package io.jenkins.plugins.infisicaljenkins;

import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.CredentialsUnavailableException;
import com.cloudbees.plugins.credentials.matchers.IdMatcher;
import hudson.EnvVars;
import hudson.ExtensionList;
import hudson.model.Run;
import hudson.security.ACL;
import io.jenkins.plugins.infisicaljenkins.configuration.InfisicalConfigResolver;
import io.jenkins.plugins.infisicaljenkins.configuration.InfisicalConfiguration;
import io.jenkins.plugins.infisicaljenkins.credentials.InfisicalCredential;
import io.jenkins.plugins.infisicaljenkins.exception.InfisicalPluginException;
import io.jenkins.plugins.infisicaljenkins.infisical.InfisicalSecrets;
import io.jenkins.plugins.infisicaljenkins.model.InfisicalSecret;
import io.jenkins.plugins.infisicaljenkins.model.InfisicalSecretValue;
import io.jenkins.plugins.infisicaljenkins.model.SingleSecretResponse;
import java.io.PrintStream;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import jenkins.model.Jenkins;
import org.apache.commons.lang.StringUtils;

/* loaded from: input_file:WEB-INF/lib/infisical.jar:io/jenkins/plugins/infisicaljenkins/InfisicalAccessor.class */
public class InfisicalAccessor implements Serializable {
    private static final long serialVersionUID = 1;
    private InfisicalCredential credential;
    private InfisicalConfiguration configuration;

    public InfisicalAccessor() {
    }

    public InfisicalAccessor(InfisicalCredential infisicalCredential) {
        this.credential = infisicalCredential;
    }

    public InfisicalCredential getCredential() {
        return this.credential;
    }

    public void setCredential(InfisicalCredential infisicalCredential) {
        this.credential = infisicalCredential;
    }

    public void setConfiguration(InfisicalConfiguration infisicalConfiguration) {
        this.configuration = infisicalConfiguration;
    }

    public InfisicalConfiguration getConfiguration() {
        return this.configuration;
    }

    private List<SingleSecretResponse> readSecretsFromInfisical(InfisicalSecret infisicalSecret, PrintStream printStream) {
        List<SingleSecretResponse> secrets = InfisicalSecrets.getSecrets(this.configuration, this.credential, infisicalSecret.getPath(), infisicalSecret.getIncludeImports(), printStream);
        printStream.printf("Found %d secrets in path: %s%n", Integer.valueOf(secrets.size()), infisicalSecret.getPath());
        HashMap hashMap = new HashMap();
        for (SingleSecretResponse singleSecretResponse : secrets) {
            hashMap.put(singleSecretResponse.getSecretKey(), singleSecretResponse);
        }
        List<InfisicalSecretValue> secretValues = infisicalSecret.getSecretValues();
        ArrayList arrayList = new ArrayList();
        secretValues.forEach(infisicalSecretValue -> {
            SingleSecretResponse singleSecretResponse2 = (SingleSecretResponse) hashMap.get(infisicalSecretValue.getInfisicalKey());
            if (singleSecretResponse2 != null) {
                arrayList.add(singleSecretResponse2);
            }
        });
        return arrayList;
    }

    public Map<String, String> fetchInfisicalSecrets(Run<?, ?> run, PrintStream printStream, EnvVars envVars, InfisicalConfiguration infisicalConfiguration, List<InfisicalSecret> list) {
        HashMap hashMap = new HashMap();
        InfisicalConfiguration pullAndMergeConfiguration = pullAndMergeConfiguration(run, infisicalConfiguration);
        if (StringUtils.isBlank(pullAndMergeConfiguration.getInfisicalUrl())) {
            throw new InfisicalPluginException("The infisical url was not configured - please specify the infisical url to use.");
        }
        this.credential = getCredential(run, pullAndMergeConfiguration);
        setCredential(this.credential);
        setConfiguration(infisicalConfiguration);
        for (InfisicalSecret infisicalSecret : list) {
            printStream.printf("Retrieving secrets from path: %s%n", infisicalSecret.getPath());
            try {
                for (SingleSecretResponse singleSecretResponse : readSecretsFromInfisical(infisicalSecret, printStream)) {
                    String secretKey = singleSecretResponse.getSecretKey();
                    String secretValue = singleSecretResponse.getSecretValue();
                    if (StringUtils.isBlank(secretKey)) {
                        printStream.println("Skipping secret with empty key");
                    } else if (StringUtils.isBlank(secretValue)) {
                        printStream.println("Skipping secret with empty value");
                    } else {
                        hashMap.put(secretKey, secretValue);
                    }
                }
                for (InfisicalSecretValue infisicalSecretValue : infisicalSecret.getSecretValues()) {
                    if (infisicalSecretValue.getIsRequired() && !hashMap.containsKey(infisicalSecretValue.getInfisicalKey())) {
                        throw new InfisicalPluginException(String.format("Secret %s is required but not found in Infisical in path %s", infisicalSecretValue.getInfisicalKey(), infisicalSecret.getPath()));
                    }
                }
            } catch (InfisicalPluginException e) {
                InfisicalPluginException infisicalPluginException = (InfisicalPluginException) e.getCause();
                if (infisicalPluginException != null) {
                    throw new InfisicalPluginException(infisicalPluginException.getMessage(), infisicalPluginException);
                }
                throw e;
            }
        }
        return hashMap;
    }

    private InfisicalCredential getCredential(Run run, InfisicalConfiguration infisicalConfiguration) {
        if (Jenkins.getInstanceOrNull() == null) {
            return null;
        }
        String infisicalCredentialId = infisicalConfiguration.getInfisicalCredentialId();
        if (StringUtils.isBlank(infisicalCredentialId)) {
            throw new InfisicalPluginException("The credential id was not configured - please specify the credentials to use.");
        }
        InfisicalCredential firstOrNull = CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(InfisicalCredential.class, run.getParent(), ACL.SYSTEM, Collections.emptyList()), new IdMatcher(infisicalCredentialId));
        if (firstOrNull == null) {
            throw new CredentialsUnavailableException(infisicalCredentialId);
        }
        return firstOrNull;
    }

    public static InfisicalConfiguration pullAndMergeConfiguration(Run<?, ?> run, InfisicalConfiguration infisicalConfiguration) {
        InfisicalConfiguration infisicalConfiguration2 = infisicalConfiguration;
        Iterator it = ExtensionList.lookup(InfisicalConfigResolver.class).iterator();
        while (it.hasNext()) {
            InfisicalConfigResolver infisicalConfigResolver = (InfisicalConfigResolver) it.next();
            infisicalConfiguration2 = infisicalConfiguration2 != null ? infisicalConfiguration2.mergeWithParent(infisicalConfigResolver.forJob(run.getParent())) : infisicalConfigResolver.forJob(run.getParent());
        }
        if (infisicalConfiguration2 == null) {
            throw new InfisicalPluginException("No configuration found - please configure the Infisical Plugin .");
        }
        infisicalConfiguration2.fixDefaults();
        return infisicalConfiguration2;
    }
}
