package org.eclipse.jkube.kit.build.service.docker.auth;

import com.fasterxml.jackson.core.type.TypeReference;
import com.google.common.net.UrlEscapers;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.function.UnaryOperator;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.conn.ConnectTimeoutException;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.eclipse.jkube.kit.build.api.auth.AuthConfig;
import org.eclipse.jkube.kit.build.api.auth.AuthConfigFactory;
import org.eclipse.jkube.kit.build.api.helper.DockerFileUtil;
import org.eclipse.jkube.kit.build.api.helper.KubernetesConfigAuthUtil;
import org.eclipse.jkube.kit.build.service.docker.auth.ecr.AwsSdkAuthConfigFactory;
import org.eclipse.jkube.kit.build.service.docker.auth.ecr.AwsSdkHelper;
import org.eclipse.jkube.kit.build.service.docker.auth.ecr.EcrExtendedAuth;
import org.eclipse.jkube.kit.common.KitLogger;
import org.eclipse.jkube.kit.common.RegistryServerConfiguration;
import org.eclipse.jkube.kit.common.util.EnvUtil;
import org.eclipse.jkube.kit.common.util.Serialization;

/* loaded from: input_file:org/eclipse/jkube/kit/build/service/docker/auth/DockerAuthConfigFactory.class */
public class DockerAuthConfigFactory implements AuthConfigFactory {
    private static final String AUTH_USERNAME = "username";
    private static final String AUTH_PASSWORD = "password";
    private static final String AUTH_EMAIL = "email";
    private static final String AUTH_AUTHTOKEN = "authToken";
    private static final String AUTH_USE_OPENSHIFT_AUTH = "useOpenShiftAuth";
    private static final String DOCKER_LOGIN_DEFAULT_REGISTRY = "https://index.docker.io/v1/";
    private final KitLogger log;
    private final AwsSdkHelper awsSdkHelper;
    private static final String[] DEFAULT_REGISTRIES = {"docker.io", "index.docker.io", "registry.hub.docker.com"};

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/eclipse/jkube/kit/build/service/docker/auth/DockerAuthConfigFactory$LookupMode.class */
    public enum LookupMode {
        PUSH("jkube.docker.push.", "push"),
        PULL("jkube.docker.pull.", "pull"),
        DEFAULT("jkube.docker.", null);

        private final String sysPropPrefix;
        private final String configMapKey;

        LookupMode(String str, String str2) {
            this.sysPropPrefix = str;
            this.configMapKey = str2;
        }

        public String asSysProperty(String str) {
            return this.sysPropPrefix + str;
        }

        public String getConfigMapKey() {
            return this.configMapKey;
        }
    }

    public DockerAuthConfigFactory(KitLogger kitLogger) {
        this(kitLogger, new AwsSdkHelper());
    }

    DockerAuthConfigFactory(KitLogger kitLogger, AwsSdkHelper awsSdkHelper) {
        this.log = kitLogger;
        this.awsSdkHelper = awsSdkHelper;
    }

    public AuthConfig createAuthConfig(boolean z, boolean z2, Map map, List<RegistryServerConfiguration> list, String str, String str2, UnaryOperator<String> unaryOperator) throws IOException {
        AuthConfig createStandardAuthConfig = createStandardAuthConfig(z, map, list, str, str2, unaryOperator, this.log, this.awsSdkHelper);
        if (createStandardAuthConfig != null) {
            if (str2 == null || z2) {
                return createStandardAuthConfig;
            }
            try {
                return extendedAuthentication(createStandardAuthConfig, str2);
            } catch (IOException e) {
                throw new IOException(e.getMessage(), e);
            }
        }
        AuthConfig authConfigFromDockerConfig = getAuthConfigFromDockerConfig(str2, this.log);
        if (authConfigFromDockerConfig != null) {
            this.log.debug("AuthConfig: credentials from ~/.docker/config.json", new Object[0]);
            return authConfigFromDockerConfig;
        }
        this.log.debug("AuthConfig: no credentials found", new Object[0]);
        return null;
    }

