package io.fabric8.maven.docker.util;

import com.google.gson.Gson;
import com.google.gson.JsonObject;
import io.fabric8.maven.docker.access.AuthConfig;
import io.fabric8.maven.docker.access.ecr.EcrExtendedAuth;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.io.Reader;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.maven.plugin.MojoExecutionException;
import org.apache.maven.settings.Server;
import org.apache.maven.settings.Settings;
import org.codehaus.plexus.PlexusContainer;
import org.codehaus.plexus.component.repository.exception.ComponentLookupException;
import org.codehaus.plexus.util.xml.Xpp3Dom;
import org.sonatype.plexus.components.sec.dispatcher.SecDispatcher;
import org.yaml.snakeyaml.Yaml;

/* loaded from: input_file:io/fabric8/maven/docker/util/AuthConfigFactory.class */
public class AuthConfigFactory {
    public static final String AUTH_USERNAME = "username";
    public static final String AUTH_PASSWORD = "password";
    public static final String AUTH_EMAIL = "email";
    public static final String AUTH_AUTHTOKEN = "authToken";
    private static final String AUTH_USE_OPENSHIFT_AUTH = "useOpenShiftAuth";
    static final String DOCKER_LOGIN_DEFAULT_REGISTRY = "https://index.docker.io/v1/";
    private final PlexusContainer container;
    private final Gson gson = new Gson();
    private Logger log;
    private static final String[] DEFAULT_REGISTRIES = {"docker.io", "index.docker.io", "registry.hub.docker.com"};

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/fabric8/maven/docker/util/AuthConfigFactory$LookupMode.class */
    public enum LookupMode {
        PUSH("docker.push.", "push"),
        PULL("docker.pull.", "pull"),
        DEFAULT("docker.", null);

        private final String sysPropPrefix;
        private String configMapKey;

        LookupMode(String str, String str2) {
            this.sysPropPrefix = str;
            this.configMapKey = str2;
        }

        public String asSysProperty(String str) {
            return this.sysPropPrefix + str;
        }

        public String getConfigMapKey() {
            return this.configMapKey;
        }
    }

    public AuthConfigFactory(PlexusContainer plexusContainer) {
        this.container = plexusContainer;
    }

    public void setLog(Logger logger) {
        this.log = logger;
    }

    public AuthConfig createAuthConfig(boolean z, boolean z2, Map map, Settings settings, String str, String str2) throws MojoExecutionException {
        AuthConfig createStandardAuthConfig = createStandardAuthConfig(z, map, settings, str, str2);
        if (createStandardAuthConfig != null) {
            if (str2 == null || z2) {
                return createStandardAuthConfig;
            }
            try {
                return extendedAuthentication(createStandardAuthConfig, str2);
            } catch (IOException e) {
                throw new MojoExecutionException(e.getMessage(), e);
            }
        }
        AuthConfig authConfigFromDockerConfig = getAuthConfigFromDockerConfig(str2);
        if (authConfigFromDockerConfig != null) {
            this.log.debug("AuthConfig: credentials from ~/.docker/config.json", new Object[0]);
            return authConfigFromDockerConfig;
        }
        this.log.debug("AuthConfig: no credentials found", new Object[0]);
        return null;
    }

    private AuthConfig extendedAuthentication(AuthConfig authConfig, String str) throws IOException, MojoExecutionException {
        EcrExtendedAuth ecrExtendedAuth = new EcrExtendedAuth(this.log, str);
        return ecrExtendedAuth.isAwsRegistry() ? ecrExtendedAuth.extendedAuth(authConfig) : authConfig;
    }

