package hudson.plugins.ec2;

import com.amazonaws.AmazonClientException;
import com.amazonaws.ClientConfiguration;
import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.auth.InstanceProfileCredentialsProvider;
import com.amazonaws.internal.StaticCredentialsProvider;
import com.amazonaws.services.ec2.AmazonEC2;
import com.amazonaws.services.ec2.AmazonEC2Client;
import com.amazonaws.services.ec2.model.CreateKeyPairRequest;
import com.amazonaws.services.ec2.model.DescribeSpotInstanceRequestsRequest;
import com.amazonaws.services.ec2.model.Filter;
import com.amazonaws.services.ec2.model.Instance;
import com.amazonaws.services.ec2.model.InstanceStateName;
import com.amazonaws.services.ec2.model.InstanceType;
import com.amazonaws.services.ec2.model.KeyPair;
import com.amazonaws.services.ec2.model.KeyPairInfo;
import com.amazonaws.services.ec2.model.Reservation;
import com.amazonaws.services.ec2.model.SpotInstanceRequest;
import com.amazonaws.services.ec2.model.Tag;
import com.amazonaws.services.s3.AmazonS3Client;
import com.amazonaws.services.s3.model.GeneratePresignedUrlRequest;
import hudson.ProxyConfiguration;
import hudson.model.Computer;
import hudson.model.Descriptor;
import hudson.model.Hudson;
import hudson.model.Label;
import hudson.model.Node;
import hudson.model.TaskListener;
import hudson.slaves.Cloud;
import hudson.slaves.NodeProvisioner;
import hudson.util.FormValidation;
import hudson.util.HttpResponses;
import hudson.util.Secret;
import hudson.util.StreamTaskListener;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
import java.net.InetSocketAddress;
import java.net.MalformedURLException;
import java.net.Proxy;
import java.net.URL;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.Callable;
import java.util.logging.Level;
import java.util.logging.LogRecord;
import java.util.logging.Logger;
import java.util.logging.SimpleFormatter;
import javax.servlet.ServletException;
import jenkins.model.Jenkins;
import org.apache.commons.lang.StringUtils;
import org.kohsuke.stapler.HttpResponse;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.StaplerResponse;

/* loaded from: input_file:hudson/plugins/ec2/EC2Cloud.class */
public abstract class EC2Cloud extends Cloud {
    public static final String DEFAULT_EC2_HOST = "us-east-1";
    public static final String AWS_URL_HOST = "amazonaws.com";
    public static final String EC2_SLAVE_TYPE_SPOT = "spot";
    public static final String EC2_SLAVE_TYPE_DEMAND = "demand";
    private final boolean useInstanceProfileForCredentials;
    private final String accessId;
    private final Secret secretKey;
    protected final EC2PrivateKey privateKey;
    public final int instanceCap;
    private final List<? extends SlaveTemplate> templates;
    private transient KeyPair usableKeyPair;
    protected transient AmazonEC2 connection;
    private static AWSCredentialsProvider awsCredentialsProvider;
    private static final Logger LOGGER = Logger.getLogger(EC2Cloud.class.getName());
    private static final SimpleFormatter sf = new SimpleFormatter();

    /* loaded from: input_file:hudson/plugins/ec2/EC2Cloud$DescriptorImpl.class */
    public static abstract class DescriptorImpl extends Descriptor<Cloud> {
        public InstanceType[] getInstanceTypes() {
            return InstanceType.values();
        }

        public FormValidation doCheckAccessId(@QueryParameter String str) throws IOException, ServletException {
            return str.trim().length() != 20 ? FormValidation.error(Messages.EC2Cloud_InvalidAccessId()) : FormValidation.validateBase64(str, false, false, Messages.EC2Cloud_InvalidAccessId());
        }

        public FormValidation doCheckSecretKey(@QueryParameter String str) throws IOException, ServletException {
            return FormValidation.validateBase64(str, false, false, Messages.EC2Cloud_InvalidSecretKey());
        }

