package com.netflix.spinnaker.clouddriver.kubernetes.v1.security;

import com.google.common.collect.Lists;
import com.netflix.servo.util.VisibleForTesting;
import com.netflix.spectator.api.Registry;
import com.netflix.spinnaker.clouddriver.docker.registry.security.DockerRegistryNamedAccountCredentials;
import com.netflix.spinnaker.clouddriver.kubernetes.config.LinkedDockerRegistryConfiguration;
import com.netflix.spinnaker.clouddriver.kubernetes.security.KubernetesApiClientConfig;
import com.netflix.spinnaker.clouddriver.kubernetes.security.KubernetesCredentials;
import com.netflix.spinnaker.clouddriver.kubernetes.v1.api.KubernetesApiAdaptor;
import com.netflix.spinnaker.clouddriver.kubernetes.v1.api.KubernetesClientApiAdapter;
import com.netflix.spinnaker.clouddriver.security.AccountCredentialsRepository;
import io.fabric8.kubernetes.api.model.NamespaceBuilder;
import io.fabric8.kubernetes.api.model.Secret;
import io.fabric8.kubernetes.api.model.SecretBuilder;
import io.fabric8.kubernetes.client.Config;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.Base64;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.validation.ConstraintViolationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/netflix/spinnaker/clouddriver/kubernetes/v1/security/KubernetesV1Credentials.class */
public class KubernetesV1Credentials implements KubernetesCredentials {
    private final KubernetesApiAdaptor apiAdaptor;
    private KubernetesClientApiAdapter apiClientAdaptor;
    private final List<String> namespaces;
    private final List<String> omitNamespaces;
    private final List<LinkedDockerRegistryConfiguration> dockerRegistries;
    private final Logger LOG;
    private final AccountCredentialsRepository repository;
    private final boolean configureImagePullSecrets;
    private List<String> oldNamespaces;
    private final HashMap<String, Set<String>> imagePullSecrets = new HashMap<>();
    private final HashSet<String> dynamicRegistries = new HashSet<>();

    public KubernetesV1Credentials(String str, String str2, String str3, String str4, String str5, String str6, Boolean bool, boolean z, List<String> list, List<String> list2, List<LinkedDockerRegistryConfiguration> list3, Registry registry, AccountCredentialsRepository accountCredentialsRepository) {
        if (list3 == null || list3.size() == 0) {
            throw new IllegalArgumentException("Docker registries for Kubernetes account " + str + " are required.");
        }
        Config parse = KubernetesConfigParser.parse(str2, str3, str4, str5, list, bool);
        parse.setUserAgent(str6);
        KubernetesApiClientConfig kubernetesApiClientConfig = new KubernetesApiClientConfig(str2, str3, str4, str5, str6, bool);
        this.apiAdaptor = new KubernetesApiAdaptor(str, parse, registry);
        this.apiClientAdaptor = new KubernetesClientApiAdapter(str, kubernetesApiClientConfig, registry);
        this.namespaces = list != null ? list : new ArrayList<>();
        this.omitNamespaces = list2 != null ? list2 : new ArrayList<>();
        this.dockerRegistries = list3;
        this.repository = accountCredentialsRepository;
        this.LOG = LoggerFactory.getLogger(KubernetesV1Credentials.class);
        this.configureImagePullSecrets = z;
        configureDockerRegistries();
    }

    @VisibleForTesting
    private KubernetesV1Credentials(KubernetesApiAdaptor kubernetesApiAdaptor, List<String> list, List<String> list2, List<LinkedDockerRegistryConfiguration> list3, AccountCredentialsRepository accountCredentialsRepository) {
        this.apiAdaptor = kubernetesApiAdaptor;
        this.namespaces = list != null ? list : new ArrayList<>();
        this.omitNamespaces = list2 != null ? list2 : new ArrayList<>();
        this.dockerRegistries = list3;
        this.repository = accountCredentialsRepository;
        this.LOG = LoggerFactory.getLogger(KubernetesV1Credentials.class);
        this.configureImagePullSecrets = true;
        configureDockerRegistries();
    }

    private void configureDockerRegistries() {
        this.oldNamespaces = this.namespaces;
        for (LinkedDockerRegistryConfiguration linkedDockerRegistryConfiguration : this.dockerRegistries) {
            if (linkedDockerRegistryConfiguration.getNamespaces() == null || linkedDockerRegistryConfiguration.getNamespaces().isEmpty()) {
                this.dynamicRegistries.add(linkedDockerRegistryConfiguration.getAccountName());
            }
        }
        try {
            reconfigureRegistries(!this.namespaces.isEmpty() ? this.namespaces : this.apiAdaptor.getNamespacesByName());
        } catch (Exception e) {
            this.LOG.warn("Could not determine kubernetes namespaces. Will try again later.", e);
        }
    }