    private AuthConfig extendedAuthentication(AuthConfig authConfig, String str) throws IOException {
        EcrExtendedAuth ecrExtendedAuth = new EcrExtendedAuth(this.log, str);
        return ecrExtendedAuth.isAwsRegistry() ? ecrExtendedAuth.extendedAuth(authConfig) : authConfig;
    }

    private static AuthConfig createStandardAuthConfig(boolean z, Map map, List<RegistryServerConfiguration> list, String str, String str2, UnaryOperator<String> unaryOperator, KitLogger kitLogger, AwsSdkHelper awsSdkHelper) throws IOException {
        for (LookupMode lookupMode : new LookupMode[]{getLookupMode(z), LookupMode.DEFAULT}) {
            AuthConfig authConfigFromSystemProperties = getAuthConfigFromSystemProperties(lookupMode, unaryOperator);
            if (authConfigFromSystemProperties != null) {
                kitLogger.debug("AuthConfig: credentials from system properties", new Object[0]);
                return authConfigFromSystemProperties;
            }
            AuthConfig authConfigFromOpenShiftConfig = getAuthConfigFromOpenShiftConfig(lookupMode, map);
            if (authConfigFromOpenShiftConfig != null) {
                kitLogger.debug("AuthConfig: OpenShift credentials", new Object[0]);
                return authConfigFromOpenShiftConfig;
            }
            AuthConfig authConfigFromPluginConfiguration = getAuthConfigFromPluginConfiguration(lookupMode, map, unaryOperator);
            if (authConfigFromPluginConfiguration != null) {
                kitLogger.debug("AuthConfig: credentials from plugin config", new Object[0]);
                return authConfigFromPluginConfiguration;
            }
        }
        AuthConfig authConfigFromSettings = getAuthConfigFromSettings(list, str, str2, unaryOperator);
        if (authConfigFromSettings != null) {
            kitLogger.debug("AuthConfig: credentials from ~/.m2/setting.xml", new Object[0]);
            return authConfigFromSettings;
        }
        if (!EcrExtendedAuth.isAwsRegistry(str2)) {
            return null;
        }
        AuthConfig authConfigViaAwsSdk = getAuthConfigViaAwsSdk(awsSdkHelper, kitLogger);
        if (authConfigViaAwsSdk != null) {
            kitLogger.debug("AuthConfig: AWS credentials from AWS SDK", new Object[0]);
            return authConfigViaAwsSdk;
        }
        AuthConfig authConfigFromAwsEnvironmentVariables = getAuthConfigFromAwsEnvironmentVariables(awsSdkHelper, kitLogger);
        if (authConfigFromAwsEnvironmentVariables != null) {
            kitLogger.debug("AuthConfig: AWS credentials from ENV variables", new Object[0]);
            return authConfigFromAwsEnvironmentVariables;
        }
        try {
            authConfigFromAwsEnvironmentVariables = getAuthConfigFromEC2InstanceRole(kitLogger);
        } catch (ConnectTimeoutException e) {
            kitLogger.debug("Connection timeout while retrieving instance meta-data, likely not an EC2 instance (%s)", new Object[]{e.getMessage()});
        } catch (IOException e2) {
            kitLogger.warn("Error while retrieving EC2 instance credentials: %s", new Object[]{e2.getMessage()});
        }
        if (authConfigFromAwsEnvironmentVariables != null) {
            kitLogger.debug("AuthConfig: credentials from EC2 instance role", new Object[0]);
            return authConfigFromAwsEnvironmentVariables;
        }
        try {
            authConfigFromAwsEnvironmentVariables = getAuthConfigFromTaskRole(awsSdkHelper, kitLogger);
        } catch (ConnectTimeoutException e3) {
            kitLogger.debug("Connection timeout while retrieving ECS meta-data, likely not an ECS instance (%s)", new Object[]{e3.getMessage()});
        } catch (IOException e4) {
            kitLogger.warn("Error while retrieving ECS Task role credentials: %s", new Object[]{e4.getMessage()});
        }
        if (authConfigFromAwsEnvironmentVariables == null) {
            return null;
        }
        kitLogger.debug("AuthConfig: credentials from ECS Task role", new Object[0]);
        return authConfigFromAwsEnvironmentVariables;
    }

