package com.sysdig.jenkins.plugins.sysdig;

import com.google.common.base.Strings;
import com.sysdig.jenkins.plugins.sysdig.SysdigBuilder;
import com.sysdig.jenkins.plugins.sysdig.Util;
import com.sysdig.jenkins.plugins.sysdig.client.ImageScanningException;
import com.sysdig.jenkins.plugins.sysdig.client.ImageScanningSubmission;
import com.sysdig.jenkins.plugins.sysdig.client.SysdigSecureClientImpl;
import com.sysdig.jenkins.plugins.sysdig.client.SysdigSecureClientImplWithRetries;
import com.sysdig.jenkins.plugins.sysdig.log.ConsoleLog;
import com.sysdig.jenkins.plugins.sysdig.log.SysdigLogger;
import hudson.AbortException;
import hudson.FilePath;
import hudson.Launcher;
import hudson.PluginWrapper;
import hudson.model.Run;
import hudson.model.TaskListener;
import hudson.tasks.ArtifactArchiver;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.KeyStore;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.logging.Logger;
import jenkins.model.Jenkins;
import net.sf.json.JSONArray;
import net.sf.json.JSONObject;
import org.apache.commons.codec.binary.Base64;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLContextBuilder;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;

/* loaded from: input_file:com/sysdig/jenkins/plugins/sysdig/BuildWorker.class */
public abstract class BuildWorker {
    private static final Logger LOG = Logger.getLogger(BuildWorkerBackend.class.getName());
    private static final String JENKINS_DIR_NAME_PREFIX = "SysdigSecureReport.";
    private static final String CVE_LISTING_FILENAME = "sysdig_secure_security.json";
    private static final String GATE_OUTPUT_FILENAME = "sysdig_secure_gates.json";
    Run<?, ?> build;
    FilePath workspace;
    Launcher launcher;
    TaskListener listener;
    BuildConfig config;
    protected SysdigLogger logger;
    private String jenkinsOutputDirName;
    private Util.GATE_ACTION finalAction;
    private JSONObject gateSummary;

    public BuildWorker(Run<?, ?> run, FilePath filePath, Launcher launcher, TaskListener taskListener, BuildConfig buildConfig) throws AbortException {
        try {
            if (taskListener == null) {
                LOG.warning("Sysdig Secure Container Image Scanner plugin cannot initialize Jenkins task listener");
                throw new AbortException("Cannot initialize Jenkins task listener. Aborting step");
            }
            if (buildConfig == null) {
                LOG.warning("Sysdig Secure Container Image Scanner cannot find the required configuration");
                throw new AbortException("Configuration for the plugin is invalid. Configure the plugin under Manage Jenkins->Configure System->Sysdig Secure Configuration first. Add the Sysdig Secure Container Image Scanner step in your project and retry");
            }
            this.build = run;
            this.workspace = filePath;
            this.listener = taskListener;
            this.config = buildConfig;
            this.logger = new ConsoleLog("SysdigWorker", this.listener.getLogger(), this.config.getDebug());
            this.logger.logDebug("Initializing build worker");
            this.launcher = filePath.createLauncher(taskListener);
            printConfig();
            initializeJenkinsWorkspace();
            this.logger.logDebug("Build worker initialized");
        } catch (Exception e) {
            try {
                if (this.logger != null) {
                    this.logger.logError("Failed to initialize worker for plugin execution", e);
                }
                cleanJenkinsWorkspaceQuietly();
            } catch (Exception e2) {
            }
            throw new AbortException("Failed to initialize worker for plugin execution, check logs for corrective action");
        }
    }

    public abstract ArrayList<ImageScanningSubmission> scanImages(Map<String, String> map) throws AbortException, InterruptedException;

    private static CloseableHttpClient makeHttpClient(boolean z) {
        CloseableHttpClient closeableHttpClient = null;
        if (z) {
            closeableHttpClient = HttpClients.createDefault();
        } else {
            try {
                SSLContextBuilder sSLContextBuilder = new SSLContextBuilder();
                sSLContextBuilder.loadTrustMaterial((KeyStore) null, new TrustSelfSignedStrategy());
                closeableHttpClient = HttpClients.custom().setSSLSocketFactory(new SSLConnectionSocketFactory(sSLContextBuilder.build(), SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER)).build();
            } catch (Exception e) {
                System.out.println(e.toString());
            }
        }
        return closeableHttpClient;
    }

