package org.springframework.cloud.config.server.ssh;

import com.jcraft.jsch.JSch;
import com.jcraft.jsch.JSchException;
import com.jcraft.jsch.KeyPair;
import jakarta.validation.ConstraintValidator;
import jakarta.validation.ConstraintValidatorContext;
import java.util.HashSet;
import org.springframework.cloud.config.server.environment.JGitEnvironmentProperties;
import org.springframework.cloud.config.server.environment.MultipleJGitEnvironmentProperties;
import org.springframework.util.StringUtils;

/* loaded from: input_file:org/springframework/cloud/config/server/ssh/PrivateKeyValidator.class */
public class PrivateKeyValidator implements ConstraintValidator<PrivateKeyIsValid, MultipleJGitEnvironmentProperties> {
    private static final String GIT_PROPERTY_PREFIX = "spring.cloud.config.server.git.";
    private final SshPropertyValidator sshPropertyValidator = new SshPropertyValidator();

    public void initialize(PrivateKeyIsValid privateKeyIsValid) {
    }

    public boolean isValid(MultipleJGitEnvironmentProperties multipleJGitEnvironmentProperties, ConstraintValidatorContext constraintValidatorContext) {
        constraintValidatorContext.disableDefaultConstraintViolation();
        HashSet hashSet = new HashSet();
        for (JGitEnvironmentProperties jGitEnvironmentProperties : this.sshPropertyValidator.extractRepoProperties(multipleJGitEnvironmentProperties)) {
            if (jGitEnvironmentProperties.isIgnoreLocalSshSettings() && SshPropertyValidator.isSshUri(jGitEnvironmentProperties.getUri())) {
                hashSet.add(Boolean.valueOf(isPrivateKeyPresent(jGitEnvironmentProperties, constraintValidatorContext) && isPrivateKeyFormatCorrect(jGitEnvironmentProperties, constraintValidatorContext)));
            }
        }
        return !hashSet.contains(false);
    }

    private boolean isPrivateKeyPresent(JGitEnvironmentProperties jGitEnvironmentProperties, ConstraintValidatorContext constraintValidatorContext) {
        if (StringUtils.hasText(jGitEnvironmentProperties.getPrivateKey())) {
            return true;
        }
        constraintValidatorContext.buildConstraintViolationWithTemplate(String.format("Property '%sprivateKey' must be set when '%signoreLocalSshSettings' is specified", GIT_PROPERTY_PREFIX, GIT_PROPERTY_PREFIX)).addConstraintViolation();
        return false;
    }

    private boolean isPrivateKeyFormatCorrect(JGitEnvironmentProperties jGitEnvironmentProperties, ConstraintValidatorContext constraintValidatorContext) {
        try {
            KeyPair.load(new JSch(), jGitEnvironmentProperties.getPrivateKey().getBytes(), (byte[]) null);
            return true;
        } catch (JSchException e) {
            constraintValidatorContext.buildConstraintViolationWithTemplate(String.format("Property '%sprivateKey' is not a valid private key", GIT_PROPERTY_PREFIX)).addConstraintViolation();
            return false;
        }
    }
}
