package io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.writer.openssh;

import io.jenkins.cli.shaded.org.apache.sshd.common.cipher.BuiltinCiphers;
import io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.KeyEntryResolver;
import io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.KeyUtils;
import io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.PublicKeyEntry;
import io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.PublicKeyEntryDecoder;
import io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.loader.AESPrivateKeyObfuscator;
import io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.loader.PrivateKeyEncryptionContext;
import io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.loader.openssh.OpenSSHKeyPairResourceParser;
import io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.loader.openssh.kdf.BCrypt;
import io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.writer.KeyPairResourceWriter;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.GenericUtils;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.io.output.SecureByteArrayOutputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.nio.ByteBuffer;
import java.nio.CharBuffer;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Base64;
import java.util.Objects;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

/* loaded from: input_file:WEB-INF/lib/cli-2.411-rc33882.c408679dd1ed.jar:io/jenkins/cli/shaded/org/apache/sshd/common/config/keys/writer/openssh/OpenSSHKeyPairResourceWriter.class */
public class OpenSSHKeyPairResourceWriter implements KeyPairResourceWriter<OpenSSHKeyEncryptionContext> {
    public static final String DASHES = "-----";
    public static final int LINE_LENGTH = 70;
    public static final OpenSSHKeyPairResourceWriter INSTANCE = new OpenSSHKeyPairResourceWriter();
    private static final Pattern VERTICALSPACE = Pattern.compile("\\v");

    /* loaded from: input_file:WEB-INF/lib/cli-2.411-rc33882.c408679dd1ed.jar:io/jenkins/cli/shaded/org/apache/sshd/common/config/keys/writer/openssh/OpenSSHKeyPairResourceWriter$KeyEncryptor.class */
    public static class KeyEncryptor extends AESPrivateKeyObfuscator {
        public static final int BCRYPT_SALT_LENGTH = 16;
        protected final OpenSSHKeyEncryptionContext options;
        private byte[] kdfOptions;

        public KeyEncryptor(OpenSSHKeyEncryptionContext openSSHKeyEncryptionContext) {
            this.options = (OpenSSHKeyEncryptionContext) Objects.requireNonNull(openSSHKeyEncryptionContext);
        }

        public byte[] getKdfOptions() {
            return this.kdfOptions;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.loader.AbstractPrivateKeyObfuscator
        public byte[] deriveEncryptionKey(PrivateKeyEncryptionContext privateKeyEncryptionContext, int i) throws IOException, GeneralSecurityException {
            byte[] initVector = privateKeyEncryptionContext.getInitVector();
            if (initVector == null) {
                initVector = generateInitializationVector(privateKeyEncryptionContext);
            }
            byte[] bArr = new byte[16];
            new SecureRandom().nextBytes(bArr);
            byte[] bArr2 = new byte[i + initVector.length];
            BCrypt bCrypt = new BCrypt();
            try {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                try {
                    int kdfRounds = this.options.getKdfRounds();
                    byte[] convert = convert(this.options.getPassword());
                    try {
                        bCrypt.pbkdf(convert, bArr, kdfRounds, bArr2);
                        if (convert != null) {
                            Arrays.fill(convert, (byte) 0);
                        }
                        KeyEntryResolver.writeRLEBytes(byteArrayOutputStream, bArr);
                        KeyEntryResolver.encodeInt(byteArrayOutputStream, kdfRounds);
                        this.kdfOptions = byteArrayOutputStream.toByteArray();
                        privateKeyEncryptionContext.setInitVector(Arrays.copyOfRange(bArr2, i, bArr2.length));
                        byte[] copyOf = Arrays.copyOf(bArr2, i);
                        byteArrayOutputStream.close();
                        Arrays.fill(bArr2, (byte) 0);
                        return copyOf;
                    } catch (Throwable th) {
                        if (convert != null) {
                            Arrays.fill(convert, (byte) 0);
                        }
                        throw th;
                    }
                } finally {
                }
            } catch (Throwable th2) {
                Arrays.fill(bArr2, (byte) 0);
                throw th2;
            }
        }

