package com.atlassian.bitbucket.internal.mirroring.mirror.ssh;

import com.atlassian.bitbucket.i18n.I18nService;
import com.atlassian.bitbucket.internal.mirroring.ssh.encoding.KeyCodecException;
import com.atlassian.bitbucket.internal.mirroring.ssh.encoding.PrivateKeyPemHelper;
import com.atlassian.bitbucket.internal.mirroring.ssh.encoding.PublicKeyEncodingHelper;
import com.atlassian.bitbucket.server.StorageService;
import com.atlassian.bitbucket.util.MoreFiles;
import io.atlassian.fugue.Pair;
import java.io.BufferedReader;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.NoSuchFileException;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.util.Objects;
import java.util.Optional;
import javax.annotation.Nonnull;
import javax.annotation.concurrent.NotThreadSafe;
import org.apache.sshd.common.config.keys.PublicKeyEntry;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@NotThreadSafe
@Component("sshKeyStore")
/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/bitbucket-mirroring-mirror-6.0.0.jar:com/atlassian/bitbucket/internal/mirroring/mirror/ssh/DefaultSshKeyStore.class */
public class DefaultSshKeyStore implements SshKeyStore {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) DefaultSshKeyStore.class);
    private final I18nService i18nService;
    private final JcaPEMKeyConverter jcaPEMKeyConverter = new JcaPEMKeyConverter();
    private final PrivateKeyPemHelper privateKeyPemHelper;
    private final PublicKeyEncodingHelper publicKeyEncodingHelper;
    private final StorageService storageService;

    @Autowired
    public DefaultSshKeyStore(I18nService i18nService, PrivateKeyPemHelper privateKeyPemHelper, PublicKeyEncodingHelper publicKeyEncodingHelper, StorageService storageService) {
        this.i18nService = i18nService;
        this.privateKeyPemHelper = privateKeyPemHelper;
        this.publicKeyEncodingHelper = publicKeyEncodingHelper;
        this.storageService = storageService;
        this.jcaPEMKeyConverter.setProvider("BC");
    }

    @Override // com.atlassian.bitbucket.internal.mirroring.mirror.ssh.SshKeyStore
    public boolean delete(@Nonnull String str) {
        Path privateKeyFile = getPrivateKeyFile(sanitizeKeyId(str));
        try {
            Files.delete(privateKeyFile);
            return true;
        } catch (FileNotFoundException | NoSuchFileException e) {
            return false;
        } catch (IOException e2) {
            MoreFiles.deleteOnExit(privateKeyFile);
            return false;
        }
    }

    @Override // com.atlassian.bitbucket.internal.mirroring.mirror.ssh.SshKeyStore
    @Nonnull
    public Pair<Path, String> generateKeyPair(@Nonnull String str, @Nonnull String str2) {
        KeyPair generateStandardRSAKeyPair = SshUtils.generateStandardRSAKeyPair();
        return Pair.pair(savePrivateKey(sanitizeKeyId(str), generateStandardRSAKeyPair.getPrivate()), this.publicKeyEncodingHelper.encodeAsOpenSsh(generateStandardRSAKeyPair.getPublic(), str2));
    }

    /* JADX WARN: Failed to calculate best type for var: r10v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Failed to calculate best type for var: r7v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Failed to calculate best type for var: r8v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Failed to calculate best type for var: r9v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException
     */
    /* JADX WARN: Not initialized variable reg: 10, insn: 0x00d5: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r10 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:62:0x00d5 */
    /* JADX WARN: Not initialized variable reg: 7, insn: 0x0100: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r7 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:76:0x0100 */
    /* JADX WARN: Not initialized variable reg: 8, insn: 0x0104: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r8 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:78:0x0104 */
    /* JADX WARN: Not initialized variable reg: 9, insn: 0x00d0: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r9 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:60:0x00d0 */
    /* JADX WARN: Type inference failed for: r10v0, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r7v0, types: [java.io.Reader] */
    /* JADX WARN: Type inference failed for: r8v0, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r9v0, types: [org.bouncycastle.openssl.PEMParser] */
    @Override // com.atlassian.bitbucket.internal.mirroring.mirror.ssh.SshKeyStore
    @Nonnull
    public Optional<KeyPair> getKeyPair(@Nonnull String str) {
        ?? r9;
        ?? r10;
        try {
            try {
                BufferedReader newBufferedReader = Files.newBufferedReader(getPrivateKeyFile(str));
                Throwable th = null;
                try {
                    PEMParser pEMParser = new PEMParser(newBufferedReader);
                    Throwable th2 = null;
                    Object readObject = pEMParser.readObject();
                    if (readObject instanceof PEMKeyPair) {
                        Optional<KeyPair> of = Optional.of(this.jcaPEMKeyConverter.getKeyPair((PEMKeyPair) readObject));
                        if (pEMParser != null) {
                            if (0 != 0) {
                                try {
                                    pEMParser.close();
                                } catch (Throwable th3) {
                                    th2.addSuppressed(th3);
                                }
                            } else {
                                pEMParser.close();
                            }
                        }
                        if (newBufferedReader != null) {
                            if (0 != 0) {
                                try {
                                    newBufferedReader.close();
                                } catch (Throwable th4) {
                                    th.addSuppressed(th4);
                                }
                            } else {
                                newBufferedReader.close();
                            }
                        }
                        return of;
                    }
                    Optional<KeyPair> empty = Optional.empty();
                    if (pEMParser != null) {
                        if (0 != 0) {
                            try {
                                pEMParser.close();
                            } catch (Throwable th5) {
                                th2.addSuppressed(th5);
                            }
                        } else {
                            pEMParser.close();
                        }
                    }
                    if (newBufferedReader != null) {
                        if (0 != 0) {
                            try {
                                newBufferedReader.close();
                            } catch (Throwable th6) {
                                th.addSuppressed(th6);
                            }
                        } else {
                            newBufferedReader.close();
                        }
                    }
                    return empty;
                } catch (Throwable th7) {
                    if (r9 != 0) {
                        if (r10 != 0) {
                            try {
                                r9.close();
                            } catch (Throwable th8) {
                                r10.addSuppressed(th8);
                            }
                        } else {
                            r9.close();
                        }
                    }
                    throw th7;
                }
            } catch (IOException e) {
                log.warn("Error loading key file {}", str, e);
                return Optional.empty();
            }
            log.warn("Error loading key file {}", str, e);
            return Optional.empty();
        } finally {
        }
    }

