package org.jenkinsci.plugins.azurekeyvaultplugin;

import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.SystemCredentialsProvider;
import com.cloudbees.plugins.credentials.common.IdCredentials;
import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials;
import com.cloudbees.plugins.credentials.domains.DomainCredentials;
import com.cloudbees.plugins.credentials.domains.DomainRequirement;
import com.microsoft.azure.keyvault.KeyVaultClient;
import com.microsoft.azure.keyvault.authentication.KeyVaultCredentials;
import com.microsoft.azure.keyvault.models.SecretBundle;
import com.microsoft.azure.util.AzureCredentials;
import com.microsoft.azure.util.AzureImdsCredentials;
import hudson.model.Run;
import hudson.util.Secret;
import java.util.Collections;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:org/jenkinsci/plugins/azurekeyvaultplugin/AzureKeyVaultCredentialRetriever.class */
public class AzureKeyVaultCredentialRetriever {
    private static final Logger LOGGER = Logger.getLogger(AzureKeyVaultStep.class.getName());

    public static KeyVaultCredentials getCredentialById(String str, Run<?, ?> run) {
        AzureKeyVaultCredential azureKeyVaultCredential;
        StandardUsernamePasswordCredentials findCredentialById = CredentialsProvider.findCredentialById(str, IdCredentials.class, run, new DomainRequirement[0]);
        if (findCredentialById == null) {
            throw new AzureKeyVaultException(String.format("Credential: %s was not found", str));
        }
        if (findCredentialById instanceof StandardUsernamePasswordCredentials) {
            LOGGER.log(Level.FINE, String.format("Fetched %s as StandardUsernamePasswordCredentials", str));
            CredentialsProvider.track(run, findCredentialById);
            StandardUsernamePasswordCredentials standardUsernamePasswordCredentials = findCredentialById;
            azureKeyVaultCredential = new AzureKeyVaultCredential(standardUsernamePasswordCredentials.getUsername(), standardUsernamePasswordCredentials.getPassword());
        } else {
            if (!(findCredentialById instanceof AzureCredentials)) {
                if (findCredentialById instanceof AzureImdsCredentials) {
                    return new AzureKeyVaultImdsCredential();
                }
                throw new AzureKeyVaultException("Could not determine the type for Secret id " + str + " only 'Username/Password', and 'Microsoft Azure Service Principal' are supported");
            }
            LOGGER.log(Level.FINE, String.format("Fetched %s as AzureCredentials", str));
            CredentialsProvider.track(run, findCredentialById);
            AzureCredentials azureCredentials = (AzureCredentials) findCredentialById;
            azureKeyVaultCredential = new AzureKeyVaultCredential(azureCredentials.getClientId(), Secret.fromString(azureCredentials.getPlainClientSecret()));
        }
        if (azureKeyVaultCredential.isValid()) {
            return azureKeyVaultCredential;
        }
        throw new AzureKeyVaultException("No valid credentials were found for accessing KeyVault");
    }

    public static KeyVaultCredentials getCredentialById(String str) {
        if (StringUtils.isEmpty(str)) {
            return null;
        }
        SystemCredentialsProvider systemCredentialsProvider = SystemCredentialsProvider.getInstance();
        if (!DomainCredentials.getCredentials(systemCredentialsProvider.getDomainCredentialsMap(), AzureImdsCredentials.class, Collections.emptyList(), CredentialsMatchers.withId(str)).isEmpty()) {
            return new AzureKeyVaultImdsCredential();
        }
        AzureKeyVaultCredential azureKeyVaultCredential = null;
        List credentials = DomainCredentials.getCredentials(systemCredentialsProvider.getDomainCredentialsMap(), StandardUsernamePasswordCredentials.class, Collections.emptyList(), CredentialsMatchers.withId(str));
        if (!credentials.isEmpty()) {
            LOGGER.log(Level.FINE, String.format("Fetched %s as StandardUsernamePasswordCredentials", str));
            StandardUsernamePasswordCredentials standardUsernamePasswordCredentials = (StandardUsernamePasswordCredentials) credentials.get(0);
            azureKeyVaultCredential = new AzureKeyVaultCredential(standardUsernamePasswordCredentials.getUsername(), standardUsernamePasswordCredentials.getPassword());
        }
        List credentials2 = DomainCredentials.getCredentials(systemCredentialsProvider.getDomainCredentialsMap(), AzureCredentials.class, Collections.emptyList(), CredentialsMatchers.withId(str));
        if (!credentials2.isEmpty()) {
            LOGGER.log(Level.FINE, String.format("Fetched %s as AzureCredentials", str));
            AzureCredentials azureCredentials = (AzureCredentials) credentials2.get(0);
            azureKeyVaultCredential = new AzureKeyVaultCredential(azureCredentials.getClientId(), Secret.fromString(azureCredentials.getPlainClientSecret()));
        }
        if (azureKeyVaultCredential == null) {
            throw new AzureKeyVaultException(String.format("Credential: %s was not found for supported credentials type.", str));
        }
        if (azureKeyVaultCredential.isValid()) {
            return azureKeyVaultCredential;
        }
        throw new AzureKeyVaultException("No valid credentials were found for accessing KeyVault");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SecretBundle getSecretBundle(KeyVaultClient keyVaultClient, AzureKeyVaultSecret azureKeyVaultSecret, String str) {
        try {
            return StringUtils.isEmpty(azureKeyVaultSecret.getVersion()) ? keyVaultClient.getSecret(str, azureKeyVaultSecret.getName()) : keyVaultClient.getSecret(str, azureKeyVaultSecret.getName(), azureKeyVaultSecret.getVersion());
        } catch (Exception e) {
            throw new AzureKeyVaultException(String.format("Failed to retrieve secret %s from vault %s, error message: %s", azureKeyVaultSecret.getName(), str, e.getMessage()), e);
        }
    }
}