    /* JADX WARN: Code restructure failed: missing block: B:21:0x00fe, code lost:
    
        r0 = r0.get();
        r0 = r0.getGateResult();
        r0 = r0.getEvalStatus();
     */
    /* JADX WARN: Code restructure failed: missing block: B:22:0x011d, code lost:
    
        if ("pass".equals(r0) != false) goto L22;
     */
    /* JADX WARN: Code restructure failed: missing block: B:23:0x0120, code lost:
    
        r7.finalAction = com.sysdig.jenkins.plugins.sysdig.Util.GATE_ACTION.FAIL;
     */
    /* JADX WARN: Code restructure failed: missing block: B:24:0x0127, code lost:
    
        r7.logger.logDebug(java.lang.String.format("sysdig-secure-engine get policy evaluation status: %s", r0));
        r7.logger.logDebug(java.lang.String.format("sysdig-secure-engine get policy evaluation result: %s", r0.toString()));
        r0 = r0.keySet().iterator();
     */
    /* JADX WARN: Code restructure failed: missing block: B:26:0x016b, code lost:
    
        if (r0.hasNext() == false) goto L46;
     */
    /* JADX WARN: Code restructure failed: missing block: B:27:0x016e, code lost:
    
        r0 = r0.next();
     */
    /* JADX WARN: Code restructure failed: missing block: B:29:0x0177, code lost:
    
        r0.put((java.lang.String) r0, r0.getJSONObject((java.lang.String) r0));
     */
    /* JADX WARN: Code restructure failed: missing block: B:34:0x0191, code lost:
    
        r7.logger.logDebug("Ignoring error parsing policy evaluation result key: " + r0);
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public com.sysdig.jenkins.plugins.sysdig.Util.GATE_ACTION retrievePolicyEvaluation(java.util.List<com.sysdig.jenkins.plugins.sysdig.client.ImageScanningSubmission> r8) throws hudson.AbortException {
        /*
            Method dump skipped, instructions count: 558
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.sysdig.jenkins.plugins.sysdig.BuildWorker.retrievePolicyEvaluation(java.util.List):com.sysdig.jenkins.plugins.sysdig.Util$GATE_ACTION");
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Code restructure failed: missing block: B:139:0x017f, code lost:
    
        switch(r24) {
            case 0: goto L47;
            case 1: goto L48;
            case 2: goto L49;
            case 3: goto L50;
            default: goto L158;
        };
     */
    /* JADX WARN: Code restructure failed: missing block: B:140:0x019c, code lost:
    
        r13 = r22;
     */
    /* JADX WARN: Code restructure failed: missing block: B:142:0x01b8, code lost:
    
        r22 = r22 + 1;
     */
    /* JADX WARN: Code restructure failed: missing block: B:143:0x01a3, code lost:
    
        r14 = r22;
     */
    /* JADX WARN: Code restructure failed: missing block: B:145:0x01aa, code lost:
    
        r15 = r22;
     */
    /* JADX WARN: Code restructure failed: missing block: B:147:0x01b1, code lost:
    
        r16 = r22;
     */
    /* JADX WARN: Code restructure failed: missing block: B:67:0x02b7, code lost:
    
        switch(r32) {
            case 0: goto L86;
            case 1: goto L95;
            case 2: goto L104;
            default: goto L153;
        };
     */
    /* JADX WARN: Code restructure failed: missing block: B:68:0x02d0, code lost:
    
        r22 = r22 + 1;
        r0 = r25;
     */
    /* JADX WARN: Code restructure failed: missing block: B:69:0x02d8, code lost:
    
