package io.fabric8.kubernetes.api;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.SerializationFeature;
import com.fasterxml.jackson.jaxrs.cfg.Annotations;
import com.fasterxml.jackson.jaxrs.json.JacksonJaxbJsonProvider;
import io.fabric8.kubernetes.api.extensions.Configs;
import io.fabric8.kubernetes.api.model.config.Config;
import io.fabric8.kubernetes.api.model.config.Context;
import io.fabric8.utils.Strings;
import io.fabric8.utils.Systems;
import io.fabric8.utils.cxf.AuthorizationHeaderFilter;
import io.fabric8.utils.cxf.WebClients;
import java.io.File;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.KeyStore;
import java.util.ArrayList;
import java.util.List;
import javax.ws.rs.Consumes;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.ext.Provider;
import org.apache.cxf.jaxrs.client.JAXRSClientFactory;
import org.apache.cxf.jaxrs.client.WebClient;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.websocket.client.WebSocketClient;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/fabric8/kubernetes/api/KubernetesFactory.class */
public class KubernetesFactory {
    public static final String KUBERNETES_SCHEMA_JSON = "schema/kube-schema.json";
    private final Logger log;
    public static final String DEFAULT_KUBERNETES_MASTER = "http://localhost:8080";
    public static final String KUBERNETES_TRUST_ALL_CERIFICATES = "KUBERNETES_TRUST_CERT";
    public static final String KUBERNETES_DISABLE_HOSTNAME_CHECK = "KUBERNETES_DISABLE_HOSTNAME_CHECK";
    public static final String KUBERNETES_SERVICE_HOST_ENV_VAR = "KUBERNETES_SERVICE_HOST";
    public static final String KUBERNETES_SERVICE_PORT_ENV_VAR = "KUBERNETES_SERVICE_PORT";
    public static final String KUBERNETES_MASTER_ENV_VAR = "KUBERNETES_MASTER";
    public static final String KUBERNETES_CA_CERTIFICATE_FILE_ENV_VAR = "KUBERNETES_CA_CERTIFICATE_FILE";
    public static final String KUBERNETES_CLIENT_CERTIFICATE_FILE_ENV_VAR = "KUBERNETES_CLIENT_CERTIFICATE_FILE";
    public static final String KUBERNETES_CLIENT_KEY_FILE_ENV_VAR = "KUBERNETES_CLIENT_KEY_FILE";
    public static final String KUBERNETES_CLIENT_KEY_DATA_ENV_VAR = "KUBERNETES_CLIENT_KEY_DATA";
    public static final String KUBERNETES_CA_CERTIFICATE_DATA_ENV_VAR = "KUBERNETES_CA_CERTIFICATE_DATA";
    public static final String KUBERNETES_CLIENT_CERTIFICATE_DATA_ENV_VAR = "KUBERNETES_CLIENT_CERTIFICATE_DATA";
    public static final String KUBERNETES_CLIENT_KEY_ALGO_ENV_VAR = "KUBERNETES_CLIENT_KEY_ALGO";
    public static final String KUBERNETES_CLIENT_KEY_PASSWORD_ENV_VAR = "KUBERNETES_CLIENT_KEY_PASSWORD";
    public static final String KUBERNETES_MASTER_SYSTEM_PROPERTY = "kubernetes.master";
    public static final String KUBERNETES_VERIFY_SYSTEM_PROPERTY = "kubernetes.verify";
    private String address;
    private boolean verifyAddress;
    private boolean trustAllCerts;
    private boolean disableHostNameChecks;
    private File caCertFile;
    private File clientCertFile;
    private File clientKeyFile;
    private String caCertData;
    private String clientCertData;
    private String clientKeyData;
    private String clientKeyAlgo;
    private char[] clientKeyPassword;
    private String username;
    private String password;

