package io.jenkins.plugins.casc.impl.secrets;

import com.bettercloud.vault.Vault;
import com.bettercloud.vault.VaultConfig;
import com.bettercloud.vault.VaultException;
import hudson.Extension;
import io.jenkins.plugins.casc.SecretSource;
import java.io.FileInputStream;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;
import java.util.Properties;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.commons.lang.StringUtils;

@Extension
/* loaded from: input_file:io/jenkins/plugins/casc/impl/secrets/VaultSecretSource.class */
public class VaultSecretSource extends SecretSource {
    private static final Logger LOGGER = Logger.getLogger(VaultSecretSource.class.getName());
    private Map<String, String> secrets = new HashMap();
    private static final String CASC_VAULT_FILE = "CASC_VAULT_FILE";
    private static final String CASC_VAULT_PW = "CASC_VAULT_PW";
    private static final String CASC_VAULT_USER = "CASC_VAULT_USER";
    private static final String CASC_VAULT_URL = "CASC_VAULT_URL";
    private static final String CASC_VAULT_MOUNT = "CASC_VAULT_MOUNT";
    private static final String CASC_VAULT_TOKEN = "CASC_VAULT_TOKEN";
    private static final String CASC_VAULT_APPROLE = "CASC_VAULT_APPROLE";
    private static final String CASC_VAULT_APPROLE_SECRET = "CASC_VAULT_APPROLE_SECRET";
    private static final String CASC_VAULT_NAMESPACE = "CASC_VAULT_NAMESPACE";
    private static final String CASC_VAULT_ENGINE_VERSION = "CASC_VAULT_ENGINE_VERSION";
    private static final String CASC_VAULT_PATHS = "CASC_VAULT_PATHS";
    private static final String CASC_VAULT_PATH = "CASC_VAULT_PATH";

    public VaultSecretSource() {
        Optional ofNullable = Optional.ofNullable(System.getenv(CASC_VAULT_FILE));
        Properties properties = new Properties();
        ofNullable.ifPresent(str -> {
            readPropertiesFromVaultFile(str, properties);
        });
        Optional<String> variable = getVariable(CASC_VAULT_PW, properties);
        Optional<String> variable2 = getVariable(CASC_VAULT_USER, properties);
        Optional<String> variable3 = getVariable(CASC_VAULT_URL, properties);
        Optional<String> variable4 = getVariable(CASC_VAULT_MOUNT, properties);
        Optional<String> variable5 = getVariable(CASC_VAULT_TOKEN, properties);
        Optional<String> variable6 = getVariable(CASC_VAULT_APPROLE, properties);
        Optional<String> variable7 = getVariable(CASC_VAULT_APPROLE_SECRET, properties);
        Optional<String> variable8 = getVariable(CASC_VAULT_NAMESPACE, properties);
        Optional<String> variable9 = getVariable(CASC_VAULT_ENGINE_VERSION, properties);
        Optional optional = (Optional) getCommaSeparatedVariables(CASC_VAULT_PATHS, properties).map((v0) -> {
            return Optional.of(v0);
        }).orElse(getCommaSeparatedVariables(CASC_VAULT_PATH, properties));
        if (!variable3.isPresent()) {
            LOGGER.log(Level.WARNING, "Mandatory variable {0} not set. Cannot fetch from vault.", CASC_VAULT_URL);
            return;
        }
        if (!optional.isPresent()) {
            LOGGER.log(Level.WARNING, "Mandatory variable {0} not set. Cannot fetch from vault.", CASC_VAULT_PATHS);
            return;
        }
        Vault vault = null;
        VaultConfig vaultConfig = null;
        try {
            VaultConfig address = new VaultConfig().address(variable3.get());
            LOGGER.log(Level.FINE, "Attempting to connect to Vault: {0}", variable3.get());
            if (variable8.isPresent()) {
                address.nameSpace(variable8.get());
            }
            if (variable9.isPresent()) {
                address.engineVersion(Integer.valueOf(Integer.parseInt(variable9.get())));
            }
            vaultConfig = address.build();
            vault = new Vault(vaultConfig);
        } catch (VaultException e) {
            LOGGER.log(Level.WARNING, "Could not configure vault connection", e);
        }
        Optional empty = Optional.empty();
        if (variable5.isPresent() && !empty.isPresent()) {
            empty = Optional.of(variable5.get());
        }
        if (variable6.isPresent() && variable7.isPresent() && !empty.isPresent()) {
            try {
                empty = Optional.ofNullable(vault.auth().loginByAppRole(variable6.get(), variable7.get()).getAuthClientToken());
                LOGGER.log(Level.FINE, "Login to Vault using AppRole/SecretID successful");
            } catch (VaultException e2) {
                LOGGER.log(Level.WARNING, "Could not login with AppRole", e2);
            }
        }
        if (variable2.isPresent() && variable.isPresent() && !empty.isPresent()) {
            try {
                empty = Optional.ofNullable(vault.auth().loginByUserPass(variable2.get(), variable.get(), variable4.get()).getAuthClientToken());
                LOGGER.log(Level.FINE, "Login to Vault using User/Pass successful");
            } catch (VaultException e3) {
                LOGGER.log(Level.WARNING, "Could not login with User/Pass", e3);
            }
        }
        if (!variable5.isPresent() || !optional.isPresent()) {
            readSecretsFromVault((String) empty.get(), vaultConfig, vault, (String[]) optional.get());
            return;
        }
        if (!variable5.isPresent()) {
            LOGGER.log(Level.WARNING, "Vault access token missing. Cannot read from vault");
        }
        if (optional.isPresent()) {
            return;
        }
        LOGGER.log(Level.WARNING, "Mandatory variable {0} not set. Cannot fetch from vault.", CASC_VAULT_PATHS);
    }

    private void readSecretsFromVault(String str, VaultConfig vaultConfig, Vault vault, String[] strArr) {
        try {
            vaultConfig.token(str).build();
            for (String str2 : strArr) {
                Map<? extends String, ? extends String> data = vault.logical().read(str2).getData();
                for (String str3 : data.keySet()) {
                    if (this.secrets.containsKey(str3)) {
                        LOGGER.log(Level.WARNING, "Key {0} exists in multiple vault paths.", str3);
                    }
                }
                this.secrets.putAll(data);
            }
        } catch (VaultException e) {
            LOGGER.log(Level.WARNING, "Unable to fetch secret from Vault", e);
        }
    }

    private void readPropertiesFromVaultFile(String str, Properties properties) {
        try {
            FileInputStream fileInputStream = new FileInputStream(str);
            Throwable th = null;
            try {
                try {
                    properties.load(fileInputStream);
                    if (properties.isEmpty()) {
                        LOGGER.log(Level.WARNING, "Vault secret file is empty");
                    }
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                } finally {
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (IOException e) {
            LOGGER.log(Level.WARNING, "Failed to load Vault secrets from file", (Throwable) e);
        }
    }

    @Override // io.jenkins.plugins.casc.SecretSource
    public Optional<String> reveal(String str) {
        return StringUtils.isBlank(str) ? Optional.empty() : Optional.ofNullable(this.secrets.get(str));
    }

    public Map<String, String> getSecrets() {
        return this.secrets;
    }

    public void setSecrets(Map<String, String> map) {
        this.secrets = map;
    }

    private Optional<String> getVariable(String str, Properties properties) {
        return Optional.ofNullable(properties.getProperty(str, System.getenv(str)));
    }

    private Optional<String[]> getCommaSeparatedVariables(String str, Properties properties) {
        return getVariable(str, properties).map(str2 -> {
            return str2.split(",");
        });
    }
}
