package io.jenkins.cli.shaded.org.apache.sshd.common.signature;

import io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.u2f.SecurityKeyPublicKey;
import io.jenkins.cli.shaded.org.apache.sshd.common.session.SessionContext;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.buffer.ByteArrayBuffer;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.security.SecurityUtils;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.PublicKey;

/* loaded from: input_file:WEB-INF/lib/cli-2.320-rc31678.bea3cef24f88.jar:io/jenkins/cli/shaded/org/apache/sshd/common/signature/AbstractSecurityKeySignature.class */
public abstract class AbstractSecurityKeySignature implements Signature {
    private static final int FLAG_USER_PRESENCE = 1;
    private final String keyType;
    private SecurityKeyPublicKey<?> publicKey;
    private MessageDigest challengeDigest;

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractSecurityKeySignature(String str) {
        this.keyType = str;
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.signature.Signature
    public void initVerifier(SessionContext sessionContext, PublicKey publicKey) throws GeneralSecurityException {
        if (!(publicKey instanceof SecurityKeyPublicKey)) {
            throw new IllegalArgumentException("Only instances of SecurityKeyPublicKey can be used");
        }
        this.publicKey = (SecurityKeyPublicKey) publicKey;
        this.challengeDigest = SecurityUtils.getMessageDigest("SHA-256");
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.signature.Signature
    public void update(SessionContext sessionContext, byte[] bArr, int i, int i2) {
        if (this.challengeDigest == null) {
            throw new IllegalStateException("initVerifier must be called before update");
        }
        this.challengeDigest.update(bArr, i, i2);
    }

    protected abstract String getSignatureKeyType();

    protected abstract Signature getDelegateSignature();

    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.signature.Signature
    public boolean verify(SessionContext sessionContext, byte[] bArr) throws Exception {
        if (this.challengeDigest == null) {
            throw new IllegalStateException("initVerifier must be called before verify");
        }
        ByteArrayBuffer byteArrayBuffer = new ByteArrayBuffer(bArr);
        if (!this.keyType.equals(byteArrayBuffer.getString())) {
            return false;
        }
        byte[] bytes = byteArrayBuffer.getBytes();
        byte b = byteArrayBuffer.getByte();
        long uInt = byteArrayBuffer.getUInt();
        if ((b & (-2)) != 0) {
            return false;
        }
        if ((b & 1) != 1 && !this.publicKey.isNoTouchRequired()) {
            return false;
        }
        ByteArrayBuffer byteArrayBuffer2 = new ByteArrayBuffer();
        byteArrayBuffer2.putString(getSignatureKeyType());
        byteArrayBuffer2.putBytes(bytes);
        byte[] digest = SecurityUtils.getMessageDigest("SHA-256").digest(this.publicKey.getAppName().getBytes(StandardCharsets.UTF_8));
        byte[] digest2 = this.challengeDigest.digest();
        ByteArrayBuffer byteArrayBuffer3 = new ByteArrayBuffer(4, false);
        byteArrayBuffer3.putInt(uInt);
        Signature delegateSignature = getDelegateSignature();
        delegateSignature.initVerifier(sessionContext, this.publicKey.getDelegatePublicKey());
        delegateSignature.update(sessionContext, digest);
        delegateSignature.update(sessionContext, new byte[]{b});
        delegateSignature.update(sessionContext, byteArrayBuffer3.getCompactData());
        delegateSignature.update(sessionContext, digest2);
        return delegateSignature.verify(sessionContext, byteArrayBuffer2.getCompactData());
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.signature.Signature
    public void initSigner(SessionContext sessionContext, PrivateKey privateKey) {
        throw new UnsupportedOperationException("Security key private key signatures are unsupported.");
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.signature.Signature
    public byte[] sign(SessionContext sessionContext) {
        throw new UnsupportedOperationException("Security key private key signatures are unsupported.");
    }
}