    private AuthConfig createStandardAuthConfig(boolean z, Map map, Settings settings, String str, String str2) throws MojoExecutionException {
        for (LookupMode lookupMode : new LookupMode[]{getLookupMode(z), LookupMode.DEFAULT}) {
            AuthConfig authConfigFromSystemProperties = getAuthConfigFromSystemProperties(lookupMode);
            if (authConfigFromSystemProperties != null) {
                this.log.debug("AuthConfig: credentials from system properties", new Object[0]);
                return authConfigFromSystemProperties;
            }
            AuthConfig authConfigFromOpenShiftConfig = getAuthConfigFromOpenShiftConfig(lookupMode, map);
            if (authConfigFromOpenShiftConfig != null) {
                this.log.debug("AuthConfig: OpenShift credentials", new Object[0]);
                return authConfigFromOpenShiftConfig;
            }
            AuthConfig authConfigFromPluginConfiguration = getAuthConfigFromPluginConfiguration(lookupMode, map);
            if (authConfigFromPluginConfiguration != null) {
                this.log.debug("AuthConfig: credentials from plugin config", new Object[0]);
                return authConfigFromPluginConfiguration;
            }
        }
        AuthConfig authConfigFromSettings = getAuthConfigFromSettings(settings, str, str2);
        if (authConfigFromSettings == null) {
            return null;
        }
        this.log.debug("AuthConfig: credentials from ~/.m2/setting.xml", new Object[0]);
        return authConfigFromSettings;
    }

    private AuthConfig getAuthConfigFromSystemProperties(LookupMode lookupMode) throws MojoExecutionException {
        Properties properties = System.getProperties();
        String asSysProperty = lookupMode.asSysProperty(AUTH_USERNAME);
        String asSysProperty2 = lookupMode.asSysProperty(AUTH_PASSWORD);
        if (!properties.containsKey(asSysProperty)) {
            return null;
        }
        if (properties.containsKey(asSysProperty2)) {
            return new AuthConfig(properties.getProperty(asSysProperty), decrypt(properties.getProperty(asSysProperty2)), properties.getProperty(lookupMode.asSysProperty(AUTH_EMAIL)), properties.getProperty(lookupMode.asSysProperty(AUTH_AUTHTOKEN)));
        }
        throw new MojoExecutionException("No " + asSysProperty2 + " provided for username " + properties.getProperty(asSysProperty));
    }

    private AuthConfig getAuthConfigFromOpenShiftConfig(LookupMode lookupMode, Map map) throws MojoExecutionException {
        Properties properties = System.getProperties();
        String asSysProperty = lookupMode.asSysProperty(AUTH_USE_OPENSHIFT_AUTH);
        if (properties.containsKey(asSysProperty)) {
            if (Boolean.valueOf(properties.getProperty(asSysProperty)).booleanValue()) {
                return validateMandatoryOpenShiftLogin(parseOpenShiftConfig(), asSysProperty);
            }
            return null;
        }
        Map authConfigMapToCheck = getAuthConfigMapToCheck(lookupMode, map);
        if (authConfigMapToCheck != null && authConfigMapToCheck.containsKey(AUTH_USE_OPENSHIFT_AUTH) && Boolean.valueOf((String) authConfigMapToCheck.get(AUTH_USE_OPENSHIFT_AUTH)).booleanValue()) {
            return validateMandatoryOpenShiftLogin(parseOpenShiftConfig(), asSysProperty);
        }
        return null;
    }

    private AuthConfig getAuthConfigFromPluginConfiguration(LookupMode lookupMode, Map map) throws MojoExecutionException {
        Map authConfigMapToCheck = getAuthConfigMapToCheck(lookupMode, map);
        if (authConfigMapToCheck == null || !authConfigMapToCheck.containsKey(AUTH_USERNAME)) {
            return null;
        }
        if (!authConfigMapToCheck.containsKey(AUTH_PASSWORD)) {
            throw new MojoExecutionException("No 'password' given while using <authConfig> in configuration for mode " + lookupMode);
        }
        HashMap hashMap = new HashMap(authConfigMapToCheck);
        hashMap.put(AUTH_PASSWORD, decrypt((String) hashMap.get(AUTH_PASSWORD)));
        return new AuthConfig(hashMap);
    }