    @Override // com.atlassian.bitbucket.internal.mirroring.mirror.ssh.SshKeyStore
    @Nonnull
    public Optional<Path> getPrivateKey(@Nonnull String str) {
        return Optional.of(getPrivateKeyFile(sanitizeKeyId(str))).filter(path -> {
            return Files.exists(path, new LinkOption[0]);
        });
    }

    private Path getKeyDir() {
        return this.storageService.getConfigDir().resolve(PublicKeyEntry.STD_KEYFILE_FOLDER_NAME);
    }

    private Path getPrivateKeyFile(@Nonnull String str) {
        return getKeyDir().resolve(str);
    }

    private Path maybeCreateKey(Path path, String str) throws IOException {
        Path resolve = path.resolve(str);
        if (!Files.exists(resolve, new LinkOption[0])) {
            Files.createFile(resolve, new FileAttribute[0]);
            if (log.isDebugEnabled()) {
                log.debug("Created {}: [read={}, write={}, execute={}]", resolve, Boolean.valueOf(Files.isReadable(resolve)), Boolean.valueOf(Files.isWritable(resolve)), Boolean.valueOf(Files.isExecutable(resolve)));
            }
        } else if (log.isTraceEnabled()) {
            log.trace("{} already exists: [read={}, write={}, execute={}]", resolve, Boolean.valueOf(Files.isReadable(resolve)), Boolean.valueOf(Files.isWritable(resolve)), Boolean.valueOf(Files.isExecutable(resolve)));
        }
        return resolve;
    }

    private Path maybeCreateKeyDir() throws IOException {
        Path keyDir = getKeyDir();
        if (!Files.exists(keyDir, new LinkOption[0])) {
            Files.createDirectories(keyDir, new FileAttribute[0]);
            SshUtils.secureSshResourceForOwner(keyDir);
            if (log.isDebugEnabled()) {
                log.debug("Created {}: [read={}, write={}, execute={}]", keyDir, Boolean.valueOf(Files.isReadable(keyDir)), Boolean.valueOf(Files.isWritable(keyDir)), Boolean.valueOf(Files.isExecutable(keyDir)));
            }
        } else if (log.isTraceEnabled()) {
            log.trace("{} already exists: [read={}, write={}, execute={}]", keyDir, Boolean.valueOf(Files.isReadable(keyDir)), Boolean.valueOf(Files.isWritable(keyDir)), Boolean.valueOf(Files.isExecutable(keyDir)));
        }
        return keyDir;
    }

    private String sanitizeKeyId(String str) {
        return str.replaceAll("(\\.\\.)|[\\\\/]", "_");
    }

    private Path savePrivateKey(@Nonnull String str, @Nonnull PrivateKey privateKey) {
        Objects.requireNonNull(privateKey, "privateKey");
        Objects.requireNonNull(str, "keyId");
        try {
            Path maybeCreateKey = maybeCreateKey(maybeCreateKeyDir(), str);
            this.privateKeyPemHelper.write(privateKey, maybeCreateKey);
            SshUtils.secureSshResourceForOwner(maybeCreateKey);
            return maybeCreateKey;
        } catch (KeyCodecException | IOException e) {
            throw new MirrorKeyStorageException(this.i18nService.createKeyedMessage("bitbucket.mirroring.upstream.store.ssh.error", str, e), e);
        }
    }
}
