package brooklyn.location.basic;

import brooklyn.config.ConfigKey;
import brooklyn.entity.basic.ConfigKeys;
import brooklyn.event.basic.SubElementConfigKey;
import brooklyn.internal.BrooklynFeatureEnablement;
import brooklyn.location.cloud.CloudLocationConfig;
import brooklyn.management.ManagementContext;
import brooklyn.util.JavaGroovyEquivalents;
import brooklyn.util.ResourceUtils;
import brooklyn.util.collections.MutableMap;
import brooklyn.util.collections.MutableSet;
import brooklyn.util.config.ConfigBag;
import brooklyn.util.crypto.AuthorizedKeysParser;
import brooklyn.util.crypto.SecureKeys;
import brooklyn.util.exceptions.Exceptions;
import brooklyn.util.os.Os;
import brooklyn.util.text.StringFunctions;
import brooklyn.util.text.Strings;
import com.google.common.annotations.Beta;
import com.google.common.base.Objects;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Iterables;
import com.google.common.collect.Lists;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.security.KeyPair;
import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:brooklyn/location/basic/LocationConfigUtils.class */
public class LocationConfigUtils {
    private static final Logger log = LoggerFactory.getLogger(LocationConfigUtils.class);

    @Beta
    /* loaded from: input_file:brooklyn/location/basic/LocationConfigUtils$OsCredential.class */
    public static class OsCredential {
        private final ConfigBag config;
        private String privateKeyData;
        private String publicKeyData;
        private String password;
        private boolean preferPassword = false;
        private boolean tryDefaultKeys = true;
        private boolean requirePublicKey = true;
        private boolean doKeyValidation = BrooklynFeatureEnablement.isEnabled(BrooklynFeatureEnablement.FEATURE_VALIDATE_LOCATION_SSH_KEYS);
        private boolean warnOnErrors = true;
        private boolean throwOnErrors = false;
        private boolean dirty = true;
        Set<String> warningMessages = MutableSet.of();

        private OsCredential(ConfigBag configBag) {
            this.config = configBag;
        }

        public OsCredential checkNotEmpty() {
            checkNoErrors();
            if (hasKey() || hasPassword()) {
                return this;
            }
            if (this.warningMessages.size() > 0) {
                throw new IllegalStateException("Could not find credentials: " + this.warningMessages);
            }
            throw new IllegalStateException("Could not find credentials");
        }

        public OsCredential checkNoErrors() {
            throwOnErrors(true);
            dirty();
            infer();
            return this;
        }

        public OsCredential logAnyWarnings() {
            if (!this.warningMessages.isEmpty()) {
                LocationConfigUtils.log.warn("When reading credentials: " + this.warningMessages);
            }
            return this;
        }

        public Set<String> getWarningMessages() {
            return this.warningMessages;
        }

        public synchronized String getPreferredCredential() {
            infer();
            if (isUsingPassword()) {
                return this.password;
            }
            if (hasKey()) {
                return this.privateKeyData;
            }
            return null;
        }

        public boolean isEmpty() {
            return (hasKey() || hasPassword()) ? false : true;
        }

        public boolean hasKey() {
            infer();
            return Strings.isNonBlank(this.privateKeyData);
        }

        public boolean hasPassword() {
            infer();
            return this.password != null;
        }

        public boolean isUsingPassword() {
            return hasPassword() && (!hasKey() || this.preferPassword);
        }

        public String getPrivateKeyData() {
            infer();
            return this.privateKeyData;
        }

        public String getPublicKeyData() {
            infer();
            return this.publicKeyData;
        }

        public String getPassword() {
            infer();
            return this.password;
        }

        public OsCredential preferKey() {
            this.preferPassword = false;
            return dirty();
        }

        public OsCredential preferPassword() {
            this.preferPassword = true;
            return dirty();
        }

        public OsCredential requirePublicKey(boolean z) {
            this.requirePublicKey = z;
            return dirty();
        }

