package com.qualys.plugins.containerSecurity.util;

import com.qualys.plugins.containerSecurity.httpClient.LocalDirectorySSLConfig;
import com.sun.jna.platform.win32.COM.tlb.imp.TlbConst;
import com.sun.jna.platform.win32.Ddeml;
import hudson.AbortException;
import java.io.BufferedReader;
import java.io.File;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.PrintStream;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.util.Iterator;
import java.util.Map;
import java.util.logging.Logger;
import javax.net.ssl.SSLContext;
import org.apache.commons.lang.StringUtils;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.BasicHttpClientConnectionManager;
import org.apache.http.protocol.BasicHttpContext;
import org.apache.http.protocol.HttpContext;
import org.apache.http.util.EntityUtils;
import org.scalasbt.ipcsocket.UnixDomainSocket;
import qshaded.com.google.gson.Gson;
import qshaded.com.google.gson.JsonElement;
import qshaded.com.google.gson.JsonObject;
import qshaded.com.google.gson.JsonParser;

/* loaded from: input_file:WEB-INF/lib/qualys-cs_1.6.2.6.jar:com/qualys/plugins/containerSecurity/util/DockerClientHelper.class */
public class DockerClientHelper {
    private static final Logger logger = Logger.getLogger(Helper.class.getName());
    private PrintStream buildLogger;
    private CloseableHttpClient httpClient = null;
    private String dockerURL;
    private String dockerCert;

    public DockerClientHelper() {
    }

    public DockerClientHelper(PrintStream printStream, String str, String str2) {
        this.buildLogger = printStream;
        this.dockerURL = str;
        this.dockerCert = str2;
    }

    private static String get(String str) {
        return "GET " + str + " HTTP/1.1\r\nHost: qualys\r\nUser-Agent: java-unix-socket-client/1.0\r\nAccept: application/json\r\n\r\n";
    }

    private static String post(String str) {
        return "POST " + str + " HTTP/1.1\r\nHost: qualys\r\nUser-Agent: java-unix-socket-client/1.0\r\nAccept: application/json\r\n\r\n";
    }

    /* JADX WARN: Finally extract failed */
    public JsonObject executeSocketRequest(String str, String str2) throws AbortException, IOException {
        String readLine;
        JsonObject jsonObject = new JsonObject();
        String str3 = null;
        String str4 = TlbConst.TYPELIB_MINOR_VERSION_SHELL;
        String replace = this.dockerURL.replace("unix://", "");
        if (!new File(replace).exists()) {
            this.buildLogger.println("Socket file does not exist: " + replace);
            throw new AbortException("Socket file does not exist: " + replace);
        }
        UnixDomainSocket unixDomainSocket = new UnixDomainSocket(replace);
        try {
            OutputStream outputStream = unixDomainSocket.getOutputStream();
            Throwable th = null;
            try {
                if (str.toLowerCase().equals("get")) {
                    outputStream.write(get(str2).getBytes(StandardCharsets.UTF_8));
                }
                if (str.toLowerCase().equals("post")) {
                    outputStream.write(post(str2).getBytes(StandardCharsets.UTF_8));
                }
                if (outputStream != null) {
                    if (0 != 0) {
                        try {
                            outputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        outputStream.close();
                    }
                }
                try {
                    BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(unixDomainSocket.getInputStream()));
                    Throwable th3 = null;
                    while (true) {
                        try {
                            try {
                                readLine = bufferedReader.readLine();
                                if (readLine == null) {
                                    break;
                                }
                                if (!readLine.toLowerCase().startsWith("content-length:")) {
                                    if (!readLine.startsWith("HTTP/1.1 ")) {
                                        if (readLine.toLowerCase().startsWith("{") || readLine.toLowerCase().startsWith("[")) {
                                            break;
                                        }
                                    } else {
                                        str4 = readLine.split(" ")[1];
                                    }
                                } else {
                                    if (Long.parseLong(readLine.substring("content-length:".length()).trim()) == 0) {
                                        break;
                                    }
                                }
                            } finally {
                            }
                        } finally {
                        }
                    }
                    str3 = readLine;
                    if (bufferedReader != null) {
                        if (0 != 0) {
                            try {
                                bufferedReader.close();
                            } catch (Throwable th4) {
                                th3.addSuppressed(th4);
                            }
                        } else {
                            bufferedReader.close();
                        }
                    }
                    unixDomainSocket.close();
                    jsonObject.addProperty("responseCode", str4);
                    if (str3 != null) {
                        JsonElement parseString = JsonParser.parseString(str3);
                        if (parseString.isJsonObject()) {
                            jsonObject.add("data", parseString.getAsJsonObject());
                        } else if (parseString.isJsonArray()) {
                            jsonObject.add("data", parseString.getAsJsonArray());
                        }
                    } else {
                        jsonObject.addProperty("data", "");
                    }
                    return jsonObject;
                } catch (Exception e) {
                    unixDomainSocket.close();
                    for (StackTraceElement stackTraceElement : e.getStackTrace()) {
                        logger.info("\t Exception occurred at " + stackTraceElement);
                    }
                    this.buildLogger.println("Error reading response from socket: " + e.getMessage());
                    throw new AbortException("Error reading response from socket: " + e.getMessage());
                }
            } catch (Throwable th5) {
                if (outputStream != null) {
                    if (0 != 0) {
                        try {
                            outputStream.close();
                        } catch (Throwable th6) {
                            th.addSuppressed(th6);
                        }
                    } else {
                        outputStream.close();
                    }
                }
                throw th5;
            }
        } catch (Exception e2) {
            unixDomainSocket.close();
            for (StackTraceElement stackTraceElement2 : e2.getStackTrace()) {
                logger.info("\tat " + stackTraceElement2);
            }
            this.buildLogger.println("API call failed using socket: " + e2.getMessage());
            throw new AbortException("API call failed using socket: " + e2.getMessage());
        }
    }

