package com.neuvector;

import com.github.packageurl.PackageURL;
import com.google.gson.Gson;
import com.neuvector.model.Image;
import com.neuvector.model.NVScanner;
import com.neuvector.model.Registry;
import com.neuvector.model.ScanRepoReportData;
import groovy.util.ObjectGraphBuilder;
import java.io.BufferedReader;
import java.io.File;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Paths;
import java.nio.file.attribute.FileOwnerAttributeView;
import java.nio.file.attribute.UserPrincipal;
import java.util.Random;
import java.util.stream.Stream;
import org.apache.commons.lang3.StringUtils;
import org.eclipse.jgit.lib.ConfigConstants;
import org.eclipse.jgit.transport.WalkEncryption;
import org.slf4j.shaded.Logger;

/* loaded from: input_file:com/neuvector/Scanner.class */
public class Scanner {
    private static final String SOCKET_MAPPING = "/var/run/docker.sock:/var/run/docker.sock";
    private static final String CONTAINER_PATH = "/var/neuvector";
    private static final String SCAN_REPORT = "scan_result.json";

    public static ScanRepoReportData scanRegistry(Registry registry, NVScanner nVScanner, String str, Boolean bool) {
        ScanRepoReportData runScan;
        String pullDockerImage = (registry == null || nVScanner == null) ? "The Registry and nvScanner can't be null." : pullDockerImage(nVScanner);
        if (pullDockerImage.length() > 0) {
            runScan = new ScanRepoReportData();
            runScan.setError_message(pullDockerImage);
        } else {
            DockerRunCommandBuilder dockerRunCommandBuilder = new DockerRunCommandBuilder();
            dockerRunCommandBuilder.withUserAndGroup(getDockerUserGroupCmdArg(getScanReportPath(nVScanner.getNvMountPath()))).withName(generateScannerName()).withVolume(SOCKET_MAPPING).withVolume(getMountPath(nVScanner)).withEnvironment("SCANNER_REPOSITORY=" + registry.getRepository()).withEnvironment("SCANNER_TAG=" + registry.getRepositoryTag()).withEnvironment("SCANNER_LICENSE=" + str).withEnvironment("SCANNER_REGISTRY=" + registry.getRegistryURL());
            if (bool.booleanValue()) {
                dockerRunCommandBuilder.withEnvironment("SCANNER_SCAN_LAYERS=true");
            }
            if (registry.getLoginUser() != null || registry.getLoginPassword() != null) {
                dockerRunCommandBuilder.withEnvironment("SCANNER_REGISTRY_USERNAME=" + registry.getLoginUser()).withEnvironment("SCANNER_REGISTRY_PASSWORD=" + registry.getLoginPassword());
            }
            runScan = runScan(dockerRunCommandBuilder.buildForImage(getNVImagePath(nVScanner.getNvScannerImage(), nVScanner.getNvRegistryURL())), nVScanner, new String[]{registry.getLoginPassword(), str});
        }
        return runScan;
    }

    public static ScanRepoReportData scanRegistry(Registry registry, NVScanner nVScanner, String str) {
        return scanRegistry(registry, nVScanner, str, false);
    }

    public static ScanRepoReportData scanLocalImage(Image image, NVScanner nVScanner, String str, Boolean bool) {
        ScanRepoReportData runScan;
        String pullDockerImage = (image == null || nVScanner == null) ? "The image and nvScanner can't be null." : pullDockerImage(nVScanner);
        if (pullDockerImage.length() > 0) {
            runScan = new ScanRepoReportData();
            runScan.setError_message(pullDockerImage);
        } else {
            String[] strArr = {str};
            DockerRunCommandBuilder dockerRunCommandBuilder = new DockerRunCommandBuilder();
            dockerRunCommandBuilder.withUserAndGroup(getDockerUserGroupCmdArg(getScanReportPath(nVScanner.getNvMountPath()))).withName(generateScannerName()).withVolume(SOCKET_MAPPING).withVolume(getMountPath(nVScanner)).withEnvironment("SCANNER_REPOSITORY=" + image.getImageName()).withEnvironment("SCANNER_TAG=" + image.getImageTag()).withEnvironment("SCANNER_LICENSE=" + str);
            if (bool.booleanValue()) {
                dockerRunCommandBuilder.withEnvironment("SCANNER_SCAN_LAYERS=true");
            }
            runScan = runScan(dockerRunCommandBuilder.buildForImage(getNVImagePath(nVScanner.getNvScannerImage(), nVScanner.getNvRegistryURL())), nVScanner, strArr);
        }
        return runScan;
    }

