package org.jenkinsci.plugins.azurekeyvaultplugin;

import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.Extension;
import hudson.Util;
import hudson.model.Item;
import hudson.model.Run;
import hudson.model.TaskListener;
import hudson.util.ListBoxModel;
import java.util.List;
import java.util.Set;
import java.util.logging.Logger;
import javax.annotation.CheckForNull;
import javax.security.auth.login.CredentialNotFoundException;
import jenkins.YesNoMaybe;
import org.apache.commons.lang3.ObjectUtils;
import org.apache.commons.lang3.StringUtils;
import org.jenkinsci.plugins.azurekeyvaultplugin.AzureKeyVaultStep;
import org.jenkinsci.plugins.workflow.steps.Step;
import org.jenkinsci.plugins.workflow.steps.StepContext;
import org.jenkinsci.plugins.workflow.steps.StepDescriptor;
import org.jenkinsci.plugins.workflow.steps.StepExecution;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;
import org.kohsuke.stapler.verb.POST;

/* loaded from: input_file:org/jenkinsci/plugins/azurekeyvaultplugin/AzureKeyVaultBuildWrapper.class */
public class AzureKeyVaultBuildWrapper extends Step {
    private static final Logger LOGGER = Logger.getLogger("Jenkins.AzureKeyVaultBuildWrapper");
    private final List<AzureKeyVaultSecret> azureKeyVaultSecrets;
    private String keyVaultURL;
    private String applicationID;
    private String applicationSecret;
    private String credentialID;
    private String tenantId;

    @Extension(dynamicLoadable = YesNoMaybe.YES, optional = true)
    /* loaded from: input_file:org/jenkinsci/plugins/azurekeyvaultplugin/AzureKeyVaultBuildWrapper$DescriptorImpl.class */
    public static class DescriptorImpl extends StepDescriptor {
        @POST
        public ListBoxModel doFillCredentialIDOverrideItems(@AncestorInPath Item item) {
            return AzureKeyVaultUtil.doFillCredentialIDItems(item);
        }

        @NonNull
        public String getDisplayName() {
            return "Bind credentials in Azure Key Vault to environment variables";
        }

        public Set<? extends Class<?>> getRequiredContext() {
            return Set.of(Run.class);
        }

        public boolean takesImplicitBlockArgument() {
            return true;
        }

        public String getFunctionName() {
            return "withAzureKeyvault";
        }
    }

    @DataBoundConstructor
    public AzureKeyVaultBuildWrapper(@CheckForNull List<AzureKeyVaultSecret> list) {
        this.azureKeyVaultSecrets = list;
    }

    public String getKeyVaultURLOverride() {
        return this.keyVaultURL;
    }

    @DataBoundSetter
    public void setKeyVaultURLOverride(String str) {
        this.keyVaultURL = Util.fixEmpty(str);
    }

    public String getApplicationIDOverride() {
        return this.applicationID;
    }

    @DataBoundSetter
    public void setApplicationIDOverride(String str) {
        this.applicationID = Util.fixEmpty(str);
    }

    public String getApplicationSecretOverride() {
        return this.applicationSecret;
    }

    @DataBoundSetter
    public void setApplicationSecretOverride(String str) {
        this.applicationSecret = Util.fixEmpty(str);
    }

    public String getCredentialIDOverride() {
        return this.credentialID;
    }

    @DataBoundSetter
    public void setCredentialIDOverride(String str) {
        this.credentialID = Util.fixEmpty(str);
    }

    public String getTenantIdOverride() {
        return this.tenantId;
    }

    @DataBoundSetter
    public void setTenantIdOverride(String str) {
        this.tenantId = Util.fixEmpty(str);
    }

    public String getApplicationID() {
        return this.applicationID;
    }

    public List<AzureKeyVaultSecret> getAzureKeyVaultSecrets() {
        return this.azureKeyVaultSecrets;
    }

    public StepExecution start(StepContext stepContext) throws Exception {
        AzureKeyVaultGlobalConfiguration azureKeyVaultGlobalConfiguration = AzureKeyVaultGlobalConfiguration.get();
        String str = (String) ObjectUtils.firstNonNull(new String[]{this.keyVaultURL, azureKeyVaultGlobalConfiguration.getKeyVaultURL()});
        if (StringUtils.isEmpty(str)) {
            throw new AzureKeyVaultException("No key vault url configured, set one globally or in the build wrap step");
        }
        String str2 = (String) ObjectUtils.firstNonNull(new String[]{this.credentialID, azureKeyVaultGlobalConfiguration.getCredentialID()});
        if (isLegacyAuth()) {
            ((TaskListener) stepContext.get(TaskListener.class)).getLogger().println("***************************************************************************************************\nDeprecated: Use a credential ID instead of individual values for the service principal.\nIf you can't then please raise an issue at https://github.com/jenkinsci/azure-keyvault-plugin/issues.\nThis will be removed at some point.\n***************************************************************************************************");
            return new AzureKeyVaultStep.ExecutionImpl(stepContext, str, this.applicationID, this.applicationSecret, this.tenantId, this.azureKeyVaultSecrets);
        }
        if (StringUtils.isEmpty(str2)) {
            throw new CredentialNotFoundException("Unable to find a valid credential with provided parameters");
        }
        return new AzureKeyVaultStep.ExecutionImpl(stepContext, str, str2, this.azureKeyVaultSecrets);
    }

    private boolean isLegacyAuth() {
        return StringUtils.isNotEmpty(this.applicationID) && StringUtils.isNotEmpty(this.applicationSecret) && StringUtils.isNotEmpty(this.tenantId);
    }
}
