 1 : 0;
                                                }
                                            });
                                            if (this.tunnel != null) {
                                                String[] split = this.tunnel.split(QuickTargetSourceCreator.PREFIX_COMMONS_POOL, 3);
                                                if (split.length != 2) {
                                                    throw new IOException("Illegal tunneling parameter: " + this.tunnel);
                                                }
                                                if (split[0].length() > 0) {
                                                    defaultString = split[0];
                                                }
                                                if (split[1].length() > 0) {
                                                    parseInt = Integer.parseInt(split[1]);
                                                }
                                            }
                                            JnlpAgentEndpoint jnlpAgentEndpoint = new JnlpAgentEndpoint(defaultString, parseInt, rSAPublicKey, hashSet, url);
                                            httpURLConnection.disconnect();
                                            return jnlpAgentEndpoint;
                                        }
                                        iOException = (IOException) ThrowableUtils.chain(iOException, new IOException(str + " is publishing an invalid port"));
                                        httpURLConnection.disconnect();
                                    } catch (NumberFormatException e3) {
                                        iOException = (IOException) ThrowableUtils.chain(iOException, new IOException(str + " is publishing an invalid port", e3));
                                        httpURLConnection.disconnect();
                                    }
                                }
                            }
                        } catch (IOException e4) {
                            iOException = (IOException) ThrowableUtils.chain(iOException, new IOException("Failed to connect to " + agentListenerURL + ": " + e4.getMessage(), e4));
                            httpURLConnection.disconnect();
                        }
                    } catch (Throwable th) {
                        httpURLConnection.disconnect();
                        throw th;
                    }
                } catch (MalformedURLException e5) {
                    LOGGER.log(Level.WARNING, String.format("Cannot parse agent endpoint URL %s. Skipping it", str), (Throwable) e5);
                }
            }
        }
        if (iOException != null) {
            throw iOException;
        }
        return null;
    }

    @Nonnull
    private URL toAgentListenerURL(@Nonnull String str) throws MalformedURLException {
        return str.endsWith("/") ? new URL(str + "tcpSlaveAgentListener/") : new URL(str + "/tcpSlaveAgentListener/");
    }

    public void waitForReady() throws InterruptedException {
        String first;
        Thread currentThread = Thread.currentThread();
        String name = currentThread.getName();
        int i = 0;
        while (true) {
            try {
                Thread.sleep(10000L);
                try {
                    try {
                        first = first(this.jenkinsUrls);
                    } catch (ConnectException | NoRouteToHostException | SocketTimeoutException e) {
                        LOGGER.log(Level.INFO, "Failed to connect to the master. Will try again: {0} {1}", (Object[]) new String[]{e.getClass().getName(), e.getMessage()});
                    }
                } catch (IOException e2) {
                    LOGGER.log(Level.INFO, "Failed to connect to the master. Will try again", (Throwable) e2);
                }
                if (first == null) {
                    return;
                }
                URL agentListenerURL = toAgentListenerURL(first);
                i++;
                currentThread.setName(name + ": trying " + agentListenerURL + " for " + i + " times");
                HttpURLConnection httpURLConnection = (HttpURLConnection) openURLConnection(agentListenerURL, this.credentials, this.proxyCredentials, this.sslSocketFactory, this.disableHttpsCertValidation);
                httpURLConnection.setConnectTimeout(5000);
                httpURLConnection.setReadTimeout(5000);
                httpURLConnection.connect();
                if (httpURLConnection.getResponseCode() == 200) {
                    currentThread.setName(name);
                    return;
                }
                LOGGER.log(Level.INFO, "Master isn''t ready to talk to us on {0}. Will try again: response code={1}", new Object[]{agentListenerURL, Integer.valueOf(httpURLConnection.getResponseCode())});
            } finally {
                currentThread.setName(name);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @CheckForNull
    public static InetSocketAddress getResolvedHttpProxyAddress(@Nonnull String str, int i) throws IOException {
        String str2;
        String property;
        InetSocketAddress inetSocketAddress = null;
        Iterator<Proxy> it = ProxySelector.getDefault().select(URI.create(String.format("http://%s:%d", str, Integer.valueOf(i)))).iterator();
        while (true) {
            if (inetSocketAddress != null || !it.hasNext()) {
                break;
            }
            Proxy next = it.next();
            if (next.type() == Proxy.Type.DIRECT && (property = System.getProperty(ProxySetup.HTTP_NON_PROXY_HOSTS)) != null && property.length() != 0) {
                StringJoiner stringJoiner = new StringJoiner("|");
                for (String str3 : property.toLowerCase(Locale.ENGLISH).split("\\|")) {
                    if (!str3.isEmpty()) {
                        if (str3.startsWith("*")) {
                            stringJoiner.add(ProjectNamingStrategy.PatternProjectNamingStrategy.DescriptorImpl.DEFAULT_PATTERN + Pattern.quote(str3.substring(1)));
                        } else if (str3.endsWith("*")) {
                            stringJoiner.add(Pattern.quote(str3.substring(0, str3.length() - 1)) + ProjectNamingStrategy.PatternProjectNamingStrategy.DescriptorImpl.DEFAULT_PATTERN);
                        } else {
                            stringJoiner.add(Pattern.quote(str3));
                        }
                        if (str3.split("\\*").length > 2) {
                            LOGGER.log(Level.WARNING, "Using more than one wildcard is not supported in nonProxyHosts entries: {0}", str3);
                        }
                    }
                }
                if (Pattern.compile(stringJoiner.toString()).matcher(str.toLowerCase(Locale.ENGLISH)).matches()) {
                    return null;
                }
            } else if (next.type() == Proxy.Type.HTTP) {
                SocketAddress address = next.address();
                if (address instanceof InetSocketAddress) {
                    InetSocketAddress inetSocketAddress2 = (InetSocketAddress) address;
                    if (inetSocketAddress2.isUnresolved()) {
                        inetSocketAddress2 = new InetSocketAddress(inetSocketAddress2.getHostName(), inetSocketAddress2.getPort());
                    }
                    inetSocketAddress = inetSocketAddress2;
                } else {
                    LOGGER.log(Level.WARNING, "Unsupported proxy address type {0}", address != null ? address.getClass() : "null");
                }
            }
        }
        if (inetSocketAddress == null && (str2 = System.getenv("http_proxy")) != null && !inNoProxyEnvVar(str)) {
            try {
                URL url = new URL(str2);
                inetSocketAddress = new InetSocketAddress(url.getHost(), url.getPort());
            } catch (MalformedURLException e) {
                LOGGER.log(Level.WARNING, "Not using http_proxy environment variable which is invalid.", (Throwable) e);
            }
        }
        return inetSocketAddress;
    }

