package io.jenkins.cli.shaded.org.apache.sshd.server.keyprovider;

import io.jenkins.cli.shaded.org.apache.sshd.common.AlgorithmNameProvider;
import io.jenkins.cli.shaded.org.apache.sshd.common.NamedResource;
import io.jenkins.cli.shaded.org.apache.sshd.common.cipher.ECCurves;
import io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.KeyUtils;
import io.jenkins.cli.shaded.org.apache.sshd.common.keyprovider.AbstractKeyPairProvider;
import io.jenkins.cli.shaded.org.apache.sshd.common.keyprovider.KeySizeIndicator;
import io.jenkins.cli.shaded.org.apache.sshd.common.session.SessionContext;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.GenericUtils;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.io.IoUtils;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.io.resource.PathResource;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.security.SecurityUtils;
import io.jenkins.cli.shaded.org.slf4j.Logger;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.concurrent.atomic.AtomicReference;

/* loaded from: input_file:WEB-INF/lib/cli-2.362-rc32687.dd9b_8d0a_9b_1a.jar:io/jenkins/cli/shaded/org/apache/sshd/server/keyprovider/AbstractGeneratorHostKeyProvider.class */
public abstract class AbstractGeneratorHostKeyProvider extends AbstractKeyPairProvider implements AlgorithmNameProvider, KeySizeIndicator {
    public static final String DEFAULT_ALGORITHM = "EC";
    public static final boolean DEFAULT_ALLOWED_TO_OVERWRITE = true;
    private Path path;
    private int keySize;
    private AlgorithmParameterSpec keySpec;
    private final AtomicReference<Iterable<KeyPair>> keyPairHolder = new AtomicReference<>();
    private String algorithm = "EC";
    private boolean overwriteAllowed = true;

    public Path getPath() {
        return this.path;
    }

    public void setPath(Path path) {
        this.path = path == null ? null : path.toAbsolutePath();
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.AlgorithmNameProvider
    public String getAlgorithm() {
        return this.algorithm;
    }

    public void setAlgorithm(String str) {
        this.algorithm = str;
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.keyprovider.KeySizeIndicator
    public int getKeySize() {
        return this.keySize;
    }

    public void setKeySize(int i) {
        this.keySize = i;
    }

    public AlgorithmParameterSpec getKeySpec() {
        return this.keySpec;
    }

    public void setKeySpec(AlgorithmParameterSpec algorithmParameterSpec) {
        this.keySpec = algorithmParameterSpec;
    }

    public boolean isOverwriteAllowed() {
        return this.overwriteAllowed;
    }

    public void setOverwriteAllowed(boolean z) {
        this.overwriteAllowed = z;
    }

    public void clearLoadedKeys() {
        Iterable<KeyPair> andSet;
        synchronized (this.keyPairHolder) {
            andSet = this.keyPairHolder.getAndSet(null);
        }
        if ((andSet != null) && this.log.isDebugEnabled()) {
            this.log.debug("clearLoadedKeys({}) removed keys", getPath());
        }
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.keyprovider.KeyIdentityProvider
    public synchronized List<KeyPair> loadKeys(SessionContext sessionContext) {
        Iterable<KeyPair> iterable;
        Path path = getPath();
        synchronized (this.keyPairHolder) {
            iterable = this.keyPairHolder.get();
            if (iterable == null) {
                try {
                    iterable = resolveKeyPairs(sessionContext, path);
                    if (iterable != null) {
                        this.keyPairHolder.set(iterable);
                    }
                } catch (Throwable th) {
                    warn("loadKeys({}) Failed ({}) to resolve: {}", path, th.getClass().getSimpleName(), th.getMessage(), th);
                }
            }
        }
        List<KeyPair> emptyList = Collections.emptyList();
        if (iterable instanceof List) {
            emptyList = (List) iterable;
        } else if (iterable != null) {
            emptyList = new ArrayList();
            for (KeyPair keyPair : iterable) {
                if (keyPair != null) {
                    emptyList.add(keyPair);
                }
            }
        }
        return emptyList;
    }

    protected Iterable<KeyPair> resolveKeyPairs(SessionContext sessionContext, Path path) throws IOException, GeneralSecurityException {
        String algorithm = getAlgorithm();
        if (path != null) {
            try {
                Iterable<KeyPair> loadFromFile = loadFromFile(sessionContext, algorithm, path);
                if (((KeyPair) GenericUtils.head(loadFromFile)) != null) {
                    return loadFromFile;
                }
            } catch (Throwable th) {
                warn("resolveKeyPair({}) Failed ({}) to load: {}", path, th.getClass().getSimpleName(), th.getMessage(), th);
            }
        }
        try {
            KeyPair generateKeyPair = generateKeyPair(algorithm);
            if (generateKeyPair == null) {
                return null;
            }
            if (this.log.isDebugEnabled()) {
                PublicKey publicKey = generateKeyPair.getPublic();
                this.log.debug("resolveKeyPair({}) generated {} key={}-{}", path, algorithm, KeyUtils.getKeyType(publicKey), KeyUtils.getFingerPrint(publicKey));
            }
            if (path != null) {
                try {
                    writeKeyPair(generateKeyPair, path, new OpenOption[0]);
                } catch (Throwable th2) {
                    warn("resolveKeyPair({})[{}] Failed ({}) to write {} key: {}", algorithm, path, th2.getClass().getSimpleName(), algorithm, th2.getMessage(), th2);
                }
            }
            return Collections.singletonList(generateKeyPair);
        } catch (Throwable th3) {
            warn("resolveKeyPair({})[{}] Failed ({}) to generate {} key-pair: {}", path, algorithm, th3.getClass().getSimpleName(), algorithm, th3.getMessage(), th3);
            return null;
        }
    }