    @Produces({"text/plain"})
    @Provider
    @Consumes({"text/plain"})
    /* loaded from: input_file:io/fabric8/kubernetes/api/KubernetesFactory$PlainTextJacksonProvider.class */
    public static class PlainTextJacksonProvider extends JacksonJaxbJsonProvider {
        public PlainTextJacksonProvider(ObjectMapper objectMapper, Annotations[] annotationsArr) {
            super(objectMapper, annotationsArr);
        }

        protected boolean hasMatchingMediaType(MediaType mediaType) {
            boolean hasMatchingMediaType = super.hasMatchingMediaType(mediaType);
            String type = mediaType.getType();
            mediaType.getSubtype();
            if (!hasMatchingMediaType && type.equals("text")) {
                hasMatchingMediaType = super.hasMatchingMediaType(MediaType.APPLICATION_JSON_TYPE);
            }
            return hasMatchingMediaType;
        }
    }

    public KubernetesFactory() {
        this(null);
    }

    public KubernetesFactory(String str) {
        this(str, Boolean.parseBoolean(System.getProperty(KUBERNETES_VERIFY_SYSTEM_PROPERTY, "true")));
    }

    public KubernetesFactory(String str, boolean z) {
        this.log = LoggerFactory.getLogger(getClass());
        this.verifyAddress = true;
        this.trustAllCerts = false;
        this.disableHostNameChecks = false;
        this.clientKeyAlgo = "RSA";
        this.clientKeyPassword = "changeit".toCharArray();
        this.verifyAddress = z;
        init();
        initAddress(str);
    }

    protected void initAddress(String str) {
        if (Strings.isNullOrBlank(str)) {
            setAddress(findKubernetesMaster());
        } else {
            setAddress(str);
        }
    }

    protected String findKubernetesMaster() {
        return resolveHttpKubernetesMaster();
    }

    private void init() {
        if (Systems.hasEnvVarOrSystemProperty(KUBERNETES_TRUST_ALL_CERIFICATES)) {
            this.trustAllCerts = Systems.getEnvVarOrSystemProperty(KUBERNETES_TRUST_ALL_CERIFICATES, false).booleanValue();
        } else if (Systems.hasEnvVarOrSystemProperty(KUBERNETES_CA_CERTIFICATE_FILE_ENV_VAR)) {
            File file = new File(Systems.getEnvVarOrSystemProperty(KUBERNETES_CA_CERTIFICATE_FILE_ENV_VAR));
            if (file.exists() && file.canRead()) {
                this.caCertFile = file;
            } else {
                this.log.error("Specified CA certificate file {} does not exist or is not readable", file);
            }
        }
        if (Systems.hasEnvVarOrSystemProperty(KUBERNETES_DISABLE_HOSTNAME_CHECK)) {
            this.disableHostNameChecks = Systems.getEnvVarOrSystemProperty(KUBERNETES_DISABLE_HOSTNAME_CHECK, false).booleanValue();
        }
        if (Systems.hasEnvVarOrSystemProperty(KUBERNETES_CA_CERTIFICATE_DATA_ENV_VAR)) {
            this.caCertData = Systems.getEnvVarOrSystemProperty(KUBERNETES_CA_CERTIFICATE_DATA_ENV_VAR);
        }
        if (Systems.hasEnvVarOrSystemProperty(KUBERNETES_CLIENT_CERTIFICATE_FILE_ENV_VAR)) {
            File file2 = new File(Systems.getEnvVarOrSystemProperty(KUBERNETES_CLIENT_CERTIFICATE_FILE_ENV_VAR));
            if (file2.exists() && file2.canRead()) {
                this.clientCertFile = file2;
            } else {
                this.log.error("Specified client certificate file {} does not exist or is not readable", file2);
            }
        }
        if (Systems.hasEnvVarOrSystemProperty(KUBERNETES_CLIENT_CERTIFICATE_DATA_ENV_VAR)) {
            this.clientCertData = Systems.getEnvVarOrSystemProperty(KUBERNETES_CLIENT_CERTIFICATE_DATA_ENV_VAR);
        }
        if (Systems.hasEnvVarOrSystemProperty(KUBERNETES_CLIENT_KEY_FILE_ENV_VAR)) {
            File file3 = new File(Systems.getEnvVarOrSystemProperty(KUBERNETES_CLIENT_KEY_FILE_ENV_VAR));
            if (file3.exists() && file3.canRead()) {
                this.clientKeyFile = file3;
            } else {
                this.log.error("Specified client key file {} does not exist or is not readable", file3);
            }
        }
        if (Systems.hasEnvVarOrSystemProperty(KUBERNETES_CLIENT_KEY_DATA_ENV_VAR)) {
            this.clientKeyData = Systems.getEnvVarOrSystemProperty(KUBERNETES_CLIENT_KEY_DATA_ENV_VAR);
        }
        if (Systems.hasEnvVarOrSystemProperty(KUBERNETES_CLIENT_KEY_ALGO_ENV_VAR)) {
            this.clientKeyAlgo = Systems.getEnvVarOrSystemProperty(KUBERNETES_CLIENT_KEY_ALGO_ENV_VAR);
        }
        if (Systems.hasEnvVarOrSystemProperty(KUBERNETES_CLIENT_KEY_PASSWORD_ENV_VAR)) {
            this.clientKeyPassword = Systems.getEnvVarOrSystemProperty(KUBERNETES_CLIENT_KEY_PASSWORD_ENV_VAR).toCharArray();
        }
    }

