package io.yupiik.bundlebee.core.kube;

import io.yupiik.bundlebee.core.command.Executable;
import io.yupiik.bundlebee.core.configuration.Description;
import io.yupiik.bundlebee.core.event.OnKubeRequest;
import io.yupiik.bundlebee.core.http.DelegatingClient;
import io.yupiik.bundlebee.core.http.DryRunClient;
import io.yupiik.bundlebee.core.http.LoggingClient;
import io.yupiik.bundlebee.core.http.RateLimitedClient;
import io.yupiik.bundlebee.core.http.RateLimiter;
import io.yupiik.bundlebee.core.kube.KubeConfig;
import io.yupiik.bundlebee.core.lang.ConfigHolder;
import io.yupiik.bundlebee.core.qualifier.BundleBee;
import io.yupiik.bundlebee.core.yaml.Yaml2JsonConverter;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.StringReader;
import java.math.BigInteger;
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.time.Clock;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionStage;
import java.util.concurrent.Executor;
import java.util.concurrent.ForkJoinPool;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.function.Function;
import java.util.logging.Logger;
import java.util.stream.Stream;
import javax.annotation.PostConstruct;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.event.Event;
import javax.inject.Inject;
import javax.json.JsonException;
import javax.json.bind.JsonbException;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.johnzon.core.JsonChars;
import org.eclipse.microprofile.config.inject.ConfigProperty;

@ApplicationScoped
/* loaded from: input_file:io/yupiik/bundlebee/core/kube/HttpKubeClient.class */
public class HttpKubeClient implements ConfigHolder {
    private final Logger log = Logger.getLogger(HttpKubeClient.class.getName());

    @Inject
    @BundleBee
    private HttpClient dontUseAtRuntime;

    @Inject
    private Yaml2JsonConverter yaml2json;

    @Inject
    @Description("Kubeconfig location. If set to `auto` it will try to guess from your `$HOME/.kube/config` file until you set it so `explicit` where it will use other `bundlebee.kube` properties to create the client. The content can also be set inline!")
    @ConfigProperty(name = "kubeconfig", defaultValue = "auto")
    private String kubeConfig;

    @Inject
    @Description("HTTP timeout in ms, ignored if <= 0.")
    @ConfigProperty(name = "bundlebee.kube.http.timeout", defaultValue = "60000")
    private long timeout;

    @Inject
    @Description("When kubeconfig is not set the base API endpoint.")
    @ConfigProperty(name = "bundlebee.kube.api", defaultValue = "http://localhost:8080")
    private String baseApi;

    @Inject
    @Description("When `kubeconfig` is set to `explicit`, the bearer token to use (if set).")
    @ConfigProperty(name = "bundlebee.kube.token", defaultValue = Executable.UNSET)
    private String token;

    @Inject
    @Description("When kubeconfig (explicit or not) is used, the context to use. If not set it is taken from the kubeconfig itself.")
    @ConfigProperty(name = "bundlebee.kube.context", defaultValue = Executable.UNSET)
    private String kubeConfigContext;

    @Inject
    @Description("Should SSL connector be validated or not.")
    @ConfigProperty(name = "bundlebee.kube.validateSSL", defaultValue = "true")
    private boolean validateSSL;

    @Inject
    @Description("When kubeconfig is not set the namespace to use.")
    @ConfigProperty(name = "bundlebee.kube.namespace", defaultValue = "default")
    private String namespace;

    @Inject
    @Description("If `true` http requests/responses to Kubernetes will be logged.")
    @ConfigProperty(name = "bundlebee.kube.verbose", defaultValue = "false")
    private boolean verbose;

    @Inject
    @Description("If `true` http requests/responses are skipped. Note that dry run implies verbose=true for the http client. Note that as of today, all responses are mocked by a HTTP 200 and an empty JSON payload.")
    @ConfigProperty(name = "bundlebee.kube.dryRun", defaultValue = "false")
    private boolean dryRun;

    @Inject
    @Description("If `true` GET http requests are not skipped when `dryRun` is true.")
    @ConfigProperty(name = "bundlebee.kube.skipDryRunForGet", defaultValue = "false")
    private boolean skipDryRunForGet;

