package com.sysdig.jenkins.plugins.sysdig;

import com.github.dockerjava.api.DockerClient;
import com.github.dockerjava.api.async.ResultCallback;
import com.github.dockerjava.api.command.CreateContainerResponse;
import com.github.dockerjava.api.command.ExecCreateCmdResponse;
import com.github.dockerjava.api.model.Bind;
import com.github.dockerjava.api.model.Frame;
import com.github.dockerjava.api.model.HostConfig;
import com.github.dockerjava.core.DockerClientBuilder;
import com.github.dockerjava.netty.NettyDockerCmdExecFactory;
import com.google.common.collect.Iterables;
import com.sysdig.jenkins.plugins.sysdig.client.ImageScanningException;
import com.sysdig.jenkins.plugins.sysdig.client.ImageScanningSubmission;
import com.sysdig.jenkins.plugins.sysdig.client.SysdigSecureClient;
import com.sysdig.jenkins.plugins.sysdig.log.ConsoleLog;
import hudson.AbortException;
import hudson.model.TaskListener;
import hudson.remoting.Callable;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.Serializable;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.Arrays;
import java.util.List;
import org.apache.commons.io.IOUtils;
import org.apache.commons.vfs2.FileObject;
import org.apache.commons.vfs2.VFS;
import org.jenkinsci.remoting.RoleChecker;

/* loaded from: input_file:com/sysdig/jenkins/plugins/sysdig/RemoteInlineScanningExecution.class */
public class RemoteInlineScanningExecution implements Callable<ImageScanningSubmission, Exception>, Serializable {
    private static final String anchoreVersion = "0.6.1";
    private static final String INLINE_SCAN_IMAGE = "docker.io/anchore/anchore-engine:v0.6.1";
    public static final String RESULTS_PATH_INSIDE_SCANNING_CONTAINER = "/tmp/image-analysis-archive.tgz";
    private final String imageName;
    private final String dockerfileContents;
    private final TaskListener listener;
    private SysdigSecureClient sysdigSecureClient;

    public RemoteInlineScanningExecution(String str, String str2, TaskListener taskListener, SysdigSecureClient sysdigSecureClient) {
        this.imageName = str;
        this.dockerfileContents = str2;
        this.listener = taskListener;
        this.sysdigSecureClient = sysdigSecureClient;
    }

    /* renamed from: call, reason: merged with bridge method [inline-methods] */
    public ImageScanningSubmission m1call() throws Exception {
        return scanImage(this.sysdigSecureClient, DockerClientBuilder.getInstance().withDockerCmdExecFactory(new NettyDockerCmdExecFactory()).build(), this.imageName, this.dockerfileContents);
    }

    public void checkRoles(RoleChecker roleChecker) throws SecurityException {
    }

    private ImageScanningSubmission scanImage(SysdigSecureClient sysdigSecureClient, DockerClient dockerClient, String str, String str2) throws ImageScanningException, IOException, InterruptedException {
        ConsoleLog consoleLog = new ConsoleLog("InlineScanner", this.listener.getLogger(), false);
        consoleLog.logInfo(String.format("Pulling scanning image %s", INLINE_SCAN_IMAGE));
        dockerClient.pullImageCmd(INLINE_SCAN_IMAGE).start().awaitCompletion();
        consoleLog.logInfo(String.format("Checking if the image %s to scan exists", str));
        if (((List) dockerClient.listImagesCmd().withImageNameFilter(str).exec()).isEmpty()) {
            throw new AbortException(String.format("Image %s not found", str));
        }
        consoleLog.logInfo(String.format("Retrieving ID and Digest from image %s", str));
        String id = dockerClient.inspectImageCmd(str).exec().getId();
        if (id == null) {
            throw new ImageScanningException("Unable to retrieve the ID from image");
        }
        String str3 = (String) Iterables.getLast(Arrays.asList(id.split(":")));
        String digestIDFromImage = getDigestIDFromImage(dockerClient, str);
        consoleLog.logInfo(String.format("%s image ID to scan: %s", str, str3));
        consoleLog.logInfo(String.format("Creating container for scanning with image: %s", INLINE_SCAN_IMAGE));
        String createScanningContainer = createScanningContainer(dockerClient);
        consoleLog.logInfo(String.format("Created container for scanning: %s", createScanningContainer));
        consoleLog.logInfo(String.format("Launching container for scanning: %s", createScanningContainer));
        dockerClient.startContainerCmd(createScanningContainer).exec();
        consoleLog.logInfo(String.format("Copying image %s to scanning container %s", str, createScanningContainer));
        String copyImageToContainer = copyImageToContainer(dockerClient, str, createScanningContainer);
        consoleLog.logInfo(String.format("Executing Inline Scanning", new Object[0]));
        consoleLog.logInfo(performScanInContainer(dockerClient, Arrays.asList("anchore-manager", "analyzers", "exec", copyImageToContainer, RESULTS_PATH_INSIDE_SCANNING_CONTAINER, "--image-id", str3, "--digest", digestIDFromImage, "--account-id", sysdigSecureClient.getScanningAccount(), "--tag", str), createScanningContainer));
        consoleLog.logInfo(String.format("Extracting results from scanning container: %s", createScanningContainer));
        File extractScanResultsFromContainer = extractScanResultsFromContainer(dockerClient, createScanningContainer);
        consoleLog.logInfo(String.format("Removing scanning container: %s", createScanningContainer));
        dockerClient.removeContainerCmd(createScanningContainer).withRemoveVolumes(true).withForce(true).exec();
        consoleLog.logInfo("Sending results to Sysdig Secure");
        return sysdigSecureClient.submitImageForScanning(str3, str, digestIDFromImage, extractScanResultsFromContainer);
    }

