package io.alauda.jenkins.devops.sync.util;

import com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey;
import com.cloudbees.plugins.credentials.Credentials;
import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.CredentialsScope;
import com.cloudbees.plugins.credentials.CredentialsStore;
import com.cloudbees.plugins.credentials.domains.Domain;
import com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.core.util.MinimalPrettyPrinter;
import hudson.Util;
import hudson.model.Fingerprint;
import hudson.model.TopLevelItem;
import hudson.remoting.Base64;
import hudson.security.ACL;
import io.alauda.devops.client.AlaudaDevOpsClient;
import io.alauda.jenkins.devops.sync.AlaudaSyncGlobalConfiguration;
import io.alauda.jenkins.devops.sync.constants.Constants;
import io.alauda.jenkins.devops.sync.core.InvalidSecretException;
import io.alauda.jenkins.devops.sync.credential.AlaudaToken;
import io.alauda.kubernetes.api.model.ObjectMeta;
import io.alauda.kubernetes.api.model.PipelineConfig;
import io.alauda.kubernetes.api.model.PipelineConfigSpec;
import io.alauda.kubernetes.api.model.PipelineSource;
import io.alauda.kubernetes.api.model.Secret;
import io.alauda.kubernetes.api.model.SecretKeySetRef;
import io.alauda.kubernetes.client.dsl.NonNamespaceOperation;
import io.alauda.kubernetes.client.dsl.Resource;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.Iterator;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.validation.constraints.NotNull;
import jenkins.model.Jenkins;
import org.acegisecurity.context.SecurityContext;
import org.acegisecurity.context.SecurityContextHolder;
import org.apache.commons.lang.StringUtils;
import org.json.JSONObject;

/* loaded from: input_file:WEB-INF/lib/alauda-devops-sync.jar:io/alauda/jenkins/devops/sync/util/CredentialsUtils.class */
public abstract class CredentialsUtils {
    private static final Logger logger = Logger.getLogger(CredentialsUtils.class.getName());

    private CredentialsUtils() {
    }

    /* JADX WARN: Multi-variable type inference failed */
    private static synchronized Secret getSourceCredentials(PipelineConfig pipelineConfig) {
        PipelineSource source;
        SecretKeySetRef secret;
        PipelineConfigSpec spec = pipelineConfig.getSpec();
        if (spec == null || (source = spec.getSource()) == null || (secret = source.getSecret()) == null || !StringUtils.isNotBlank(secret.getName())) {
            return null;
        }
        return (Secret) ((Resource) ((NonNamespaceOperation) AlaudaUtils.getAuthenticatedAlaudaClient().secrets().inNamespace(StringUtils.isBlank(secret.getNamespace()) ? pipelineConfig.getMetadata().getNamespace() : secret.getNamespace())).withName(secret.getName())).get();
    }

    public static synchronized String updateSourceCredentials(PipelineConfig pipelineConfig) throws IOException {
        String unlinkPCSecretToCrendential;
        Secret sourceCredentials = getSourceCredentials(pipelineConfig);
        if (sourceCredentials != null) {
            ObjectMeta metadata = sourceCredentials.getMetadata();
            unlinkPCSecretToCrendential = upsertCredential(sourceCredentials, metadata.getNamespace(), metadata.getName());
            if (unlinkPCSecretToCrendential == null) {
                return null;
            }
            PipelineConfigSecretToCredentialsMap.linkPCSecretToCredential(NamespaceName.create(pipelineConfig).toString(), unlinkPCSecretToCrendential);
        } else {
            unlinkPCSecretToCrendential = PipelineConfigSecretToCredentialsMap.unlinkPCSecretToCrendential(NamespaceName.create(pipelineConfig).toString());
            if (unlinkPCSecretToCrendential != null) {
                deleteCredential(unlinkPCSecretToCrendential, NamespaceName.create(pipelineConfig), pipelineConfig.getMetadata().getResourceVersion());
            }
        }
        return unlinkPCSecretToCrendential;
    }

    public static synchronized void deleteSourceCredentials(PipelineConfig pipelineConfig) throws IOException {
        if (getSourceCredentials(pipelineConfig) != null) {
        }
    }

    public static synchronized String upsertCredential(Secret secret) throws IOException {
        ObjectMeta metadata;
        if (secret == null || (metadata = secret.getMetadata()) == null) {
            return null;
        }
        return upsertCredential(secret, metadata.getNamespace(), metadata.getName());
    }