    @Inject
    @Description("Should HTTP client requests be limited and HTTP 427 responses be handled.")
    @ConfigProperty(name = "bundlebee.kube.rateLimiter.enabled", defaultValue = "false")
    private boolean rateLimiterEnabled;

    @Inject
    @Description("How many calls can be done if rate limiting is enabled. Note that setting it to `Integer.MAX_VALUE` will disable the client rate limiting and only enable server one.")
    @ConfigProperty(name = "bundlebee.kube.rateLimiter.permits", defaultValue = "100")
    private int rateLimiterPermits;

    @Inject
    @Description("Rate limiting window duration in milliseconds (default being 1 second).")
    @ConfigProperty(name = "bundlebee.kube.rateLimiter.window", defaultValue = "1000")
    private int rateLimiterWindow;

    @Inject
    private Event<OnKubeRequest> onKubeRequestEvent;
    private Function<HttpRequest.Builder, HttpRequest.Builder> setAuth;
    private HttpClient client;
    private KubeConfig loadedKubeConfig;
    private Map<String, String> resourceMapping;
    private List<String> kindsToSkipUpdateIfPossible;
    private Duration timeoutDuration;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/yupiik/bundlebee/core/kube/HttpKubeClient$PEM.class */
    public static class PEM {

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:io/yupiik/bundlebee/core/kube/HttpKubeClient$PEM$Asn1Object.class */
        public static class Asn1Object {
            protected final int type;
            protected final int length;
            protected final byte[] value;
            protected final int tag;

            private boolean isConstructed() {
                return (this.tag & 32) == 32;
            }

            private DerReader getParser() throws IOException {
                if (isConstructed()) {
                    return new DerReader(this.value);
                }
                throw new IOException("Invalid DER: can't parse primitive entity");
            }

            private BigInteger getInteger() throws IOException {
                if (this.type != 2) {
                    throw new IOException("Invalid DER: object is not integer");
                }
                return new BigInteger(this.value);
            }

            public Asn1Object(int i, int i2, byte[] bArr, int i3) {
                this.type = i;
                this.length = i2;
                this.value = bArr;
                this.tag = i3;
            }

            public int getType() {
                return this.type;
            }

            public int getLength() {
                return this.length;
            }

            public byte[] getValue() {
                return this.value;
            }

            public int getTag() {
                return this.tag;
            }

            public boolean equals(Object obj) {
                if (obj == this) {
                    return true;
                }
                if (!(obj instanceof Asn1Object)) {
                    return false;
                }
                Asn1Object asn1Object = (Asn1Object) obj;
                return asn1Object.canEqual(this) && getType() == asn1Object.getType() && getLength() == asn1Object.getLength() && getTag() == asn1Object.getTag() && Arrays.equals(getValue(), asn1Object.getValue());
            }

            protected boolean canEqual(Object obj) {
                return obj instanceof Asn1Object;
            }

            public int hashCode() {
                return (((((((1 * 59) + getType()) * 59) + getLength()) * 59) + getTag()) * 59) + Arrays.hashCode(getValue());
            }

            public String toString() {
                return "HttpKubeClient.PEM.Asn1Object(type=" + getType() + ", length=" + getLength() + ", value=" + Arrays.toString(getValue()) + ", tag=" + getTag() + ")";
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:io/yupiik/bundlebee/core/kube/HttpKubeClient$PEM$DerReader.class */
        public static class DerReader {
            private static final int CONSTRUCTED = 32;
            private static final int INTEGER = 2;
            private static final int SEQUENCE = 16;
            private final InputStream in;

            private DerReader(byte[] bArr) {
                this.in = new ByteArrayInputStream(bArr);
            }

            private Asn1Object read() throws IOException {
                int read = this.in.read();
                if (read == -1) {
                    throw new IOException("Invalid DER: stream too short, missing tag");
                }
                int length = length();
                byte[] bArr = new byte[length];
                if (this.in.read(bArr) < length) {
                    throw new IOException("Invalid DER: stream too short, missing value");
                }
                return new Asn1Object(read & 31, length, bArr, read);
            }