        protected byte[] convert(String str) {
            if (GenericUtils.isEmpty(str)) {
                return GenericUtils.EMPTY_BYTE_ARRAY;
            }
            char[] charArray = str.toCharArray();
            try {
                ByteBuffer encode = StandardCharsets.UTF_8.encode(CharBuffer.wrap(charArray));
                Arrays.fill(charArray, (char) 0);
                byte[] bArr = new byte[encode.remaining()];
                encode.get(bArr);
                if (encode.hasArray()) {
                    Arrays.fill(encode.array(), (byte) 0);
                }
                return bArr;
            } catch (Throwable th) {
                Arrays.fill(charArray, (char) 0);
                throw th;
            }
        }
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.writer.KeyPairResourceWriter
    public void writePrivateKey(KeyPair keyPair, String str, OpenSSHKeyEncryptionContext openSSHKeyEncryptionContext, OutputStream outputStream) throws IOException, GeneralSecurityException {
        Objects.requireNonNull(keyPair, "Cannot write null key");
        String keyType = KeyUtils.getKeyType(keyPair);
        if (GenericUtils.isEmpty(keyType)) {
            throw new GeneralSecurityException("Unsupported key: " + keyPair.getClass().getName());
        }
        OpenSSHKeyEncryptionContext determineEncryption = determineEncryption(openSSHKeyEncryptionContext);
        write(outputStream, "-----BEGIN OPENSSH PRIVATE KEY-----");
        outputStream.write(10);
        String str2 = "none";
        int i = 8;
        if (determineEncryption != null) {
            str2 = determineEncryption.getCipherFactoryName();
            BuiltinCiphers fromFactoryName = BuiltinCiphers.fromFactoryName(str2);
            if (fromFactoryName == null) {
                throw new IllegalArgumentException("Unsupported cipher " + str2);
            }
            i = fromFactoryName.getCipherBlockSize();
        }
        byte[] encodePrivateKey = encodePrivateKey(keyPair, keyType, i, str);
        String str3 = "none";
        byte[] bArr = GenericUtils.EMPTY_BYTE_ARRAY;
        try {
            SecureByteArrayOutputStream secureByteArrayOutputStream = new SecureByteArrayOutputStream();
            try {
                write(secureByteArrayOutputStream, "openssh-key-v1");
                secureByteArrayOutputStream.write(0);
                if (determineEncryption != null) {
                    KeyEncryptor keyEncryptor = new KeyEncryptor(determineEncryption);
                    determineEncryption.setPrivateKeyObfuscator(keyEncryptor);
                    byte[] applyPrivateKeyCipher = keyEncryptor.applyPrivateKeyCipher(encodePrivateKey, determineEncryption, true);
                    Arrays.fill(encodePrivateKey, (byte) 0);
                    encodePrivateKey = applyPrivateKeyCipher;
                    str3 = "bcrypt";
                    bArr = keyEncryptor.getKdfOptions();
                }
                KeyEntryResolver.encodeString(secureByteArrayOutputStream, str2);
                KeyEntryResolver.encodeString(secureByteArrayOutputStream, str3);
                KeyEntryResolver.writeRLEBytes(secureByteArrayOutputStream, bArr);
                KeyEntryResolver.encodeInt(secureByteArrayOutputStream, 1);
                KeyEntryResolver.writeRLEBytes(secureByteArrayOutputStream, encodePublicKey(keyPair.getPublic(), keyType));
                KeyEntryResolver.writeRLEBytes(secureByteArrayOutputStream, encodePrivateKey);
                write(outputStream, secureByteArrayOutputStream.toByteArray(), 70);
                secureByteArrayOutputStream.close();
                write(outputStream, "-----END OPENSSH PRIVATE KEY-----");
                outputStream.write(10);
            } finally {
            }
        } finally {
            Arrays.fill(encodePrivateKey, (byte) 0);
        }
    }

