package io.jenkins.plugins.akeyless;

import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.CredentialsUnavailableException;
import com.cloudbees.plugins.credentials.matchers.IdMatcher;
import com.google.gson.Gson;
import com.google.gson.internal.LinkedTreeMap;
import hudson.EnvVars;
import hudson.ExtensionList;
import hudson.model.Run;
import hudson.security.ACL;
import io.akeyless.client.ApiException;
import io.akeyless.client.api.V2Api;
import io.akeyless.client.model.DescribeItem;
import io.akeyless.client.model.GetCertificateValue;
import io.akeyless.client.model.GetDynamicSecretValue;
import io.akeyless.client.model.GetPKICertificate;
import io.akeyless.client.model.GetPKICertificateOutput;
import io.akeyless.client.model.GetRotatedSecretValue;
import io.akeyless.client.model.GetSSHCertificate;
import io.akeyless.client.model.GetSSHCertificateOutput;
import io.akeyless.client.model.GetSecretValue;
import io.jenkins.plugins.akeyless.configuration.AkeylessConfigResolver;
import io.jenkins.plugins.akeyless.configuration.AkeylessConfiguration;
import io.jenkins.plugins.akeyless.credentials.AkeylessCredential;
import io.jenkins.plugins.akeyless.model.AkeylessPKIIssuer;
import io.jenkins.plugins.akeyless.model.AkeylessSSHIssuer;
import io.jenkins.plugins.akeyless.model.AkeylessSecretBase;
import io.jenkins.plugins.akeyless.model.AkeylessSecretValue;
import java.io.PrintStream;
import java.io.Serializable;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.annotation.Nonnull;
import jenkins.model.Jenkins;
import net.sf.json.JSONObject;
import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang.StringUtils;

/* loaded from: input_file:io/jenkins/plugins/akeyless/AkeylessAccessor.class */
public class AkeylessAccessor implements Serializable {
    private static final long serialVersionUID = 1;
    private transient V2Api api;
    private final AkeylessCredential credential;
    public static final String DATA_KEY = "data";
    private static final Gson gson = new Gson();

    public AkeylessAccessor(V2Api v2Api, AkeylessCredential akeylessCredential) {
        this.api = v2Api;
        this.credential = akeylessCredential;
    }

    public V2Api getApi() {
        return this.api;
    }

    /* JADX WARN: Code restructure failed: missing block: B:38:0x00be, code lost:
    
        if (r22.isEmpty() != false) goto L26;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static java.util.Map<java.lang.String, java.lang.String> retrieveSecrets(hudson.model.Run<?, ?> r7, java.io.PrintStream r8, hudson.EnvVars r9, io.jenkins.plugins.akeyless.AkeylessAccessor r10, io.jenkins.plugins.akeyless.configuration.AkeylessConfiguration r11, java.util.List<io.jenkins.plugins.akeyless.model.AkeylessSecret> r12, java.util.List<io.jenkins.plugins.akeyless.model.AkeylessPKIIssuer> r13, java.util.List<io.jenkins.plugins.akeyless.model.AkeylessSSHIssuer> r14) {
        /*
            Method dump skipped, instructions count: 320
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: io.jenkins.plugins.akeyless.AkeylessAccessor.retrieveSecrets(hudson.model.Run, java.io.PrintStream, hudson.EnvVars, io.jenkins.plugins.akeyless.AkeylessAccessor, io.jenkins.plugins.akeyless.configuration.AkeylessConfiguration, java.util.List, java.util.List, java.util.List):java.util.Map");
    }

    public static void fillObjectValues(PrintStream printStream, EnvVars envVars, AkeylessAccessor akeylessAccessor, String str, List<? extends AkeylessSecretBase> list, Map<String, String> map) {
        if (map == null) {
            throw new AkeylessPluginException("Akeyless secrets holder should be initialized.");
        }
        if (list == null || list.isEmpty()) {
            return;
        }
        for (AkeylessSecretBase akeylessSecretBase : list) {
            String expand = envVars.expand(akeylessSecretBase.getPath());
            printStream.printf("Retrieving secret: %s%n", expand);
            Map<String, Object> secret = akeylessAccessor.getSecret(str, akeylessSecretBase);
            Object obj = secret.get(expand);
            if (obj instanceof String) {
                obj = gson.fromJson(JSONObject.fromObject("{\"data\": \"" + StringEscapeUtils.escapeJava(obj.toString()) + "\"}").toString(), LinkedTreeMap.class);
            }
            Map<String, Object> fillDataValues = fillDataValues((LinkedTreeMap) obj, secret);
            for (AkeylessSecretValue akeylessSecretValue : akeylessSecretBase.getSecretValues()) {
                String secretKey = akeylessSecretValue.getSecretKey();
                Object obj2 = fillDataValues.get(secretKey);
                if (obj2 == null && akeylessSecretValue.getIsRequired()) {
                    throw new IllegalArgumentException("Required secret " + secretKey + " at " + expand + " is either null or empty. Please check the Secret name and type in Akeyless.");
                }
                if (obj2 != null) {
                    map.put(akeylessSecretValue.getEnvVar(), obj2.toString());
                }
            }
            printStream.printf("Retrieving secret: %s -- SUCCESS.%n", expand);
        }
    }

