package com.atlassian.bitbucket.ssh.util;

import com.atlassian.bitbucket.ssh.Digest;
import com.atlassian.bitbucket.ssh.StandardDigests;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Lists;
import com.google.common.io.ByteStreams;
import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.io.EOFException;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.interfaces.DSAParams;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.DSAPublicKeySpec;
import java.security.spec.ECFieldFp;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.EllipticCurve;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import javax.annotation.Nonnull;
import javax.annotation.concurrent.NotThreadSafe;
import net.i2p.crypto.eddsa.EdDSAPublicKey;
import net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable;
import net.i2p.crypto.eddsa.spec.EdDSAParameterSpec;
import net.i2p.crypto.eddsa.spec.EdDSAPublicKeySpec;
import org.apache.commons.lang3.StringUtils;
import org.apache.sshd.common.util.buffer.ByteArrayBuffer;
import org.apache.sshd.common.util.security.SecurityUtils;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.ECPointUtil;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECParameterSpec;
import org.bouncycastle.math.ec.custom.sec.SecP256R1Curve;
import org.bouncycastle.math.ec.custom.sec.SecP384R1Curve;
import org.bouncycastle.math.ec.custom.sec.SecP521R1Curve;
import org.bouncycastle.util.encoders.Base64;
import org.bouncycastle.util.encoders.DecoderException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/bitbucket/ssh/util/KeyUtils.class */
public final class KeyUtils {
    private static final String KEY_PREFIX = "AAAA";
    private static final String RSA_ALGORITHM = "RSA";
    private static final String DSA_ALGORITHM = "DSA";
    private static final String ECDSA_ALGORITHM = "EC";
    private static final String P256_CURVE = "nistp256";
    private static final String P384_CURVE = "nistp384";
    private static final String P521_CURVE = "nistp521";
    private static final String ED25519_ALGORITHM = "EDDSA";
    private static final Logger log = LoggerFactory.getLogger(KeyUtils.class);
    private static final ECParameterSpec ECDSA_P256_SPEC = ECNamedCurveTable.getParameterSpec("secp256r1");
    private static final ECParameterSpec ECDSA_P384_SPEC = ECNamedCurveTable.getParameterSpec("secp384r1");
    private static final ECParameterSpec ECDSA_P521_SPEC = ECNamedCurveTable.getParameterSpec("secp521r1");
    private static final EdDSAParameterSpec ED25519_SPEC = EdDSANamedCurveTable.getByName("ed25519");
    private static final String RSA_TYPE = "ssh-rsa";
    private static final String DSA_TYPE = "ssh-dss";
    private static final String ECDSA_P256_TYPE = "ecdsa-sha2-nistp256";
    private static final String ECDSA_P384_TYPE = "ecdsa-sha2-nistp384";
    private static final String ECDSA_P521_TYPE = "ecdsa-sha2-nistp521";
    private static final String ED25519_TYPE = "ssh-ed25519";
    private static final Map<String, KeySpecDecoder> DECODERS = ImmutableMap.builder().put(RSA_TYPE, new RSAKeySpecDecoder()).put(DSA_TYPE, new DSAKeySpecDecoder()).put(ECDSA_P256_TYPE, new ECDSAKeySpecDecoder()).put(ECDSA_P384_TYPE, new ECDSAKeySpecDecoder()).put(ECDSA_P521_TYPE, new ECDSAKeySpecDecoder()).put(ED25519_TYPE, new Ed25519KeySpecDecoder()).build();

    /* loaded from: input_file:com/atlassian/bitbucket/ssh/util/KeyUtils$DSAKeySpecDecoder.class */
    private static class DSAKeySpecDecoder implements KeySpecDecoder {
        private DSAKeySpecDecoder() {
        }

        @Override // com.atlassian.bitbucket.ssh.util.KeyUtils.KeySpecDecoder
        public String getType() {
            return KeyUtils.DSA_ALGORITHM;
        }

        @Override // com.atlassian.bitbucket.ssh.util.KeyUtils.KeySpecDecoder
        public DSAPublicKeySpec getSpec(SimpleDataReader simpleDataReader) throws EOFException {
            return new DSAPublicKeySpec(simpleDataReader.readBigInteger(), simpleDataReader.readBigInteger(), simpleDataReader.readBigInteger(), simpleDataReader.readBigInteger());
        }
    }

