package org.frankframework.credentialprovider;

import io.fabric8.kubernetes.api.model.Secret;
import io.fabric8.kubernetes.api.model.SecretList;
import io.fabric8.kubernetes.client.Config;
import io.fabric8.kubernetes.client.KubernetesClient;
import io.fabric8.kubernetes.client.KubernetesClientBuilder;
import io.fabric8.kubernetes.client.dsl.NonNamespaceOperation;
import java.util.Base64;
import java.util.Collection;
import java.util.List;
import java.util.NoSuchElementException;
import java.util.Objects;
import java.util.Optional;
import java.util.function.Supplier;
import java.util.logging.Logger;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.frankframework.credentialprovider.util.CredentialConstants;

/* loaded from: input_file:org/frankframework/credentialprovider/KubernetesCredentialFactory.class */
public class KubernetesCredentialFactory implements ICredentialFactory {
    protected static final Logger log = Logger.getLogger(KubernetesCredentialFactory.class.getName());
    public static final String K8_USERNAME = "credentialFactory.kubernetes.username";
    public static final String K8_PASSWORD = "credentialFactory.kubernetes.password";
    public static final String K8_MASTER_URL = "credentialFactory.kubernetes.masterUrl";
    public static final String K8_NAMESPACE_PROPERTY = "credentialFactory.kubernetes.namespace";
    public static final long CREDENTIALS_CACHE_DURATION_MILLIS = 60000;
    protected static final String USERNAME_KEY = "username";
    protected static final String PASSWORD_KEY = "password";
    public static final String DEFAULT_NAMESPACE = "default";
    private KubernetesClient client;
    protected List<Credentials> credentials;
    protected String namespace = DEFAULT_NAMESPACE;
    private long lastFetch = 0;

    public void initialize() {
        CredentialConstants credentialConstants = CredentialConstants.getInstance();
        log.info("Initializing KubernetesCredentialFactory");
        if (this.client == null) {
            this.client = new KubernetesClientBuilder().build();
        }
        this.namespace = credentialConstants.getProperty(K8_NAMESPACE_PROPERTY, (String) Optional.ofNullable(this.client.getNamespace()).orElse(this.namespace));
        String property = credentialConstants.getProperty(K8_USERNAME, (String) null);
        String property2 = credentialConstants.getProperty(K8_PASSWORD, (String) null);
        String property3 = credentialConstants.getProperty(K8_MASTER_URL, (String) null);
        Config configuration = this.client.getConfiguration();
        if (property != null) {
            configuration.setUsername(property);
        }
        if (property2 != null) {
            configuration.setPassword(property2);
        }
        if (property3 != null) {
            configuration.setMasterUrl(property3);
            log.info("Using Kubernetes master URL: " + property3);
        }
        log.info("Fetching secrets from Kubernetes namespace: " + this.namespace);
        this.credentials = getCredentials();
        log.info("Loaded Credential amount from Kubernetes: " + this.credentials.size());
    }

    public boolean hasCredentials(String str) {
        return getConfiguredAliases().contains(str);
    }

    public ICredentials getCredentials(String str, Supplier<String> supplier, Supplier<String> supplier2) {
        return StringUtils.isNotEmpty(str) ? getCredentials().stream().filter(credentials -> {
            return credentials.getAlias() != null;
        }).filter(credentials2 -> {
            return credentials2.getAlias().equalsIgnoreCase(str);
        }).findFirst().orElseThrow(() -> {
            return new NoSuchElementException("cannot obtain credentials from authentication alias [" + str + "]: alias not found");
        }) : new Credentials((String) null, supplier, supplier2);
    }

    public Collection<String> getConfiguredAliases() {
        return (Collection) getCredentials().stream().map((v0) -> {
            return v0.getAlias();
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toList());
    }

    protected synchronized List<Credentials> getCredentials() {
        if (this.lastFetch + CREDENTIALS_CACHE_DURATION_MILLIS > System.currentTimeMillis()) {
            return this.credentials;
        }
        List items = ((SecretList) ((NonNamespaceOperation) this.client.secrets().inNamespace(this.namespace)).list()).getItems();
        this.lastFetch = System.currentTimeMillis();
        if (items.isEmpty()) {
            log.warning("No secrets found in namespace: " + this.namespace);
        }
        this.credentials = (List) items.stream().map(secret -> {
            return new Credentials(secret.getMetadata().getName(), () -> {
                return decodeFromSecret(secret, USERNAME_KEY);
            }, () -> {
                return decodeFromSecret(secret, PASSWORD_KEY);
            });
        }).collect(Collectors.toList());
        return this.credentials;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String decodeFromSecret(Secret secret, String str) {
        String str2 = (String) secret.getData().get(str);
        if (!StringUtils.isEmpty(str2)) {
            return new String(Base64.getDecoder().decode(str2));
        }
        log.info("On Credential with alias [" + secret.getMetadata().getName() + "]: No value found for key: " + str);
        return null;
    }

    public void close() {
        this.client.close();
    }

    void setClient(KubernetesClient kubernetesClient) {
        log.info("Setting Kubernetes client to: " + kubernetesClient.getClass().getName());
        this.client = kubernetesClient;
    }

    void clearTimer() {
        this.lastFetch = 0L;
    }
}
