package io.jenkins.cli.shaded.org.apache.sshd.common.util.security.eddsa;

import io.jenkins.cli.shaded.net.i2p.crypto.eddsa.EdDSAPrivateKey;
import io.jenkins.cli.shaded.net.i2p.crypto.eddsa.EdDSAPublicKey;
import io.jenkins.cli.shaded.net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable;
import io.jenkins.cli.shaded.net.i2p.crypto.eddsa.spec.EdDSAPrivateKeySpec;
import io.jenkins.cli.shaded.net.i2p.crypto.eddsa.spec.EdDSAPublicKeySpec;
import io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.FilePasswordProvider;
import io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.KeyEntryResolver;
import io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.impl.AbstractPrivateKeyEntryDecoder;
import io.jenkins.cli.shaded.org.apache.sshd.common.session.SessionContext;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.GenericUtils;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.io.SecureByteArrayOutputStream;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.security.SecurityUtils;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Collections;
import java.util.Locale;
import java.util.Objects;

/* loaded from: input_file:WEB-INF/lib/cli-2.317-rc31613.3e768bb9341d.jar:io/jenkins/cli/shaded/org/apache/sshd/common/util/security/eddsa/OpenSSHEd25519PrivateKeyEntryDecoder.class */
public class OpenSSHEd25519PrivateKeyEntryDecoder extends AbstractPrivateKeyEntryDecoder<EdDSAPublicKey, EdDSAPrivateKey> {
    public static final OpenSSHEd25519PrivateKeyEntryDecoder INSTANCE = new OpenSSHEd25519PrivateKeyEntryDecoder();
    private static final int PK_SIZE = 32;
    private static final int SK_SIZE = 32;
    private static final int KEYPAIR_SIZE = 64;

    public OpenSSHEd25519PrivateKeyEntryDecoder() {
        super(EdDSAPublicKey.class, EdDSAPrivateKey.class, Collections.unmodifiableList(Collections.singletonList("ssh-ed25519")));
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.PrivateKeyEntryDecoder
    public EdDSAPrivateKey decodePrivateKey(SessionContext sessionContext, String str, FilePasswordProvider filePasswordProvider, InputStream inputStream) throws IOException, GeneralSecurityException {
        if (!"ssh-ed25519".equals(str)) {
            throw new InvalidKeyException("Unsupported key type: " + str);
        }
        if (!SecurityUtils.isEDDSACurveSupported()) {
            throw new NoSuchAlgorithmException("EdDSA provider not supported");
        }
        byte[] bArr = GenericUtils.EMPTY_BYTE_ARRAY;
        byte[] bArr2 = GenericUtils.EMPTY_BYTE_ARRAY;
        try {
            byte[] readRLEBytes = KeyEntryResolver.readRLEBytes(inputStream, 64);
            byte[] readRLEBytes2 = KeyEntryResolver.readRLEBytes(inputStream, 128);
            if (readRLEBytes.length != 32) {
                throw new InvalidKeyException(String.format(Locale.ENGLISH, "Unexpected pk size: %s (expected %s)", Integer.valueOf(readRLEBytes.length), 32));
            }
            if (readRLEBytes2.length != 64) {
                throw new InvalidKeyException(String.format(Locale.ENGLISH, "Unexpected keypair size: %s (expected %s)", Integer.valueOf(readRLEBytes2.length), 64));
            }
            if (!Arrays.equals(readRLEBytes, Arrays.copyOfRange(readRLEBytes2, 32, 64))) {
                throw new InvalidKeyException("Keypair did not contain the public key.");
            }
            EdDSAPrivateKey edDSAPrivateKey = (EdDSAPrivateKey) generatePrivateKey(new EdDSAPrivateKeySpec(Arrays.copyOf(readRLEBytes2, 32), EdDSANamedCurveTable.getByName("Ed25519")));
            if (!Arrays.equals(edDSAPrivateKey.getAbyte(), readRLEBytes)) {
                throw new InvalidKeyException("The provided pk does NOT match the computed pk for the given sk.");
            }
            Arrays.fill(readRLEBytes, (byte) 0);
            Arrays.fill(readRLEBytes2, (byte) 0);
            return edDSAPrivateKey;
        } catch (Throwable th) {
            Arrays.fill(bArr, (byte) 0);
            Arrays.fill(bArr2, (byte) 0);
            throw th;
        }
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.PrivateKeyEntryDecoder
    public String encodePrivateKey(SecureByteArrayOutputStream secureByteArrayOutputStream, EdDSAPrivateKey edDSAPrivateKey, EdDSAPublicKey edDSAPublicKey) throws IOException {
        Objects.requireNonNull(edDSAPrivateKey, "No private key provided");
        byte[] seed = edDSAPrivateKey.getSeed();
        byte[] abyte = edDSAPrivateKey.getAbyte();
        Objects.requireNonNull(seed, "No seed");
        byte[] bArr = new byte[64];
        System.arraycopy(seed, 0, bArr, 0, 32);
        System.arraycopy(abyte, 0, bArr, 32, 32);
        KeyEntryResolver.writeRLEBytes(secureByteArrayOutputStream, abyte);
        KeyEntryResolver.writeRLEBytes(secureByteArrayOutputStream, bArr);
        return "ssh-ed25519";
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.PrivateKeyEntryDecoder
    public boolean isPublicKeyRecoverySupported() {
        return true;
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.PrivateKeyEntryDecoder
    public EdDSAPublicKey recoverPublicKey(EdDSAPrivateKey edDSAPrivateKey) throws GeneralSecurityException {
        return EdDSASecurityProviderUtils.recoverEDDSAPublicKey(edDSAPrivateKey);
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.KeyEntryResolver
    public EdDSAPublicKey clonePublicKey(EdDSAPublicKey edDSAPublicKey) throws GeneralSecurityException {
        if (edDSAPublicKey == null) {
            return null;
        }
        return (EdDSAPublicKey) generatePublicKey(new EdDSAPublicKeySpec(edDSAPublicKey.getA(), edDSAPublicKey.getParams()));
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.KeyEntryResolver
    public EdDSAPrivateKey clonePrivateKey(EdDSAPrivateKey edDSAPrivateKey) throws GeneralSecurityException {
        if (edDSAPrivateKey == null) {
            return null;
        }
        return (EdDSAPrivateKey) generatePrivateKey(new EdDSAPrivateKeySpec(edDSAPrivateKey.getSeed(), edDSAPrivateKey.getParams()));
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.KeyEntryResolver
    public KeyPairGenerator getKeyPairGenerator() throws GeneralSecurityException {
        return SecurityUtils.getKeyPairGenerator("EdDSA");
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.KeyEntryResolver
    public KeyFactory getKeyFactoryInstance() throws GeneralSecurityException {
        return SecurityUtils.getKeyFactory("EdDSA");
    }
}