    /* JADX WARN: Failed to calculate best type for var: r15v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r15v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Failed to calculate best type for var: r16v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r16v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
    	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 15, insn: 0x016f: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r15 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:140:0x016f */
    /* JADX WARN: Not initialized variable reg: 16, insn: 0x0174: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r16 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:142:0x0174 */
    /* JADX WARN: Type inference failed for: r15v0, types: [org.apache.http.client.methods.CloseableHttpResponse] */
    /* JADX WARN: Type inference failed for: r16v0, types: [java.lang.Throwable] */
    private static AuthConfig getAuthConfigFromEC2InstanceRole(KitLogger kitLogger) throws IOException {
        ?? r15;
        ?? r16;
        kitLogger.debug("No user and password set for ECR, checking EC2 instance role", new Object[0]);
        CloseableHttpClient build = HttpClients.custom().useSystemProperties().build();
        Throwable th = null;
        try {
            try {
                RequestConfig build2 = RequestConfig.custom().setConnectionRequestTimeout(1000).setConnectTimeout(1000).setSocketTimeout(1000).build();
                HttpGet httpGet = new HttpGet("http://169.254.169.254/latest/meta-data/iam/security-credentials");
                httpGet.setConfig(build2);
                CloseableHttpResponse execute = build.execute(httpGet);
                Throwable th2 = null;
                if (execute.getStatusLine().getStatusCode() != 200) {
                    kitLogger.debug("No instance role found, return code was %d", new Object[]{Integer.valueOf(execute.getStatusLine().getStatusCode())});
                    return null;
                }
                InputStream content = execute.getEntity().getContent();
                Throwable th3 = null;
                try {
                    try {
                        String iOUtils = IOUtils.toString(content, StandardCharsets.UTF_8);
                        if (content != null) {
                            if (0 != 0) {
                                try {
                                    content.close();
                                } catch (Throwable th4) {
                                    th3.addSuppressed(th4);
                                }
                            } else {
                                content.close();
                            }
                        }
                        if (execute != null) {
                            if (0 != 0) {
                                try {
                                    execute.close();
                                } catch (Throwable th5) {
                                    th2.addSuppressed(th5);
                                }
                            } else {
                                execute.close();
                            }
                        }
                        try {
                            kitLogger.debug("Found instance role %s, getting temporary security credentials", new Object[]{iOUtils});
                            HttpGet httpGet2 = new HttpGet("http://169.254.169.254/latest/meta-data/iam/security-credentials/" + UrlEscapers.urlPathSegmentEscaper().escape(iOUtils));
                            httpGet2.setConfig(build2);
                            CloseableHttpResponse execute2 = build.execute(httpGet2);
                            Throwable th6 = null;
                            if (execute2.getStatusLine().getStatusCode() != 200) {
                                kitLogger.debug("No security credential found, return code was %d", new Object[]{Integer.valueOf(execute2.getStatusLine().getStatusCode())});
                                if (execute2 != null) {
                                    if (0 != 0) {
                                        try {
                                            execute2.close();
                                        } catch (Throwable th7) {
                                            th6.addSuppressed(th7);
                                        }
                                    } else {
                                        execute2.close();
                                    }
                                }
                                if (build != null) {
                                    if (0 != 0) {
                                        try {
                                            build.close();
                                        } catch (Throwable th8) {
                                            th.addSuppressed(th8);
                                        }
                                    } else {
                                        build.close();
                                    }
                                }
                                return null;
                            }
                            Map map = (Map) Serialization.unmarshal(execute2.getEntity().getContent(), new TypeReference<Map<String, Object>>() { // from class: org.eclipse.jkube.kit.build.service.docker.auth.DockerAuthConfigFactory.1
                            });
                            String obj = map.getOrDefault("AccessKeyId", "").toString();
                            String obj2 = map.getOrDefault("SecretAccessKey", "").toString();
                            String obj3 = map.getOrDefault("Token", "").toString();
                            kitLogger.debug("Received temporary access key %s...", new Object[]{obj.substring(0, 8)});
                            AuthConfig authConfig = new AuthConfig(obj, obj2, "none", obj3);
                            if (execute2 != null) {
                                if (0 != 0) {
                                    try {
                                        execute2.close();
                                    } catch (Throwable th9) {
                                        th6.addSuppressed(th9);
                                    }
                                } else {
                                    execute2.close();
                                }
                            }
                            if (build != null) {
                                if (0 != 0) {
                                    try {
                                        build.close();
                                    } catch (Throwable th10) {
                                        th.addSuppressed(th10);
                                    }
                                } else {
                                    build.close();
                                }
                            }
                            return authConfig;
                        } finally {
                            if (execute != null) {
                                if (0 != 0) {
                                    try {
                                        execute.close();
                                    } catch (Throwable th11) {
                                        th2.addSuppressed(th11);
                                    }
                                } else {
                                    execute.close();
                                }
                            }
                        }
                    } finally {
                    }
                } catch (Throwable th12) {
                    if (content != null) {
                        if (th3 != null) {
                            try {
                                content.close();
                            } catch (Throwable th13) {
                                th3.addSuppressed(th13);
                            }
                        } else {
                            content.close();
                        }
                    }
                    throw th12;
                }
            } catch (Throwable th14) {
                if (r15 != 0) {
                    if (r16 != 0) {
                        try {
                            r15.close();
                        } catch (Throwable th15) {
                            r16.addSuppressed(th15);
                        }
                    } else {
                        r15.close();
                    }
                }
                throw th14;
            }
        } finally {
            if (build != null) {
                if (0 != 0) {
                    try {
                        build.close();
                    } catch (Throwable th16) {
                        th.addSuppressed(th16);
                    }
                } else {
                    build.close();
                }
            }
        }
    }

