package com.alauda.jenkins.plugins;

import com.alauda.jenkins.plugins.util.CredentialsUtils;
import com.cloudbees.plugins.credentials.common.AbstractIdCredentialsListBoxModel;
import com.cloudbees.plugins.credentials.common.StandardCertificateCredentials;
import com.cloudbees.plugins.credentials.common.StandardListBoxModel;
import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials;
import hudson.Extension;
import hudson.Util;
import hudson.model.AbstractDescribableImpl;
import hudson.model.Descriptor;
import hudson.security.ACL;
import hudson.util.FormValidation;
import hudson.util.ListBoxModel;
import java.io.IOException;
import java.io.InputStream;
import java.io.Serializable;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import jenkins.model.Jenkins;
import net.sf.json.JSONObject;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okio.Buffer;
import org.apache.commons.lang.StringUtils;
import org.jenkinsci.plugins.plaincredentials.StringCredentials;
import org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.Whitelisted;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;
import org.kohsuke.stapler.QueryParameter;

/* loaded from: input_file:com/alauda/jenkins/plugins/ClusterConfig.class */
public class ClusterConfig extends AbstractDescribableImpl<ClusterConfig> implements Serializable {
    private static final long serialVersionUID = 1;
    private String name;
    private String serverUrl;
    private String serverCertificateAuthority;
    private boolean skipTlsVerify;
    private String defaultProject;
    private String credentialsId;
    private boolean proxy = false;

    @Extension
    /* loaded from: input_file:com/alauda/jenkins/plugins/ClusterConfig$DescriptorImpl.class */
    public static class DescriptorImpl extends Descriptor<ClusterConfig> {
        public String getDisplayName() {
            return "Devops Cluster";
        }

        public FormValidation doCheckName(@QueryParameter String str) {
            return FormValidation.validateRequired(str);
        }

        public FormValidation doCheckServerUrl(@QueryParameter String str) {
            return FormValidation.validateRequired(str);
        }

        public FormValidation doVerifyConnect(@QueryParameter String str, @QueryParameter String str2, @QueryParameter String str3, @QueryParameter boolean z) {
            try {
                try {
                    return new SimpleKubernetesAvailabilityTestClient(str, z, str3, CredentialsUtils.getToken(str2)).testConnection() ? FormValidation.ok(String.format("Connect to %s success.", str)) : FormValidation.error("Failed to connect to cluster");
                } catch (IOException | GeneralSecurityException e) {
                    return FormValidation.error(String.format("Failed to connect to Cluster: %s", e.getMessage()));
                }
            } catch (GeneralSecurityException e2) {
                return FormValidation.error(String.format("Failed to connect to Cluster: %s", e2.getMessage()));
            }
        }

        public ListBoxModel doFillCredentialsIdItems(@QueryParameter String str) {
            return ClusterConfig.doFillCredentialsIdItems(str);
        }
    }

    /* loaded from: input_file:com/alauda/jenkins/plugins/ClusterConfig$SimpleKubernetesAvailabilityTestClient.class */
    private static class SimpleKubernetesAvailabilityTestClient {
        private String serverUrl;
        private boolean skipTlsVerify;
        private String serverCertificate;
        private String token;
        private String defaultProject = this.defaultProject;
        private String defaultProject = this.defaultProject;

        SimpleKubernetesAvailabilityTestClient(String str, boolean z, String str2, String str3) {
            this.serverUrl = str;
            this.skipTlsVerify = z;
            this.serverCertificate = str2;
            this.token = str3;
        }

        boolean testConnection() throws GeneralSecurityException, IOException {
            OkHttpClient insecureHttpClient = this.skipTlsVerify ? insecureHttpClient() : customCAHttpClient(this.serverCertificate);
            this.serverUrl = this.serverUrl.endsWith("/") ? this.serverUrl : this.serverUrl + "/";
            JSONObject fromObject = JSONObject.fromObject(insecureHttpClient.newCall(new Request.Builder().url(this.serverUrl + "api/v1/namespaces").addHeader("Authorization", "Bearer " + this.token).build()).execute().body().string());
            if (fromObject == null) {
                return false;
            }
            return fromObject.getString("kind").equals("NamespaceList");
        }

        private OkHttpClient insecureHttpClient() throws KeyManagementException, NoSuchAlgorithmException {
            X509TrustManager x509TrustManager = new X509TrustManager() { // from class: com.alauda.jenkins.plugins.ClusterConfig.SimpleKubernetesAvailabilityTestClient.1
                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                    if (x509CertificateArr == null) {
                        throw new CertificateException();
                    }
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                    if (x509CertificateArr == null) {
                        throw new CertificateException();
                    }
                }

