package org.jclouds.ssh;

import com.google.common.annotations.Beta;
import com.google.common.base.Charsets;
import com.google.common.base.Joiner;
import com.google.common.base.Preconditions;
import com.google.common.base.Splitter;
import com.google.common.base.Throwables;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Iterables;
import com.google.common.hash.HashCode;
import com.google.common.hash.Hashing;
import com.google.common.io.BaseEncoding;
import com.google.common.io.ByteSource;
import com.google.inject.internal.asm.C$Opcodes;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.Map;
import org.jclouds.crypto.Pems;
import org.jclouds.util.Strings2;

@Beta
/* loaded from: input_file:org/jclouds/ssh/SshKeys.class */
public class SshKeys {
    public static RSAPublicKeySpec publicKeySpecFromOpenSSH(String str) {
        try {
            return publicKeySpecFromOpenSSH(ByteSource.wrap(str.getBytes(Charsets.UTF_8)));
        } catch (IOException e) {
            throw Throwables.propagate(e);
        }
    }

    public static RSAPublicKeySpec publicKeySpecFromOpenSSH(ByteSource byteSource) throws IOException {
        Iterable<String> split = Splitter.on(' ').split(Strings2.toStringAndClose(byteSource.openStream()).trim());
        Preconditions.checkArgument(Iterables.size(split) >= 2 && "ssh-rsa".equals(Iterables.get(split, 0)), "bad format, should be: ssh-rsa AAAAB3...");
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(BaseEncoding.base64().decode((CharSequence) Iterables.get(split, 1)));
        String str = new String(readLengthFirst(byteArrayInputStream));
        Preconditions.checkArgument("ssh-rsa".equals(str), "looking for marker ssh-rsa but got %s", str);
        return new RSAPublicKeySpec(new BigInteger(readLengthFirst(byteArrayInputStream)), new BigInteger(readLengthFirst(byteArrayInputStream)));
    }

    private static byte[] readLengthFirst(InputStream inputStream) throws IOException {
        int read = (inputStream.read() << 24) + (inputStream.read() << 16) + (inputStream.read() << 8) + (inputStream.read() << 0);
        byte[] bArr = new byte[read];
        inputStream.read(bArr, 0, read);
        return bArr;
    }

    public static KeyPair generateRsaKeyPair(KeyPairGenerator keyPairGenerator, SecureRandom secureRandom) {
        keyPairGenerator.initialize(C$Opcodes.ACC_STRICT, secureRandom);
        return keyPairGenerator.genKeyPair();
    }

    public static Map<String, String> generate() {
        try {
            return generate(KeyPairGenerator.getInstance("RSA"), new SecureRandom());
        } catch (NoSuchAlgorithmException e) {
            throw Throwables.propagate(e);
        }
    }

    public static Map<String, String> generate(KeyPairGenerator keyPairGenerator, SecureRandom secureRandom) {
        KeyPair generateRsaKeyPair = generateRsaKeyPair(keyPairGenerator, secureRandom);
        ImmutableMap.Builder builder = ImmutableMap.builder();
        builder.put("public", encodeAsOpenSSH((RSAPublicKey) RSAPublicKey.class.cast(generateRsaKeyPair.getPublic())));
        builder.put("private", Pems.pem((PrivateKey) RSAPrivateKey.class.cast(generateRsaKeyPair.getPrivate())));
        return builder.build();
    }

    public static String encodeAsOpenSSH(RSAPublicKey rSAPublicKey) {
        return "ssh-rsa " + BaseEncoding.base64().encode(keyBlob(rSAPublicKey.getPublicExponent(), rSAPublicKey.getModulus()));
    }

    public static boolean privateKeyMatchesPublicKey(String str, String str2) {
        KeySpec privateKeySpec = Pems.privateKeySpec(str);
        Preconditions.checkArgument(privateKeySpec instanceof RSAPrivateCrtKeySpec, "incorrect format expected RSAPrivateCrtKeySpec was %s", privateKeySpec);
        return privateKeyMatchesPublicKey((RSAPrivateCrtKeySpec) RSAPrivateCrtKeySpec.class.cast(privateKeySpec), publicKeySpecFromOpenSSH(str2));
    }

    public static boolean privateKeyMatchesPublicKey(RSAPrivateCrtKeySpec rSAPrivateCrtKeySpec, RSAPublicKeySpec rSAPublicKeySpec) {
        return rSAPrivateCrtKeySpec.getPublicExponent().equals(rSAPublicKeySpec.getPublicExponent()) && rSAPrivateCrtKeySpec.getModulus().equals(rSAPublicKeySpec.getModulus());
    }

    public static boolean privateKeyHasFingerprint(RSAPrivateCrtKeySpec rSAPrivateCrtKeySpec, String str) {
        return fingerprint(rSAPrivateCrtKeySpec.getPublicExponent(), rSAPrivateCrtKeySpec.getModulus()).equals(str);
    }