    /* loaded from: input_file:com/atlassian/bitbucket/ssh/util/KeyUtils$ECDSAKeySpecDecoder.class */
    private static class ECDSAKeySpecDecoder implements KeySpecDecoder {
        private ECDSAKeySpecDecoder() {
        }

        @Override // com.atlassian.bitbucket.ssh.util.KeyUtils.KeySpecDecoder
        public String getType() {
            return KeyUtils.ECDSA_ALGORITHM;
        }

        @Override // com.atlassian.bitbucket.ssh.util.KeyUtils.KeySpecDecoder
        public ECPublicKeySpec getSpec(SimpleDataReader simpleDataReader) throws EOFException {
            ECParameterSpec eCParameterSpec;
            SecP256R1Curve secP521R1Curve;
            String readString = simpleDataReader.readString();
            byte[] readBytes = simpleDataReader.readBytes();
            if (readString.equalsIgnoreCase(KeyUtils.P256_CURVE)) {
                eCParameterSpec = KeyUtils.ECDSA_P256_SPEC;
                secP521R1Curve = new SecP256R1Curve();
            } else if (readString.equalsIgnoreCase(KeyUtils.P384_CURVE)) {
                eCParameterSpec = KeyUtils.ECDSA_P384_SPEC;
                secP521R1Curve = new SecP384R1Curve();
            } else {
                if (!readString.equalsIgnoreCase(KeyUtils.P521_CURVE)) {
                    throw new IllegalArgumentException("Unsupported elliptic curve");
                }
                eCParameterSpec = KeyUtils.ECDSA_P521_SPEC;
                secP521R1Curve = new SecP521R1Curve();
            }
            EllipticCurve ellipticCurve = new EllipticCurve(new ECFieldFp(secP521R1Curve.getField().getCharacteristic()), secP521R1Curve.getA().toBigInteger(), secP521R1Curve.getB().toBigInteger());
            return new ECPublicKeySpec(ECPointUtil.decodePoint(ellipticCurve, readBytes), new java.security.spec.ECParameterSpec(ellipticCurve, new ECPoint(eCParameterSpec.getG().getAffineXCoord().toBigInteger(), eCParameterSpec.getG().getAffineYCoord().toBigInteger()), eCParameterSpec.getN(), eCParameterSpec.getH().intValue()));
        }
    }

    /* loaded from: input_file:com/atlassian/bitbucket/ssh/util/KeyUtils$Ed25519KeySpecDecoder.class */
    private static class Ed25519KeySpecDecoder implements KeySpecDecoder {
        private Ed25519KeySpecDecoder() {
        }

        @Override // com.atlassian.bitbucket.ssh.util.KeyUtils.KeySpecDecoder
        public String getType() {
            return KeyUtils.ED25519_ALGORITHM;
        }

        @Override // com.atlassian.bitbucket.ssh.util.KeyUtils.KeySpecDecoder
        public KeySpec getSpec(SimpleDataReader simpleDataReader) throws EOFException {
            return new EdDSAPublicKeySpec(simpleDataReader.readBytes(), KeyUtils.ED25519_SPEC);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/atlassian/bitbucket/ssh/util/KeyUtils$KeyBytesAndLabel.class */
    public static class KeyBytesAndLabel {
        private final byte[] decodedBytes;
        private final String label;

        public KeyBytesAndLabel(byte[] bArr, String str) {
            this.decodedBytes = bArr;
            this.label = str;
        }

        public byte[] getDecodedBytes() {
            return this.decodedBytes;
        }

        public String getLabel() {
            return this.label;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/atlassian/bitbucket/ssh/util/KeyUtils$KeySpecDecoder.class */
    public interface KeySpecDecoder {
        String getType();

        KeySpec getSpec(SimpleDataReader simpleDataReader) throws EOFException;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/atlassian/bitbucket/ssh/util/KeyUtils$KeyTypeAndBytes.class */
    public static class KeyTypeAndBytes {
        private final String type;
        private final byte[] bytes;

        private KeyTypeAndBytes(String str, byte[] bArr) {
            this.type = str;
            this.bytes = bArr;
        }

        public String getType() {
            return this.type;
        }

        public byte[] getBytes() {
            return this.bytes;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/atlassian/bitbucket/ssh/util/KeyUtils$PublicKeyAndLabel.class */
    public static class PublicKeyAndLabel {
        private final PublicKey publicKey;
        private final String label;

        public PublicKeyAndLabel(PublicKey publicKey, String str) {
            this.publicKey = publicKey;
            this.label = str;
        }

        public PublicKey getPublicKey() {
            return this.publicKey;
        }

        public String getLabel() {
            return this.label;
        }
    }

    /* loaded from: input_file:com/atlassian/bitbucket/ssh/util/KeyUtils$RSAKeySpecDecoder.class */
    private static class RSAKeySpecDecoder implements KeySpecDecoder {
        private RSAKeySpecDecoder() {
        }

