package org.jclouds.packet.compute.strategy;

import com.google.common.base.Preconditions;
import com.google.common.base.Predicate;
import com.google.common.base.Splitter;
import com.google.common.base.Strings;
import com.google.common.base.Throwables;
import com.google.common.collect.Iterables;
import com.google.common.collect.Multimap;
import com.google.common.collect.Sets;
import com.google.common.util.concurrent.FutureCallback;
import com.google.common.util.concurrent.Futures;
import com.google.common.util.concurrent.ListenableFuture;
import com.google.common.util.concurrent.ListeningExecutorService;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.annotation.Resource;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;
import org.jclouds.compute.config.CustomizationResponse;
import org.jclouds.compute.domain.NodeMetadata;
import org.jclouds.compute.domain.Template;
import org.jclouds.compute.functions.GroupNamingConvention;
import org.jclouds.compute.reference.ComputeServiceConstants;
import org.jclouds.compute.strategy.CreateNodeWithGroupEncodedIntoName;
import org.jclouds.compute.strategy.CustomizeNodeAndAddToGoodMapOrPutExceptionIntoBadMap;
import org.jclouds.compute.strategy.ListNodesStrategy;
import org.jclouds.compute.strategy.impl.CreateNodesWithGroupEncodedIntoNameThenAddToSet;
import org.jclouds.digitalocean2.domain.options.ImageListOptions;
import org.jclouds.logging.Logger;
import org.jclouds.packet.PacketApi;
import org.jclouds.packet.compute.options.PacketTemplateOptions;
import org.jclouds.packet.domain.SshKey;
import org.jclouds.ssh.SshKeyPairGenerator;
import org.jclouds.ssh.SshKeys;

@Singleton
/* loaded from: input_file:org/jclouds/packet/compute/strategy/CreateSshKeysThenCreateNodes.class */
public class CreateSshKeysThenCreateNodes extends CreateNodesWithGroupEncodedIntoNameThenAddToSet {

    @Resource
    @Named(ComputeServiceConstants.COMPUTE_LOGGER)
    protected Logger logger;
    private final PacketApi api;
    private final SshKeyPairGenerator keyGenerator;

    @Inject
    protected CreateSshKeysThenCreateNodes(CreateNodeWithGroupEncodedIntoName createNodeWithGroupEncodedIntoName, ListNodesStrategy listNodesStrategy, GroupNamingConvention.Factory factory, @Named("jclouds.user-threads") ListeningExecutorService listeningExecutorService, CustomizeNodeAndAddToGoodMapOrPutExceptionIntoBadMap.Factory factory2, PacketApi packetApi, SshKeyPairGenerator sshKeyPairGenerator) {
        super(createNodeWithGroupEncodedIntoName, listNodesStrategy, factory, listeningExecutorService, factory2);
        this.logger = Logger.NULL;
        this.api = packetApi;
        this.keyGenerator = sshKeyPairGenerator;
    }

    @Override // org.jclouds.compute.strategy.impl.CreateNodesWithGroupEncodedIntoNameThenAddToSet, org.jclouds.compute.strategy.CreateNodesInGroupThenAddToSet
    public Map<?, ListenableFuture<Void>> execute(String str, int i, Template template, Set<NodeMetadata> set, Map<NodeMetadata, Exception> map, Multimap<NodeMetadata, CustomizationResponse> multimap) {
        PacketTemplateOptions packetTemplateOptions = (PacketTemplateOptions) template.getOptions().as(PacketTemplateOptions.class);
        HashSet newHashSet = Sets.newHashSet();
        if (Strings.isNullOrEmpty(packetTemplateOptions.getPublicKey())) {
            generateKeyPairAndAddKeyToSet(packetTemplateOptions, newHashSet, str);
        }
        if (packetTemplateOptions.getRunScript() != null && Strings.isNullOrEmpty(packetTemplateOptions.getLoginPrivateKey())) {
            this.logger.warn(">> A runScript has been configured but no SSH key has been provided. Authentication will delegate to the ssh-agent", new Object[0]);
        }
        if (!Strings.isNullOrEmpty(packetTemplateOptions.getPublicKey())) {
            createKeyPairForPublicKeyInOptionsAndAddToSet(packetTemplateOptions, newHashSet);
        }
        Map<?, ListenableFuture<Void>> execute = super.execute(str, i, template, set, map, multimap);
        registerAutoGeneratedKeyPairCleanupCallbacks(execute, newHashSet);
        return execute;
    }

