package io.jenkins.plugins.pipeline_log_fluentd_cloudwatch;

import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.AWSSessionCredentials;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.auth.BasicSessionCredentials;
import com.amazonaws.services.logs.AWSLogs;
import com.amazonaws.services.logs.AWSLogsClientBuilder;
import com.amazonaws.services.logs.model.DescribeLogStreamsRequest;
import com.amazonaws.services.logs.model.InputLogEvent;
import com.amazonaws.services.logs.model.LogStream;
import com.amazonaws.services.logs.model.PutLogEventsRequest;
import com.amazonaws.services.logs.model.PutLogEventsResult;
import com.amazonaws.services.securitytoken.AWSSecurityTokenService;
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder;
import com.amazonaws.services.securitytoken.model.AssumeRoleRequest;
import com.amazonaws.services.securitytoken.model.Credentials;
import com.amazonaws.services.securitytoken.model.GetFederationTokenRequest;
import com.cloudbees.jenkins.plugins.awscredentials.AmazonWebServicesCredentials;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import hudson.AbortException;
import hudson.ExtensionList;
import hudson.console.LineTransformationOutputStream;
import hudson.model.BuildListener;
import hudson.remoting.Channel;
import io.jenkins.plugins.aws.global_configuration.CredentialsAwsGlobalConfiguration;
import java.io.Closeable;
import java.io.IOException;
import java.io.OutputStream;
import java.io.PrintStream;
import java.io.UnsupportedEncodingException;
import java.util.Map;
import java.util.Objects;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.sf.json.JSONObject;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:io/jenkins/plugins/pipeline_log_fluentd_cloudwatch/CloudWatchSender.class */
public final class CloudWatchSender implements BuildListener, Closeable {
    private static final Logger LOGGER = Logger.getLogger(CloudWatchSender.class.getName());
    private static final long serialVersionUID = 1;

    @Nonnull
    private final String logGroupName;

    @Nonnull
    private final String logStreamName;

    @Nonnull
    private final String buildId;

    @CheckForNull
    private final String nodeId;

    @CheckForNull
    private transient PrintStream logger;

    @SuppressFBWarnings(value = {"IS2_INCONSISTENT_SYNC"}, justification = "Set to a single value so long as the logger remains open.")
    private transient AWSLogs client;

    @CheckForNull
    private transient String sequenceToken;

    @Nonnull
    private final String sender;

    @CheckForNull
    @SuppressFBWarnings(value = {"IS2_INCONSISTENT_SYNC"}, justification = "Only need to synchronize initialization; thereafter it remains set.")
    private transient TimestampTracker timestampTracker;

    @CheckForNull
    private final String accessKeyId;

    @Nullable
    private final String secretAccessKey;

    @Nullable
    private final String sessionToken;

    @Nullable
    private final String region;

    /* loaded from: input_file:io/jenkins/plugins/pipeline_log_fluentd_cloudwatch/CloudWatchSender$CloudWatchOutputStream.class */
    private class CloudWatchOutputStream extends LineTransformationOutputStream {
        static final /* synthetic */ boolean $assertionsDisabled;

