package com.datapipe.jenkins.vault;

import com.bettercloud.vault.Vault;
import com.bettercloud.vault.VaultConfig;
import com.bettercloud.vault.VaultException;
import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.common.StandardListBoxModel;
import com.cloudbees.plugins.credentials.matchers.IdMatcher;
import com.datapipe.jenkins.vault.credentials.VaultTokenCredential;
import hudson.AbortException;
import hudson.EnvVars;
import hudson.Extension;
import hudson.FilePath;
import hudson.Launcher;
import hudson.console.ConsoleLogFilter;
import hudson.model.AbstractProject;
import hudson.model.Descriptor;
import hudson.model.Run;
import hudson.model.TaskListener;
import hudson.remoting.VirtualChannel;
import hudson.security.ACL;
import hudson.tasks.BuildWrapper;
import hudson.util.ListBoxModel;
import hudson.util.Secret;
import java.io.File;
import java.io.IOException;
import java.io.PrintStream;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import jenkins.model.Jenkins;
import jenkins.tasks.SimpleBuildWrapper;
import net.sf.json.JSONObject;
import org.apache.commons.io.FileUtils;
import org.apache.commons.lang.StringUtils;
import org.jenkinsci.remoting.RoleChecker;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;
import org.kohsuke.stapler.StaplerRequest;

/* loaded from: input_file:com/datapipe/jenkins/vault/VaultBuildWrapper.class */
public class VaultBuildWrapper extends SimpleBuildWrapper {
    private String tokenFilePath;
    private List<VaultSecret> vaultSecrets;
    private List<String> valuesToMask = new ArrayList();
    private String vaultUrl = null;
    private String authTokenCredentialId = null;

    @Extension
    /* loaded from: input_file:com/datapipe/jenkins/vault/VaultBuildWrapper$DescriptorImpl.class */
    public static final class DescriptorImpl extends Descriptor<BuildWrapper> {
        private String vaultUrl;
        private String authTokenCredentialId;
        private String tokenFilePath;

        public DescriptorImpl() {
            super(VaultBuildWrapper.class);
            load();
        }

        public boolean isApplicable(AbstractProject<?, ?> abstractProject) {
            return true;
        }

        public String getDisplayName() {
            return "Vault Plugin";
        }

        public boolean configure(StaplerRequest staplerRequest, JSONObject jSONObject) throws Descriptor.FormException {
            String string = jSONObject.getString("vaultUrl");
            String string2 = jSONObject.getString("authTokenCredentialId");
            String string3 = jSONObject.getString("tokenFilePath");
            this.vaultUrl = string;
            this.authTokenCredentialId = string2;
            this.tokenFilePath = string3;
            save();
            return super.configure(staplerRequest, jSONObject);
        }

        public String getVaultUrl() {
            return this.vaultUrl;
        }

        public void setVaultUrl(String str) {
            this.vaultUrl = str;
        }

        public String getAuthTokenCredentialId() {
            return this.authTokenCredentialId;
        }

        public void setAuthTokenCredentialId(String str) {
            this.authTokenCredentialId = str;
        }

        public String getTokenFilePath() {
            return this.tokenFilePath;
        }

        public void setTokenFilePath(String str) {
            this.tokenFilePath = str;
        }

        public ListBoxModel doFillAuthTokenCredentialIdItems() {
            ListBoxModel listBoxModel = new ListBoxModel();
            Jenkins jenkins = Jenkins.getInstance();
            if (jenkins != null && jenkins.hasPermission(Jenkins.ADMINISTER)) {
                return new StandardListBoxModel().includeEmptyValue().includeAs(ACL.SYSTEM, jenkins, VaultTokenCredential.class);
            }
            return listBoxModel;
        }
    }

    @DataBoundConstructor
    public VaultBuildWrapper(@CheckForNull List<VaultSecret> list) {
        this.vaultSecrets = list;
    }

