package com.thycotic.secrets.jenkins;

import com.thycotic.secrets.vault.spring.Secret;
import com.thycotic.secrets.vault.spring.SecretsVault;
import com.thycotic.secrets.vault.spring.SecretsVaultFactoryBean;
import hudson.EnvVars;
import hudson.Extension;
import hudson.ExtensionList;
import hudson.FilePath;
import hudson.Launcher;
import hudson.console.ConsoleLogFilter;
import hudson.model.AbstractProject;
import hudson.model.Run;
import hudson.model.TaskListener;
import hudson.tasks.BuildWrapperDescriptor;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import jenkins.tasks.SimpleBuildWrapper;
import org.apache.commons.lang.StringUtils;
import org.jenkinsci.Symbol;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;
import org.springframework.beans.factory.config.BeanDefinitionCustomizer;
import org.springframework.context.annotation.AnnotationConfigApplicationContext;
import org.springframework.core.env.MapPropertySource;

/* loaded from: input_file:com/thycotic/secrets/jenkins/VaultBuildWrapper.class */
public class VaultBuildWrapper extends SimpleBuildWrapper {
    private static final String CLIENT_ID_PROPERTY = "secrets_vault.client_id";
    private static final String CLIENT_SECRET_PROPERTY = "secrets_vault.client_secret";
    private static final String TENANT_PROPERTY = "secrets_vault.tenant";
    private static final String TLD_PROPERTY = "secrets_vault.tld";
    private List<VaultSecret> secrets;
    private List<String> valuesToMask = new ArrayList();
    static final /* synthetic */ boolean $assertionsDisabled;

    @Extension
    @Symbol({"withDevOpsSecretsVault"})
    /* loaded from: input_file:com/thycotic/secrets/jenkins/VaultBuildWrapper$DescriptorImpl.class */
    public static final class DescriptorImpl extends BuildWrapperDescriptor {
        public boolean isApplicable(AbstractProject<?, ?> abstractProject) {
            return true;
        }

        public String getDisplayName() {
            return "Use Thycotic DevOps Secrets Vault Secrets";
        }
    }

    @DataBoundConstructor
    public VaultBuildWrapper(List<VaultSecret> list) {
        this.secrets = list;
    }

    public List<VaultSecret> getSecrets() {
        return this.secrets;
    }

    @DataBoundSetter
    public void setSecrets(List<VaultSecret> list) {
        this.secrets = list;
    }

    public ConsoleLogFilter createLoggerDecorator(Run<?, ?> run) {
        return new VaultConsoleLogFilter(run.getCharset().name(), this.valuesToMask);
    }

    public void setUp(SimpleBuildWrapper.Context context, Run<?, ?> run, FilePath filePath, Launcher launcher, TaskListener taskListener, EnvVars envVars) throws IOException, InterruptedException {
        VaultConfiguration vaultConfiguration = VaultConfiguration.get();
        HashMap hashMap = new HashMap();
        this.secrets.forEach(vaultSecret -> {
            String credentialId = vaultSecret.getCredentialId();
            ClientSecret clientSecret = StringUtils.isNotBlank(credentialId) ? ClientSecret.get(credentialId, null) : ClientSecret.get(vaultConfiguration.getCredentialId(), null);
            if (!$assertionsDisabled && clientSecret == null) {
                throw new AssertionError();
            }
            AnnotationConfigApplicationContext annotationConfigApplicationContext = new AnnotationConfigApplicationContext();
            hashMap.put(CLIENT_ID_PROPERTY, clientSecret.getClientId());
            hashMap.put(CLIENT_SECRET_PROPERTY, clientSecret.getSecret());
            hashMap.put(TENANT_PROPERTY, StringUtils.defaultIfBlank(vaultSecret.getTenant(), vaultConfiguration.getTenant()));
            hashMap.put(TLD_PROPERTY, StringUtils.defaultIfBlank(vaultSecret.getTld(), vaultConfiguration.getTld()));
            annotationConfigApplicationContext.getEnvironment().getPropertySources().addLast(new MapPropertySource("properties", hashMap));
            annotationConfigApplicationContext.registerBean(SecretsVaultFactoryBean.class, new BeanDefinitionCustomizer[0]);
            annotationConfigApplicationContext.refresh();
            Secret secret = ((SecretsVault) annotationConfigApplicationContext.getBean(SecretsVault.class)).getSecret(vaultSecret.getPath());
            vaultSecret.getMappings().forEach(mapping -> {
                context.env(StringUtils.trimToEmpty(((VaultConfiguration) ExtensionList.lookupSingleton(VaultConfiguration.class)).getEnvironmentVariablePrefix()) + mapping.getEnvironmentVariable(), (String) secret.getData().get(mapping.getDataField()));
                this.valuesToMask.add((String) secret.getData().get(mapping.getDataField()));
            });
            annotationConfigApplicationContext.close();
        });
    }

    static {
        $assertionsDisabled = !VaultBuildWrapper.class.desiredAssertionStatus();
    }
}
