package io.jenkins.docker.connector;

import com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey;
import com.cloudbees.plugins.credentials.CredentialsScope;
import com.cloudbees.plugins.credentials.common.StandardUsernameCredentials;
import com.github.dockerjava.api.command.CreateContainerCmd;
import com.github.dockerjava.api.command.InspectContainerResponse;
import com.github.dockerjava.api.model.ExposedPort;
import com.github.dockerjava.api.model.NetworkSettings;
import com.github.dockerjava.api.model.PortBinding;
import com.github.dockerjava.api.model.Ports;
import com.nirima.jenkins.plugins.docker.DockerCloud;
import com.nirima.jenkins.plugins.docker.DockerTemplate;
import com.nirima.jenkins.plugins.docker.DockerTemplateBase;
import com.nirima.jenkins.plugins.docker.utils.PortUtils;
import com.trilead.ssh2.signature.RSASHA1Verify;
import hudson.Extension;
import hudson.model.AbstractDescribableImpl;
import hudson.model.Descriptor;
import hudson.model.ItemGroup;
import hudson.model.TaskListener;
import hudson.plugins.sshslaves.SSHLauncher;
import hudson.remoting.Base64;
import hudson.slaves.ComputerLauncher;
import hudson.util.ListBoxModel;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.URI;
import java.security.interfaces.RSAPublicKey;
import java.util.List;
import java.util.concurrent.TimeUnit;
import javax.annotation.Nonnull;
import jenkins.bouncycastle.api.PEMEncodable;
import jenkins.model.Jenkins;
import org.apache.commons.compress.archivers.tar.TarArchiveEntry;
import org.apache.commons.compress.archivers.tar.TarArchiveOutputStream;
import org.jenkinsci.main.modules.instance_identity.InstanceIdentity;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/jenkins/docker/connector/DockerComputerSSHConnector.class */
public class DockerComputerSSHConnector extends DockerComputerConnector {
    private static final Logger LOGGER = LoggerFactory.getLogger(DockerComputerSSHConnector.class);
    private final SSHKeyStrategy sshKeyStrategy;
    private int port;
    private String jvmOptions;
    private String javaPath;
    private String prefixStartSlaveCmd;
    private String suffixStartSlaveCmd;
    private Integer launchTimeoutSeconds;

    @Extension
    /* loaded from: input_file:io/jenkins/docker/connector/DockerComputerSSHConnector$DescriptorImpl.class */
    public static final class DescriptorImpl extends Descriptor<DockerComputerConnector> {
        public String getDisplayName() {
            return "Connect with SSH";
        }

        public List getSSHKeyStrategyDescriptors() {
            return Jenkins.getInstance().getDescriptorList(SSHKeyStrategy.class);
        }
    }

    /* loaded from: input_file:io/jenkins/docker/connector/DockerComputerSSHConnector$DockerSSHLauncher.class */
    private static class DockerSSHLauncher extends SSHLauncher {
        private String user;
        private String privateKey;

        public DockerSSHLauncher(String str, int i, String str2, String str3, String str4, String str5, String str6, String str7, Integer num) {
            super(str, i, "InstanceIdentity", str4, str5, str6, str7, num);
            this.user = str2;
            this.privateKey = str3;
        }

        public StandardUsernameCredentials getCredentials() {
            return new BasicSSHUserPrivateKey(CredentialsScope.SYSTEM, "InstanceIdentity", this.user, new BasicSSHUserPrivateKey.DirectEntryPrivateKeySource(this.privateKey), (String) null, "private key for docker ssh agent");
        }
    }

    /* loaded from: input_file:io/jenkins/docker/connector/DockerComputerSSHConnector$InjectSSHKey.class */
    public static class InjectSSHKey extends SSHKeyStrategy {
        private final String user;

        @Extension
        /* loaded from: input_file:io/jenkins/docker/connector/DockerComputerSSHConnector$InjectSSHKey$DescriptorImpl.class */
        public static final class DescriptorImpl extends Descriptor<SSHKeyStrategy> {
            @Nonnull
            public String getDisplayName() {
                return "Inject SSH key";
            }
        }

        @DataBoundConstructor
        public InjectSSHKey(String str) {
            this.user = str;
        }

        @Override // io.jenkins.docker.connector.DockerComputerSSHConnector.SSHKeyStrategy
        public String getUser() {
            return this.user;
        }