    protected static AuthConfig getAuthConfigFromSystemProperties(LookupMode lookupMode, UnaryOperator<String> unaryOperator) throws IOException {
        String asSysProperty = lookupMode.asSysProperty(AUTH_PASSWORD);
        String property = System.getProperty(lookupMode.asSysProperty(AUTH_USERNAME));
        String property2 = System.getProperty(asSysProperty);
        if (StringUtils.isNotBlank(property) && StringUtils.isBlank(property2)) {
            throw new IOException("No " + asSysProperty + " provided for username " + property);
        }
        if (StringUtils.isNotBlank(property) && StringUtils.isNotBlank(property2)) {
            return new AuthConfig(property, (String) unaryOperator.apply(property2), System.getProperty(lookupMode.asSysProperty(AUTH_EMAIL)), System.getProperty(lookupMode.asSysProperty(AUTH_AUTHTOKEN)));
        }
        return null;
    }

    protected static AuthConfig getAuthConfigFromOpenShiftConfig(LookupMode lookupMode, Map map) {
        String asSysProperty = lookupMode.asSysProperty(AUTH_USE_OPENSHIFT_AUTH);
        String property = System.getProperty(asSysProperty);
        if (StringUtils.isNotBlank(property)) {
            if (Boolean.parseBoolean(property)) {
                return validateMandatoryOpenShiftLogin(KubernetesConfigAuthUtil.readKubeConfigAuth(), asSysProperty);
            }
            return null;
        }
        Map<String, String> authConfigMapToCheck = getAuthConfigMapToCheck(lookupMode, map);
        if (authConfigMapToCheck != null && authConfigMapToCheck.containsKey(AUTH_USE_OPENSHIFT_AUTH) && Boolean.parseBoolean(authConfigMapToCheck.get(AUTH_USE_OPENSHIFT_AUTH))) {
            return validateMandatoryOpenShiftLogin(KubernetesConfigAuthUtil.readKubeConfigAuth(), asSysProperty);
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    protected static AuthConfig getAuthConfigFromPluginConfiguration(LookupMode lookupMode, Map<String, ?> map, UnaryOperator<String> unaryOperator) {
        Map<String, String> authConfigMapToCheck = getAuthConfigMapToCheck(lookupMode, map);
        if (authConfigMapToCheck == null || !authConfigMapToCheck.containsKey(AUTH_USERNAME)) {
            return null;
        }
        if (!authConfigMapToCheck.containsKey(AUTH_PASSWORD)) {
            throw new IllegalStateException("No 'password' given while using <authConfig> in configuration for mode " + lookupMode);
        }
        HashMap hashMap = new HashMap(authConfigMapToCheck);
        hashMap.put(AUTH_PASSWORD, unaryOperator.apply(hashMap.get(AUTH_PASSWORD)));
        return AuthConfig.fromMap(hashMap);
    }

