package com.thycotic.jenkins;

import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.matchers.IdMatcher;
import com.thycotic.jenkins.configuration.DevOpsSecretsVaultConfigResolver;
import com.thycotic.jenkins.configuration.DevOpsSecretsVaultConfiguration;
import com.thycotic.jenkins.credentials.ThycoticVaultCredentials;
import com.thycotic.jenkins.model.ThycoticSecret;
import com.thycotic.jenkins.model.ThycoticSecretValue;
import com.thycotic.vault.exceptions.DevOpsSecretsVaultException;
import com.thycotic.vault.secret.BaseSecretService;
import hudson.AbortException;
import hudson.EnvVars;
import hudson.Extension;
import hudson.ExtensionList;
import hudson.FilePath;
import hudson.Launcher;
import hudson.model.AbstractProject;
import hudson.model.Run;
import hudson.model.TaskListener;
import hudson.security.ACL;
import hudson.tasks.BuildWrapperDescriptor;
import java.io.IOException;
import java.io.PrintStream;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.annotation.CheckForNull;
import jenkins.tasks.SimpleBuildWrapper;
import org.apache.commons.lang.StringUtils;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;

/* loaded from: input_file:com/thycotic/jenkins/ThycoticVaultBuildWrapper.class */
public class ThycoticVaultBuildWrapper extends SimpleBuildWrapper {
    private List<ThycoticSecret> thycoticVaultSecrets;
    private DevOpsSecretsVaultConfiguration configuration;

    @Extension
    /* loaded from: input_file:com/thycotic/jenkins/ThycoticVaultBuildWrapper$DescriptorImpl.class */
    public static final class DescriptorImpl extends BuildWrapperDescriptor {
        public DescriptorImpl() {
            super(ThycoticVaultBuildWrapper.class);
            load();
        }

        public boolean isApplicable(AbstractProject<?, ?> abstractProject) {
            return true;
        }

        public String getDisplayName() {
            return "Thycotic DevOps Secrets Vault Plugin";
        }
    }

    @DataBoundConstructor
    public ThycoticVaultBuildWrapper(@CheckForNull List<ThycoticSecret> list) {
        this.thycoticVaultSecrets = list;
    }

    public void setUp(SimpleBuildWrapper.Context context, Run<?, ?> run, FilePath filePath, Launcher launcher, TaskListener taskListener, EnvVars envVars) throws IOException, InterruptedException {
        PrintStream logger = taskListener.getLogger();
        updateConfig(run);
        ThycoticVaultCredentials credentials = getCredentials(run);
        if (this.thycoticVaultSecrets == null || this.thycoticVaultSecrets.isEmpty()) {
            return;
        }
        try {
            populateSecrets(context, credentials);
        } catch (Exception e) {
            e.printStackTrace(logger);
            throw new AbortException(e.getMessage());
        }
    }

    public List<ThycoticSecret> getThycoticVaultSecrets() {
        return this.thycoticVaultSecrets;
    }

    @DataBoundSetter
    public void setConfiguration(DevOpsSecretsVaultConfiguration devOpsSecretsVaultConfiguration) {
        this.configuration = devOpsSecretsVaultConfiguration;
    }

    public DevOpsSecretsVaultConfiguration getConfiguration() {
        return this.configuration;
    }

    private ThycoticVaultCredentials getCredentials(Run run) {
        String thycoticCredentialId = getConfiguration().getThycoticCredentialId();
        if (StringUtils.isBlank(thycoticCredentialId)) {
            throw new RuntimeException("The credential id was not configured - please specify the credentials to use.");
        }
        ThycoticVaultCredentials firstOrNull = CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(ThycoticVaultCredentials.class, run.getParent(), ACL.SYSTEM, Collections.emptyList()), new IdMatcher(thycoticCredentialId));
        if (firstOrNull == null) {
            throw new RuntimeException("No credential exists that matches the configured credential id.");
        }
        return firstOrNull;
    }

    private void populateSecrets(SimpleBuildWrapper.Context context, ThycoticVaultCredentials thycoticVaultCredentials) {
        BaseSecretService baseSecretService = new BaseSecretService(thycoticVaultCredentials.getVaultClient());
        try {
            for (ThycoticSecret thycoticSecret : this.thycoticVaultSecrets) {
                Map secretMap = baseSecretService.getSecretMap(thycoticSecret.getPath());
                for (ThycoticSecretValue thycoticSecretValue : thycoticSecret.getSecretValues()) {
                    context.env(thycoticSecretValue.getEnvVar(), (String) secretMap.get(thycoticSecretValue.getKey()));
                }
            }
        } catch (DevOpsSecretsVaultException e) {
            throw new RuntimeException("Exception calling DevOps Secrets Vault API", e);
        }
    }

    private void updateConfig(Run<?, ?> run) {
        Iterator it = ExtensionList.lookup(DevOpsSecretsVaultConfigResolver.class).iterator();
        while (it.hasNext()) {
            DevOpsSecretsVaultConfigResolver devOpsSecretsVaultConfigResolver = (DevOpsSecretsVaultConfigResolver) it.next();
            if (this.configuration != null) {
                this.configuration = this.configuration.mergeWithParent(devOpsSecretsVaultConfigResolver.forJob(run.getParent()));
            } else {
                this.configuration = devOpsSecretsVaultConfigResolver.forJob(run.getParent());
            }
        }
        if (this.configuration == null) {
            throw new RuntimeException("No configuration found - please configure the DevOps Secrets Vault Plugin.");
        }
    }
}