    public static OpenSSHKeyEncryptionContext determineEncryption(OpenSSHKeyEncryptionContext openSSHKeyEncryptionContext) {
        String password = openSSHKeyEncryptionContext == null ? null : openSSHKeyEncryptionContext.getPassword();
        if (GenericUtils.isEmpty(password)) {
            return null;
        }
        int length = password.length();
        for (int i = 0; i < length; i++) {
            if (!Character.isWhitespace(password.charAt(i))) {
                return openSSHKeyEncryptionContext;
            }
        }
        return null;
    }

    public static byte[] encodePrivateKey(KeyPair keyPair, String str, int i, String str2) throws IOException, GeneralSecurityException {
        int size;
        SecureByteArrayOutputStream secureByteArrayOutputStream = new SecureByteArrayOutputStream();
        try {
            int nextInt = new SecureRandom().nextInt();
            KeyEntryResolver.encodeInt(secureByteArrayOutputStream, nextInt);
            KeyEntryResolver.encodeInt(secureByteArrayOutputStream, nextInt);
            KeyEntryResolver.encodeString(secureByteArrayOutputStream, str);
            if (OpenSSHKeyPairResourceParser.getPrivateKeyEntryDecoder(str).encodePrivateKey(secureByteArrayOutputStream, keyPair.getPrivate(), keyPair.getPublic()) == null) {
                throw new GeneralSecurityException("Cannot encode key of type " + str);
            }
            KeyEntryResolver.encodeString(secureByteArrayOutputStream, str2 == null ? "" : str2);
            if (i > 1 && (size = secureByteArrayOutputStream.size() % i) != 0) {
                for (int i2 = 1; i2 <= i - size; i2++) {
                    secureByteArrayOutputStream.write(i2 & 255);
                }
            }
            byte[] byteArray = secureByteArrayOutputStream.toByteArray();
            secureByteArrayOutputStream.close();
            return byteArray;
        } catch (Throwable th) {
            try {
                secureByteArrayOutputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public static byte[] encodePublicKey(PublicKey publicKey, String str) throws IOException, GeneralSecurityException {
        PublicKeyEntryDecoder<?, ?> publicKeyEntryDecoder = KeyUtils.getPublicKeyEntryDecoder(str);
        if (publicKeyEntryDecoder == null) {
            throw new GeneralSecurityException("Unknown key type: " + str);
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            publicKeyEntryDecoder.encodePublicKey(byteArrayOutputStream, publicKey);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            byteArrayOutputStream.close();
            return byteArray;
        } catch (Throwable th) {
            try {
                byteArrayOutputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public static void write(OutputStream outputStream, byte[] bArr, int i) throws IOException {
        byte[] encode = Base64.getEncoder().encode(bArr);
        Arrays.fill(bArr, (byte) 0);
        try {
            int length = encode.length;
            int i2 = 0;
            while (i2 < length) {
                if (i2 + i <= length) {
                    outputStream.write(encode, i2, i);
                } else {
                    outputStream.write(encode, i2, length - i2);
                }
                outputStream.write(10);
                i2 += i;
            }
        } finally {
            Arrays.fill(encode, (byte) 0);
        }
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.writer.KeyPairResourceWriter
    public void writePublicKey(PublicKey publicKey, String str, OutputStream outputStream) throws IOException, GeneralSecurityException {
        StringBuilder sb = new StringBuilder(82);
        PublicKeyEntry.appendPublicKeyEntry(sb, publicKey);
        String firstLine = firstLine(str);
        if (GenericUtils.isNotEmpty(firstLine)) {
            sb.append(' ').append(firstLine);
        }
        write(outputStream, sb.toString());
    }

    public static String firstLine(String str) {
        if (GenericUtils.isNotEmpty(str)) {
            Matcher matcher = VERTICALSPACE.matcher(str);
            if (matcher.find()) {
                return str.substring(0, matcher.start()).trim();
            }
        }
        return str;
    }

    public static void write(OutputStream outputStream, String str) throws IOException {
        outputStream.write(str.getBytes(StandardCharsets.UTF_8));
    }
}