            private int length() throws IOException {
                int read = this.in.read();
                if (read == -1) {
                    throw new IOException("Invalid DER: length missing");
                }
                if ((read & JsonChars.KEY_SEPARATOR_EVENT) == 0) {
                    return read;
                }
                int i = read & 127;
                if (read >= 255 || i > 4) {
                    throw new IOException("Invalid DER: length field too big (" + read + ")");
                }
                byte[] bArr = new byte[i];
                if (this.in.read(bArr) < i) {
                    throw new IOException("Invalid DER: length too short");
                }
                return new BigInteger(1, bArr).intValue();
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:io/yupiik/bundlebee/core/kube/HttpKubeClient$PEM$PEMObject.class */
        public static class PEMObject {
            private final String beginMarker;
            private final byte[] derBytes;

            public String getBeginMarker() {
                return this.beginMarker;
            }

            public byte[] getDerBytes() {
                return this.derBytes;
            }

            public PEMObject(String str, byte[] bArr) {
                this.beginMarker = str;
                this.derBytes = bArr;
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:io/yupiik/bundlebee/core/kube/HttpKubeClient$PEM$PEMType.class */
        public enum PEMType {
            PRIVATE_KEY_PKCS1("-----BEGIN RSA PRIVATE KEY-----"),
            PRIVATE_EC_KEY_PKCS8("-----BEGIN EC PRIVATE KEY-----"),
            PRIVATE_KEY_PKCS8("-----BEGIN PRIVATE KEY-----"),
            PUBLIC_KEY_X509("-----BEGIN PUBLIC KEY-----"),
            CERTIFICATE_X509("-----BEGIN CERTIFICATE-----");

            private final String beginMarker;

            PEMType(String str) {
                this.beginMarker = str;
            }

            private static PEMType fromBegin(String str) {
                return (PEMType) Stream.of((Object[]) values()).filter(pEMType -> {
                    return pEMType.beginMarker.equalsIgnoreCase(str);
                }).findFirst().orElse(null);
            }
        }

        private static PrivateKey rsaPrivateKeyFromPKCS8(byte[] bArr) {
            try {
                return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(bArr));
            } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
                throw new IllegalStateException(e);
            }
        }

        private static PrivateKey rsaPrivateKeyFromPKCS1(byte[] bArr) {
            try {
                return KeyFactory.getInstance("RSA").generatePrivate(newRSAPrivateCrtKeySpec(bArr));
            } catch (IOException e) {
                throw new IllegalArgumentException(e);
            } catch (NoSuchAlgorithmException | InvalidKeySpecException e2) {
                throw new IllegalStateException(e2);
            }
        }

        private static RSAPrivateCrtKeySpec newRSAPrivateCrtKeySpec(byte[] bArr) throws IOException {
            Asn1Object read = new DerReader(bArr).read();
            if (read.getType() != 16) {
                throw new IllegalArgumentException("Invalid DER: not a sequence");
            }
            DerReader parser = read.getParser();
            parser.read();
            return new RSAPrivateCrtKeySpec(parser.read().getInteger(), parser.read().getInteger(), parser.read().getInteger(), parser.read().getInteger(), parser.read().getInteger(), parser.read().getInteger(), parser.read().getInteger(), parser.read().getInteger());
        }

        private static PrivateKey ecPrivateKeyFromPKCS8(byte[] bArr) {
            try {
                return KeyFactory.getInstance("EC").generatePrivate(new PKCS8EncodedKeySpec(bArr));
            } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
                throw new IllegalStateException(e);
            }
        }

