package io.jenkins.plugins.codebuildcloud;

import com.github.benmanes.caffeine.cache.Cache;
import com.github.benmanes.caffeine.cache.Caffeine;
import hudson.Extension;
import hudson.model.Computer;
import hudson.slaves.SlaveComputer;
import inet.ipaddr.IPAddressString;
import java.io.IOException;
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.time.Duration;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import java.util.logging.Logger;
import jenkins.model.Jenkins;
import jenkins.slaves.DefaultJnlpSlaveReceiver;
import net.sf.json.JSONArray;
import net.sf.json.JSONObject;
import org.jenkinsci.remoting.engine.JnlpConnectionState;
import org.jenkinsci.remoting.protocol.impl.ConnectionRefusalException;

@Extension(ordinal = 10.0d)
/* loaded from: input_file:io/jenkins/plugins/codebuildcloud/CodeBuildJnlpAgentReceiver.class */
public class CodeBuildJnlpAgentReceiver extends DefaultJnlpSlaveReceiver {
    private static final Logger LOGGER;
    private static transient List<IPAddressString> allowedIPs;
    private static transient int DEFAULT_CACHE_TIME_FOR_AWS_IPS;
    private static transient Cache<String, String> myIPCache;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: private */
    public static String getAmazonIPInfo() {
        LOGGER.finest("getAmazonIPInfo BEGIN");
        try {
            HttpResponse send = HttpClient.newBuilder().version(HttpClient.Version.HTTP_1_1).followRedirects(HttpClient.Redirect.NORMAL).connectTimeout(Duration.ofSeconds(10L)).build().send(HttpRequest.newBuilder().uri(URI.create("https://ip-ranges.amazonaws.com/ip-ranges.json")).build(), HttpResponse.BodyHandlers.ofString());
            if (!$assertionsDisabled && send.statusCode() != 200) {
                throw new AssertionError();
            }
            LOGGER.finest("getAmazonIPInfo END");
            return (String) send.body();
        } catch (IOException | InterruptedException e) {
            LOGGER.finest("getAmazonIPInfo END FAIL");
            return null;
        }
    }

    private static void parseAmazonResponse(Map<String, List<String>> map, String str, JSONArray jSONArray) {
        Iterator it = jSONArray.iterator();
        while (it.hasNext()) {
            JSONObject fromObject = JSONObject.fromObject(it.next());
            String obj = fromObject.get(str).toString();
            String obj2 = fromObject.get("service").toString();
            if (obj2.equals("AMAZON") || obj2.equals("CODEBUILD")) {
                map.get("CODEBUILD").add(obj);
            } else if (obj2.equals("EC2")) {
                map.get("EC2").add(obj);
            }
        }
    }

    private static synchronized void refreshCache() {
        String str = (String) myIPCache.get("AWSIPS", str2 -> {
            return getAmazonIPInfo();
        });
        allowedIPs = new ArrayList();
        if (str == null) {
            return;
        }
        HashMap hashMap = new HashMap();
        hashMap.put("EC2", new ArrayList());
        hashMap.put("CODEBUILD", new ArrayList());
        JSONObject fromObject = JSONObject.fromObject(str);
        parseAmazonResponse(hashMap, "ip_prefix", fromObject.getJSONArray("prefixes"));
        parseAmazonResponse(hashMap, "ipv6_prefix", fromObject.getJSONArray("ipv6_prefixes"));
        ArrayList arrayList = new ArrayList();
        for (String str3 : (List) hashMap.get("CODEBUILD")) {
            if (!((List) hashMap.get("EC2")).contains(str3)) {
                arrayList.add(new IPAddressString(str3));
            }
        }
        LOGGER.info("Allowed AWS CodeBuild IPs Length refresh: " + arrayList.size());
        allowedIPs = arrayList;
    }

    public boolean owns(String str) {
        Computer computer = Jenkins.get().getComputer(str);
        return computer != null && (computer instanceof CodeBuildComputer);
    }

    public void afterProperties(JnlpConnectionState jnlpConnectionState) {
        SlaveComputer computer = Jenkins.get().getComputer(jnlpConnectionState.getProperty("Node-Name"));
        if (computer == null) {
            super.afterProperties(jnlpConnectionState);
            return;
        }
        CodeBuildLauncher launcher = computer.getLauncher();
        if (!(launcher instanceof CodeBuildLauncher)) {
            super.afterProperties(jnlpConnectionState);
            return;
        }
        if (!launcher.cloud.getVerifyIsCodeBuildIPOnJNLP().booleanValue()) {
            super.afterProperties(jnlpConnectionState);
            return;
        }
        refreshCache();
        IPAddressString iPAddressString = new IPAddressString(jnlpConnectionState.getSocket().getInetAddress().getHostAddress());
        boolean z = false;
        Iterator<IPAddressString> it = allowedIPs.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            } else if (it.next().contains(iPAddressString)) {
                z = true;
                break;
            }
        }
        LOGGER.finest("Is Valid IP: " + z);
        if (z) {
            super.afterProperties(jnlpConnectionState);
        } else {
            jnlpConnectionState.reject(new ConnectionRefusalException("Invalid Source IP, was not from AWS CodeBuild"));
        }
    }

    public void channelClosed(JnlpConnectionState jnlpConnectionState) {
    }

    static {
        $assertionsDisabled = !CodeBuildJnlpAgentReceiver.class.desiredAssertionStatus();
        LOGGER = Logger.getLogger(CodeBuildComputer.class.getName());
        allowedIPs = new ArrayList();
        DEFAULT_CACHE_TIME_FOR_AWS_IPS = 24;
        myIPCache = Caffeine.newBuilder().expireAfterWrite(DEFAULT_CACHE_TIME_FOR_AWS_IPS, TimeUnit.HOURS).build();
    }
}
