package uk.co.stevegal.jenkins.plugins.awsbucketcredentials;

import com.amazonaws.services.kms.model.DecryptRequest;
import com.amazonaws.services.s3.model.GetObjectRequest;
import com.amazonaws.services.s3.model.S3Object;
import com.amazonaws.services.s3.model.S3ObjectInputStream;
import com.cloudbees.plugins.credentials.CredentialsDescriptor;
import com.cloudbees.plugins.credentials.CredentialsScope;
import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials;
import com.cloudbees.plugins.credentials.impl.BaseStandardCredentials;
import edu.umd.cs.findbugs.annotations.CheckForNull;
import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.Extension;
import hudson.util.Secret;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.charset.Charset;
import java.util.logging.Logger;
import org.kohsuke.stapler.DataBoundConstructor;

/* loaded from: input_file:WEB-INF/lib/aws-bucket-credentials.jar:uk/co/stevegal/jenkins/plugins/awsbucketcredentials/AwsBucketCredentialsImpl.class */
public class AwsBucketCredentialsImpl extends BaseStandardCredentials implements AwsBucketCredentials, StandardUsernamePasswordCredentials {
    private static final long serialVersionUID = 1;
    private final String bucketName;
    private final String bucketPath;
    private boolean s3Proxy;
    private String kmsEncryptionContextKey;
    private final String kmsSecretName;
    private String username;
    private AwsS3ClientBuilder amazonS3ClientBuilder;
    private AwsKmsClientBuilder amazonKmsClientBuilder;
    private String region;
    private boolean kmsProxy;
    private String proxyHost;
    private String proxyPort;
    private boolean avoidKms;
    private static final Logger LOGGER = Logger.getLogger(AwsBucketCredentialsImpl.class.getName());

    @Extension
    /* loaded from: input_file:WEB-INF/lib/aws-bucket-credentials.jar:uk/co/stevegal/jenkins/plugins/awsbucketcredentials/AwsBucketCredentialsImpl$DescriptorImpl.class */
    public static class DescriptorImpl extends CredentialsDescriptor {
        public String getDisplayName() {
            return Messages.AwsBucketCredentialsImpl_DisplayName();
        }
    }

    /* loaded from: input_file:WEB-INF/lib/aws-bucket-credentials.jar:uk/co/stevegal/jenkins/plugins/awsbucketcredentials/AwsBucketCredentialsImpl$KmsDescription.class */
    public static final class KmsDescription {
        String kmsEncryptionContextKey;
        String kmsSecretName;
        boolean kmsProxy;

        @DataBoundConstructor
        public KmsDescription(boolean z, String str, String str2) {
            this.kmsProxy = z;
            this.kmsSecretName = str;
            this.kmsEncryptionContextKey = str2;
        }

        public void setKmsEncryptionContextKey(String str) {
            this.kmsEncryptionContextKey = str;
        }

        public String getKmsEncryptionContextKey() {
            return this.kmsEncryptionContextKey;
        }

        public void setKmsProxy(boolean z) {
            this.kmsProxy = z;
        }

        public boolean isKmsProxy() {
            return this.kmsProxy;
        }

        public String getKmsSecretName() {
            return this.kmsSecretName;
        }

        public void setKmsSecretName(String str) {
            this.kmsSecretName = str;
        }

        public String toString() {
            return super.toString() + "(kmsProxy:" + this.kmsProxy + ", kmsSecretName:" + this.kmsSecretName + ", kmsEncyptionContextKey:" + this.kmsEncryptionContextKey + ")";
        }
    }