    private static Map<String, Object> fillDataValues(LinkedTreeMap linkedTreeMap, Map<String, Object> map) {
        if (linkedTreeMap == null) {
            linkedTreeMap = (LinkedTreeMap) map.get("value");
            if (linkedTreeMap == null) {
                linkedTreeMap = new LinkedTreeMap();
                linkedTreeMap.putAll(map);
            }
        }
        if (linkedTreeMap.get(DATA_KEY) == null) {
            linkedTreeMap.put(DATA_KEY, JSONObject.fromObject(linkedTreeMap).toString());
        }
        return linkedTreeMap;
    }

    public static AkeylessCredential retrieveAkeylessCredentials(Run run, AkeylessConfiguration akeylessConfiguration) {
        if (Jenkins.getInstanceOrNull() == null) {
            return null;
        }
        String akeylessCredentialId = akeylessConfiguration.getAkeylessCredentialId();
        if (StringUtils.isEmpty(akeylessCredentialId)) {
            throw new AkeylessPluginException("The credential id was not configured - please specify the credentials to use.");
        }
        AkeylessCredential firstOrNull = CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(AkeylessCredential.class, run.getParent(), ACL.SYSTEM, Collections.emptyList()), new IdMatcher(akeylessCredentialId));
        if (firstOrNull == null) {
            throw new CredentialsUnavailableException(akeylessCredentialId);
        }
        return firstOrNull;
    }

    public static AkeylessConfiguration pullAndMergeConfiguration(Run<?, ?> run, AkeylessConfiguration akeylessConfiguration) {
        AkeylessConfiguration akeylessConfiguration2 = akeylessConfiguration;
        Iterator it = ExtensionList.lookup(AkeylessConfigResolver.class).iterator();
        while (it.hasNext()) {
            AkeylessConfigResolver akeylessConfigResolver = (AkeylessConfigResolver) it.next();
            akeylessConfiguration2 = akeylessConfiguration2 != null ? akeylessConfiguration2.mergeWithParent(akeylessConfigResolver.forJob(run.getParent())) : akeylessConfigResolver.forJob(run.getParent());
        }
        if (akeylessConfiguration2 == null) {
            throw new AkeylessPluginException("No configuration found - please configure the Akeyless Plugin.");
        }
        return akeylessConfiguration2;
    }