    protected static AuthConfig getAuthConfigFromSettings(List<RegistryServerConfiguration> list, String str, String str2, UnaryOperator<String> unaryOperator) {
        RegistryServerConfiguration registryServerConfiguration = null;
        for (RegistryServerConfiguration registryServerConfiguration2 : list) {
            String id = registryServerConfiguration2.getId();
            if (registryServerConfiguration == null) {
                registryServerConfiguration = checkForServer(registryServerConfiguration2, id, str2, null);
            }
            RegistryServerConfiguration checkForServer = checkForServer(registryServerConfiguration2, id, str2, str);
            if (checkForServer != null) {
                return createAuthConfigFromServer(checkForServer, unaryOperator);
            }
        }
        if (registryServerConfiguration != null) {
            return createAuthConfigFromServer(registryServerConfiguration, unaryOperator);
        }
        return null;
    }

    protected static AuthConfig getAuthConfigFromDockerConfig(String str, KitLogger kitLogger) throws IOException {
        Map readDockerConfig = DockerFileUtil.readDockerConfig();
        if (readDockerConfig == null) {
            return null;
        }
        String str2 = str != null ? str : DOCKER_LOGIN_DEFAULT_REGISTRY;
        if (readDockerConfig.containsKey("credHelpers")) {
            Map map = (Map) readDockerConfig.get("credHelpers");
            if (map.containsKey(str2)) {
                return extractAuthConfigFromCredentialsHelper(str2, map.get(str2).toString(), kitLogger);
            }
        }
        if (readDockerConfig.containsKey("credsStore")) {
            return extractAuthConfigFromCredentialsHelper(str2, readDockerConfig.get("credsStore").toString(), kitLogger);
        }
        if (readDockerConfig.containsKey("auths")) {
            return extractAuthConfigFromAuths(str2, (Map) readDockerConfig.get("auths"));
        }
        return null;
    }

    private static AuthConfig extractAuthConfigFromAuths(String str, Map<String, Object> map) {
        Map<String, Object> credentialsNode = getCredentialsNode(map, str);
        if (credentialsNode == null || !credentialsNode.containsKey("auth")) {
            return null;
        }
        return AuthConfig.fromCredentialsEncoded(credentialsNode.get("auth").toString(), credentialsNode.containsKey(AUTH_EMAIL) ? credentialsNode.get(AUTH_EMAIL).toString() : null);
    }

    private static AuthConfig extractAuthConfigFromCredentialsHelper(String str, String str2, KitLogger kitLogger) throws IOException {
        CredentialHelperClient credentialHelperClient = new CredentialHelperClient(kitLogger, str2);
        String version = credentialHelperClient.getVersion();
        Object[] objArr = new Object[2];
        objArr[0] = credentialHelperClient.getName();
        objArr[1] = version != null ? " version " + version : "";
        kitLogger.debug("AuthConfig: credentials from credential helper/store %s%s", objArr);
        return credentialHelperClient.getAuthConfig(str);
    }

