package io.jenkins.plugins.eks_token_plugin;

import com.amazonaws.DefaultRequest;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.auth.DefaultAWSCredentialsProviderChain;
import com.amazonaws.auth.SdkClock;
import com.amazonaws.auth.SignerFactory;
import com.amazonaws.auth.SignerParams;
import com.amazonaws.auth.presign.PresignerFacade;
import com.amazonaws.auth.presign.PresignerParams;
import com.amazonaws.http.HttpMethodName;
import com.amazonaws.internal.auth.DefaultSignerProvider;
import com.amazonaws.regions.Region;
import com.amazonaws.regions.Regions;
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient;
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder;
import com.amazonaws.services.securitytoken.model.GetCallerIdentityRequest;
import com.cloudbees.jenkins.plugins.awscredentials.AmazonWebServicesCredentials;
import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsScope;
import com.cloudbees.plugins.credentials.CredentialsStore;
import com.cloudbees.plugins.credentials.common.StandardListBoxModel;
import com.cloudbees.plugins.credentials.impl.BaseStandardCredentials;
import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.Extension;
import hudson.model.Item;
import hudson.security.ACL;
import hudson.util.FormValidation;
import hudson.util.ListBoxModel;
import hudson.util.Secret;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collections;
import java.util.Date;
import java.util.Objects;
import java.util.Optional;
import java.util.logging.Logger;
import jenkins.model.Jenkins;
import org.apache.commons.lang.StringUtils;
import org.jenkinsci.plugins.plaincredentials.StringCredentials;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.verb.POST;

/* loaded from: input_file:WEB-INF/lib/eks-token.jar:io/jenkins/plugins/eks_token_plugin/EksTokenCredentials.class */
public class EksTokenCredentials extends BaseStandardCredentials implements StringCredentials {
    private static final Logger log = Logger.getLogger(EksTokenCredentials.class.getName());
    public static final String EKS_TOKEN_CREDENTIALS_DISPLAY_NAME = "EKS Token Credentials";
    private String clusterName;
    private String region;

    @DataBoundSetter
    private String awsCredentialsId;

    @Extension
    /* loaded from: input_file:WEB-INF/lib/eks-token.jar:io/jenkins/plugins/eks_token_plugin/EksTokenCredentials$DescriptorImpl.class */
    public static class DescriptorImpl extends BaseStandardCredentials.BaseStandardCredentialsDescriptor {
        public String getDisplayName() {
            return EksTokenCredentials.EKS_TOKEN_CREDENTIALS_DISPLAY_NAME;
        }

        public ListBoxModel doFillAwsCredentialsIdItems() {
            Jenkins.get().checkPermission(Jenkins.SYSTEM_READ);
            return new StandardListBoxModel().includeEmptyValue().includeMatchingAs(ACL.SYSTEM, Jenkins.get(), AmazonWebServicesCredentials.class, Collections.emptyList(), CredentialsMatchers.instanceOf(AmazonWebServicesCredentials.class));
        }

        @POST
        public FormValidation doCheckClusterName(@QueryParameter String str) {
            return StringUtils.isEmpty(str) ? FormValidation.error("Cluster Name is Empty") : FormValidation.ok();
        }

        public ListBoxModel doFillRegionItems(@AncestorInPath Item item) {
            ListBoxModel listBoxModel = new ListBoxModel();
            Arrays.stream(Regions.values()).forEach(regions -> {
                listBoxModel.add(regions.getName());
            });
            return listBoxModel;
        }

        public /* bridge */ /* synthetic */ String getCheckIdUrl(CredentialsStore credentialsStore) throws UnsupportedEncodingException {
            return super.getCheckIdUrl(credentialsStore);
        }
    }

    @DataBoundConstructor
    public EksTokenCredentials(CredentialsScope credentialsScope, String str, String str2, @NonNull String str3, @NonNull String str4) {
        super(credentialsScope, str, str2);
        this.clusterName = str3;
        this.region = str4;
    }

    @NonNull
    public Secret getSecret() {
        return Secret.fromString(generateEksToken(this.clusterName, this.region, getAwsCredentialsProvider()));
    }

    AWSCredentialsProvider getAwsCredentialsProvider() {
        Optional map = Optional.ofNullable(this.awsCredentialsId).filter(StringUtils::isNotEmpty).flatMap(AwsCredentialsHelper::getAWSCredentials).map(AWSStaticCredentialsProvider::new);
        Class<AWSCredentialsProvider> cls = AWSCredentialsProvider.class;
        Objects.requireNonNull(AWSCredentialsProvider.class);
        return (AWSCredentialsProvider) map.map((v1) -> {
            return r1.cast(v1);
        }).orElseGet(DefaultAWSCredentialsProviderChain::new);
    }

    public String generateEksToken(String str, String str2, AWSCredentialsProvider aWSCredentialsProvider) {
        String serviceEndpoint = Region.getRegion(Regions.fromName(str2)).getServiceEndpoint("sts");
        DefaultRequest defaultRequest = new DefaultRequest(new GetCallerIdentityRequest(), "sts");
        URI uri = new URI("https", serviceEndpoint, null, null);
        defaultRequest.setResourcePath("/");
        defaultRequest.setEndpoint(uri);
        defaultRequest.setHttpMethod(HttpMethodName.GET);
        defaultRequest.addParameter("Action", "GetCallerIdentity");
        defaultRequest.addParameter("Version", "2011-06-15");
        defaultRequest.addHeader("x-k8s-aws-id", str);
        return "k8s-aws-v1." + Base64.getUrlEncoder().withoutPadding().encodeToString(new PresignerFacade(new PresignerParams(uri, aWSCredentialsProvider, new DefaultSignerProvider((AWSSecurityTokenServiceClient) AWSSecurityTokenServiceClientBuilder.standard().withRegion(str2).withCredentials(aWSCredentialsProvider).build(), SignerFactory.createSigner("AWS4SignerType", new SignerParams("sts", str2))), SdkClock.STANDARD)).presign(defaultRequest, new Date(System.currentTimeMillis() + 60000)).toString().getBytes(StandardCharsets.UTF_8));
    }

    public void setClusterName(String str) {
        this.clusterName = str;
    }

    public String getClusterName() {
        return this.clusterName;
    }

    public void setRegion(String str) {
        this.region = str;
    }

    public String getRegion() {
        return this.region;
    }

    public void setAwsCredentialsId(String str) {
        this.awsCredentialsId = str;
    }

    public String getAwsCredentialsId() {
        return this.awsCredentialsId;
    }
}
