package org.jenkinsci.plugins.kubernetes.cli.kubeconfig;

import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.common.StandardCredentials;
import hudson.AbortException;
import hudson.FilePath;
import hudson.Launcher;
import hudson.model.Run;
import io.fabric8.kubernetes.api.model.Cluster;
import io.fabric8.kubernetes.api.model.ConfigBuilder;
import io.fabric8.kubernetes.api.model.ConfigFluent;
import io.fabric8.kubernetes.api.model.NamedCluster;
import io.fabric8.kubernetes.client.utils.Serialization;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import javax.annotation.Nonnull;
import jenkins.authentication.tokens.api.AuthenticationTokens;
import org.jenkinsci.plugins.kubernetes.auth.KubernetesAuth;
import org.jenkinsci.plugins.kubernetes.auth.KubernetesAuthConfig;
import org.jenkinsci.plugins.kubernetes.auth.KubernetesAuthException;
import org.jenkinsci.plugins.kubernetes.auth.impl.KubernetesAuthKubeconfig;
import org.jenkinsci.plugins.kubernetes.credentials.Utils;

/* loaded from: input_file:org/jenkinsci/plugins/kubernetes/cli/kubeconfig/KubeConfigWriter.class */
public class KubeConfigWriter {
    public static final String ENV_VARIABLE_NAME = "KUBECONFIG";
    private static final String DEFAULT_CONTEXTNAME = "k8s";
    private static final String CLUSTERNAME = "k8s";
    private final String serverUrl;
    private final String credentialsId;
    private final String caCertificate;
    private final String clusterName;
    private final String contextName;
    private final String namespace;
    private final Boolean restrictKubeConfigAccess;
    private final FilePath workspace;
    private final Launcher launcher;
    private final Run<?, ?> build;

    public KubeConfigWriter(@Nonnull String str, String str2, String str3, String str4, String str5, String str6, Boolean bool, FilePath filePath, Launcher launcher, Run<?, ?> run) {
        this.serverUrl = str;
        this.credentialsId = str2;
        this.caCertificate = str3;
        this.workspace = filePath;
        this.launcher = launcher;
        this.build = run;
        this.clusterName = str4;
        this.contextName = str5;
        this.namespace = str6;
        this.restrictKubeConfigAccess = bool;
    }

    private static ConfigBuilder setNamedCluster(ConfigBuilder configBuilder, NamedCluster namedCluster) {
        return (ConfigBuilder) ((ConfigFluent.ClustersNested) existingOrNewCluster(configBuilder, namedCluster.getName()).withName(namedCluster.getName()).editOrNewClusterLike(namedCluster.getCluster()).endCluster()).endCluster();
    }

    private static ConfigBuilder setContextCluster(ConfigBuilder configBuilder, String str, String str2) {
        return (ConfigBuilder) ((ConfigFluent.ContextsNested) existingOrNewContext(configBuilder, str).editOrNewContext().withCluster(str2).endContext()).endContext();
    }

    private static ConfigBuilder setContextNamespace(ConfigBuilder configBuilder, String str, String str2) {
        return (ConfigBuilder) ((ConfigFluent.ContextsNested) existingOrNewContext(configBuilder, str).editOrNewContext().withNamespace(str2).endContext()).endContext();
    }

    private static ConfigBuilder setCurrentContext(ConfigBuilder configBuilder, String str) {
        return configBuilder.withCurrentContext(str);
    }

    private static ConfigFluent.ContextsNested<ConfigBuilder> existingOrNewContext(ConfigBuilder configBuilder, String str) {
        return hasContext(configBuilder, str) ? configBuilder.editMatchingContext(namedContextBuilder -> {
            return str.equals(namedContextBuilder.getName());
        }) : configBuilder.addNewContext().withName(str);
    }

    private static boolean hasContext(ConfigBuilder configBuilder, String str) {
        return configBuilder.hasMatchingContext(namedContextBuilder -> {
            return str.equals(namedContextBuilder.getName());
        }).booleanValue();
    }

    private static ConfigFluent.ClustersNested<ConfigBuilder> existingOrNewCluster(ConfigBuilder configBuilder, String str) {
        return configBuilder.hasMatchingCluster(namedClusterBuilder -> {
            return str.equals(namedClusterBuilder.getName());
        }).booleanValue() ? configBuilder.editMatchingCluster(namedClusterBuilder2 -> {
            return str.equals(namedClusterBuilder2.getName());
        }) : configBuilder.addNewCluster().withName(str);
    }

    public String writeKubeConfig() throws IOException, InterruptedException {
        ConfigBuilder configBuilderInCluster;
        if (this.credentialsId == null || this.credentialsId.isEmpty()) {
            configBuilderInCluster = getConfigBuilderInCluster();
        } else {
            StandardCredentials findCredentialById = CredentialsProvider.findCredentialById(this.credentialsId, StandardCredentials.class, this.build, Collections.emptyList());
            if (findCredentialById == null) {
                throw new AbortException("[kubernetes-cli] unable to find credentials with id '" + this.credentialsId + "'");
            }
            CredentialsProvider.track(this.build, findCredentialById);
            KubernetesAuth kubernetesAuth = (KubernetesAuth) AuthenticationTokens.convert(KubernetesAuth.class, findCredentialById);
            if (kubernetesAuth == null) {
                throw new AbortException("[kubernetes-cli] unsupported credentials type " + findCredentialById.getClass().getName());
            }
            configBuilderInCluster = getConfigBuilderWithAuth(findCredentialById.getId(), kubernetesAuth);
        }
        FilePath tempKubeconfigFilePath = getTempKubeconfigFilePath();
        tempKubeconfigFilePath.write(Serialization.asYaml(configBuilderInCluster.build()), String.valueOf(StandardCharsets.UTF_8));
        if (this.restrictKubeConfigAccess != null && this.restrictKubeConfigAccess.booleanValue()) {
            tempKubeconfigFilePath.chmod(384);
        }
        return tempKubeconfigFilePath.getRemote();
    }