    static URLConnection openURLConnection(URL url, String str, String str2, SSLSocketFactory sSLSocketFactory, boolean z) throws IOException {
        URLConnection openConnection;
        String str3 = null;
        if (System.getProperty(ProxySetup.HTTP_PROXY_HOST) == null) {
            str3 = System.getenv("http_proxy");
        }
        if (str3 == null || !"http".equals(url.getProtocol()) || inNoProxyEnvVar(url.getHost())) {
            openConnection = url.openConnection();
        } else {
            try {
                URL url2 = new URL(str3);
                openConnection = url.openConnection(new Proxy(Proxy.Type.HTTP, new InetSocketAddress(url2.getHost(), url2.getPort())));
            } catch (MalformedURLException e) {
                LOGGER.log(Level.WARNING, "Not using http_proxy environment variable which is invalid.", (Throwable) e);
                openConnection = url.openConnection();
            }
        }
        if (str != null) {
            openConnection.setRequestProperty("Authorization", "Basic " + Base64.encode(str.getBytes("UTF-8")));
        }
        if (str2 != null) {
            openConnection.setRequestProperty("Proxy-Authorization", "Basic " + Base64.encode(str2.getBytes("UTF-8")));
        }
        if (openConnection instanceof HttpsURLConnection) {
            HttpsURLConnection httpsURLConnection = (HttpsURLConnection) openConnection;
            if (z) {
                LOGGER.log(Level.WARNING, "HTTPs certificate check is disabled for the endpoint.");
                try {
                    SSLContext sSLContext = SSLContext.getInstance("TLS");
                    sSLContext.init(null, new TrustManager[]{new NoCheckTrustManager()}, new SecureRandom());
                    SSLSocketFactory socketFactory = sSLContext.getSocketFactory();
                    httpsURLConnection.setHostnameVerifier(new NoCheckHostnameVerifier());
                    httpsURLConnection.setSSLSocketFactory(socketFactory);
                } catch (KeyManagementException | NoSuchAlgorithmException e2) {
                    throw new IOException("Cannot initialize the insecure HTTPs mode", e2);
                }
            } else if (sSLSocketFactory != null) {
                httpsURLConnection.setSSLSocketFactory(sSLSocketFactory);
                httpsURLConnection.setHostnameVerifier(new NoCheckHostnameVerifier());
            }
        }
        return openConnection;
    }

    static boolean inNoProxyEnvVar(String str) {
        String str2 = System.getenv("no_proxy");
        if (str2 == null) {
            return false;
        }
        String replaceAll = str2.trim().replaceAll("\\s+", "").replaceAll("((?<=^|,)\\.)*(([a-z0-9]+(-[a-z0-9]+)*\\.)+[a-z]{2,})(?=($|,))", "$2");
        if (replaceAll.isEmpty()) {
            return false;
        }
        if (str.matches("^(?:[0-9]{1,3}\\.){3}[0-9]{1,3}$") || str.matches("^(?:[a-fA-F0-9]{1,4}:){7}[a-fA-F0-9]{1,4}$")) {
            return replaceAll.matches(".*(^|,)\\Q" + str + "\\E($|,).*");
        }
        int i = 0;
        while (str.matches("^([a-z0-9]+(-[a-z0-9]+)*\\.)+[a-z]{2,}$") && i < 128) {
            i++;
            if (replaceAll.matches(".*(^|,)\\Q" + str + "\\E($|,).*")) {
                return true;
            }
            str = str.replaceFirst("^[a-z0-9]+(-[a-z0-9]+)*\\.", "");
        }
        return false;
    }

    @CheckForNull
    private static List<String> header(@Nonnull HttpURLConnection httpURLConnection, String... strArr) {
        Map<String, List<String>> headerFields = httpURLConnection.getHeaderFields();
        for (String str : strArr) {
            for (Map.Entry<String, List<String>> entry : headerFields.entrySet()) {
                String key = entry.getKey();
                if (key != null && key.equalsIgnoreCase(str)) {
                    return entry.getValue();
                }
            }
        }
        return null;
    }

    @CheckForNull
    private static String first(@CheckForNull List<String> list) {
        if (list == null || list.isEmpty()) {
            return null;
        }
        return list.get(0);
    }

    @Nonnull
    private static String defaultString(@CheckForNull String str, @Nonnull String str2) {
        return str == null ? str2 : str;
    }
}
