package org.jclouds.googlecomputeengine.compute.functions;

import com.google.common.base.Function;
import com.google.common.base.Optional;
import com.google.common.base.Predicate;
import com.google.common.base.Predicates;
import com.google.common.base.Splitter;
import com.google.common.base.Throwables;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Iterables;
import com.google.common.io.BaseEncoding;
import com.google.common.util.concurrent.Atomics;
import com.google.gson.GsonBuilder;
import com.google.inject.TypeLiteral;
import java.math.BigInteger;
import java.nio.charset.Charset;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
import java.text.SimpleDateFormat;
import java.util.Arrays;
import java.util.Date;
import java.util.Map;
import java.util.TimeZone;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicReference;
import javax.annotation.Resource;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.inject.Inject;
import javax.inject.Named;
import org.jclouds.compute.reference.ComputeServiceConstants;
import org.jclouds.crypto.Crypto;
import org.jclouds.ec2.domain.Tag;
import org.jclouds.googlecomputeengine.GoogleComputeEngineApi;
import org.jclouds.googlecomputeengine.domain.Instance;
import org.jclouds.googlecomputeengine.domain.Metadata;
import org.jclouds.googlecomputeengine.domain.Operation;
import org.jclouds.googlecomputeengine.features.InstanceApi;
import org.jclouds.json.Json;
import org.jclouds.logging.Logger;
import org.jclouds.openstack.swift.v1.reference.SwiftHeaders;
import org.jclouds.util.Predicates2;

/* loaded from: input_file:WEB-INF/lib/google-compute-engine-2.4.0.jar:org/jclouds/googlecomputeengine/compute/functions/ResetWindowsPassword.class */
public class ResetWindowsPassword implements Function<Map<String, ?>, String> {
    private static final long EXPIRE_DURATION = 600000;

    @Resource
    @Named(ComputeServiceConstants.COMPUTE_LOGGER)
    protected Logger logger = Logger.NULL;
    private final GoogleComputeEngineApi api;
    private final Crypto crypto;
    private final Predicate<AtomicReference<Operation>> operationDone;
    private final Json json;
    private static final Predicate<Map<String, Object>> HasEncryptedPassword = new Predicate<Map<String, Object>>() { // from class: org.jclouds.googlecomputeengine.compute.functions.ResetWindowsPassword.3
        public boolean apply(Map<String, Object> map) {
            return map.containsKey("encryptedPassword");
        }
    };
    private static final Function<Map<String, Object>, String> ExtractEncryptedPassword = new Function<Map<String, Object>, String>() { // from class: org.jclouds.googlecomputeengine.compute.functions.ResetWindowsPassword.4
        public String apply(Map<String, Object> map) {
            return (String) map.get("encryptedPassword");
        }
    };

    @Inject
    protected ResetWindowsPassword(GoogleComputeEngineApi googleComputeEngineApi, Crypto crypto, Predicate<AtomicReference<Operation>> predicate, Json json) {
        this.api = googleComputeEngineApi;
        this.crypto = crypto;
        this.operationDone = predicate;
        this.json = json;
    }

