package cn.com.duiba.miria.repository.kubernetes;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
import io.fabric8.kubernetes.api.model.AuthInfo;
import io.fabric8.kubernetes.api.model.Cluster;
import io.fabric8.kubernetes.api.model.Context;
import io.fabric8.kubernetes.api.model.NamedContext;
import io.fabric8.kubernetes.client.Config;
import io.fabric8.kubernetes.client.internal.KubeConfigUtils;
import java.io.File;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.util.List;

/* loaded from: input_file:cn/com/duiba/miria/repository/kubernetes/KubernetesConfigParser.class */
class KubernetesConfigParser {
    KubernetesConfigParser() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Config parse(String str, String str2, String str3, String str4, List<String> list, Boolean bool) {
        return bool.booleanValue() ? withServiceAccount() : withKubeConfig(str, str2, str3, str4, list);
    }

    static Config withServiceAccount() {
        Config autoConfigure = Config.autoConfigure((String) null);
        if (!Files.isRegularFile(new File("/var/run/secrets/kubernetes.io/serviceaccount/ca.crt").toPath(), new LinkOption[0])) {
            throw new IllegalStateException("Could not find CA cert for service account at $Config.KUBERNETES_SERVICE_ACCOUNT_CA_CRT_PATH");
        }
        autoConfigure.setCaCertFile("/var/run/secrets/kubernetes.io/serviceaccount/ca.crt");
        try {
            String str = new String(Files.readAllBytes(new File("/var/run/secrets/kubernetes.io/serviceaccount/token").toPath()));
            if (str == null) {
                throw new IllegalStateException("Did not find service account token at $Config.KUBERNETES_SERVICE_ACCOUNT_TOKEN_PATH");
            }
            autoConfigure.setOauthToken(str);
            autoConfigure.getErrorMessages().put(401, "Unauthorized! Configured service account doesn't have access. Service account may have been revoked.");
            autoConfigure.getErrorMessages().put(403, "Forbidden! Configured service account doesn't have access. Service account may have been revoked.");
            return autoConfigure;
        } catch (IOException e) {
            throw new IllegalStateException("Could not read service account token at $Config.KUBERNETES_SERVICE_ACCOUNT_TOKEN_PATH", e);
        }
    }

    static Config withKubeConfig(String str, String str2, String str3, String str4, List<String> list) {
        try {
            io.fabric8.kubernetes.api.model.Config parseConfig = parseConfig(str);
            Config autoConfigure = Config.autoConfigure((String) null);
            String currentContext = str2 != null ? str2 : parseConfig.getCurrentContext();
            Context context = null;
            for (NamedContext namedContext : parseConfig.getContexts()) {
                if (namedContext.getName().equals(currentContext)) {
                    context = namedContext.getContext();
                }
            }
            if (str2 == null && context == null) {
                throw new IllegalArgumentException("Context $context was not found in $kubeconfigFile".toString());
            }
            if (str4 != null) {
                context.setUser(str4);
            }
            if (str3 != null) {
                context.setCluster(str3);
            }
            if (list != null && list.size() > 0) {
                context.setNamespace(list.get(0));
            } else if (context.getNamespace() == null) {
                context.setNamespace("default");
            }
            Cluster cluster = KubeConfigUtils.getCluster(parseConfig, context);
            autoConfigure.setApiVersion("v1");
            if (cluster != null) {
                if (!cluster.getServer().endsWith("/")) {
                    autoConfigure.setMasterUrl(cluster.getServer() + "/");
                }
                autoConfigure.setNamespace(context.getNamespace());
                autoConfigure.setTrustCerts(cluster.getInsecureSkipTlsVerify() != null && cluster.getInsecureSkipTlsVerify().booleanValue());
                autoConfigure.setCaCertFile(cluster.getCertificateAuthority());
                autoConfigure.setCaCertData(cluster.getCertificateAuthorityData());
                AuthInfo userAuthInfo = KubeConfigUtils.getUserAuthInfo(parseConfig, context);
                if (userAuthInfo != null) {
                    autoConfigure.setClientCertFile(userAuthInfo.getClientCertificate());
                    autoConfigure.setClientCertData(userAuthInfo.getClientCertificateData());
                    autoConfigure.setClientKeyFile(userAuthInfo.getClientKey());
                    autoConfigure.setClientKeyData(userAuthInfo.getClientKeyData());
                    autoConfigure.setOauthToken(userAuthInfo.getToken());
                    autoConfigure.setUsername(userAuthInfo.getUsername());
                    autoConfigure.setPassword(userAuthInfo.getPassword());
                    autoConfigure.getErrorMessages().put(401, "Unauthorized! Token may have expired! Please log-in again.");
                    autoConfigure.getErrorMessages().put(403, "Forbidden! User ${currentContext.user} doesn't have permission.".toString());
                }
            }
            return autoConfigure;
        } catch (IOException e) {
            throw new IllegalStateException("Parse config" + str + "failed");
        }
    }

    private static io.fabric8.kubernetes.api.model.Config parseConfig(String str) throws IOException {
        return (io.fabric8.kubernetes.api.model.Config) new ObjectMapper(new YAMLFactory()).readValue(str, io.fabric8.kubernetes.api.model.Config.class);
    }
}
