package org.jenkinsci.plugins.kubernetes.cli.kubeconfig;

import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.common.StandardCertificateCredentials;
import com.cloudbees.plugins.credentials.common.StandardCredentials;
import com.cloudbees.plugins.credentials.common.UsernamePasswordCredentials;
import com.google.common.collect.Sets;
import hudson.AbortException;
import hudson.FilePath;
import hudson.Launcher;
import hudson.model.Run;
import hudson.util.QuotedStringTokenizer;
import hudson.util.Secret;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import javax.annotation.Nonnull;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.jenkinsci.plugins.kubernetes.credentials.TokenProducer;
import org.jenkinsci.plugins.plaincredentials.FileCredentials;
import org.jenkinsci.plugins.plaincredentials.StringCredentials;

/* loaded from: input_file:org/jenkinsci/plugins/kubernetes/cli/kubeconfig/KubeConfigWriter.class */
public class KubeConfigWriter {
    public static final String ENV_VARIABLE_NAME = "KUBECONFIG";
    private static final String KUBECTL_BINARY = "kubectl";
    private static final String USERNAME = "cluster-admin";
    private static final String DEFAULT_CONTEXTNAME = "k8s";
    private static final String CLUSTERNAME = "k8s";
    private final String serverUrl;
    private final String credentialsId;
    private final String caCertificate;
    private final String clusterName;
    private final String contextName;
    private final String namespace;
    private final FilePath workspace;
    private final Launcher launcher;
    private final Run<?, ?> build;

    public KubeConfigWriter(@Nonnull String str, @Nonnull String str2, String str3, String str4, String str5, String str6, FilePath filePath, Launcher launcher, Run<?, ?> run) {
        this.serverUrl = str;
        this.credentialsId = str2;
        this.caCertificate = str3;
        this.workspace = filePath;
        this.launcher = launcher;
        this.build = run;
        this.clusterName = str4;
        this.contextName = str5;
        this.namespace = str6;
    }

    public String writeKubeConfig() throws IOException, InterruptedException {
        if (!this.workspace.exists()) {
            this.launcher.getListener().getLogger().println("creating missing workspace to write kubeconfig");
            this.workspace.mkdirs();
        }
        FilePath createTempFile = this.workspace.createTempFile(".kube", "config");
        StandardCredentials credentials = getCredentials(this.build);
        if (credentials == null) {
            throw new AbortException("No credentials defined to setup Kubernetes CLI");
        }
        if (credentials instanceof FileCredentials) {
            setRawKubeConfig(createTempFile, (FileCredentials) credentials);
            if (wasContextProvided()) {
                useContext(createTempFile.getRemote(), this.contextName);
            }
            if (wasServerUrlProvided()) {
                setCluster(createTempFile.getRemote());
            }
            if (wasClusterProvided()) {
                setContextCluster(createTempFile.getRemote(), this.clusterName);
            } else if (wasServerUrlProvided()) {
                setContextCluster(createTempFile.getRemote(), getClusterNameOrDefault());
            }
            if (wasNamespaceProvided()) {
                setContextNamespace(createTempFile.getRemote(), this.namespace);
            }
        } else {
            setCluster(createTempFile.getRemote());
            setCredentials(createTempFile.getRemote(), credentials);
            if (wasNamespaceProvided()) {
                setFullContext(createTempFile.getRemote(), this.namespace);
            } else {
                setFullContext(createTempFile.getRemote());
            }
            useContext(createTempFile.getRemote(), getContextNameOrDefault());
        }
        return createTempFile.getRemote();
    }

    private void setRawKubeConfig(FilePath filePath, FileCredentials fileCredentials) throws IOException, InterruptedException {
        OutputStream write = filePath.write();
        Throwable th = null;
        try {
            try {
                IOUtils.copy(fileCredentials.getContent(), write);
                if (write != null) {
                    if (0 == 0) {
                        write.close();
                        return;
                    }
                    try {
                        write.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (write != null) {
                if (th != null) {
                    try {
                        write.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    write.close();
                }
            }
            throw th4;
        }
    }

