package io.jenkins.plugins.casc.impl.secrets;

import com.bettercloud.vault.Vault;
import com.bettercloud.vault.VaultConfig;
import com.bettercloud.vault.VaultException;
import hudson.Extension;
import io.jenkins.plugins.casc.SecretSource;
import java.io.FileInputStream;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;
import java.util.Properties;
import java.util.logging.Level;
import java.util.logging.Logger;

@Extension
/* loaded from: input_file:io/jenkins/plugins/casc/impl/secrets/VaultSecretSource.class */
public class VaultSecretSource extends SecretSource {
    private static final Logger LOGGER = Logger.getLogger(VaultSecretSource.class.getName());
    private Map<String, String> secrets;

    /* JADX WARN: Finally extract failed */
    public VaultSecretSource() {
        String authClientToken;
        this.secrets = new HashMap();
        String str = System.getenv("CASC_VAULT_FILE");
        Properties properties = new Properties();
        if (str != null) {
            try {
                FileInputStream fileInputStream = new FileInputStream(str);
                Throwable th = null;
                try {
                    properties.load(fileInputStream);
                    if (properties.isEmpty()) {
                        LOGGER.log(Level.WARNING, "Vault secret file is empty");
                    }
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                } catch (Throwable th3) {
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                    throw th3;
                }
            } catch (IOException e) {
                LOGGER.log(Level.WARNING, "Failed to load Vault secrets from file", (Throwable) e);
            }
        }
        String variable = getVariable("CASC_VAULT_PW", properties);
        String variable2 = getVariable("CASC_VAULT_USER", properties);
        String variable3 = getVariable("CASC_VAULT_PATH", properties);
        String variable4 = getVariable("CASC_VAULT_URL", properties);
        String variable5 = getVariable("CASC_VAULT_MOUNT", properties);
        String variable6 = getVariable("CASC_VAULT_TOKEN", properties);
        String variable7 = getVariable("CASC_VAULT_APPROLE", properties);
        String variable8 = getVariable("CASC_VAULT_APPROLE_SECRET", properties);
        String variable9 = getVariable("CASC_VAULT_NAMESPACE", properties);
        String variable10 = getVariable("CASC_VAULT_ENGINE_VERSION", properties);
        if (((variable == null || variable2 == null) && variable6 == null && (variable7 == null || variable8 == null)) || variable3 == null || variable4 == null) {
            return;
        }
        LOGGER.log(Level.FINE, "Attempting to connect to Vault: {0}", variable4);
        try {
            VaultConfig address = new VaultConfig().address(variable4);
            if (variable9 != null) {
                address = address.nameSpace(variable9);
                LOGGER.log(Level.FINE, "Using namespace with Vault: {0}", variable9);
            }
            if (variable10 != null) {
                address = address.engineVersion(Integer.valueOf(Integer.parseInt(variable10)));
                LOGGER.log(Level.FINE, "Using engine version: {0}", variable10);
            }
            VaultConfig build = address.build();
            Vault vault = new Vault(build);
            if (variable6 != null) {
                authClientToken = variable6;
                LOGGER.log(Level.FINE, "Using supplied token to access Vault");
            } else if (variable7 == null || variable8 == null) {
                authClientToken = vault.auth().loginByUserPass(variable2, variable, variable5).getAuthClientToken();
                LOGGER.log(Level.FINE, "Login to Vault using U/P successful");
            } else {
                authClientToken = vault.auth().loginByAppRole(variable7, variable8).getAuthClientToken();
                LOGGER.log(Level.FINE, "Login to Vault using AppRole/SecretID successful");
            }
            build.token(authClientToken).build();
            this.secrets = vault.logical().read(variable3).getData();
        } catch (VaultException e2) {
            LOGGER.log(Level.WARNING, "Unable to connect to Vault", e2);
        }
    }

    @Override // io.jenkins.plugins.casc.SecretSource
    public Optional<String> reveal(String str) {
        Optional<String> empty = Optional.empty();
        if (this.secrets.containsKey(str)) {
            empty = Optional.of(this.secrets.get(str));
        }
        return empty;
    }

    public Map<String, String> getSecrets() {
        return this.secrets;
    }

    public void setSecrets(Map<String, String> map) {
        this.secrets = map;
    }

    private String getVariable(String str, Properties properties) {
        return (properties == null || properties.isEmpty()) ? System.getenv(str) : properties.getProperty(str, System.getenv(str));
    }
}
