package org.jenkinsci.plugins.azurekeyvaultplugin;

import com.azure.core.credential.TokenCredential;
import com.azure.identity.ClientSecretCredential;
import com.azure.identity.ClientSecretCredentialBuilder;
import com.azure.identity.ManagedIdentityCredentialBuilder;
import com.azure.security.keyvault.secrets.SecretClient;
import com.azure.security.keyvault.secrets.models.KeyVaultSecret;
import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.SystemCredentialsProvider;
import com.cloudbees.plugins.credentials.common.IdCredentials;
import com.cloudbees.plugins.credentials.domains.DomainCredentials;
import com.cloudbees.plugins.credentials.domains.DomainRequirement;
import com.microsoft.azure.util.AzureCredentials;
import com.microsoft.azure.util.AzureImdsCredentials;
import hudson.model.Run;
import java.util.Collections;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.annotation.CheckForNull;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:WEB-INF/lib/azure-keyvault.jar:org/jenkinsci/plugins/azurekeyvaultplugin/AzureKeyVaultCredentialRetriever.class */
public class AzureKeyVaultCredentialRetriever {
    private static final Logger LOGGER = Logger.getLogger(AzureKeyVaultStep.class.getName());

    @CheckForNull
    public static TokenCredential getCredentialById(String str, Run<?, ?> run) {
        ClientSecretCredential clientSecretCredential = null;
        AzureCredentials findCredentialById = CredentialsProvider.findCredentialById(str, IdCredentials.class, run, new DomainRequirement[0]);
        if (findCredentialById == null) {
            throw new AzureKeyVaultException(String.format("Credential: %s was not found", str));
        }
        if (findCredentialById instanceof AzureCredentials) {
            LOGGER.log(Level.FINE, String.format("Fetched %s as AzureCredentials", str));
            CredentialsProvider.track(run, findCredentialById);
            AzureCredentials azureCredentials = findCredentialById;
            clientSecretCredential = new ClientSecretCredentialBuilder().clientId(azureCredentials.getClientId()).clientSecret(azureCredentials.getPlainClientSecret()).tenantId(azureCredentials.getTenant()).build();
        } else {
            if (!(findCredentialById instanceof AzureImdsCredentials)) {
                throw new AzureKeyVaultException("Could not determine the type for Secret id " + str + " only 'Username/Password', and 'Microsoft Azure Service Principal' are supported");
            }
            new ManagedIdentityCredentialBuilder().build();
        }
        return clientSecretCredential;
    }

    public static TokenCredential getCredentialById(String str) {
        if (StringUtils.isEmpty(str)) {
            return null;
        }
        SystemCredentialsProvider systemCredentialsProvider = SystemCredentialsProvider.getInstance();
        if (!DomainCredentials.getCredentials(systemCredentialsProvider.getDomainCredentialsMap(), AzureImdsCredentials.class, Collections.emptyList(), CredentialsMatchers.withId(str)).isEmpty()) {
            new ManagedIdentityCredentialBuilder().build();
        }
        List credentials = DomainCredentials.getCredentials(systemCredentialsProvider.getDomainCredentialsMap(), AzureCredentials.class, Collections.emptyList(), CredentialsMatchers.withId(str));
        ClientSecretCredential clientSecretCredential = null;
        if (!credentials.isEmpty()) {
            LOGGER.log(Level.FINE, String.format("Fetched %s as AzureCredentials", str));
            AzureCredentials azureCredentials = (AzureCredentials) credentials.get(0);
            clientSecretCredential = new ClientSecretCredentialBuilder().clientId(azureCredentials.getClientId()).clientSecret(azureCredentials.getPlainClientSecret()).tenantId(azureCredentials.getTenant()).build();
        }
        if (clientSecretCredential == null) {
            throw new AzureKeyVaultException(String.format("Credential: %s was not found for supported credentials type.", str));
        }
        return clientSecretCredential;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyVaultSecret getSecretBundle(SecretClient secretClient, AzureKeyVaultSecret azureKeyVaultSecret) {
        try {
            return StringUtils.isEmpty(azureKeyVaultSecret.getVersion()) ? secretClient.getSecret(azureKeyVaultSecret.getName()) : secretClient.getSecret(azureKeyVaultSecret.getName(), azureKeyVaultSecret.getVersion());
        } catch (Exception e) {
            throw new AzureKeyVaultException(String.format("Failed to retrieve secret %s from vault %s, error message: %s", azureKeyVaultSecret.getName(), secretClient.getVaultUrl(), e.getMessage()), e);
        }
    }
}
