package org.testcontainers.utility;

import com.github.dockerjava.api.model.AuthConfig;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.util.Base64;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Optional;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import org.openqa.selenium.remote.DriverCommand;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.testcontainers.shaded.com.fasterxml.jackson.databind.JsonNode;
import org.testcontainers.shaded.com.fasterxml.jackson.databind.ObjectMapper;
import org.testcontainers.shaded.com.github.dockerjava.core.DefaultDockerClientConfig;
import org.testcontainers.shaded.com.google.common.annotations.VisibleForTesting;
import org.testcontainers.shaded.org.apache.commons.lang.StringUtils;
import org.testcontainers.shaded.org.zeroturnaround.exec.InvalidResultException;
import org.testcontainers.shaded.org.zeroturnaround.exec.ProcessExecutor;

/* loaded from: input_file:WEB-INF/lib/testcontainers-1.16.2.jar:org/testcontainers/utility/RegistryAuthLocator.class */
public class RegistryAuthLocator {
    private static final String DEFAULT_REGISTRY_NAME = "index.docker.io";
    private static RegistryAuthLocator instance;
    private final String commandPathPrefix;
    private final String commandExtension;
    private final File configFile;
    private final Map<String, Optional<AuthConfig>> cache;
    private final Map<String, String> CREDENTIALS_HELPERS_NOT_FOUND_MESSAGE_CACHE;
    private static final Logger log = LoggerFactory.getLogger((Class<?>) RegistryAuthLocator.class);
    private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper();

    @VisibleForTesting
    RegistryAuthLocator(File file, String str, String str2, Map<String, String> map) {
        this.cache = new ConcurrentHashMap();
        this.configFile = file;
        this.commandPathPrefix = str;
        this.commandExtension = str2;
        this.CREDENTIALS_HELPERS_NOT_FOUND_MESSAGE_CACHE = map;
    }

    protected RegistryAuthLocator() {
        this.cache = new ConcurrentHashMap();
        this.configFile = new File(System.getenv().getOrDefault(DefaultDockerClientConfig.DOCKER_CONFIG, System.getProperty("user.home") + "/.docker") + "/config.json");
        this.commandPathPrefix = "";
        this.commandExtension = "";
        this.CREDENTIALS_HELPERS_NOT_FOUND_MESSAGE_CACHE = new HashMap();
    }

    public static synchronized RegistryAuthLocator instance() {
        if (instance == null) {
            instance = new RegistryAuthLocator();
        }
        return instance;
    }

    @VisibleForTesting
    static void setInstance(RegistryAuthLocator registryAuthLocator) {
        instance = registryAuthLocator;
    }

    public AuthConfig lookupAuthConfig(DockerImageName dockerImageName, AuthConfig authConfig) {
        String effectiveRegistryName = effectiveRegistryName(dockerImageName);
        log.debug("Looking up auth config for image: {} at registry: {}", dockerImageName, effectiveRegistryName);
        Optional<AuthConfig> computeIfAbsent = this.cache.computeIfAbsent(effectiveRegistryName, str -> {
            return lookupUncachedAuthConfig(effectiveRegistryName, dockerImageName);
        });
        if (computeIfAbsent.isPresent()) {
            log.debug("Cached auth found: [{}]", AuthConfigUtil.toSafeString(computeIfAbsent.get()));
            return computeIfAbsent.get();
        }
        log.debug("No matching Auth Configs - falling back to defaultAuthConfig [{}]", AuthConfigUtil.toSafeString(authConfig));
        return authConfig;
    }

