package com.xebialabs.overthere.gcp;

import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
import com.google.api.client.http.HttpRequestInitializer;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.gson.GsonFactory;
import com.google.api.client.util.Strings;
import com.google.api.services.compute.Compute;
import com.google.api.services.compute.model.Metadata;
import com.google.api.services.compute.model.Operation;
import com.google.auth.http.HttpCredentialsAdapter;
import com.xebialabs.overthere.gcp.credentials.GcpCredentialFactory;
import com.xebialabs.overthere.gcp.credentials.ProjectCredentials;
import java.io.IOException;
import java.text.SimpleDateFormat;
import java.util.ListIterator;
import java.util.Locale;
import java.util.TimeZone;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:META-INF/lib/overthere-5.6.15.jar:com/xebialabs/overthere/gcp/GcpMetadataKeyManager.class */
public class GcpMetadataKeyManager implements GcpKeyManager {
    private static final String SSH_KEYS_KEYNAME = "ssh-keys";
    private static final String SSH_KEYS_USERNAME = "google-ssh";
    private static HttpTransport httpTransport;
    private final GcpCredentialFactory gcpCredentialFactory;
    private final GenerateSshKey generateSshKey;
    private ProjectCredentials projectCredentials;
    private GcpSshKey gcpSshKey;
    private Compute computeService;
    private final String zoneName;
    private final String instanceId;
    private final String username;
    private final String applicationName;
    private static final Logger logger = LoggerFactory.getLogger(GcpMetadataKeyManager.class);
    private static final JsonFactory gsonFactory = GsonFactory.getDefaultInstance();

    /* JADX INFO: Access modifiers changed from: package-private */
    public GcpMetadataKeyManager(GenerateSshKey generateSshKey, GcpCredentialFactory gcpCredentialFactory, String str, String str2, String str3, String str4) {
        this.generateSshKey = generateSshKey;
        this.gcpCredentialFactory = gcpCredentialFactory;
        this.zoneName = str;
        this.instanceId = str2;
        this.username = str3;
        this.applicationName = str4;
    }

    @Override // com.xebialabs.overthere.gcp.GcpKeyManager
    public GcpKeyManager init() {
        this.projectCredentials = this.gcpCredentialFactory.create();
        this.computeService = createComputeService();
        return this;
    }

    @Override // com.xebialabs.overthere.gcp.GcpKeyManager
    public GcpSshKey refreshKey(long j, int i) {
        if (this.gcpSshKey == null || System.currentTimeMillis() + 1000 > this.gcpSshKey.getExpirationTimeMs()) {
            SshKeyPair generate = this.generateSshKey.generate(SSH_KEYS_USERNAME, i);
            long currentTimeMillis = System.currentTimeMillis() + j;
            if (this.instanceId == null) {
                addKeyToProject(generate.getPublicKey(), currentTimeMillis);
            } else {
                addKeyToInstance(generate.getPublicKey(), currentTimeMillis);
            }
            logger.debug("Using new key pair for user {} it expires at {} ms", this.username, Long.valueOf(currentTimeMillis));
            this.gcpSshKey = new GcpSshKey(generate, this.username, currentTimeMillis);
        }
        return this.gcpSshKey;
    }

    public String getZoneName() {
        return this.zoneName;
    }

    public String getInstanceId() {
        return this.instanceId;
    }

    public String getUsername() {
        return this.username;
    }

    public String getApplicationName() {
        return this.applicationName;
    }

    private void addKeyToInstance(String str, long j) {
        try {
            Compute.Instances instances = this.computeService.instances();
            Metadata metadata = instances.get(this.projectCredentials.getProjectId(), this.zoneName, this.instanceId).execute().getMetadata();
            updateSshKey(metadata, str, j);
            checkForOperationErrors(instances.setMetadata(this.projectCredentials.getProjectId(), this.zoneName, this.instanceId, metadata).execute());
        } catch (IOException e) {
            throw new IllegalStateException("Cannot install key pairs on project " + this.projectCredentials.getProjectId() + " and instance " + this.instanceId + " for username " + this.username, e);
        }
    }

    private void addKeyToProject(String str, long j) {
        try {
            Compute.Projects projects = this.computeService.projects();
            Metadata commonInstanceMetadata = projects.get(this.projectCredentials.getProjectId()).execute().getCommonInstanceMetadata();
            updateSshKey(commonInstanceMetadata, str, j);
            checkForOperationErrors(projects.setCommonInstanceMetadata(this.projectCredentials.getProjectId(), commonInstanceMetadata).execute());
        } catch (IOException e) {
            throw new IllegalStateException("Cannot install key pairs on project " + this.projectCredentials.getProjectId() + " for username " + this.username, e);
        }
    }

    protected void updateSshKey(Metadata metadata, String str, long j) {
        ListIterator<Metadata.Items> listIterator = metadata.getItems().listIterator();
        boolean z = false;
        while (true) {
            if (!listIterator.hasNext()) {
                break;
            }
            Metadata.Items next = listIterator.next();
            if (SSH_KEYS_KEYNAME.equals(next.getKey())) {
                listIterator.set(composeSshKeyItem(next.getValue(), str, j));
                z = true;
                break;
            }
        }
        if (z) {
            return;
        }
        listIterator.add(composeSshKeyItem(null, str, j));
    }

    protected Metadata.Items composeSshKeyItem(String str, String str2, long j) {
        if (Strings.isNullOrEmpty(str)) {
            return new Metadata.Items().setKey(SSH_KEYS_KEYNAME).setValue(composeSshKeyLine(str2, j));
        }
        String[] split = str.split("\n");
        StringBuilder sb = new StringBuilder();
        for (String str3 : split) {
            if (!isUsernameInLine(str3)) {
                sb.append(str3).append('\n');
            }
        }
        sb.append(composeSshKeyLine(str2, j));
        return new Metadata.Items().setKey(SSH_KEYS_KEYNAME).setValue(sb.toString());
    }

    protected boolean isUsernameInLine(String str) {
        return str != null && str.trim().startsWith(this.username);
    }

    protected String composeSshKeyLine(String str, long j) {
        return this.username + ":" + str.replace('\n', ' ') + " {\"userName\":\"" + this.username + "\",\"expireOn\":\"" + getISO8601StringForDate(j) + "\"}";
    }

    private void checkForOperationErrors(Operation operation) {
        if (operation.getError() == null || operation.getError().getErrors() == null || operation.getError().getErrors().isEmpty()) {
            return;
        }
        throw new IllegalStateException("Cannot install key pairs on project " + this.projectCredentials.getProjectId() + " for username " + this.username + ": " + operation.getError().getErrors().get(0).getMessage());
    }

    private Compute createComputeService() {
        return this.projectCredentials.getOauth2Credential() != null ? new Compute.Builder(httpTransport, gsonFactory, null).setApplicationName(this.applicationName).setHttpRequestInitializer((HttpRequestInitializer) this.projectCredentials.getOauth2Credential()).build() : new Compute.Builder(httpTransport, gsonFactory, new HttpCredentialsAdapter(this.projectCredentials.getCredentials())).setApplicationName(this.applicationName).build();
    }

    private static String getISO8601StringForDate(long j) {
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss+0000", Locale.US);
        simpleDateFormat.setTimeZone(TimeZone.getTimeZone("UTC"));
        return simpleDateFormat.format(Long.valueOf(j));
    }

    static {
        try {
            httpTransport = GoogleNetHttpTransport.newTrustedTransport();
        } catch (Exception e) {
            throw new IllegalStateException("Cannot create new trusted transport", e);
        }
    }
}
