package com.datapipe.jenkins.vault.credentials;

import com.bettercloud.vault.Vault;
import com.bettercloud.vault.VaultException;
import com.cloudbees.plugins.credentials.CredentialsScope;
import com.cloudbees.plugins.credentials.CredentialsStore;
import com.cloudbees.plugins.credentials.impl.BaseStandardCredentials;
import com.datapipe.jenkins.vault.exception.VaultPluginException;
import edu.umd.cs.findbugs.annotations.CheckForNull;
import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.Extension;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.net.HttpURLConnection;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URLConnection;
import java.nio.charset.StandardCharsets;
import java.util.Objects;
import java.util.stream.Stream;
import org.kohsuke.stapler.DataBoundConstructor;

/* loaded from: input_file:com/datapipe/jenkins/vault/credentials/VaultGCPCredential.class */
public class VaultGCPCredential extends AbstractVaultTokenCredential {

    @NonNull
    private final String role;

    @NonNull
    private final String audience;

    @Extension
    /* loaded from: input_file:com/datapipe/jenkins/vault/credentials/VaultGCPCredential$DescriptorImpl.class */
    public static class DescriptorImpl extends BaseStandardCredentials.BaseStandardCredentialsDescriptor {
        @NonNull
        public String getDisplayName() {
            return "Vault GCP Credential";
        }

        public /* bridge */ /* synthetic */ String getCheckIdUrl(CredentialsStore credentialsStore) throws UnsupportedEncodingException {
            return super.getCheckIdUrl(credentialsStore);
        }
    }

    @DataBoundConstructor
    public VaultGCPCredential(@CheckForNull CredentialsScope credentialsScope, @CheckForNull String str, @CheckForNull String str2, @NonNull String str3, @NonNull String str4) {
        super(credentialsScope, str, str2);
        this.role = str3;
        this.audience = str4;
    }

    @NonNull
    public String getRole() {
        return this.role;
    }

    @Override // com.datapipe.jenkins.vault.credentials.AbstractVaultTokenCredential
    public String getToken(Vault vault) {
        try {
            try {
                return vault.withRetries(5, 500).auth().loginByGCP(this.role, retrieveGoogleJWT()).getAuthClientToken();
            } catch (VaultException e) {
                throw new VaultPluginException("could not log in into vault", e);
            }
        } catch (IOException | URISyntaxException e2) {
            throw new VaultPluginException("could not get JWT from GCP metadata", e2);
        }
    }

    private String retrieveGoogleJWT() throws URISyntaxException, IOException {
        HttpURLConnection safelyCastToHttpUrlConnection = safelyCastToHttpUrlConnection(new URI("http", null, "metadata", -1, "/computeMetadata/v1/instance/service-accounts/default/identity", "audience=" + this.audience + "&format=full", null).toURL().openConnection());
        safelyCastToHttpUrlConnection.setRequestProperty("Metadata-Flavor", "Google");
        return download(safelyCastToHttpUrlConnection);
    }

    private static HttpURLConnection safelyCastToHttpUrlConnection(URLConnection uRLConnection) {
        if (uRLConnection instanceof HttpURLConnection) {
            return (HttpURLConnection) uRLConnection;
        }
        throw new RuntimeException("We do not have Http connection, but we used http schema");
    }

    private static String download(URLConnection uRLConnection) throws IOException {
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(uRLConnection.getInputStream(), StandardCharsets.UTF_8));
        try {
            StringBuilder sb = new StringBuilder();
            Stream<String> lines = bufferedReader.lines();
            Objects.requireNonNull(sb);
            lines.forEachOrdered(sb::append);
            String sb2 = sb.toString();
            bufferedReader.close();
            return sb2;
        } catch (Throwable th) {
            try {
                bufferedReader.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }
}