    @DataBoundConstructor
    public AwsBucketCredentialsImpl(@CheckForNull CredentialsScope credentialsScope, @CheckForNull String str, @CheckForNull String str2, @CheckForNull String str3, @CheckForNull String str4, @CheckForNull String str5, @CheckForNull boolean z, @CheckForNull String str6, KmsDescription kmsDescription, String str7, String str8) {
        super(credentialsScope, str, str6);
        this.bucketName = str3;
        this.bucketPath = str4;
        this.s3Proxy = z;
        this.username = str5;
        this.region = str2;
        this.proxyHost = str7;
        this.proxyPort = str8;
        this.amazonS3ClientBuilder = new AwsS3ClientBuilder();
        this.amazonS3ClientBuilder.region(str2);
        if (z) {
            this.amazonS3ClientBuilder.proxyHost(str7).proxyPort(Integer.parseInt(str8));
        }
        this.amazonKmsClientBuilder = new AwsKmsClientBuilder();
        this.amazonKmsClientBuilder.region(str2);
        if (null == kmsDescription) {
            this.avoidKms = true;
            this.kmsSecretName = null;
            this.kmsProxy = false;
            this.kmsEncryptionContextKey = null;
        } else {
            this.avoidKms = false;
            this.kmsEncryptionContextKey = kmsDescription.kmsEncryptionContextKey;
            this.kmsSecretName = kmsDescription.kmsSecretName;
            this.kmsProxy = kmsDescription.kmsProxy;
        }
        if (this.kmsProxy) {
            this.amazonKmsClientBuilder.proxyHost(str7).proxyPort(Integer.parseInt(str8));
        }
    }

    public boolean isKmsProxy() {
        return this.kmsProxy;
    }

    public boolean isS3Proxy() {
        return this.s3Proxy;
    }

    public String getProxyHost() {
        return this.proxyHost;
    }

    public String getProxyPort() {
        return this.proxyPort;
    }

    @Override // uk.co.stevegal.jenkins.plugins.awsbucketcredentials.AwsBucketCredentials
    public String getDisplayName() {
        return this.bucketName + ":" + this.bucketPath;
    }

    @NonNull
    public Secret getPassword() {
        return Secret.fromString(decryptString(readS3BucketContents()));
    }

    private byte[] readS3BucketContents() {
        LOGGER.fine("reading s3 bucket");
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        S3Object object = this.amazonS3ClientBuilder.build().getObject(new GetObjectRequest(this.bucketName, this.bucketPath));
        try {
            try {
                LOGGER.fine("getting s3 bucket contents");
                S3ObjectInputStream objectContent = object.getObjectContent();
                byte[] bArr = new byte[1024];
                while (true) {
                    int read = objectContent.read(bArr, 0, bArr.length);
                    if (read == -1) {
                        break;
                    }
                    byteArrayOutputStream.write(bArr, 0, read);
                }
                byteArrayOutputStream.flush();
                LOGGER.fine("read contents");
                return byteArrayOutputStream.toByteArray();
            } catch (IOException e) {
                LOGGER.severe("IOException " + e.getMessage());
                throw new AwsBucketReadingException(e);
            }
        } finally {
            try {
                object.close();
            } catch (IOException e2) {
                LOGGER.severe("IO Exception closing bucket");
            }
        }
    }

    private String decryptString(byte[] bArr) {
        ByteBuffer wrap;
        if (this.avoidKms) {
            LOGGER.fine("no kms secret specified. Assume SSE");
            wrap = ByteBuffer.wrap(bArr);
        } else {
            DecryptRequest decryptRequest = new DecryptRequest();
            LOGGER.fine("decrypting with kms");
            if (null != this.kmsSecretName && null != this.kmsEncryptionContextKey) {
                LOGGER.info("decrypting with context");
                decryptRequest.addEncryptionContextEntry(this.kmsEncryptionContextKey, this.kmsSecretName);
            }
            decryptRequest.setCiphertextBlob(ByteBuffer.wrap(bArr));
            wrap = this.amazonKmsClientBuilder.build().decrypt(decryptRequest).getPlaintext();
            LOGGER.fine("decrypted with kms");
        }
        return Charset.forName("UTF-8").decode(wrap).toString();
    }

    @NonNull
    public String getUsername() {
        return this.username;
    }

    public String getBucketName() {
        return this.bucketName;
    }

    public String getBucketPath() {
        return this.bucketPath;
    }

    public String getKmsEncryptionContextKey() {
        return this.kmsEncryptionContextKey;
    }

    public String getKmsSecretName() {
        return this.kmsSecretName;
    }

    public String getRegion() {
        return this.region;
    }

    public KmsDescription getKmsDescription() {
        if (this.avoidKms) {
            return null;
        }
        return new KmsDescription(this.kmsProxy, this.kmsSecretName, this.kmsEncryptionContextKey);
    }
}
