package io.jenkins.cli.shaded.org.apache.sshd.server.auth.pubkey;

import io.jenkins.cli.shaded.org.apache.sshd.common.NamedFactory;
import io.jenkins.cli.shaded.org.apache.sshd.common.NamedResource;
import io.jenkins.cli.shaded.org.apache.sshd.common.RuntimeSshException;
import io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.KeyUtils;
import io.jenkins.cli.shaded.org.apache.sshd.common.signature.Signature;
import io.jenkins.cli.shaded.org.apache.sshd.common.signature.SignatureFactoriesManager;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.GenericUtils;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.ValidateUtils;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.buffer.Buffer;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.buffer.BufferUtils;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.buffer.ByteArrayBuffer;
import io.jenkins.cli.shaded.org.apache.sshd.server.auth.AbstractUserAuth;
import io.jenkins.cli.shaded.org.apache.sshd.server.session.ServerSession;
import java.security.PublicKey;
import java.security.SignatureException;
import java.util.Collection;
import java.util.List;

/* loaded from: input_file:WEB-INF/lib/cli-2.221-SNAPSHOT.jar:io/jenkins/cli/shaded/org/apache/sshd/server/auth/pubkey/UserAuthPublicKey.class */
public class UserAuthPublicKey extends AbstractUserAuth implements SignatureFactoriesManager {
    public static final String NAME = "publickey";
    private List<NamedFactory<Signature>> factories;

    public UserAuthPublicKey() {
        this(null);
    }

    public UserAuthPublicKey(List<NamedFactory<Signature>> list) {
        super("publickey");
        this.factories = list;
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.signature.SignatureFactoriesManager
    public List<NamedFactory<Signature>> getSignatureFactories() {
        return this.factories;
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.signature.SignatureFactoriesManager
    public void setSignatureFactories(List<NamedFactory<Signature>> list) {
        this.factories = list;
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.server.auth.AbstractUserAuth
    public Boolean doAuth(Buffer buffer, boolean z) throws Exception {
        ValidateUtils.checkTrue(z, "Instance not initialized");
        boolean z2 = buffer.getBoolean();
        String string = buffer.getString();
        int wpos = buffer.wpos();
        int rpos = buffer.rpos();
        int i = buffer.getInt();
        buffer.wpos(buffer.rpos() + i);
        ServerSession serverSession = getServerSession();
        String username = getUsername();
        PublicKey rawPublicKey = buffer.getRawPublicKey();
        Collection checkNotNullAndNotEmpty = ValidateUtils.checkNotNullAndNotEmpty(SignatureFactoriesManager.resolveSignatureFactories(this, serverSession), "No signature factories for session=%s", serverSession);
        if (this.log.isDebugEnabled()) {
            this.log.debug("doAuth({}@{}) verify key type={}, factories={}, fingerprint={}", username, serverSession, string, NamedResource.getNames(checkNotNullAndNotEmpty), KeyUtils.getFingerPrint(rawPublicKey));
        }
        Signature signature = (Signature) ValidateUtils.checkNotNull(NamedFactory.create(checkNotNullAndNotEmpty, string), "No verifier located for algorithm=%s", string);
        signature.initVerifier(rawPublicKey);
        buffer.wpos(wpos);
        byte[] bytes = z2 ? buffer.getBytes() : null;
        PublickeyAuthenticator publickeyAuthenticator = serverSession.getPublickeyAuthenticator();
        if (publickeyAuthenticator == null) {
            if (this.log.isDebugEnabled()) {
                this.log.debug("doAuth({}@{}) key type={}, fingerprint={} - no authenticator", username, serverSession, string, KeyUtils.getFingerPrint(rawPublicKey));
            }
            return Boolean.FALSE;
        }
        try {
            boolean authenticate = publickeyAuthenticator.authenticate(username, rawPublicKey, serverSession);
            if (this.log.isDebugEnabled()) {
                this.log.debug("doAuth({}@{}) key type={}, fingerprint={} - authentication result: {}", username, serverSession, string, KeyUtils.getFingerPrint(rawPublicKey), Boolean.valueOf(authenticate));
            }
            if (!authenticate) {
                return Boolean.FALSE;
            }
            if (!z2) {
                sendPublicKeyResponse(serverSession, username, string, rawPublicKey, buffer.array(), rpos, 4 + i, buffer);
                return null;
            }
            buffer.rpos(rpos);
            buffer.wpos(rpos + 4 + i);
            if (!verifySignature(serverSession, getService(), getName(), username, string, rawPublicKey, buffer, signature, bytes)) {
                throw new SignatureException("Key verification failed");
            }
            if (this.log.isDebugEnabled()) {
                this.log.debug("doAuth({}@{}) key type={}, fingerprint={} - verified", username, serverSession, string, KeyUtils.getFingerPrint(rawPublicKey));
            }
            return Boolean.TRUE;
        } catch (Error e) {
            this.log.warn("doAuth({}@{}) failed ({}) to consult delegate for {} key={}: {}", username, serverSession, e.getClass().getSimpleName(), string, KeyUtils.getFingerPrint(rawPublicKey), e.getMessage());
            if (this.log.isDebugEnabled()) {
                this.log.debug("doAuth(" + username + "@" + serverSession + ") delegate failure details", (Throwable) e);
            }
            throw new RuntimeSshException(e);
        }
    }

    protected boolean verifySignature(ServerSession serverSession, String str, String str2, String str3, String str4, PublicKey publicKey, Buffer buffer, Signature signature, byte[] bArr) throws Exception {
        byte[] sessionId = serverSession.getSessionId();
        ByteArrayBuffer byteArrayBuffer = new ByteArrayBuffer(sessionId.length + str3.length() + str.length() + str2.length() + str4.length() + 256 + 64, false);
        byteArrayBuffer.putBytes(sessionId);
        byteArrayBuffer.putByte((byte) 50);
        byteArrayBuffer.putString(str3);
        byteArrayBuffer.putString(str);
        byteArrayBuffer.putString(str2);
        byteArrayBuffer.putBoolean(true);
        byteArrayBuffer.putString(str4);
        byteArrayBuffer.putBuffer(buffer);
        if (this.log.isTraceEnabled()) {
            this.log.trace("verifySignature({}@{})[{}][{}] key type={}, fingerprint={} - verification data={}", str3, serverSession, str, str2, str4, KeyUtils.getFingerPrint(publicKey), byteArrayBuffer.toHex());
            this.log.trace("verifySignature({}@{})[{}][{}] key type={}, fingerprint={} - expected signature={}", str3, serverSession, str, str2, str4, KeyUtils.getFingerPrint(publicKey), BufferUtils.toHex(bArr));
        }
        signature.update(byteArrayBuffer.array(), byteArrayBuffer.rpos(), byteArrayBuffer.available());
        return signature.verify(bArr);
    }

    protected void sendPublicKeyResponse(ServerSession serverSession, String str, String str2, PublicKey publicKey, byte[] bArr, int i, int i2, Buffer buffer) throws Exception {
        if (this.log.isDebugEnabled()) {
            this.log.debug("doAuth({}@{}) send SSH_MSG_USERAUTH_PK_OK for key type={}, fingerprint={}", str, serverSession, str2, KeyUtils.getFingerPrint(publicKey));
        }
        Buffer createBuffer = serverSession.createBuffer((byte) 60, GenericUtils.length(str2) + i2 + 32);
        createBuffer.putString(str2);
        createBuffer.putRawBytes(bArr, i, i2);
        serverSession.writePacket(createBuffer);
    }
}