        private static PrivateKey readPrivateKey(String str, String str2) throws IOException {
            return (PrivateKey) readPEMObjects(str).stream().map(pEMObject -> {
                switch (PEMType.fromBegin(pEMObject.getBeginMarker())) {
                    case PRIVATE_KEY_PKCS1:
                        return rsaPrivateKeyFromPKCS1(pEMObject.getDerBytes());
                    case PRIVATE_EC_KEY_PKCS8:
                        return ecPrivateKeyFromPKCS8(pEMObject.getDerBytes());
                    case PRIVATE_KEY_PKCS8:
                        return str2.equalsIgnoreCase("rsa") ? rsaPrivateKeyFromPKCS8(pEMObject.getDerBytes()) : ecPrivateKeyFromPKCS8(pEMObject.getDerBytes());
                    default:
                        return null;
                }
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            }).findFirst().orElseGet(() -> {
                if (str.startsWith("---")) {
                    throw new IllegalArgumentException("Invalid key: " + str);
                }
                return str2.equalsIgnoreCase("rsa") ? rsaPrivateKeyFromPKCS8(Base64.getDecoder().decode(str)) : ecPrivateKeyFromPKCS8(Base64.getDecoder().decode(str));
            });
        }

        private static List<PEMObject> readPEMObjects(String str) throws IOException {
            BufferedReader bufferedReader = new BufferedReader(new StringReader(str));
            try {
                ArrayList arrayList = new ArrayList();
                boolean z = false;
                String str2 = null;
                String str3 = null;
                StringBuffer stringBuffer = null;
                while (true) {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        bufferedReader.close();
                        return arrayList;
                    }
                    if (z) {
                        if (readLine.contains(str3)) {
                            arrayList.add(new PEMObject(str2, Base64.getDecoder().decode(stringBuffer.toString())));
                            z = false;
                        } else {
                            stringBuffer.append(readLine.trim());
                        }
                    } else if (readLine.contains("-----BEGIN ")) {
                        z = true;
                        str2 = readLine.trim();
                        str3 = str2.replace("BEGIN", "END");
                        stringBuffer = new StringBuffer();
                    }
                }
            } catch (Throwable th) {
                try {
                    bufferedReader.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        }

        private PEM() {
        }
    }

    @PostConstruct
    private void init() {
        this.timeoutDuration = this.timeout <= 0 ? null : Duration.ofMillis(this.timeout);
        HttpClient.Builder newBuilder = HttpClient.newBuilder();
        Optional or = this.dontUseAtRuntime.connectTimeout().or(() -> {
            return Optional.ofNullable(this.timeoutDuration);
        });
        Objects.requireNonNull(newBuilder);
        or.ifPresent(newBuilder::connectTimeout);
        newBuilder.followRedirects(this.dontUseAtRuntime.followRedirects());
        newBuilder.version(this.dontUseAtRuntime.version());
        newBuilder.executor((Executor) this.dontUseAtRuntime.executor().orElseGet(ForkJoinPool::commonPool));
        this.client = new DelegatingClient(doConfigure(newBuilder).build()) { // from class: io.yupiik.bundlebee.core.kube.HttpKubeClient.1
            @Override // io.yupiik.bundlebee.core.http.DelegatingClient
            public <T> CompletableFuture<HttpResponse<T>> sendAsync(HttpRequest httpRequest, HttpResponse.BodyHandler<T> bodyHandler) {
                OnKubeRequest onKubeRequest = new OnKubeRequest(httpRequest);
                HttpKubeClient.this.onKubeRequestEvent.fire(onKubeRequest);
                return onKubeRequest.getUserResponse() != null ? (CompletableFuture) CompletableFuture.class.cast(onKubeRequest.getUserResponse().toCompletableFuture()) : onKubeRequest.getUserRequest() != null ? doSendAsync(onKubeRequest.getUserRequest(), bodyHandler) : doSendAsync(httpRequest, bodyHandler);
            }

            private <T> CompletableFuture<HttpResponse<T>> doSendAsync(HttpRequest httpRequest, HttpResponse.BodyHandler<T> bodyHandler) {
                return super.sendAsync(httpRequest, bodyHandler).whenCompleteAsync((httpResponse, th) -> {
                }, (Executor) HttpKubeClient.this.client.executor().orElseGet(ForkJoinPool::commonPool));
            }
        };
        if (this.dryRun) {
            this.client = new LoggingClient(this.log, new DryRunClient(this.client, this.skipDryRunForGet));
        } else if (this.verbose) {
            this.client = new LoggingClient(this.log, this.client);
        }
        if (this.rateLimiterEnabled) {
            this.client = new RateLimitedClient(this.client, new RateLimiter(this.rateLimiterPermits, this.rateLimiterWindow, Clock.systemUTC()));
        }
        if (this.loadedKubeConfig == null || this.loadedKubeConfig.getClusters() == null || this.loadedKubeConfig.getClusters().isEmpty()) {
            KubeConfig.Cluster cluster = new KubeConfig.Cluster();
            cluster.setServer(this.baseApi);
            KubeConfig.NamedCluster namedCluster = new KubeConfig.NamedCluster();
            namedCluster.setName("default");
            namedCluster.setCluster(cluster);
            this.loadedKubeConfig = new KubeConfig();
            this.loadedKubeConfig.setClusters(List.of(namedCluster));
        }
    }