    private void createKeyPairForPublicKeyInOptionsAndAddToSet(PacketTemplateOptions packetTemplateOptions, Set<String> set) {
        this.logger.debug(">> checking if the key pair already exists...", new Object[0]);
        final String computeFingerprint = computeFingerprint(readPublicKey(packetTemplateOptions.getPublicKey()));
        synchronized (CreateSshKeysThenCreateNodes.class) {
            if (this.api.sshKeyApi().list().concat().anyMatch(new Predicate<SshKey>() { // from class: org.jclouds.packet.compute.strategy.CreateSshKeysThenCreateNodes.1
                @Override // com.google.common.base.Predicate
                public boolean apply(SshKey sshKey) {
                    return sshKey.fingerprint().equals(computeFingerprint);
                }
            })) {
                this.logger.debug(">> key pair found for key %s", computeFingerprint);
            } else {
                this.logger.debug(">> key pair not found. creating a new key pair %s ...", computeFingerprint);
                SshKey create = this.api.sshKeyApi().create(computeFingerprint, packetTemplateOptions.getPublicKey());
                this.logger.debug(">> key pair created! %s", create);
                set.add(create.id());
            }
        }
    }

    private static PublicKey readPublicKey(String str) {
        Iterable<String> split = Splitter.on(' ').split(str);
        Preconditions.checkArgument(Iterables.size(split) >= 2, "bad format, should be: ssh-rsa AAAAB3...");
        try {
            if ("ssh-rsa".equals((String) Iterables.get(split, 0))) {
                return KeyFactory.getInstance("RSA").generatePublic(SshKeys.publicKeySpecFromOpenSSH(str));
            }
            throw new IllegalArgumentException("bad format, ssh-rsa is only supported");
        } catch (NoSuchAlgorithmException e) {
            throw Throwables.propagate(e);
        } catch (InvalidKeySpecException e2) {
            throw Throwables.propagate(e2);
        }
    }

    private void generateKeyPairAndAddKeyToSet(PacketTemplateOptions packetTemplateOptions, Set<String> set, String str) {
        this.logger.debug(">> creating default keypair for node...", new Object[0]);
        Map<String, String> map = this.keyGenerator.get();
        SshKey create = this.api.sshKeyApi().create(this.namingConvention.create().uniqueNameForGroup(str), map.get("public"));
        set.add(create.id());
        this.logger.debug(">> keypair created! %s", create);
        if (Strings.isNullOrEmpty(packetTemplateOptions.getLoginPrivateKey())) {
            packetTemplateOptions.overrideLoginPrivateKey(map.get(ImageListOptions.PRIVATE_PARAM));
        }
    }

    private void registerAutoGeneratedKeyPairCleanupCallbacks(Map<?, ListenableFuture<Void>> map, final Set<String> set) {
        Futures.addCallback(Futures.successfulAsList(map.values()), new FutureCallback<List<Void>>() { // from class: org.jclouds.packet.compute.strategy.CreateSshKeysThenCreateNodes.2
            @Override // com.google.common.util.concurrent.FutureCallback
            public void onSuccess(List<Void> list) {
                cleanupAutoGeneratedKeyPairs(set);
            }

            @Override // com.google.common.util.concurrent.FutureCallback
            public void onFailure(Throwable th) {
                cleanupAutoGeneratedKeyPairs(set);
            }

            private void cleanupAutoGeneratedKeyPairs(Set<String> set2) {
                CreateSshKeysThenCreateNodes.this.logger.debug(">> cleaning up auto-generated key pairs...", new Object[0]);
                for (String str : set2) {
                    try {
                        CreateSshKeysThenCreateNodes.this.api.sshKeyApi().delete(str);
                    } catch (Exception e) {
                        CreateSshKeysThenCreateNodes.this.logger.warn(">> could not delete key pair %s: %s", str, e.getMessage());
                    }
                }
            }
        }, this.userExecutor);
    }

    private static String computeFingerprint(PublicKey publicKey) {
        if (!(publicKey instanceof RSAPublicKey)) {
            throw new IllegalArgumentException("Only RSA keys are supported");
        }
        RSAPublicKey rSAPublicKey = (RSAPublicKey) publicKey;
        return SshKeys.fingerprint(rSAPublicKey.getPublicExponent(), rSAPublicKey.getModulus());
    }
}
