package com.bmuschko.gradle.docker.internal;

import com.bmuschko.gradle.docker.DockerRegistryCredentials;
import com.bmuschko.gradle.docker.shaded.com.fasterxml.jackson.core.JsonProcessingException;
import com.bmuschko.gradle.docker.shaded.com.fasterxml.jackson.databind.ObjectMapper;
import com.bmuschko.gradle.docker.shaded.com.fasterxml.jackson.databind.json.JsonMapper;
import com.bmuschko.gradle.docker.shaded.com.github.dockerjava.api.model.AuthConfig;
import com.bmuschko.gradle.docker.shaded.com.github.dockerjava.api.model.AuthConfigurations;
import com.bmuschko.gradle.docker.shaded.com.github.dockerjava.core.NameParser;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.UncheckedIOException;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.inject.Inject;
import org.gradle.api.logging.Logger;
import org.gradle.api.logging.Logging;
import org.gradle.process.ExecOperations;

/* loaded from: input_file:com/bmuschko/gradle/docker/internal/RegistryAuthLocator.class */
public class RegistryAuthLocator {
    private static final String DOCKER_CONFIG = "DOCKER_CONFIG";
    private static final String USER_HOME = "user.home";
    private static final String DOCKER_DIR = ".docker";
    private static final String CONFIG_JSON = "config.json";
    private static final String AUTH_SECTION = "auths";
    private static final String HELPERS_SECTION = "credHelpers";
    private static final String CREDS_STORE_SECTION = "credsStore";
    private static final String DEFAULT_HELPER_PREFIX = "docker-credential-";
    private Logger logger;
    private final ObjectMapper objectMapper;
    private final File configFile;
    private final String commandPathPrefix;
    private final String helperSuffix;
    private final ExecOperations execOperations;

    /* loaded from: input_file:com/bmuschko/gradle/docker/internal/RegistryAuthLocator$Factory.class */
    public static class Factory {
        private final ExecOperations execOperations;

        @Inject
        public Factory(ExecOperations execOperations) {
            this.execOperations = execOperations;
        }

        RegistryAuthLocator withConfigAndCommandPathPrefix(File file, String str, String str2) {
            return new RegistryAuthLocator(this.execOperations, file, str, str2);
        }

        RegistryAuthLocator withConfig(File file) {
            return new RegistryAuthLocator(this.execOperations, file);
        }

        public RegistryAuthLocator withDefaults() {
            return new RegistryAuthLocator(this.execOperations);
        }
    }

    private RegistryAuthLocator(ExecOperations execOperations, File file, String str, String str2) {
        this.logger = Logging.getLogger(RegistryAuthLocator.class);
        this.objectMapper = JsonMapper.builder().build();
        this.execOperations = execOperations;
        this.configFile = file;
        this.commandPathPrefix = str;
        this.helperSuffix = str2;
    }

    private RegistryAuthLocator(ExecOperations execOperations, File file) {
        this(execOperations, file, DEFAULT_HELPER_PREFIX, "");
    }

    private RegistryAuthLocator(ExecOperations execOperations) {
        this(execOperations, new File(configLocation()), DEFAULT_HELPER_PREFIX, "");
    }

    AuthConfig lookupAuthConfigWithDefaultAuthConfig(String str) {
        return lookupAuthConfigWithAuthConfig(str, new AuthConfig());
    }

    public AuthConfig lookupAuthConfig(String str, DockerRegistryCredentials dockerRegistryCredentials) {
        AuthConfig createAuthConfig = createAuthConfig(dockerRegistryCredentials);
        return isProvidedByBuild(createAuthConfig) ? createAuthConfig : lookupAuthConfigWithAuthConfig(str, createAuthConfig);
    }

    private boolean isProvidedByBuild(AuthConfig authConfig) {
        return (authConfig.getRegistryAddress() == null || authConfig.getUsername() == null || authConfig.getPassword() == null) ? false : true;
    }

    private AuthConfig lookupAuthConfigWithAuthConfig(String str, AuthConfig authConfig) {
        AuthConfig lookupAuthConfigForRegistry = lookupAuthConfigForRegistry(getRegistry(str));
        return lookupAuthConfigForRegistry != null ? lookupAuthConfigForRegistry : authConfig;
    }

