package io.jenkins.plugins.orka;

import com.cloudbees.plugins.credentials.common.PasswordCredentials;
import com.cloudbees.plugins.credentials.common.StandardUsernameCredentials;
import hudson.Extension;
import hudson.model.TaskListener;
import hudson.util.ListBoxModel;
import hudson.util.Secret;
import io.jenkins.plugins.orka.OrkaVerificationStrategy;
import io.jenkins.plugins.orka.helpers.AESDecryptor;
import io.jenkins.plugins.orka.helpers.CredentialsHelper;
import io.jenkins.plugins.orka.helpers.SSHUtil;
import java.security.SecureRandom;
import java.util.Base64;
import java.util.logging.Level;
import java.util.logging.Logger;
import jenkins.model.Jenkins;
import org.apache.commons.lang.StringUtils;
import org.kohsuke.stapler.DataBoundConstructor;

/* loaded from: input_file:WEB-INF/lib/macstadium-orka.jar:io/jenkins/plugins/orka/AESVerificationStrategy.class */
public class AESVerificationStrategy extends OrkaVerificationStrategy {
    private static final long serialVersionUID = -5429790217208997430L;
    private static final Logger logger = Logger.getLogger(AESVerificationStrategy.class.getName());
    private static String defaultRemotePath = "/tmp";
    private String aesKeyId;
    private String encryptionScript;
    private String remotePath;

    @Extension
    /* loaded from: input_file:WEB-INF/lib/macstadium-orka.jar:io/jenkins/plugins/orka/AESVerificationStrategy$DescriptorImpl.class */
    public static final class DescriptorImpl extends OrkaVerificationStrategy.OrkaVerificationStrategyDescriptor {
        public String getDisplayName() {
            return "AES Verification Strategy";
        }

        public ListBoxModel doFillAesKeyIdItems() {
            Jenkins.get().checkPermission(Jenkins.ADMINISTER);
            return CredentialsHelper.getCredentials(PasswordCredentials.class);
        }

        public String getDefaultRemotePath() {
            return AESVerificationStrategy.defaultRemotePath;
        }
    }

    @DataBoundConstructor
    public AESVerificationStrategy(String str, String str2, String str3) {
        this.aesKeyId = str;
        this.encryptionScript = str2;
        this.remotePath = StringUtils.isNotBlank(str3) ? str3 : defaultRemotePath;
    }

    public String getAesKeyId() {
        return this.aesKeyId;
    }

    public String getEncryptionScript() {
        return this.encryptionScript;
    }

    public String getRemotePath() {
        return this.remotePath;
    }

    @Override // io.jenkins.plugins.orka.OrkaVerificationStrategy
    public boolean verify(String str, int i, StandardUsernameCredentials standardUsernameCredentials, TaskListener taskListener) {
        String str2 = "Host: " + str + ", port: " + i;
        taskListener.getLogger().println("AES verification for host " + str + " on port " + i);
        String generateSafeToken = generateSafeToken();
        logMessage("Random token: " + generateSafeToken, str2, taskListener);
        String str3 = null;
        try {
            str3 = SSHUtil.execute(str, i, standardUsernameCredentials, 300, this.encryptionScript, this.remotePath, generateSafeToken);
            String trim = AESDecryptor.decrypt(str3, Secret.toString(CredentialsHelper.lookupSystemCredentials(this.aesKeyId, PasswordCredentials.class).getPassword())).trim();
            logMessage("Decrypted token: " + trim, str2, taskListener);
            boolean equals = trim.equals(generateSafeToken);
            if (!equals) {
                logMessage("AES Verification failed. Script output: " + str3, str2, taskListener);
            }
            return equals;
        } catch (Exception e) {
            taskListener.getLogger().println("Exception during AES verification: " + e.toString());
            logger.log(Level.WARNING, "Exception during AES verification for " + str2, (Throwable) e);
            logMessage("Script output: " + str3, str2, taskListener);
            return false;
        }
    }

    private String generateSafeToken() {
        byte[] bArr = new byte[128];
        new SecureRandom().nextBytes(bArr);
        return Base64.getUrlEncoder().withoutPadding().encodeToString(bArr);
    }

    private void logMessage(String str, String str2, TaskListener taskListener) {
        taskListener.getLogger().println(str);
        logger.fine(str2 + " " + str);
    }
}
