package de.taimos.pipeline.aws;

import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient;
import com.amazonaws.services.securitytoken.model.AssumeRoleRequest;
import com.amazonaws.services.securitytoken.model.AssumeRoleResult;
import com.amazonaws.services.securitytoken.model.Credentials;
import com.amazonaws.services.securitytoken.model.GetCallerIdentityRequest;
import com.amazonaws.util.StringUtils;
import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.common.UsernamePasswordCredentials;
import hudson.EnvVars;
import hudson.Extension;
import hudson.model.TaskListener;
import hudson.security.ACL;
import java.io.IOException;
import java.util.Collections;
import javax.annotation.Nonnull;
import javax.inject.Inject;
import jenkins.model.Jenkins;
import org.jenkinsci.plugins.workflow.steps.AbstractStepDescriptorImpl;
import org.jenkinsci.plugins.workflow.steps.AbstractStepExecutionImpl;
import org.jenkinsci.plugins.workflow.steps.AbstractStepImpl;
import org.jenkinsci.plugins.workflow.steps.BodyExecutionCallback;
import org.jenkinsci.plugins.workflow.steps.EnvironmentExpander;
import org.jenkinsci.plugins.workflow.steps.StepContextParameter;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;

/* loaded from: input_file:de/taimos/pipeline/aws/WithAWSStep.class */
public class WithAWSStep extends AbstractStepImpl {
    private String role;
    private String roleAccount;
    private String region;
    private String profile;
    private String credentials;
    private String externalId;

    @Extension
    /* loaded from: input_file:de/taimos/pipeline/aws/WithAWSStep$DescriptorImpl.class */
    public static class DescriptorImpl extends AbstractStepDescriptorImpl {
        public DescriptorImpl() {
            super(Execution.class);
        }

        public String getFunctionName() {
            return "withAWS";
        }

        public String getDisplayName() {
            return "set AWS settings for nested block";
        }

        public boolean takesImplicitBlockArgument() {
            return true;
        }
    }

    /* loaded from: input_file:de/taimos/pipeline/aws/WithAWSStep$Execution.class */
    public static class Execution extends AbstractStepExecutionImpl {

        @Inject
        private transient WithAWSStep step;

        @StepContextParameter
        private transient TaskListener listener;

        @StepContextParameter
        private transient EnvVars envVars;
        private static final long serialVersionUID = 1;

        public boolean start() throws Exception {
            final EnvVars envVars = new EnvVars();
            withCredentials(envVars);
            withProfile(envVars);
            withRegion(envVars);
            withRole(envVars);
            getContext().newBodyInvoker().withContext(EnvironmentExpander.merge((EnvironmentExpander) getContext().get(EnvironmentExpander.class), new EnvironmentExpander() { // from class: de.taimos.pipeline.aws.WithAWSStep.Execution.1
                public void expand(@Nonnull EnvVars envVars2) throws IOException, InterruptedException {
                    envVars2.overrideAll(envVars);
                }
            })).withCallback(BodyExecutionCallback.wrap(getContext())).start();
            return false;
        }

        private void withCredentials(@Nonnull EnvVars envVars) {
            if (StringUtils.isNullOrEmpty(this.step.getCredentials())) {
                return;
            }
            UsernamePasswordCredentials firstOrNull = CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(UsernamePasswordCredentials.class, Jenkins.getInstance(), ACL.SYSTEM, Collections.emptyList()), CredentialsMatchers.withId(this.step.getCredentials()));
            if (firstOrNull == null) {
                throw new RuntimeException("Cannot find Jenkins credentials with name " + this.step.getCredentials());
            }
            envVars.override("AWS_ACCESS_KEY_ID", firstOrNull.getUsername());
            envVars.override("AWS_SECRET_ACCESS_KEY", firstOrNull.getPassword().getPlainText());
            this.envVars.overrideAll(envVars);
        }

        private void withRole(@Nonnull EnvVars envVars) {
            if (StringUtils.isNullOrEmpty(this.step.getRole())) {
                return;
            }
            AWSSecurityTokenServiceClient create = AWSClientFactory.create(AWSSecurityTokenServiceClient.class, this.envVars);
            String format = String.format("arn:aws:iam::%s:role/%s", !StringUtils.isNullOrEmpty(this.step.getRoleAccount()) ? this.step.getRoleAccount() : create.getCallerIdentity(new GetCallerIdentityRequest()).getAccount(), this.step.getRole());
            AssumeRoleResult assumeRole = create.assumeRole(new AssumeRoleRequest().withRoleArn(format).withRoleSessionName("Jenkins-" + System.currentTimeMillis()).withExternalId(this.step.getExternalId()));
            this.listener.getLogger().format("Assumed role %s with id %s %n ", format, assumeRole.getAssumedRoleUser().getAssumedRoleId());
            Credentials credentials = assumeRole.getCredentials();
            envVars.override("AWS_ACCESS_KEY_ID", credentials.getAccessKeyId());
            envVars.override("AWS_SECRET_ACCESS_KEY", credentials.getSecretAccessKey());
            envVars.override("AWS_SESSION_TOKEN", credentials.getSessionToken());
            this.envVars.overrideAll(envVars);
        }

        private void withRegion(@Nonnull EnvVars envVars) {
            if (StringUtils.isNullOrEmpty(this.step.getRegion())) {
                return;
            }
            this.listener.getLogger().format("Setting AWS region %s %n ", this.step.getRegion());
            envVars.override("AWS_DEFAULT_REGION", this.step.getRegion());
            envVars.override("AWS_REGION", this.step.getRegion());
            this.envVars.overrideAll(envVars);
        }

        private void withProfile(@Nonnull EnvVars envVars) {
            if (StringUtils.isNullOrEmpty(this.step.getProfile())) {
                return;
            }
            this.listener.getLogger().format("Setting AWS profile %s %n ", this.step.getProfile());
            envVars.override("AWS_DEFAULT_PROFILE", this.step.getProfile());
            envVars.override("AWS_PROFILE", this.step.getProfile());
            this.envVars.overrideAll(envVars);
        }

        public void stop(@Nonnull Throwable th) throws Exception {
        }
    }

    @DataBoundConstructor
    public WithAWSStep() {
    }

    public String getRole() {
        return this.role;
    }

    @DataBoundSetter
    public void setRole(String str) {
        this.role = str;
    }

    public String getRoleAccount() {
        return this.roleAccount;
    }

    @DataBoundSetter
    public void setRoleAccount(String str) {
        this.roleAccount = str;
    }

    public String getRegion() {
        return this.region;
    }

    @DataBoundSetter
    public void setRegion(String str) {
        this.region = str;
    }

    public String getProfile() {
        return this.profile;
    }

    @DataBoundSetter
    public void setProfile(String str) {
        this.profile = str;
    }

    public String getCredentials() {
        return this.credentials;
    }

    @DataBoundSetter
    public void setCredentials(String str) {
        this.credentials = str;
    }

    public String getExternalId() {
        return this.externalId;
    }

    @DataBoundSetter
    public void setExternalId(String str) {
        this.externalId = str;
    }
}
