package org.apache.sshd.common.util;

import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.nio.charset.StandardCharsets;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import javax.crypto.Cipher;
import javax.crypto.KeyAgreement;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import org.apache.sshd.common.config.keys.FilePasswordProvider;
import org.apache.sshd.common.keyprovider.AbstractClassLoadableResourceKeyPairProvider;
import org.apache.sshd.common.keyprovider.AbstractFileKeyPairProvider;
import org.apache.sshd.common.random.AbstractRandom;
import org.apache.sshd.common.random.AbstractRandomFactory;
import org.apache.sshd.common.random.Random;
import org.apache.sshd.server.keyprovider.AbstractGeneratorHostKeyProvider;
import org.bouncycastle.crypto.prng.RandomGenerator;
import org.bouncycastle.crypto.prng.VMPCRandomGenerator;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.PEMWriter;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/jenkins-cli.jar:org/apache/sshd/common/util/SecurityUtils.class
 */
/* loaded from: input_file:WEB-INF/lib/sshd-core-0.14.0.jar:org/apache/sshd/common/util/SecurityUtils.class */
public class SecurityUtils {
    public static final String BOUNCY_CASTLE = "BC";
    private static final Logger LOG = LoggerFactory.getLogger(SecurityUtils.class);
    private static String securityProvider = null;
    private static Boolean registerBouncyCastle;
    private static boolean registrationDone;
    private static Boolean hasEcc;

    /* loaded from: input_file:WEB-INF/jenkins-cli.jar:org/apache/sshd/common/util/SecurityUtils$BouncyCastleClassLoadableResourceKeyPairProvider.class */
    private static final class BouncyCastleClassLoadableResourceKeyPairProvider extends AbstractClassLoadableResourceKeyPairProvider {
        private BouncyCastleClassLoadableResourceKeyPairProvider() {
            ValidateUtils.checkTrue(SecurityUtils.isBouncyCastleRegistered(), "BouncyCastle not registered");
        }

        @Override // org.apache.sshd.common.keyprovider.AbstractResourceKeyPairProvider
        protected KeyPair doLoadKey(String str, InputStream inputStream, FilePasswordProvider filePasswordProvider) throws IOException, GeneralSecurityException {
            return BouncyCastleInputStreamLoader.loadKeyPair(str, inputStream, filePasswordProvider);
        }
    }

    /* loaded from: input_file:WEB-INF/jenkins-cli.jar:org/apache/sshd/common/util/SecurityUtils$BouncyCastleFileKeyPairProvider.class */
    private static final class BouncyCastleFileKeyPairProvider extends AbstractFileKeyPairProvider {
        private BouncyCastleFileKeyPairProvider() {
            ValidateUtils.checkTrue(SecurityUtils.isBouncyCastleRegistered(), "BouncyCastle not registered");
        }

        @Override // org.apache.sshd.common.keyprovider.AbstractResourceKeyPairProvider
        protected KeyPair doLoadKey(String str, InputStream inputStream, FilePasswordProvider filePasswordProvider) throws IOException, GeneralSecurityException {
            return BouncyCastleInputStreamLoader.loadKeyPair(str, inputStream, filePasswordProvider);
        }
    }

    /* loaded from: input_file:WEB-INF/jenkins-cli.jar:org/apache/sshd/common/util/SecurityUtils$BouncyCastleGeneratorHostKeyProvider.class */
    private static final class BouncyCastleGeneratorHostKeyProvider extends AbstractGeneratorHostKeyProvider {
        private BouncyCastleGeneratorHostKeyProvider(Path path) {
            ValidateUtils.checkTrue(SecurityUtils.isBouncyCastleRegistered(), "BouncyCastle not registered");
            setPath(path);
        }

        protected KeyPair doReadKeyPair(String str, InputStream inputStream) throws IOException, GeneralSecurityException {
            return BouncyCastleInputStreamLoader.loadKeyPair(str, inputStream, null);
        }

        protected void doWriteKeyPair(String str, KeyPair keyPair, OutputStream outputStream) throws IOException, GeneralSecurityException {
            PEMWriter pEMWriter = new PEMWriter(new OutputStreamWriter(outputStream, StandardCharsets.UTF_8));
            Throwable th = null;
            try {
                pEMWriter.writeObject(keyPair);
                pEMWriter.flush();
                if (pEMWriter != null) {
                    if (0 == 0) {
                        pEMWriter.close();
                        return;
                    }
                    try {
                        pEMWriter.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                if (pEMWriter != null) {
                    if (0 != 0) {
                        try {
                            pEMWriter.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        pEMWriter.close();
                    }
                }
                throw th3;
            }
        }
    }

