package org.apache.brooklyn.location.jclouds;

import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Lists;
import java.security.KeyPair;
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Nullable;
import org.apache.brooklyn.core.location.LocationConfigUtils;
import org.apache.brooklyn.location.jclouds.api.JcloudsLocationPublic;
import org.apache.brooklyn.util.JavaGroovyEquivalents;
import org.apache.brooklyn.util.core.config.ConfigBag;
import org.apache.brooklyn.util.core.crypto.SecureKeys;
import org.apache.brooklyn.util.text.Identifiers;
import org.apache.brooklyn.util.text.Strings;
import org.jclouds.compute.domain.Image;
import org.jclouds.compute.functions.Sha512Crypt;
import org.jclouds.domain.LoginCredentials;
import org.jclouds.scriptbuilder.domain.LiteralStatement;
import org.jclouds.scriptbuilder.domain.Statement;
import org.jclouds.scriptbuilder.statements.login.AdminAccess;
import org.jclouds.scriptbuilder.statements.login.ReplaceShadowPasswordEntry;
import org.jclouds.scriptbuilder.statements.ssh.AuthorizeRSAPublicKeys;
import org.jclouds.scriptbuilder.statements.ssh.SshStatements;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/brooklyn/location/jclouds/CreateUserStatements.class */
public class CreateUserStatements {
    private static final Logger LOG = LoggerFactory.getLogger(CreateUserStatements.class);
    private final LoginCredentials createdUserCredentials;
    private final List<Statement> statements;

    /* JADX INFO: Access modifiers changed from: package-private */
    public CreateUserStatements(LoginCredentials loginCredentials, List<Statement> list) {
        this.createdUserCredentials = loginCredentials;
        this.statements = list;
    }

    public LoginCredentials credentials() {
        return this.createdUserCredentials;
    }