        public FormValidation doCheckUseInstanceProfileForCredentials(@QueryParameter boolean z) {
            if (z) {
                try {
                    new InstanceProfileCredentialsProvider().getCredentials();
                } catch (AmazonClientException e) {
                    return FormValidation.error(Messages.EC2Cloud_FailedToObtainCredentailsFromEC2(), new Object[]{e.getMessage()});
                }
            }
            return FormValidation.ok();
        }

        public FormValidation doCheckPrivateKey(@QueryParameter String str) throws IOException, ServletException {
            boolean z = false;
            boolean z2 = false;
            BufferedReader bufferedReader = new BufferedReader(new StringReader(str));
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                }
                if (readLine.equals("-----BEGIN RSA PRIVATE KEY-----")) {
                    z = true;
                }
                if (readLine.equals("-----END RSA PRIVATE KEY-----")) {
                    z2 = true;
                }
            }
            return !z ? FormValidation.error("This doesn't look like a private key at all") : !z2 ? FormValidation.error("The private key is missing the trailing 'END RSA PRIVATE KEY' marker. Copy&paste error?") : FormValidation.ok();
        }

        /* JADX INFO: Access modifiers changed from: protected */
        public FormValidation doTestConnection(URL url, boolean z, String str, String str2, String str3) throws IOException, ServletException {
            try {
                AmazonEC2 connect = EC2Cloud.connect(EC2Cloud.createCredentialsProvider(z, str, str2), url);
                connect.describeInstances();
                if (str3 == null) {
                    return FormValidation.error("Private key is not specified. Click 'Generate Key' to generate one.");
                }
                if (str3.trim().length() > 0) {
                    EC2PrivateKey eC2PrivateKey = new EC2PrivateKey(str3);
                    if (eC2PrivateKey.find(connect) == null) {
                        return FormValidation.error("The EC2 key pair private key isn't registered to this EC2 region (fingerprint is " + eC2PrivateKey.getFingerprint() + ")");
                    }
                }
                return FormValidation.ok(Messages.EC2Cloud_Success());
            } catch (AmazonClientException e) {
                EC2Cloud.LOGGER.log(Level.WARNING, "Failed to check EC2 credential", e);
                return FormValidation.error(e.getMessage());
            }
        }

        public FormValidation doGenerateKey(StaplerResponse staplerResponse, URL url, boolean z, String str, String str2) throws IOException, ServletException {
            try {
                AmazonEC2 connect = EC2Cloud.connect(EC2Cloud.createCredentialsProvider(z, str, str2), url);
                List keyPairs = connect.describeKeyPairs().getKeyPairs();
                int i = 0;
                while (true) {
                    boolean z2 = false;
                    Iterator it = keyPairs.iterator();
                    while (it.hasNext()) {
                        if (((KeyPairInfo) it.next()).getKeyName().equals("hudson-" + i)) {
                            z2 = true;
                        }
                    }
                    if (!z2) {
                        staplerResponse.addHeader("script", "findPreviousFormItem(button,'privateKey').value='" + connect.createKeyPair(new CreateKeyPairRequest("hudson-" + i)).getKeyPair().getKeyMaterial().replace("\n", "\\n") + "'");
                        return FormValidation.ok(Messages.EC2Cloud_Success());
                    }
                    i++;
                }
            } catch (AmazonClientException e) {
                EC2Cloud.LOGGER.log(Level.WARNING, "Failed to check EC2 credential", e);
                return FormValidation.error(e.getMessage());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public EC2Cloud(String str, boolean z, String str2, String str3, String str4, String str5, List<? extends SlaveTemplate> list) {
        super(str);
        this.useInstanceProfileForCredentials = z;
        this.accessId = str2.trim();
        this.secretKey = Secret.fromString(str3.trim());
        this.privateKey = new EC2PrivateKey(str4);
        if (list == null) {
            this.templates = Collections.emptyList();
        } else {
            this.templates = list;
        }
        if (str5.equals("")) {
            this.instanceCap = Integer.MAX_VALUE;
        } else {
            this.instanceCap = Integer.parseInt(str5);
        }
        readResolve();
    }

    public abstract URL getEc2EndpointUrl() throws IOException;

