package com.xebialabs.overthere.gcp;

import com.google.api.gax.core.FixedCredentialsProvider;
import com.google.cloud.oslogin.common.OsLoginProto;
import com.google.cloud.oslogin.v1.LoginProfile;
import com.google.cloud.oslogin.v1.OsLoginServiceClient;
import com.google.cloud.oslogin.v1.OsLoginServiceSettings;
import com.google.cloud.oslogin.v1.UserName;
import com.xebialabs.overthere.gcp.credentials.GcpCredentialFactory;
import com.xebialabs.overthere.gcp.credentials.ProjectCredentials;
import java.io.IOException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:META-INF/lib/overthere-5.6.15.jar:com/xebialabs/overthere/gcp/GcpOsLoginKeyManager.class */
public class GcpOsLoginKeyManager implements GcpKeyManager {
    private static final Logger logger = LoggerFactory.getLogger(GcpOsLoginKeyManager.class);
    private final GcpCredentialFactory gcpCredentialFactory;
    private final GenerateSshKey generateSshKey;
    private ProjectCredentials projectCredentials;
    private UserName userName;
    private OsLoginServiceSettings osLoginServiceSettings;
    private GcpSshKey gcpSshKey;

    /* JADX INFO: Access modifiers changed from: package-private */
    public GcpOsLoginKeyManager(GenerateSshKey generateSshKey, GcpCredentialFactory gcpCredentialFactory) {
        this.generateSshKey = generateSshKey;
        this.gcpCredentialFactory = gcpCredentialFactory;
    }

    @Override // com.xebialabs.overthere.gcp.GcpKeyManager
    public GcpKeyManager init() {
        try {
            this.projectCredentials = this.gcpCredentialFactory.create();
            this.userName = UserName.of(this.projectCredentials.getClientEmail());
            this.osLoginServiceSettings = OsLoginServiceSettings.newBuilder().setCredentialsProvider(FixedCredentialsProvider.create(this.projectCredentials.getCredentials())).build();
            return this;
        } catch (IOException e) {
            throw new IllegalArgumentException("Cannot initialize for " + this.gcpCredentialFactory.info(), e);
        }
    }

    @Override // com.xebialabs.overthere.gcp.GcpKeyManager
    public GcpSshKey refreshKey(long j, int i) {
        if (this.gcpSshKey == null || System.currentTimeMillis() + 1000 > this.gcpSshKey.getExpirationTimeMs()) {
            SshKeyPair generate = this.generateSshKey.generate(this.projectCredentials.getClientEmail(), i);
            long currentTimeMillis = System.currentTimeMillis() + j;
            LoginProfile importSssKeyProjectLevel = importSssKeyProjectLevel(generate, j * 1000);
            if (importSssKeyProjectLevel.getPosixAccountsCount() < 1) {
                throw new IllegalArgumentException("Cannot get account for " + this.gcpCredentialFactory.info() + " has no posix account");
            }
            OsLoginProto.PosixAccount posixAccounts = importSssKeyProjectLevel.getPosixAccounts(0);
            OsLoginProto.SshPublicKey sshPublicKey = importSssKeyProjectLevel.getSshPublicKeysMap().get(generate.getFingerPrint());
            if (sshPublicKey != null) {
                currentTimeMillis = sshPublicKey.getExpirationTimeUsec() / 1000;
            }
            logger.debug("Using new key pair for user {} it expires at {} ms", posixAccounts.getUsername(), Long.valueOf(currentTimeMillis));
            this.gcpSshKey = new GcpSshKey(generate, posixAccounts.getUsername(), currentTimeMillis);
        }
        return this.gcpSshKey;
    }

    protected LoginProfile importSssKeyProjectLevel(SshKeyPair sshKeyPair, long j) {
        try {
            OsLoginServiceClient create = OsLoginServiceClient.create(this.osLoginServiceSettings);
            try {
                LoginProfile loginProfile = create.importSshPublicKey(this.userName, createSshPublicKey(sshKeyPair, j), this.projectCredentials.getProjectId()).getLoginProfile();
                if (create != null) {
                    create.close();
                }
                return loginProfile;
            } finally {
            }
        } catch (IOException e) {
            throw new IllegalArgumentException("Cannot use credentials from " + this.gcpCredentialFactory.info(), e);
        }
    }

    private OsLoginProto.SshPublicKey createSshPublicKey(SshKeyPair sshKeyPair, long j) {
        return OsLoginProto.SshPublicKey.newBuilder().setKey(sshKeyPair.getPublicKey()).setExpirationTimeUsec((System.currentTimeMillis() * 1000) + j).build();
    }
}
