package com.google.cloud.tools.jib.registry.credentials;

import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.MapperFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.api.client.util.Base64;
import com.google.cloud.tools.jib.api.Credential;
import com.google.cloud.tools.jib.api.LogEvent;
import com.google.cloud.tools.jib.registry.RegistryAliasGroup;
import com.google.cloud.tools.jib.registry.credentials.json.DockerConfigTemplate;
import com.google.common.annotations.VisibleForTesting;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.util.Map;
import java.util.Optional;
import java.util.function.Consumer;

/* loaded from: input_file:com/google/cloud/tools/jib/registry/credentials/DockerConfigCredentialRetriever.class */
public class DockerConfigCredentialRetriever {
    private final String registry;
    private final Path dockerConfigFile;
    private final boolean legacyConfigFormat;

    public static DockerConfigCredentialRetriever create(String str, Path path) {
        return new DockerConfigCredentialRetriever(str, path, false);
    }

    public static DockerConfigCredentialRetriever createForLegacyFormat(String str, Path path) {
        return new DockerConfigCredentialRetriever(str, path, true);
    }

    private DockerConfigCredentialRetriever(String str, Path path, boolean z) {
        this.registry = str;
        this.dockerConfigFile = path;
        this.legacyConfigFormat = z;
    }

    public Path getDockerConfigFile() {
        return this.dockerConfigFile;
    }

    public Optional<Credential> retrieve(Consumer<LogEvent> consumer) throws IOException {
        if (!Files.exists(this.dockerConfigFile, new LinkOption[0])) {
            return Optional.empty();
        }
        ObjectMapper configure = new ObjectMapper().configure(MapperFeature.ACCEPT_CASE_INSENSITIVE_PROPERTIES, true);
        InputStream newInputStream = Files.newInputStream(this.dockerConfigFile, new OpenOption[0]);
        Throwable th = null;
        try {
            if (this.legacyConfigFormat) {
                Optional<Credential> retrieve = retrieve(new DockerConfig(new DockerConfigTemplate((Map) configure.readValue(newInputStream, new TypeReference<Map<String, DockerConfigTemplate.AuthTemplate>>() { // from class: com.google.cloud.tools.jib.registry.credentials.DockerConfigCredentialRetriever.1
                }))), consumer);
                if (newInputStream != null) {
                    if (0 != 0) {
                        try {
                            newInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        newInputStream.close();
                    }
                }
                return retrieve;
            }
            Optional<Credential> retrieve2 = retrieve(new DockerConfig((DockerConfigTemplate) configure.readValue(newInputStream, DockerConfigTemplate.class)), consumer);
            if (newInputStream != null) {
                if (0 != 0) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th3) {
                        th.addSuppressed(th3);
                    }
                } else {
                    newInputStream.close();
                }
            }
            return retrieve2;
        } catch (Throwable th4) {
            if (newInputStream != null) {
                if (0 != 0) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    newInputStream.close();
                }
            }
            throw th4;
        }
    }

    @VisibleForTesting
    Optional<Credential> retrieve(DockerConfig dockerConfig, Consumer<LogEvent> consumer) {
        for (String str : RegistryAliasGroup.getAliasesGroup(this.registry)) {
            DockerCredentialHelper credentialHelperFor = dockerConfig.getCredentialHelperFor(str);
            if (credentialHelperFor != null) {
                try {
                    consumer.accept(LogEvent.info("trying " + credentialHelperFor.getCredentialHelper() + " for " + str));
                    return Optional.of(credentialHelperFor.retrieve());
                } catch (CredentialHelperNotFoundException | CredentialHelperUnhandledServerUrlException | IOException e) {
                    if (e.getMessage() != null) {
                        consumer.accept(LogEvent.warn(e.getMessage()));
                        if (e.getCause() != null && e.getCause().getMessage() != null) {
                            consumer.accept(LogEvent.warn("  Caused by: " + e.getCause().getMessage()));
                        }
                    }
                }
            }
            DockerConfigTemplate.AuthTemplate authFor = dockerConfig.getAuthFor(str);
            if (authFor != null && authFor.getAuth() != null) {
                String str2 = new String(Base64.decodeBase64(authFor.getAuth()), StandardCharsets.UTF_8);
                String substring = str2.substring(0, str2.indexOf(":"));
                String substring2 = str2.substring(str2.indexOf(":") + 1);
                consumer.accept(LogEvent.info("Docker config auths section defines credentials for " + str));
                if (authFor.getIdentityToken() == null || !substring.equals("00000000-0000-0000-0000-000000000000") || !substring2.isEmpty()) {
                    return Optional.of(Credential.from(substring, substring2));
                }
                consumer.accept(LogEvent.info("Using 'identityToken' in Docker config auth for " + str));
                return Optional.of(Credential.from(Credential.OAUTH2_TOKEN_USER_NAME, authFor.getIdentityToken()));
            }
        }
        return Optional.empty();
    }
}