    /* loaded from: input_file:WEB-INF/jenkins-cli.jar:org/apache/sshd/common/util/SecurityUtils$BouncyCastleInputStreamLoader.class */
    private static class BouncyCastleInputStreamLoader {
        private BouncyCastleInputStreamLoader() {
        }

        public static KeyPair loadKeyPair(String str, InputStream inputStream, FilePasswordProvider filePasswordProvider) throws IOException, GeneralSecurityException {
            PEMParser pEMParser = new PEMParser(new InputStreamReader(inputStream, StandardCharsets.UTF_8));
            Throwable th = null;
            try {
                Object readObject = pEMParser.readObject();
                JcaPEMKeyConverter jcaPEMKeyConverter = new JcaPEMKeyConverter();
                jcaPEMKeyConverter.setProvider("BC");
                if (readObject instanceof PEMEncryptedKeyPair) {
                    ValidateUtils.checkNotNull(filePasswordProvider, "No password provider for resource=%s", str);
                    readObject = ((PEMEncryptedKeyPair) readObject).decryptKeyPair(new JcePEMDecryptorProviderBuilder().build(ValidateUtils.checkNotNullAndNotEmpty(filePasswordProvider.getPassword(str), "No password provided for resource=%s", str).toCharArray()));
                }
                if (readObject instanceof PEMKeyPair) {
                    KeyPair keyPair = jcaPEMKeyConverter.getKeyPair((PEMKeyPair) readObject);
                    if (pEMParser != null) {
                        if (0 != 0) {
                            try {
                                pEMParser.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            pEMParser.close();
                        }
                    }
                    return keyPair;
                }
                if (!(readObject instanceof KeyPair)) {
                    throw new IOException("Failed to read " + str + " - unknown result object: " + readObject);
                }
                KeyPair keyPair2 = (KeyPair) readObject;
                if (pEMParser != null) {
                    if (0 != 0) {
                        try {
                            pEMParser.close();
                        } catch (Throwable th3) {
                            th.addSuppressed(th3);
                        }
                    } else {
                        pEMParser.close();
                    }
                }
                return keyPair2;
            } catch (Throwable th4) {
                if (pEMParser != null) {
                    if (0 != 0) {
                        try {
                            pEMParser.close();
                        } catch (Throwable th5) {
                            th.addSuppressed(th5);
                        }
                    } else {
                        pEMParser.close();
                    }
                }
                throw th4;
            }
        }
    }

    /* loaded from: input_file:WEB-INF/jenkins-cli.jar:org/apache/sshd/common/util/SecurityUtils$BouncyCastleRandom.class */
    public static final class BouncyCastleRandom extends AbstractRandom {
        public static final String NAME = "BC";
        private final RandomGenerator random;

        BouncyCastleRandom() {
            ValidateUtils.checkTrue(SecurityUtils.isBouncyCastleRegistered(), "BouncyCastle not registered");
            this.random = new VMPCRandomGenerator();
            this.random.addSeedMaterial(new SecureRandom().generateSeed(8));
        }

        @Override // org.apache.sshd.common.NamedResource
        public String getName() {
            return "BC";
        }

        @Override // org.apache.sshd.common.random.Random
        public void fill(byte[] bArr, int i, int i2) {
            this.random.nextBytes(bArr, i, i2);
        }

        @Override // org.apache.sshd.common.random.Random
        public int random(int i) {
            int next;
            int i2;
            ValidateUtils.checkTrue(i > 0, "Limit must be positive: %d", i);
            if ((i & (-i)) == i) {
                return (int) ((i * next(31)) >> 31);
            }
            do {
                next = next(31);
                i2 = next % i;
            } while ((next - i2) + (i - 1) < 0);
            return i2;
        }

        private int next(int i) {
            int i2 = (i + 7) / 8;
            byte[] bArr = new byte[i2];
            int i3 = 0;
            this.random.nextBytes(bArr);
            for (int i4 = 0; i4 < i2; i4++) {
                i3 = (bArr[i4] & 255) | (i3 << 8);
            }
            return i3 >>> ((i2 * 8) - i);
        }
    }

    /* loaded from: input_file:WEB-INF/jenkins-cli.jar:org/apache/sshd/common/util/SecurityUtils$BouncyCastleRandomFactory.class */
    public static final class BouncyCastleRandomFactory extends AbstractRandomFactory {
        public static final String NAME = "bouncycastle";
        private static final BouncyCastleRandomFactory INSTANCE = new BouncyCastleRandomFactory();

        public BouncyCastleRandomFactory() {
            super(NAME);
        }

        @Override // org.apache.sshd.common.OptionalFeature
        public boolean isSupported() {
            return SecurityUtils.isBouncyCastleRegistered();
        }