    public static boolean privateKeyHasFingerprint(String str, String str2) {
        KeySpec privateKeySpec = Pems.privateKeySpec(str);
        Preconditions.checkArgument(privateKeySpec instanceof RSAPrivateCrtKeySpec, "incorrect format expected RSAPrivateCrtKeySpec was %s", privateKeySpec);
        return privateKeyHasFingerprint((RSAPrivateCrtKeySpec) RSAPrivateCrtKeySpec.class.cast(privateKeySpec), str2);
    }

    public static String fingerprintPrivateKey(String str) {
        KeySpec privateKeySpec = Pems.privateKeySpec(str);
        Preconditions.checkArgument(privateKeySpec instanceof RSAPrivateCrtKeySpec, "incorrect format expected RSAPrivateCrtKeySpec was %s", privateKeySpec);
        RSAPrivateCrtKeySpec rSAPrivateCrtKeySpec = (RSAPrivateCrtKeySpec) RSAPrivateCrtKeySpec.class.cast(privateKeySpec);
        return fingerprint(rSAPrivateCrtKeySpec.getPublicExponent(), rSAPrivateCrtKeySpec.getModulus());
    }

    public static String fingerprintPublicKey(String str) {
        RSAPublicKeySpec publicKeySpecFromOpenSSH = publicKeySpecFromOpenSSH(str);
        return fingerprint(publicKeySpecFromOpenSSH.getPublicExponent(), publicKeySpecFromOpenSSH.getModulus());
    }

    public static boolean privateKeyHasSha1(RSAPrivateCrtKeySpec rSAPrivateCrtKeySpec, String str) {
        return sha1(rSAPrivateCrtKeySpec).equals(str);
    }

    public static boolean privateKeyHasSha1(String str, String str2) {
        KeySpec privateKeySpec = Pems.privateKeySpec(str);
        Preconditions.checkArgument(privateKeySpec instanceof RSAPrivateCrtKeySpec, "incorrect format expected RSAPrivateCrtKeySpec was %s", privateKeySpec);
        return privateKeyHasSha1((RSAPrivateCrtKeySpec) RSAPrivateCrtKeySpec.class.cast(privateKeySpec), str2);
    }

    public static String sha1PrivateKey(String str) {
        KeySpec privateKeySpec = Pems.privateKeySpec(str);
        Preconditions.checkArgument(privateKeySpec instanceof RSAPrivateCrtKeySpec, "incorrect format expected RSAPrivateCrtKeySpec was %s", privateKeySpec);
        return sha1((RSAPrivateCrtKeySpec) RSAPrivateCrtKeySpec.class.cast(privateKeySpec));
    }

    public static String sha1(RSAPrivateCrtKeySpec rSAPrivateCrtKeySpec) {
        try {
            return hexColonDelimited(Hashing.sha1().hashBytes(KeyFactory.getInstance("RSA").generatePrivate(rSAPrivateCrtKeySpec).getEncoded()));
        } catch (NoSuchAlgorithmException e) {
            throw Throwables.propagate(e);
        } catch (InvalidKeySpecException e2) {
            throw Throwables.propagate(e2);
        }
    }

    public static boolean publicKeyHasFingerprint(RSAPublicKeySpec rSAPublicKeySpec, String str) {
        return fingerprint(rSAPublicKeySpec.getPublicExponent(), rSAPublicKeySpec.getModulus()).equals(str);
    }

    public static boolean publicKeyHasFingerprint(String str, String str2) {
        return publicKeyHasFingerprint(publicKeySpecFromOpenSSH(str), str2);
    }

    public static String fingerprint(BigInteger bigInteger, BigInteger bigInteger2) {
        return hexColonDelimited(Hashing.md5().hashBytes(keyBlob(bigInteger, bigInteger2)));
    }

    private static String hexColonDelimited(HashCode hashCode) {
        return Joiner.on(':').join(Splitter.fixedLength(2).split(BaseEncoding.base16().lowerCase().encode(hashCode.asBytes())));
    }

    private static byte[] keyBlob(BigInteger bigInteger, BigInteger bigInteger2) {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            writeLengthFirst("ssh-rsa".getBytes(), byteArrayOutputStream);
            writeLengthFirst(bigInteger.toByteArray(), byteArrayOutputStream);
            writeLengthFirst(bigInteger2.toByteArray(), byteArrayOutputStream);
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            throw Throwables.propagate(e);
        }
    }

    private static void writeLengthFirst(byte[] bArr, ByteArrayOutputStream byteArrayOutputStream) throws IOException {
        byteArrayOutputStream.write((bArr.length >>> 24) & 255);
        byteArrayOutputStream.write((bArr.length >>> 16) & 255);
        byteArrayOutputStream.write((bArr.length >>> 8) & 255);
        byteArrayOutputStream.write((bArr.length >>> 0) & 255);
        if (bArr.length == 1 && bArr[0] == 0) {
            byteArrayOutputStream.write(new byte[0]);
        } else {
            byteArrayOutputStream.write(bArr);
        }
    }
}
