package com.amazon.aes.webservices.client.cmd;

import com.amazon.aes.webservices.client.Jec2;
import com.amazon.aes.webservices.client.PasswordData;
import com.amazon.aes.webservices.client.RequestResult;
import com.amazon.aes.webservices.client.RequestResultPair;
import java.io.BufferedReader;
import java.io.FileReader;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import javax.crypto.Cipher;
import org.apache.commons.cli.OptionBuilder;
import org.apache.commons.cli.Options;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMReader;
import org.codehaus.xfire.util.Base64;
import sun.misc.BASE64Decoder;

/* loaded from: input_file:com/amazon/aes/webservices/client/cmd/GetPassword.class */
public class GetPassword extends BaseCmd {
    private static final String[] PRIV_LAUNCH_KEY_DESC = {"file containing the unencrypted PEM encoded PKCS#8 private", "key portion of the keypair specified when launching", "the instance."};
    int currIndex;

    public String GetPasswordFromOutput(String str, PrivateKey privateKey) throws Exception {
        if (str.trim().length() == 0) {
            throw new GeneralError("No <Password> element was found for this instance.");
        }
        if (isOptionSet(BaseCmd.VERBOSE)) {
            System.err.println("Found encrypted password: " + str);
        }
        try {
            return decodePassword(str, privateKey);
        } catch (Exception e) {
            throw new GeneralError("Failed to decode password with the provided key. Please check your key and try again.", e);
        }
    }

    public String decodePassword(String str, PrivateKey privateKey) throws Exception {
        byte[] decodeBuffer = new BASE64Decoder().decodeBuffer(str);
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(2, privateKey);
        return new String(cipher.doFinal(decodeBuffer));
    }

    private PrivateKey loadPrivateKeyByName(String str) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
        BufferedReader bufferedReader = new BufferedReader(new FileReader(str));
        StringBuffer stringBuffer = new StringBuffer();
        boolean z = false;
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                break;
            }
            if (readLine.startsWith("-----BEGIN PRIVATE KEY")) {
                z = true;
            } else if (!readLine.startsWith("-----END")) {
                stringBuffer.append(readLine);
            }
        }
        bufferedReader.close();
        if (z) {
            return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(Base64.decode(stringBuffer.toString())));
        }
        KeyPair keyPair = (KeyPair) new PEMReader(new BufferedReader(new FileReader(str))).readObject();
        if (keyPair == null) {
            return null;
        }
        return keyPair.getPrivate();
    }

    public GetPassword(String[] strArr) {
        super("ec2gpass", "ec2-get-password");
        this.currIndex = 0;
        init(getOptions());
        parseOpts(strArr);
    }

    private Options getOptions() {
        Options options = new Options();
        OptionBuilder.withLongOpt("instance");
        OptionBuilder.hasArgs();
        options.addOption(OptionBuilder.create("i"));
        OptionBuilder.withLongOpt(BaseCmd.PRIV_LAUNCH_KEY);
        OptionBuilder.hasArgs();
        OptionBuilder.withDescription(joinDescription(PRIV_LAUNCH_KEY_DESC));
        options.addOption(OptionBuilder.create("k"));
        return options;
    }

    @Override // com.amazon.aes.webservices.client.cmd.BaseCmd
    protected String getOptionString() {
        return "INSTANCE -k KEYFILE";
    }

    @Override // com.amazon.aes.webservices.client.cmd.BaseCmd
    public void printDescription() {
        super.printDescription();
        System.out.println("     Fetch and decrypt the Administrator password for a Windows instance.");
        System.out.println();
        System.out.println("     The password is encrypted with the private key used when launching");
        System.out.println("     the instance. The result is Base64-encoded and emitted to the console");
        System.out.println("     output when the instance boots. This command retrieves the last such");
        System.out.println("     data emitted by the instance and decrypts the password.");
        System.out.println();
        System.out.println("     The KEYFILE parameter is a file containing the unencrypted PEM encoded");
        System.out.println("     PKCS#8 private key portion of the keypair specified when launching the");
        System.out.println("     instance.");
    }

    @Override // com.amazon.aes.webservices.client.cmd.BaseCmd
    public void printOptions() {
        super.printOptions(true);
        printOption(BaseCmd.PRIV_LAUNCH_KEY);
    }

    @Override // com.amazon.aes.webservices.client.cmd.BaseCmd
    protected boolean invokeOnline(Jec2 jec2, Outputter outputter) throws Exception {
        assertNonOptionSet(BaseCmd.INSTANCE_ARG);
        assertOptionSet(BaseCmd.PRIV_LAUNCH_KEY);
        warnIfTooManyNonOptions();
        String str = getNonOptions()[0];
        PrivateKey loadPrivateKey = loadPrivateKey(getOptionValue(BaseCmd.PRIV_LAUNCH_KEY));
        RequestResultPair passwordData = jec2.getPasswordData(str);
        outputter.output(System.out, GetPasswordFromOutput(new String(((PasswordData) passwordData.getResponse()).pwdData), loadPrivateKey));
        System.out.println();
        outputter.printRequestId(System.out, (RequestResult) passwordData);
        return true;
    }

    protected PrivateKey loadPrivateKey(String str) {
        try {
            PrivateKey loadPrivateKeyByName = loadPrivateKeyByName(str);
            if (loadPrivateKeyByName == null) {
                throw new InvalidArgumentCombination("Unable to load private key from: " + str);
            }
            return loadPrivateKeyByName;
        } catch (Exception e) {
            throw new InvalidArgumentCombination("Unable to load private key: " + e.getMessage());
        }
    }

    public static void main(String[] strArr) {
        Security.addProvider(new BouncyCastleProvider());
        new GetPassword(strArr).invoke();
    }
}