    public CompletionStage<HttpResponse<String>> execute(HttpRequest.Builder builder, String str) {
        return this.client.sendAsync(prepareRequest(builder, str), HttpResponse.BodyHandlers.ofString(StandardCharsets.UTF_8));
    }

    public HttpRequest prepareRequest(HttpRequest.Builder builder, String str) {
        HttpRequest.Builder uri = this.setAuth.apply(builder).uri(URI.create((str.startsWith("http:") || str.startsWith("https:")) ? str : this.baseApi + str));
        if (this.timeoutDuration != null) {
            uri.timeout(this.timeoutDuration);
        }
        return uri.build();
    }

    private HttpClient.Builder doConfigure(HttpClient.Builder builder) {
        if (!"auto".equals(this.kubeConfig) && !"explicit".equals(this.kubeConfig)) {
            Path path = Paths.get(this.kubeConfig, new String[0]);
            if (Files.exists(path, new LinkOption[0])) {
                try {
                    return doConfigureFrom(path.toString(), Files.readString(path, StandardCharsets.UTF_8), builder);
                } catch (IOException e) {
                    throw new IllegalStateException(e);
                }
            }
            if (this.kubeConfig.startsWith("{") || this.kubeConfig.contains("apiVersion")) {
                this.log.info(() -> {
                    return "Using in memory kubeconfig";
                });
                return doConfigureFrom("in-memory", this.kubeConfig.strip(), builder);
            }
        }
        if (!"explicit".equals(this.kubeConfig)) {
            Path resolve = Paths.get(System.getProperty("user.home"), new String[0]).resolve(".kube/config");
            if (Files.exists(resolve, new LinkOption[0])) {
                try {
                    return doConfigureFrom(resolve.toString(), Files.readString(resolve, StandardCharsets.UTF_8), builder);
                } catch (IOException e2) {
                    throw new IllegalStateException(e2);
                }
            }
        }
        if (this.setAuth == null) {
            this.setAuth = Executable.UNSET.equals(this.token) ? Function.identity() : builder2 -> {
                return builder2.header("Authorization", "Bearer " + this.token);
            };
        }
        if (this.validateSSL || !this.baseApi.startsWith("https")) {
            return builder;
        }
        System.setProperty("jdk.internal.httpclient.disableHostnameVerification", System.getProperty("jdk.internal.httpclient.disableHostnameVerification", "true"));
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, newNoopTrustManager(), new SecureRandom());
            return builder.sslContext(sSLContext);
        } catch (GeneralSecurityException e3) {
            throw new RuntimeException(e3);
        }
    }

    private HttpClient.Builder doConfigureFrom(String str, String str2, HttpClient.Builder builder) {
        try {
            this.loadedKubeConfig = (KubeConfig) this.yaml2json.convert(KubeConfig.class, str2);
            this.log.info("Read kubeconfig from " + str);
            return doConfigureFromLoadedKubeConfig(str, builder);
        } catch (JsonException | JsonbException e) {
            throw new IllegalStateException("Can't read '" + str + "': " + e.getMessage(), e);
        }
    }