        private CloudWatchOutputStream() {
        }

        protected void eol(byte[] bArr, int i) throws IOException {
            Map<String, Object> parse = ConsoleNotes.parse(bArr, i);
            parse.put("build", CloudWatchSender.this.buildId);
            if (CloudWatchSender.this.nodeId != null) {
                parse.put("node", CloudWatchSender.this.nodeId);
            }
            parse.put("sender", CloudWatchSender.this.sender);
            if (!$assertionsDisabled && CloudWatchSender.this.timestampTracker == null) {
                throw new AssertionError("getLogger which creates CloudWatchOutputStream initializes it");
            }
            long eventSent = CloudWatchSender.this.timestampTracker.eventSent();
            parse.put("timestamp", Long.valueOf(eventSent));
            PutLogEventsResult putLogEvents = CloudWatchSender.this.client.putLogEvents(new PutLogEventsRequest().withLogGroupName(CloudWatchSender.this.logGroupName).withLogStreamName(CloudWatchSender.this.logStreamName).withSequenceToken(CloudWatchSender.this.lastSequenceToken()).withLogEvents(new InputLogEvent[]{new InputLogEvent().withTimestamp(Long.valueOf(eventSent)).withMessage(JSONObject.fromObject(parse).toString())}));
            CloudWatchSender.LOGGER.log(Level.FINE, "result: {0}", putLogEvents);
            synchronized (CloudWatchSender.this) {
                CloudWatchSender.this.sequenceToken = putLogEvents.getNextSequenceToken();
            }
            CloudWatchSender.LOGGER.log(Level.FINER, "sent event @{0} from {1}/{2}#{3}", new Object[]{Long.valueOf(eventSent), CloudWatchSender.this.logStreamName, CloudWatchSender.this.buildId, CloudWatchSender.this.nodeId});
        }

        static {
            $assertionsDisabled = !CloudWatchSender.class.desiredAssertionStatus();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CloudWatchSender(@Nonnull String str, @Nonnull String str2, @CheckForNull String str3, @CheckForNull TimestampTracker timestampTracker) throws IOException {
        this(logGroupName(), str, str2, str3, "master", timestampTracker, null, null, null, null);
    }

    private static String logGroupName() throws IOException {
        String logGroupName = ((CloudWatchAwsGlobalConfiguration) ExtensionList.lookupSingleton(CloudWatchAwsGlobalConfiguration.class)).getLogGroupName();
        if (logGroupName == null) {
            throw new AbortException("You must specify the CloudWatch log group name");
        }
        return logGroupName;
    }

    private CloudWatchSender(@Nonnull String str, @Nonnull String str2, @Nonnull String str3, @CheckForNull String str4, @Nonnull String str5, @CheckForNull TimestampTracker timestampTracker, @CheckForNull String str6, @Nullable String str7, @Nullable String str8, @Nullable String str9) {
        this.logGroupName = str;
        this.logStreamName = (String) Objects.requireNonNull(str2);
        this.buildId = (String) Objects.requireNonNull(str3);
        this.nodeId = str4;
        this.sender = str5;
        this.timestampTracker = timestampTracker;
        this.accessKeyId = str6;
        this.secretAccessKey = str7;
        this.sessionToken = str8;
        this.region = str9;
    }

    private Object writeReplace() throws IOException {
        String accessKeyId;
        String secretAccessKey;
        String sessionToken;
        AWSSecurityTokenServiceClientBuilder standard = AWSSecurityTokenServiceClientBuilder.standard();
        CredentialsAwsGlobalConfiguration credentialsAwsGlobalConfiguration = CredentialsAwsGlobalConfiguration.get();
        String region = credentialsAwsGlobalConfiguration.getRegion();
        if (region != null) {
            standard = (AWSSecurityTokenServiceClientBuilder) standard.withRegion(region);
        }
        AmazonWebServicesCredentials credentials = credentialsAwsGlobalConfiguration.getCredentials();
        if (credentials != null) {
            standard.withCredentials(new AWSStaticCredentialsProvider(credentials.getCredentials()));
        }
        String name = Channel.current().getName();
        AWSCredentialsProvider credentials2 = standard.getCredentials();
        AWSCredentials credentials3 = credentials2 != null ? credentials2.getCredentials() : null;
        if (credentials3 instanceof AWSSessionCredentials) {
            String str = System.getenv("AWS_ROLE");
            if (str != null) {
                AWSSecurityTokenServiceClientBuilder standard2 = AWSSecurityTokenServiceClientBuilder.standard();
                if (region != null) {
                    standard2 = (AWSSecurityTokenServiceClientBuilder) standard2.withRegion(region);
                }
                Credentials credentials4 = ((AWSSecurityTokenService) standard2.build()).assumeRole(new AssumeRoleRequest().withRoleArn(str).withRoleSessionName("CloudWatchSender").withPolicy(policy())).getCredentials();
                accessKeyId = credentials4.getAccessKeyId();
                secretAccessKey = credentials4.getSecretAccessKey();
                sessionToken = credentials4.getSessionToken();
                LOGGER.log(Level.FINE, "AssumeRole succeeded; using {0}", accessKeyId);
            } else {
                accessKeyId = credentials3.getAWSAccessKeyId();
                secretAccessKey = credentials3.getAWSSecretKey();
                sessionToken = ((AWSSessionCredentials) credentials3).getSessionToken();
                LOGGER.log(Level.WARNING, "Giving up on limiting session credentials to a policy; using {0} as is", accessKeyId);
            }
        } else {
            Credentials credentials5 = ((AWSSecurityTokenService) standard.build()).getFederationToken(new GetFederationTokenRequest().withName("CloudWatchSender").withPolicy(policy())).getCredentials();
            accessKeyId = credentials5.getAccessKeyId();
            secretAccessKey = credentials5.getSecretAccessKey();
            sessionToken = credentials5.getSessionToken();
            LOGGER.log(Level.FINE, "GetFederationToken succeeded; using {0}", accessKeyId);
        }
        return new CloudWatchSender(this.logGroupName, this.logStreamName, this.buildId, this.nodeId, name, null, accessKeyId, secretAccessKey, sessionToken, region);
    }

