package com.google.gerrit.sshd;

import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import com.google.gerrit.common.errors.InvalidSshKeyException;
import com.google.gerrit.reviewdb.client.AccountExternalId;
import com.google.gerrit.reviewdb.client.AccountSshKey;
import com.google.gerrit.reviewdb.server.ReviewDb;
import com.google.gerrit.server.cache.CacheModule;
import com.google.gerrit.server.ssh.SshKeyCache;
import com.google.gwtorm.server.OrmException;
import com.google.gwtorm.server.SchemaFactory;
import com.google.inject.Inject;
import com.google.inject.Module;
import com.google.inject.Singleton;
import com.google.inject.TypeLiteral;
import com.google.inject.name.Named;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.concurrent.ExecutionException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
/* loaded from: input_file:com/google/gerrit/sshd/SshKeyCacheImpl.class */
public class SshKeyCacheImpl implements SshKeyCache {
    private static final String CACHE_NAME = "sshkeys";
    private final LoadingCache<String, Iterable<SshKeyCacheEntry>> cache;
    private static final Logger log = LoggerFactory.getLogger(SshKeyCacheImpl.class);
    static final Iterable<SshKeyCacheEntry> NO_SUCH_USER = none();
    static final Iterable<SshKeyCacheEntry> NO_KEYS = none();

    /* loaded from: input_file:com/google/gerrit/sshd/SshKeyCacheImpl$Loader.class */
    static class Loader extends CacheLoader<String, Iterable<SshKeyCacheEntry>> {
        private final SchemaFactory<ReviewDb> schema;

        @Inject
        Loader(SchemaFactory<ReviewDb> schemaFactory) {
            this.schema = schemaFactory;
        }

        @Override // com.google.common.cache.CacheLoader
        public Iterable<SshKeyCacheEntry> load(String str) throws Exception {
            ReviewDb open = this.schema.open();
            try {
                AccountExternalId accountExternalId = open.accountExternalIds().get(new AccountExternalId.Key(AccountExternalId.SCHEME_USERNAME, str));
                if (accountExternalId == null) {
                    Iterable<SshKeyCacheEntry> iterable = SshKeyCacheImpl.NO_SUCH_USER;
                    open.close();
                    return iterable;
                }
                ArrayList arrayList = new ArrayList(4);
                for (AccountSshKey accountSshKey : open.accountSshKeys().byAccount(accountExternalId.getAccountId())) {
                    if (accountSshKey.isValid()) {
                        add(open, arrayList, accountSshKey);
                    }
                }
                if (arrayList.isEmpty()) {
                    Iterable<SshKeyCacheEntry> iterable2 = SshKeyCacheImpl.NO_KEYS;
                    open.close();
                    return iterable2;
                }
                List unmodifiableList = Collections.unmodifiableList(arrayList);
                open.close();
                return unmodifiableList;
            } catch (Throwable th) {
                open.close();
                throw th;
            }
        }

        private void add(ReviewDb reviewDb, List<SshKeyCacheEntry> list, AccountSshKey accountSshKey) {
            try {
                list.add(new SshKeyCacheEntry(accountSshKey.getKey(), SshUtil.parse(accountSshKey)));
            } catch (OutOfMemoryError e) {
                throw e;
            } catch (Throwable th) {
                markInvalid(reviewDb, accountSshKey);
            }
        }

        private void markInvalid(ReviewDb reviewDb, AccountSshKey accountSshKey) {
            try {
                SshKeyCacheImpl.log.info("Flagging SSH key " + accountSshKey.getKey() + " invalid");
                accountSshKey.setInvalid();
                reviewDb.accountSshKeys().update(Collections.singleton(accountSshKey));
            } catch (OrmException e) {
                SshKeyCacheImpl.log.error("Failed to mark SSH key" + accountSshKey.getKey() + " invalid", (Throwable) e);
            }
        }
    }

    public static Module module() {
        return new CacheModule() { // from class: com.google.gerrit.sshd.SshKeyCacheImpl.1
            @Override // com.google.inject.AbstractModule
            protected void configure() {
                cache(SshKeyCacheImpl.CACHE_NAME, String.class, new TypeLiteral<Iterable<SshKeyCacheEntry>>() { // from class: com.google.gerrit.sshd.SshKeyCacheImpl.1.1
                }).loader(Loader.class);
                bind(SshKeyCacheImpl.class);
                bind(SshKeyCache.class).to(SshKeyCacheImpl.class);
            }
        };
    }

    private static Iterable<SshKeyCacheEntry> none() {
        return Collections.unmodifiableCollection(Arrays.asList(new SshKeyCacheEntry[0]));
    }

    @Inject
    SshKeyCacheImpl(@Named("sshkeys") LoadingCache<String, Iterable<SshKeyCacheEntry>> loadingCache) {
        this.cache = loadingCache;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Iterable<SshKeyCacheEntry> get(String str) {
        try {
            return this.cache.get(str);
        } catch (ExecutionException e) {
            log.warn("Cannot load SSH keys for " + str, (Throwable) e);
            return Collections.emptyList();
        }
    }

    @Override // com.google.gerrit.server.ssh.SshKeyCache
    public void evict(String str) {
        if (str != null) {
            this.cache.invalidate(str);
        }
    }

    @Override // com.google.gerrit.server.ssh.SshKeyCache
    public AccountSshKey create(AccountSshKey.Id id, String str) throws InvalidSshKeyException {
        try {
            AccountSshKey accountSshKey = new AccountSshKey(id, SshUtil.toOpenSshPublicKey(str));
            SshUtil.parse(accountSshKey);
            return accountSshKey;
        } catch (NoSuchAlgorithmException e) {
            throw new InvalidSshKeyException();
        } catch (NoSuchProviderException e2) {
            log.error("Cannot parse SSH key", (Throwable) e2);
            throw new InvalidSshKeyException();
        } catch (InvalidKeySpecException e3) {
            throw new InvalidSshKeyException();
        }
    }
}
