package com.atlassian.pipelines.runner.core.factory;

import com.atlassian.pipelines.annotations.PipelinesImmutableStyle;
import com.atlassian.pipelines.rest.model.v1.step.ImageAuthModel;
import com.atlassian.pipelines.rest.model.v1.step.ImageBasicAuthModel;
import com.atlassian.pipelines.rest.model.v1.step.ImageIamRoleModel;
import com.atlassian.pipelines.rest.model.v1.step.ImageIamUserModel;
import com.atlassian.pipelines.runner.api.error.ErrorKeys;
import com.atlassian.pipelines.runner.api.factory.ImageAuthFactory;
import com.atlassian.pipelines.runner.api.model.step.service.image.Auth;
import com.atlassian.pipelines.runner.api.model.step.service.image.ImmutableAuth;
import com.atlassian.pipelines.runner.api.model.variable.EnvironmentVariable;
import com.atlassian.pipelines.runner.api.service.EnvironmentVariableService;
import com.atlassian.pipelines.runner.core.exception.EcrAuthorisationException;
import com.atlassian.pipelines.runner.core.service.ecr.EcrAuthServiceImpl;
import com.atlassian.pipelines.variable.model.SystemVariableKey;
import io.reactivex.Single;
import io.vavr.collection.List;
import io.vavr.control.Option;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.annotation.Nonnull;
import org.immutables.value.Value;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/atlassian/pipelines/runner/core/factory/ImageAuthFactoryImpl.class */
public final class ImageAuthFactoryImpl implements ImageAuthFactory {
    private static final String DOCKER_USERNAME_GROUP = "username";
    private static final String DOCKER_PASSWORD_GROUP = "password";
    private static final Pattern DOCKER_AUTH_PATTERN = Pattern.compile("^(?<username>.+):(?<password>.+)$");
    private static final String DOCKER_REGISTRY_PATTERN = "(.*\\..*)|(.*:.*)";
    private final EcrAuthServiceImpl ecrService;
    private final EnvironmentVariableService environmentVariableService;

    /* JADX INFO: Access modifiers changed from: package-private */
    @PipelinesImmutableStyle
    @Value.Immutable
    /* loaded from: input_file:com/atlassian/pipelines/runner/core/factory/ImageAuthFactoryImpl$IamRoleCredentials.class */
    public static abstract class IamRoleCredentials {
        @Value.Parameter
        public abstract String getRoleArn();

        @Value.Parameter
        public abstract String getOIDCToken();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @PipelinesImmutableStyle
    @Value.Immutable
    /* loaded from: input_file:com/atlassian/pipelines/runner/core/factory/ImageAuthFactoryImpl$IamUserCredentials.class */
    public static abstract class IamUserCredentials {
        @Value.Parameter
        public abstract String getAccessKey();

        @Value.Parameter
        public abstract String getSecretKey();
    }

    @Autowired
    public ImageAuthFactoryImpl(EcrAuthServiceImpl ecrAuthServiceImpl, EnvironmentVariableService environmentVariableService) {
        this.ecrService = ecrAuthServiceImpl;
        this.environmentVariableService = environmentVariableService;
    }

    @Override // com.atlassian.pipelines.runner.api.factory.ImageAuthFactory
    public Single<Auth> from(String str, ImageAuthModel imageAuthModel, List<EnvironmentVariable> list) {
        String type = imageAuthModel.getType();
        boolean z = -1;
        switch (type.hashCode()) {
            case -1770966976:
                if (type.equals("IAM_ROLE")) {
                    z = 2;
                    break;
                }
                break;
            case -1770873963:
                if (type.equals("IAM_USER")) {
                    z = true;
                    break;
                }
                break;
            case 62970894:
                if (type.equals("BASIC")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return from(str, (ImageBasicAuthModel) imageAuthModel, list);
            case true:
                return from(str, (ImageIamUserModel) imageAuthModel, list);
            case true:
                return from(str, (ImageIamRoleModel) imageAuthModel, list);
            default:
                return Single.error(new IllegalArgumentException(String.format("No mapping found for auth type: %s.", imageAuthModel.getType())));
        }
    }

    @Nonnull
    private Single<Auth> from(String str, ImageBasicAuthModel imageBasicAuthModel, List<EnvironmentVariable> list) {
        return Single.zip(this.environmentVariableService.dereference(Option.of(imageBasicAuthModel.getUsername()), list), this.environmentVariableService.dereference(Option.of(imageBasicAuthModel.getPassword()), list), (str2, str3) -> {
            return ImmutableAuth.builder().withRegistry(toRegistry(str)).withUsername(str2).withPassword(str3).build();
        });
    }

    private static Option<String> toRegistry(String str) {
        int indexOf = str.indexOf("/");
        if (indexOf != -1) {
            String substring = str.substring(0, indexOf);
            if (substring.matches(DOCKER_REGISTRY_PATTERN)) {
                return Option.of(substring);
            }
        }
        return Option.none();
    }

    @Nonnull
    private Single<Auth> from(String str, ImageIamUserModel imageIamUserModel, List<EnvironmentVariable> list) {
        return Single.zip(this.environmentVariableService.dereference(Option.of(imageIamUserModel.getAccessKey()), list), this.environmentVariableService.dereference(Option.of(imageIamUserModel.getSecretKey()), list), ImmutableIamUserCredentials::of).flatMap(iamUserCredentials -> {
            return this.ecrService.getAuthString(imageIamUserModel.getAccountId(), imageIamUserModel.getRegion(), iamUserCredentials.getAccessKey(), iamUserCredentials.getSecretKey());
        }).map(str2 -> {
            return from(str, str2);
        });
    }

    @Nonnull
    private Single<Auth> from(String str, ImageIamRoleModel imageIamRoleModel, List<EnvironmentVariable> list) {
        return Single.zip(this.environmentVariableService.dereference(Option.of(imageIamRoleModel.getRoleArn()), list), this.environmentVariableService.dereference(Option.of(SystemVariableKey.BITBUCKET_STEP_OIDC_TOKEN.asVariableReference()), list), ImmutableIamRoleCredentials::of).flatMap(iamRoleCredentials -> {
            return this.ecrService.getAuthStringOidc(imageIamRoleModel.getAccountId(), imageIamRoleModel.getRegion(), iamRoleCredentials.getRoleArn(), iamRoleCredentials.getOIDCToken());
        }).map(str2 -> {
            return from(str, str2);
        });
    }

    private Auth from(String str, String str2) {
        Matcher matcher = DOCKER_AUTH_PATTERN.matcher(fromBase64(str2));
        if (matcher.matches()) {
            return ImmutableAuth.builder().withRegistry(toRegistry(str)).withUsername(matcher.group(DOCKER_USERNAME_GROUP)).withPassword(matcher.group(DOCKER_PASSWORD_GROUP)).build();
        }
        throw new EcrAuthorisationException(ErrorKeys.ErrorKey.ECR_INVALID_TOKEN, "Invalid token returned from ECR.");
    }

    @Nonnull
    private static String fromBase64(String str) {
        return new String(Base64.getDecoder().decode(str.getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8);
    }
}