        @Override // org.apache.sshd.common.Factory
        public Random create() {
            return new BouncyCastleRandom();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:WEB-INF/jenkins-cli.jar:org/apache/sshd/common/util/SecurityUtils$BouncyCastleRegistration.class
     */
    /* loaded from: input_file:WEB-INF/lib/sshd-core-0.14.0.jar:org/apache/sshd/common/util/SecurityUtils$BouncyCastleRegistration.class */
    public static class BouncyCastleRegistration {
        private BouncyCastleRegistration() {
        }

        public void run() throws Exception {
            if (Security.getProvider("BC") == null) {
                SecurityUtils.LOG.info("Trying to register BouncyCastle as a JCE provider");
                Security.addProvider(new BouncyCastleProvider());
                MessageDigest.getInstance("MD5", "BC");
                KeyAgreement.getInstance("DH", "BC");
                SecurityUtils.LOG.info("Registration succeeded");
            } else {
                SecurityUtils.LOG.info("BouncyCastle already registered as a JCE provider");
            }
            String unused = SecurityUtils.securityProvider = "BC";
        }
    }

    public static boolean hasEcc() {
        if (hasEcc == null) {
            try {
                getKeyPairGenerator(org.apache.sshd.common.config.keys.KeyUtils.EC_ALGORITHM);
                hasEcc = true;
            } catch (Throwable th) {
                hasEcc = false;
            }
        }
        return hasEcc.booleanValue();
    }

    public static synchronized void setSecurityProvider(String str) {
        securityProvider = str;
        registrationDone = false;
    }

    public static synchronized void setRegisterBouncyCastle(boolean z) {
        registerBouncyCastle = Boolean.valueOf(z);
        registrationDone = false;
    }

    public static synchronized String getSecurityProvider() {
        register();
        return securityProvider;
    }

    public static synchronized boolean isBouncyCastleRegistered() {
        register();
        return "BC".equals(securityProvider);
    }

    private static void register() {
        String property;
        if (registrationDone) {
            return;
        }
        if (registerBouncyCastle == null && (property = System.getProperty("org.apache.sshd.registerBouncyCastle")) != null) {
            registerBouncyCastle = Boolean.valueOf(Boolean.parseBoolean(property));
        }
        if (securityProvider == null && (registerBouncyCastle == null || registerBouncyCastle.booleanValue())) {
            try {
                new BouncyCastleRegistration().run();
            } catch (Throwable th) {
                if (registerBouncyCastle != null) {
                    LOG.error("Failed to register BouncyCastle as the defaut JCE provider");
                    throw new RuntimeException("Failed to register BouncyCastle as the defaut JCE provider", th);
                }
                LOG.info("BouncyCastle not registered, using the default JCE provider");
            }
        }
        registrationDone = true;
    }

    public static synchronized KeyFactory getKeyFactory(String str) throws NoSuchAlgorithmException, NoSuchProviderException {
        register();
        return getSecurityProvider() == null ? KeyFactory.getInstance(str) : KeyFactory.getInstance(str, getSecurityProvider());
    }

    public static synchronized Cipher getCipher(String str) throws NoSuchAlgorithmException, NoSuchPaddingException, NoSuchProviderException {
        register();
        return getSecurityProvider() == null ? Cipher.getInstance(str) : Cipher.getInstance(str, getSecurityProvider());
    }

    public static synchronized MessageDigest getMessageDigest(String str) throws NoSuchAlgorithmException, NoSuchProviderException {
        register();
        return getSecurityProvider() == null ? MessageDigest.getInstance(str) : MessageDigest.getInstance(str, getSecurityProvider());
    }

    public static synchronized KeyPairGenerator getKeyPairGenerator(String str) throws NoSuchAlgorithmException, NoSuchProviderException {
        register();
        return getSecurityProvider() == null ? KeyPairGenerator.getInstance(str) : KeyPairGenerator.getInstance(str, getSecurityProvider());
    }

    public static synchronized KeyAgreement getKeyAgreement(String str) throws NoSuchAlgorithmException, NoSuchProviderException {
        register();
        return getSecurityProvider() == null ? KeyAgreement.getInstance(str) : KeyAgreement.getInstance(str, getSecurityProvider());
    }

    public static synchronized Mac getMac(String str) throws NoSuchAlgorithmException, NoSuchProviderException {
        register();
        return getSecurityProvider() == null ? Mac.getInstance(str) : Mac.getInstance(str, getSecurityProvider());
    }

    public static synchronized Signature getSignature(String str) throws NoSuchAlgorithmException, NoSuchProviderException {
        register();
        return getSecurityProvider() == null ? Signature.getInstance(str) : Signature.getInstance(str, getSecurityProvider());
    }
}