        public OsCredential doKeyValidation(boolean z) {
            this.doKeyValidation = z;
            return dirty();
        }

        public OsCredential useDefaultKeys(boolean z) {
            this.tryDefaultKeys = z;
            return dirty();
        }

        public OsCredential warnOnErrors(boolean z) {
            this.warnOnErrors = z;
            return dirty();
        }

        public OsCredential throwOnErrors(boolean z) {
            this.throwOnErrors = z;
            return dirty();
        }

        private OsCredential dirty() {
            this.dirty = true;
            return this;
        }

        public static OsCredential newInstance(ConfigBag configBag) {
            return new OsCredential(configBag);
        }

        private synchronized void infer() {
            if (this.dirty) {
                this.warningMessages.clear();
                LocationConfigUtils.log.debug("Inferring OS credentials");
                this.privateKeyData = (String) this.config.get(LocationConfigKeys.PRIVATE_KEY_DATA);
                this.password = (String) this.config.get(LocationConfigKeys.PASSWORD);
                this.publicKeyData = LocationConfigUtils.getKeyDataFromDataKeyOrFileKey(this.config, LocationConfigKeys.PUBLIC_KEY_DATA, LocationConfigKeys.PUBLIC_KEY_FILE);
                KeyPair keyPair = null;
                if (Strings.isBlank(this.privateKeyData)) {
                    String str = null;
                    boolean containsKey = this.config.containsKey(LocationConfigKeys.PRIVATE_KEY_FILE);
                    if (containsKey || (this.tryDefaultKeys && this.password == null)) {
                        str = (String) this.config.get(LocationConfigKeys.PRIVATE_KEY_FILE);
                    }
                    if (Strings.isNonBlank(str)) {
                        Iterator it = Arrays.asList(str.split(File.pathSeparator)).iterator();
                        while (true) {
                            if (!it.hasNext()) {
                                break;
                            }
                            String str2 = (String) it.next();
                            if (Strings.isNonBlank(str2)) {
                                if (str2 != null) {
                                    try {
                                        this.privateKeyData = ResourceUtils.create().getResourceAsString(str2);
                                    } catch (Exception e) {
                                        Exceptions.propagateIfFatal(e);
                                        String str3 = "Missing/invalid private key file " + str2;
                                        if (containsKey) {
                                            addWarning(str3, (!it.hasNext() ? "no more files to try" : "trying next file") + ": " + e);
                                        }
                                    }
                                }
                                keyPair = getValidatedPrivateKey(str2);
                                if (this.privateKeyData != null) {
                                    if (!Strings.isNonBlank(this.publicKeyData)) {
                                        String str4 = str2 != null ? str2 + ".pub" : "(data)";
                                        try {
                                            this.publicKeyData = ResourceUtils.create().getResourceAsString(str4);
                                            LocationConfigUtils.log.debug("Loaded private key data from " + str2 + " and public key data from " + str4);
                                            break;
                                        } catch (Exception e2) {
                                            Exceptions.propagateIfFatal(e2);
                                            LocationConfigUtils.log.debug("No public key file " + str4 + "; will try extracting from private key");
                                            this.publicKeyData = AuthorizedKeysParser.encodePublicKey(keyPair.getPublic());
                                            if (this.publicKeyData != null) {
                                                LocationConfigUtils.log.debug("Loaded private key data from " + str2 + " (public key data extracted)");
                                                break;
                                            } else if (!this.requirePublicKey) {
                                                LocationConfigUtils.log.debug("Loaded private key data from " + str2 + " (public key data not found but not required)");
                                                break;
                                            } else {
                                                addWarning("Unable to find or extract public key for " + str2, "skipping");
                                                this.privateKeyData = null;
                                            }
                                        }
                                    } else {
                                        LocationConfigUtils.log.debug("Loaded private key data from " + str2 + " (public key data explicitly set)");
                                        break;
                                    }
                                }
                            }
                        }
                        if (containsKey && Strings.isBlank(this.privateKeyData)) {
                            error("No valid private keys found", "" + this.warningMessages);
                        }
                    }
                } else {
                    keyPair = getValidatedPrivateKey("(data)");
                }
                if (this.privateKeyData != null) {
                    if (this.requirePublicKey && Strings.isBlank(this.publicKeyData)) {
                        if (keyPair != null) {
                            this.publicKeyData = AuthorizedKeysParser.encodePublicKey(keyPair.getPublic());
                        }
                        if (Strings.isBlank(this.publicKeyData)) {
                            error("If explicit " + LocationConfigKeys.PRIVATE_KEY_DATA.getName() + " is supplied, then the corresponding " + LocationConfigKeys.PUBLIC_KEY_DATA.getName() + " must also be supplied.", null);
                        } else {
                            LocationConfigUtils.log.debug("Public key data extracted");
                        }
                    }
                    if (this.doKeyValidation && keyPair != null && keyPair.getPublic() != null && Strings.isNonBlank(this.publicKeyData)) {
                        PublicKey publicKey = null;
                        try {
                            publicKey = AuthorizedKeysParser.decodePublicKey(this.publicKeyData);
                        } catch (Exception e3) {
                            Exceptions.propagateIfFatal(e3);
                            addWarning("Invalid public key: " + publicKey);
                        }
                        if (publicKey != null && !keyPair.getPublic().equals(publicKey)) {
                            error("Public key inferred from does not match public key extracted from private key", null);
                        }
                    }
                }
                LocationConfigUtils.log.debug("OS credential inference: " + this);
                this.dirty = false;
            }
        }