    protected Iterable<KeyPair> loadFromFile(SessionContext sessionContext, String str, Path path) throws IOException, GeneralSecurityException {
        LinkOption[] linkOptions = IoUtils.getLinkOptions(true);
        if (!Files.exists(path, linkOptions) || !Files.isRegularFile(path, linkOptions)) {
            return null;
        }
        Iterable<KeyPair> readKeyPairs = readKeyPairs(sessionContext, path, IoUtils.EMPTY_OPEN_OPTIONS);
        KeyPair keyPair = (KeyPair) GenericUtils.head(readKeyPairs);
        if (keyPair == null) {
            return null;
        }
        PublicKey publicKey = keyPair.getPublic();
        String algorithm = publicKey.getAlgorithm();
        if ("ECDSA".equalsIgnoreCase(algorithm)) {
            algorithm = "EC";
        } else if ("ED25519".equalsIgnoreCase(algorithm)) {
            algorithm = "EdDSA";
        }
        if (Objects.equals(str, algorithm)) {
            if (this.log.isDebugEnabled()) {
                this.log.debug("resolveKeyPair({}) loaded key={}-{}", path, KeyUtils.getKeyType(publicKey), KeyUtils.getFingerPrint(publicKey));
            }
            return readKeyPairs;
        }
        if (this.log.isDebugEnabled()) {
            this.log.debug("resolveKeyPair({}) mismatched loaded key algorithm: expected={}, loaded={}", path, str, algorithm);
        }
        Files.deleteIfExists(path);
        return null;
    }

    protected Iterable<KeyPair> readKeyPairs(SessionContext sessionContext, Path path, OpenOption... openOptionArr) throws IOException, GeneralSecurityException {
        PathResource pathResource = new PathResource(path, openOptionArr);
        InputStream openInputStream = pathResource.openInputStream();
        Throwable th = null;
        try {
            try {
                Iterable<KeyPair> doReadKeyPairs = doReadKeyPairs(sessionContext, pathResource, openInputStream);
                if (openInputStream != null) {
                    if (0 != 0) {
                        try {
                            openInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        openInputStream.close();
                    }
                }
                return doReadKeyPairs;
            } finally {
            }
        } catch (Throwable th3) {
            if (openInputStream != null) {
                if (th != null) {
                    try {
                        openInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    openInputStream.close();
                }
            }
            throw th3;
        }
    }

    protected Iterable<KeyPair> doReadKeyPairs(SessionContext sessionContext, NamedResource namedResource, InputStream inputStream) throws IOException, GeneralSecurityException {
        return SecurityUtils.loadKeyPairIdentities(sessionContext, namedResource, inputStream, null);
    }

    protected void writeKeyPair(KeyPair keyPair, Path path, OpenOption... openOptionArr) throws IOException, GeneralSecurityException {
        if (Files.exists(path, new LinkOption[0]) && !isOverwriteAllowed()) {
            Logger logger = this.log;
            Object[] objArr = new Object[3];
            objArr[0] = path;
            objArr[1] = KeyUtils.getKeyType(keyPair);
            objArr[2] = KeyUtils.getFingerPrint(keyPair == null ? null : keyPair.getPublic());
            logger.error("Overwriting key ({}) is disabled: using throwaway {}: {}", objArr);
            return;
        }
        PathResource pathResource = new PathResource(path);
        try {
            OutputStream newOutputStream = Files.newOutputStream(path, openOptionArr);
            Throwable th = null;
            try {
                try {
                    doWriteKeyPair(pathResource, keyPair, newOutputStream);
                    if (newOutputStream != null) {
                        if (0 != 0) {
                            try {
                                newOutputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            newOutputStream.close();
                        }
                    }
                } catch (Throwable th3) {
                    th = th3;
                    throw th3;
                }
            } finally {
            }
        } catch (Throwable th4) {
            warn("writeKeyPair({}) failed ({}) to write key {}: {}", path, th4.getClass().getSimpleName(), keyPair, th4.getMessage(), th4);
        }
    }

    protected abstract void doWriteKeyPair(NamedResource namedResource, KeyPair keyPair, OutputStream outputStream) throws IOException, GeneralSecurityException;

    protected KeyPair generateKeyPair(String str) throws GeneralSecurityException {
        ECCurves fromCurveSize;
        KeyPairGenerator keyPairGenerator = SecurityUtils.getKeyPairGenerator(str);
        if (this.keySpec != null) {
            keyPairGenerator.initialize(this.keySpec);
            this.log.info("generateKeyPair(" + str + ") generating host key - spec=" + this.keySpec.getClass().getSimpleName());
        } else if ("EC".equals(str)) {
            if (this.keySize == 0) {
                fromCurveSize = ECCurves.SORTED_KEY_SIZE.get(ECCurves.SORTED_KEY_SIZE.size() - 1);
            } else {
                fromCurveSize = ECCurves.fromCurveSize(this.keySize);
                if (fromCurveSize == null) {
                    throw new InvalidKeyException("No match found for curve with key size=" + this.keySize);
                }
            }
            keyPairGenerator.initialize(fromCurveSize.getParameters());
            this.log.info("generateKeyPair(" + str + ") generating host key=" + fromCurveSize);
        } else if (this.keySize != 0) {
            keyPairGenerator.initialize(this.keySize);
            this.log.info("generateKeyPair(" + str + ") generating host key - size=" + this.keySize);
        }
        return keyPairGenerator.generateKeyPair();
    }
}