    private AuthConfig lookupAuthConfigForRegistry(String str) {
        this.logger.debug("Looking up auth config for registry: " + str);
        this.logger.debug("RegistryAuthLocator has configFile: " + this.configFile.getAbsolutePath() + " (" + (this.configFile.exists() ? "exists" : "does not exist") + ") and commandPathPrefix: " + this.commandPathPrefix);
        if (!this.configFile.isFile()) {
            return null;
        }
        try {
            Map<String, Object> map = (Map) this.objectMapper.readValue(this.configFile, Map.class);
            AuthConfig findExistingAuthConfig = findExistingAuthConfig(map, str);
            if (findExistingAuthConfig != null) {
                return decodeAuth(findExistingAuthConfig);
            }
            AuthConfig authConfigUsingHelper = authConfigUsingHelper(map, str);
            if (authConfigUsingHelper != null) {
                return decodeAuth(authConfigUsingHelper);
            }
            AuthConfig authConfigUsingStore = authConfigUsingStore(map, str);
            if (authConfigUsingStore != null) {
                return decodeAuth(authConfigUsingStore);
            }
            return null;
        } catch (Exception e) {
            this.logger.error("Failure when attempting to lookup auth config (docker registry: {}, configFile: {}). Falling back to docker-java default behaviour", new Object[]{str, this.configFile, e});
            return null;
        }
    }

    public AuthConfigurations lookupAllAuthConfigs() {
        AuthConfigurations authConfigurations = new AuthConfigurations();
        this.logger.debug("RegistryAuthLocator has configFile: " + this.configFile.getAbsolutePath() + " (" + (this.configFile.exists() ? "exists" : "does not exist") + ") and commandPathPrefix: " + this.commandPathPrefix);
        if (!this.configFile.isFile()) {
            return authConfigurations;
        }
        try {
            HashSet hashSet = new HashSet();
            Map map = (Map) this.objectMapper.readValue(this.configFile, Map.class);
            Map map2 = (Map) map.getOrDefault(AUTH_SECTION, new HashMap());
            this.logger.debug("Found registries in docker auths section: {}", map2.keySet());
            hashSet.addAll(map2.keySet());
            Map map3 = (Map) map.getOrDefault(HELPERS_SECTION, new HashMap());
            this.logger.debug("Found registries in docker credHelpers section: {}", map3.keySet());
            hashSet.addAll(map3.keySet());
            Object obj = map.get(CREDS_STORE_SECTION);
            if (obj instanceof String) {
                String str = this.commandPathPrefix + obj + this.helperSuffix;
                this.logger.debug("Executing docker credential helper: {} to locate auth configs", str);
                String runCommand = runCommand(List.of(str, "list"));
                this.logger.debug("Credential helper response: {}", runCommand);
                Map map4 = (Map) parseText(runCommand, Map.class);
                if (map4 != null) {
                    this.logger.debug("Found registries in docker credential helper: {}", map4.keySet());
                    hashSet.addAll(map4.keySet());
                }
            }
            Iterator it = hashSet.iterator();
            while (it.hasNext()) {
                AuthConfig lookupAuthConfigForRegistry = lookupAuthConfigForRegistry((String) it.next());
                if (lookupAuthConfigForRegistry != null) {
                    authConfigurations.addConfig(lookupAuthConfigForRegistry);
                }
            }
        } catch (Exception e) {
            this.logger.error("Failure when attempting to lookup auth config (configFile: {}). Falling back to docker-java default behaviour", this.configFile, e);
        }
        return authConfigurations;
    }

    public AuthConfigurations lookupAllAuthConfigs(DockerRegistryCredentials dockerRegistryCredentials) {
        return lookupAllAuthConfigs(createAuthConfig(dockerRegistryCredentials));
    }

    public AuthConfigurations lookupAllAuthConfigs(AuthConfig authConfig) {
        AuthConfigurations lookupAllAuthConfigs = lookupAllAuthConfigs();
        if (lookupAllAuthConfigs.getConfigs().isEmpty()) {
            lookupAllAuthConfigs.addConfig(authConfig);
        }
        return lookupAllAuthConfigs;
    }

    private AuthConfig createAuthConfig(DockerRegistryCredentials dockerRegistryCredentials) {
        AuthConfig authConfig = new AuthConfig();
        authConfig.withRegistryAddress((String) dockerRegistryCredentials.getUrl().get());
        if (dockerRegistryCredentials.getUsername().isPresent()) {
            authConfig.withUsername((String) dockerRegistryCredentials.getUsername().get());
        }
        if (dockerRegistryCredentials.getPassword().isPresent()) {
            authConfig.withPassword((String) dockerRegistryCredentials.getPassword().get());
        }
        if (dockerRegistryCredentials.getEmail().isPresent()) {
            authConfig.withEmail((String) dockerRegistryCredentials.getEmail().get());
        }
        return authConfig;
    }

    private static String configLocation() {
        return System.getenv().getOrDefault("DOCKER_CONFIG", System.getProperty(USER_HOME) + File.separator + ".docker") + File.separator + "config.json";
    }