    public static ScanRepoReportData scanLocalImage(Image image, NVScanner nVScanner, String str) {
        return scanLocalImage(image, nVScanner, str, false);
    }

    private static String pullDockerImage(NVScanner nVScanner) {
        String runCMD;
        String nvRegistryURL = nVScanner.getNvRegistryURL();
        String nvRegistryUser = nVScanner.getNvRegistryUser();
        String nvRegistryPassword = nVScanner.getNvRegistryPassword();
        String nvScannerImage = nVScanner.getNvScannerImage();
        Logger log = nVScanner.getLog();
        if (nvRegistryURL == null) {
            nvRegistryURL = "";
        }
        if (nvRegistryUser == null) {
            nvRegistryUser = "";
        }
        if (nvRegistryPassword == null) {
            nvRegistryPassword = "";
        }
        if (nvRegistryURL.isEmpty() && nvRegistryUser.isEmpty() && nvRegistryPassword.isEmpty()) {
            return "";
        }
        if (nvRegistryUser.equals("") || nvRegistryPassword.equals("")) {
            runCMD = runCMD(new String[]{PackageURL.StandardTypes.DOCKER, ConfigConstants.CONFIG_PULL_SECTION, getNVImagePath(nvScannerImage, nvRegistryURL)}, log);
        } else {
            runCMD = runCMD(new String[]{PackageURL.StandardTypes.DOCKER, "login", "-u", nvRegistryUser, "-p", nvRegistryPassword, nvRegistryURL}, log);
            if (runCMD.length() == 0) {
                runCMD(new String[]{PackageURL.StandardTypes.DOCKER, ConfigConstants.CONFIG_PULL_SECTION, getNVImagePath(nvScannerImage, nvRegistryURL)}, log);
                runCMD = runCMD(new String[]{PackageURL.StandardTypes.DOCKER, "logout"}, log);
            }
        }
        if (!runCMD.isEmpty() && !nvRegistryPassword.isEmpty()) {
            runCMD = maskCredential(runCMD, nvRegistryPassword);
        }
        return runCMD;
    }

    private static String getNVImagePath(String str, String str2) {
        String str3;
        if (str2.isEmpty()) {
            str3 = str;
        } else {
            String str4 = str2.contains("//") ? str2.split("//")[1] : str2;
            str3 = str2.endsWith("/") ? str4 + str : str4 + "/" + str;
        }
        return str3;
    }

    private static ScanRepoReportData parseScanReport(String str) {
        ScanRepoReportData scanRepoReportData;
        StringBuilder sb = new StringBuilder();
        String str2 = null;
        try {
            Stream<String> lines = Files.lines(Paths.get(str, new String[0]), StandardCharsets.UTF_8);
            Throwable th = null;
            try {
                try {
                    lines.forEach(str3 -> {
                        sb.append(str3).append(StringUtils.LF);
                    });
                    if (lines != null) {
                        if (0 != 0) {
                            try {
                                lines.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            lines.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            str2 = e.getMessage();
        }
        if (str2 != null) {
            scanRepoReportData = new ScanRepoReportData();
            scanRepoReportData.setError_message(str2);
        } else {
            scanRepoReportData = (ScanRepoReportData) new Gson().fromJson(sb.toString(), ScanRepoReportData.class);
        }
        return scanRepoReportData;
    }

    private static String runCMD(String[] strArr, Logger logger) {
        String message;
        try {
            Process exec = Runtime.getRuntime().exec(strArr);
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(exec.getInputStream()));
            BufferedReader bufferedReader2 = new BufferedReader(new InputStreamReader(exec.getErrorStream()));
            StringBuilder sb = new StringBuilder(String.join(" ", strArr));
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                }
                if (logger != null) {
                    logger.info(readLine);
                }
                sb.append(readLine);
            }
            while (true) {
                String readLine2 = bufferedReader2.readLine();
                if (readLine2 == null) {
                    break;
                }
                if (logger != null) {
                    logger.error(readLine2);
                }
                sb.append(readLine2);
            }
            message = exec.waitFor() != 0 ? sb.toString() : "";
        } catch (IOException e) {
            message = e.getMessage();
        } catch (InterruptedException e2) {
            message = e2.getMessage();
        }
        return message;
    }

    private static ScanRepoReportData runScan(String[] strArr, NVScanner nVScanner, String[] strArr2) {
        ScanRepoReportData parseScanReport;
        String runCMD = runCMD(strArr, nVScanner.getLog());
        if (runCMD.length() > 0) {
            for (String str : strArr2) {
                if (!str.isEmpty()) {
                    runCMD = maskCredential(runCMD, str);
                }
            }
            parseScanReport = new ScanRepoReportData();
            parseScanReport.setError_message(runCMD);
        } else {
            parseScanReport = parseScanReport(getScanReportPath(nVScanner.getNvMountPath()));
        }
        return parseScanReport;
    }