    public abstract URL getS3EndpointUrl() throws IOException;

    protected Object readResolve() {
        Iterator<? extends SlaveTemplate> it = this.templates.iterator();
        while (it.hasNext()) {
            it.next().parent = this;
        }
        return this;
    }

    public boolean isUseInstanceProfileForCredentials() {
        return this.useInstanceProfileForCredentials;
    }

    public String getAccessId() {
        return this.accessId;
    }

    public String getSecretKey() {
        return this.secretKey.getEncryptedValue();
    }

    public EC2PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    public String getInstanceCapStr() {
        return this.instanceCap == Integer.MAX_VALUE ? "" : String.valueOf(this.instanceCap);
    }

    public List<SlaveTemplate> getTemplates() {
        return Collections.unmodifiableList(this.templates);
    }

    public SlaveTemplate getTemplate(String str) {
        for (SlaveTemplate slaveTemplate : this.templates) {
            if (slaveTemplate.description.equals(str)) {
                return slaveTemplate;
            }
        }
        return null;
    }

    public SlaveTemplate getTemplate(Label label) {
        for (SlaveTemplate slaveTemplate : this.templates) {
            if (slaveTemplate.getMode() == Node.Mode.NORMAL) {
                if (label == null || label.matches(slaveTemplate.getLabelSet())) {
                    return slaveTemplate;
                }
            } else if (slaveTemplate.getMode() == Node.Mode.EXCLUSIVE && label != null && label.matches(slaveTemplate.getLabelSet())) {
                return slaveTemplate;
            }
        }
        return null;
    }

    public synchronized KeyPair getKeyPair() throws AmazonClientException, IOException {
        if (this.usableKeyPair == null) {
            this.usableKeyPair = this.privateKey.find(connect());
        }
        return this.usableKeyPair;
    }

    public void doAttach(StaplerRequest staplerRequest, StaplerResponse staplerResponse, @QueryParameter String str) throws ServletException, IOException, AmazonClientException {
        checkPermission(PROVISION);
        EC2AbstractSlave attach = getTemplates().get(0).attach(str, new StreamTaskListener(new StringWriter()));
        Hudson.getInstance().addNode(attach);
        staplerResponse.sendRedirect2(staplerRequest.getContextPath() + "/computer/" + attach.getNodeName());
    }

    public HttpResponse doProvision(@QueryParameter String str) throws ServletException, IOException {
        checkPermission(PROVISION);
        if (str == null) {
            throw HttpResponses.error(400, "The 'template' query parameter is missing");
        }
        SlaveTemplate template = getTemplate(str);
        if (template == null) {
            throw HttpResponses.error(400, "No such template: " + str);
        }
        try {
            EC2AbstractSlave provisionSlaveIfPossible = provisionSlaveIfPossible(template);
            if (provisionSlaveIfPossible == null) {
                throw HttpResponses.error(400, "Cloud or AMI instance cap would be exceeded for: " + str);
            }
            Hudson.getInstance().addNode(provisionSlaveIfPossible);
            return HttpResponses.redirectViaContextPath("/computer/" + provisionSlaveIfPossible.getNodeName());
        } catch (AmazonClientException e) {
            throw HttpResponses.error(500, e);
        }
    }