        @Override // io.jenkins.docker.connector.DockerComputerSSHConnector.SSHKeyStrategy
        public ComputerLauncher getSSHLauncher(InetSocketAddress inetSocketAddress, DockerComputerSSHConnector dockerComputerSSHConnector) throws IOException {
            return new DockerSSHLauncher(inetSocketAddress.getHostString(), inetSocketAddress.getPort(), this.user, PEMEncodable.create(InstanceIdentity.get().getPrivate()).encode(), dockerComputerSSHConnector.jvmOptions, dockerComputerSSHConnector.javaPath, dockerComputerSSHConnector.prefixStartSlaveCmd, dockerComputerSSHConnector.suffixStartSlaveCmd, dockerComputerSSHConnector.launchTimeoutSeconds);
        }

        @Override // io.jenkins.docker.connector.DockerComputerSSHConnector.SSHKeyStrategy
        public String getInjectedKey() throws IOException {
            RSAPublicKey rSAPublicKey = InstanceIdentity.get().getPublic();
            return "ssh-rsa " + Base64.encode(RSASHA1Verify.encodeSSHRSAPublicKey(new com.trilead.ssh2.signature.RSAPublicKey(rSAPublicKey.getPublicExponent(), rSAPublicKey.getModulus())));
        }
    }

    /* loaded from: input_file:io/jenkins/docker/connector/DockerComputerSSHConnector$ManuallyConfiguredSSHKey.class */
    public static class ManuallyConfiguredSSHKey extends SSHKeyStrategy {
        private final String credentialsId;

        @Extension
        /* loaded from: input_file:io/jenkins/docker/connector/DockerComputerSSHConnector$ManuallyConfiguredSSHKey$DescriptorImpl.class */
        public static final class DescriptorImpl extends Descriptor<SSHKeyStrategy> {
            @Nonnull
            public String getDisplayName() {
                return "Use configured SSH credentials";
            }

            public ListBoxModel doFillCredentialsIdItems(@AncestorInPath ItemGroup itemGroup) {
                return DockerTemplateBase.DescriptorImpl.doFillCredentialsIdItems(itemGroup);
            }
        }

        @DataBoundConstructor
        public ManuallyConfiguredSSHKey(String str) {
            this.credentialsId = str;
        }

        public String getCredentialsId() {
            return this.credentialsId;
        }

        @Override // io.jenkins.docker.connector.DockerComputerSSHConnector.SSHKeyStrategy
        public String getUser() {
            return SSHLauncher.lookupSystemCredentials(this.credentialsId).getUsername();
        }

        @Override // io.jenkins.docker.connector.DockerComputerSSHConnector.SSHKeyStrategy
        public ComputerLauncher getSSHLauncher(InetSocketAddress inetSocketAddress, DockerComputerSSHConnector dockerComputerSSHConnector) throws IOException {
            return new SSHLauncher(inetSocketAddress.getHostString(), inetSocketAddress.getPort(), getCredentialsId(), dockerComputerSSHConnector.jvmOptions, dockerComputerSSHConnector.javaPath, dockerComputerSSHConnector.prefixStartSlaveCmd, dockerComputerSSHConnector.suffixStartSlaveCmd, dockerComputerSSHConnector.launchTimeoutSeconds);
        }

        @Override // io.jenkins.docker.connector.DockerComputerSSHConnector.SSHKeyStrategy
        public String getInjectedKey() throws IOException {
            return null;
        }
    }

    /* loaded from: input_file:io/jenkins/docker/connector/DockerComputerSSHConnector$SSHKeyStrategy.class */
    public static abstract class SSHKeyStrategy extends AbstractDescribableImpl<SSHKeyStrategy> {
        public abstract String getInjectedKey() throws IOException;

        public abstract String getUser();

        public abstract ComputerLauncher getSSHLauncher(InetSocketAddress inetSocketAddress, DockerComputerSSHConnector dockerComputerSSHConnector) throws IOException;
    }

