package com.atlassian.bamboo.agent.elastic.server;

import com.amazonaws.services.ec2.model.KeyPairInfo;
import com.atlassian.aws.ec2.EC2Utils;
import com.atlassian.aws.ec2.model.InstanceId;
import com.atlassian.aws.utils.CryptoUtils;
import com.atlassian.bamboo.agent.elastic.aws.AwsAccountBean;
import com.atlassian.bamboo.agent.elastic.server.ElasticFunctionalityFacade;
import com.atlassian.bamboo.fileserver.SystemDirectory;
import io.atlassian.fugue.Either;
import java.io.File;
import java.util.Optional;
import org.apache.commons.io.FileUtils;
import org.apache.log4j.Logger;
import org.bouncycastle.openssl.PEMKeyPair;
import org.jetbrains.annotations.NotNull;

/* loaded from: input_file:com/atlassian/bamboo/agent/elastic/server/Ec2PrivateKeyHandlerImpl.class */
public class Ec2PrivateKeyHandlerImpl {
    private static final Logger log = Logger.getLogger(Ec2PrivateKeyHandlerImpl.class);
    private final AwsAccountBean awsAccountBean;

    public Ec2PrivateKeyHandlerImpl(AwsAccountBean awsAccountBean) {
        this.awsAccountBean = awsAccountBean;
    }

    @NotNull
    public Either<ElasticFunctionalityFacade.Ec2PrivateKeyValidationStatus, File> getPrivateKeyLocation() {
        File unvalidatedPrivateKeyLocation = getUnvalidatedPrivateKeyLocation();
        ElasticFunctionalityFacade.Ec2PrivateKeyValidationStatus validationError = getValidationError(unvalidatedPrivateKeyLocation);
        return validationError != ElasticFunctionalityFacade.Ec2PrivateKeyValidationStatus.VALIDATION_SUCCESSFUL ? Either.left(validationError) : Either.right(unvalidatedPrivateKeyLocation);
    }

    @NotNull
    private ElasticFunctionalityFacade.Ec2PrivateKeyValidationStatus getValidationError(File file) {
        if (!file.exists()) {
            return ElasticFunctionalityFacade.Ec2PrivateKeyValidationStatus.KEYPAIR_FILE_DOES_NOT_EXIST;
        }
        if (!file.canRead()) {
            return ElasticFunctionalityFacade.Ec2PrivateKeyValidationStatus.KEYPAIR_UNREADABLE;
        }
        try {
            PEMKeyPair parsePemKeyPair = CryptoUtils.parsePemKeyPair(file);
            Either<ElasticFunctionalityFacade.Ec2PrivateKeyValidationStatus, byte[]> fingerprint = getFingerprint();
            if (fingerprint.isLeft()) {
                return (ElasticFunctionalityFacade.Ec2PrivateKeyValidationStatus) fingerprint.left().get();
            }
            try {
                return EC2Utils.isKeyMatching(parsePemKeyPair, (byte[]) fingerprint.right().get()) ? ElasticFunctionalityFacade.Ec2PrivateKeyValidationStatus.VALIDATION_SUCCESSFUL : ElasticFunctionalityFacade.Ec2PrivateKeyValidationStatus.KEYPAIR_MISMATCH;
            } catch (Exception e) {
                log.warn("", e);
                return ElasticFunctionalityFacade.Ec2PrivateKeyValidationStatus.KEYPAIR_UNABLE_TO_VALIDATE;
            }
        } catch (Exception e2) {
            log.warn("", e2);
            return ElasticFunctionalityFacade.Ec2PrivateKeyValidationStatus.KEYPAIR_CANNOT_PARSE;
        }
    }

    private Either<ElasticFunctionalityFacade.Ec2PrivateKeyValidationStatus, byte[]> getFingerprint() {
        String keyPairName = getKeyPairName();
        KeyPairInfo keyPairInfo = (KeyPairInfo) this.awsAccountBean.getAwsAccount().describeEc2KeyPairs(new String[]{keyPairName}).get(keyPairName);
        return keyPairInfo == null ? Either.left(ElasticFunctionalityFacade.Ec2PrivateKeyValidationStatus.KEYPAIR_DOES_NOT_EXIST_ON_ACCOUNT) : Either.right(EC2Utils.parseFingerprint(keyPairInfo.getKeyFingerprint()));
    }

    @NotNull
    public Either<ElasticFunctionalityFacade.Ec2PrivateKeyValidationStatus, Optional<String>> getPassword(RemoteElasticInstance remoteElasticInstance) {
        InstanceId from = InstanceId.from(remoteElasticInstance.getInstance().getInstanceId());
        Either<ElasticFunctionalityFacade.Ec2PrivateKeyValidationStatus, File> privateKeyLocation = getPrivateKeyLocation();
        if (privateKeyLocation.isLeft()) {
            return Either.left((ElasticFunctionalityFacade.Ec2PrivateKeyValidationStatus) privateKeyLocation.left().get());
        }
        return Either.right(Optional.ofNullable(this.awsAccountBean.getAwsAccount().getPassword((File) privateKeyLocation.right().get(), from)));
    }

    @NotNull
    private String getKeyPairName() {
        return ElasticInstanceManager.ELASTIC_BAMBOO_KEY_PAIR;
    }

    public File getUnvalidatedPrivateKeyLocation() {
        return FileUtils.getFile(SystemDirectory.getSharedHome(), new String[]{"configuration", ElasticInstanceManager.ELASTIC_BAMBOO_KEY_PAIR_FILE});
    }
}