    private HttpClient.Builder doConfigureFromLoadedKubeConfig(String str, HttpClient.Builder builder) {
        String str2 = (String) Optional.of(this.kubeConfigContext).filter(str3 -> {
            return !Executable.UNSET.equals(str3);
        }).orElseGet(() -> {
            return (String) Optional.ofNullable(this.loadedKubeConfig.getCurrentContext()).orElseGet(() -> {
                if (this.loadedKubeConfig.getClusters() == null || this.loadedKubeConfig.getClusters().isEmpty()) {
                    throw new IllegalArgumentException("No current context in " + str + ", ensure to configure kube client please.");
                }
                KubeConfig.NamedCluster next = this.loadedKubeConfig.getClusters().iterator().next();
                this.log.info(() -> {
                    return "Will use kube context '" + next + "'";
                });
                return next.getName();
            });
        });
        String str4 = "No kube context '" + str2 + "', ensure to configure kube client please";
        KubeConfig.Context context = (KubeConfig.Context) Objects.requireNonNull((KubeConfig.Context) ((List) Objects.requireNonNull(this.loadedKubeConfig.getContexts(), str4)).stream().filter(namedContext -> {
            return Objects.equals(namedContext.getName(), str2);
        }).findFirst().map((v0) -> {
            return v0.getContext();
        }).orElseThrow(() -> {
            return new IllegalArgumentException(str4);
        }), str4);
        if (context.getNamespace() != null && "default".equals(this.namespace)) {
            this.namespace = context.getNamespace();
        }
        String str5 = "No kube cluster '" + context.getCluster() + "', ensure to configure kube client please";
        KubeConfig.Cluster cluster = (KubeConfig.Cluster) Objects.requireNonNull((KubeConfig.Cluster) ((List) Objects.requireNonNull(this.loadedKubeConfig.getClusters(), str5)).stream().filter(namedCluster -> {
            return Objects.equals(namedCluster.getName(), context.getCluster());
        }).findFirst().map((v0) -> {
            return v0.getCluster();
        }).orElseThrow(() -> {
            return new IllegalArgumentException(str5);
        }), str5);
        String server = cluster.getServer();
        if (server == null || server.contains("://")) {
            if (server != null) {
                this.baseApi = server;
            }
        } else if (server.contains(":443")) {
            this.baseApi = "https://" + server;
        } else {
            this.baseApi = "http://" + server;
        }
        if (this.baseApi.endsWith("/")) {
            this.baseApi = this.baseApi.substring(0, this.baseApi.length() - 1);
        }
        String str6 = "No kube user '" + context.getUser() + "', ensure to configure kube client please";
        KubeConfig.User user = (KubeConfig.User) Objects.requireNonNull((KubeConfig.User) ((List) Objects.requireNonNull(this.loadedKubeConfig.getUsers(), str6)).stream().filter(namedUser -> {
            return Objects.equals(namedUser.getName(), context.getUser());
        }).findFirst().map((v0) -> {
            return v0.getUser();
        }).orElseThrow(() -> {
            return new IllegalArgumentException(str6);
        }), str6);
        KeyManager[] keyManagerArr = null;
        if (user.getUsername() != null && user.getPassword() != null) {
            String str7 = "Basic " + Base64.getEncoder().encodeToString((user.getUsername() + ":" + user.getPassword()).getBytes(StandardCharsets.UTF_8));
            this.setAuth = builder2 -> {
                return builder2.header("Authorization", str7);
            };
        } else if (user.getToken() != null) {
            this.setAuth = builder3 -> {
                return builder3.header("Authorization", "Bearer " + user.getToken());
            };
        } else if (user.getTokenFile() != null) {
            try {
                String trim = Files.readString(Paths.get(user.getTokenFile(), new String[0]), StandardCharsets.UTF_8).trim();
                this.setAuth = builder4 -> {
                    return builder4.header("Authorization", "Bearer " + trim);
                };
            } catch (IOException e) {
                throw new IllegalArgumentException(e);
            }
        } else if ((user.getClientCertificate() == null && user.getClientCertificateData() == null) || (user.getClientKey() == null && user.getClientKeyData() == null)) {
            this.log.info("No security found for Kuber client, this is an unusual setup");
            this.setAuth = Function.identity();
        } else {
            try {
                byte[] decode = user.getClientCertificateData() != null ? Base64.getDecoder().decode(user.getClientCertificateData()) : Files.readAllBytes(Paths.get(user.getClientCertificate(), new String[0]));
                String str8 = new String(user.getClientKeyData() != null ? Base64.getDecoder().decode(user.getClientKeyData()) : Files.readAllBytes(Paths.get(user.getClientKey(), new String[0])), StandardCharsets.UTF_8);
                String str9 = str8.contains("BEGIN EC PRIVATE KEY") ? "EC" : str8.contains("BEGIN RSA PRIVATE KEY") ? "RSA" : "";
                try {
                    ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(decode);
                    try {
                        X509Certificate x509Certificate = (X509Certificate) X509Certificate.class.cast(CertificateFactory.getInstance("X509").generateCertificate(byteArrayInputStream));
                        PrivateKey readPrivateKey = PEM.readPrivateKey(str8, str9);
                        KeyStore keyStore = KeyStore.getInstance("JKS");
                        keyStore.load(null);
                        keyStore.setKeyEntry(x509Certificate.getSubjectX500Principal().getName(), readPrivateKey, new char[0], new X509Certificate[]{x509Certificate});
                        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                        keyManagerFactory.init(keyStore, new char[0]);
                        keyManagerArr = keyManagerFactory.getKeyManagers();
                        byteArrayInputStream.close();
                        this.setAuth = Function.identity();
                    } catch (Throwable th) {
                        try {
                            byteArrayInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                        throw th;
                    }
                } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e2) {
                    throw new IllegalStateException(e2);
                }
            } catch (IOException e3) {
                throw new IllegalStateException(e3);
            } catch (RuntimeException e4) {
                throw e4;
            }
        }
        if (cluster.getCertificateAuthorityData() == null && cluster.getCertificateAuthority() == null) {
            return builder;
        }
        try {
            byte[] decode2 = cluster.getCertificateAuthorityData() != null ? Base64.getDecoder().decode(cluster.getCertificateAuthorityData()) : Files.readAllBytes(Paths.get(cluster.getCertificateAuthority(), new String[0]));
            try {
                SSLContext sSLContext = SSLContext.getInstance("TLS");
                sSLContext.init(keyManagerArr, findTrustManager(cluster, decode2), new SecureRandom());
                return builder.sslContext(sSLContext);
            } catch (IOException | GeneralSecurityException e5) {
                throw new RuntimeException(e5);
            }
        } catch (IOException e6) {
            throw new IllegalStateException(e6);
        }
    }