        private KeyPair getValidatedPrivateKey(String str) {
            KeyPair keyPair = null;
            String str2 = (String) this.config.get(CloudLocationConfig.PRIVATE_KEY_PASSPHRASE);
            try {
                keyPair = SecureKeys.readPem(new ByteArrayInputStream(this.privateKeyData.getBytes()), str2);
                if (str2 != null) {
                    this.privateKeyData = SecureKeys.toPem(keyPair);
                }
            } catch (SecureKeys.PassphraseProblem e) {
                if (this.doKeyValidation) {
                    LocationConfigUtils.log.debug("Encountered error handling key " + str + ": " + e, e);
                    if (Strings.isBlank(str2)) {
                        addWarning("Passphrase required for key '" + str + "'");
                    } else {
                        addWarning("Invalid passphrase for key '" + str + "'");
                    }
                    this.privateKeyData = null;
                }
            } catch (Exception e2) {
                Exceptions.propagateIfFatal(e2);
                if (this.doKeyValidation) {
                    addWarning("Unable to parse private key from '" + str + "': unknown format");
                    this.privateKeyData = null;
                }
            }
            return keyPair;
        }

        private void error(String str, String str2) {
            addWarning(str);
            if (this.warnOnErrors) {
                LocationConfigUtils.log.warn(str + (str2 == null ? "" : ": " + str2));
            }
            if (this.throwOnErrors) {
                throw new IllegalStateException(str + (str2 == null ? "" : "; " + str2));
            }
        }

        private void addWarning(String str) {
            addWarning(str, null);
        }

        private void addWarning(String str, String str2) {
            LocationConfigUtils.log.debug(str + (str2 == null ? "" : "; " + str2));
            this.warningMessages.add(str);
        }

        public String toString() {
            return getClass().getSimpleName() + "[" + (Strings.isNonBlank(this.publicKeyData) ? this.publicKeyData : "no-public-key") + ";" + (Strings.isNonBlank(this.privateKeyData) ? "private-key-present" : "no-private-key") + "," + (this.password != null ? "password(len=" + this.password.length() + ")" : "no-password") + "]";
        }
    }

    public static OsCredential getOsCredential(ConfigBag configBag) {
        return OsCredential.newInstance(configBag);
    }

