package io.jenkins.cli.shaded.org.apache.sshd.client.config.keys;

import io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.FilePasswordProvider;
import io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.KeyUtils;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.GenericUtils;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.io.IoUtils;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.io.ModifiableFileWatcher;
import java.io.IOException;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.PublicKey;
import java.util.AbstractMap;
import java.util.Objects;
import java.util.concurrent.atomic.AtomicReference;
import java.util.function.Supplier;

/* loaded from: input_file:WEB-INF/lib/cli-2.280-rc30882.0f046d2feb43.jar:io/jenkins/cli/shaded/org/apache/sshd/client/config/keys/ClientIdentityFileWatcher.class */
public class ClientIdentityFileWatcher extends ModifiableFileWatcher implements ClientIdentityProvider {
    private final AtomicReference<KeyPair> identityHolder;
    private final Supplier<ClientIdentityLoader> loaderHolder;
    private final Supplier<FilePasswordProvider> providerHolder;
    private final boolean strict;

    public ClientIdentityFileWatcher(Path path, ClientIdentityLoader clientIdentityLoader, FilePasswordProvider filePasswordProvider) {
        this(path, clientIdentityLoader, filePasswordProvider, true);
    }

    public ClientIdentityFileWatcher(Path path, ClientIdentityLoader clientIdentityLoader, FilePasswordProvider filePasswordProvider, boolean z) {
        this(path, (Supplier<ClientIdentityLoader>) GenericUtils.supplierOf(Objects.requireNonNull(clientIdentityLoader, "No client identity loader")), (Supplier<FilePasswordProvider>) GenericUtils.supplierOf(Objects.requireNonNull(filePasswordProvider, "No password provider")), z);
    }

    public ClientIdentityFileWatcher(Path path, Supplier<ClientIdentityLoader> supplier, Supplier<FilePasswordProvider> supplier2) {
        this(path, supplier, supplier2, true);
    }

    public ClientIdentityFileWatcher(Path path, Supplier<ClientIdentityLoader> supplier, Supplier<FilePasswordProvider> supplier2, boolean z) {
        super(path);
        this.identityHolder = new AtomicReference<>(null);
        this.loaderHolder = (Supplier) Objects.requireNonNull(supplier, "No client identity loader");
        this.providerHolder = (Supplier) Objects.requireNonNull(supplier2, "No password provider");
        this.strict = z;
    }

    public final boolean isStrict() {
        return this.strict;
    }

    public final ClientIdentityLoader getClientIdentityLoader() {
        return this.loaderHolder.get();
    }

    public final FilePasswordProvider getFilePasswordProvider() {
        return this.providerHolder.get();
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.client.config.keys.ClientIdentityProvider
    public KeyPair getClientIdentity() throws IOException, GeneralSecurityException {
        if (checkReloadRequired()) {
            KeyPair andSet = this.identityHolder.getAndSet(null);
            Path path = getPath();
            if (exists()) {
                KeyPair reloadClientIdentity = reloadClientIdentity(path);
                if (!KeyUtils.compareKeyPairs(andSet, reloadClientIdentity) && this.log.isDebugEnabled()) {
                    this.log.debug("getClientIdentity({}) identity {}", path, andSet == null ? "loaded" : "re-loaded");
                }
                updateReloadAttributes();
                this.identityHolder.set(reloadClientIdentity);
            }
        }
        return this.identityHolder.get();
    }

    protected KeyPair reloadClientIdentity(Path path) throws IOException, GeneralSecurityException {
        AbstractMap.SimpleImmutableEntry<String, Object> validateStrictKeyFilePermissions;
        if (isStrict() && (validateStrictKeyFilePermissions = KeyUtils.validateStrictKeyFilePermissions(path, IoUtils.EMPTY_LINK_OPTIONS)) != null) {
            if (!this.log.isDebugEnabled()) {
                return null;
            }
            this.log.debug("reloadClientIdentity({}) ignore due to {}", path, validateStrictKeyFilePermissions.getKey());
            return null;
        }
        String path2 = path.toString();
        ClientIdentityLoader clientIdentityLoader = (ClientIdentityLoader) Objects.requireNonNull(getClientIdentityLoader(), "No client identity loader");
        if (!clientIdentityLoader.isValidLocation(path2)) {
            if (!this.log.isDebugEnabled()) {
                return null;
            }
            this.log.debug("reloadClientIdentity({}) invalid location", path2);
            return null;
        }
        KeyPair loadClientIdentity = clientIdentityLoader.loadClientIdentity(path2, (FilePasswordProvider) Objects.requireNonNull(getFilePasswordProvider(), "No file password provider"));
        if (this.log.isTraceEnabled()) {
            PublicKey publicKey = loadClientIdentity == null ? null : loadClientIdentity.getPublic();
            if (publicKey != null) {
                this.log.trace("reloadClientIdentity({}) loaded {}-{}", path2, KeyUtils.getKeyType(publicKey), KeyUtils.getFingerPrint(publicKey));
            } else {
                this.log.trace("reloadClientIdentity({}) no key loaded", path2);
            }
        }
        return loadClientIdentity;
    }
}
