package com.atlassian.aws.ec2.caches;

import com.amazonaws.services.ec2.AmazonEC2Async;
import com.amazonaws.services.ec2.model.GetPasswordDataRequest;
import com.atlassian.aws.ec2.model.InstanceId;
import com.atlassian.aws.utils.CryptoUtils;
import com.google.common.base.Throwables;
import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import com.google.common.collect.ComputationException;
import java.io.File;
import java.security.Security;
import java.util.Base64;
import javax.crypto.Cipher;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:com/atlassian/aws/ec2/caches/InstancePasswordCache.class */
public class InstancePasswordCache {
    public static final String CIPHER_SPEC = "RSA/ECB/PKCS1Padding";
    private final LoadingCache<KeyInstanceIdHolder, String> instanceId2password;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/atlassian/aws/ec2/caches/InstancePasswordCache$KeyInstanceIdHolder.class */
    public static class KeyInstanceIdHolder {
        private final File keyFile;
        private final InstanceId instanceId;

        KeyInstanceIdHolder(File file, InstanceId instanceId) {
            this.keyFile = file;
            this.instanceId = instanceId;
        }

        public InstanceId getInstanceId() {
            return this.instanceId;
        }

        public File getKeyFile() {
            return this.keyFile;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            KeyInstanceIdHolder keyInstanceIdHolder = (KeyInstanceIdHolder) obj;
            return this.instanceId.equals(keyInstanceIdHolder.instanceId) && this.keyFile.equals(keyInstanceIdHolder.keyFile);
        }

        public int hashCode() {
            return (31 * this.keyFile.hashCode()) + this.instanceId.hashCode();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/atlassian/aws/ec2/caches/InstancePasswordCache$PasswordNotAvailableException.class */
    public static class PasswordNotAvailableException extends IllegalStateException {
        public PasswordNotAvailableException(String str) {
            super(str);
        }
    }

    public InstancePasswordCache(@NotNull AmazonEC2Async amazonEC2Async) {
        Security.addProvider(new BouncyCastleProvider());
        this.instanceId2password = makePasswordComputingMap(amazonEC2Async, makeCipherMap());
    }

    private LoadingCache<File, Cipher> makeCipherMap() {
        return CacheBuilder.newBuilder().build(new CacheLoader<File, Cipher>() { // from class: com.atlassian.aws.ec2.caches.InstancePasswordCache.1
            public Cipher load(File file) throws Exception {
                return CryptoUtils.getCipherForKey(file, InstancePasswordCache.CIPHER_SPEC);
            }
        });
    }

    private LoadingCache<KeyInstanceIdHolder, String> makePasswordComputingMap(final AmazonEC2Async amazonEC2Async, final LoadingCache<File, Cipher> loadingCache) {
        return CacheBuilder.newBuilder().build(new CacheLoader<KeyInstanceIdHolder, String>() { // from class: com.atlassian.aws.ec2.caches.InstancePasswordCache.2
            public String load(KeyInstanceIdHolder keyInstanceIdHolder) {
                String passwordData = amazonEC2Async.getPasswordData(new GetPasswordDataRequest(keyInstanceIdHolder.getInstanceId().getId())).getPasswordData();
                if (StringUtils.isEmpty(passwordData)) {
                    throw new ComputationException(new PasswordNotAvailableException("Password is not (yet) available. If password generation was enabled for this image, note that generation and encryption takes a few moments. Please wait up to 15 minutes after launching an instance before trying to retrieve the generated password."));
                }
                try {
                    return new String(((Cipher) loadingCache.get(keyInstanceIdHolder.getKeyFile())).doFinal(Base64.getMimeDecoder().decode(passwordData)));
                } catch (Exception e) {
                    throw new ComputationException(e);
                }
            }
        });
    }

    @Nullable
    public String getPassword(File file, InstanceId instanceId) {
        try {
            return (String) this.instanceId2password.get(new KeyInstanceIdHolder(file, instanceId));
        } catch (Exception e) {
            if (Throwables.getRootCause(e) instanceof PasswordNotAvailableException) {
                return null;
            }
            throw new IllegalArgumentException(e);
        }
    }
}
