package io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.loader;

import io.jenkins.cli.shaded.org.apache.sshd.common.util.GenericUtils;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.ValidateUtils;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.buffer.BufferUtils;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.security.SecurityUtils;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.Objects;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:WEB-INF/lib/cli-2.283-rc30929.c73ad5d922a0.jar:io/jenkins/cli/shaded/org/apache/sshd/common/config/keys/loader/AbstractPrivateKeyObfuscator.class */
public abstract class AbstractPrivateKeyObfuscator implements PrivateKeyObfuscator {
    private final String algName;

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractPrivateKeyObfuscator(String str) {
        this.algName = ValidateUtils.checkNotNullAndNotEmpty(str, "No name specified");
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.loader.PrivateKeyObfuscator
    public final String getCipherName() {
        return this.algName;
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.loader.PrivateKeyObfuscator
    public byte[] generateInitializationVector(PrivateKeyEncryptionContext privateKeyEncryptionContext) throws GeneralSecurityException {
        return generateInitializationVector(resolveKeyLength(privateKeyEncryptionContext));
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.loader.PrivateKeyObfuscator
    public <A extends Appendable> A appendPrivateKeyEncryptionContext(A a, PrivateKeyEncryptionContext privateKeyEncryptionContext) throws IOException {
        if (privateKeyEncryptionContext == null) {
            return a;
        }
        a.append("DEK-Info: ").append(privateKeyEncryptionContext.getCipherName()).append('-').append(privateKeyEncryptionContext.getCipherType()).append('-').append(privateKeyEncryptionContext.getCipherMode());
        byte[] initVector = privateKeyEncryptionContext.getInitVector();
        Objects.requireNonNull(initVector, "No encryption init vector");
        ValidateUtils.checkTrue(initVector.length > 0, "Empty encryption init vector");
        BufferUtils.appendHex(a.append(','), (char) 0, initVector);
        a.append(System.lineSeparator());
        return a;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] generateInitializationVector(int i) {
        int i2 = i / 8;
        if (i % 8 != 0) {
            i2++;
        }
        byte[] bArr = new byte[i2];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    protected abstract int resolveKeyLength(PrivateKeyEncryptionContext privateKeyEncryptionContext) throws GeneralSecurityException;

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] deriveEncryptionKey(PrivateKeyEncryptionContext privateKeyEncryptionContext, int i) throws GeneralSecurityException {
        Objects.requireNonNull(privateKeyEncryptionContext, "No encryption context");
        ValidateUtils.checkNotNullAndNotEmpty(privateKeyEncryptionContext.getCipherName(), "No cipher name");
        ValidateUtils.checkNotNullAndNotEmpty(privateKeyEncryptionContext.getCipherType(), "No cipher type");
        ValidateUtils.checkNotNullAndNotEmpty(privateKeyEncryptionContext.getCipherMode(), "No cipher mode");
        byte[] bArr = (byte[]) Objects.requireNonNull(privateKeyEncryptionContext.getInitVector(), "No encryption init vector");
        ValidateUtils.checkTrue(bArr.length > 0, "Empty encryption init vector");
        byte[] bytes = ValidateUtils.checkNotNullAndNotEmpty(privateKeyEncryptionContext.getPassword(), "No encryption password").getBytes(StandardCharsets.UTF_8);
        byte[] bArr2 = new byte[i];
        MessageDigest messageDigest = SecurityUtils.getMessageDigest("md5");
        byte[] bArr3 = GenericUtils.EMPTY_BYTE_ARRAY;
        int i2 = 0;
        int length = bArr2.length;
        while (true) {
            int i3 = length;
            if (i2 >= bArr2.length) {
                return bArr2;
            }
            messageDigest.reset();
            messageDigest.update(bArr3, 0, bArr3.length);
            messageDigest.update(bytes, 0, bytes.length);
            messageDigest.update(bArr, 0, Math.min(bArr.length, 8));
            bArr3 = messageDigest.digest();
            System.arraycopy(bArr3, 0, bArr2, i2, Math.min(i3, bArr3.length));
            i2 += bArr3.length;
            length = i3 - bArr3.length;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] applyPrivateKeyCipher(byte[] bArr, PrivateKeyEncryptionContext privateKeyEncryptionContext, int i, byte[] bArr2, boolean z) throws GeneralSecurityException {
        int i2;
        Objects.requireNonNull(privateKeyEncryptionContext, "No encryption context");
        String checkNotNullAndNotEmpty = ValidateUtils.checkNotNullAndNotEmpty(privateKeyEncryptionContext.getCipherName(), "No cipher name");
        ValidateUtils.checkNotNullAndNotEmpty(privateKeyEncryptionContext.getCipherType(), "No cipher type");
        String checkNotNullAndNotEmpty2 = ValidateUtils.checkNotNullAndNotEmpty(privateKeyEncryptionContext.getCipherMode(), "No cipher mode");
        Objects.requireNonNull(bArr, "No source data");
        Objects.requireNonNull(bArr2, "No encryption key");
        ValidateUtils.checkTrue(bArr2.length > 0, "Empty encryption key");
        byte[] bArr3 = (byte[]) Objects.requireNonNull(privateKeyEncryptionContext.getInitVector(), "No encryption init vector");
        ValidateUtils.checkTrue(bArr3.length > 0, "Empty encryption init vector");
        String str = checkNotNullAndNotEmpty + "/" + checkNotNullAndNotEmpty2 + "/NoPadding";
        int maxAllowedKeyLength = Cipher.getMaxAllowedKeyLength(str);
        if (i > maxAllowedKeyLength) {
            throw new InvalidKeySpecException("applyPrivateKeyCipher(" + str + ")[encrypt=" + z + "] required key length (" + i + ") exceeds max. available: " + maxAllowedKeyLength);
        }
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr2, checkNotNullAndNotEmpty);
        IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr3);
        Cipher cipher = SecurityUtils.getCipher(str);
        int blockSize = cipher.getBlockSize();
        int length = bArr.length;
        cipher.init(z ? 1 : 2, secretKeySpec, ivParameterSpec);
        if (blockSize > 0 && (i2 = length % blockSize) > 0) {
            int i3 = length - i2;
            byte[] bArr4 = new byte[blockSize];
            Arrays.fill(bArr4, (byte) 10);
            System.arraycopy(bArr, i3, bArr4, 0, i2);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(length);
            try {
                try {
                    byteArrayOutputStream.write(cipher.update(bArr, 0, i3));
                    byteArrayOutputStream.write(cipher.doFinal(bArr4));
                    byteArrayOutputStream.close();
                    return byteArrayOutputStream.toByteArray();
                } catch (Throwable th) {
                    byteArrayOutputStream.close();
                    throw th;
                }
            } catch (IOException e) {
                throw new GeneralSecurityException("applyPrivateKeyCipher(" + str + ")[encrypt=" + z + "] failed (" + e.getClass().getSimpleName() + ") to split-write: " + e.getMessage(), e);
            }
        }
        return cipher.doFinal(bArr);
    }
}