    public JsonObject executeHttpRequest(String str, String str2) throws AbortException {
        JsonObject jsonObject = new JsonObject();
        Registry registry = null;
        HttpUriRequest httpUriRequest = null;
        if (StringUtils.isEmpty(this.dockerCert)) {
            this.httpClient = HttpClients.custom().build();
        } else {
            str2 = str2.replace("http://", "https://");
            RegistryBuilder create = RegistryBuilder.create();
            LocalDirectorySSLConfig localDirectorySSLConfig = new LocalDirectorySSLConfig(checkDockerCertPath(this.dockerCert));
            if (localDirectorySSLConfig != null) {
                try {
                    SSLContext sSLContext = localDirectorySSLConfig.getSSLContext();
                    if (sSLContext == null) {
                        throw new AbortException("Unable to find SSL Context");
                    }
                    registry = create.register("https", new SSLConnectionSocketFactory(sSLContext)).build();
                } catch (Exception e) {
                    throw new RuntimeException(e);
                }
            }
            this.httpClient = HttpClients.custom().setConnectionManager(new BasicHttpClientConnectionManager(registry)).build();
        }
        try {
            BasicHttpContext basicHttpContext = new BasicHttpContext();
            if (str.toLowerCase().equals("get")) {
                httpUriRequest = new HttpGet(URI.create(str2));
            }
            if (str.toLowerCase().equals("post")) {
                httpUriRequest = new HttpPost(URI.create(str2));
            }
            CloseableHttpResponse execute = this.httpClient.execute(httpUriRequest, (HttpContext) basicHttpContext);
            String entityUtils = EntityUtils.toString(execute.getEntity());
            jsonObject.addProperty("responseCode", Integer.valueOf(execute.getStatusLine().getStatusCode()));
            if (entityUtils != null) {
                JsonElement parseString = JsonParser.parseString(entityUtils);
                if (parseString.isJsonObject()) {
                    jsonObject.add("data", parseString.getAsJsonObject());
                } else if (parseString.isJsonArray()) {
                    jsonObject.add("data", parseString.getAsJsonArray());
                }
            } else {
                jsonObject.addProperty("data", "");
            }
            return jsonObject;
        } catch (Exception e2) {
            if (e2.getMessage() == null) {
                logger.info("Unable to execute http request, Please check Qualys credentials or docker configuration");
                throw new AbortException("Unable to execute http request, Please check Qualys credentials or docker configuration");
            }
            logger.info("Unable to execute http request, Msg: " + e2.getMessage());
            throw new AbortException("Unable to execute http request, Msg: " + e2.getMessage());
        }
    }

    public boolean tagImage(String str, String str2) throws AbortException, IOException {
        String str3 = "/images/" + str + "/tag?repo=qualys_scan_target&tag=" + str2;
        try {
            JsonObject executeSocketRequest = isUnixHostScheme() ? executeSocketRequest(HttpPost.METHOD_NAME, str3) : executeHttpRequest(HttpPost.METHOD_NAME, this.dockerURL.replace("tcp://", "http://") + str3);
            if (!executeSocketRequest.has("responseCode") || !executeSocketRequest.get("responseCode").getAsString().equals("201")) {
                throw new AbortException("API response code is not 201, Response Code: " + executeSocketRequest.get("responseCode").getAsString());
            }
            this.buildLogger.println("Tagged image(" + str + ") successfully");
            return true;
        } catch (Exception e) {
            for (StackTraceElement stackTraceElement : e.getStackTrace()) {
                logger.info("\tat " + stackTraceElement);
            }
            this.buildLogger.println("Failed to tag the image " + str + " with qualys_scan_target.. Reason : " + e.getMessage());
            throw new AbortException("Failed to tag the image " + str + " with qualys_scan_target.. Reason : " + e.getMessage());
        }
    }

