package com.nirima.jenkins.plugins.docker.client;

import com.cloudbees.plugins.credentials.Credentials;
import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.common.CertificateCredentials;
import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials;
import com.github.dockerjava.api.DockerClient;
import com.github.dockerjava.core.DefaultDockerClientConfig;
import com.github.dockerjava.core.DockerClientConfig;
import com.github.dockerjava.core.KeystoreSSLConfig;
import com.github.dockerjava.core.LocalDirectorySSLConfig;
import com.github.dockerjava.core.SSLConfig;
import com.github.dockerjava.core.util.CertificateUtils;
import com.nirima.jenkins.plugins.docker.DockerCloud;
import com.nirima.jenkins.plugins.docker.utils.DockerDirectoryCredentials;
import hudson.security.ACL;
import java.io.IOException;
import java.net.URI;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.spec.InvalidKeySpecException;
import java.util.Collections;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.annotation.Nullable;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import jenkins.model.Jenkins;
import org.apache.commons.lang.StringUtils;
import org.jenkinsci.plugins.docker.commons.credentials.DockerServerCredentials;

/* loaded from: input_file:com/nirima/jenkins/plugins/docker/client/ClientConfigBuilderForPlugin.class */
public class ClientConfigBuilderForPlugin {
    private static final Logger LOGGER = Logger.getLogger(ClientConfigBuilderForPlugin.class.getName());
    private DefaultDockerClientConfig.Builder config = DefaultDockerClientConfig.createDefaultConfigBuilder();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/nirima/jenkins/plugins/docker/client/ClientConfigBuilderForPlugin$DockerServerCredentialsSSLConfig.class */
    public static class DockerServerCredentialsSSLConfig implements SSLConfig {
        private final DockerServerCredentials c;

        public DockerServerCredentialsSSLConfig(DockerServerCredentials dockerServerCredentials) {
            this.c = dockerServerCredentials;
        }

        public SSLContext getSSLContext() throws KeyManagementException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException {
            try {
                KeyStore createKeyStore = CertificateUtils.createKeyStore(this.c.getClientKey(), this.c.getClientCertificate());
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                keyManagerFactory.init(createKeyStore, "docker".toCharArray());
                KeyStore createTrustStore = CertificateUtils.createTrustStore(this.c.getServerCaCertificate());
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(createTrustStore);
                SSLContext sSLContext = SSLContext.getInstance("TLS");
                sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
                return sSLContext;
            } catch (IOException | CertificateException | InvalidKeySpecException e) {
                throw new KeyStoreException("Can't build keystore from provided client key/certificate", e);
            }
        }
    }

    private ClientConfigBuilderForPlugin() {
    }

    public static ClientConfigBuilderForPlugin dockerClientConfig() {
        return new ClientConfigBuilderForPlugin();
    }

    public ClientConfigBuilderForPlugin forCloud(DockerCloud dockerCloud) {
        LOGGER.log(Level.FINE, "Building connection to docker host \"{0}\" at: {1}", new Object[]{dockerCloud.getDisplayName(), dockerCloud.getDockerHost().getUri()});
        forServer(dockerCloud.getDockerHost().getUri(), dockerCloud.version);
        return withCredentials(dockerCloud.getDockerHost().getCredentialsId());
    }

    public ClientConfigBuilderForPlugin forServer(String str, @Nullable String str2) {
        this.config.withDockerHost(URI.create(str).toString()).withApiVersion(str2);
        return this;
    }

    public ClientConfigBuilderForPlugin withCredentials(String str) {
        if (StringUtils.isNotBlank(str)) {
            DockerServerCredentials lookupSystemCredentials = lookupSystemCredentials(str);
            if (lookupSystemCredentials instanceof DockerServerCredentials) {
                this.config.withCustomSslConfig(new DockerServerCredentialsSSLConfig(lookupSystemCredentials));
            } else if (lookupSystemCredentials instanceof CertificateCredentials) {
                CertificateCredentials certificateCredentials = (CertificateCredentials) lookupSystemCredentials;
                this.config.withCustomSslConfig(new KeystoreSSLConfig(certificateCredentials.getKeyStore(), certificateCredentials.getPassword().getPlainText()));
            } else if (lookupSystemCredentials instanceof DockerDirectoryCredentials) {
                this.config.withCustomSslConfig(new LocalDirectorySSLConfig(((DockerDirectoryCredentials) lookupSystemCredentials).getPath()));
            } else if (lookupSystemCredentials instanceof StandardUsernamePasswordCredentials) {
                StandardUsernamePasswordCredentials standardUsernamePasswordCredentials = (StandardUsernamePasswordCredentials) lookupSystemCredentials;
                this.config.withRegistryUsername(standardUsernamePasswordCredentials.getUsername());
                this.config.withRegistryPassword(standardUsernamePasswordCredentials.getPassword().getPlainText());
            }
        }
        return this;
    }

    public DockerClientConfig build() {
        return this.config.build();
    }

    public DockerClient buildClient() {
        return ClientBuilderForPlugin.builder().withDockerClientConfig(build()).build();
    }

    DefaultDockerClientConfig.Builder config() {
        return this.config;
    }

    private static Credentials lookupSystemCredentials(String str) {
        return CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(Credentials.class, Jenkins.getInstance(), ACL.SYSTEM, Collections.emptyList()), CredentialsMatchers.withId(str));
    }
}