    private Optional<AuthConfig> lookupUncachedAuthConfig(String str, DockerImageName dockerImageName) {
        JsonNode readTree;
        AuthConfig authConfigUsingHelper;
        Logger logger = log;
        Object[] objArr = new Object[3];
        objArr[0] = this.configFile;
        objArr[1] = this.configFile.exists() ? "exists" : "does not exist";
        objArr[2] = this.commandPathPrefix;
        logger.debug("RegistryAuthLocator has configFile: {} ({}) and commandPathPrefix: {}", objArr);
        try {
            readTree = OBJECT_MAPPER.readTree(this.configFile);
            log.debug("registryName [{}] for dockerImageName [{}]", str, dockerImageName);
            authConfigUsingHelper = authConfigUsingHelper(readTree, str);
        } catch (Exception e) {
            log.info("Failure when attempting to lookup auth config. Please ignore if you don't have images in an authenticated registry. Details: (dockerImageName: {}, configFile: {}. Falling back to docker-java default behaviour. Exception message: {}", dockerImageName, this.configFile, e.getMessage());
        }
        if (authConfigUsingHelper != null) {
            log.debug("found helper auth config [{}]", AuthConfigUtil.toSafeString(authConfigUsingHelper));
            return Optional.of(authConfigUsingHelper);
        }
        AuthConfig authConfigUsingStore = authConfigUsingStore(readTree, str);
        if (authConfigUsingStore != null) {
            log.debug("found creds store auth config [{}]", AuthConfigUtil.toSafeString(authConfigUsingStore));
            return Optional.of(authConfigUsingStore);
        }
        AuthConfig findExistingAuthConfig = findExistingAuthConfig(readTree, str);
        if (findExistingAuthConfig != null) {
            log.debug("found existing auth config [{}]", AuthConfigUtil.toSafeString(findExistingAuthConfig));
            return Optional.of(findExistingAuthConfig);
        }
        return Optional.empty();
    }

    private AuthConfig findExistingAuthConfig(JsonNode jsonNode, String str) throws Exception {
        Map.Entry<String, JsonNode> findAuthNode = findAuthNode(jsonNode, str);
        if (findAuthNode == null || findAuthNode.getValue() == null || findAuthNode.getValue().size() <= 0) {
            return null;
        }
        AuthConfig withRegistryAddress = ((AuthConfig) OBJECT_MAPPER.treeToValue(findAuthNode.getValue(), AuthConfig.class)).withRegistryAddress(findAuthNode.getKey());
        if (StringUtils.isBlank(withRegistryAddress.getUsername()) && StringUtils.isBlank(withRegistryAddress.getPassword()) && !StringUtils.isBlank(withRegistryAddress.getAuth())) {
            String[] split = new String(Base64.getDecoder().decode(withRegistryAddress.getAuth())).split(":", 2);
            if (split.length == 2) {
                withRegistryAddress.withUsername(split[0]);
                withRegistryAddress.withPassword(split[1]);
            }
        }
        return withRegistryAddress;
    }

    private AuthConfig authConfigUsingHelper(JsonNode jsonNode, String str) throws Exception {
        JsonNode jsonNode2;
        JsonNode jsonNode3 = jsonNode.get("credHelpers");
        if (jsonNode3 == null || jsonNode3.size() <= 0 || (jsonNode2 = jsonNode3.get(str)) == null || !jsonNode2.isTextual()) {
            return null;
        }
        return runCredentialProvider(str, jsonNode2.asText());
    }

    private AuthConfig authConfigUsingStore(JsonNode jsonNode, String str) throws Exception {
        JsonNode jsonNode2 = jsonNode.get("credsStore");
        if (jsonNode2 == null || jsonNode2.isMissingNode() || !jsonNode2.isTextual()) {
            return null;
        }
        String asText = jsonNode2.asText();
        if (!StringUtils.isBlank(asText)) {
            return runCredentialProvider(str, asText);
        }
        log.warn("Docker auth config credsStore field will be ignored, because value is blank");
        return null;
    }

    private Map.Entry<String, JsonNode> findAuthNode(JsonNode jsonNode, String str) {
        JsonNode jsonNode2 = jsonNode.get("auths");
        if (jsonNode2 == null || jsonNode2.size() <= 0) {
            return null;
        }
        Iterator<Map.Entry<String, JsonNode>> fields = jsonNode2.fields();
        while (fields.hasNext()) {
            Map.Entry<String, JsonNode> next = fields.next();
            if (next.getKey().contains("://" + str) || next.getKey().equals(str)) {
                return next;
            }
        }
        return null;
    }