                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    return new X509Certificate[0];
                }
            };
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, new TrustManager[]{x509TrustManager}, new SecureRandom());
            return new OkHttpClient.Builder().sslSocketFactory(sSLContext.getSocketFactory(), x509TrustManager).hostnameVerifier((str, sSLSession) -> {
                return true;
            }).build();
        }

        private OkHttpClient customCAHttpClient(String str) throws IOException, GeneralSecurityException {
            OkHttpClient.Builder builder = new OkHttpClient.Builder();
            if (StringUtils.isEmpty(str)) {
                return builder.build();
            }
            Buffer buffer = new Buffer();
            if (Files.exists(Paths.get(str, new String[0]), new LinkOption[0])) {
                buffer.write(Files.readAllBytes(Paths.get(str, new String[0])));
            } else {
                buffer.writeUtf8(str);
            }
            X509TrustManager trustManagerForCertificates = trustManagerForCertificates(buffer.inputStream());
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, new TrustManager[]{trustManagerForCertificates}, null);
            return builder.sslSocketFactory(sSLContext.getSocketFactory(), trustManagerForCertificates).build();
        }

        private X509TrustManager trustManagerForCertificates(InputStream inputStream) throws GeneralSecurityException {
            Collection<? extends Certificate> generateCertificates = CertificateFactory.getInstance("X.509").generateCertificates(inputStream);
            if (generateCertificates.isEmpty()) {
                throw new IllegalArgumentException("expected non-empty set of trusted certificates");
            }
            char[] charArray = ("" + System.currentTimeMillis()).toCharArray();
            KeyStore newEmptyKeyStore = newEmptyKeyStore(charArray);
            int i = 0;
            for (Certificate certificate : generateCertificates) {
                int i2 = i;
                i++;
                newEmptyKeyStore.setCertificateEntry(Integer.toString(i2), certificate);
            }
            KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()).init(newEmptyKeyStore, charArray);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(newEmptyKeyStore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (trustManagers.length == 1 && (trustManagers[0] instanceof X509TrustManager)) {
                return (X509TrustManager) trustManagers[0];
            }
            throw new IllegalStateException("Unexpected default trust managers:" + Arrays.toString(trustManagers));
        }

        private KeyStore newEmptyKeyStore(char[] cArr) throws GeneralSecurityException {
            try {
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(null, cArr);
                return keyStore;
            } catch (IOException e) {
                throw new AssertionError(e);
            }
        }
    }

    @DataBoundConstructor
    public ClusterConfig(String str) {
        this.name = str;
    }

    public String getName() {
        return this.name;
    }

    public String getServerUrl() {
        return this.serverUrl;
    }

    @DataBoundSetter
    public void setServerUrl(String str) {
        this.serverUrl = Util.fixEmptyAndTrim(str);
    }

    public String getServerCertificateAuthority() {
        return this.serverCertificateAuthority;
    }

    @DataBoundSetter
    public void setServerCertificateAuthority(String str) {
        this.serverCertificateAuthority = Util.fixEmptyAndTrim(str);
    }

    public boolean isSkipTlsVerify() {
        return this.skipTlsVerify;
    }

    @DataBoundSetter
    public void setSkipTlsVerify(boolean z) {
        this.skipTlsVerify = z;
    }

    public String getDefaultProject() {
        return this.defaultProject;
    }

    @DataBoundSetter
    public void setDefaultProject(String str) {
        this.defaultProject = Util.fixEmptyAndTrim(str);
    }

    public String getCredentialsId() {
        return this.credentialsId;
    }

    @DataBoundSetter
    public void setCredentialsId(String str) {
        this.credentialsId = Util.fixEmptyAndTrim(str);
    }

    public boolean isProxy() {
        return this.proxy;
    }

    @DataBoundSetter
    public void setProxy(boolean z) {
        this.proxy = z;
    }

    public String toString() {
        return String.format("Devops cluster [name:%s] [serverUrl:%s]", this.name, this.serverUrl);
    }

    @Whitelisted
    public static String getHostClusterApiServerUrl() {
        String str = System.getenv("KUBERNETES_SERVICE_HOST");
        if (str == null) {
            throw new IllegalStateException("No clusterName information specified and unable to find `KUBERNETES_SERVICE_HOST` environment variable.");
        }
        String str2 = System.getenv("KUBERNETES_SERVICE_PORT_HTTPS");
        if (str2 == null) {
            throw new IllegalStateException("No clusterName information specified and unable to find `KUBERNETES_SERVICE_PORT_HTTPS` environment variable.");
        }
        return "https://" + str + ":" + str2;
    }

    public static ListBoxModel doFillCredentialsIdItems(String str) {
        if (str == null) {
            str = "";
        }
        Jenkins jenkins = Jenkins.getInstance();
        AbstractIdCredentialsListBoxModel includeCurrentValue = new StandardListBoxModel().includeEmptyValue().includeCurrentValue(str);
        return !jenkins.hasPermission(Jenkins.ADMINISTER) ? includeCurrentValue : includeCurrentValue.includeAs(ACL.SYSTEM, jenkins, DevopsTokenCredentials.class).includeAs(ACL.SYSTEM, jenkins, StringCredentials.class).includeAs(ACL.SYSTEM, jenkins, StandardUsernamePasswordCredentials.class).includeAs(ACL.SYSTEM, jenkins, StandardCertificateCredentials.class);
    }
}