    private static String getMountPath(NVScanner nVScanner) {
        String str;
        String nvMountPath = nVScanner.getNvMountPath();
        if (nvMountPath == null || nvMountPath.length() <= 0) {
            str = CONTAINER_PATH + ":/var/neuvector";
        } else {
            if (nvMountPath.charAt(nvMountPath.length() - 1) == '/') {
                nvMountPath = nvMountPath.substring(0, nvMountPath.length() - 1);
            }
            str = nvMountPath + ":/var/neuvector";
        }
        return str;
    }

    private static String getScanReportPath(String str) {
        return (str == null || str.length() == 0) ? "/var/neuvector/scan_result.json" : removeLastSlash(str) + "/" + SCAN_REPORT;
    }

    private static String removeLastSlash(String str) {
        return (str == null || str.length() <= 0 || str.charAt(str.length() - 1) != '/') ? str : str.substring(0, str.length() - 1);
    }

    private static String generateScannerName() {
        StringBuilder sb = new StringBuilder();
        Random random = new Random();
        while (sb.length() < 6) {
            sb.append("ABCDEFGHIJKLMNOPQRSTUVWXYZ".charAt((int) (random.nextFloat() * "ABCDEFGHIJKLMNOPQRSTUVWXYZ".length())));
        }
        return sb.toString();
    }

    private static String maskCredential(String str, String str2) {
        return str.replace(str2, "******");
    }

    static String getDockerUserGroupCmdArg(String str) {
        Boolean ownedByRoot = ownedByRoot(str);
        if (ownedByRoot != null && ownedByRoot.booleanValue()) {
            return null;
        }
        String str2 = null;
        String executeCommand = executeCommand("id -u");
        if (executeCommand != null && !executeCommand.isEmpty()) {
            if (WalkEncryption.Vals.DEFAULT_VERS.equals(executeCommand)) {
                return null;
            }
            String executeCommand2 = executeCommand("stat -c '%g' /var/run/docker.sock");
            if (executeCommand2 != null && !executeCommand2.isEmpty()) {
                str2 = executeCommand + ":" + executeCommand2.replace("'", "");
            }
        }
        return str2;
    }

    private static Boolean ownedByRoot(String str) {
        try {
            return Boolean.valueOf(scanResultsFileExist(str) && ObjectGraphBuilder.CLASSNAME_RESOLVER_REFLECTION_ROOT.equals(getUserPrincipal(str, new File(str)).getName()));
        } catch (IOException e) {
            return null;
        }
    }

    private static String executeCommand(String str) {
        StringBuilder sb = new StringBuilder();
        try {
            getExecValueFromBuffer(sb, Runtime.getRuntime().exec(str));
            return sb.toString();
        } catch (Exception e) {
            return null;
        }
    }

    private static void getExecValueFromBuffer(StringBuilder sb, Process process) throws IOException, InterruptedException {
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(process.getInputStream()));
        Throwable th = null;
        while (true) {
            try {
                try {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        break;
                    } else {
                        sb.append(readLine);
                    }
                } catch (Throwable th2) {
                    th = th2;
                    throw th2;
                }
            } catch (Throwable th3) {
                if (bufferedReader != null) {
                    if (th != null) {
                        try {
                            bufferedReader.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        bufferedReader.close();
                    }
                }
                throw th3;
            }
        }
        process.waitFor();
        if (bufferedReader != null) {
            if (0 == 0) {
                bufferedReader.close();
                return;
            }
            try {
                bufferedReader.close();
            } catch (Throwable th5) {
                th.addSuppressed(th5);
            }
        }
    }

    private static boolean scanResultsFileExist(String str) {
        return new File(str).exists();
    }

    private static UserPrincipal getUserPrincipal(String str, File file) throws IOException {
        UserPrincipal userPrincipal = null;
        if (file.exists()) {
            userPrincipal = ((FileOwnerAttributeView) Files.getFileAttributeView(Paths.get(str, new String[0]), FileOwnerAttributeView.class, new LinkOption[0])).getOwner();
        }
        return userPrincipal;
    }

    public static String deleteDockerImagesByLabelKey(String str) {
        return runCMD(new String[]{PackageURL.StandardTypes.DOCKER, "image", ConfigConstants.CONFIG_KEY_PRUNE, "--force", "--filter=label=".concat(str)}, null);
    }
}
