package io.fabric8.jenkins.openshiftsync;

import com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey;
import com.cloudbees.plugins.credentials.Credentials;
import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.CredentialsScope;
import com.cloudbees.plugins.credentials.CredentialsStore;
import com.cloudbees.plugins.credentials.domains.Domain;
import com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl;
import hudson.Util;
import hudson.remoting.Base64;
import hudson.security.ACL;
import io.fabric8.kubernetes.api.model.Secret;
import io.fabric8.kubernetes.client.dsl.ClientNonNamespaceOperation;
import io.fabric8.kubernetes.client.dsl.ClientResource;
import io.fabric8.openshift.api.model.BuildConfig;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.logging.Level;
import java.util.logging.Logger;
import jenkins.model.Jenkins;
import org.acegisecurity.context.SecurityContext;
import org.acegisecurity.context.SecurityContextHolder;

/* loaded from: input_file:io/fabric8/jenkins/openshiftsync/CredentialsUtils.class */
public class CredentialsUtils {
    private static final Logger logger = Logger.getLogger(CredentialsUtils.class.getName());

    public static synchronized String updateSourceCredentials(BuildConfig buildConfig) throws IOException {
        Secret secret;
        String str = null;
        if (buildConfig.getSpec() != null && buildConfig.getSpec().getSource() != null && buildConfig.getSpec().getSource().getSourceSecret() != null && !buildConfig.getSpec().getSource().getSourceSecret().getName().isEmpty() && (secret = (Secret) ((ClientResource) ((ClientNonNamespaceOperation) OpenShiftUtils.getOpenShiftClient().secrets().inNamespace(buildConfig.getMetadata().getNamespace())).withName(buildConfig.getSpec().getSource().getSourceSecret().getName())).get()) != null) {
            Credentials secretToCredentials = secretToCredentials(secret);
            str = buildConfig.getMetadata().getNamespace() + "-" + buildConfig.getSpec().getSource().getSourceSecret().getName();
            Credentials lookupCredentials = lookupCredentials(str);
            SecurityContext impersonate = ACL.impersonate(ACL.SYSTEM);
            try {
                CredentialsStore credentialsStore = (CredentialsStore) CredentialsProvider.lookupStores(Jenkins.getInstance()).iterator().next();
                if (lookupCredentials != null) {
                    credentialsStore.updateCredentials(Domain.global(), lookupCredentials, secretToCredentials);
                } else {
                    credentialsStore.addCredentials(Domain.global(), secretToCredentials);
                }
            } finally {
                SecurityContextHolder.setContext(impersonate);
            }
        }
        return str;
    }

    private static Credentials lookupCredentials(String str) {
        return CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(Credentials.class, Jenkins.getInstance(), ACL.SYSTEM, Collections.emptyList()), CredentialsMatchers.withId(str));
    }

    private static Credentials secretToCredentials(Secret secret) {
        String type = secret.getType();
        boolean z = -1;
        switch (type.hashCode()) {
            case -2137285688:
                if (type.equals("kubernetes.io/basic-auth")) {
                    z = false;
                    break;
                }
                break;
            case -1357361554:
                if (type.equals("kubernetes.io/ssh-auth")) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, secret.getMetadata().getNamespace() + "-" + secret.getMetadata().getName(), secret.getMetadata().getNamespace() + "-" + secret.getMetadata().getName(), new String(Base64.decode(Util.fixNull((String) secret.getData().get("username"))), StandardCharsets.UTF_8), new String(Base64.decode(Util.fixNull((String) secret.getData().get("password"))), StandardCharsets.UTF_8));
            case true:
                return new BasicSSHUserPrivateKey(CredentialsScope.GLOBAL, secret.getMetadata().getNamespace() + "-" + secret.getMetadata().getName(), Util.fixNull((String) secret.getData().get("username")), new BasicSSHUserPrivateKey.DirectEntryPrivateKeySource(new String(Base64.decode(Util.fixNull((String) secret.getData().get("ssh-privatekey"))), StandardCharsets.UTF_8)), (String) null, secret.getMetadata().getNamespace() + "-" + secret.getMetadata().getName());
            default:
                logger.log(Level.WARNING, "Unknown secret type: " + secret.getType());
                return null;
        }
    }
}