    @Deprecated
    public static String getPrivateKeyData(ConfigBag configBag) {
        return getKeyData(configBag, LocationConfigKeys.PRIVATE_KEY_DATA, LocationConfigKeys.PRIVATE_KEY_FILE);
    }

    @Deprecated
    public static String getPublicKeyData(ConfigBag configBag) {
        String keyData = getKeyData(configBag, LocationConfigKeys.PUBLIC_KEY_DATA, LocationConfigKeys.PUBLIC_KEY_FILE);
        if (JavaGroovyEquivalents.groovyTruth(keyData)) {
            return keyData;
        }
        String str = (String) configBag.get(LocationConfigKeys.PRIVATE_KEY_FILE);
        if (!JavaGroovyEquivalents.groovyTruth(str)) {
            return null;
        }
        List<String> tidyFilePaths = tidyFilePaths(ImmutableList.copyOf(Iterables.transform(Arrays.asList(str.split(File.pathSeparator)), StringFunctions.append(".pub"))));
        String fileContents = getFileContents(tidyFilePaths);
        if (!JavaGroovyEquivalents.groovyTruth(fileContents)) {
            log.info("Not able to load " + LocationConfigKeys.PUBLIC_KEY_DATA.getName() + " from inferred files, based on " + LocationConfigKeys.PRIVATE_KEY_FILE.getName() + ": tried " + tidyFilePaths + " for " + configBag.getDescription());
            return null;
        }
        if (log.isDebugEnabled()) {
            log.debug("Loaded " + LocationConfigKeys.PUBLIC_KEY_DATA.getName() + " from inferred files, based on " + LocationConfigKeys.PRIVATE_KEY_FILE.getName() + ": used " + tidyFilePaths + " for " + configBag.getDescription());
        }
        configBag.put(LocationConfigKeys.PUBLIC_KEY_DATA, fileContents);
        return fileContents;
    }

    @Deprecated
    public static String getKeyData(ConfigBag configBag, ConfigKey<String> configKey, ConfigKey<String> configKey2) {
        return getKeyDataFromDataKeyOrFileKey(configBag, configKey, configKey2);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String getKeyDataFromDataKeyOrFileKey(ConfigBag configBag, ConfigKey<String> configKey, ConfigKey<String> configKey2) {
        boolean isUnused = configBag.isUnused(configKey);
        String str = (String) configBag.get(configKey);
        if (JavaGroovyEquivalents.groovyTruth(str) && !isUnused) {
            return str;
        }
        String str2 = (String) configBag.get(configKey2);
        if (JavaGroovyEquivalents.groovyTruth(str2)) {
            List asList = Arrays.asList(str2.split(File.pathSeparator));
            List<String> tidyFilePaths = tidyFilePaths(asList);
            String fileContents = getFileContents(tidyFilePaths);
            if (fileContents == null) {
                log.warn("Invalid file" + (asList.size() > 1 ? "s" : "") + " for " + configKey2 + " (given " + asList + (asList.equals(tidyFilePaths) ? "" : "; converted to " + tidyFilePaths) + ") may fail provisioning " + configBag.getDescription());
            } else if (!JavaGroovyEquivalents.groovyTruth(str)) {
                str = fileContents;
                configBag.put(configKey, str);
                configBag.get(configKey);
            } else if (!fileContents.trim().equals(str.trim())) {
                log.warn(configKey.getName() + " and " + configKey2.getName() + " both specified; preferring the former");
            }
        }
        return str;
    }

    private static String getFileContents(Iterable<String> iterable) {
        Iterator<String> it = iterable.iterator();
        while (it.hasNext()) {
            String next = it.next();
            if (JavaGroovyEquivalents.groovyTruth(next)) {
                try {
                    String resourceAsString = ResourceUtils.create().getResourceAsString(next);
                    if (resourceAsString != null) {
                        return resourceAsString;
                    }
                    log.debug("Invalid file " + next + " ; " + (!it.hasNext() ? "no more files to try" : "trying next file") + " (null)");
                } catch (Exception e) {
                    Exceptions.propagateIfFatal(e);
                    log.debug("Invalid file " + next + " ; " + (!it.hasNext() ? "no more files to try" : "trying next file"), e);
                }
            }
        }
        return null;
    }

    private static List<String> tidyFilePaths(Iterable<String> iterable) {
        ArrayList newArrayList = Lists.newArrayList();
        Iterator<String> it = iterable.iterator();
        while (it.hasNext()) {
            newArrayList.add(Os.tidyPath(it.next()));
        }
        return newArrayList;
    }