    private String getDigestIDFromImage(DockerClient dockerClient, String str) throws InterruptedException {
        dockerClient.pullImageCmd("sysdiglabs/digest-id:latest").start().awaitCompletion();
        CreateContainerResponse exec = dockerClient.createContainerCmd("sysdiglabs/digest-id:latest").withHostConfig(HostConfig.newHostConfig().withBinds(new Bind[]{Bind.parse("/var/run/docker.sock:/var/run/docker.sock")})).withCmd(new String[]{"-c", "sleep 60"}).withEntrypoint(new String[]{"/bin/sh"}).withAttachStdout(true).withAttachStderr(true).withTty(true).exec();
        dockerClient.startContainerCmd(exec.getId()).exec();
        ResultCallback.Adapter<Frame> adapter = new ResultCallback.Adapter<Frame>() { // from class: com.sysdig.jenkins.plugins.sysdig.RemoteInlineScanningExecution.1
            private StringBuffer logbuffer = new StringBuffer();

            public void onNext(Frame frame) {
                this.logbuffer.append(new String(frame.getPayload(), StandardCharsets.UTF_8));
                super.onNext(frame);
            }

            public String toString() {
                return this.logbuffer.toString();
            }
        };
        dockerClient.execStartCmd(((ExecCreateCmdResponse) dockerClient.execCreateCmd(exec.getId()).withCmd(new String[]{"docker-entrypoint.sh", str}).withAttachStderr(true).withAttachStdout(true).withTty(true).exec()).getId()).withTty(true).exec(adapter).awaitCompletion();
        dockerClient.removeContainerCmd(exec.getId()).withForce(true).exec();
        return adapter.toString();
    }

    private static File extractScanResultsFromContainer(DockerClient dockerClient, String str) throws IOException {
        Path path = Paths.get(String.format("/tmp/image-analysis-archive-%s.tgz", str.substring(5)), new String[0]);
        String format = String.format("/tmp/temp-image-analysis-archive%s.tar", str.substring(5));
        Path path2 = Paths.get(format, new String[0]);
        InputStream exec = dockerClient.copyArchiveFromContainerCmd(str, RESULTS_PATH_INSIDE_SCANNING_CONTAINER).exec();
        IOUtils.copy(exec, Files.newOutputStream(path2, new OpenOption[0]));
        exec.close();
        FileObject resolveFile = VFS.getManager().resolveFile(String.format("tar:%s!/image-analysis-archive.tgz", format));
        IOUtils.copy(resolveFile.getContent().getInputStream(), Files.newOutputStream(path, new OpenOption[0]));
        resolveFile.close();
        Files.deleteIfExists(path2);
        return path.toFile();
    }

    private static String performScanInContainer(DockerClient dockerClient, List<String> list, String str) throws InterruptedException {
        ResultCallback.Adapter<Frame> adapter = new ResultCallback.Adapter<Frame>() { // from class: com.sysdig.jenkins.plugins.sysdig.RemoteInlineScanningExecution.2
            private StringBuffer logbuffer = new StringBuffer();

            public void onNext(Frame frame) {
                this.logbuffer.append(new String(frame.getPayload(), StandardCharsets.UTF_8));
                super.onNext(frame);
            }

            public String toString() {
                return this.logbuffer.toString();
            }
        };
        dockerClient.execStartCmd(((ExecCreateCmdResponse) dockerClient.execCreateCmd(str).withCmd((String[]) list.toArray(new String[list.size()])).withAttachStderr(true).withAttachStdout(true).withTty(true).exec()).getId()).withTty(true).exec(adapter).awaitCompletion();
        return adapter.toString();
    }

    private static String createScanningContainer(DockerClient dockerClient) {
        return dockerClient.createContainerCmd(INLINE_SCAN_IMAGE).withEntrypoint(new String[]{"/bin/sh"}).withCmd(new String[]{"-c", "sleep 3600"}).withAttachStdout(true).withAttachStderr(true).withTty(true).withHostConfig(HostConfig.newHostConfig().withAutoRemove(true)).withEnv(new String[]{"ANCHORE_DB_HOST=useless", "ANCHORE_DB_USER=useless", "ANCHORE_DB_PASSWORD=useless"}).exec().getId();
    }

    private static String copyImageToContainer(DockerClient dockerClient, String str, String str2) throws ImageScanningException {
        try {
            InputStream exec = dockerClient.saveImageCmd(str).exec();
            Throwable th = null;
            try {
                try {
                    String format = String.format("/tmp/%s.tar", ((String) Iterables.getLast(Arrays.asList(str.split("/")), str)).replaceAll("/|:|\\.", "_"));
                    Path path = Paths.get(format, new String[0]);
                    IOUtils.copy(exec, Files.newOutputStream(path, new OpenOption[0]));
                    dockerClient.copyArchiveToContainerCmd(str2).withHostResource(format).withRemotePath("/tmp").exec();
                    Files.deleteIfExists(path);
                    if (exec != null) {
                        if (0 != 0) {
                            try {
                                exec.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            exec.close();
                        }
                    }
                    return format;
                } finally {
                }
            } finally {
            }
        } catch (Exception e) {
            throw new ImageScanningException(e);
        }
    }
}
