package io.fabric8.jenkins.openshiftsync;

import com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey;
import com.cloudbees.plugins.credentials.Credentials;
import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.CredentialsScope;
import com.cloudbees.plugins.credentials.CredentialsStore;
import com.cloudbees.plugins.credentials.domains.Domain;
import com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl;
import hudson.Util;
import hudson.remoting.Base64;
import hudson.security.ACL;
import io.fabric8.kubernetes.api.model.Secret;
import io.fabric8.kubernetes.client.dsl.NonNamespaceOperation;
import io.fabric8.kubernetes.client.dsl.Resource;
import io.fabric8.openshift.api.model.BuildConfig;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import jenkins.model.Jenkins;
import org.acegisecurity.context.SecurityContext;
import org.acegisecurity.context.SecurityContextHolder;
import org.apache.commons.lang.StringUtils;

/* loaded from: input_file:io/fabric8/jenkins/openshiftsync/CredentialsUtils.class */
public class CredentialsUtils {
    private static final Logger logger = Logger.getLogger(CredentialsUtils.class.getName());

    public static synchronized String updateSourceCredentials(BuildConfig buildConfig) throws IOException {
        Secret secret;
        String str = null;
        if (buildConfig.getSpec() != null && buildConfig.getSpec().getSource() != null && buildConfig.getSpec().getSource().getSourceSecret() != null && !buildConfig.getSpec().getSource().getSourceSecret().getName().isEmpty() && (secret = (Secret) ((Resource) ((NonNamespaceOperation) OpenShiftUtils.getAuthenticatedOpenShiftClient().secrets().inNamespace(buildConfig.getMetadata().getNamespace())).withName(buildConfig.getSpec().getSource().getSourceSecret().getName())).get()) != null) {
            Credentials secretToCredentials = secretToCredentials(secret);
            str = secretName(buildConfig.getMetadata().getNamespace(), buildConfig.getSpec().getSource().getSourceSecret().getName());
            Credentials lookupCredentials = lookupCredentials(str);
            SecurityContext impersonate = ACL.impersonate(ACL.SYSTEM);
            try {
                CredentialsStore credentialsStore = (CredentialsStore) CredentialsProvider.lookupStores(Jenkins.getActiveInstance()).iterator().next();
                if (lookupCredentials != null) {
                    credentialsStore.updateCredentials(Domain.global(), lookupCredentials, secretToCredentials);
                } else {
                    credentialsStore.addCredentials(Domain.global(), secretToCredentials);
                }
            } finally {
                SecurityContextHolder.setContext(impersonate);
            }
        }
        return str;
    }

    public static String getCurrentToken() {
        OpenShiftToken firstOrNull;
        String credentialsId = GlobalPluginConfiguration.get().getCredentialsId();
        return (credentialsId.equals("") || (firstOrNull = CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(OpenShiftToken.class, Jenkins.getActiveInstance(), ACL.SYSTEM, Collections.emptyList()), CredentialsMatchers.withId(credentialsId))) == null) ? "" : firstOrNull.getToken();
    }

    private static Credentials lookupCredentials(String str) {
        return CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(Credentials.class, Jenkins.getActiveInstance(), ACL.SYSTEM, Collections.emptyList()), CredentialsMatchers.withId(str));
    }

    private static String secretName(String str, String str2) {
        return str + "-" + str2;
    }

    private static Credentials secretToCredentials(Secret secret) {
        String namespace = secret.getMetadata().getNamespace();
        String name = secret.getMetadata().getName();
        Map data = secret.getData();
        String secretName = secretName(namespace, name);
        String type = secret.getType();
        boolean z = -1;
        switch (type.hashCode()) {
            case -2137285688:
                if (type.equals(Constants.OPENSHIFT_SECRETS_TYPE_BASICAUTH)) {
                    z = true;
                    break;
                }
                break;
            case -1926827967:
                if (type.equals(Constants.OPENSHIFT_SECRETS_TYPE_OPAQUE)) {
                    z = false;
                    break;
                }
                break;
            case -1357361554:
                if (type.equals(Constants.OPENSHIFT_SECRETS_TYPE_SSH)) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                String str = (String) data.get(Constants.OPENSHIFT_SECRETS_DATA_USERNAME);
                String str2 = (String) data.get(Constants.OPENSHIFT_SECRETS_DATA_PASSWORD);
                if (StringUtils.isNotBlank(str) && StringUtils.isNotBlank(str2)) {
                    return newUsernamePasswordCredentials(secretName, str, str2);
                }
                String str3 = (String) data.get(Constants.OPENSHIFT_SECRETS_DATA_SSHPRIVATEKEY);
                if (StringUtils.isNotBlank(str3)) {
                    return newSSHUserCredential(secretName, (String) data.get(Constants.OPENSHIFT_SECRETS_DATA_USERNAME), str3);
                }
                logger.log(Level.WARNING, "Opaque secret either requires {0} and {1} fields for basic auth or {2} field for SSH key", new Object[]{Constants.OPENSHIFT_SECRETS_DATA_USERNAME, Constants.OPENSHIFT_SECRETS_DATA_PASSWORD, Constants.OPENSHIFT_SECRETS_DATA_SSHPRIVATEKEY});
                return null;
            case true:
                return newUsernamePasswordCredentials(secretName, (String) data.get(Constants.OPENSHIFT_SECRETS_DATA_USERNAME), (String) data.get(Constants.OPENSHIFT_SECRETS_DATA_PASSWORD));
            case true:
                return newSSHUserCredential(secretName, (String) data.get(Constants.OPENSHIFT_SECRETS_DATA_USERNAME), (String) data.get(Constants.OPENSHIFT_SECRETS_DATA_SSHPRIVATEKEY));
            default:
                logger.log(Level.WARNING, "Unknown secret type: " + secret.getType());
                return null;
        }
    }

    private static Credentials newSSHUserCredential(String str, String str2, String str3) {
        return new BasicSSHUserPrivateKey(CredentialsScope.GLOBAL, str, Util.fixNull(str2), new BasicSSHUserPrivateKey.DirectEntryPrivateKeySource(new String(Base64.decode(str3), StandardCharsets.UTF_8)), (String) null, str);
    }

    private static Credentials newUsernamePasswordCredentials(String str, String str2, String str3) {
        return new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, str, str, new String(Base64.decode(str2), StandardCharsets.UTF_8), new String(Base64.decode(str3), StandardCharsets.UTF_8));
    }

    public static boolean hasCredentials() {
        return !StringUtils.isEmpty(OpenShiftUtils.getAuthenticatedOpenShiftClient().getConfiguration().getOauthToken());
    }
}