    private int countCurrentEC2Slaves(SlaveTemplate slaveTemplate) throws AmazonClientException {
        LOGGER.log(Level.FINE, "Counting current slaves: " + (slaveTemplate != null ? " AMI: " + slaveTemplate.getAmi() : " All AMIS"));
        int i = 0;
        String str = slaveTemplate != null ? slaveTemplate.description : null;
        Iterator it = connect().describeInstances().getReservations().iterator();
        while (it.hasNext()) {
            for (Instance instance : ((Reservation) it.next()).getInstances()) {
                if (isEc2ProvisionedAmiSlave(instance.getTags(), str) && (slaveTemplate == null || slaveTemplate.getAmi().equals(instance.getImageId()))) {
                    InstanceStateName fromValue = InstanceStateName.fromValue(instance.getState().getName());
                    if (fromValue != InstanceStateName.Terminated && fromValue != InstanceStateName.ShuttingDown) {
                        LOGGER.log(Level.FINE, "Existing instance found: " + instance.getInstanceId() + " AMI: " + instance.getImageId() + " Template: " + str);
                        i++;
                    }
                }
            }
        }
        DescribeSpotInstanceRequestsRequest describeSpotInstanceRequestsRequest = new DescribeSpotInstanceRequestsRequest();
        if (slaveTemplate != null) {
            ArrayList arrayList = new ArrayList();
            ArrayList arrayList2 = new ArrayList();
            arrayList2.add(slaveTemplate.getAmi());
            arrayList.add(new Filter("launch.image-id", arrayList2));
            describeSpotInstanceRequestsRequest = describeSpotInstanceRequestsRequest.withFilters(arrayList);
        }
        List<SpotInstanceRequest> spotInstanceRequests = connect().describeSpotInstanceRequests(describeSpotInstanceRequestsRequest).getSpotInstanceRequests();
        HashSet hashSet = new HashSet();
        for (SpotInstanceRequest spotInstanceRequest : spotInstanceRequests) {
            hashSet.add(spotInstanceRequest);
            if (spotInstanceRequest.getState().equals("open") || spotInstanceRequest.getState().equals("active")) {
                LOGGER.log(Level.FINE, "Spot instance request found: " + spotInstanceRequest.getSpotInstanceRequestId() + " AMI: " + spotInstanceRequest.getInstanceId() + " state: " + spotInstanceRequest.getState() + " status: " + spotInstanceRequest.getStatus());
                i++;
            } else {
                Iterator it2 = Jenkins.getInstance().getNodes().iterator();
                while (true) {
                    if (it2.hasNext()) {
                        EC2SpotSlave eC2SpotSlave = (Node) it2.next();
                        try {
                            if ((eC2SpotSlave instanceof EC2SpotSlave) && eC2SpotSlave.getSpotInstanceRequestId().equals(spotInstanceRequest.getSpotInstanceRequestId())) {
                                LOGGER.log(Level.INFO, "Removing dead request: " + spotInstanceRequest.getSpotInstanceRequestId() + " AMI: " + spotInstanceRequest.getInstanceId() + " state: " + spotInstanceRequest.getState() + " status: " + spotInstanceRequest.getStatus());
                                Jenkins.getInstance().removeNode(eC2SpotSlave);
                                break;
                            }
                        } catch (IOException e) {
                            LOGGER.log(Level.WARNING, "Failed to remove node for dead request: " + spotInstanceRequest.getSpotInstanceRequestId() + " AMI: " + spotInstanceRequest.getInstanceId() + " state: " + spotInstanceRequest.getState() + " status: " + spotInstanceRequest.getStatus(), (Throwable) e);
                        }
                    }
                }
            }
        }
        for (EC2SpotSlave eC2SpotSlave2 : Jenkins.getInstance().getNodes()) {
            if (eC2SpotSlave2 instanceof EC2SpotSlave) {
                EC2SpotSlave eC2SpotSlave3 = eC2SpotSlave2;
                SpotInstanceRequest spotRequest = eC2SpotSlave3.getSpotRequest(eC2SpotSlave3.getSpotInstanceRequestId());
                if (spotRequest == null) {
                    LOGGER.log(Level.FINE, "Found spot node without request: " + eC2SpotSlave3.getSpotInstanceRequestId());
                    i++;
                } else if (!hashSet.contains(spotRequest)) {
                    hashSet.add(spotRequest);
                    if (spotRequest.getState().equals("open") || spotRequest.getState().equals("active")) {
                        LOGGER.log(Level.FINE, "Spot instance request found (from node): " + spotRequest.getSpotInstanceRequestId() + " AMI: " + spotRequest.getInstanceId() + " state: " + spotRequest.getState() + " status: " + spotRequest.getStatus());
                        i++;
                    }
                }
            }
        }
        return i;
    }