    @DataBoundSetter
    public void setVaultUrl(String str) {
        this.vaultUrl = str;
    }

    public String getVaultUrl() {
        return this.vaultUrl;
    }

    @DataBoundSetter
    public void setTokenFilePath(String str) {
        this.tokenFilePath = str;
    }

    public String getTokenFilePath() {
        return this.tokenFilePath;
    }

    @DataBoundSetter
    public void setAuthTokenCredentialId(String str) {
        this.authTokenCredentialId = str;
    }

    public String getAuthTokenCredentialId() {
        return this.authTokenCredentialId;
    }

    public List<VaultSecret> getVaultSecrets() {
        return this.vaultSecrets;
    }

    private String getUrl() {
        return (this.vaultUrl == null || this.vaultUrl.isEmpty()) ? m0getDescriptor().getVaultUrl() : this.vaultUrl;
    }

    private String getToken() {
        if (!StringUtils.isBlank(this.authTokenCredentialId) || !StringUtils.isBlank(m0getDescriptor().getAuthTokenCredentialId())) {
            return getTokenFromCredentials();
        }
        if (StringUtils.isBlank(this.tokenFilePath) && StringUtils.isBlank(m0getDescriptor().getTokenFilePath())) {
            return null;
        }
        return readTokenFromFile();
    }

    private String getTokenFromCredentials() {
        String str = this.authTokenCredentialId;
        if (str == null || str.isEmpty()) {
            str = m0getDescriptor().getAuthTokenCredentialId();
        }
        VaultTokenCredential firstOrNull = CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(VaultTokenCredential.class, Jenkins.getInstance(), ACL.SYSTEM, Collections.emptyList()), new IdMatcher(str));
        if (firstOrNull == null) {
            return null;
        }
        return Secret.toString(firstOrNull.getToken());
    }

    private String readTokenFromFile() {
        String str = this.tokenFilePath;
        if (str == null || str.isEmpty()) {
            str = m0getDescriptor().getTokenFilePath();
        }
        if (str == null || str.isEmpty()) {
            return null;
        }
        try {
            return ((String) new FilePath(new File(str)).act(new FilePath.FileCallable<String>() { // from class: com.datapipe.jenkins.vault.VaultBuildWrapper.1
                public void checkRoles(RoleChecker roleChecker) throws SecurityException {
                }

                /* renamed from: invoke, reason: merged with bridge method [inline-methods] */
                public String m1invoke(File file, VirtualChannel virtualChannel) {
                    try {
                        return FileUtils.readFileToString(file);
                    } catch (IOException e) {
                        throw new RuntimeException(e);
                    }
                }
            })).trim();
        } catch (IOException | InterruptedException e) {
            throw new RuntimeException(e);
        }
    }

    /* renamed from: getDescriptor, reason: merged with bridge method [inline-methods] */
    public DescriptorImpl m0getDescriptor() {
        return (DescriptorImpl) super.getDescriptor();
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void setUp(SimpleBuildWrapper.Context context, Run<?, ?> run, FilePath filePath, Launcher launcher, TaskListener taskListener, EnvVars envVars) throws IOException, InterruptedException {
        PrintStream logger = taskListener.getLogger();
        String url = getUrl();
        String token = getToken();
        for (VaultSecret vaultSecret : this.vaultSecrets) {
            try {
                Map data = new Vault(new VaultConfig(url, token).build()).logical().read(vaultSecret.getPath()).getData();
                for (VaultSecretValue vaultSecretValue : vaultSecret.getSecretValues()) {
                    this.valuesToMask.add(data.get(vaultSecretValue.getVaultKey()));
                    context.env(vaultSecretValue.getEnvVar(), (String) data.get(vaultSecretValue.getVaultKey()));
                }
            } catch (VaultException e) {
                e.printStackTrace(logger);
                throw new AbortException(e.getMessage());
            }
        }
    }

    public ConsoleLogFilter createLoggerDecorator(@Nonnull Run<?, ?> run) {
        return new MaskingConsoleLogFilter(run.getCharset().name(), this.valuesToMask);
    }
}