    private void setCluster(String str) throws IOException, InterruptedException {
        String str2;
        HashSet newHashSet = Sets.newHashSet();
        if (this.caCertificate == null || this.caCertificate.isEmpty()) {
            str2 = " --insecure-skip-tls-verify=true";
        } else {
            FilePath createTempFile = this.workspace.createTempFile("cert-auth", "crt");
            createTempFile.write(CertificateHelper.wrapCertificate(this.caCertificate), (String) null);
            newHashSet.add(createTempFile.getRemote());
            str2 = " --embed-certs=true --certificate-authority=" + createTempFile.getRemote();
        }
        try {
            int join = this.launcher.launch().envs(new String[]{String.format("KUBECONFIG=%s", str)}).cmdAsSingleString(String.format("%s config set-cluster %s --server=%s %s", KUBECTL_BINARY, getClusterNameOrDefault(), this.serverUrl, str2)).stdout(this.launcher.getListener()).join();
            if (join != 0) {
                throw new IOException("Failed to add kubectl cluster (exit code  " + join + ")");
            }
        } finally {
            Iterator it = newHashSet.iterator();
            while (it.hasNext()) {
                this.workspace.child((String) it.next()).delete();
            }
        }
    }

    private void setCredentials(String str, StandardCredentials standardCredentials) throws IOException, InterruptedException {
        String str2;
        HashSet newHashSet = Sets.newHashSet();
        int i = 1;
        if (standardCredentials instanceof TokenProducer) {
            str2 = "--token=\"" + ((TokenProducer) standardCredentials).getToken(this.serverUrl, (String) null, true) + "\"";
        } else if (standardCredentials instanceof StringCredentials) {
            str2 = "--token=\"" + ((StringCredentials) standardCredentials).getSecret() + "\"";
        } else if (standardCredentials instanceof UsernamePasswordCredentials) {
            UsernamePasswordCredentials usernamePasswordCredentials = (UsernamePasswordCredentials) standardCredentials;
            str2 = "--username=\"" + usernamePasswordCredentials.getUsername() + "\" --password=\"" + Secret.toString(usernamePasswordCredentials.getPassword()) + "\"";
        } else {
            if (!(standardCredentials instanceof StandardCertificateCredentials)) {
                throw new AbortException("Unsupported Credentials type " + standardCredentials.getClass().getName());
            }
            i = 0;
            FilePath createTempFile = this.workspace.createTempFile("client", "crt");
            FilePath createTempFile2 = this.workspace.createTempFile("client", "key");
            CertificateHelper.extractFromCertificate((StandardCertificateCredentials) standardCredentials, createTempFile, createTempFile2);
            newHashSet.add(createTempFile.getRemote());
            newHashSet.add(createTempFile2.getRemote());
            str2 = "--embed-certs=true --client-certificate=" + createTempFile.getRemote() + " --client-key=" + createTempFile2.getRemote();
        }
        String[] strArr = QuotedStringTokenizer.tokenize(String.format("%s config set-credentials %s %s", KUBECTL_BINARY, USERNAME, str2));
        int join = this.launcher.launch().envs(new String[]{String.format("KUBECONFIG=%s", str)}).cmds(strArr).masks(getMasks(strArr.length, i)).stdout(this.launcher.getListener()).join();
        if (join != 0) {
            throw new IOException("Failed to add kubectl credentials (exit code  " + join + ")");
        }
        Iterator it = newHashSet.iterator();
        while (it.hasNext()) {
            this.workspace.child((String) it.next()).delete();
        }
    }

    private void setFullContext(String str) throws IOException, InterruptedException {
        int join = this.launcher.launch().envs(new String[]{String.format("KUBECONFIG=%s", str)}).cmdAsSingleString(String.format("%s config set-context %s --cluster=%s --user=%s", KUBECTL_BINARY, getContextNameOrDefault(), getClusterNameOrDefault(), USERNAME)).stdout(this.launcher.getListener()).join();
        if (join != 0) {
            throw new IOException("Failed to add kubectl context (exit code  " + join + ")");
        }
    }