    @NotNull
    public static String upsertCredential(Secret secret, String str, String str2) throws IOException {
        String secretName = secretName(str, str2);
        if (secret != null) {
            Credentials secretToCredentials = secretToCredentials(secret);
            if (secretToCredentials == null) {
                throw new InvalidSecretException(secret.getKind());
            }
            Credentials lookupCredentials = lookupCredentials(str, secretName);
            SecurityContext impersonate = ACL.impersonate(ACL.SYSTEM);
            try {
                CredentialsStore store = getStore(str);
                if (store == null) {
                    return null;
                }
                if (lookupCredentials != null) {
                    store.updateCredentials(Domain.global(), lookupCredentials, secretToCredentials);
                    logger.info("Updated credential " + secretName + " from Secret " + NamespaceName.create(secret) + " with revision: " + secret.getMetadata().getResourceVersion());
                } else {
                    store.addCredentials(Domain.global(), secretToCredentials);
                    logger.info("Created credential " + secretName + " from Secret " + NamespaceName.create(secret) + " with revision: " + secret.getMetadata().getResourceVersion());
                }
                store.save();
                SecurityContextHolder.setContext(impersonate);
            } finally {
                SecurityContextHolder.setContext(impersonate);
            }
        }
        return secretName;
    }

    private static void deleteCredential(String str, NamespaceName namespaceName, String str2) throws IOException {
        Credentials lookupCredentials = lookupCredentials(namespaceName.getNamespace(), str);
        if (lookupCredentials != null) {
            SecurityContext impersonate = ACL.impersonate(ACL.SYSTEM);
            try {
                Fingerprint fingerprintOf = CredentialsProvider.getFingerprintOf(lookupCredentials);
                if (fingerprintOf != null && fingerprintOf.getJobs().size() > 0) {
                    StringBuffer stringBuffer = new StringBuffer();
                    Iterator it = fingerprintOf.getJobs().iterator();
                    while (it.hasNext()) {
                        stringBuffer.append((String) it.next()).append(MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR);
                    }
                    logger.info("About to delete credential " + str + "which is referenced by jobs: " + stringBuffer.toString());
                }
                CredentialsStore store = getStore(namespaceName.getNamespace());
                if (store == null) {
                    return;
                }
                store.removeCredentials(Domain.global(), lookupCredentials);
                logger.info("Deleted credential " + str + " from Secret " + namespaceName + " with revision: " + str2);
                store.save();
                SecurityContextHolder.setContext(impersonate);
            } finally {
                SecurityContextHolder.setContext(impersonate);
            }
        }
    }

    public static void deleteCredential(Secret secret) throws IOException {
        if (secret != null) {
            deleteCredential(secretName(secret.getMetadata().getNamespace(), secret.getMetadata().getName()), NamespaceName.create(secret), secret.getMetadata().getResourceVersion());
        }
    }

    public static String getCurrentToken() {
        String token;
        if (AlaudaSyncGlobalConfiguration.get() == null) {
            logger.info("global plugin configuration is null");
            return JsonProperty.USE_DEFAULT_NAME;
        }
        String credentialsId = AlaudaSyncGlobalConfiguration.get().getCredentialsId();
        return (credentialsId.equals(JsonProperty.USE_DEFAULT_NAME) || (token = getToken(credentialsId)) == null) ? JsonProperty.USE_DEFAULT_NAME : token;
    }

    public static String getToken(String str) {
        AlaudaToken firstOrNull = CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(AlaudaToken.class, Jenkins.getInstance(), ACL.SYSTEM, Collections.emptyList()), CredentialsMatchers.withId(str));
        if (firstOrNull != null) {
            return firstOrNull.getToken();
        }
        return null;
    }

    public static Credentials lookupCredentials(String str, String str2) {
        SecurityContext impersonate = ACL.impersonate(ACL.SYSTEM);
        try {
            Credentials findCredentials = findCredentials(str, str2);
            SecurityContextHolder.setContext(impersonate);
            return findCredentials;
        } catch (Throwable th) {
            SecurityContextHolder.setContext(impersonate);
            throw th;
        }
    }

    public static Credentials findCredentials(String str, String str2) {
        Jenkins jenkins = Jenkins.getInstance();
        return CredentialsMatchers.firstOrNull(isGlobal(str) ? CredentialsProvider.lookupCredentials(Credentials.class, jenkins, ACL.SYSTEM, Collections.emptyList()) : CredentialsProvider.lookupCredentials(Credentials.class, jenkins.getItem(str), ACL.SYSTEM, Collections.emptyList()), CredentialsMatchers.withId(str2));
    }

