package io.micronaut.kubernetes.client.openapi.credential;

import io.micronaut.context.annotation.BootstrapContextCompatible;
import io.micronaut.core.annotation.Internal;
import io.micronaut.json.JsonMapper;
import io.micronaut.kubernetes.client.openapi.config.KubeConfig;
import io.micronaut.kubernetes.client.openapi.config.KubeConfigLoader;
import io.micronaut.kubernetes.client.openapi.config.model.ExecConfig;
import io.micronaut.kubernetes.client.openapi.config.model.ExecEnvVar;
import io.micronaut.kubernetes.client.openapi.credential.model.ExecCredential;
import jakarta.inject.Singleton;
import java.io.File;
import java.io.InputStream;
import java.lang.ProcessBuilder;
import java.nio.file.Path;
import java.time.Duration;
import java.time.ZoneId;
import java.time.ZonedDateTime;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
@Internal
@BootstrapContextCompatible
/* loaded from: input_file:io/micronaut/kubernetes/client/openapi/credential/ExecCommandCredentialLoader.class */
final class ExecCommandCredentialLoader implements KubernetesTokenLoader {
    private static final int ORDER = 10;
    private final KubeConfig kubeConfig;
    private final JsonMapper jsonMapper;
    private volatile ExecCredential execCredential;
    private static final Logger LOG = LoggerFactory.getLogger(ExecCommandCredentialLoader.class);
    private static final Duration BUFFER = Duration.ofSeconds(60);

    /* JADX INFO: Access modifiers changed from: package-private */
    public ExecCommandCredentialLoader(KubeConfigLoader kubeConfigLoader, JsonMapper jsonMapper) {
        this.kubeConfig = kubeConfigLoader.getKubeConfig();
        this.jsonMapper = jsonMapper;
    }

    @Override // io.micronaut.kubernetes.client.openapi.credential.KubernetesTokenLoader
    public String getToken() {
        setExecCredential();
        if (this.execCredential == null) {
            return null;
        }
        return this.execCredential.status().token();
    }

    public int getOrder() {
        return ORDER;
    }

    private void setExecCredential() {
        if (this.kubeConfig != null && this.kubeConfig.isExecCommandProvided() && shouldLoadCredential()) {
            synchronized (this) {
                if (shouldLoadCredential()) {
                    try {
                        this.execCredential = loadCredential();
                    } catch (Exception e) {
                        LOG.error("Failed to load exec credential", e);
                    }
                }
            }
        }
    }

    private boolean shouldLoadCredential() {
        if (this.execCredential == null) {
            return true;
        }
        ZonedDateTime expirationTimestamp = this.execCredential.status().expirationTimestamp();
        if (expirationTimestamp == null) {
            return false;
        }
        ZonedDateTime now = ZonedDateTime.now(ZoneId.of("UTC"));
        LOG.debug("Check whether credential loading needed, now={}, buffer={}, expiration={}", new Object[]{now, BUFFER, expirationTimestamp});
        return expirationTimestamp.isBefore(now.plusSeconds(BUFFER.toSeconds()));
    }

    private ExecCredential loadCredential() throws Exception {
        LOG.debug("Loading credential using exec command from kube config file");
        ArrayList arrayList = new ArrayList();
        ExecConfig exec = this.kubeConfig.getUser().exec();
        String command = exec.command();
        if (command.contains(File.separator) && !command.startsWith(File.separator)) {
            Optional<Path> kubeConfigParentPath = this.kubeConfig.getKubeConfigParentPath();
            if (kubeConfigParentPath.isEmpty()) {
                throw new IllegalArgumentException("Failed to execute command relative to the kube config file path since the kube config file path not provided. Command: " + command);
            }
            command = kubeConfigParentPath.get().resolve(command).normalize().toString();
        }
        arrayList.add(command);
        List<String> args = exec.args();
        if (args != null) {
            arrayList.addAll(args);
        }
        ProcessBuilder processBuilder = new ProcessBuilder(arrayList);
        processBuilder.redirectError(ProcessBuilder.Redirect.INHERIT);
        List<ExecEnvVar> env = exec.env();
        if (env != null) {
            Map<String, String> environment = processBuilder.environment();
            env.forEach(execEnvVar -> {
                environment.put(execEnvVar.name(), execEnvVar.value());
            });
        }
        Process start = processBuilder.start();
        InputStream inputStream = start.getInputStream();
        try {
            ExecCredential execCredential = (ExecCredential) this.jsonMapper.readValue(inputStream, ExecCredential.class);
            if (inputStream != null) {
                inputStream.close();
            }
            if (execCredential.status() == null || execCredential.status().token() == null) {
                throw new RuntimeException("Command '" + command + "' didn't provide token");
            }
            int waitFor = start.waitFor();
            if (waitFor != 0) {
                throw new RuntimeException("Command '" + command + "' failed with exit code " + waitFor);
            }
            return execCredential;
        } catch (Throwable th) {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
