package com.spotify.sshagenttls;

import com.google.common.collect.ImmutableSet;
import com.google.common.io.BaseEncoding;
import com.spotify.sshagentproxy.Identity;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.channels.SeekableByteChannel;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.StandardOpenOption;
import java.nio.file.attribute.FileAttribute;
import java.nio.file.attribute.PosixFilePermission;
import java.nio.file.attribute.PosixFilePermissions;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/spotify/sshagenttls/X509CachingCertKeyCreator.class */
public class X509CachingCertKeyCreator implements CertKeyCreator {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) X509CachingCertKeyCreator.class);
    private static final BaseEncoding HEX_ENCODING = BaseEncoding.base16().lowerCase();
    private final X509CertKeyCreator delegate;
    private final Path cacheDirectory;
    private final Identity identity;

    private X509CachingCertKeyCreator(X509CertKeyCreator x509CertKeyCreator, Path path, Identity identity) {
        this.delegate = x509CertKeyCreator;
        this.cacheDirectory = path;
        this.identity = identity;
    }

    public static X509CachingCertKeyCreator create(X509CertKeyCreator x509CertKeyCreator, Path path, Identity identity) {
        return new X509CachingCertKeyCreator(x509CertKeyCreator, path, identity);
    }

    @Override // com.spotify.sshagenttls.CertKeyCreator
    public CertKey createCertKey(String str, X500Principal x500Principal) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
            messageDigest.update(this.identity.getKeyBlob());
            messageDigest.update(str.getBytes());
            messageDigest.update(x500Principal.getEncoded());
            String substring = HEX_ENCODING.encode(messageDigest.digest()).substring(0, 8);
            Path resolve = this.cacheDirectory.resolve(substring + ".crt");
            Path resolve2 = this.cacheDirectory.resolve(substring + ".pem");
            boolean z = false;
            CertKey certKey = null;
            try {
                if (Files.exists(resolve, new LinkOption[0]) && Files.exists(resolve2, new LinkOption[0])) {
                    certKey = CertKey.fromPaths(resolve, resolve2);
                }
            } catch (IOException | GeneralSecurityException e) {
                LOG.debug("error reading cached cert and key fromPaths {} for identity={}", this.cacheDirectory, this.identity.getComment(), e);
            }
            if (certKey != null && (certKey.cert() instanceof X509Certificate)) {
                X509Certificate x509Certificate = (X509Certificate) certKey.cert();
                Date date = new Date();
                if (date.after(x509Certificate.getNotBefore()) && date.before(x509Certificate.getNotAfter())) {
                    z = true;
                }
            }
            if (z) {
                LOG.debug("using existing cert for {} fromPaths {}", str, resolve);
                return certKey;
            }
            CertKey createCertKey = this.delegate.createCertKey(str, x500Principal);
            saveToCache(this.cacheDirectory, resolve, resolve2, createCertKey);
            return createCertKey;
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException(e2);
        }
    }

    private static void saveToCache(Path path, Path path2, Path path3, CertKey certKey) {
        try {
            Files.createDirectories(path, new FileAttribute[0]);
            String asPemString = Utils.asPemString(certKey.cert());
            String asPemString2 = Utils.asPemString(certKey.key());
            ImmutableSet of = ImmutableSet.of(StandardOpenOption.CREATE, StandardOpenOption.WRITE);
            FileAttribute<Set<PosixFilePermission>> asFileAttribute = PosixFilePermissions.asFileAttribute(ImmutableSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE));
            SeekableByteChannel newByteChannel = Files.newByteChannel(path2, of, asFileAttribute);
            Throwable th = null;
            try {
                try {
                    newByteChannel.write(ByteBuffer.wrap(asPemString.getBytes()));
                    if (newByteChannel != null) {
                        if (0 != 0) {
                            try {
                                newByteChannel.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            newByteChannel.close();
                        }
                    }
                    SeekableByteChannel newByteChannel2 = Files.newByteChannel(path3, of, asFileAttribute);
                    Throwable th3 = null;
                    try {
                        newByteChannel2.write(ByteBuffer.wrap(asPemString2.getBytes()));
                        if (newByteChannel2 != null) {
                            if (0 != 0) {
                                try {
                                    newByteChannel2.close();
                                } catch (Throwable th4) {
                                    th3.addSuppressed(th4);
                                }
                            } else {
                                newByteChannel2.close();
                            }
                        }
                        LOG.debug("cached generated cert to {}", path2);
                    } finally {
                    }
                } catch (Throwable th5) {
                    th = th5;
                    throw th5;
                }
            } finally {
            }
        } catch (IOException e) {
            LOG.warn("error caching generated cert", (Throwable) e);
        }
    }
}