        if (r16 == (-1)) goto L93;
     */
    /* JADX WARN: Code restructure failed: missing block: B:71:0x02e7, code lost:
    
        if (r0.getString(r16).equalsIgnoreCase("none") != false) goto L93;
     */
    /* JADX WARN: Code restructure failed: missing block: B:73:0x02f6, code lost:
    
        if (r0.getString(r16).equalsIgnoreCase("false") != false) goto L93;
     */
    /* JADX WARN: Code restructure failed: missing block: B:74:0x02f9, code lost:
    
        r1 = 1;
     */
    /* JADX WARN: Code restructure failed: missing block: B:75:0x02fe, code lost:
    
        r25 = r0 + r1;
     */
    /* JADX WARN: Code restructure failed: missing block: B:78:0x02fd, code lost:
    
        r1 = 0;
     */
    /* JADX WARN: Code restructure failed: missing block: B:79:0x0304, code lost:
    
        r23 = r23 + 1;
        r0 = r26;
     */
    /* JADX WARN: Code restructure failed: missing block: B:80:0x030c, code lost:
    
        if (r16 == (-1)) goto L102;
     */
    /* JADX WARN: Code restructure failed: missing block: B:82:0x031b, code lost:
    
        if (r0.getString(r16).equalsIgnoreCase("none") != false) goto L102;
     */
    /* JADX WARN: Code restructure failed: missing block: B:84:0x032a, code lost:
    
        if (r0.getString(r16).equalsIgnoreCase("false") != false) goto L102;
     */
    /* JADX WARN: Code restructure failed: missing block: B:85:0x032d, code lost:
    
        r1 = 1;
     */
    /* JADX WARN: Code restructure failed: missing block: B:86:0x0332, code lost:
    
        r26 = r0 + r1;
     */
    /* JADX WARN: Code restructure failed: missing block: B:88:0x0331, code lost:
    
        r1 = 0;
     */
    /* JADX WARN: Code restructure failed: missing block: B:89:0x0338, code lost:
    
        r24 = r24 + 1;
        r0 = r27;
     */
    /* JADX WARN: Code restructure failed: missing block: B:90:0x0340, code lost:
    
        if (r16 == (-1)) goto L111;
     */
    /* JADX WARN: Code restructure failed: missing block: B:92:0x034f, code lost:
    
        if (r0.getString(r16).equalsIgnoreCase("none") != false) goto L111;
     */
    /* JADX WARN: Code restructure failed: missing block: B:94:0x035e, code lost:
    
        if (r0.getString(r16).equalsIgnoreCase("false") != false) goto L111;
     */
    /* JADX WARN: Code restructure failed: missing block: B:95:0x0361, code lost:
    
        r1 = 1;
     */
    /* JADX WARN: Code restructure failed: missing block: B:96:0x0366, code lost:
    
        r27 = r0 + r1;
     */
    /* JADX WARN: Code restructure failed: missing block: B:98:0x0365, code lost:
    
        r1 = 0;
     */
    /* JADX WARN: Removed duplicated region for block: B:124:0x0103  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private net.sf.json.JSONObject generateGatesSummary(net.sf.json.JSONObject r9) {
        /*
            Method dump skipped, instructions count: 1422
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.sysdig.jenkins.plugins.sysdig.BuildWorker.generateGatesSummary(net.sf.json.JSONObject):net.sf.json.JSONObject");
    }

