package com.atlassian.bamboo.crypto;

import com.atlassian.bamboo.util.SecureTemporaryFiles;
import com.google.common.base.Preconditions;
import com.google.common.collect.Iterables;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.util.function.Supplier;
import org.apache.commons.io.FileUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.sshd.common.config.keys.writer.openssh.OpenSSHKeyEncryptionContext;
import org.apache.sshd.common.config.keys.writer.openssh.OpenSSHKeyPairResourceWriter;
import org.apache.sshd.common.keyprovider.AbstractResourceKeyPairProvider;
import org.apache.sshd.common.keyprovider.FileKeyPairProvider;
import org.apache.sshd.common.session.SessionContext;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:com/atlassian/bamboo/crypto/SshKeyUtils.class */
public class SshKeyUtils {
    private static final Logger log = LogManager.getLogger(SshKeyUtils.class);
    private static final String LOG_MSG_WRITE_TEMP_FILE = "Content written to temporary file: {}";

    private SshKeyUtils() {
    }

    public static KeyPair loadKeyFromFile(@NotNull String str, @Nullable String str2) {
        return loadKeyUsingProvider(str2, new FileKeyPairProvider(new File(str).toPath()), () -> {
            return "Unable to load key from file [" + str + "]";
        });
    }

    public static KeyPair loadKeyFromString(String str, @Nullable String str2) {
        return loadKeyUsingProvider(str2, new StringKeyPairProvider(normalizeEolStyle(str)), () -> {
            return "Cannot read keypair";
        });
    }

    @NotNull
    private static KeyPair loadKeyUsingProvider(@Nullable String str, @NotNull AbstractResourceKeyPairProvider<?> abstractResourceKeyPairProvider, Supplier<String> supplier) {
        abstractResourceKeyPairProvider.setPasswordFinder(new PlainTextPasswordFinder(str));
        try {
            Iterable loadKeys = abstractResourceKeyPairProvider.loadKeys((SessionContext) null);
            Preconditions.checkArgument(!Iterables.isEmpty(loadKeys), "The supplied key is not in a supported format or needs a passphrase to be decrypted");
            return (KeyPair) Iterables.getOnlyElement(loadKeys);
        } catch (Exception e) {
            String str2 = supplier.get() + ", passphrase " + (StringUtils.isEmpty(str) ? "wasn't set" : "was used");
            log.error("{} : {}", str2, e);
            throw new IllegalArgumentException(str2, e);
        }
    }

    @NotNull
    public static Path decodeKeyAndWriteToTempFile(@NotNull String str, @Nullable String str2) throws IOException, GeneralSecurityException {
        File create = SecureTemporaryFiles.create(SecureTemporaryFiles.builder().setPrefix("pkey").setSuffix(".tmp").useShortDirectoryName().failWhenPermissionsNotSet().build());
        if (StringUtils.isBlank(str2)) {
            log.debug("Passphrase is empty: no decoding");
            writeAndNormalize(create, str);
            log.debug(LOG_MSG_WRITE_TEMP_FILE, create.toPath());
            return create.toPath();
        }
        if (!str.contains("BEGIN OPENSSH PRIVATE KEY")) {
            log.debug("Falling back to PEM format");
            Path decodeKeyAndWriteToFile = BouncyCastleProviderUtils.decodeKeyAndWriteToFile(create, str, str2);
            writeAndNormalize(create, FileUtils.readFileToString(create, StandardCharsets.UTF_8));
            log.debug(LOG_MSG_WRITE_TEMP_FILE, create.toPath());
            return decodeKeyAndWriteToFile;
        }
        log.debug("Detected OpenSSH v1 key");
        KeyPair loadKeyFromString = loadKeyFromString(str, str2);
        OpenSSHKeyPairResourceWriter openSSHKeyPairResourceWriter = new OpenSSHKeyPairResourceWriter();
        FileOutputStream fileOutputStream = new FileOutputStream(create);
        try {
            openSSHKeyPairResourceWriter.writePrivateKey(loadKeyFromString, "", new OpenSSHKeyEncryptionContext(), fileOutputStream);
            fileOutputStream.close();
            writeAndNormalize(create, FileUtils.readFileToString(create, StandardCharsets.UTF_8));
            log.debug(LOG_MSG_WRITE_TEMP_FILE, create.toPath());
            return create.toPath();
        } catch (Throwable th) {
            try {
                fileOutputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private static void writeAndNormalize(File file, String str) throws IOException {
        FileUtils.write(file, normalizeEolStyle(str), StandardCharsets.UTF_8);
    }

    @NotNull
    private static String normalizeEolStyle(@NotNull String str) {
        return str.replace("\r\n", "\n").replace("\r", "\n");
    }
}
