package org.csanchez.jenkins.plugins.kubernetes;

import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.common.StandardCertificateCredentials;
import com.cloudbees.plugins.credentials.common.StandardCredentials;
import com.cloudbees.plugins.credentials.common.UsernamePasswordCredentials;
import hudson.security.ACL;
import hudson.util.Secret;
import io.fabric8.kubernetes.client.Config;
import io.fabric8.kubernetes.client.ConfigBuilder;
import io.fabric8.kubernetes.client.DefaultKubernetesClient;
import io.fabric8.kubernetes.client.KubernetesClient;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.annotation.CheckForNull;
import jenkins.model.Jenkins;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.jenkinsci.plugins.docker.commons.credentials.DockerServerCredentials;
import org.jenkinsci.plugins.plaincredentials.FileCredentials;
import org.jenkinsci.plugins.plaincredentials.StringCredentials;
import org.joda.time.DateTimeConstants;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;

@Restricted({NoExternalUse.class})
@Deprecated
/* loaded from: input_file:WEB-INF/lib/kubernetes.jar:org/csanchez/jenkins/plugins/kubernetes/KubernetesFactoryAdapter.class */
public class KubernetesFactoryAdapter {
    private static final Logger LOGGER = Logger.getLogger(KubernetesFactoryAdapter.class.getName());
    private static final int DEFAULT_CONNECT_TIMEOUT = 5;
    private static final int DEFAULT_READ_TIMEOUT = 15;
    private final String serviceAddress;
    private final String namespace;

    @CheckForNull
    private final String caCertData;

    @CheckForNull
    private final StandardCredentials credentials;
    private final boolean skipTlsVerify;
    private final int connectTimeout;
    private final int readTimeout;
    private final int maxRequestsPerHost;

    public KubernetesFactoryAdapter(String str, @CheckForNull String str2, @CheckForNull String str3, boolean z) {
        this(str, null, str2, str3, z);
    }

    public KubernetesFactoryAdapter(String str, String str2, @CheckForNull String str3, @CheckForNull String str4, boolean z) {
        this(str, str2, str3, str4, z, 5, 15);
    }

    public KubernetesFactoryAdapter(String str, String str2, @CheckForNull String str3, @CheckForNull String str4, boolean z, int i, int i2) {
        this(str, str2, str3, str4, z, i, i2, 32);
    }

    public KubernetesFactoryAdapter(String str, String str2, @CheckForNull String str3, @CheckForNull String str4, boolean z, int i, int i2, int i3) {
        this.serviceAddress = str;
        this.namespace = str2;
        this.caCertData = str3;
        this.credentials = str4 != null ? getCredentials(str4) : null;
        this.skipTlsVerify = z;
        this.connectTimeout = i;
        this.readTimeout = i2;
        this.maxRequestsPerHost = i3;
    }

    private StandardCredentials getCredentials(String str) {
        return CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(StandardCredentials.class, Jenkins.getInstance(), ACL.SYSTEM, Collections.emptyList()), CredentialsMatchers.withId(str));
    }