    public List<Statement> statements() {
        return this.statements;
    }

    public static CreateUserStatements get(JcloudsLocation jcloudsLocation, @Nullable Image image, ConfigBag configBag) {
        Preconditions.checkNotNull(jcloudsLocation, "location argument required");
        String str = (String) Preconditions.checkNotNull(jcloudsLocation.getUser(configBag), "user required");
        boolean isWindows = jcloudsLocation.isWindows(image, configBag);
        String str2 = (String) configBag.get(JcloudsLocation.LOGIN_USER);
        String str3 = JavaGroovyEquivalents.groovyTruth(str2) ? str2 : (image == null || image.getDefaultCredentials() == null) ? null : image.getDefaultCredentials().identity;
        boolean booleanValue = ((Boolean) configBag.get(JcloudsLocation.DONT_CREATE_USER)).booleanValue();
        boolean booleanValue2 = ((Boolean) configBag.get(JcloudsLocation.GRANT_USER_SUDO)).booleanValue();
        LocationConfigUtils.OsCredential osCredential = LocationConfigUtils.getOsCredential(configBag);
        osCredential.checkNoErrors().logAnyWarnings();
        String password = Strings.isNonBlank(osCredential.getPassword()) ? osCredential.getPassword() : Identifiers.makeRandomId(12);
        ArrayList newArrayList = Lists.newArrayList();
        LoginCredentials loginCredentials = null;
        if (booleanValue) {
            if (Strings.isBlank(str)) {
                LOG.info("Not setting up user {} (subsequently using loginUser {})", str, str3);
                configBag.put(JcloudsLocation.USER, str3);
            } else {
                LOG.info("Not creating user {}, and not installing its password or authorizing keys (assuming it exists)", str);
                if (osCredential.isUsingPassword()) {
                    loginCredentials = LoginCredentials.builder().user(str).password(osCredential.getPassword()).build();
                    if (Boolean.FALSE.equals(configBag.get(JcloudsLocation.DISABLE_ROOT_AND_PASSWORD_SSH))) {
                        newArrayList.add(SshStatements.sshdConfig(ImmutableMap.of("PasswordAuthentication", "yes")));
                    }
                } else if (osCredential.hasKey()) {
                    loginCredentials = LoginCredentials.builder().user(str).privateKey(osCredential.getPrivateKeyData()).build();
                }
            }
        } else if (isWindows) {
            LOG.warn("Not creating or configuring user on Windows VM, despite " + JcloudsLocation.DONT_CREATE_USER.getName() + " set to false");
            if (configBag.get(JcloudsLocation.USER) != null) {
                configBag.put(JcloudsLocation.USER, "");
            }
            if (configBag.get(JcloudsLocation.PASSWORD) != null) {
                configBag.put(JcloudsLocation.PASSWORD, "");
            }
            if (configBag.get(JcloudsLocation.PRIVATE_KEY_DATA) != null) {
                configBag.put(JcloudsLocation.PRIVATE_KEY_DATA, "");
            }
            if (configBag.get(JcloudsLocation.PRIVATE_KEY_FILE) != null) {
                configBag.put(JcloudsLocation.PRIVATE_KEY_FILE, "");
            }
            if (configBag.get(JcloudsLocation.PUBLIC_KEY_DATA) != null) {
                configBag.put(JcloudsLocation.PUBLIC_KEY_DATA, "");
            }
            if (configBag.get(JcloudsLocation.PUBLIC_KEY_FILE) != null) {
                configBag.put(JcloudsLocation.PUBLIC_KEY_FILE, "");
            }
        } else if (Strings.isBlank(str) || str.equals(str3) || str.equals(JcloudsLocationPublic.ROOT_USERNAME)) {
            boolean isNonBlank = Strings.isNonBlank(osCredential.getPublicKeyData());
            if (Strings.isBlank(str)) {
                str = str3;
                configBag.put(JcloudsLocation.USER, str);
            }
            newArrayList.add(new ReplaceShadowPasswordEntry(Sha512Crypt.function(), str, password));
            loginCredentials = LoginCredentials.builder().user(str).password(password).build();
            if (isNonBlank) {
                newArrayList.add(new AuthorizeRSAPublicKeys("~" + str + "/.ssh", ImmutableList.of(osCredential.getPublicKeyData()), (String) null));
                if (Strings.isNonBlank(osCredential.getPrivateKeyData())) {
                    loginCredentials = LoginCredentials.builder().user(str).privateKey(osCredential.getPrivateKeyData()).build();
                }
            }
            if (!isNonBlank || Boolean.FALSE.equals(configBag.get(JcloudsLocation.DISABLE_ROOT_AND_PASSWORD_SSH))) {
                newArrayList.add(SshStatements.sshdConfig(ImmutableMap.of("PasswordAuthentication", "yes")));
                if (str.equals(JcloudsLocationPublic.ROOT_USERNAME)) {
                    newArrayList.add(SshStatements.sshdConfig(ImmutableMap.of("PermitRootLogin", "yes")));
                }
            }
        } else {
            String publicKeyData = osCredential.getPublicKeyData();
            String privateKeyData = osCredential.getPrivateKeyData();
            if (osCredential.isEmpty()) {
                if (!configBag.containsKey(JcloudsLocation.PRIVATE_KEY_FILE)) {
                    LOG.info("Default SSH keys not found or not usable; will create new keys for each machine. Create ~/.ssh/id_rsa or set {} / {} / {} as appropriate for this location if you wish to be able to log in without Brooklyn.", new Object[]{JcloudsLocation.PRIVATE_KEY_FILE.getName(), JcloudsLocation.PRIVATE_KEY_PASSPHRASE.getName(), JcloudsLocation.PASSWORD.getName()});
                }
                KeyPair newKeyPair = SecureKeys.newKeyPair();
                publicKeyData = SecureKeys.toPub(newKeyPair);
                privateKeyData = SecureKeys.toPem(newKeyPair);
                LOG.debug("Brooklyn key being created for " + str + " at new machine " + jcloudsLocation + " is:\n" + privateKeyData);
            }
            AdminAccess.Builder grantSudoToAdminUser = AdminAccess.builder().adminUsername(str).grantSudoToAdminUser(booleanValue2);
            grantSudoToAdminUser.cryptFunction(Sha512Crypt.function());
            boolean isNonBlank2 = Strings.isNonBlank(publicKeyData);
            grantSudoToAdminUser.cryptFunction(Sha512Crypt.function());
            grantSudoToAdminUser.adminPassword(password);
            Logger logger = LOG;
            Object[] objArr = new Object[4];
            objArr[0] = password;
            objArr[1] = str;
            objArr[2] = jcloudsLocation;
            objArr[3] = isNonBlank2 ? "however a key will be used to access it" : "this will be the only way to log in";
            logger.debug("Password '{}' being created for user '{}' at the machine we are about to provision in {}; {}", objArr);
            if (booleanValue2 && ((Boolean) configBag.get(JcloudsLocationConfig.DISABLE_ROOT_AND_PASSWORD_SSH)).booleanValue()) {
                grantSudoToAdminUser.resetLoginPassword(true);
                grantSudoToAdminUser.loginPassword(Identifiers.makeRandomId(12));
            } else {
                grantSudoToAdminUser.resetLoginPassword(false);
                grantSudoToAdminUser.loginPassword(Identifiers.makeRandomId(12) + "-ignored");
            }
            if (isNonBlank2) {
                grantSudoToAdminUser.authorizeAdminPublicKey(true).adminPublicKey(publicKeyData);
            } else {
                grantSudoToAdminUser.authorizeAdminPublicKey(false).adminPublicKey(Identifiers.makeRandomId(12) + "-ignored");
            }
            grantSudoToAdminUser.installAdminPrivateKey(false).adminPrivateKey(Identifiers.makeRandomId(12) + "-ignored");
            grantSudoToAdminUser.lockSsh(isNonBlank2 && booleanValue2 && ((Boolean) configBag.get(JcloudsLocationConfig.DISABLE_ROOT_AND_PASSWORD_SSH)).booleanValue());
            newArrayList.add(grantSudoToAdminUser.build());
            if (isNonBlank2) {
                loginCredentials = LoginCredentials.builder().user(str).privateKey(privateKeyData).build();
            } else if (password != null) {
                loginCredentials = LoginCredentials.builder().user(str).password(password).build();
            }
            if (!isNonBlank2 || Boolean.FALSE.equals(configBag.get(JcloudsLocation.DISABLE_ROOT_AND_PASSWORD_SSH))) {
                newArrayList.add(SshStatements.sshdConfig(ImmutableMap.of("PasswordAuthentication", "yes")));
            }
        }
        String str4 = (String) configBag.get(JcloudsLocation.CUSTOM_TEMPLATE_OPTIONS_SCRIPT_CONTENTS);
        if (Strings.isNonBlank(str4)) {
            newArrayList.add(new LiteralStatement(str4));
        }
        LOG.debug("Machine we are about to create in {} will be customized with: {}", jcloudsLocation, newArrayList);
        return new CreateUserStatements(loginCredentials, newArrayList);
    }
}