    public String toString() {
        return "KubernetesFactory{" + this.address + '}';
    }

    public Kubernetes createKubernetes() {
        return (Kubernetes) createWebClient(Kubernetes.class);
    }

    public KubernetesExtensions createKubernetesExtensions() {
        return (KubernetesExtensions) createWebClient(KubernetesExtensions.class);
    }

    public KubernetesGlobalExtensions createKubernetesGlobalExtensions() {
        return (KubernetesGlobalExtensions) createWebClient(KubernetesGlobalExtensions.class);
    }

    public <T> T createWebClient(Class<T> cls) {
        return (T) JAXRSClientFactory.fromClient(createWebClient(), cls);
    }

    public WebClient createWebClient() {
        return createWebClient(this.address);
    }

    public WebClient createWebClient(String str) {
        List<Object> createProviders = createProviders();
        AuthorizationHeaderFilter authorizationHeaderFilter = new AuthorizationHeaderFilter();
        createProviders.add(authorizationHeaderFilter);
        WebClient create = WebClient.create(str, createProviders);
        WebClients.configureUserAndPassword(create, this.username, this.password);
        boolean z = false;
        if (this.trustAllCerts) {
            WebClients.disableSslChecks(create);
        } else if (this.caCertFile != null || this.caCertData != null) {
            WebClients.configureCaCert(create, this.caCertData, this.caCertFile);
            if (this.disableHostNameChecks) {
                WebClients.disableHostNameChecks(create);
            }
        }
        if ((this.clientCertFile != null || this.clientCertData != null) && (this.clientKeyFile != null || this.clientKeyData != null)) {
            WebClients.configureClientCert(create, this.clientCertData, this.clientCertFile, this.clientKeyData, this.clientKeyFile, this.clientKeyAlgo, this.clientKeyPassword);
            z = true;
        }
        if (!z) {
            String findToken = findToken();
            if (Strings.isNotBlank(findToken)) {
                authorizationHeaderFilter.setAuthorizationHeader("Bearer " + findToken);
            }
        }
        return create;
    }

    public WebSocketClient createWebSocketClient() throws Exception {
        SslContextFactory sslContextFactory = null;
        if (this.trustAllCerts) {
            sslContextFactory = new SslContextFactory(this.trustAllCerts);
        } else if (this.caCertData != null || this.caCertFile != null) {
            KeyStore createTrustStore = WebClients.createTrustStore(this.caCertData, this.caCertFile);
            sslContextFactory = new SslContextFactory();
            sslContextFactory.setTrustStore(createTrustStore);
        }
        if ((this.clientCertFile != null || this.clientCertData != null) && (this.clientKeyFile != null || this.clientKeyData != null)) {
            if (sslContextFactory == null) {
                sslContextFactory = new SslContextFactory();
            }
            sslContextFactory.setKeyStore(WebClients.createKeyStore(this.clientCertData, this.clientCertFile, this.clientKeyData, this.clientKeyFile, this.clientKeyAlgo, this.clientKeyPassword));
            sslContextFactory.setKeyStorePassword(new String(this.clientKeyPassword));
            sslContextFactory.setKeyManagerPassword(new String(this.clientKeyPassword));
        }
        sslContextFactory.setIncludeProtocols(new String[]{"TLSv1", "TLSv1.1", "TLSv1.2"});
        return new WebSocketClient(sslContextFactory);
    }