    public ConfigBuilder getConfigBuilderInCluster() throws IOException, InterruptedException {
        return completeConfigBuilder(new ConfigBuilder());
    }

    public ConfigBuilder getConfigBuilderWithAuth(String str, KubernetesAuth kubernetesAuth) throws IOException, InterruptedException {
        try {
            ConfigBuilder buildConfigBuilder = kubernetesAuth.buildConfigBuilder(new KubernetesAuthConfig(getServerUrl(), this.caCertificate, !wasProvided(this.caCertificate)), getContextNameOrDefault(), getClusterNameOrDefault(), str);
            return kubernetesAuth instanceof KubernetesAuthKubeconfig ? completeKubeconfigConfigBuilder(buildConfigBuilder) : completeConfigBuilder(buildConfigBuilder);
        } catch (KubernetesAuthException e) {
            throw new AbortException(e.getMessage());
        }
    }

    private ConfigBuilder completeConfigBuilder(ConfigBuilder configBuilder) throws IOException, InterruptedException {
        ConfigBuilder configBuilder2 = (ConfigBuilder) ((ConfigFluent.ContextsNested) existingOrNewContext(configBuilder, getContextNameOrDefault()).editOrNewContext().endContext()).endContext();
        if (wasProvided(this.namespace)) {
            configBuilder2 = setContextNamespace(configBuilder2, getContextNameOrDefault(), getNamespace());
        }
        return setCurrentContext(configBuilder2, getContextNameOrDefault());
    }

    private ConfigBuilder completeKubeconfigConfigBuilder(ConfigBuilder configBuilder) throws IOException, InterruptedException {
        String currentContext;
        if (wasProvided(this.contextName)) {
            currentContext = getContextName();
            if (!hasContext(configBuilder, currentContext)) {
                this.launcher.getListener().getLogger().printf("[kubernetes-cli] context '%s' doesn't exist in kubeconfig", currentContext);
            }
            configBuilder = setCurrentContext(configBuilder, currentContext);
        } else {
            currentContext = configBuilder.getCurrentContext();
        }
        if (wasProvided(this.serverUrl)) {
            configBuilder = setNamedCluster(configBuilder, buildNamedCluster());
        }
        if (wasProvided(this.serverUrl) || wasProvided(this.clusterName)) {
            configBuilder = setContextCluster(configBuilder, currentContext, getClusterNameOrDefault());
        }
        if (wasProvided(this.namespace)) {
            configBuilder = setContextNamespace(configBuilder, currentContext, getNamespace());
        }
        return configBuilder;
    }

    private NamedCluster buildNamedCluster() throws IOException, InterruptedException {
        Cluster cluster = new Cluster();
        cluster.setServer(getServerUrl());
        if (wasProvided(this.caCertificate)) {
            cluster.setCertificateAuthorityData(Utils.encodeBase64(Utils.wrapCertificate(this.caCertificate)));
        }
        cluster.setInsecureSkipTlsVerify(Boolean.valueOf(!wasProvided(this.caCertificate)));
        NamedCluster namedCluster = new NamedCluster();
        namedCluster.setCluster(cluster);
        namedCluster.setName(getClusterNameOrDefault());
        return namedCluster;
    }

    private boolean wasProvided(String str) {
        return (str == null || str.isEmpty()) ? false : true;
    }

    private String getNamespace() throws IOException, InterruptedException {
        return this.build.getEnvironment(this.launcher.getListener()).expand(this.namespace);
    }

    private String getContextNameOrDefault() throws IOException, InterruptedException {
        return !wasProvided(this.contextName) ? "k8s" : getContextName();
    }

    private String getContextName() throws IOException, InterruptedException {
        return this.build.getEnvironment(this.launcher.getListener()).expand(this.contextName);
    }

    private String getClusterNameOrDefault() throws IOException, InterruptedException {
        return !wasProvided(this.clusterName) ? "k8s" : getClusterName();
    }

    private String getClusterName() throws IOException, InterruptedException {
        return this.build.getEnvironment(this.launcher.getListener()).expand(this.clusterName);
    }

    private String getServerUrl() throws IOException, InterruptedException {
        return this.build.getEnvironment(this.launcher.getListener()).expand(this.serverUrl);
    }

    private FilePath getTempKubeconfigFilePath() throws IOException, InterruptedException {
        if (!this.workspace.exists()) {
            this.launcher.getListener().getLogger().println("[kubernetes-cli] creating missing workspace to write temporary kubeconfig");
            this.workspace.mkdirs();
        }
        return this.workspace.createTempFile(".kube", "config");
    }
}