    public String fetchImageSha(String str, String str2) throws AbortException {
        JsonObject executeHttpRequest;
        try {
            String str3 = "/images/" + str + "/json";
            if (isUnixHostScheme()) {
                executeHttpRequest = executeSocketRequest(HttpGet.METHOD_NAME, str3);
            } else {
                executeHttpRequest = executeHttpRequest(HttpGet.METHOD_NAME, this.dockerURL.replace("tcp://", "http://") + str3);
            }
            if (!executeHttpRequest.has("responseCode") || !executeHttpRequest.get("responseCode").getAsString().equals("200")) {
                throw new AbortException(executeHttpRequest.get("data").getAsString());
            }
            String str4 = JsonParser.parseString(executeHttpRequest.get("data").toString()).getAsJsonObject().get("Id").getAsString().split(":")[1];
            this.buildLogger.println("### Image sha for " + str + " is = " + str4);
            return str4;
        } catch (Exception e) {
            String str5 = "Failed to extract image sha associated with " + str + " ; Reason : " + e.getMessage();
            logger.info(str5);
            throw new AbortException(str5);
        }
    }

    public boolean isCICDSensorUp() throws IOException, AbortException {
        JsonObject executeHttpRequest;
        if (isUnixHostScheme()) {
            executeHttpRequest = executeSocketRequest(HttpGet.METHOD_NAME, "/containers/json");
        } else {
            executeHttpRequest = executeHttpRequest(HttpGet.METHOD_NAME, this.dockerURL.replace("tcp://", "http://") + "/containers/json");
        }
        if (!executeHttpRequest.get("responseCode").getAsString().equals("200")) {
            return false;
        }
        Iterator<JsonElement> it = JsonParser.parseString(executeHttpRequest.get("data").toString()).getAsJsonArray().iterator();
        while (it.hasNext()) {
            JsonObject asJsonObject = it.next().getAsJsonObject();
            Map map = (Map) new Gson().fromJson(asJsonObject.get("Labels").toString(), Map.class);
            if (map.containsKey("VersionInfo") && ((String) map.get("VersionInfo")).contains("Qualys Sensor") && asJsonObject.has("Id") && asJsonObject.get("Id").getAsString() != null && !asJsonObject.get("Id").getAsString().isEmpty()) {
                String containerState = getContainerState(asJsonObject.get("Id").getAsString());
                if (containerState != null && !containerState.isEmpty() && containerState.equals("paused")) {
                    this.buildLogger.println("Sensor Container State - paused ");
                    throw new AbortException("Qualys CS sensor container is in paused state. Sensor won't be able to scan the image. Please check the sensor container.");
                }
                if (asJsonObject.has("Command") && asJsonObject.get("Command").getAsString() != null && !asJsonObject.get("Command").getAsString().isEmpty() && asJsonObject.get("Command").getAsString().contains("cicd-deployed-sensor")) {
                    return true;
                }
            }
        }
        throw new AbortException("Qualys CS sensor container is not running... Please check if sensor is configured correctly.");
    }

    private String getContainerState(String str) throws IOException, AbortException {
        String str2 = null;
        JsonObject executeSocketRequest = isUnixHostScheme() ? executeSocketRequest(HttpGet.METHOD_NAME, "/containers/" + str + "/json") : executeHttpRequest(HttpGet.METHOD_NAME, this.dockerURL.replace("tcp://", "http://") + "/containers/" + str + "/json");
        if (executeSocketRequest.get("responseCode").getAsString().equals("200")) {
            JsonObject asJsonObject = JsonParser.parseString(executeSocketRequest.get("data").toString()).getAsJsonObject().get("State").getAsJsonObject();
            str2 = asJsonObject.has(Ddeml.SZDDESYS_ITEM_STATUS) ? asJsonObject.get(Ddeml.SZDDESYS_ITEM_STATUS).getAsString() : "";
        }
        return str2;
    }

    private boolean isUnixHostScheme() {
        return this.dockerURL.startsWith("unix://");
    }

    private String checkDockerCertPath(String str) throws AbortException {
        File file = new File(str);
        if (!file.exists()) {
            this.buildLogger.println("Docker Cert File Path does not exist");
            throw new AbortException("Docker Cert File Path " + str + "' doesn't exist.");
        }
        if (file.isDirectory()) {
            return str;
        }
        throw new AbortException("Docker Cert File Path " + str + "' doesn't point to a directory.");
    }
}