    public String findToken() {
        String serviceAccountToken = getServiceAccountToken();
        return Strings.isNotBlank(serviceAccountToken) ? serviceAccountToken : findOpenShiftToken();
    }

    public String getServiceAccountToken() {
        try {
            return new String(Files.readAllBytes(Paths.get(Kubernetes.SERVICE_ACCOUNT_TOKEN_FILE, new String[0])));
        } catch (IOException e) {
            this.log.debug("Cannot read service account token");
            return null;
        }
    }

    public String findOpenShiftToken() {
        Context currentContext;
        Config parseConfigs = Configs.parseConfigs();
        if (parseConfigs == null || (currentContext = Configs.getCurrentContext(parseConfigs)) == null) {
            return null;
        }
        return Configs.getUserToken(parseConfigs, currentContext);
    }

    protected List<Object> createProviders() {
        ArrayList arrayList = new ArrayList();
        Annotations[] annotationsArr = JacksonJaxbJsonProvider.DEFAULT_ANNOTATIONS;
        ObjectMapper createObjectMapper = createObjectMapper();
        arrayList.add(new JacksonJaxbJsonProvider(createObjectMapper, annotationsArr));
        arrayList.add(new PlainTextJacksonProvider(createObjectMapper, annotationsArr));
        arrayList.add(new ExceptionResponseMapper());
        return arrayList;
    }

    public String getKubernetesMaster() {
        String str = this.address;
        int lastIndexOf = str.lastIndexOf(":");
        if (lastIndexOf > 0) {
            str = str.substring(0, lastIndexOf);
        }
        int lastIndexOf2 = str.lastIndexOf(":");
        if (lastIndexOf2 > 0) {
            str = str.substring(lastIndexOf2 + 1);
        }
        int lastIndexOf3 = str.lastIndexOf("/");
        if (lastIndexOf3 > 0) {
            str = str.substring(lastIndexOf3 + 1);
        }
        return str;
    }

    public String getAddress() {
        return this.address;
    }

    public void setAddress(String str) {
        this.address = str;
        if (Strings.isNullOrBlank(str)) {
            this.address = findKubernetesMaster();
        }
        if (this.verifyAddress) {
            try {
                URL url = new URL(this.address);
                if (KubernetesHelper.isServiceSsl(url.getHost(), url.getPort(), true)) {
                    this.address = "https://" + url.getHost() + ":" + url.getPort();
                } else {
                    this.address = "http://" + url.getHost() + ":" + url.getPort();
                }
            } catch (MalformedURLException e) {
                throw new IllegalArgumentException("Invalid kubernetes master address", e);
            }
        }
    }

    public static String resolveHttpKubernetesMaster() {
        String resolveKubernetesMaster = resolveKubernetesMaster();
        return resolveKubernetesMaster.startsWith("tcp:") ? "https:" + resolveKubernetesMaster.substring(4) : resolveKubernetesMaster;
    }

    public static String resolveKubernetesMaster() {
        String str = System.getenv(KUBERNETES_SERVICE_HOST_ENV_VAR);
        return Strings.isNotBlank(str) ? "https://" + str + ":" + System.getenv(KUBERNETES_SERVICE_PORT_ENV_VAR) : Systems.getSystemPropertyOrEnvVar(KUBERNETES_MASTER_SYSTEM_PROPERTY, KUBERNETES_MASTER_ENV_VAR, DEFAULT_KUBERNETES_MASTER);
    }

    public static ObjectMapper createObjectMapper() {
        ObjectMapper objectMapper = new ObjectMapper();
        objectMapper.enable(SerializationFeature.INDENT_OUTPUT);
        return objectMapper;
    }
}