    private TrustManager[] findTrustManager(KubeConfig.Cluster cluster, byte[] bArr) throws NoSuchAlgorithmException, KeyStoreException, CertificateException, IOException {
        if (cluster.isInsecureSkipTlsVerify()) {
            return newNoopTrustManager();
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        if (bArr == null) {
            trustManagerFactory.init((KeyStore) null);
        } else {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            try {
                Collection<? extends Certificate> generateCertificates = certificateFactory.generateCertificates(byteArrayInputStream);
                if (generateCertificates.isEmpty()) {
                    throw new IllegalArgumentException("No certificate found for kube client");
                }
                AtomicInteger atomicInteger = new AtomicInteger();
                generateCertificates.forEach(certificate -> {
                    try {
                        keyStore.setCertificateEntry("ca-" + atomicInteger.incrementAndGet(), certificate);
                    } catch (KeyStoreException e) {
                        throw new IllegalStateException(e);
                    }
                });
                byteArrayInputStream.close();
                trustManagerFactory.init(keyStore);
            } catch (Throwable th) {
                try {
                    byteArrayInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        }
        return trustManagerFactory.getTrustManagers();
    }

    private TrustManager[] newNoopTrustManager() {
        return new TrustManager[]{new X509TrustManager() { // from class: io.yupiik.bundlebee.core.kube.HttpKubeClient.2
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        }};
    }

    public String getBaseApi() {
        return this.baseApi;
    }

    public String getNamespace() {
        return this.namespace;
    }

    public boolean isVerbose() {
        return this.verbose;
    }

    public boolean isDryRun() {
        return this.dryRun;
    }

    public boolean isSkipDryRunForGet() {
        return this.skipDryRunForGet;
    }

    public HttpClient getClient() {
        return this.client;
    }

    public KubeConfig getLoadedKubeConfig() {
        return this.loadedKubeConfig;
    }
}
