package org.csanchez.jenkins.plugins.kubernetes;

import com.cloudbees.plugins.credentials.CredentialsMatcher;
import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.common.StandardCertificateCredentials;
import com.cloudbees.plugins.credentials.common.StandardCredentials;
import com.cloudbees.plugins.credentials.common.StandardListBoxModel;
import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials;
import com.cloudbees.plugins.credentials.common.UsernamePasswordCredentials;
import com.cloudbees.plugins.credentials.domains.URIRequirementBuilder;
import com.google.common.collect.Sets;
import edu.umd.cs.findbugs.annotations.CheckForNull;
import hudson.AbortException;
import hudson.EnvVars;
import hudson.Extension;
import hudson.FilePath;
import hudson.Launcher;
import hudson.model.AbstractProject;
import hudson.model.Item;
import hudson.model.Run;
import hudson.model.TaskListener;
import hudson.security.ACL;
import hudson.tasks.BuildWrapperDescriptor;
import hudson.util.ListBoxModel;
import hudson.util.Secret;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.annotation.Nonnull;
import jenkins.model.Jenkins;
import jenkins.tasks.SimpleBuildWrapper;
import org.acegisecurity.Authentication;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.csanchez.jenkins.plugins.kubernetes.pipeline.Constants;
import org.jenkinsci.plugins.plaincredentials.FileCredentials;
import org.jenkinsci.plugins.plaincredentials.StringCredentials;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.QueryParameter;

/* loaded from: input_file:org/csanchez/jenkins/plugins/kubernetes/KubectlBuildWrapper.class */
public class KubectlBuildWrapper extends SimpleBuildWrapper {
    private static final String BEGIN_CERTIFICATE = "-----BEGIN CERTIFICATE-----";
    private static final String END_CERTIFICATE = "-----END CERTIFICATE-----";
    private static final String BEGIN_PRIVATE_KEY = "-----BEGIN PRIVATE KEY-----";
    private static final String END_PRIVATE_KEY = "-----END PRIVATE KEY-----";
    private final String serverUrl;
    private final String credentialsId;
    private final String caCertificate;
    private final String https_proxy;

    /* loaded from: input_file:org/csanchez/jenkins/plugins/kubernetes/KubectlBuildWrapper$CleanupDisposer.class */
    private static class CleanupDisposer extends SimpleBuildWrapper.Disposer {
        private static final long serialVersionUID = 3006113419319201358L;
        private Set<String> configFiles;

        public CleanupDisposer(Set<String> set) {
            this.configFiles = set;
        }

        public void tearDown(Run<?, ?> run, FilePath filePath, Launcher launcher, TaskListener taskListener) throws IOException, InterruptedException {
            Iterator<String> it = this.configFiles.iterator();
            while (it.hasNext()) {
                filePath.child(it.next()).delete();
            }
        }
    }

    @Extension
    /* loaded from: input_file:org/csanchez/jenkins/plugins/kubernetes/KubectlBuildWrapper$DescriptorImpl.class */
    public static class DescriptorImpl extends BuildWrapperDescriptor {
        public boolean isApplicable(AbstractProject<?, ?> abstractProject) {
            return true;
        }

        public String getDisplayName() {
            return "Setup Kubernetes CLI (kubectl)";
        }

        public ListBoxModel doFillCredentialsIdItems(@AncestorInPath Item item, @QueryParameter String str) {
            return new StandardListBoxModel().withEmptySelection().withMatching(CredentialsMatchers.anyOf(new CredentialsMatcher[]{CredentialsMatchers.instanceOf(StandardUsernamePasswordCredentials.class), CredentialsMatchers.instanceOf(org.jenkinsci.plugins.kubernetes.credentials.TokenProducer.class), CredentialsMatchers.instanceOf(StandardCertificateCredentials.class), CredentialsMatchers.instanceOf(FileCredentials.class)}), CredentialsProvider.lookupCredentials(StandardCredentials.class, item, (Authentication) null, URIRequirementBuilder.fromUri(str).build()));
        }
    }