    @Deprecated
    public static <T> T getConfigCheckingDeprecatedAlternatives(ConfigBag configBag, ConfigKey<T> configKey, ConfigKey<?>... configKeyArr) {
        T t = (T) configBag.getWithDeprecation((ConfigKey<?>) configKey, configKeyArr);
        T t2 = (T) getConfigCheckingDeprecatedAlternativesInternal(configBag, configKey, configKeyArr);
        if (Objects.equal(t, t2)) {
            return t;
        }
        log.warn("Deprecated getConfig with deprecated keys " + Arrays.toString(configKeyArr) + " gets different value with new strategy " + configKey + " (" + t + ") and old (" + t2 + "); preferring old value for now, but this behaviour will change");
        return t2;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private static <T> T getConfigCheckingDeprecatedAlternativesInternal(ConfigBag configBag, ConfigKey<T> configKey, ConfigKey<?>... configKeyArr) {
        Object obj = null;
        T t = null;
        boolean z = false;
        if (configBag.containsKey((ConfigKey<?>) configKey)) {
            t = configBag.get(configKey);
            z = true;
            obj = configKey;
        }
        for (SubElementConfigKey subElementConfigKey : configKeyArr) {
            if (configBag.containsKey(subElementConfigKey)) {
                Object obj2 = configBag.get(subElementConfigKey);
                if (1 != 0) {
                    if (!z) {
                        log.warn("Detected deprecated key " + subElementConfigKey + " with value " + obj2 + " used instead of recommended " + configKey + "; promoting to preferred key status; will not be supported in future versions");
                        configBag.put(configKey, obj2);
                        configBag.remove(subElementConfigKey);
                        t = obj2;
                        z = true;
                        obj = subElementConfigKey;
                    } else if (!Objects.equal(t, obj2)) {
                        log.warn("Detected deprecated key " + subElementConfigKey + " with value " + obj2 + " used in addition to " + obj + " with value " + t + " for " + configBag.getDescription() + "; ignoring");
                        configBag.remove(subElementConfigKey);
                    }
                }
            }
        }
        return z ? t : (T) configBag.get(configKey);
    }

    public static Map<ConfigKey<String>, String> finalAndOriginalSpecs(String str, Object... objArr) {
        MutableMap of = MutableMap.of();
        if (str != null) {
            of.put(LocationInternal.FINAL_SPEC, str);
        }
        String str2 = null;
        for (Object obj : objArr) {
            if (obj instanceof CharSequence) {
                str2 = obj.toString();
            } else if (obj instanceof Map) {
                if (str2 == null) {
                    str2 = Strings.toString(((Map) obj).get(LocationInternal.ORIGINAL_SPEC));
                }
                if (str2 == null) {
                    str2 = Strings.toString(((Map) obj).get(LocationInternal.ORIGINAL_SPEC.getName()));
                }
            }
            if (str2 != null) {
                break;
            }
        }
        if (str2 == null) {
            str2 = str;
        }
        if (str2 != null) {
            of.put(LocationInternal.ORIGINAL_SPEC, str2);
        }
        return of;
    }

    public static boolean isEnabled(ManagementContext managementContext, String str) {
        Boolean bool = (Boolean) managementContext.getConfig().getConfig(ConfigKeys.newConfigKeyWithPrefix(str + ".", LocationConfigKeys.ENABLED));
        if (bool != null) {
            return bool.booleanValue();
        }
        return true;
    }
}