    private boolean isEc2ProvisionedAmiSlave(List<Tag> list, String str) {
        for (Tag tag : list) {
            if (StringUtils.equals(tag.getKey(), EC2Tag.TAG_NAME_JENKINS_SLAVE_TYPE)) {
                return str == null || StringUtils.equals(tag.getValue(), EC2_SLAVE_TYPE_DEMAND) || StringUtils.equals(tag.getValue(), EC2_SLAVE_TYPE_SPOT) || StringUtils.equals(tag.getValue(), getSlaveTypeTagValue(EC2_SLAVE_TYPE_DEMAND, str)) || StringUtils.equals(tag.getValue(), getSlaveTypeTagValue(EC2_SLAVE_TYPE_SPOT, str));
            }
        }
        return false;
    }

    private int getPossibleNewSlavesCount(SlaveTemplate slaveTemplate) throws AmazonClientException {
        int countCurrentEC2Slaves = countCurrentEC2Slaves(null);
        int countCurrentEC2Slaves2 = countCurrentEC2Slaves(slaveTemplate);
        int i = this.instanceCap - countCurrentEC2Slaves;
        int instanceCap = slaveTemplate.getInstanceCap() - countCurrentEC2Slaves2;
        LOGGER.log(Level.FINE, "Available Total Slaves: " + i + " Available AMI slaves: " + instanceCap + " AMI: " + slaveTemplate.getAmi() + " TemplateDesc: " + slaveTemplate.description);
        return Math.min(instanceCap, i);
    }

    private synchronized EC2AbstractSlave provisionSlaveIfPossible(SlaveTemplate slaveTemplate) {
        int possibleNewSlavesCount = getPossibleNewSlavesCount(slaveTemplate);
        if (possibleNewSlavesCount < 0) {
            LOGGER.log(Level.INFO, "Cannot provision - no capacity for instances: " + possibleNewSlavesCount);
            return null;
        }
        try {
            return slaveTemplate.provision(StreamTaskListener.fromStdout(), possibleNewSlavesCount > 0);
        } catch (IOException e) {
            LOGGER.log(Level.WARNING, "Exception during provisioning", (Throwable) e);
            return null;
        }
    }

    public Collection<NodeProvisioner.PlannedNode> provision(Label label, int i) {
        try {
            ArrayList arrayList = new ArrayList();
            final SlaveTemplate template = getTemplate(label);
            while (i > 0) {
                LOGGER.log(Level.FINE, "Attempting provision, excess workload: " + i);
                final EC2AbstractSlave provisionSlaveIfPossible = provisionSlaveIfPossible(template);
                if (provisionSlaveIfPossible == null) {
                    break;
                }
                Hudson.getInstance().addNode(provisionSlaveIfPossible);
                arrayList.add(new NodeProvisioner.PlannedNode(template.getDisplayName(), Computer.threadPoolForRemoting.submit(new Callable<Node>() { // from class: hudson.plugins.ec2.EC2Cloud.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.util.concurrent.Callable
                    public Node call() throws Exception {
                        try {
                            provisionSlaveIfPossible.toComputer().connect(false).get();
                            return provisionSlaveIfPossible;
                        } catch (Exception e) {
                            if (template.spotConfig == null) {
                                throw e;
                            }
                            EC2Cloud.LOGGER.log(Level.INFO, "Expected - Spot instance " + provisionSlaveIfPossible.getInstanceId() + " failed to connect on initial provision");
                            return provisionSlaveIfPossible;
                        }
                    }
                }), template.getNumExecutors()));
                i -= template.getNumExecutors();
            }
            LOGGER.log(Level.INFO, "Attempting provision - finished, excess workload: " + i);
            return arrayList;
        } catch (IOException e) {
            LOGGER.log(Level.WARNING, "Exception during provisioning", (Throwable) e);
            return Collections.emptyList();
        } catch (AmazonClientException e2) {
            LOGGER.log(Level.WARNING, "Exception during provisioning", e2);
            return Collections.emptyList();
        }
    }

    public boolean canProvision(Label label) {
        return getTemplate(label) != null;
    }

    private AWSCredentialsProvider createCredentialsProvider() {
        return createCredentialsProvider(this.useInstanceProfileForCredentials, this.accessId, this.secretKey);
    }

