package com.datapipe.jenkins.vault.credentials;

import com.bettercloud.vault.Vault;
import com.bettercloud.vault.VaultException;
import com.cloudbees.plugins.credentials.CredentialsScope;
import com.cloudbees.plugins.credentials.CredentialsStore;
import com.cloudbees.plugins.credentials.impl.BaseStandardCredentials;
import com.datapipe.jenkins.vault.exception.VaultPluginException;
import edu.umd.cs.findbugs.annotations.CheckForNull;
import edu.umd.cs.findbugs.annotations.NonNull;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import hudson.Extension;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;

/* loaded from: input_file:com/datapipe/jenkins/vault/credentials/VaultKubernetesCredential.class */
public class VaultKubernetesCredential extends AbstractVaultTokenCredential {
    private static final String SERVICE_ACCOUNT_TOKEN_PATH = "/var/run/secrets/kubernetes.io/serviceaccount/token";

    @NonNull
    private final String role;

    @NonNull
    private String mountPath;

    @Extension
    /* loaded from: input_file:com/datapipe/jenkins/vault/credentials/VaultKubernetesCredential$DescriptorImpl.class */
    public static class DescriptorImpl extends BaseStandardCredentials.BaseStandardCredentialsDescriptor {
        public static final String defaultPath = "kubernetes";

        @NonNull
        public String getDisplayName() {
            return "Vault Kubernetes Credential";
        }

        public /* bridge */ /* synthetic */ String getCheckIdUrl(CredentialsStore credentialsStore) throws UnsupportedEncodingException {
            return super.getCheckIdUrl(credentialsStore);
        }
    }

    @DataBoundConstructor
    public VaultKubernetesCredential(@CheckForNull CredentialsScope credentialsScope, @CheckForNull String str, @CheckForNull String str2, @NonNull String str3) {
        super(credentialsScope, str, str2);
        this.mountPath = DescriptorImpl.defaultPath;
        this.role = str3;
    }

    @NonNull
    public String getMountPath() {
        return this.mountPath;
    }

    @DataBoundSetter
    public void setMountPath(@NonNull String str) {
        this.mountPath = str;
    }

    @Override // com.datapipe.jenkins.vault.credentials.AbstractVaultTokenCredential
    @SuppressFBWarnings({"DMI_HARDCODED_ABSOLUTE_FILENAME"})
    public String getToken(Vault vault) {
        try {
            Stream<String> lines = Files.lines(Paths.get(SERVICE_ACCOUNT_TOKEN_PATH, new String[0]));
            Throwable th = null;
            try {
                try {
                    String str = (String) lines.collect(Collectors.joining());
                    if (lines != null) {
                        if (0 != 0) {
                            try {
                                lines.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            lines.close();
                        }
                    }
                    try {
                        return vault.withRetries(5, 500).auth().loginByJwt(this.mountPath, this.role, str).getAuthClientToken();
                    } catch (VaultException e) {
                        throw new VaultPluginException("could not log in into vault", e);
                    }
                } finally {
                }
            } finally {
            }
        } catch (IOException e2) {
            throw new VaultPluginException("could not get JWT from Service Account Token", e2);
        }
    }
}