    public String apply(Map<String, ?> map) {
        String str = (String) map.get("zone");
        AtomicReference atomicReference = (AtomicReference) map.get(Tag.ResourceType.INSTANCE);
        String str2 = (String) map.get("userName");
        String str3 = (String) map.get("email");
        KeyPair genKeyPair = this.crypto.rsaKeyPairGenerator().genKeyPair();
        this.logger.debug("Generating windows key for instance %s, by updating metadata", ((Instance) atomicReference.get()).name());
        final InstanceApi instancesInZone = this.api.instancesInZone(str);
        Metadata metadata = ((Instance) atomicReference.get()).metadata();
        try {
            metadata.put("windows-keys", new GsonBuilder().disableHtmlEscaping().create().toJson(extractKeyMetadata(genKeyPair, str2, str3)));
        } catch (NoSuchAlgorithmException e) {
            Throwables.propagate(e);
        } catch (InvalidKeySpecException e2) {
            Throwables.propagate(e2);
        }
        AtomicReference newReference = Atomics.newReference(instancesInZone.setMetadata(((Instance) atomicReference.get()).name(), metadata));
        this.operationDone.apply(newReference);
        if (((Operation) newReference.get()).httpErrorStatusCode() != null) {
            this.logger.warn("Generating windows key for %s failed. Http Error Code: %d HttpError: %s", ((Operation) newReference.get()).targetId(), ((Operation) newReference.get()).httpErrorStatusCode(), ((Operation) newReference.get()).httpErrorMessage());
        }
        try {
            final AtomicReference newReference2 = Atomics.newReference();
            if (Predicates2.retry(new Predicate<Instance>() { // from class: org.jclouds.googlecomputeengine.compute.functions.ResetWindowsPassword.1
                public boolean apply(Instance instance) {
                    Optional transform = Iterables.tryFind(Iterables.filter(Iterables.transform(Splitter.on('\n').splitToList(instancesInZone.getSerialPortOutput(instance.name(), 4).contents()), ResetWindowsPassword.deserializeSerialOutput(ResetWindowsPassword.this.json)), Predicates.notNull()), ResetWindowsPassword.HasEncryptedPassword).transform(ResetWindowsPassword.ExtractEncryptedPassword);
                    if (transform.isPresent()) {
                        newReference2.set((String) transform.get());
                    }
                    return transform.isPresent();
                }
            }, 600L, 30L, TimeUnit.SECONDS).apply((Instance) atomicReference.get())) {
                return decryptPassword((String) newReference2.get(), genKeyPair);
            }
            throw new IllegalStateException("Did not find the encrypted password in the serial port output");
        } catch (Exception e3) {
            throw Throwables.propagate(e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Function<String, Map<String, Object>> deserializeSerialOutput(final Json json) {
        return new Function<String, Map<String, Object>>() { // from class: org.jclouds.googlecomputeengine.compute.functions.ResetWindowsPassword.2
            /* JADX WARN: Type inference failed for: r2v0, types: [org.jclouds.googlecomputeengine.compute.functions.ResetWindowsPassword$2$1] */
            public Map<String, Object> apply(String str) {
                try {
                    return (Map) Json.this.fromJson(str, new TypeLiteral<Map<String, Object>>() { // from class: org.jclouds.googlecomputeengine.compute.functions.ResetWindowsPassword.2.1
                    }.getType());
                } catch (Exception e) {
                    return null;
                }
            }
        };
    }

    protected String decryptPassword(String str, KeyPair keyPair) throws InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
        try {
            Cipher cipher = this.crypto.cipher("RSA/NONE/OAEPPadding");
            cipher.init(2, keyPair.getPrivate());
            return new String(cipher.doFinal(BaseEncoding.base64().decode(str)), Charset.forName("UTF-8"));
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("Problem finding cypher. Try adding bouncycastle dependency.", e);
        } catch (NoSuchPaddingException e2) {
            throw new RuntimeException("Problem finding cypher. Try adding bouncycastle dependency.", e2);
        }
    }

    protected Map<String, String> extractKeyMetadata(KeyPair keyPair, String str, String str2) throws NoSuchAlgorithmException, InvalidKeySpecException {
        RSAPublicKeySpec rSAPublicKeySpec = (RSAPublicKeySpec) this.crypto.rsaKeyFactory().getKeySpec(keyPair.getPublic(), RSAPublicKeySpec.class);
        BigInteger modulus = rSAPublicKeySpec.getModulus();
        BigInteger publicExponent = rSAPublicKeySpec.getPublicExponent();
        String replaceAll = BaseEncoding.base64().encode(Arrays.copyOfRange(modulus.toByteArray(), 1, modulus.toByteArray().length)).replaceAll("\n", SwiftHeaders.CONTAINER_ACL_PRIVATE);
        String replaceAll2 = BaseEncoding.base64().encode(publicExponent.toByteArray()).replaceAll("\n", SwiftHeaders.CONTAINER_ACL_PRIVATE);
        Date date = new Date(System.currentTimeMillis() + EXPIRE_DURATION);
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
        simpleDateFormat.setTimeZone(TimeZone.getTimeZone("UTC"));
        return ImmutableMap.builder().put("modulus", replaceAll).put("exponent", replaceAll2).put("expireOn", simpleDateFormat.format(date)).put("userName", str).put("email", str2).build();
    }
}
