package de.taimos.pipeline.aws;

import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.services.securitytoken.AWSSecurityTokenService;
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder;
import com.amazonaws.services.securitytoken.model.Credentials;
import com.amazonaws.services.securitytoken.model.GetCallerIdentityRequest;
import com.amazonaws.services.securitytoken.model.GetFederationTokenRequest;
import com.amazonaws.util.StringUtils;
import com.cloudbees.jenkins.plugins.awscredentials.AmazonWebServicesCredentials;
import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.common.StandardListBoxModel;
import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials;
import de.taimos.pipeline.aws.utils.AssumedRole;
import de.taimos.pipeline.aws.utils.IamRoleUtils;
import de.taimos.pipeline.aws.utils.StepUtils;
import hudson.EnvVars;
import hudson.Extension;
import hudson.model.Item;
import hudson.model.Queue;
import hudson.model.Run;
import hudson.model.TaskListener;
import hudson.model.queue.Tasks;
import hudson.security.ACL;
import hudson.util.ListBoxModel;
import java.io.IOException;
import java.util.Collections;
import java.util.Set;
import javax.annotation.Nonnull;
import org.jenkinsci.plugins.workflow.steps.BodyExecutionCallback;
import org.jenkinsci.plugins.workflow.steps.EnvironmentExpander;
import org.jenkinsci.plugins.workflow.steps.Step;
import org.jenkinsci.plugins.workflow.steps.StepContext;
import org.jenkinsci.plugins.workflow.steps.StepDescriptor;
import org.jenkinsci.plugins.workflow.steps.StepExecution;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;

/* loaded from: input_file:de/taimos/pipeline/aws/WithAWSStep.class */
public class WithAWSStep extends Step {
    private String roleSessionName;
    private String role = "";
    private String roleAccount = "";
    private String region = "";
    private String endpointUrl = "";
    private String profile = "";
    private String credentials = "";
    private String externalId = "";
    private String federatedUserId = "";
    private String policy = "";
    private String iamMfaToken = "";
    private Integer duration = 3600;
    private String principalArn = "";
    private String samlAssertion = "";

    @Extension
    /* loaded from: input_file:de/taimos/pipeline/aws/WithAWSStep$DescriptorImpl.class */
    public static class DescriptorImpl extends StepDescriptor {
        public Set<? extends Class<?>> getRequiredContext() {
            return StepUtils.requires(TaskListener.class, EnvVars.class, Run.class);
        }

        public String getFunctionName() {
            return "withAWS";
        }

        public String getDisplayName() {
            return "set AWS settings for nested block";
        }

        public boolean takesImplicitBlockArgument() {
            return true;
        }

        public ListBoxModel doFillCredentialsItems(@AncestorInPath Item item) {
            if (item == null || !item.hasPermission(Item.CONFIGURE)) {
                return new ListBoxModel();
            }
            return new StandardListBoxModel().includeEmptyValue().includeMatchingAs(item instanceof Queue.Task ? Tasks.getAuthenticationOf((Queue.Task) item) : ACL.SYSTEM, item, StandardUsernamePasswordCredentials.class, Collections.emptyList(), CredentialsMatchers.instanceOf(StandardUsernamePasswordCredentials.class)).includeMatchingAs(item instanceof Queue.Task ? Tasks.getAuthenticationOf((Queue.Task) item) : ACL.SYSTEM, item, AmazonWebServicesCredentials.class, Collections.emptyList(), CredentialsMatchers.instanceOf(AmazonWebServicesCredentials.class));
        }
    }

    /* loaded from: input_file:de/taimos/pipeline/aws/WithAWSStep$Execution.class */
    public static class Execution extends StepExecution {
        private final transient WithAWSStep step;
        private final EnvVars envVars;
        private static final String ALLOW_ALL_POLICY = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":\"*\",\"Effect\":\"Allow\",\"Resource\":\"*\"}]}";
        private static final long serialVersionUID = 1;

        public Execution(WithAWSStep withAWSStep, StepContext stepContext) {
            super(stepContext);
            this.step = withAWSStep;
            try {
                this.envVars = (EnvVars) stepContext.get(EnvVars.class);
            } catch (Exception e) {
                throw new IllegalStateException(e);
            }
        }

        public boolean start() throws Exception {
            final EnvVars envVars = new EnvVars();
            withCredentials((Run) getContext().get(Run.class), envVars);
            withProfile(envVars);
            withRegion(envVars);
            withEndpointUrl(envVars);
            withRole(envVars);
            withFederatedUserId(envVars);
            getContext().newBodyInvoker().withContext(EnvironmentExpander.merge((EnvironmentExpander) getContext().get(EnvironmentExpander.class), new EnvironmentExpander() { // from class: de.taimos.pipeline.aws.WithAWSStep.Execution.1
                public void expand(@Nonnull EnvVars envVars2) throws IOException, InterruptedException {
                    envVars2.overrideAll(envVars);
                }
            })).withCallback(BodyExecutionCallback.wrap(getContext())).start();
            return false;
        }