        @Override // com.atlassian.bitbucket.ssh.util.KeyUtils.KeySpecDecoder
        public String getType() {
            return KeyUtils.RSA_ALGORITHM;
        }

        @Override // com.atlassian.bitbucket.ssh.util.KeyUtils.KeySpecDecoder
        public RSAPublicKeySpec getSpec(SimpleDataReader simpleDataReader) throws EOFException {
            return new RSAPublicKeySpec(simpleDataReader.readBigInteger(), simpleDataReader.readBigInteger());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    @NotThreadSafe
    /* loaded from: input_file:com/atlassian/bitbucket/ssh/util/KeyUtils$SimpleDataReader.class */
    public static class SimpleDataReader {
        private final DataInputStream data;

        public SimpleDataReader(byte[] bArr) {
            this.data = new DataInputStream(new ByteArrayInputStream(bArr));
        }

        /* JADX INFO: Access modifiers changed from: private */
        public byte[] readBytes() throws EOFException {
            try {
                byte[] bArr = new byte[this.data.readInt()];
                ByteStreams.readFully(this.data, bArr);
                return bArr;
            } catch (EOFException e) {
                throw e;
            } catch (IOException e2) {
                throw new RuntimeException(e2);
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public String readString() throws EOFException {
            return new String(readBytes(), StandardCharsets.US_ASCII);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public BigInteger readBigInteger() throws EOFException {
            return new BigInteger(readBytes());
        }
    }

    @Deprecated
    public static String computeMD5(byte[] bArr) {
        return StandardDigests.MD5.apply(bArr);
    }

    public static String getKeyComment(String str) {
        if (str == null) {
            return "";
        }
        try {
            return decodeKeyAndLabel(str).getLabel();
        } catch (IllegalArgumentException | IllegalStateException e) {
            log.debug("Invalid key: [{}]", str, e);
            return "";
        }
    }

    public static PublicKey getPublicKey(String str) {
        return decodeKeyAndLabel(str).getPublicKey();
    }

    public static String getKeyText(PublicKey publicKey) {
        KeyTypeAndBytes encodePublicKey = encodePublicKey(publicKey);
        return encodePublicKey.getType() + " " + Base64.toBase64String(encodePublicKey.getBytes());
    }

    public static String calculateFingerprint(@Nonnull PublicKey publicKey) {
        return calculateFingerprint(publicKey, StandardDigests.MD5);
    }

    public static String calculateFingerprint(@Nonnull PublicKey publicKey, @Nonnull Digest digest) {
        return digest.apply(encodePublicKey(publicKey).getBytes());
    }

    private static PublicKeyAndLabel decodeKeyAndLabel(String str) {
        try {
            return decodeKeyAndLabelInternal(str);
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException(e);
        }
    }

    private static PublicKeyAndLabel decodeKeyAndLabelInternal(String str) throws NoSuchAlgorithmException {
        IllegalArgumentException illegalArgumentException = null;
        for (KeyBytesAndLabel keyBytesAndLabel : getKeyPossibilities(str)) {
            try {
                return new PublicKeyAndLabel(decodePublicKey(new SimpleDataReader(keyBytesAndLabel.getDecodedBytes())), keyBytesAndLabel.getLabel());
            } catch (EOFException e) {
                illegalArgumentException = new IllegalArgumentException("The base64 byte array was not long enough to contain a full key.", e);
            } catch (InvalidKeySpecException e2) {
                illegalArgumentException = new IllegalArgumentException(e2);
            }
        }
        throw illegalArgumentException;
    }

    private static PublicKey decodePublicKey(SimpleDataReader simpleDataReader) throws NoSuchAlgorithmException, InvalidKeySpecException, EOFException {
        String readString = simpleDataReader.readString();
        KeySpecDecoder keySpecDecoder = DECODERS.get(readString);
        if (keySpecDecoder == null) {
            throw new IllegalArgumentException("Unknown public key type " + readString);
        }
        try {
            return SecurityUtils.getKeyFactory(keySpecDecoder.getType()).generatePublic(keySpecDecoder.getSpec(simpleDataReader));
        } catch (GeneralSecurityException e) {
            throw new IllegalArgumentException("BouncyCastle provider was not provided properly", e);
        }
    }

