package org.conjur.jenkins.api;

import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.common.UsernamePasswordCredentials;
import com.fasterxml.jackson.databind.ObjectMapper;
import hudson.model.Run;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.RSAPrivateKey;
import java.util.Base64;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import okhttp3.MediaType;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.RequestBody;
import okhttp3.Response;

/* loaded from: input_file:org/conjur/jenkins/api/ConjurAPI.class */
public class ConjurAPI {
    private static final Logger LOGGER = Logger.getLogger(ConjurAPI.class.getName());

    /* loaded from: input_file:org/conjur/jenkins/api/ConjurAPI$ConjurAuthnInfo.class */
    public static class ConjurAuthnInfo {
        String applianceUrl;
        String authnPath;
        String account;
        String login;
        String apiKey;

        public ConjurAuthnInfo() {
        }

        public ConjurAuthnInfo(String str, String str2, String str3, String str4, String str5) {
            this.applianceUrl = str;
            this.authnPath = str2;
            this.account = str3;
            this.login = str4;
            this.apiKey = str5;
        }
    }

    private static void defaultToEnvironment(ConjurAuthnInfo conjurAuthnInfo) {
        Map<String, String> map = System.getenv();
        if (conjurAuthnInfo.applianceUrl == null && map.containsKey("CONJUR_APPLIANCE_URL")) {
            conjurAuthnInfo.applianceUrl = map.get("CONJUR_APPLIANCE_URL");
        }
        if (conjurAuthnInfo.account == null && map.containsKey("CONJUR_ACCOUNT")) {
            conjurAuthnInfo.account = map.get("CONJUR_ACCOUNT");
        }
        if (conjurAuthnInfo.login == null && map.containsKey("CONJUR_AUTHN_LOGIN")) {
            conjurAuthnInfo.login = map.get("CONJUR_AUTHN_LOGIN");
        }
        if (conjurAuthnInfo.apiKey == null && map.containsKey("CONJUR_AUTHN_API_KEY")) {
            conjurAuthnInfo.apiKey = map.get("CONJUR_AUTHN_API_KEY");
        }
    }

    public static String getAuthorizationToken(OkHttpClient okHttpClient, ConjurAuthnInfo conjurAuthnInfo, Run<?, ?> run) throws IOException {
        String str = null;
        if (conjurAuthnInfo.login == null || conjurAuthnInfo.apiKey == null) {
            LOGGER.log(Level.INFO, "Failed to find credentials for conjur authentication");
        } else {
            LOGGER.log(Level.INFO, "Authenticating with Conjur");
            Response execute = okHttpClient.newCall(new Request.Builder().url(String.format("%s/%s/%s/%s/authenticate", conjurAuthnInfo.applianceUrl, conjurAuthnInfo.authnPath, conjurAuthnInfo.account, URLEncoder.encode(conjurAuthnInfo.login, "utf-8"))).post(RequestBody.create(MediaType.parse("text/plain"), conjurAuthnInfo.apiKey)).build()).execute();
            str = Base64.getEncoder().withoutPadding().encodeToString(execute.body().string().getBytes("UTF-8"));
            LOGGER.log(Level.INFO, () -> {
                return "Conjur Authenticate response " + execute.code() + " - " + execute.message();
            });
            if (execute.code() != 200) {
                throw new IOException("Error authenticating to Conjur [" + execute.code() + " - " + execute.message() + "\n" + str);
            }
        }
        return str;
    }

    private static String signatureForRequest(String str, RSAPrivateKey rSAPrivateKey) {
        LOGGER.log(Level.INFO, "Challenge: {0}", str);
        try {
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initSign(rSAPrivateKey);
            signature.update(str.getBytes("UTF8"));
            String encodeToString = Base64.getEncoder().encodeToString(signature.sign());
            LOGGER.log(Level.INFO, "*** SignatureString: {0}", encodeToString);
            return encodeToString;
        } catch (UnsupportedEncodingException e) {
            e.printStackTrace();
            return null;
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e2) {
            e2.printStackTrace();
            return null;
        }
    }

    private static String apiKeyForAuthentication(String str, String str2, String str3, String str4) {
        HashMap hashMap = new HashMap();
        hashMap.put("buildNumber", str2);
        hashMap.put("signature", str3);
        hashMap.put("keyAlgorithm", str4);
        if (str != null && str.length() > 0) {
            hashMap.put("jobProperty_hostPrefix", str);
        }
        try {
            return new ObjectMapper().writeValueAsString(hashMap);
        } catch (IOException e) {
            e.printStackTrace();
            return null;
        }
    }

    public static OkHttpClient getHttpClient() {
        return new OkHttpClient.Builder().build();
    }

    public static String getSecret(OkHttpClient okHttpClient, ConjurAuthnInfo conjurAuthnInfo, String str, String str2) throws IOException {
        LOGGER.log(Level.INFO, "Fetching secret from Conjur");
        Response execute = okHttpClient.newCall(new Request.Builder().url(String.format("%s/secrets/%s/variable/%s", conjurAuthnInfo.applianceUrl, conjurAuthnInfo.account, str2)).get().addHeader("Authorization", "Token token=\"" + str + "\"").build()).execute();
        String string = execute.body().string();
        LOGGER.log(Level.INFO, () -> {
            return "Fetch secret [" + str2 + "] from Conjur response " + execute.code() + " - " + execute.message();
        });
        if (execute.code() != 200) {
            throw new IOException("Error fetching secret from Conjur [" + execute.code() + " - " + execute.message() + "\n" + string);
        }
        return string;
    }

    private static void initializeWithCredential(ConjurAuthnInfo conjurAuthnInfo, String str, List<UsernamePasswordCredentials> list) {
        if (str == null || str.isEmpty()) {
            return;
        }
        LOGGER.log(Level.INFO, "Retrieving Conjur credential stored in Jenkins");
        UsernamePasswordCredentials firstOrNull = CredentialsMatchers.firstOrNull(list, CredentialsMatchers.withId(str));
        if (firstOrNull != null) {
            conjurAuthnInfo.login = firstOrNull.getUsername();
            conjurAuthnInfo.apiKey = firstOrNull.getPassword().getPlainText();
        }
    }

    private ConjurAPI() {
    }
}