    private String policy() {
        return "{\"Version\": \"2012-10-17\", \"Statement\": [{\"Effect\": \"Allow\", \"Action\": [\"logs:PutLogEvents\"], \"Resource\": [\"arn:aws:logs:*:*:log-group:" + this.logGroupName + ":log-stream:" + this.logStreamName + "\"]}, {\"Effect\": \"Allow\", \"Action\": [\"logs:DescribeLogStreams\"], \"Resource\": [\"arn:aws:logs:*:*:log-group:" + this.logGroupName + ":log-stream:*\"]}]}";
    }

    public synchronized PrintStream getLogger() {
        AWSLogsClientBuilder aWSLogsClientBuilder;
        if (this.logger == null) {
            if (this.accessKeyId != null) {
                aWSLogsClientBuilder = AWSLogsClientBuilder.standard();
                if (this.region != null) {
                    aWSLogsClientBuilder = (AWSLogsClientBuilder) aWSLogsClientBuilder.withRegion(this.region);
                }
                aWSLogsClientBuilder.withCredentials(new AWSStaticCredentialsProvider(new BasicSessionCredentials(this.accessKeyId, this.secretAccessKey, this.sessionToken)));
            } else {
                try {
                    aWSLogsClientBuilder = ((CloudWatchAwsGlobalConfiguration) ExtensionList.lookupSingleton(CloudWatchAwsGlobalConfiguration.class)).getAWSLogsClientBuilder();
                } catch (IOException e) {
                    throw new RuntimeException(e);
                }
            }
            this.client = (AWSLogs) aWSLogsClientBuilder.build();
            if (this.timestampTracker == null) {
                this.timestampTracker = new TimestampTracker();
            }
            try {
                this.logger = new PrintStream((OutputStream) new CloudWatchOutputStream(), true, "UTF-8");
            } catch (UnsupportedEncodingException e2) {
                throw new AssertionError(e2);
            }
        }
        return this.logger;
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public synchronized void close() throws IOException {
        if (this.logger != null) {
            this.client.shutdown();
            this.logger = null;
            this.client = null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized String lastSequenceToken() {
        if (this.sequenceToken != null) {
            return this.sequenceToken;
        }
        for (LogStream logStream : this.client.describeLogStreams(new DescribeLogStreamsRequest(this.logGroupName).withLogStreamNamePrefix(this.logStreamName)).getLogStreams()) {
            if (logStream.getLogStreamName().equals(this.logStreamName)) {
                String uploadSequenceToken = logStream.getUploadSequenceToken();
                this.sequenceToken = uploadSequenceToken;
                return uploadSequenceToken;
            }
        }
        throw new IllegalStateException("could not find " + this.logStreamName);
    }
}