    @DataBoundConstructor
    public DockerComputerSSHConnector(SSHKeyStrategy sSHKeyStrategy) {
        this.sshKeyStrategy = sSHKeyStrategy;
    }

    public SSHKeyStrategy getSshKeyStrategy() {
        return this.sshKeyStrategy;
    }

    public int getPort() {
        return this.port;
    }

    @DataBoundSetter
    public void setPort(int i) {
        this.port = i;
    }

    public String getJvmOptions() {
        return this.jvmOptions;
    }

    @DataBoundSetter
    public void setJvmOptions(String str) {
        this.jvmOptions = str;
    }

    public String getJavaPath() {
        return this.javaPath;
    }

    @DataBoundSetter
    public void setJavaPath(String str) {
        this.javaPath = str;
    }

    public String getPrefixStartSlaveCmd() {
        return this.prefixStartSlaveCmd;
    }

    @DataBoundSetter
    public void setPrefixStartSlaveCmd(String str) {
        this.prefixStartSlaveCmd = str;
    }

    public String getSuffixStartSlaveCmd() {
        return this.suffixStartSlaveCmd;
    }

    @DataBoundSetter
    public void setSuffixStartSlaveCmd(String str) {
        this.suffixStartSlaveCmd = str;
    }

    public Integer getLaunchTimeoutSeconds() {
        return this.launchTimeoutSeconds;
    }

    @DataBoundSetter
    public void setLaunchTimeoutSeconds(Integer num) {
        this.launchTimeoutSeconds = num;
    }

    @Override // io.jenkins.docker.connector.DockerComputerConnector
    public void beforeContainerCreated(DockerCloud dockerCloud, DockerTemplate dockerTemplate, CreateContainerCmd createContainerCmd) throws IOException, InterruptedException {
        if (createContainerCmd.getCmd() == null || createContainerCmd.getCmd().length == 0) {
            if (this.sshKeyStrategy.getInjectedKey() != null) {
                createContainerCmd.withCmd(new String[]{"/usr/sbin/sshd", "-D", "-p", String.valueOf(this.port), "-o", "AuthorizedKeysCommand /root/authorized_key", "-o", "AuthorizedKeysCommandUser root"});
            } else {
                createContainerCmd.withCmd(new String[]{"/usr/sbin/sshd", "-D", "-p", String.valueOf(this.port)});
            }
        }
        createContainerCmd.withPortSpecs(new String[]{this.port + "/tcp"});
        createContainerCmd.withPortBindings(new PortBinding[]{PortBinding.parse(":" + this.port)});
        createContainerCmd.withExposedPorts(new ExposedPort[]{ExposedPort.parse(this.port + "/tcp")});
    }

    /* JADX WARN: Finally extract failed */
    @Override // io.jenkins.docker.connector.DockerComputerConnector
    public void beforeContainerStarted(DockerCloud dockerCloud, DockerTemplate dockerTemplate, String str) throws IOException, InterruptedException {
        String injectedKey = this.sshKeyStrategy.getInjectedKey();
        if (injectedKey != null) {
            String str2 = "#!/bin/sh\n[ \"$1\" = \"" + this.sshKeyStrategy.getUser() + "\" ] && echo '" + injectedKey + "'|| :";
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            Throwable th = null;
            try {
                TarArchiveOutputStream tarArchiveOutputStream = new TarArchiveOutputStream(byteArrayOutputStream);
                Throwable th2 = null;
                try {
                    TarArchiveEntry tarArchiveEntry = new TarArchiveEntry("authorized_key");
                    tarArchiveEntry.setSize(str2.getBytes().length);
                    tarArchiveEntry.setMode(448);
                    tarArchiveOutputStream.putArchiveEntry(tarArchiveEntry);
                    tarArchiveOutputStream.write(str2.getBytes());
                    tarArchiveOutputStream.closeArchiveEntry();
                    tarArchiveOutputStream.close();
                    ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(byteArrayOutputStream.toByteArray());
                    Throwable th3 = null;
                    try {
                        try {
                            dockerCloud.getClient().copyArchiveToContainerCmd(str).withTarInputStream(byteArrayInputStream).withRemotePath("/root").exec();
                            if (byteArrayInputStream != null) {
                                if (0 != 0) {
                                    try {
                                        byteArrayInputStream.close();
                                    } catch (Throwable th4) {
                                        th3.addSuppressed(th4);
                                    }
                                } else {
                                    byteArrayInputStream.close();
                                }
                            }
                            if (tarArchiveOutputStream != null) {
                                if (0 != 0) {
                                    try {
                                        tarArchiveOutputStream.close();
                                    } catch (Throwable th5) {
                                        th2.addSuppressed(th5);
                                    }
                                } else {
                                    tarArchiveOutputStream.close();
                                }
                            }
                            if (byteArrayOutputStream != null) {
                                if (0 == 0) {
                                    byteArrayOutputStream.close();
                                    return;
                                }
                                try {
                                    byteArrayOutputStream.close();
                                } catch (Throwable th6) {
                                    th.addSuppressed(th6);
                                }
                            }
                        } catch (Throwable th7) {
                            th3 = th7;
                            throw th7;
                        }
                    } catch (Throwable th8) {
                        if (byteArrayInputStream != null) {
                            if (th3 != null) {
                                try {
                                    byteArrayInputStream.close();
                                } catch (Throwable th9) {
                                    th3.addSuppressed(th9);
                                }
                            } else {
                                byteArrayInputStream.close();
                            }
                        }
                        throw th8;
                    }
                } catch (Throwable th10) {
                    if (tarArchiveOutputStream != null) {
                        if (0 != 0) {
                            try {
                                tarArchiveOutputStream.close();
                            } catch (Throwable th11) {
                                th2.addSuppressed(th11);
                            }
                        } else {
                            tarArchiveOutputStream.close();
                        }
                    }
                    throw th10;
                }
            } catch (Throwable th12) {
                if (byteArrayOutputStream != null) {
                    if (0 != 0) {
                        try {
                            byteArrayOutputStream.close();
                        } catch (Throwable th13) {
                            th.addSuppressed(th13);
                        }
                    } else {
                        byteArrayOutputStream.close();
                    }
                }
                throw th12;
            }
        }
    }