    private AuthConfig runCredentialProvider(String str, String str2) throws Exception {
        if (StringUtils.isBlank(str)) {
            log.debug("There is no point in locating AuthConfig for blank hostName. Returning NULL to allow fallback");
            return null;
        }
        String credentialProgramName = getCredentialProgramName(str2);
        log.debug("Executing docker credential provider: {} to locate auth config for: {}", credentialProgramName, str);
        try {
            JsonNode readTree = OBJECT_MAPPER.readTree(runCredentialProgram(str, credentialProgramName));
            log.debug("Credential helper/store provided auth config for: {}", str);
            String asText = readTree.at("/Username").asText();
            String asText2 = readTree.at("/Secret").asText();
            return "<token>".equals(asText) ? new AuthConfig().withIdentityToken(asText2) : new AuthConfig().withRegistryAddress(readTree.at("/ServerURL").asText()).withUsername(asText).withPassword(asText2);
        } catch (InvalidResultException e) {
            String extractCredentialProviderErrorMessage = extractCredentialProviderErrorMessage(e);
            if (StringUtils.isBlank(extractCredentialProviderErrorMessage)) {
                log.debug("Failure running docker credential helper/store ({})", credentialProgramName);
            } else {
                String genericCredentialsNotFoundMsg = getGenericCredentialsNotFoundMsg(credentialProgramName);
                if (genericCredentialsNotFoundMsg != null && genericCredentialsNotFoundMsg.equals(extractCredentialProviderErrorMessage)) {
                    log.info("Credential helper/store ({}) does not have credentials for {}", credentialProgramName, str);
                    return null;
                }
                log.debug("Failure running docker credential helper/store ({}) with output '{}'", credentialProgramName, extractCredentialProviderErrorMessage);
            }
            throw e;
        } catch (Exception e2) {
            log.debug("Failure running docker credential helper/store ({})", credentialProgramName);
            throw e2;
        }
    }

    private String getCredentialProgramName(String str) {
        return this.commandPathPrefix + "docker-credential-" + str + this.commandExtension;
    }

    private String effectiveRegistryName(DockerImageName dockerImageName) {
        return StringUtils.defaultIfEmpty(dockerImageName.getRegistry(), DEFAULT_REGISTRY_NAME);
    }

    private String getGenericCredentialsNotFoundMsg(String str) {
        if (!this.CREDENTIALS_HELPERS_NOT_FOUND_MESSAGE_CACHE.containsKey(str)) {
            String discoverCredentialsHelperNotFoundMessage = discoverCredentialsHelperNotFoundMessage(str);
            if (!StringUtils.isBlank(discoverCredentialsHelperNotFoundMessage)) {
                this.CREDENTIALS_HELPERS_NOT_FOUND_MESSAGE_CACHE.put(str, discoverCredentialsHelperNotFoundMessage);
            }
        }
        return this.CREDENTIALS_HELPERS_NOT_FOUND_MESSAGE_CACHE.get(str);
    }

    private String discoverCredentialsHelperNotFoundMessage(String str) {
        String str2 = null;
        try {
            runCredentialProgram("https://not.a.real.registry/url", str);
            log.warn("Failure running docker credential helper ({}) with fake call, expected 'credentials not found' response", str);
        } catch (Exception e) {
            if (e instanceof InvalidResultException) {
                str2 = extractCredentialProviderErrorMessage((InvalidResultException) e);
            }
            if (StringUtils.isBlank(str2)) {
                log.warn("Failure running docker credential helper ({}) with fake call, expected 'credentials not found' response. Exception message: {}", str, e.getMessage());
            } else {
                log.debug("Got credentials not found error message from docker credential helper - {}", str2);
            }
        }
        return str2;
    }

    private String extractCredentialProviderErrorMessage(InvalidResultException invalidResultException) {
        if (invalidResultException.getResult() == null || !invalidResultException.getResult().hasOutput()) {
            return null;
        }
        return invalidResultException.getResult().outputString().trim();
    }

    private String runCredentialProgram(String str, String str2) throws InvalidResultException, InterruptedException, TimeoutException, IOException {
        return new ProcessExecutor().command(str2, DriverCommand.GET).redirectInput(new ByteArrayInputStream(str.getBytes())).readOutput(true).exitValueNormal().timeout(30L, TimeUnit.SECONDS).execute().outputUTF8().trim();
    }
}
