package io.jenkins.plugins.mina_sshd_api.core.authenticators;

import com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator;
import com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticatorFactory;
import com.cloudbees.jenkins.plugins.sshcredentials.SSHUserPrivateKey;
import com.cloudbees.plugins.credentials.common.StandardUsernameCredentials;
import edu.umd.cs.findbugs.annotations.CheckForNull;
import edu.umd.cs.findbugs.annotations.NonNull;
import edu.umd.cs.findbugs.annotations.Nullable;
import hudson.Extension;
import hudson.Functions;
import hudson.util.Secret;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.util.concurrent.TimeUnit;
import org.apache.sshd.client.auth.pubkey.UserAuthPublicKeyFactory;
import org.apache.sshd.client.session.ClientSession;
import org.apache.sshd.common.config.keys.FilePasswordProvider;
import org.apache.sshd.common.util.io.resource.PathResource;
import org.apache.sshd.common.util.security.SecurityUtils;

/* loaded from: input_file:WEB-INF/detached-plugins/mina-sshd-api-core.hpi:WEB-INF/lib/mina-sshd-api-core.jar:io/jenkins/plugins/mina_sshd_api/core/authenticators/MinaSSHPublicKeyAuthenticator.class */
public class MinaSSHPublicKeyAuthenticator extends SSHAuthenticator<ClientSession, SSHUserPrivateKey> {
    static int authTimeout = Integer.parseInt(System.getProperty(MinaSSHPublicKeyAuthenticator.class.getName() + ".authTimeout", "15"));

    @Extension(optional = true)
    /* loaded from: input_file:WEB-INF/detached-plugins/mina-sshd-api-core.hpi:WEB-INF/lib/mina-sshd-api-core.jar:io/jenkins/plugins/mina_sshd_api/core/authenticators/MinaSSHPublicKeyAuthenticator$Factory.class */
    public static class Factory extends SSHAuthenticatorFactory {
        private static final long serialVersionUID = 1;

        @Nullable
        protected <C, U extends StandardUsernameCredentials> SSHAuthenticator<C, U> newInstance(@NonNull C c, @NonNull U u) {
            return newInstance(c, u, null);
        }

        @Nullable
        protected <C, U extends StandardUsernameCredentials> SSHAuthenticator<C, U> newInstance(@NonNull C c, @NonNull U u, @CheckForNull String str) {
            if ((c instanceof ClientSession) && (u instanceof SSHUserPrivateKey)) {
                return new MinaSSHPublicKeyAuthenticator((ClientSession) c, (SSHUserPrivateKey) u, str);
            }
            return null;
        }

        protected <C, U extends StandardUsernameCredentials> boolean supports(@NonNull Class<C> cls, @NonNull Class<U> cls2) {
            return ClientSession.class.isAssignableFrom(cls) && SSHUserPrivateKey.class.isAssignableFrom(cls2);
        }
    }

    MinaSSHPublicKeyAuthenticator(@NonNull ClientSession clientSession, @NonNull SSHUserPrivateKey sSHUserPrivateKey, @CheckForNull String str) {
        super(clientSession, sSHUserPrivateKey, str);
    }

    public boolean canAuthenticate() {
        return ((ClientSession) getConnection()).getUserAuthFactories().stream().anyMatch(userAuthFactory -> {
            return userAuthFactory instanceof UserAuthPublicKeyFactory;
        }) && !((ClientSession) getConnection()).isAuthenticated() && ((ClientSession) getConnection()).isOpen();
    }

    @NonNull
    public SSHAuthenticator.Mode getAuthenticationMode() {
        return SSHAuthenticator.Mode.AFTER_CONNECT;
    }

    protected boolean doAuthenticate() {
        SSHUserPrivateKey user = getUser();
        for (String str : user.getPrivateKeys()) {
            try {
                Secret passphrase = user.getPassphrase();
                SecurityUtils.loadKeyPairIdentities(null, new PathResource(Paths.get("key", new String[0])), new ByteArrayInputStream(str.getBytes(StandardCharsets.UTF_8)), passphrase == null ? null : FilePasswordProvider.of(passphrase.getPlainText())).forEach(keyPair -> {
                    ((ClientSession) getConnection()).addPublicKeyIdentity(keyPair);
                });
                ((ClientSession) getConnection()).setUsername(getUsername());
                return ((ClientSession) getConnection()).auth().verify(authTimeout, TimeUnit.SECONDS).isSuccess();
            } catch (IOException e) {
                Functions.printStackTrace(e, getListener().error("Could not authenticate due to I/O issue"));
            } catch (GeneralSecurityException e2) {
                Functions.printStackTrace(e2, getListener().error("Could not authenticate because unrecoverable key pair"));
            }
        }
        return false;
    }
}