    @Override // io.jenkins.docker.connector.DockerComputerConnector
    protected ComputerLauncher launch(DockerCloud dockerCloud, DockerTemplate dockerTemplate, InspectContainerResponse inspectContainerResponse, TaskListener taskListener) throws IOException, InterruptedException {
        if ("exited".equals(inspectContainerResponse.getState().getStatus())) {
            LOGGER.error("Failed to launch docker SSH agent :" + inspectContainerResponse.getState().getExitCode());
            throw new IOException("Failed to launch docker SSH agent. Container exited with status " + inspectContainerResponse.getState().getExitCode());
        }
        LOGGER.debug("container created {}", inspectContainerResponse);
        InetSocketAddress bindingForPort = getBindingForPort(dockerCloud, inspectContainerResponse, this.port);
        PortUtils.ConnectionCheck withEveryRetryWaitFor = PortUtils.connectionCheck(bindingForPort).withRetries(30).withEveryRetryWaitFor(2, TimeUnit.SECONDS);
        if (withEveryRetryWaitFor.execute() && withEveryRetryWaitFor.useSSH().execute()) {
            return this.sshKeyStrategy.getSSHLauncher(bindingForPort, this);
        }
        throw new IOException("SSH service didn't started after 60s.");
    }

    private InetSocketAddress getBindingForPort(DockerCloud dockerCloud, InspectContainerResponse inspectContainerResponse, int i) {
        ExposedPort exposedPort = new ExposedPort(i);
        String str = null;
        Integer num = 22;
        NetworkSettings networkSettings = inspectContainerResponse.getNetworkSettings();
        for (Ports.Binding binding : (Ports.Binding[]) networkSettings.getPorts().getBindings().get(exposedPort)) {
            num = Integer.valueOf(binding.getHostPortSpec());
            str = binding.getHostIp();
        }
        if (str == null || str.equals("0.0.0.0")) {
            String uri = dockerCloud.getDockerHost().getUri();
            str = getDockerHostFromCloud(dockerCloud);
            if (uri.startsWith("unix") && (str == null || str.trim().isEmpty())) {
                str = "0.0.0.0";
            } else if (str == null || str.equals("0.0.0.0")) {
                str = networkSettings.getIpAddress();
                num = Integer.valueOf(i);
            }
        }
        return new InetSocketAddress(str, num.intValue());
    }

    private String getDockerHostFromCloud(DockerCloud dockerCloud) {
        String uri = dockerCloud.getDockerHost().getUri();
        String dockerHostname = dockerCloud.getDockerHostname();
        if (dockerHostname != null && !dockerHostname.trim().isEmpty()) {
            return dockerHostname;
        }
        URI create = URI.create(uri);
        if (create.getScheme().equals("unix")) {
            return null;
        }
        return create.getHost();
    }
}