    private AuthConfig getAuthConfigFromSettings(Settings settings, String str, String str2) throws MojoExecutionException {
        Server server = null;
        for (Server server2 : settings.getServers()) {
            String id = server2.getId();
            if (server == null) {
                server = checkForServer(server2, id, str2, null);
            }
            Server checkForServer = checkForServer(server2, id, str2, str);
            if (checkForServer != null) {
                return createAuthConfigFromServer(checkForServer);
            }
        }
        if (server != null) {
            return createAuthConfigFromServer(server);
        }
        return null;
    }

    private AuthConfig getAuthConfigFromDockerConfig(String str) throws MojoExecutionException {
        JsonObject readDockerConfig = readDockerConfig();
        if (readDockerConfig == null) {
            return null;
        }
        String str2 = str != null ? str : DOCKER_LOGIN_DEFAULT_REGISTRY;
        if (readDockerConfig.has("credHelpers") || readDockerConfig.has("credsStore")) {
            if (readDockerConfig.has("credHelpers")) {
                JsonObject asJsonObject = readDockerConfig.getAsJsonObject("credHelpers");
                if (asJsonObject.has(str2)) {
                    return extractAuthConfigFromCredentialsHelper(str2, asJsonObject.get(str2).getAsString());
                }
            }
            if (readDockerConfig.has("credsStore")) {
                return extractAuthConfigFromCredentialsHelper(str2, readDockerConfig.get("credsStore").getAsString());
            }
        }
        if (readDockerConfig.has("auths")) {
            return extractAuthConfigFromAuths(str2, readDockerConfig.getAsJsonObject("auths"));
        }
        return null;
    }

    private AuthConfig extractAuthConfigFromAuths(String str, JsonObject jsonObject) {
        JsonObject credentialsNode = getCredentialsNode(jsonObject, str);
        if (credentialsNode == null || !credentialsNode.has("auth")) {
            return null;
        }
        return new AuthConfig(credentialsNode.get("auth").getAsString(), credentialsNode.has(AUTH_EMAIL) ? credentialsNode.get(AUTH_EMAIL).getAsString() : null);
    }

    private AuthConfig extractAuthConfigFromCredentialsHelper(String str, String str2) throws MojoExecutionException {
        CredentialHelperClient credentialHelperClient = new CredentialHelperClient(this.log, str2);
        this.log.debug("AuthConfig: credentials from credential helper/store %s version %s", credentialHelperClient.getName(), credentialHelperClient.getVersion());
        return credentialHelperClient.getAuthConfig(str);
    }

    private JsonObject getCredentialsNode(JsonObject jsonObject, String str) {
        if (jsonObject.has(str)) {
            return jsonObject.getAsJsonObject(str);
        }
        String ensureRegistryHttpUrl = EnvUtil.ensureRegistryHttpUrl(str);
        if (jsonObject.has(ensureRegistryHttpUrl)) {
            return jsonObject.getAsJsonObject(ensureRegistryHttpUrl);
        }
        return null;
    }

    private Map getAuthConfigMapToCheck(LookupMode lookupMode, Map map) {
        String configMapKey = lookupMode.getConfigMapKey();
        if (configMapKey == null) {
            return map;
        }
        if (map != null) {
            return (Map) map.get(configMapKey);
        }
        return null;
    }

    private AuthConfig parseOpenShiftConfig() {
        String str;
        Map<String, ?> readKubeConfig = readKubeConfig();
        if (readKubeConfig == null || (str = (String) readKubeConfig.get("current-context")) == null) {
            return null;
        }
        for (Map map : (List) readKubeConfig.get("contexts")) {
            if (str.equals(map.get("name"))) {
                return parseContext(readKubeConfig, (Map) map.get("context"));
            }
        }
        return null;
    }

