package io.jenkins.cli.shaded.org.apache.sshd.common.util.security.bouncycastle;

import io.jenkins.cli.shaded.org.apache.sshd.common.NamedResource;
import io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.FilePasswordProvider;
import io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.loader.AbstractKeyPairResourceParser;
import io.jenkins.cli.shaded.org.apache.sshd.common.session.SessionContext;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.GenericUtils;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.io.IoUtils;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.security.SecurityProviderRegistrar;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.security.SecurityUtils;
import io.jenkins.cli.shaded.org.bouncycastle.openssl.PEMEncryptedKeyPair;
import io.jenkins.cli.shaded.org.bouncycastle.openssl.PEMKeyPair;
import io.jenkins.cli.shaded.org.bouncycastle.openssl.PEMParser;
import io.jenkins.cli.shaded.org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import io.jenkins.cli.shaded.org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.ProtocolException;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.NoSuchProviderException;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import javax.security.auth.login.CredentialException;
import javax.security.auth.login.FailedLoginException;

/* loaded from: input_file:WEB-INF/lib/cli-2.396-rc33454.3e05b_488b_ec2.jar:io/jenkins/cli/shaded/org/apache/sshd/common/util/security/bouncycastle/BouncyCastleKeyPairResourceParser.class */
public class BouncyCastleKeyPairResourceParser extends AbstractKeyPairResourceParser {
    public static final List<String> BEGINNERS = Collections.unmodifiableList(Arrays.asList("BEGIN RSA PRIVATE KEY", "BEGIN DSA PRIVATE KEY", "BEGIN EC PRIVATE KEY"));
    public static final List<String> ENDERS = Collections.unmodifiableList(Arrays.asList("END RSA PRIVATE KEY", "END DSA PRIVATE KEY", "END EC PRIVATE KEY"));
    public static final BouncyCastleKeyPairResourceParser INSTANCE = new BouncyCastleKeyPairResourceParser();

    public BouncyCastleKeyPairResourceParser() {
        super(BEGINNERS, ENDERS);
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.loader.AbstractKeyPairResourceParser
    public Collection<KeyPair> extractKeyPairs(SessionContext sessionContext, NamedResource namedResource, String str, String str2, FilePasswordProvider filePasswordProvider, List<String> list, Map<String, String> map) throws IOException, GeneralSecurityException {
        StringBuilder sb = new StringBuilder(str.length() + str2.length() + (list.size() * 80));
        sb.append(str).append(IoUtils.EOL);
        list.forEach(str3 -> {
            sb.append(str3).append(IoUtils.EOL);
        });
        sb.append(str2).append(IoUtils.EOL);
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(sb.toString().getBytes(StandardCharsets.UTF_8));
        try {
            Collection<KeyPair> extractKeyPairs = extractKeyPairs(sessionContext, namedResource, str, str2, filePasswordProvider, byteArrayInputStream, map);
            byteArrayInputStream.close();
            return extractKeyPairs;
        } catch (Throwable th) {
            try {
                byteArrayInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.loader.AbstractKeyPairResourceParser
    public Collection<KeyPair> extractKeyPairs(SessionContext sessionContext, NamedResource namedResource, String str, String str2, FilePasswordProvider filePasswordProvider, InputStream inputStream, Map<String, String> map) throws IOException, GeneralSecurityException {
        KeyPair loadKeyPair = loadKeyPair(sessionContext, namedResource, inputStream, filePasswordProvider);
        return loadKeyPair == null ? Collections.emptyList() : Collections.singletonList(loadKeyPair);
    }

    public static KeyPair loadKeyPair(SessionContext sessionContext, NamedResource namedResource, InputStream inputStream, FilePasswordProvider filePasswordProvider) throws IOException, GeneralSecurityException {
        PEMParser pEMParser = new PEMParser(new InputStreamReader(inputStream, StandardCharsets.UTF_8));
        try {
            Object readObject = pEMParser.readObject();
            SecurityProviderRegistrar registeredProvider = SecurityUtils.getRegisteredProvider("BC");
            if (registeredProvider == null) {
                throw new NoSuchProviderException("BC registrar not available");
            }
            JcaPEMKeyConverter jcaPEMKeyConverter = new JcaPEMKeyConverter();
            if (registeredProvider.isNamedProviderUsed()) {
                jcaPEMKeyConverter.setProvider(registeredProvider.getName());
            } else {
                jcaPEMKeyConverter.setProvider(registeredProvider.getSecurityProvider());
            }
            if (readObject instanceof PEMEncryptedKeyPair) {
                if (filePasswordProvider == null) {
                    throw new CredentialException("Missing password provider for encrypted resource=" + namedResource);
                }
                int i = 0;
                while (true) {
                    String password = filePasswordProvider.getPassword(sessionContext, namedResource, i);
                    try {
                        if (GenericUtils.isEmpty(password)) {
                            throw new FailedLoginException("No password data for encrypted resource=" + namedResource);
                        }
                        readObject = ((PEMEncryptedKeyPair) readObject).decryptKeyPair(new JcePEMDecryptorProviderBuilder().build(password.toCharArray()));
                        filePasswordProvider.handleDecodeAttemptResult(sessionContext, namedResource, i, password, null);
                    } catch (IOException | RuntimeException | GeneralSecurityException e) {
                        FilePasswordProvider.ResourceDecodeResult handleDecodeAttemptResult = filePasswordProvider.handleDecodeAttemptResult(sessionContext, namedResource, i, password, e);
                        if (handleDecodeAttemptResult == null) {
                            handleDecodeAttemptResult = FilePasswordProvider.ResourceDecodeResult.TERMINATE;
                        }
                        switch (handleDecodeAttemptResult) {
                            case TERMINATE:
                                throw e;
                            case RETRY:
                                i++;
                            case IGNORE:
                                pEMParser.close();
                                return null;
                            default:
                                throw new ProtocolException("Unsupported decode attempt result (" + handleDecodeAttemptResult + ") for " + namedResource);
                        }
                    }
                }
            }
            if (readObject instanceof PEMKeyPair) {
                KeyPair keyPair = jcaPEMKeyConverter.getKeyPair((PEMKeyPair) readObject);
                pEMParser.close();
                return keyPair;
            }
            if (!(readObject instanceof KeyPair)) {
                throw new IOException("Failed to read " + namedResource + " - unknown result object: " + readObject);
            }
            KeyPair keyPair2 = (KeyPair) readObject;
            pEMParser.close();
            return keyPair2;
        } catch (Throwable th) {
            try {
                pEMParser.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }
}