    public KubernetesClient createClient() throws NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, IOException, CertificateEncodingException {
        ConfigBuilder withMasterUrl;
        if (this.credentials instanceof FileCredentials) {
            LOGGER.log(Level.FINE, "Configuring Kubernetes client from kubeconfig file");
            InputStream content = this.credentials.getContent();
            Throwable th = null;
            try {
                try {
                    withMasterUrl = new ConfigBuilder(Config.fromKubeconfig(IOUtils.toString(content, StandardCharsets.UTF_8)));
                    if (content != null) {
                        if (0 != 0) {
                            try {
                                content.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            content.close();
                        }
                    }
                } finally {
                }
            } catch (Throwable th3) {
                if (content != null) {
                    if (th != null) {
                        try {
                            content.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        content.close();
                    }
                }
                throw th3;
            }
        } else if (StringUtils.isBlank(this.serviceAddress)) {
            LOGGER.log(Level.FINE, "Autoconfiguring Kubernetes client");
            withMasterUrl = new ConfigBuilder(Config.autoConfigure(null));
        } else {
            withMasterUrl = new ConfigBuilder().withMasterUrl(this.serviceAddress);
        }
        if (!(this.credentials instanceof FileCredentials)) {
            if (this.credentials instanceof StringCredentials) {
                withMasterUrl.withOauthToken(this.credentials.getSecret().getPlainText());
            } else if (this.credentials instanceof org.jenkinsci.plugins.kubernetes.credentials.TokenProducer) {
                withMasterUrl.withOauthToken(this.credentials.getToken(this.serviceAddress, this.caCertData, this.skipTlsVerify));
            } else if (this.credentials instanceof UsernamePasswordCredentials) {
                UsernamePasswordCredentials usernamePasswordCredentials = this.credentials;
                withMasterUrl.withUsername(usernamePasswordCredentials.getUsername()).withPassword(Secret.toString(usernamePasswordCredentials.getPassword()));
            } else if (this.credentials instanceof StandardCertificateCredentials) {
                StandardCertificateCredentials standardCertificateCredentials = this.credentials;
                KeyStore keyStore = standardCertificateCredentials.getKeyStore();
                String nextElement = keyStore.aliases().nextElement();
                withMasterUrl.withClientCertData(Base64.encodeBase64String(((X509Certificate) keyStore.getCertificate(nextElement)).getEncoded())).withClientKeyData(pemEncodeKey(keyStore.getKey(nextElement, Secret.toString(standardCertificateCredentials.getPassword()).toCharArray()))).withClientKeyPassphrase(Secret.toString(standardCertificateCredentials.getPassword()));
            } else if (this.credentials instanceof DockerServerCredentials) {
                DockerServerCredentials dockerServerCredentials = this.credentials;
                withMasterUrl.withClientCertData(dockerServerCredentials.getClientCertificate()).withClientKeyData(dockerServerCredentials.getClientKey());
            }
        }
        if (this.skipTlsVerify) {
            withMasterUrl.withTrustCerts(true);
        }
        if (this.caCertData != null) {
            if (this.credentials instanceof DockerServerCredentials) {
                withMasterUrl.withCaCertData(org.apache.commons.codec.binary.StringUtils.newStringUtf8(this.caCertData.getBytes(StandardCharsets.UTF_8)));
            } else {
                withMasterUrl.withCaCertData(Base64.encodeBase64String(this.caCertData.getBytes(StandardCharsets.UTF_8)));
            }
        }
        ConfigBuilder withConnectionTimeout = withMasterUrl.withRequestTimeout(this.readTimeout * DateTimeConstants.MILLIS_PER_SECOND).withConnectionTimeout(this.connectTimeout * DateTimeConstants.MILLIS_PER_SECOND);
        withConnectionTimeout.withMaxConcurrentRequestsPerHost(this.maxRequestsPerHost);
        if (!StringUtils.isBlank(this.namespace)) {
            withConnectionTimeout.withNamespace(this.namespace);
        } else if (StringUtils.isBlank(withConnectionTimeout.getNamespace())) {
            withConnectionTimeout.withNamespace("default");
        }
        LOGGER.log(Level.FINE, "Creating Kubernetes client: {0}", toString());
        return new DefaultKubernetesClient(withConnectionTimeout.build());
    }

    private static String pemEncodeKey(Key key) {
        return Base64.encodeBase64String(("-----BEGIN PRIVATE KEY-----\n" + Base64.encodeBase64String(key.getEncoded()) + "\n-----END PRIVATE KEY-----\n").getBytes(StandardCharsets.UTF_8));
    }

    public String toString() {
        return "KubernetesFactoryAdapter [serviceAddress=" + this.serviceAddress + ", namespace=" + this.namespace + ", caCertData=" + this.caCertData + ", credentials=" + this.credentials + ", skipTlsVerify=" + this.skipTlsVerify + ", connectTimeout=" + this.connectTimeout + ", readTimeout=" + this.readTimeout + "]";
    }
}