    private AuthConfig parseContext(Map map, Map map2) {
        String str;
        List<Map> list;
        if (map2 == null || (str = (String) map2.get("user")) == null || (list = (List) map.get("users")) == null) {
            return null;
        }
        for (Map map3 : list) {
            if (str.equals(map3.get("name"))) {
                return parseUser(str, (Map) map3.get("user"));
            }
        }
        return null;
    }

    private AuthConfig parseUser(String str, Map map) {
        String str2;
        if (map == null || (str2 = (String) map.get("token")) == null) {
            return null;
        }
        Matcher matcher = Pattern.compile("^([^/]+).*$").matcher(str);
        return new AuthConfig(matcher.matches() ? matcher.group(1) : str, str2, null, null);
    }

    private AuthConfig validateMandatoryOpenShiftLogin(AuthConfig authConfig, String str) throws MojoExecutionException {
        if (authConfig != null) {
            return authConfig;
        }
        String str2 = System.getenv("KUBECONFIG");
        Object[] objArr = new Object[2];
        objArr[0] = str;
        objArr[1] = str2 != null ? str2 : "~/.kube/config";
        throw new MojoExecutionException(String.format("System property %s set, but not active user and/or token found in %s. Please use 'oc login' for connecting to OpenShift.", objArr));
    }

    private JsonObject readDockerConfig() {
        String str = System.getenv("DOCKER_CONFIG");
        Reader fileReaderFromDir = str == null ? getFileReaderFromDir(new File(getHomeDir(), ".docker/config.json")) : getFileReaderFromDir(new File(str, "config.json"));
        if (fileReaderFromDir != null) {
            return (JsonObject) this.gson.fromJson(fileReaderFromDir, JsonObject.class);
        }
        return null;
    }

    private Map<String, ?> readKubeConfig() {
        String str = System.getenv("KUBECONFIG");
        Reader fileReaderFromDir = str == null ? getFileReaderFromDir(new File(getHomeDir(), ".kube/config")) : getFileReaderFromDir(new File(str));
        if (fileReaderFromDir != null) {
            return (Map) new Yaml().load(fileReaderFromDir);
        }
        return null;
    }

    private Reader getFileReaderFromDir(File file) {
        if (!file.exists() || file.length() == 0) {
            return null;
        }
        try {
            return new FileReader(file);
        } catch (FileNotFoundException e) {
            throw new IllegalStateException("Cannot find " + file, e);
        }
    }

    private File getHomeDir() {
        String property = System.getProperty("user.home");
        if (property == null) {
            property = System.getenv("HOME");
        }
        return new File(property);
    }

    private Server checkForServer(Server server, String str, String str2, String str3) {
        for (String str4 : str2 != null ? new String[]{str2} : DEFAULT_REGISTRIES) {
            if (str.equals(str3 == null ? str4 : str4 + "/" + str3)) {
                return server;
            }
        }
        return null;
    }

    private String decrypt(String str) throws MojoExecutionException {
        try {
            Object lookup = this.container.lookup(SecDispatcher.ROLE, "maven");
            return (String) lookup.getClass().getMethod("decrypt", String.class).invoke(lookup, str);
        } catch (ComponentLookupException e) {
            throw new MojoExecutionException("Error looking security dispatcher", e);
        } catch (ReflectiveOperationException e2) {
            throw new MojoExecutionException("Cannot decrypt password: " + e2.getCause(), e2);
        }
    }

    private AuthConfig createAuthConfigFromServer(Server server) throws MojoExecutionException {
        return new AuthConfig(server.getUsername(), decrypt(server.getPassword()), extractFromServerConfiguration(server.getConfiguration(), AUTH_EMAIL), extractFromServerConfiguration(server.getConfiguration(), "auth"));
    }

    private String extractFromServerConfiguration(Object obj, String str) {
        Xpp3Dom child;
        if (obj == null || (child = ((Xpp3Dom) obj).getChild(str)) == null) {
            return null;
        }
        return child.getValue();
    }

    private LookupMode getLookupMode(boolean z) {
        return z ? LookupMode.PUSH : LookupMode.PULL;
    }
}