    public static CredentialsStore getStore(String str) {
        Jenkins jenkins = Jenkins.getInstance();
        if (isGlobal(str)) {
            return (CredentialsStore) CredentialsProvider.lookupStores(jenkins).iterator().next();
        }
        TopLevelItem item = jenkins.getItem(str);
        if (item != null) {
            return (CredentialsStore) CredentialsProvider.lookupStores(item).iterator().next();
        }
        logger.warning(String.format("Can't find folder[%s], can't create credentials.", str));
        return null;
    }

    public static boolean isGlobal(String str) {
        if (str == null) {
            return true;
        }
        return str.equals(AlaudaSyncGlobalConfiguration.get().getSharedNamespace());
    }

    private static String secretName(String str, String str2) {
        return str + "-" + str2;
    }

    private static Credentials secretToCredentials(Secret secret) {
        String namespace = secret.getMetadata().getNamespace();
        String name = secret.getMetadata().getName();
        Map<String, String> data = secret.getData();
        if (data == null) {
            logger.log(Level.WARNING, "An Kubernetes secret was marked for import, but it has no secret data.  No credential will be created.");
            return null;
        }
        String secretName = secretName(namespace, name);
        String type = secret.getType();
        boolean z = -1;
        switch (type.hashCode()) {
            case -2137285688:
                if (type.equals(Constants.ALAUDA_DEVOPS_SECRETS_TYPE_BASICAUTH)) {
                    z = true;
                    break;
                }
                break;
            case -2038657344:
                if (type.equals(Constants.ALAUDA_DEVOPS_SECRETS_TYPE_SERVICE_ACCOUNT_TOKEN)) {
                    z = 4;
                    break;
                }
                break;
            case -1926827967:
                if (type.equals(Constants.ALAUDA_DEVOPS_SECRETS_TYPE_OPAQUE)) {
                    z = false;
                    break;
                }
                break;
            case -1357361554:
                if (type.equals(Constants.ALAUDA_DEVOPS_SECRETS_TYPE_SSH)) {
                    z = 2;
                    break;
                }
                break;
            case -1353096253:
                if (type.equals(Constants.ALAUDA_DEVOPS_SECRETS_TYPE_OAUTH2)) {
                    z = 5;
                    break;
                }
                break;
            case 106765419:
                if (type.equals(Constants.ALAUDA_DEVOPS_SECRETS_TYPE_DOCKER)) {
                    z = 3;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                String str = data.get(Constants.ALAUDA_DEVOPS_SECRETS_DATA_USERNAME);
                String str2 = data.get(Constants.ALAUDA_DEVOPS_SECRETS_DATA_PASSWORD);
                if (StringUtils.isNotBlank(str) && StringUtils.isNotBlank(str2)) {
                    return newUsernamePasswordCredentials(secretName, str, str2);
                }
                String str3 = data.get(Constants.ALAUDA_DEVOPS_SECRETS_DATA_SSHPRIVATEKEY);
                if (StringUtils.isNotBlank(str3)) {
                    return newSSHUserCredential(secretName, data.get(Constants.ALAUDA_DEVOPS_SECRETS_DATA_USERNAME), str3);
                }
                logger.log(Level.WARNING, "Opaque secret either requires {0} and {1} fields for basic auth or {2} field for SSH key", new Object[]{Constants.ALAUDA_DEVOPS_SECRETS_DATA_USERNAME, Constants.ALAUDA_DEVOPS_SECRETS_DATA_PASSWORD, Constants.ALAUDA_DEVOPS_SECRETS_DATA_SSHPRIVATEKEY});
                return null;
            case true:
                return newUsernamePasswordCredentials(secretName, data.get(Constants.ALAUDA_DEVOPS_SECRETS_DATA_USERNAME), data.get(Constants.ALAUDA_DEVOPS_SECRETS_DATA_PASSWORD));
            case true:
                return newSSHUserCredential(secretName, data.get(Constants.ALAUDA_DEVOPS_SECRETS_DATA_USERNAME), data.get(Constants.ALAUDA_DEVOPS_SECRETS_DATA_SSHPRIVATEKEY));
            case true:
                return newDockerCredentials(secretName, data.get(Constants.ALAUDA_DEVOPS_SECRETS_DATA_DOCKER));
            case true:
                return newTokenCredentials(secretName, secret.getData().get("token"));
            case true:
                return newOauth2Credentials(secretName, secret.getData().get(Constants.ALAUDA_DEVOPS_SECRETS_DATA_ACCESSTOKENKEY), secret.getData().get(Constants.ALAUDA_DEVOPS_SECRETS_DATA_ACCESSTOKEN));
            default:
                logger.log(Level.WARNING, "Unknown secret type: " + secret.getType());
                return null;
        }
    }