    @Override // com.netflix.spinnaker.clouddriver.kubernetes.security.KubernetesCredentials
    public List<String> getDeclaredNamespaces() {
        if (this.namespaces != null && !this.namespaces.isEmpty()) {
            ArrayList arrayList = new ArrayList(this.namespaces);
            arrayList.removeAll(new ArrayList(this.imagePullSecrets.keySet()));
            reconfigureRegistries(arrayList);
            return this.namespaces;
        }
        try {
            List<String> namespacesByName = this.apiAdaptor.getNamespacesByName();
            namespacesByName.removeAll(this.omitNamespaces);
            ArrayList arrayList2 = new ArrayList(namespacesByName);
            namespacesByName.removeAll(this.oldNamespaces);
            reconfigureRegistries(arrayList2);
            this.oldNamespaces = arrayList2;
            return arrayList2;
        } catch (Exception e) {
            this.LOG.warn("Could not determine kubernetes namespaces. Will try again later.", e);
            return Lists.newArrayList();
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void reconfigureRegistries(List<String> list) {
        List<String> arrayList = new ArrayList(list);
        if (this.configureImagePullSecrets) {
            for (int i = 0; i < this.dockerRegistries.size(); i++) {
                LinkedDockerRegistryConfiguration linkedDockerRegistryConfiguration = this.dockerRegistries.get(i);
                List namespaces = linkedDockerRegistryConfiguration.getNamespaces();
                if (this.dynamicRegistries.contains(linkedDockerRegistryConfiguration.getAccountName())) {
                    linkedDockerRegistryConfiguration.setNamespaces(list);
                } else {
                    arrayList = namespaces;
                }
                if (arrayList != null && !arrayList.isEmpty()) {
                    this.LOG.debug("Adding secrets for docker registry {} in {}", linkedDockerRegistryConfiguration.getAccountName(), arrayList);
                }
                DockerRegistryNamedAccountCredentials one = this.repository.getOne(linkedDockerRegistryConfiguration.getAccountName());
                if (one == null) {
                    this.LOG.warn("The account " + linkedDockerRegistryConfiguration.getAccountName() + " was not yet loaded inside Clouddriver. If you are seeing this message repeatedly, it likely cannot be loaded.");
                } else {
                    for (String str : arrayList) {
                        if (this.apiAdaptor.getNamespace(str) == null) {
                            this.apiAdaptor.createNamespace(((NamespaceBuilder) new NamespaceBuilder().withNewMetadata().withName(str).endMetadata()).build());
                        }
                        SecretBuilder secretBuilder = new SecretBuilder();
                        String accountName = linkedDockerRegistryConfiguration.getAccountName();
                        SecretBuilder secretBuilder2 = (SecretBuilder) secretBuilder.withNewMetadata().withName(accountName).withNamespace(str).endMetadata();
                        HashMap hashMap = new HashMap(1);
                        try {
                            hashMap.put(".dockercfg", new String(Base64.getEncoder().encode(String.format("{ \"%s\": { \"auth\": \"%s\", \"email\": \"%s\" } }", one.getAddress(), one.getBasicAuth(), one.getEmail()).getBytes("UTF-8")), "UTF-8"));
                            SecretBuilder withType = secretBuilder2.withData(hashMap).withType("kubernetes.io/dockercfg");
                            try {
                                Secret build = withType.build();
                                Secret secret = this.apiAdaptor.getSecret(str, accountName);
                                if (secret == null) {
                                    this.apiAdaptor.createSecret(str, withType.build());
                                } else if (secret.getData().equals(build.getData())) {
                                    this.LOG.debug("Skipping creation of duplicate secret " + accountName + " in namespace " + str);
                                } else {
                                    this.apiAdaptor.editSecret(str, accountName).addToData(build.getData()).done();
                                }
                                Set<String> set = this.imagePullSecrets.get(str);
                                Set<String> hashSet = set != null ? set : new HashSet<>();
                                hashSet.add(accountName);
                                this.imagePullSecrets.put(str, hashSet);
                            } catch (ConstraintViolationException e) {
                                throw new IllegalStateException("Unable to build secret: " + e.getMessage() + " due to violations " + e.getConstraintViolations(), e);
                            }
                        } catch (UnsupportedEncodingException e2) {
                            throw new IllegalStateException("Unable to encode docker config ", e2);
                        }
                    }
                }
            }
        }
    }

    public KubernetesApiAdaptor getApiAdaptor() {
        return this.apiAdaptor;
    }

    public KubernetesClientApiAdapter getClientApiAdaptor() {
        return this.apiClientAdaptor;
    }

    public List<LinkedDockerRegistryConfiguration> getDockerRegistries() {
        return this.dockerRegistries;
    }

    public Map<String, Set<String>> getImagePullSecrets() {
        return this.imagePullSecrets;
    }

    public Boolean isRegisteredNamespace(String str) {
        return Boolean.valueOf(getDeclaredNamespaces().contains(str));
    }

    public Boolean isRegisteredImagePullSecret(String str, String str2) {
        Set<String> set = this.imagePullSecrets.get(str2);
        if (set == null) {
            return false;
        }
        return Boolean.valueOf(set.contains(str));
    }
}
