package com.datapipe.jenkins.vault.credentials.common;

import com.bettercloud.vault.SslConfig;
import com.bettercloud.vault.VaultConfig;
import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.CredentialsScope;
import com.cloudbees.plugins.credentials.CredentialsStore;
import com.cloudbees.plugins.credentials.CredentialsUnavailableException;
import com.cloudbees.plugins.credentials.impl.BaseStandardCredentials;
import com.cloudbees.plugins.credentials.matchers.IdMatcher;
import com.datapipe.jenkins.vault.VaultAccessor;
import com.datapipe.jenkins.vault.VaultBuildWrapper;
import com.datapipe.jenkins.vault.configuration.GlobalVaultConfiguration;
import com.datapipe.jenkins.vault.credentials.VaultCredential;
import com.datapipe.jenkins.vault.exception.VaultPluginException;
import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.Extension;
import hudson.security.ACL;
import hudson.util.FormValidation;
import hudson.util.Secret;
import java.io.UnsupportedEncodingException;
import java.util.Collections;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import jenkins.model.GlobalConfiguration;
import jenkins.model.Jenkins;
import org.apache.commons.lang.StringUtils;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;
import org.kohsuke.stapler.QueryParameter;

/* loaded from: input_file:com/datapipe/jenkins/vault/credentials/common/VaultUsernamePasswordCredentialImpl.class */
public class VaultUsernamePasswordCredentialImpl extends BaseStandardCredentials implements VaultUsernamePasswordCredential {
    public static final String DEFAULT_USERNAME_KEY = "username";
    public static final String DEFAULT_PASSWORD_KEY = "password";
    private static final long serialVersionUID = 1;
    private static final Logger LOGGER = Logger.getLogger(VaultUsernamePasswordCredentialImpl.class.getName());
    private String path;
    private String usernameKey;
    private String passwordKey;
    private Integer engineVersion;

    @Extension(ordinal = 1.0d)
    /* loaded from: input_file:com/datapipe/jenkins/vault/credentials/common/VaultUsernamePasswordCredentialImpl$DescriptorImpl.class */
    public static class DescriptorImpl extends BaseStandardCredentials.BaseStandardCredentialsDescriptor {
        public String getDisplayName() {
            return "Vault Username-Password Credential";
        }

        public FormValidation doTestConnection(@QueryParameter("path") String str, @QueryParameter("usernameKey") String str2, @QueryParameter("passwordKey") String str3, @QueryParameter("engineVersion") Integer num) {
            try {
                String vaultSecret = VaultUsernamePasswordCredentialImpl.getVaultSecret(str, str2, num);
                try {
                    VaultUsernamePasswordCredentialImpl.getVaultSecret(str, str3, num);
                    return FormValidation.ok("Successfully retrieved username " + vaultSecret + " and the password");
                } catch (Exception e) {
                    return FormValidation.error("FAILED to retrieve password key: \n" + e);
                }
            } catch (Exception e2) {
                return FormValidation.error("FAILED to retrieve username key: \n" + e2);
            }
        }

        public /* bridge */ /* synthetic */ String getCheckIdUrl(CredentialsStore credentialsStore) throws UnsupportedEncodingException {
            return super.getCheckIdUrl(credentialsStore);
        }
    }

    @DataBoundConstructor
    public VaultUsernamePasswordCredentialImpl(CredentialsScope credentialsScope, String str, String str2) {
        super(credentialsScope, str, str2);
    }

    @NonNull
    public String getPath() {
        return this.path;
    }

    @DataBoundSetter
    public void setPath(String str) {
        this.path = str;
    }

    @NonNull
    public String getUsernameKey() {
        return this.usernameKey;
    }

    @DataBoundSetter
    public void setUsernameKey(String str) {
        this.usernameKey = StringUtils.isEmpty(str) ? DEFAULT_USERNAME_KEY : str;
    }

    @NonNull
    public String getPasswordKey() {
        return this.passwordKey;
    }

    @DataBoundSetter
    public void setPasswordKey(String str) {
        this.passwordKey = StringUtils.isEmpty(str) ? DEFAULT_PASSWORD_KEY : str;
    }

    public Integer getEngineVersion() {
        return this.engineVersion;
    }

    @DataBoundSetter
    public void setEngineVersion(Integer num) {
        this.engineVersion = num;
    }

    @Override // com.datapipe.jenkins.vault.credentials.common.VaultUsernamePasswordCredential
    public String getDisplayName() {
        return this.path;
    }

    @NonNull
    public String getUsername() {
        return getValue(this.usernameKey);
    }

    @NonNull
    public Secret getPassword() {
        return Secret.fromString(getValue(this.passwordKey));
    }

    private String getValue(String str) {
        return getVaultSecret(getPath(), str, getEngineVersion());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String getVaultSecret(String str, String str2, Integer num) {
        if (Jenkins.getInstanceOrNull() == null) {
            LOGGER.warning("Cannot retrieve secret becuase Jenkins.instance is not available");
            return null;
        }
        LOGGER.info("Retrieving vault secret path=" + str + " key=" + str2 + " engineVersion=" + num);
        GlobalVaultConfiguration globalVaultConfiguration = (GlobalVaultConfiguration) GlobalConfiguration.all().get(GlobalVaultConfiguration.class);
        if (((VaultBuildWrapper.DescriptorImpl) Jenkins.getInstance().getExtensionList(VaultBuildWrapper.DescriptorImpl.class).get(0)) == null) {
            throw new IllegalStateException("Vault plugin has not been configured.");
        }
        try {
            VaultConfig engineVersion = new VaultConfig().address(globalVaultConfiguration.getConfiguration().getVaultUrl()).sslConfig(new SslConfig().verify(Boolean.valueOf(globalVaultConfiguration.getConfiguration().isSkipSslVerification())).build()).engineVersion(num);
            if (StringUtils.isNotEmpty(globalVaultConfiguration.getConfiguration().getVaultNamespace())) {
                engineVersion.nameSpace(globalVaultConfiguration.getConfiguration().getVaultNamespace());
            }
            if (StringUtils.isNotEmpty(globalVaultConfiguration.getConfiguration().getPrefixPath())) {
                engineVersion.prefixPath(globalVaultConfiguration.getConfiguration().getPrefixPath());
            }
            VaultAccessor vaultAccessor = new VaultAccessor(engineVersion, retrieveVaultCredentials(globalVaultConfiguration.getConfiguration().getVaultCredentialId()));
            vaultAccessor.setMaxRetries(globalVaultConfiguration.getConfiguration().getMaxRetries());
            vaultAccessor.setRetryIntervalMilliseconds(globalVaultConfiguration.getConfiguration().getRetryIntervalMilliseconds());
            vaultAccessor.init();
            Map data = vaultAccessor.read(str, num).getData();
            if (data.containsKey(str2)) {
                return (String) data.get(str2);
            }
            throw new VaultPluginException("Key " + str2 + " could not be found in path " + str);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private static VaultCredential retrieveVaultCredentials(String str) {
        if (StringUtils.isBlank(str)) {
            throw new VaultPluginException("The credential id was not configured - please specify the credentials to use.");
        }
        LOGGER.log(Level.INFO, "Retrieving vault credential ID : " + str);
        VaultCredential firstOrNull = CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(VaultCredential.class, Jenkins.getInstance(), ACL.SYSTEM, Collections.emptyList()), new IdMatcher(str));
        if (firstOrNull == null) {
            throw new CredentialsUnavailableException(str);
        }
        return firstOrNull;
    }
}