    private static Credentials newSSHUserCredential(String str, String str2, String str3) {
        if (str != null && str.length() != 0 && str3 != null && str3.length() != 0) {
            return new BasicSSHUserPrivateKey(CredentialsScope.GLOBAL, str, Util.fixNull(str2), new BasicSSHUserPrivateKey.DirectEntryPrivateKeySource(new String(Base64.decode(str3), StandardCharsets.UTF_8)), (String) null, str);
        }
        logger.log(Level.WARNING, "Invalid secret data, secretName: " + str + " sshKeyData is null: " + (str3 == null) + " sshKeyData is empty: " + (str3 != null ? str3.length() == 0 : false));
        return null;
    }

    private static Credentials newUsernamePasswordCredentials(String str, String str2, String str3) {
        if (str != null && str.length() != 0 && str2 != null && str2.length() != 0 && str3 != null && str3.length() != 0) {
            return new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, str, str, new String(Base64.decode(str2), StandardCharsets.UTF_8), new String(Base64.decode(str3), StandardCharsets.UTF_8));
        }
        logger.log(Level.WARNING, "Invalid secret data, secretName: " + str + " usernameData is null: " + (str2 == null) + " usernameData is empty: " + (str2 != null ? str2.length() == 0 : false) + " passwordData is null: " + (str3 == null) + " passwordData is empty: " + (str3 != null ? str3.length() == 0 : false));
        return null;
    }

    public static Credentials newTokenCredentials(String str, String str2) {
        return new AlaudaToken(CredentialsScope.GLOBAL, str, null, hudson.util.Secret.fromString(new String(Base64.decode(str2), StandardCharsets.UTF_8)));
    }

    private static Credentials newOauth2Credentials(String str, String str2, String str3) {
        return newUsernamePasswordCredentials(str, str2, str3);
    }

    private static Credentials newDockerCredentials(String str, String str2) {
        JSONObject jSONObject;
        if (str == null || str.length() == 0 || str2 == null || str2.length() == 0) {
            logger.log(Level.WARNING, "Invalid secret data, secretName: " + str + " dockerData is null: " + (str2 == null));
            return null;
        }
        String str3 = new String(Base64.decode(str2), StandardCharsets.UTF_8);
        try {
            JSONObject jSONObject2 = new JSONObject(str3).getJSONObject("auths");
            if (jSONObject2 == null) {
                throw new Exception("Auths key in dockerconfig is null: " + str3);
            }
            while (jSONObject2.keys().hasNext()) {
                String next = jSONObject2.keys().next();
                if (next != null && next.length() != 0 && (jSONObject = jSONObject2.getJSONObject(next)) != null) {
                    String string = jSONObject.getString(Constants.ALAUDA_DEVOPS_SECRETS_DATA_USERNAME);
                    String string2 = jSONObject.getString(Constants.ALAUDA_DEVOPS_SECRETS_DATA_PASSWORD);
                    logger.info(String.format("Username: %s password: ***", string));
                    if (StringUtils.isEmpty(string) || StringUtils.isEmpty(string2)) {
                        logger.log(Level.WARNING, "Invalid docker data, secretName: " + str + " username is empty? " + StringUtils.isEmpty(string) + " password is empty?" + StringUtils.isEmpty(string2));
                    }
                    return new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, str, str, string, string2);
                }
            }
            return null;
        } catch (Exception e) {
            logger.log(Level.WARNING, "Invalid docker data, secretName: " + str + " dockerData is " + str3 + " e:" + e, (Throwable) e);
            return null;
        }
    }

    public static boolean hasCredentials() {
        AlaudaDevOpsClient authenticatedAlaudaClient = AlaudaUtils.getAuthenticatedAlaudaClient();
        return (authenticatedAlaudaClient == null || StringUtils.isEmpty(authenticatedAlaudaClient.getConfiguration().getOauthToken())) ? false : true;
    }
}