        private void withFederatedUserId(@Nonnull EnvVars envVars) {
            if (StringUtils.isNullOrEmpty(this.step.getFederatedUserId())) {
                return;
            }
            AWSSecurityTokenService aWSSecurityTokenService = (AWSSecurityTokenService) AWSClientFactory.create(AWSSecurityTokenServiceClientBuilder.standard(), this.envVars);
            GetFederationTokenRequest getFederationTokenRequest = new GetFederationTokenRequest();
            getFederationTokenRequest.setDurationSeconds(this.step.getDuration());
            getFederationTokenRequest.setName(this.step.getFederatedUserId());
            getFederationTokenRequest.setPolicy(ALLOW_ALL_POLICY);
            Credentials credentials = aWSSecurityTokenService.getFederationToken(getFederationTokenRequest).getCredentials();
            envVars.override("AWS_ACCESS_KEY_ID", credentials.getAccessKeyId());
            envVars.override("AWS_SECRET_ACCESS_KEY", credentials.getSecretAccessKey());
            envVars.override("AWS_SESSION_TOKEN", credentials.getSessionToken());
            this.envVars.overrideAll(envVars);
        }

        private void withCredentials(@Nonnull Run<?, ?> run, @Nonnull EnvVars envVars) throws IOException, InterruptedException {
            AWSCredentials credentials;
            if (!StringUtils.isNullOrEmpty(this.step.getCredentials())) {
                StandardUsernamePasswordCredentials findCredentialById = CredentialsProvider.findCredentialById(this.step.getCredentials(), StandardUsernamePasswordCredentials.class, run, Collections.emptyList());
                AmazonWebServicesCredentials findCredentialById2 = CredentialsProvider.findCredentialById(this.step.getCredentials(), AmazonWebServicesCredentials.class, run, Collections.emptyList());
                if (findCredentialById != null) {
                    envVars.override("AWS_ACCESS_KEY_ID", findCredentialById.getUsername());
                    envVars.override("AWS_SECRET_ACCESS_KEY", findCredentialById.getPassword().getPlainText());
                } else {
                    if (findCredentialById2 == null) {
                        throw new RuntimeException("Cannot find a Username with password credential with the ID " + this.step.getCredentials());
                    }
                    if (StringUtils.isNullOrEmpty(this.step.getIamMfaToken())) {
                        ((TaskListener) getContext().get(TaskListener.class)).getLogger().format("Constructing AWS Credentials", new Object[0]);
                        credentials = findCredentialById2.getCredentials();
                    } else {
                        ((TaskListener) getContext().get(TaskListener.class)).getLogger().format("Constructing AWS Credentials utilizing MFA Token", new Object[0]);
                        credentials = findCredentialById2.getCredentials(this.step.getIamMfaToken());
                    }
                    envVars.override("AWS_ACCESS_KEY_ID", credentials.getAWSAccessKeyId());
                    envVars.override("AWS_SECRET_ACCESS_KEY", credentials.getAWSSecretKey());
                }
            } else if (!StringUtils.isNullOrEmpty(this.step.getSamlAssertion())) {
                envVars.override("AWS_ACCESS_KEY_ID", "access_key_not_used_will_pass_through_SAML_assertion");
                envVars.override("AWS_SECRET_ACCESS_KEY", "secret_access_key_not_used_will_pass_through_SAML_assertion");
            }
            this.envVars.overrideAll(envVars);
        }

        private void withRole(@Nonnull EnvVars envVars) throws IOException, InterruptedException {
            if (StringUtils.isNullOrEmpty(this.step.getRole())) {
                return;
            }
            AWSSecurityTokenService aWSSecurityTokenService = (AWSSecurityTokenService) AWSClientFactory.create(AWSSecurityTokenServiceClientBuilder.standard(), this.envVars);
            AssumedRole.AssumeRole assumeRole = IamRoleUtils.validRoleArn(this.step.getRole()) ? new AssumedRole.AssumeRole(this.step.getRole()) : new AssumedRole.AssumeRole(this.step.getRole(), createAccountId(aWSSecurityTokenService), IamRoleUtils.selectPartitionName(this.envVars.get("AWS_REGION", (String) this.envVars.get("AWS_DEFAULT_REGION"))));
            assumeRole.withDurationSeconds(this.step.getDuration());
            assumeRole.withExternalId(this.step.getExternalId());
            assumeRole.withPolicy(this.step.getPolicy());
            assumeRole.withSamlAssertion(this.step.getSamlAssertion(), this.step.getPrincipalArn());
            assumeRole.withSessionName(createRoleSessionName());
            ((TaskListener) getContext().get(TaskListener.class)).getLogger().format("Requesting assume role", new Object[0]);
            AssumedRole assumedRole = assumeRole.assumedRole(aWSSecurityTokenService);
            ((TaskListener) getContext().get(TaskListener.class)).getLogger().format("Assumed role %s with id %s %n ", assumedRole.getAssumedRoleUser().getArn(), assumedRole.getAssumedRoleUser().getAssumedRoleId());
            envVars.override("AWS_ACCESS_KEY_ID", assumedRole.getCredentials().getAccessKeyId());
            envVars.override("AWS_SECRET_ACCESS_KEY", assumedRole.getCredentials().getSecretAccessKey());
            envVars.override("AWS_SESSION_TOKEN", assumedRole.getCredentials().getSessionToken());
            this.envVars.overrideAll(envVars);
        }