    @DataBoundConstructor
    public KubectlBuildWrapper(@Nonnull String str, @Nonnull String str2, @Nonnull String str3, String str4) {
        this.serverUrl = str;
        this.credentialsId = str2;
        this.caCertificate = str3;
        this.https_proxy = str4;
    }

    public String getServerUrl() {
        return this.serverUrl;
    }

    public String getCredentialsId() {
        return this.credentialsId;
    }

    public String getCaCertificate() {
        return this.caCertificate;
    }

    public String getHttps_proxy() {
        return this.https_proxy;
    }

    public void setUp(SimpleBuildWrapper.Context context, Run<?, ?> run, FilePath filePath, Launcher launcher, TaskListener taskListener, EnvVars envVars) throws IOException, InterruptedException {
        String str;
        String str2;
        FilePath createTempFile = filePath.createTempFile(".kube", "config");
        HashSet newHashSet = Sets.newHashSet(new String[]{createTempFile.getRemote()});
        context.env("KUBECONFIG", createTempFile.getRemote());
        context.setDisposer(new CleanupDisposer(newHashSet));
        if (this.caCertificate == null || this.caCertificate.isEmpty()) {
            str = " --insecure-skip-tls-verify=true";
        } else {
            FilePath createTempFile2 = filePath.createTempFile("cert-auth", "crt");
            String str3 = this.caCertificate;
            if (!str3.startsWith(BEGIN_CERTIFICATE)) {
                str3 = wrapWithMarker(BEGIN_CERTIFICATE, END_CERTIFICATE, str3);
            }
            createTempFile2.write(str3, (String) null);
            newHashSet.add(createTempFile2.getRemote());
            str = " --certificate-authority=" + createTempFile2.getRemote();
        }
        String str4 = (this.https_proxy == null || this.https_proxy.isEmpty()) ? "kubectl config --kubeconfig=\"" : "HTTPS_PROXY=" + this.https_proxy + " kubectl config --kubeconfig=\"";
        int join = launcher.launch().cmdAsSingleString(str4 + createTempFile.getRemote() + "\" set-cluster k8s --server=" + this.serverUrl + str).join();
        if (join != 0) {
            throw new IOException("Failed to run kubectl config " + join);
        }
        FileCredentials credentials = getCredentials();
        if (credentials == null) {
            throw new AbortException("No credentials defined to setup Kubernetes CLI");
        }
        if (credentials instanceof FileCredentials) {
            InputStream content = credentials.getContent();
            Throwable th = null;
            try {
                OutputStream write = createTempFile.write();
                Throwable th2 = null;
                try {
                    IOUtils.copy(content, write);
                    if (write != null) {
                        if (0 != 0) {
                            try {
                                write.close();
                            } catch (Throwable th3) {
                                th2.addSuppressed(th3);
                            }
                        } else {
                            write.close();
                        }
                    }
                    if (content != null) {
                        if (0 == 0) {
                            content.close();
                            return;
                        }
                        try {
                            content.close();
                            return;
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                            return;
                        }
                    }
                    return;
                } catch (Throwable th5) {
                    if (write != null) {
                        if (0 != 0) {
                            try {
                                write.close();
                            } catch (Throwable th6) {
                                th2.addSuppressed(th6);
                            }
                        } else {
                            write.close();
                        }
                    }
                    throw th5;
                }
            } catch (Throwable th7) {
                if (content != null) {
                    if (0 != 0) {
                        try {
                            content.close();
                        } catch (Throwable th8) {
                            th.addSuppressed(th8);
                        }
                    } else {
                        content.close();