    private static KeyTypeAndBytes encodePublicKey(@Nonnull PublicKey publicKey) {
        String str;
        String str2;
        String str3;
        ByteArrayBuffer byteArrayBuffer = new ByteArrayBuffer();
        String upperCase = publicKey.getAlgorithm().toUpperCase();
        boolean z = -1;
        switch (upperCase.hashCode()) {
            case 2206:
                if (upperCase.equals(ECDSA_ALGORITHM)) {
                    z = 2;
                    break;
                }
                break;
            case 67986:
                if (upperCase.equals(DSA_ALGORITHM)) {
                    z = false;
                    break;
                }
                break;
            case 81440:
                if (upperCase.equals(RSA_ALGORITHM)) {
                    z = true;
                    break;
                }
                break;
            case 65816723:
                if (upperCase.equals(ED25519_ALGORITHM)) {
                    z = 3;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                DSAPublicKey dSAPublicKey = (DSAPublicKey) publicKey;
                DSAParams params = dSAPublicKey.getParams();
                str = DSA_TYPE;
                byteArrayBuffer.putString(DSA_TYPE);
                byteArrayBuffer.putMPInt(params.getP());
                byteArrayBuffer.putMPInt(params.getQ());
                byteArrayBuffer.putMPInt(params.getG());
                byteArrayBuffer.putMPInt(dSAPublicKey.getY());
                break;
            case true:
                RSAPublicKey rSAPublicKey = (RSAPublicKey) publicKey;
                str = RSA_TYPE;
                byteArrayBuffer.putString(RSA_TYPE);
                byteArrayBuffer.putMPInt(rSAPublicKey.getPublicExponent());
                byteArrayBuffer.putMPInt(rSAPublicKey.getModulus());
                break;
            case true:
                BCECPublicKey bCECPublicKey = new BCECPublicKey((ECPublicKey) publicKey, BouncyCastleProvider.CONFIGURATION);
                ECParameterSpec parameters = bCECPublicKey.getParameters();
                if (parameters.equals(ECDSA_P256_SPEC)) {
                    str2 = ECDSA_P256_TYPE;
                    str3 = P256_CURVE;
                } else if (parameters.equals(ECDSA_P384_SPEC)) {
                    str2 = ECDSA_P384_TYPE;
                    str3 = P384_CURVE;
                } else {
                    if (!parameters.equals(ECDSA_P521_SPEC)) {
                        throw new IllegalArgumentException("Unable to encode public key: Unsupported elliptic curve");
                    }
                    str2 = ECDSA_P521_TYPE;
                    str3 = P521_CURVE;
                }
                str = str2;
                byteArrayBuffer.putString(str2);
                byteArrayBuffer.putBytes(str3.getBytes());
                byteArrayBuffer.putBytes(bCECPublicKey.getQ().getEncoded(false));
                break;
            case true:
                str = ED25519_TYPE;
                byteArrayBuffer.putString(ED25519_TYPE);
                byteArrayBuffer.putBytes(((EdDSAPublicKey) publicKey).getAbyte());
                break;
            default:
                throw new IllegalArgumentException(String.format("Unable to encode public key: Unsupported algorithm of type %s", publicKey.getAlgorithm()));
        }
        return new KeyTypeAndBytes(str, byteArrayBuffer.getCompactData());
    }

    private static List<KeyBytesAndLabel> getKeyPossibilities(String str) {
        String[] split = str.split("\\s+");
        ArrayList newArrayList = Lists.newArrayList();
        int i = 0;
        while (true) {
            if (i >= split.length) {
                break;
            }
            if (split[i].startsWith(KEY_PREFIX)) {
                for (int i2 = i + 1; i2 <= split.length; i2++) {
                    String join = StringUtils.join(split, "", i, i2);
                    try {
                        newArrayList.add(new KeyBytesAndLabel(Base64.decode(join), StringUtils.join(split, " ", i2, split.length)));
                    } catch (DecoderException e) {
                        log.trace("Could not decode possible key text: {}.", join);
                    }
                }
            } else {
                i++;
            }
        }
        if (newArrayList.size() > 0) {
            return newArrayList;
        }
        throw new IllegalArgumentException("Invalid key: " + str);
    }
}
