package io.jenkins.cli.shaded.org.apache.sshd.common.util.buffer.keys;

import io.jenkins.cli.shaded.org.apache.sshd.common.SshException;
import io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.OpenSshCertificate;
import io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.OpenSshCertificateImpl;
import io.jenkins.cli.shaded.org.apache.sshd.common.keyprovider.KeyPairProvider;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.buffer.Buffer;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.buffer.ByteArrayBuffer;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;

/* loaded from: input_file:WEB-INF/lib/cli-2.324-rc31772.809ebb4fad47.jar:io/jenkins/cli/shaded/org/apache/sshd/common/util/buffer/keys/OpenSSHCertPublicKeyParser.class */
public class OpenSSHCertPublicKeyParser extends AbstractBufferPublicKeyParser<OpenSshCertificate> {
    public static final List<String> KEY_TYPES = Collections.unmodifiableList(Arrays.asList(KeyPairProvider.SSH_RSA_CERT, KeyPairProvider.SSH_DSS_CERT, KeyPairProvider.SSH_ECDSA_SHA2_NISTP256_CERT, KeyPairProvider.SSH_ECDSA_SHA2_NISTP384_CERT, KeyPairProvider.SSH_ECDSA_SHA2_NISTP521_CERT, KeyPairProvider.SSH_ED25519_CERT));
    public static final OpenSSHCertPublicKeyParser INSTANCE = new OpenSSHCertPublicKeyParser();

    public OpenSSHCertPublicKeyParser() {
        super(OpenSshCertificate.class, KEY_TYPES);
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.util.buffer.keys.BufferPublicKeyParser
    public OpenSshCertificate getRawPublicKey(String str, Buffer buffer) throws GeneralSecurityException {
        OpenSshCertificateImpl openSshCertificateImpl = new OpenSshCertificateImpl();
        openSshCertificateImpl.setKeyType(str);
        openSshCertificateImpl.setNonce(buffer.getBytes());
        openSshCertificateImpl.setServerHostKey(DEFAULT.getRawPublicKey(openSshCertificateImpl.getRawKeyType(), buffer));
        openSshCertificateImpl.setSerial(buffer.getLong());
        openSshCertificateImpl.setType(buffer.getInt());
        openSshCertificateImpl.setId(buffer.getString());
        openSshCertificateImpl.setPrincipals(new ByteArrayBuffer(buffer.getBytes()).getStringList(false));
        openSshCertificateImpl.setValidAfter(buffer.getLong());
        openSshCertificateImpl.setValidBefore(buffer.getLong());
        openSshCertificateImpl.setCriticalOptions(buffer.getNameList());
        openSshCertificateImpl.setExtensions(buffer.getNameList());
        openSshCertificateImpl.setReserved(buffer.getString());
        try {
            openSshCertificateImpl.setCaPubKey(buffer.getPublicKey());
            openSshCertificateImpl.setMessage(buffer.getBytesConsumed());
            openSshCertificateImpl.setSignature(buffer.getBytes());
            if (buffer.rpos() != buffer.wpos()) {
                throw new InvalidKeyException("KeyExchange signature verification failed, got more data than expected: " + buffer.rpos() + ", actual: " + buffer.wpos() + ". ID of the ca certificate: " + openSshCertificateImpl.getId());
            }
            return openSshCertificateImpl;
        } catch (SshException e) {
            throw new InvalidKeyException("Could not parse public CA key with ID: " + openSshCertificateImpl.getId(), e);
        }
    }
}