    public void retrieveVulnerabilityEvaluation(List<ImageScanningSubmission> list) throws AbortException {
        if (list.isEmpty()) {
            this.logger.logError("Image(s) were not added to sysdig-secure-engine (or a prior attempt to add images may have failed). Re-submit image(s) to sysdig-secure-engine before attempting vulnerability listing");
            throw new AbortException("Submit image(s) to sysdig-secure-engine for analysis before attempting vulnerability listing");
        }
        String sysdigToken = this.config.getSysdigToken();
        SysdigSecureClientImplWithRetries sysdigSecureClientImplWithRetries = new SysdigSecureClientImplWithRetries(this.config.getEngineverify() ? SysdigSecureClientImpl.newClient(sysdigToken, this.config.getEngineurl()) : SysdigSecureClientImpl.newInsecureClient(sysdigToken, this.config.getEngineurl()), 10);
        try {
            JSONObject jSONObject = new JSONObject();
            JSONArray jSONArray = new JSONArray();
            for (String str : Arrays.asList("Tag", "CVE ID", "Severity", "Vulnerability Package", "Fix Available", "URL")) {
                JSONObject jSONObject2 = new JSONObject();
                jSONObject2.put("title", str);
                jSONArray.add(jSONObject2);
            }
            JSONArray jSONArray2 = new JSONArray();
            for (ImageScanningSubmission imageScanningSubmission : list) {
                String tag = imageScanningSubmission.getTag();
                String imageDigest = imageScanningSubmission.getImageDigest();
                this.logger.logInfo(String.format("Querying vulnerability listing for %s", tag));
                jSONArray2.addAll(sysdigSecureClientImplWithRetries.retrieveImageScanningVulnerabilities(tag, imageDigest).getDataJson());
            }
            jSONObject.put("columns", jSONArray);
            jSONObject.put("data", jSONArray2);
            FilePath filePath = new FilePath(new FilePath(this.workspace, this.jenkinsOutputDirName), CVE_LISTING_FILENAME);
            try {
                this.logger.logDebug(String.format("Writing vulnerability listing result to %s", filePath.getRemote()));
                filePath.write(jSONObject.toString(), String.valueOf(StandardCharsets.UTF_8));
            } catch (IOException | InterruptedException e) {
                this.logger.logWarn(String.format("Failed to write vulnerability listing to %s", filePath.getRemote()), e);
                throw new AbortException(String.format("Failed to write vulnerability listing to %s", filePath.getRemote()));
            }
        } catch (ImageScanningException e2) {
            this.logger.logError("Failed to fetch vulnerability listing from sysdig-secure-engine due to an unexpected error", e2);
            throw new AbortException("Failed to fetch vulnerability listing from sysdig-secure-engine due to an unexpected error. Please refer to above logs for more information");
        }
    }

    public void setupBuildReports(Util.GATE_ACTION gate_action) throws AbortException {
        try {
            this.logger.logDebug("Archiving results");
            new ArtifactArchiver(this.jenkinsOutputDirName + "/").perform(this.build, this.workspace, this.launcher, this.listener);
            this.logger.logDebug("Setting up build results");
            this.build.addAction(new SysdigAction(this.build, gate_action != null ? gate_action.toString() : SysdigBuilder.DescriptorImpl.EMPTY_STRING, this.jenkinsOutputDirName, GATE_OUTPUT_FILENAME, this.gateSummary.toString(), CVE_LISTING_FILENAME));
        } catch (Exception e) {
            this.logger.logError("Failed to setup build results due to an unexpected error", e);
            throw new AbortException("Failed to setup build results due to an unexpected error. Please refer to above logs for more information");
        }
    }

    public void cleanup() {
        try {
            this.logger.logDebug("Cleaning up build artifacts");
            if (!Strings.isNullOrEmpty(this.jenkinsOutputDirName)) {
                try {
                    this.logger.logDebug("Deleting Jenkins workspace " + this.jenkinsOutputDirName);
                    cleanJenkinsWorkspaceQuietly();
                } catch (IOException | InterruptedException e) {
                    this.logger.logDebug("Unable to delete Jenkins workspace " + this.jenkinsOutputDirName, e);
                }
            }
        } catch (RuntimeException e2) {
            this.logger.logDebug("Failed to clean up build artifacts due to an unexpected error", e2);
        }
    }

    private void printConfig() {
        List plugins;
        this.logger.logInfo("Jenkins version: " + Jenkins.VERSION);
        if (Jenkins.getActiveInstance().getPluginManager() != null && (plugins = Jenkins.getActiveInstance().getPluginManager().getPlugins()) != null) {
            Iterator it = plugins.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                PluginWrapper pluginWrapper = (PluginWrapper) it.next();
                if (pluginWrapper.getShortName().equals("sysdig-secure")) {
                    this.logger.logInfo(String.format("%s version: %s", pluginWrapper.getDisplayName(), pluginWrapper.getVersion()));
                    break;
                }
            }
        }
        this.config.print(this.logger);
    }

