package com.datapipe.jenkins.vault.credentials.common;

import com.bettercloud.vault.VaultConfig;
import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.CredentialsUnavailableException;
import com.cloudbees.plugins.credentials.matchers.IdMatcher;
import com.datapipe.jenkins.vault.VaultAccessor;
import com.datapipe.jenkins.vault.configuration.GlobalVaultConfiguration;
import com.datapipe.jenkins.vault.configuration.VaultConfiguration;
import com.datapipe.jenkins.vault.credentials.VaultCredential;
import com.datapipe.jenkins.vault.exception.VaultPluginException;
import edu.umd.cs.findbugs.annotations.CheckForNull;
import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.Util;
import hudson.remoting.Channel;
import hudson.security.ACL;
import java.io.IOException;
import java.util.Collections;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import jenkins.model.Jenkins;
import jenkins.security.SlaveToMasterCallable;
import org.apache.commons.lang.StringUtils;

/* loaded from: input_file:com/datapipe/jenkins/vault/credentials/common/VaultHelper.class */
public class VaultHelper {
    private static final Logger LOGGER = Logger.getLogger(VaultHelper.class.getName());

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/datapipe/jenkins/vault/credentials/common/VaultHelper$SecretRetrieve.class */
    public static class SecretRetrieve extends SlaveToMasterCallable<Map<String, String>, IOException> {
        private static final long serialVersionUID = 1;
        private final String secretPath;

        @CheckForNull
        private final String prefixPath;

        @CheckForNull
        private final String namespace;

        @CheckForNull
        private Integer engineVersion;

        SecretRetrieve(String str, String str2, String str3, Integer num) {
            this.secretPath = str;
            this.prefixPath = Util.fixEmptyAndTrim(str2);
            this.namespace = Util.fixEmptyAndTrim(str3);
            this.engineVersion = num;
        }

        /* renamed from: call, reason: merged with bridge method [inline-methods] */
        public Map<String, String> m5call() throws IOException {
            VaultConfiguration configuration = GlobalVaultConfiguration.get().getConfiguration();
            if (configuration == null) {
                throw new IllegalStateException("Vault plugin has not been configured.");
            }
            configuration.fixDefaults();
            if (this.engineVersion == null) {
                this.engineVersion = configuration.getEngineVersion();
            }
            VaultHelper.LOGGER.info(String.format("Retrieving vault secret path=%s engineVersion=%s", this.secretPath, this.engineVersion));
            try {
                VaultConfig vaultConfig = configuration.getVaultConfig();
                if (this.prefixPath != null) {
                    vaultConfig.prefixPath(this.prefixPath);
                }
                if (this.namespace != null) {
                    vaultConfig.nameSpace(this.namespace);
                }
                VaultCredential vaultCredential = configuration.getVaultCredential();
                if (vaultCredential == null) {
                    vaultCredential = VaultHelper.retrieveVaultCredentials(configuration.getVaultCredentialId());
                }
                VaultAccessor vaultAccessor = new VaultAccessor(vaultConfig, vaultCredential);
                vaultAccessor.setMaxRetries(configuration.getMaxRetries());
                vaultAccessor.setRetryIntervalMilliseconds(configuration.getRetryIntervalMilliseconds());
                vaultAccessor.init();
                return vaultAccessor.read(this.secretPath, this.engineVersion).getData();
            } catch (VaultPluginException e) {
                throw e;
            } catch (Exception e2) {
                throw new RuntimeException(e2);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Map<String, String> getVaultSecret(@NonNull String str, @CheckForNull String str2, @CheckForNull String str3, @CheckForNull Integer num) {
        try {
            SecretRetrieve secretRetrieve = new SecretRetrieve(str, str2, str3, num);
            Channel current = Channel.current();
            return current == null ? secretRetrieve.m5call() : (Map) current.call(secretRetrieve);
        } catch (IOException | InterruptedException e) {
            throw new IllegalStateException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getVaultSecretKey(@NonNull String str, @NonNull String str2, @CheckForNull String str3, @CheckForNull String str4, @CheckForNull Integer num) {
        try {
            Map<String, String> vaultSecret = getVaultSecret(str, str3, str4, num);
            if (vaultSecret.containsKey(str2)) {
                return vaultSecret.get(str2);
            }
            throw new VaultPluginException(String.format("Key %s could not be found in path %s", str2, str));
        } catch (IllegalStateException e) {
            throw new IllegalStateException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static VaultCredential retrieveVaultCredentials(String str) {
        if (StringUtils.isBlank(str)) {
            throw new VaultPluginException("The credential id was not configured - please specify the credentials to use.");
        }
        LOGGER.log(Level.INFO, "Retrieving vault credential ID : " + str);
        VaultCredential firstOrNull = CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(VaultCredential.class, Jenkins.get(), ACL.SYSTEM, Collections.emptyList()), new IdMatcher(str));
        if (firstOrNull == null) {
            throw new CredentialsUnavailableException(str);
        }
        return firstOrNull;
    }
}