    public Map<String, Object> getSecret(String str, AkeylessSecretBase akeylessSecretBase) {
        DescribeItem describeItem = new DescribeItem();
        describeItem.setToken(str);
        describeItem.setName(akeylessSecretBase.getPath());
        try {
            String itemType = getApi().describeItem(describeItem).getItemType();
            try {
                boolean z = -1;
                switch (itemType.hashCode()) {
                    case -1526501341:
                        if (itemType.equals("PKI_CERT_ISSUER")) {
                            z = 5;
                            break;
                        }
                        break;
                    case -754911907:
                        if (itemType.equals("SSH_CERT_ISSUER")) {
                            z = 4;
                            break;
                        }
                        break;
                    case -189606537:
                        if (itemType.equals("CERTIFICATE")) {
                            z = 3;
                            break;
                        }
                        break;
                    case 825127270:
                        if (itemType.equals("ROTATED_SECRET")) {
                            z = 2;
                            break;
                        }
                        break;
                    case 892355280:
                        if (itemType.equals("DYNAMIC_SECRET")) {
                            z = true;
                            break;
                        }
                        break;
                    case 2069923233:
                        if (itemType.equals("STATIC_SECRET")) {
                            z = false;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case AkeylessConfiguration.DescriptorImpl.DEFAULT_SKIP_SSL_VERIFICATION /* 0 */:
                        GetSecretValue getSecretValue = new GetSecretValue();
                        getSecretValue.setToken(str);
                        getSecretValue.json(true);
                        getSecretValue.names(Collections.singletonList(akeylessSecretBase.getPath()));
                        getSecretValue.setPrettyPrint(true);
                        return getApi().getSecretValue(getSecretValue);
                    case true:
                        GetDynamicSecretValue getDynamicSecretValue = new GetDynamicSecretValue();
                        getDynamicSecretValue.setToken(str);
                        getDynamicSecretValue.json(true);
                        getDynamicSecretValue.setName(akeylessSecretBase.getPath());
                        return getApi().getDynamicSecretValue(getDynamicSecretValue);
                    case true:
                        GetRotatedSecretValue getRotatedSecretValue = new GetRotatedSecretValue();
                        getRotatedSecretValue.setToken(str);
                        getRotatedSecretValue.json(true);
                        getRotatedSecretValue.setNames(akeylessSecretBase.getPath());
                        return getApi().getRotatedSecretValue(getRotatedSecretValue);
                    case true:
                        GetCertificateValue getCertificateValue = new GetCertificateValue();
                        getCertificateValue.setToken(str);
                        getCertificateValue.json(true);
                        getCertificateValue.setName(akeylessSecretBase.getPath());
                        return (Map) gson.fromJson(JSONObject.fromObject(getApi().getCertificateValue(getCertificateValue)).toString(), LinkedTreeMap.class);
                    case true:
                        GetSSHCertificateOutput sSHCertificate = getApi().getSSHCertificate(getSSHCertificateBody(str, (AkeylessSSHIssuer) akeylessSecretBase));
                        LinkedTreeMap linkedTreeMap = new LinkedTreeMap();
                        linkedTreeMap.put(DATA_KEY, sSHCertificate.getData());
                        return (Map) gson.fromJson(JSONObject.fromObject(linkedTreeMap).toString(), LinkedTreeMap.class);
                    case true:
                        GetPKICertificateOutput pKICertificate = getApi().getPKICertificate(getPKICertificateBody(str, (AkeylessPKIIssuer) akeylessSecretBase));
                        LinkedTreeMap linkedTreeMap2 = new LinkedTreeMap();
                        linkedTreeMap2.put(DATA_KEY, pKICertificate.getData());
                        return (Map) gson.fromJson(JSONObject.fromObject(linkedTreeMap2).toString(), LinkedTreeMap.class);
                    default:
                        throw new AkeylessPluginException("Wrong or not supported item type: " + itemType);
                }
            } catch (ApiException e) {
                throw new AkeylessPluginException("Failed to retrieve secret: " + e.getResponseBody(), e);
            }
        } catch (ApiException e2) {
            throw new AkeylessPluginException("Failed to describe item: " + e2.getResponseBody(), e2);
        }
    }

    @Nonnull
    private GetSSHCertificate getSSHCertificateBody(String str, AkeylessSSHIssuer akeylessSSHIssuer) {
        GetSSHCertificate getSSHCertificate = new GetSSHCertificate();
        getSSHCertificate.setToken(str);
        getSSHCertificate.setJson(true);
        getSSHCertificate.setCertIssuerName(akeylessSSHIssuer.getPath());
        getSSHCertificate.setPublicKeyData(akeylessSSHIssuer.getPublicKey());
        getSSHCertificate.setCertUsername(akeylessSSHIssuer.getCertUserName());
        getSSHCertificate.setTtl(Long.valueOf(akeylessSSHIssuer.getTtl()));
        return getSSHCertificate;
    }

    @Nonnull
    private GetPKICertificate getPKICertificateBody(String str, AkeylessPKIIssuer akeylessPKIIssuer) {
        GetPKICertificate getPKICertificate = new GetPKICertificate();
        getPKICertificate.certIssuerName(akeylessPKIIssuer.getPath());
        getPKICertificate.setToken(str);
        getPKICertificate.setTtl(Long.toString(akeylessPKIIssuer.getTtl()));
        getPKICertificate.setJson(true);
        getPKICertificate.setCsrDataBase64(akeylessPKIIssuer.getCsrBase64());
        getPKICertificate.setKeyDataBase64(Base64.getEncoder().encodeToString(akeylessPKIIssuer.getPublicKey().getBytes(StandardCharsets.UTF_8)));
        return getPKICertificate;
    }
}