    public static AWSCredentialsProvider createCredentialsProvider(boolean z, String str, String str2) {
        return createCredentialsProvider(z, str.trim(), Secret.fromString(str2.trim()));
    }

    public static String getSlaveTypeTagValue(String str, String str2) {
        return str2 != null ? str + "_" + str2 : str;
    }

    public static AWSCredentialsProvider createCredentialsProvider(boolean z, String str, Secret secret) {
        return z ? new InstanceProfileCredentialsProvider() : new StaticCredentialsProvider(new BasicAWSCredentials(str, Secret.toString(secret)));
    }

    public synchronized AmazonEC2 connect() throws AmazonClientException {
        try {
            if (this.connection == null) {
                this.connection = connect(createCredentialsProvider(), getEc2EndpointUrl());
            }
            return this.connection;
        } catch (IOException e) {
            throw new AmazonClientException("Failed to retrieve the endpoint", e);
        }
    }

    public static synchronized AmazonEC2 connect(AWSCredentialsProvider aWSCredentialsProvider, URL url) {
        awsCredentialsProvider = aWSCredentialsProvider;
        ClientConfiguration clientConfiguration = new ClientConfiguration();
        clientConfiguration.setMaxErrorRetry(16);
        clientConfiguration.setSignerOverride("AWS4SignerType");
        ProxyConfiguration proxyConfiguration = Jenkins.getInstance().proxy;
        Proxy createProxy = proxyConfiguration == null ? Proxy.NO_PROXY : proxyConfiguration.createProxy(url.getHost());
        if (!createProxy.equals(Proxy.NO_PROXY) && (createProxy.address() instanceof InetSocketAddress)) {
            InetSocketAddress inetSocketAddress = (InetSocketAddress) createProxy.address();
            clientConfiguration.setProxyHost(inetSocketAddress.getHostName());
            clientConfiguration.setProxyPort(inetSocketAddress.getPort());
            if (null != proxyConfiguration.getUserName()) {
                clientConfiguration.setProxyUsername(proxyConfiguration.getUserName());
                clientConfiguration.setProxyPassword(proxyConfiguration.getPassword());
            }
        }
        AmazonEC2Client amazonEC2Client = new AmazonEC2Client(aWSCredentialsProvider, clientConfiguration);
        amazonEC2Client.setEndpoint(url.toString());
        return amazonEC2Client;
    }

    public static String convertHostName(String str) {
        if (str == null || str.length() == 0) {
            str = DEFAULT_EC2_HOST;
        }
        if (!str.contains(".")) {
            str = "ec2." + str + "." + AWS_URL_HOST;
        }
        return str;
    }

    public static Integer convertPort(String str) {
        if (str == null || str.length() == 0) {
            return -1;
        }
        return Integer.valueOf(Integer.parseInt(str));
    }

    public URL buildPresignedURL(String str) throws AmazonClientException {
        AWSCredentials credentials = awsCredentialsProvider.getCredentials();
        long currentTimeMillis = System.currentTimeMillis() + 3600000;
        GeneratePresignedUrlRequest generatePresignedUrlRequest = new GeneratePresignedUrlRequest(str, credentials.getAWSSecretKey());
        generatePresignedUrlRequest.setExpiration(new Date(currentTimeMillis));
        return new AmazonS3Client(credentials).generatePresignedUrl(generatePresignedUrlRequest);
    }

    public static URL checkEndPoint(String str) throws FormValidation {
        try {
            return new URL(str);
        } catch (MalformedURLException e) {
            throw FormValidation.error("Endpoint URL is not a valid URL");
        }
    }

    public static void log(Logger logger, Level level, TaskListener taskListener, String str) {
        log(logger, level, taskListener, str, null);
    }

    public static void log(Logger logger, Level level, TaskListener taskListener, String str, Throwable th) {
        logger.log(level, str, th);
        if (taskListener != null) {
            if (th != null) {
                str = str + " Exception: " + th;
            }
            taskListener.getLogger().print(sf.format(new LogRecord(level, str)));
        }
    }
}
