package org.jenkinsci.plugins.kubernetes.cli.kubeconfig;

import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.common.StandardCertificateCredentials;
import com.cloudbees.plugins.credentials.common.StandardCredentials;
import com.cloudbees.plugins.credentials.common.UsernamePasswordCredentials;
import com.google.common.collect.Sets;
import hudson.AbortException;
import hudson.FilePath;
import hudson.Launcher;
import hudson.model.Run;
import hudson.util.QuotedStringTokenizer;
import hudson.util.Secret;
import java.io.IOException;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import javax.annotation.Nonnull;
import org.apache.commons.lang.StringUtils;
import org.jenkinsci.plugins.kubernetes.credentials.TokenProducer;
import org.jenkinsci.plugins.plaincredentials.StringCredentials;

/* loaded from: input_file:WEB-INF/lib/kubernetes-cli.jar:org/jenkinsci/plugins/kubernetes/cli/kubeconfig/KubeConfigWriter.class */
public class KubeConfigWriter {
    public static final String ENV_VARIABLE_NAME = "KUBECONFIG";
    private static final String KUBECTL_BINARY = "kubectl";
    private static final String USERNAME = "cluster-admin";
    private static final String CONTEXTNAME = "k8s";
    private static final String CLUSTERNAME = "k8s";
    private final String serverUrl;
    private final String credentialsId;
    private final String caCertificate;
    private final FilePath workspace;
    private final Launcher launcher;
    private final Run<?, ?> build;

    public KubeConfigWriter(@Nonnull String str, @Nonnull String str2, @Nonnull String str3, FilePath filePath, Launcher launcher, Run<?, ?> run) {
        this.serverUrl = str;
        this.credentialsId = str2;
        this.caCertificate = str3;
        this.workspace = filePath;
        this.launcher = launcher;
        this.build = run;
    }

    public String writeKubeConfig() throws IOException, InterruptedException {
        if (!this.workspace.exists()) {
            this.launcher.getListener().getLogger().println("creating missing workspace to write kubeconfig");
            this.workspace.mkdirs();
        }
        FilePath createTempFile = this.workspace.createTempFile(".kube", "config");
        setCluster(createTempFile.getRemote());
        setCredentials(createTempFile.getRemote());
        setContext(createTempFile.getRemote());
        return createTempFile.getRemote();
    }

    private void setCluster(String str) throws IOException, InterruptedException {
        String str2;
        HashSet newHashSet = Sets.newHashSet();
        if (this.caCertificate == null || this.caCertificate.isEmpty()) {
            str2 = " --insecure-skip-tls-verify=true";
        } else {
            FilePath createTempFile = this.workspace.createTempFile("cert-auth", "crt");
            createTempFile.write(CertificateHelper.wrapCertificate(this.caCertificate), (String) null);
            newHashSet.add(createTempFile.getRemote());
            str2 = " --embed-certs=true --certificate-authority=" + createTempFile.getRemote();
        }
        try {
            int join = this.launcher.launch().envs(new String[]{String.format("KUBECONFIG=%s", str)}).cmdAsSingleString(String.format("%s config set-cluster %s --server=%s %s", KUBECTL_BINARY, "k8s", this.serverUrl, str2)).stdout(this.launcher.getListener()).join();
            if (join != 0) {
                throw new IOException("Failed to add kubectl cluster (exit code  " + join + ")");
            }
        } finally {
            Iterator it = newHashSet.iterator();
            while (it.hasNext()) {
                this.workspace.child((String) it.next()).delete();
            }
        }
    }

    private void setCredentials(String str) throws IOException, InterruptedException {
        String str2;
        HashSet newHashSet = Sets.newHashSet();
        TokenProducer credentials = getCredentials(this.build);
        int i = 1;
        if (credentials == null) {
            throw new AbortException("No credentials defined to setup Kubernetes CLI");
        }
        if (credentials instanceof TokenProducer) {
            str2 = "--token=\"" + credentials.getToken(this.serverUrl, (String) null, true) + "\"";
        } else if (credentials instanceof StringCredentials) {
            str2 = "--token=\"" + ((StringCredentials) credentials).getSecret() + "\"";
        } else if (credentials instanceof UsernamePasswordCredentials) {
            UsernamePasswordCredentials usernamePasswordCredentials = (UsernamePasswordCredentials) credentials;
            str2 = "--username=\"" + usernamePasswordCredentials.getUsername() + "\" --password=\"" + Secret.toString(usernamePasswordCredentials.getPassword()) + "\"";
        } else {
            if (!(credentials instanceof StandardCertificateCredentials)) {
                throw new AbortException("Unsupported Credentials type " + credentials.getClass().getName());
            }
            i = 0;
            FilePath createTempFile = this.workspace.createTempFile("client", "crt");
            FilePath createTempFile2 = this.workspace.createTempFile("client", "key");
            CertificateHelper.extractFromCertificate((StandardCertificateCredentials) credentials, createTempFile, createTempFile2);
            newHashSet.add(createTempFile.getRemote());
            newHashSet.add(createTempFile2.getRemote());
            str2 = "--embed-certs=true --client-certificate=" + createTempFile.getRemote() + " --client-key=" + createTempFile2.getRemote();
        }
        String[] strArr = QuotedStringTokenizer.tokenize(String.format("%s config set-credentials %s %s", KUBECTL_BINARY, USERNAME, str2));
        int join = this.launcher.launch().envs(new String[]{String.format("KUBECONFIG=%s", str)}).cmds(strArr).masks(getMasks(strArr.length, i)).stdout(this.launcher.getListener()).join();
        if (join != 0) {
            throw new IOException("Failed to add kubectl credentials (exit code  " + join + ")");
        }
        Iterator it = newHashSet.iterator();
        while (it.hasNext()) {
            this.workspace.child((String) it.next()).delete();
        }
    }

    private void setContext(String str) throws IOException, InterruptedException {
        int join = this.launcher.launch().envs(new String[]{String.format("KUBECONFIG=%s", str)}).cmdAsSingleString(String.format("%s config set-context %s --cluster=%s --user=%s", KUBECTL_BINARY, "k8s", "k8s", USERNAME)).stdout(this.launcher.getListener()).join();
        if (join != 0) {
            throw new IOException("Failed to add kubectl context (exit code  " + join + ")");
        }
        int join2 = this.launcher.launch().envs(new String[]{String.format("KUBECONFIG=%s", str)}).cmdAsSingleString(String.format("%s config use-context %s", KUBECTL_BINARY, "k8s")).stdout(this.launcher.getListener()).join();
        if (join2 != 0) {
            throw new IOException("Failed to set kubectl current context (exit code  " + join2 + ")");
        }
    }

    private boolean[] getMasks(int i, int i2) {
        boolean[] zArr = new boolean[i];
        for (int i3 = 0; i3 < i2; i3++) {
            zArr[(zArr.length - 1) - i3] = true;
        }
        return zArr;
    }

    private StandardCredentials getCredentials(Run<?, ?> run) throws AbortException {
        if (StringUtils.isBlank(this.credentialsId)) {
            return null;
        }
        StandardCredentials findCredentialById = CredentialsProvider.findCredentialById(this.credentialsId, StandardCredentials.class, run, Collections.emptyList());
        if (findCredentialById == null) {
            throw new AbortException("No credentials found for id \"" + this.credentialsId + "\"");
        }
        return findCredentialById;
    }
}
