package com.cloudbees.jenkins.plugins.kubernetes_credentials_provider;

import com.cloudbees.plugins.credentials.CredentialsScope;
import edu.umd.cs.findbugs.annotations.CheckForNull;
import edu.umd.cs.findbugs.annotations.Nullable;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import io.fabric8.kubernetes.api.model.Secret;
import java.nio.ByteBuffer;
import java.nio.charset.CharacterCodingException;
import java.nio.charset.CharsetDecoder;
import java.nio.charset.CodingErrorAction;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.Locale;
import java.util.Map;
import java.util.Optional;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;

/* loaded from: input_file:WEB-INF/lib/kubernetes-credentials-provider.jar:com/cloudbees/jenkins/plugins/kubernetes_credentials_provider/SecretUtils.class */
public abstract class SecretUtils {
    private static final Logger LOG = Logger.getLogger(SecretUtils.class.getName());
    private static final String JENKINS_IO_CREDENTIALS_DESCRIPTION_ANNOTATION = "jenkins.io/credentials-description";
    private static final String JENKINS_IO_CREDENTIALS_KEYBINDING_ANNOTATION_PREFIX = "jenkins.io/credentials-keybinding-";
    static final String JENKINS_IO_CREDENTIALS_TYPE_LABEL = "jenkins.io/credentials-type";
    static final String JENKINS_IO_CREDENTIALS_SCOPE_LABEL = "jenkins.io/credentials-scope";

    @CheckForNull
    @Restricted({NoExternalUse.class})
    public static String base64DecodeToString(String str) {
        byte[] base64Decode = base64Decode(str);
        if (base64Decode == null) {
            return null;
        }
        try {
            CharsetDecoder newDecoder = StandardCharsets.UTF_8.newDecoder();
            newDecoder.onMalformedInput(CodingErrorAction.REPORT);
            newDecoder.onUnmappableCharacter(CodingErrorAction.REPORT);
            return newDecoder.decode(ByteBuffer.wrap(base64Decode)).toString();
        } catch (CharacterCodingException e) {
            LOG.log(Level.WARNING, "failed to covert Secret, is this a valid UTF-8 string?  {0}", e.getMessage());
            return null;
        }
    }

    @CheckForNull
    @Restricted({NoExternalUse.class})
    public static byte[] base64Decode(String str) {
        try {
            return Base64.getDecoder().decode(str);
        } catch (IllegalArgumentException e) {
            LOG.log(Level.WARNING, "failed to base64decode Secret, is the format valid?  {0}", e.getMessage());
            return null;
        }
    }

    public static CredentialsScope getCredentialScope(Secret secret) throws CredentialsConvertionException {
        CredentialsScope credentialsScope = CredentialsScope.GLOBAL;
        String str = (String) secret.getMetadata().getLabels().get(JENKINS_IO_CREDENTIALS_SCOPE_LABEL);
        if (str != null) {
            try {
                credentialsScope = CredentialsScope.valueOf(str.toUpperCase(Locale.ROOT));
            } catch (IllegalArgumentException e) {
                throw new CredentialsConvertionException("jenkins.io/credentials-scope is set to an invalid scope: " + str, e);
            }
        }
        return credentialsScope;
    }

    public static String getCredentialId(Secret secret) {
        return secret.getMetadata().getName();
    }

    @CheckForNull
    public static String getCredentialDescription(Secret secret) {
        Map annotations = secret.getMetadata().getAnnotations();
        if (annotations != null) {
            return (String) annotations.get(JENKINS_IO_CREDENTIALS_DESCRIPTION_ANNOTATION);
        }
        return null;
    }

    public static <T> T requireNonNull(@Nullable T t, String str) throws CredentialsConvertionException {
        if (t == null) {
            throw new CredentialsConvertionException(str);
        }
        return t;
    }

    public static <T> T requireNonNull(@Nullable T t, String str, @Nullable String str2) throws CredentialsConvertionException {
        if (t != null) {
            return t;
        }
        if (str2 != null) {
            throw new CredentialsConvertionException(str.concat(" (mapped to " + str2 + ")"));
        }
        throw new CredentialsConvertionException(str);
    }

    @SuppressFBWarnings(value = {"ES_COMPARING_PARAMETER_STRING_WITH_EQ"}, justification = "the string will be the same string if not mapped")
    public static String getNonNullSecretData(Secret secret, String str, String str2) throws CredentialsConvertionException {
        String keyName = getKeyName(secret, str);
        return (String) requireNonNull((String) ((Map) requireNonNull(secret.getData(), str2, keyName == str ? null : keyName)).get(keyName), str2, keyName);
    }

    public static Optional<String> getOptionalSecretData(Secret secret, String str, String str2) throws CredentialsConvertionException {
        return (secret.getData().containsKey(str) || secret.getData().containsKey(getKeyName(secret, str))) ? Optional.of(getNonNullSecretData(secret, str, str2)) : Optional.empty();
    }

    public static String getKeyName(Secret secret, String str) {
        Map annotations = secret.getMetadata().getAnnotations();
        if (annotations == null) {
            return str;
        }
        String str2 = "jenkins.io/credentials-keybinding-" + str;
        String str3 = (String) annotations.get(str2);
        if (str3 == null) {
            return str;
        }
        if (!str3.isEmpty()) {
            return str3;
        }
        LOG.log(Level.WARNING, "Secret {0} contains a mapping annotation {1} but has no entry - mapping will not be performed", new Object[]{secret.getMetadata().getName(), str2});
        return str;
    }
}
