package com.walmartlabs.concord.plugins.ansible;

import com.walmartlabs.concord.plugins.ansible.secrets.AnsibleSecretService;
import com.walmartlabs.concord.plugins.ansible.secrets.UsernamePassword;
import com.walmartlabs.concord.sdk.MapUtils;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.attribute.PosixFilePermission;
import java.util.Collections;
import java.util.HashSet;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/walmartlabs/concord/plugins/ansible/AnsibleAuthFactory.class */
public class AnsibleAuthFactory {
    private static final Logger log = LoggerFactory.getLogger(AnsibleAuthFactory.class);
    private final AnsibleSecretService secretService;

    public AnsibleAuthFactory(AnsibleSecretService ansibleSecretService) {
        this.secretService = ansibleSecretService;
    }

    public AnsibleAuth create(AnsibleContext ansibleContext) {
        Map map = MapUtils.getMap(ansibleContext.args(), TaskParams.AUTH, Collections.emptyMap());
        if (map.isEmpty()) {
            return new NopAuth();
        }
        if (map.size() != 1) {
            throw new RuntimeException("Invalid auth configuration. More that one auth type (expected one of 'krb5' or 'privateKey'): " + map.keySet());
        }
        Map.Entry entry = (Map.Entry) map.entrySet().iterator().next();
        String lowerCase = ((String) entry.getKey()).toLowerCase();
        boolean z = -1;
        switch (lowerCase.hashCode()) {
            case -1876040196:
                if (lowerCase.equals("privatekey")) {
                    z = true;
                    break;
                }
                break;
            case 3300282:
                if (lowerCase.equals("krb5")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                try {
                    UsernamePassword parseKerberosAuth = parseKerberosAuth(this.secretService, (Map) entry.getValue());
                    log.info("Using the kerberos username: {}", parseKerberosAuth.username());
                    return new KerberosAuth(parseKerberosAuth.username(), parseKerberosAuth.password(), ansibleContext.tmpDir(), ansibleContext.debug());
                } catch (Exception e) {
                    log.error("Error while fetching the kerberos credentials: {}", e.getMessage(), e);
                    throw new RuntimeException("Error while fetching the kerberos credentials: " + e.getMessage());
                }
            case true:
                try {
                    PrivateKeyAuth parsePrivateKeyAuth = parsePrivateKeyAuth(this.secretService, ansibleContext.workDir(), (Map) entry.getValue());
                    log.info("Using the private key: {}", parsePrivateKeyAuth.getKeyPath());
                    return parsePrivateKeyAuth;
                } catch (Exception e2) {
                    log.error("Error while fetching the private key: {}", e2.getMessage(), e2);
                    throw new RuntimeException("Error while fetching the private key: " + e2.getMessage());
                }
            default:
                throw new IllegalArgumentException("Unknown auth type: " + entry);
        }
    }

    private static UsernamePassword parseKerberosAuth(AnsibleSecretService ansibleSecretService, Map<String, Object> map) throws Exception {
        Map map2 = MapUtils.getMap(map, "secret", Collections.emptyMap());
        if (map2.isEmpty()) {
            return new UsernamePassword(MapUtils.assertString(map, "user"), MapUtils.assertString(map, "password"));
        }
        Secret from = Secret.from(map2);
        return ansibleSecretService.exportCredentials(from.getOrg(), from.getName(), from.getPassword());
    }

    private static PrivateKeyAuth parsePrivateKeyAuth(AnsibleSecretService ansibleSecretService, Path path, Map<String, Object> map) throws Exception {
        Path path2;
        boolean z = true;
        Map map2 = MapUtils.getMap(map, "secret", Collections.emptyMap());
        if (map2.isEmpty()) {
            path2 = ArgUtils.getPath(map, "path", path);
            z = false;
        } else {
            Secret from = Secret.from(map2);
            path2 = ansibleSecretService.exportKeyAsFile(from.getOrg(), from.getName(), from.getPassword()).privateKey();
        }
        if (!Files.exists(path2, new LinkOption[0])) {
            throw new IllegalArgumentException("Private key file not found: " + path2);
        }
        HashSet hashSet = new HashSet();
        hashSet.add(PosixFilePermission.OWNER_READ);
        hashSet.add(PosixFilePermission.OWNER_WRITE);
        Files.setPosixFilePermissions(path2, hashSet);
        return new PrivateKeyAuth(path, MapUtils.getString(map, "user"), path2.toAbsolutePath(), z);
    }
}