    private static Map<String, Object> getCredentialsNode(Map<String, Object> map, String str) {
        if (map.containsKey(str)) {
            return (Map) map.get(str);
        }
        String ensureRegistryHttpUrl = EnvUtil.ensureRegistryHttpUrl(str);
        return map.containsKey(ensureRegistryHttpUrl) ? (Map) map.get(ensureRegistryHttpUrl) : Collections.emptyMap();
    }

    private static AuthConfig getAuthConfigFromTaskRole(AwsSdkHelper awsSdkHelper, KitLogger kitLogger) throws IOException {
        kitLogger.debug("No user and password set for ECR, checking ECS Task role", new Object[0]);
        URI metadataEndpointForCredentials = getMetadataEndpointForCredentials(awsSdkHelper, kitLogger);
        if (metadataEndpointForCredentials == null) {
            return null;
        }
        kitLogger.debug("Getting temporary security credentials from: %s", new Object[]{metadataEndpointForCredentials});
        CloseableHttpClient build = HttpClients.custom().useSystemProperties().build();
        Throwable th = null;
        try {
            try {
                RequestConfig build2 = RequestConfig.custom().setConnectionRequestTimeout(1000).setConnectTimeout(1000).setSocketTimeout(1000).build();
                HttpGet httpGet = new HttpGet(metadataEndpointForCredentials);
                httpGet.setConfig(build2);
                AuthConfig readAwsCredentials = readAwsCredentials(build, httpGet, kitLogger);
                if (build != null) {
                    if (0 != 0) {
                        try {
                            build.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        build.close();
                    }
                }
                return readAwsCredentials;
            } finally {
            }
        } catch (Throwable th3) {
            if (build != null) {
                if (th != null) {
                    try {
                        build.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    build.close();
                }
            }
            throw th3;
        }
    }

    private static AuthConfig readAwsCredentials(CloseableHttpClient closeableHttpClient, HttpGet httpGet, KitLogger kitLogger) throws IOException {
        CloseableHttpResponse execute = closeableHttpClient.execute(httpGet);
        Throwable th = null;
        try {
            if (execute.getStatusLine().getStatusCode() != 200) {
                kitLogger.debug("No security credential found, return code was %d", new Object[]{Integer.valueOf(execute.getStatusLine().getStatusCode())});
                if (execute != null) {
                    if (0 != 0) {
                        try {
                            execute.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        execute.close();
                    }
                }
                return null;
            }
            Map map = (Map) Serialization.unmarshal(execute.getEntity().getContent(), new TypeReference<Map<String, Object>>() { // from class: org.eclipse.jkube.kit.build.service.docker.auth.DockerAuthConfigFactory.2
            });
            String obj = map.getOrDefault("AccessKeyId", "").toString();
            String obj2 = map.getOrDefault("SecretAccessKey", "").toString();
            String obj3 = map.getOrDefault("Token", "").toString();
            kitLogger.debug("Received temporary access key %s...", new Object[]{obj.substring(0, 8)});
            AuthConfig build = AuthConfig.builder().username(obj).password(obj2).email("none").auth(obj3).build();
            if (execute != null) {
                if (0 != 0) {
                    try {
                        execute.close();
                    } catch (Throwable th3) {
                        th.addSuppressed(th3);
                    }
                } else {
                    execute.close();
                }
            }
            return build;
        } catch (Throwable th4) {
            if (execute != null) {
                if (0 != 0) {
                    try {
                        execute.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    execute.close();
                }
            }
            throw th4;
        }
    }

    private static URI getMetadataEndpointForCredentials(AwsSdkHelper awsSdkHelper, KitLogger kitLogger) {
        String awsContainerCredentialsRelativeUri = awsSdkHelper.getAwsContainerCredentialsRelativeUri();
        if (awsContainerCredentialsRelativeUri == null) {
            kitLogger.debug("System environment not set for variable AWS_CONTAINER_CREDENTIALS_RELATIVE_URI, no task role found", new Object[0]);
            return null;
        }
        if (awsContainerCredentialsRelativeUri.charAt(0) != '/') {
            awsContainerCredentialsRelativeUri = "/" + awsContainerCredentialsRelativeUri;
        }
        try {
            return new URI(awsSdkHelper.getEcsMetadataEndpoint() + awsContainerCredentialsRelativeUri);
        } catch (URISyntaxException e) {
            kitLogger.warn("Failed to construct path to ECS metadata endpoint for credentials", new Object[]{e});
            return null;
        }
    }