        private void withRegion(@Nonnull EnvVars envVars) throws IOException, InterruptedException {
            if (StringUtils.isNullOrEmpty(this.step.getRegion())) {
                return;
            }
            ((TaskListener) getContext().get(TaskListener.class)).getLogger().format("Setting AWS region %s %n ", this.step.getRegion());
            envVars.override("AWS_DEFAULT_REGION", this.step.getRegion());
            envVars.override("AWS_REGION", this.step.getRegion());
            this.envVars.overrideAll(envVars);
        }

        private void withEndpointUrl(@Nonnull EnvVars envVars) throws IOException, InterruptedException {
            if (StringUtils.isNullOrEmpty(this.step.getEndpointUrl())) {
                return;
            }
            ((TaskListener) getContext().get(TaskListener.class)).getLogger().format("Setting AWS endpointUrl %s %n ", this.step.getEndpointUrl());
            envVars.override("AWS_ENDPOINT_URL", this.step.getEndpointUrl());
            this.envVars.overrideAll(envVars);
        }

        private void withProfile(@Nonnull EnvVars envVars) throws IOException, InterruptedException {
            if (StringUtils.isNullOrEmpty(this.step.getProfile())) {
                return;
            }
            ((TaskListener) getContext().get(TaskListener.class)).getLogger().format("Setting AWS profile %s %n ", this.step.getProfile());
            envVars.override("AWS_DEFAULT_PROFILE", this.step.getProfile());
            envVars.override("AWS_PROFILE", this.step.getProfile());
            this.envVars.overrideAll(envVars);
        }

        private String createRoleSessionName() {
            return StringUtils.isNullOrEmpty(this.step.roleSessionName) ? RoleSessionNameBuilder.withJobName((String) this.envVars.get("JOB_NAME")).withBuildNumber((String) this.envVars.get("BUILD_NUMBER")).build() : this.step.roleSessionName;
        }

        private String createAccountId(AWSSecurityTokenService aWSSecurityTokenService) {
            return !StringUtils.isNullOrEmpty(this.step.getRoleAccount()) ? this.step.getRoleAccount() : aWSSecurityTokenService.getCallerIdentity(new GetCallerIdentityRequest()).getAccount();
        }
    }

    @DataBoundConstructor
    public WithAWSStep() {
    }

    public String getRole() {
        return this.role;
    }

    @DataBoundSetter
    public void setRole(String str) {
        this.role = str;
    }

    public String getRoleAccount() {
        return this.roleAccount;
    }

    @DataBoundSetter
    public void setRoleAccount(String str) {
        this.roleAccount = str;
    }

    public String getRegion() {
        return this.region;
    }

    @DataBoundSetter
    public void setRegion(String str) {
        this.region = str;
    }

    public String getEndpointUrl() {
        return this.endpointUrl;
    }

    @DataBoundSetter
    public void setEndpointUrl(String str) {
        this.endpointUrl = str;
    }

    public String getProfile() {
        return this.profile;
    }

    @DataBoundSetter
    public void setProfile(String str) {
        this.profile = str;
    }

    public String getCredentials() {
        return this.credentials;
    }

    @DataBoundSetter
    public void setCredentials(String str) {
        this.credentials = str;
    }

    public String getExternalId() {
        return this.externalId;
    }

    @DataBoundSetter
    public void setExternalId(String str) {
        this.externalId = str;
    }

    public String getIamMfaToken() {
        return this.iamMfaToken;
    }

    @DataBoundSetter
    public void setIamMfaToken(String str) {
        this.iamMfaToken = str;
    }

    public String getFederatedUserId() {
        return this.federatedUserId;
    }

    @DataBoundSetter
    public void setFederatedUserId(String str) {
        this.federatedUserId = str;
    }

    public String getPolicy() {
        return this.policy;
    }

    @DataBoundSetter
    public void setPolicy(String str) {
        this.policy = str;
    }

    public Integer getDuration() {
        return this.duration;
    }

    @DataBoundSetter
    public void setDuration(Integer num) {
        this.duration = num;
    }

    public String getRoleSessionName() {
        return this.roleSessionName;
    }

    @DataBoundSetter
    public void setRoleSessionName(String str) {
        this.roleSessionName = str;
    }

    public String getPrincipalArn() {
        return this.principalArn;
    }

    @DataBoundSetter
    public void setPrincipalArn(String str) {
        this.principalArn = str;
    }

    public String getSamlAssertion() {
        return this.samlAssertion;
    }

    @DataBoundSetter
    public void setSamlAssertion(String str) {
        this.samlAssertion = str;
    }

    public StepExecution start(StepContext stepContext) throws Exception {
        return new Execution(this, stepContext);
    }
}