                    }
                }
                throw th7;
            }
        }
        if (credentials instanceof StringCredentials) {
            str2 = "--token=" + ((StringCredentials) credentials).getSecret().getPlainText();
        } else if (credentials instanceof org.jenkinsci.plugins.kubernetes.credentials.TokenProducer) {
            str2 = "--token=" + ((org.jenkinsci.plugins.kubernetes.credentials.TokenProducer) credentials).getToken(this.serverUrl, (String) null, true);
        } else if (credentials instanceof UsernamePasswordCredentials) {
            UsernamePasswordCredentials usernamePasswordCredentials = (UsernamePasswordCredentials) credentials;
            str2 = "--username=" + usernamePasswordCredentials.getUsername() + " --password=" + Secret.toString(usernamePasswordCredentials.getPassword());
        } else {
            if (!(credentials instanceof StandardCertificateCredentials)) {
                throw new AbortException("Unsupported Credentials type " + credentials.getClass().getName());
            }
            StandardCertificateCredentials standardCertificateCredentials = (StandardCertificateCredentials) credentials;
            KeyStore keyStore = standardCertificateCredentials.getKeyStore();
            try {
                String nextElement = keyStore.aliases().nextElement();
                X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(nextElement);
                Key key = keyStore.getKey(nextElement, Secret.toString(standardCertificateCredentials.getPassword()).toCharArray());
                FilePath createTempFile3 = filePath.createTempFile("client", "crt");
                FilePath createTempFile4 = filePath.createTempFile("client", "key");
                String wrapWithMarker = wrapWithMarker(BEGIN_CERTIFICATE, END_CERTIFICATE, Base64.encodeBase64String(x509Certificate.getEncoded()));
                String wrapWithMarker2 = wrapWithMarker(BEGIN_PRIVATE_KEY, END_PRIVATE_KEY, Base64.encodeBase64String(key.getEncoded()));
                createTempFile3.write(wrapWithMarker, (String) null);
                createTempFile4.write(wrapWithMarker2, (String) null);
                newHashSet.add(createTempFile3.getRemote());
                newHashSet.add(createTempFile4.getRemote());
                str2 = "--client-certificate=" + createTempFile3.getRemote() + " --client-key=" + createTempFile4.getRemote();
            } catch (KeyStoreException e) {
                throw new AbortException(e.getMessage());
            } catch (NoSuchAlgorithmException e2) {
                throw new AbortException(e2.getMessage());
            } catch (UnrecoverableKeyException e3) {
                throw new AbortException(e3.getMessage());
            } catch (CertificateEncodingException e4) {
                throw new AbortException(e4.getMessage());
            }
        }
        int join2 = launcher.launch().cmdAsSingleString(str4 + createTempFile.getRemote() + "\" set-credentials cluster-admin " + str2).masks(new boolean[]{false, false, false, false, false, false, true}).join();
        if (join2 != 0) {
            throw new IOException("Failed to run kubectl config " + join2);
        }
        int join3 = launcher.launch().cmdAsSingleString(str4 + createTempFile.getRemote() + "\" set-context k8s --cluster=k8s --user=cluster-admin").join();
        if (join3 != 0) {
            throw new IOException("Failed to run kubectl config " + join3);
        }
        int join4 = launcher.launch().cmdAsSingleString(str4 + createTempFile.getRemote() + "\" use-context k8s").join();
        if (join4 != 0) {
            throw new IOException("Failed to run kubectl config " + join4);
        }
    }

    @CheckForNull
    private StandardCredentials getCredentials() throws AbortException {
        if (StringUtils.isBlank(this.credentialsId)) {
            return null;
        }
        StandardCredentials firstOrNull = CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(StandardCredentials.class, Jenkins.getInstance(), ACL.SYSTEM, Collections.emptyList()), CredentialsMatchers.withId(this.credentialsId));
        if (firstOrNull == null) {
            throw new AbortException("No credentials found for id \"" + this.credentialsId + "\"");
        }
        return firstOrNull;
    }

    private static String wrapWithMarker(String str, String str2, String str3) {
        return str + Constants.NEWLINE + str3 + Constants.NEWLINE + str2;
    }
}