    private static AuthConfig getAuthConfigViaAwsSdk(AwsSdkHelper awsSdkHelper, KitLogger kitLogger) {
        if (awsSdkHelper.isDefaultAWSCredentialsProviderChainPresentInClassPath()) {
            return new AwsSdkAuthConfigFactory(kitLogger, awsSdkHelper).createAuthConfig();
        }
        kitLogger.info("It appears that you're using AWS ECR. Consider integrating the AWS SDK in order to make use of common AWS authentication mechanisms, see https://www.eclipse.dev/jkube/docs/kubernetes-maven-plugin#extended-authentication", new Object[0]);
        return null;
    }

    private static AuthConfig getAuthConfigFromAwsEnvironmentVariables(AwsSdkHelper awsSdkHelper, KitLogger kitLogger) {
        String awsAccessKeyIdEnvVar = awsSdkHelper.getAwsAccessKeyIdEnvVar();
        if (awsAccessKeyIdEnvVar == null) {
            kitLogger.debug("System environment not set for variable AWS_ACCESS_KEY_ID, no AWS credentials found", new Object[0]);
            return null;
        }
        String awsSecretAccessKeyEnvVar = awsSdkHelper.getAwsSecretAccessKeyEnvVar();
        if (awsSecretAccessKeyEnvVar != null) {
            return AuthConfig.builder().username(awsAccessKeyIdEnvVar).password(awsSecretAccessKeyEnvVar).email("none").auth(awsSdkHelper.getAwsSessionTokenEnvVar()).build();
        }
        kitLogger.warn("System environment set for variable AWS_ACCESS_KEY_ID, but NOT for variable AWS_SECRET_ACCESS_KEY!", new Object[0]);
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private static Map<String, String> getAuthConfigMapToCheck(LookupMode lookupMode, Map<?, ?> map) {
        String configMapKey = lookupMode.getConfigMapKey();
        if (configMapKey == null) {
            return map;
        }
        if (map != 0) {
            return (Map) map.get(configMapKey);
        }
        return null;
    }

    private static AuthConfig validateMandatoryOpenShiftLogin(AuthConfig authConfig, String str) {
        if (authConfig != null) {
            return authConfig;
        }
        String str2 = System.getenv("KUBECONFIG");
        Object[] objArr = new Object[2];
        objArr[0] = str;
        objArr[1] = str2 != null ? str2 : "~/.kube/config";
        throw new IllegalStateException(String.format("System property %s set, but not active user and/or token found in %s. Please use 'oc login' for connecting to OpenShift.", objArr));
    }

    private static RegistryServerConfiguration checkForServer(RegistryServerConfiguration registryServerConfiguration, String str, String str2, String str3) {
        for (String str4 : str2 != null ? new String[]{str2} : DEFAULT_REGISTRIES) {
            if (str.equals(str3 == null ? str4 : str4 + "/" + str3)) {
                return registryServerConfiguration;
            }
        }
        return null;
    }

    private static AuthConfig createAuthConfigFromServer(RegistryServerConfiguration registryServerConfiguration, UnaryOperator<String> unaryOperator) {
        return new AuthConfig(registryServerConfiguration.getUsername(), (String) unaryOperator.apply(registryServerConfiguration.getPassword()), extractFromServerConfiguration(registryServerConfiguration.getConfiguration(), AUTH_EMAIL), extractFromServerConfiguration(registryServerConfiguration.getConfiguration(), "auth"));
    }

    private static String extractFromServerConfiguration(Map<String, Object> map, String str) {
        if (map == null || !map.containsKey(str)) {
            return null;
        }
        return map.get(str).toString();
    }

    private static LookupMode getLookupMode(boolean z) {
        return z ? LookupMode.PUSH : LookupMode.PULL;
    }
}
