package com.atlassian.bitbucket.internal.ssh.server;

import com.atlassian.bitbucket.server.StorageService;
import com.atlassian.bitbucket.ssh.Digest;
import com.atlassian.bitbucket.ssh.StandardDigests;
import com.atlassian.bitbucket.ssh.util.KeyUtils;
import com.atlassian.bitbucket.util.FilePermission;
import com.atlassian.bitbucket.util.MoreFiles;
import com.atlassian.bitbucket.util.SetFilePermissionRequest;
import com.atlassian.util.concurrent.Lazy;
import com.atlassian.util.concurrent.Supplier;
import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.PublicKey;
import java.util.Objects;
import javax.annotation.Nonnull;
import org.apache.sshd.server.keyprovider.AbstractGeneratorHostKeyProvider;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/bitbucket-ssh-5.16.0.jar:com/atlassian/bitbucket/internal/ssh/server/DefaultHostKeyPairProvider.class */
public class DefaultHostKeyPairProvider extends AbstractGeneratorHostKeyProvider implements HostKeyPairProvider {
    private static final String KEY_PAIR_FILE = "ssh-server-keys.pem";
    private final LoadingCache<Digest, String> fingerprints = CacheBuilder.newBuilder().build(new CacheLoader<Digest, String>() { // from class: com.atlassian.bitbucket.internal.ssh.server.DefaultHostKeyPairProvider.1
        private final Supplier<PublicKey> publicKey = Lazy.supplier(() -> {
            return ((KeyPair) Iterables.get(DefaultHostKeyPairProvider.this.loadKeys(), 0)).getPublic();
        });

        @Override // com.google.common.cache.CacheLoader
        @Nonnull
        public String load(@Nonnull Digest digest) {
            return KeyUtils.calculateFingerprint(this.publicKey.get(), digest);
        }
    });

    public DefaultHostKeyPairProvider(StorageService storageService) {
        setPath(storageService.getConfigDir().resolve(KEY_PAIR_FILE));
    }

    @Override // com.atlassian.bitbucket.internal.ssh.server.HostKeyPairProvider
    @Nonnull
    public String getFingerprint() {
        return getFingerprint(StandardDigests.MD5);
    }

    @Override // com.atlassian.bitbucket.internal.ssh.server.HostKeyPairProvider
    @Nonnull
    public String getFingerprint(@Nonnull Digest digest) {
        Objects.requireNonNull(digest, "digest");
        return this.fingerprints.getUnchecked(digest);
    }

    @Override // org.apache.sshd.server.keyprovider.AbstractGeneratorHostKeyProvider
    protected KeyPair doReadKeyPair(String str, InputStream inputStream) throws IOException {
        Object readObject = new PEMParser(new InputStreamReader(inputStream)).readObject();
        if (readObject instanceof PEMKeyPair) {
            JcaPEMKeyConverter jcaPEMKeyConverter = new JcaPEMKeyConverter();
            jcaPEMKeyConverter.setProvider("BC");
            return jcaPEMKeyConverter.getKeyPair((PEMKeyPair) readObject);
        }
        if (readObject instanceof KeyPair) {
            return (KeyPair) readObject;
        }
        return null;
    }

    @Override // org.apache.sshd.server.keyprovider.AbstractGeneratorHostKeyProvider
    protected void doWriteKeyPair(String str, KeyPair keyPair, OutputStream outputStream) throws IOException {
        JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(new OutputStreamWriter(outputStream));
        jcaPEMWriter.writeObject(keyPair);
        jcaPEMWriter.flush();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.sshd.server.keyprovider.AbstractGeneratorHostKeyProvider
    public void writeKeyPair(KeyPair keyPair, Path path, OpenOption... openOptionArr) throws IOException, GeneralSecurityException {
        super.writeKeyPair(keyPair, path, openOptionArr);
        if (Files.exists(path, new LinkOption[0])) {
            try {
                MoreFiles.setPermissions(new SetFilePermissionRequest.Builder(path).ownerPermissions(ImmutableSet.of(FilePermission.READ, FilePermission.WRITE)).groupPermissions(ImmutableSet.of(FilePermission.READ)).build());
            } catch (IOException e) {
                this.log.warn("Could not restrict file permissions on key " + path.toAbsolutePath(), (Throwable) e);
            }
        }
    }
}
