package io.jenkins.cli.shaded.org.apache.sshd.common.util.buffer.keys;

import io.jenkins.cli.shaded.org.apache.sshd.common.SshException;
import io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.OpenSshCertificate;
import io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.OpenSshCertificateImpl;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.GenericUtils;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.buffer.Buffer;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.buffer.ByteArrayBuffer;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;

/* loaded from: input_file:WEB-INF/lib/cli-2.394-rc33389.e41a_ea_a_cf434.jar:io/jenkins/cli/shaded/org/apache/sshd/common/util/buffer/keys/OpenSSHCertPublicKeyParser.class */
public class OpenSSHCertPublicKeyParser extends AbstractBufferPublicKeyParser<OpenSshCertificate> {
    public static final List<String> KEY_TYPES = Collections.unmodifiableList(Arrays.asList("ssh-rsa-cert-v01@openssh.com", "ssh-dss-cert-v01@openssh.com", "ecdsa-sha2-nistp256-cert-v01@openssh.com", "ecdsa-sha2-nistp384-cert-v01@openssh.com", "ecdsa-sha2-nistp521-cert-v01@openssh.com", "ssh-ed25519-cert-v01@openssh.com"));
    public static final OpenSSHCertPublicKeyParser INSTANCE = new OpenSSHCertPublicKeyParser();

    public OpenSSHCertPublicKeyParser() {
        super(OpenSshCertificate.class, KEY_TYPES);
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.util.buffer.keys.BufferPublicKeyParser
    public OpenSshCertificate getRawPublicKey(String str, Buffer buffer) throws GeneralSecurityException {
        OpenSshCertificateImpl openSshCertificateImpl = new OpenSshCertificateImpl();
        openSshCertificateImpl.setKeyType(str);
        openSshCertificateImpl.setNonce(buffer.getBytes());
        openSshCertificateImpl.setCertPubKey(DEFAULT.getRawPublicKey(openSshCertificateImpl.getRawKeyType(), buffer));
        openSshCertificateImpl.setSerial(buffer.getLong());
        openSshCertificateImpl.setType(OpenSshCertificate.Type.fromCode(buffer.getInt()));
        openSshCertificateImpl.setId(buffer.getString());
        openSshCertificateImpl.setPrincipals(new ByteArrayBuffer(buffer.getBytes()).getStringList(false));
        openSshCertificateImpl.setValidAfter(buffer.getLong());
        openSshCertificateImpl.setValidBefore(buffer.getLong());
        openSshCertificateImpl.setCriticalOptions(buffer.getCertificateOptions());
        openSshCertificateImpl.setExtensions(buffer.getCertificateOptions());
        String trimToEmpty = GenericUtils.trimToEmpty(buffer.getString());
        openSshCertificateImpl.setReserved(trimToEmpty.isEmpty() ? null : trimToEmpty);
        try {
            openSshCertificateImpl.setCaPubKey(buffer.getPublicKey());
            openSshCertificateImpl.setMessage(buffer.getBytesConsumed());
            openSshCertificateImpl.setSignature(buffer.getBytes());
            if (buffer.rpos() != buffer.wpos()) {
                throw new InvalidKeyException("Cannot read OpenSSH certificate, got more data than expected: " + buffer.rpos() + ", actual: " + buffer.wpos() + ". ID of the ca certificate: " + openSshCertificateImpl.getId());
            }
            return openSshCertificateImpl;
        } catch (SshException e) {
            throw new InvalidKeyException("Could not parse public CA key with ID: " + openSshCertificateImpl.getId(), e);
        }
    }
}
