package com.cloudbees.jenkins.plugins.amazonecr;

import com.amazonaws.regions.Regions;
import com.cloudbees.jenkins.plugins.awscredentials.AmazonWebServicesCredentials;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.CredentialsScope;
import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials;
import com.cloudbees.plugins.credentials.impl.BaseStandardCredentials;
import edu.umd.cs.findbugs.annotations.CheckForNull;
import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.ProxyConfiguration;
import hudson.model.ItemGroup;
import hudson.security.ACL;
import hudson.util.Secret;
import java.net.URI;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import jenkins.model.Jenkins;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.exception.ExceptionUtils;
import software.amazon.awssdk.http.apache.ApacheHttpClient;
import software.amazon.awssdk.http.apache.ProxyConfiguration;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.ecr.EcrClient;
import software.amazon.awssdk.services.ecr.model.AuthorizationData;
import software.amazon.awssdk.services.ecr.model.GetAuthorizationTokenRequest;
import software.amazon.awssdk.services.ecr.model.GetAuthorizationTokenResponse;

/* loaded from: input_file:WEB-INF/lib/amazon-ecr.jar:com/cloudbees/jenkins/plugins/amazonecr/AmazonECSRegistryCredential.class */
public class AmazonECSRegistryCredential extends BaseStandardCredentials implements StandardUsernamePasswordCredentials {
    private static final Logger LOG = Logger.getLogger(AmazonECSRegistryCredential.class.getName());
    private final String credentialsId;
    private final String region;
    private final ItemGroup itemGroup;

    public AmazonECSRegistryCredential(CredentialsScope credentialsScope, @NonNull String str, String str2, ItemGroup itemGroup) {
        this(credentialsScope, str, Region.US_EAST_1, str2, itemGroup);
    }

    @Deprecated
    public AmazonECSRegistryCredential(@CheckForNull CredentialsScope credentialsScope, @NonNull String str, Regions regions, String str2, ItemGroup itemGroup) {
        this(credentialsScope, str, Region.of(regions.getName()), str2, itemGroup);
    }

    public AmazonECSRegistryCredential(@CheckForNull CredentialsScope credentialsScope, @NonNull String str, Region region, String str2, ItemGroup itemGroup) {
        super(credentialsScope, "ecr:" + region.id() + ":" + str, "Amazon ECR Registry:" + (StringUtils.isNotBlank(str2) ? str2 : str) + "-" + region);
        this.credentialsId = str;
        this.region = region.id();
        this.itemGroup = itemGroup;
    }

    @NonNull
    public String getCredentialsId() {
        return this.credentialsId;
    }

    @CheckForNull
    public AmazonWebServicesCredentials getCredentials() {
        LOG.log(Level.FINE, "Looking for Amazon web credentials ID: {0} Region: {1}", new Object[]{this.credentialsId, this.region});
        List<AmazonWebServicesCredentials> lookupCredentialsInItemGroup = CredentialsProvider.lookupCredentialsInItemGroup(AmazonWebServicesCredentials.class, this.itemGroup, ACL.SYSTEM2);
        if (LOG.isLoggable(Level.FINEST)) {
            LOG.log(Level.FINEST, "Trace: {0}", ExceptionUtils.getStackTrace(new Throwable()));
        }
        if (lookupCredentialsInItemGroup.isEmpty()) {
            LOG.fine("ID not found");
            return null;
        }
        for (AmazonWebServicesCredentials amazonWebServicesCredentials : lookupCredentialsInItemGroup) {
            if (amazonWebServicesCredentials.getId().equals(this.credentialsId)) {
                LOG.log(Level.FINE, "ID found {0}", this.credentialsId);
                return amazonWebServicesCredentials;
            }
        }
        LOG.fine("ID not found");
        return null;
    }

    @NonNull
    public String getDescription() {
        String description = super.getDescription();
        LOG.finest(description);
        return description;
    }

    @NonNull
    public Secret getPassword() {
        AmazonWebServicesCredentials credentials = getCredentials();
        if (credentials == null) {
            throw new IllegalStateException("Invalid credentials");
        }
        LOG.log(Level.FINE, "Get password for {0} region : {1}", new Object[]{credentials.getDisplayName(), this.region});
        if (LOG.isLoggable(Level.ALL)) {
            LOG.log(Level.ALL, "Trace: {0}", ExceptionUtils.getStackTrace(new Throwable()));
        }
        ApacheHttpClient.Builder builder = ApacheHttpClient.builder();
        Jenkins instanceOrNull = Jenkins.getInstanceOrNull();
        ProxyConfiguration proxyConfiguration = instanceOrNull != null ? instanceOrNull.proxy : null;
        if (proxyConfiguration != null) {
            ProxyConfiguration.Builder endpoint = software.amazon.awssdk.http.apache.ProxyConfiguration.builder().endpoint(URI.create(String.format("http://%s:%s", proxyConfiguration.name, Integer.valueOf(proxyConfiguration.port))));
            if (proxyConfiguration.getUserName() != null) {
                endpoint.username(proxyConfiguration.getUserName());
                endpoint.password(Secret.toString(proxyConfiguration.getSecretPassword()));
            }
            builder.proxyConfiguration((software.amazon.awssdk.http.apache.ProxyConfiguration) endpoint.build());
        }
        EcrClient ecrClient = (EcrClient) EcrClient.builder().httpClientBuilder(builder).region(Region.of(this.region)).credentialsProvider(credentials).build();
        try {
            GetAuthorizationTokenRequest getAuthorizationTokenRequest = (GetAuthorizationTokenRequest) GetAuthorizationTokenRequest.builder().build();
            GetAuthorizationTokenResponse authorizationToken = ecrClient.getAuthorizationToken(getAuthorizationTokenRequest);
            List authorizationData = authorizationToken.authorizationData();
            if (authorizationData == null || authorizationData.isEmpty()) {
                throw new IllegalStateException("Failed to retrieve authorization token for Amazon ECR");
            }
            LOG.fine("Success");
            if (LOG.isLoggable(Level.ALL)) {
                LOG.finest("Auth token: " + authorizationToken);
                LOG.finest("Request: " + getAuthorizationTokenRequest);
            }
            Secret fromString = Secret.fromString(((AuthorizationData) authorizationData.get(0)).authorizationToken());
            if (ecrClient != null) {
                ecrClient.close();
            }
            return fromString;
        } catch (Throwable th) {
            if (ecrClient != null) {
                try {
                    ecrClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @NonNull
    public String getUsername() {
        return "AWS";
    }

    @NonNull
    public String getEmail() {
        return "nobody@example.com";
    }
}