    public String getRegistry(String str) {
        return NameParser.resolveRepositoryName(NameParser.parseRepositoryTag(str).repos).hostname;
    }

    private AuthConfig findExistingAuthConfig(Map<String, Object> map, String str) {
        Map.Entry<String, Object> findAuthNode = findAuthNode(map, str);
        if (findAuthNode == null || findAuthNode.getValue() == null || !(findAuthNode.getValue() instanceof Map) || ((Map) findAuthNode.getValue()).size() <= 0) {
            this.logger.debug("No existing AuthConfig found");
            return null;
        }
        try {
            AuthConfig authConfig = (AuthConfig) parseText(this.objectMapper.writeValueAsString(findAuthNode.getValue()), AuthConfig.class);
            if (authConfig == null) {
                return null;
            }
            return authConfig.withRegistryAddress(findAuthNode.getKey());
        } catch (JsonProcessingException e) {
            throw new UncheckedIOException(e);
        }
    }

    private static Map.Entry<String, Object> findAuthNode(Map<String, Object> map, String str) {
        Map map2 = (Map) map.get(AUTH_SECTION);
        if (map2 == null || map2.size() <= 0) {
            return null;
        }
        for (Map.Entry<String, Object> entry : map2.entrySet()) {
            if (entry.getKey().endsWith("://" + str) || entry.getKey().equals(str)) {
                return entry;
            }
        }
        return null;
    }

    private AuthConfig authConfigUsingHelper(Map<String, Object> map, String str) {
        Map map2 = (Map) map.get(HELPERS_SECTION);
        if (map2 != null && map2.size() > 0) {
            Object obj = map2.get(str);
            if (obj instanceof String) {
                return runCredentialProvider(str, (String) obj);
            }
        }
        this.logger.debug("No helper found in the {} section", HELPERS_SECTION);
        return null;
    }

    private AuthConfig runCredentialProvider(String str, String str2) {
        String str3 = this.commandPathPrefix + str2 + this.helperSuffix;
        this.logger.debug("Executing docker credential helper: {} to locate auth config for: {}", str3, str);
        String runCommand = runCommand(List.of(str3, "get"), str);
        this.logger.debug("Credential helper response: {}", runCommand);
        Map map = (Map) parseText(runCommand, Map.class);
        if (map == null) {
            return null;
        }
        this.logger.debug("Credential helper provided auth config for: {}", str);
        return new AuthConfig().withRegistryAddress(map.get("ServerURL") != null ? (String) map.get("ServerURL") : str).withUsername((String) map.get("Username")).withPassword((String) map.get("Secret"));
    }

    private AuthConfig authConfigUsingStore(Map<String, Object> map, String str) {
        Object obj = map.get(CREDS_STORE_SECTION);
        if (obj instanceof String) {
            return runCredentialProvider(str, (String) obj);
        }
        this.logger.debug("No helper found in the {} section", CREDS_STORE_SECTION);
        return null;
    }

    private String runCommand(List<String> list) {
        return runCommand(list, null);
    }

    private String runCommand(List<String> list, String str) {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
            this.execOperations.exec(execSpec -> {
                execSpec.setCommandLine(list);
                execSpec.setStandardOutput(byteArrayOutputStream);
                execSpec.setErrorOutput(byteArrayOutputStream2);
                execSpec.setIgnoreExitValue(true);
                if (str != null) {
                    execSpec.setStandardInput(new ByteArrayInputStream(str.getBytes()));
                }
            });
            if (byteArrayOutputStream2.size() > 0) {
                this.logger.error("{}: {}", list, byteArrayOutputStream2.toString());
            }
            return byteArrayOutputStream.toString();
        } catch (Exception e) {
            this.logger.error("Failure running command ({})", list);
            throw e;
        }
    }

    private static AuthConfig decodeAuth(AuthConfig authConfig) {
        if (authConfig.getAuth() == null) {
            return authConfig;
        }
        String[] split = new String(Base64.getDecoder().decode(authConfig.getAuth()), StandardCharsets.UTF_8).split(":", 2);
        if (split.length != 2) {
            throw new RuntimeException("Invalid auth configuration file");
        }
        authConfig.withUsername(split[0]);
        authConfig.withPassword(split[1]);
        authConfig.withAuth(null);
        return authConfig;
    }

    private <T> T parseText(String str, Class<T> cls) {
        try {
            return (T) this.objectMapper.readValue(str, cls);
        } catch (Exception e) {
            this.logger.debug("Failure parsing the json response {}", str, e);
            return null;
        }
    }

    void setLogger(Logger logger) {
        this.logger = logger;
    }
}
