package com.datapipe.jenkins.vault;

import com.datapipe.jenkins.vault.configuration.VaultConfiguration;
import com.datapipe.jenkins.vault.log.MaskingConsoleLogFilter;
import com.datapipe.jenkins.vault.model.VaultSecret;
import com.google.common.annotations.VisibleForTesting;
import edu.umd.cs.findbugs.annotations.CheckForNull;
import hudson.EnvVars;
import hudson.Extension;
import hudson.console.ConsoleLogFilter;
import hudson.model.Run;
import hudson.model.TaskListener;
import hudson.util.Secret;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.annotation.Nonnull;
import org.jenkinsci.plugins.workflow.steps.BodyExecutionCallback;
import org.jenkinsci.plugins.workflow.steps.BodyInvoker;
import org.jenkinsci.plugins.workflow.steps.EnvironmentExpander;
import org.jenkinsci.plugins.workflow.steps.GeneralNonBlockingStepExecution;
import org.jenkinsci.plugins.workflow.steps.Step;
import org.jenkinsci.plugins.workflow.steps.StepContext;
import org.jenkinsci.plugins.workflow.steps.StepDescriptor;
import org.jenkinsci.plugins.workflow.steps.StepExecution;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;

/* loaded from: input_file:com/datapipe/jenkins/vault/VaultBindingStep.class */
public class VaultBindingStep extends Step {
    private VaultConfiguration configuration;
    private List<VaultSecret> vaultSecrets;

    /* loaded from: input_file:com/datapipe/jenkins/vault/VaultBindingStep$Callback.class */
    private static class Callback extends BodyExecutionCallback.TailCall {
        private Callback() {
        }

        protected void finished(StepContext stepContext) throws Exception {
        }
    }

    @Extension
    /* loaded from: input_file:com/datapipe/jenkins/vault/VaultBindingStep$DescriptorImpl.class */
    public static final class DescriptorImpl extends StepDescriptor {
        public Set<? extends Class<?>> getRequiredContext() {
            return Collections.unmodifiableSet(new HashSet(Arrays.asList(TaskListener.class, Run.class, EnvVars.class)));
        }

        public boolean takesImplicitBlockArgument() {
            return true;
        }

        public String getFunctionName() {
            return "withVault";
        }

        @Nonnull
        public String getDisplayName() {
            return "Vault Plugin";
        }
    }

    /* loaded from: input_file:com/datapipe/jenkins/vault/VaultBindingStep$Execution.class */
    protected static class Execution extends GeneralNonBlockingStepExecution {
        private static final long serialVersionUID = 1;
        private transient VaultBindingStep step;
        private transient VaultAccessor vaultAccessor;

        public Execution(VaultBindingStep vaultBindingStep, StepContext stepContext) {
            super(stepContext);
            this.step = vaultBindingStep;
        }

        @VisibleForTesting
        public void setVaultAccessor(VaultAccessor vaultAccessor) {
            this.vaultAccessor = vaultAccessor;
        }

        public boolean start() throws Exception {
            run(this::doStart);
            return false;
        }

        private void doStart() throws Exception {
            Run run = (Run) getContext().get(Run.class);
            TaskListener taskListener = (TaskListener) getContext().get(TaskListener.class);
            Map<String, String> retrieveVaultSecrets = VaultAccessor.retrieveVaultSecrets(run, taskListener.getLogger(), (EnvVars) getContext().get(EnvVars.class), this.vaultAccessor, this.step.getConfiguration(), this.step.getVaultSecrets());
            ArrayList arrayList = new ArrayList();
            arrayList.addAll(retrieveVaultSecrets.values());
            getContext().newBodyInvoker().withContext(EnvironmentExpander.merge((EnvironmentExpander) getContext().get(EnvironmentExpander.class), new Overrider(retrieveVaultSecrets))).withContext(BodyInvoker.mergeConsoleLogFilters((ConsoleLogFilter) getContext().get(ConsoleLogFilter.class), new MaskingConsoleLogFilter(run.getCharset().name(), arrayList))).withCallback(new Callback()).start();
        }
    }

    /* loaded from: input_file:com/datapipe/jenkins/vault/VaultBindingStep$Overrider.class */
    private static final class Overrider extends EnvironmentExpander {
        private static final long serialVersionUID = 1;
        private final Map<String, Secret> overrides = new HashMap();

        Overrider(Map<String, String> map) {
            for (Map.Entry<String, String> entry : map.entrySet()) {
                this.overrides.put(entry.getKey(), Secret.fromString(entry.getValue()));
            }
        }

        public void expand(EnvVars envVars) throws IOException, InterruptedException {
            for (Map.Entry<String, Secret> entry : this.overrides.entrySet()) {
                envVars.override(entry.getKey(), entry.getValue().getPlainText());
            }
        }

        public Set<String> getSensitiveVariables() {
            return Collections.unmodifiableSet(this.overrides.keySet());
        }
    }

    @DataBoundConstructor
    public VaultBindingStep(@CheckForNull List<VaultSecret> list) {
        this.vaultSecrets = list;
    }

    public List<VaultSecret> getVaultSecrets() {
        return this.vaultSecrets;
    }

    @DataBoundSetter
    public void setConfiguration(VaultConfiguration vaultConfiguration) {
        this.configuration = vaultConfiguration;
    }

    public VaultConfiguration getConfiguration() {
        return this.configuration;
    }

    public StepExecution start(StepContext stepContext) throws Exception {
        return new Execution(this, stepContext);
    }
}