    private void checkConfig() throws AbortException {
        if (Strings.isNullOrEmpty(this.config.getName())) {
            this.logger.logError("Image list file not found");
            throw new AbortException("Image list file not specified. Please provide a valid image list file name in the Sysdig Secure Container Image Scanner step and try again");
        }
        try {
            if (new FilePath(this.workspace, this.config.getName()).exists()) {
                return;
            }
            this.logger.logError(String.format("Cannot find image list file \"%s\" under %s", this.config.getName(), this.workspace));
            throw new AbortException(String.format("Cannot find image list file '%s'. Please ensure that image list file is created prior to Sysdig Secure Container Image Scanner step", this.config.getName()));
        } catch (Exception e) {
            this.logger.logWarn(String.format("Unable to access image list file \"%s\" under %s", this.config.getName(), this.workspace), e);
            throw new AbortException(String.format("Unable to access image list file %s. Please ensure that image list file is created prior to Sysdig Secure Container Image Scanner step", this.config.getName()));
        } catch (AbortException e2) {
            throw e2;
        }
    }

    private void initializeJenkinsWorkspace() throws AbortException {
        try {
            this.logger.logDebug("Initializing Jenkins workspace");
            String str = this.build.getParent().getDisplayName() + "_" + this.build.getNumber();
            if (Strings.isNullOrEmpty(str)) {
                this.logger.logWarn("Unable to generate a unique identifier for this build due to invalid configuration");
                throw new AbortException("Unable to generate a unique identifier for this build due to invalid configuration");
            }
            this.jenkinsOutputDirName = JENKINS_DIR_NAME_PREFIX + str;
            FilePath filePath = new FilePath(this.workspace, this.jenkinsOutputDirName);
            if (!filePath.exists()) {
                this.logger.logDebug(String.format("Creating workspace directory %s", this.jenkinsOutputDirName));
                filePath.mkdirs();
            }
        } catch (Exception e) {
            this.logger.logWarn("Failed to initialize Jenkins workspace", e);
            throw new AbortException("Failed to initialize Jenkins workspace due to to an unexpected error");
        } catch (AbortException e2) {
            throw e2;
        }
    }

    public Map<String, String> readImagesAndDockerfilesFromPath(FilePath filePath, String str) throws AbortException {
        HashMap hashMap = new HashMap();
        this.logger.logDebug("Initializing Sysdig Secure workspace");
        try {
            for (String str2 : new FilePath(filePath, str).readToString().split("\\r?\\n")) {
                String[] split = str2.split(" ", 1);
                hashMap.put(split[0], split.length > 1 ? new String(Base64.encodeBase64(new FilePath(filePath, split[1]).readToString().getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8) : SysdigBuilder.DescriptorImpl.EMPTY_STRING);
            }
            return hashMap;
        } catch (Exception e) {
            this.logger.logError("Failed to initialize Sysdig Secure workspace due to an unexpected error", e);
            throw new AbortException("Failed to initialize Sysdig Secure workspace due to an unexpected error. Please refer to above logs for more information");
        }
    }

    private static JSONArray generateDataTablesColumnsForGateSummary() {
        JSONArray jSONArray = new JSONArray();
        for (Util.GATE_SUMMARY_COLUMN gate_summary_column : Util.GATE_SUMMARY_COLUMN.values()) {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("data", gate_summary_column.toString());
            jSONObject.put("title", gate_summary_column.toString().replaceAll("_", " "));
            jSONArray.add(jSONObject);
        }
        return jSONArray;
    }

    private void cleanJenkinsWorkspaceQuietly() throws IOException, InterruptedException {
        new FilePath(this.workspace, this.jenkinsOutputDirName).deleteRecursive();
    }
}