    private void setFullContext(String str, String str2) throws IOException, InterruptedException {
        int join = this.launcher.launch().envs(new String[]{String.format("KUBECONFIG=%s", str)}).cmdAsSingleString(String.format("%s config set-context %s --cluster=%s --user=%s --namespace=%s", KUBECTL_BINARY, getContextNameOrDefault(), getClusterNameOrDefault(), USERNAME, str2)).stdout(this.launcher.getListener()).join();
        if (join != 0) {
            throw new IOException("Failed to add kubectl context with namespace (exit code  " + join + ")");
        }
    }

    private void setContextNamespace(String str, String str2) throws IOException, InterruptedException {
        int join = this.launcher.launch().envs(new String[]{String.format("KUBECONFIG=%s", str)}).cmdAsSingleString(String.format("%s config set-context %s --namespace=%s", KUBECTL_BINARY, getCurrentContext(str), str2)).stdout(this.launcher.getListener()).join();
        if (join != 0) {
            throw new IOException("Failed to set kubectl context namespace (exit code  " + join + ")");
        }
    }

    private void setContextCluster(String str, String str2) throws IOException, InterruptedException {
        int join = this.launcher.launch().envs(new String[]{String.format("KUBECONFIG=%s", str)}).cmdAsSingleString(String.format("%s config set-context %s --cluster=%s", KUBECTL_BINARY, getCurrentContext(str), str2)).stdout(this.launcher.getListener()).join();
        if (join != 0) {
            throw new IOException("Failed to set kubectl context cluster (exit code  " + join + ")");
        }
    }

    private String getCurrentContext(String str) throws IOException, InterruptedException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        int join = this.launcher.launch().envs(new String[]{String.format("KUBECONFIG=%s", str)}).cmdAsSingleString(String.format("%s config current-context", KUBECTL_BINARY)).stdout(byteArrayOutputStream).join();
        if (join != 0) {
            throw new IOException("Failed to get kubectl current-context (exit code  " + join + ")");
        }
        return byteArrayOutputStream.toString("UTF-8");
    }

    private void useContext(String str, String str2) throws IOException, InterruptedException {
        int join = this.launcher.launch().envs(new String[]{String.format("KUBECONFIG=%s", str)}).cmdAsSingleString(String.format("%s config use-context %s", KUBECTL_BINARY, str2)).stdout(this.launcher.getListener()).join();
        if (join != 0) {
            throw new IOException("Failed to set kubectl current context (exit code  " + join + ")");
        }
    }

    private boolean[] getMasks(int i, int i2) {
        boolean[] zArr = new boolean[i];
        for (int i3 = 0; i3 < i2; i3++) {
            zArr[(zArr.length - 1) - i3] = true;
        }
        return zArr;
    }

    private StandardCredentials getCredentials(Run<?, ?> run) throws AbortException {
        if (StringUtils.isBlank(this.credentialsId)) {
            return null;
        }
        StandardCredentials findCredentialById = CredentialsProvider.findCredentialById(this.credentialsId, StandardCredentials.class, run, Collections.emptyList());
        if (findCredentialById == null) {
            throw new AbortException("No credentials found for id \"" + this.credentialsId + "\"");
        }
        return findCredentialById;
    }

    private boolean wasContextProvided() {
        return (this.contextName == null || this.contextName.isEmpty()) ? false : true;
    }

    private boolean wasClusterProvided() {
        return (this.clusterName == null || this.clusterName.isEmpty()) ? false : true;
    }

    private boolean wasServerUrlProvided() {
        return (this.serverUrl == null || this.serverUrl.isEmpty()) ? false : true;
    }

    private boolean wasNamespaceProvided() {
        return (this.namespace == null || this.namespace.isEmpty()) ? false : true;
    }

    private String getContextNameOrDefault() {
        return !wasContextProvided() ? "k8s" : this.contextName;
    }

    private String getClusterNameOrDefault() {
        return !wasClusterProvided() ? "k8s" : this.clusterName;
    }
}
