package io.jenkins.cli.shaded.org.apache.sshd.server.keyprovider;

import io.jenkins.cli.shaded.org.apache.sshd.common.NamedResource;
import io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.writer.openssh.OpenSSHKeyEncryptionContext;
import io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.writer.openssh.OpenSSHKeyPairResourceWriter;
import io.jenkins.cli.shaded.org.apache.sshd.common.session.SessionContext;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.security.SecurityUtils;
import java.io.BufferedInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.io.ObjectStreamClass;
import java.io.OutputStream;
import java.io.StreamCorruptedException;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.spec.InvalidKeySpecException;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Set;

/* loaded from: input_file:WEB-INF/lib/cli-2.444-rc34603.d111b_b_4148cb_.jar:io/jenkins/cli/shaded/org/apache/sshd/server/keyprovider/SimpleGeneratorHostKeyProvider.class */
public class SimpleGeneratorHostKeyProvider extends AbstractGeneratorHostKeyProvider {

    /* loaded from: input_file:WEB-INF/lib/cli-2.444-rc34603.d111b_b_4148cb_.jar:io/jenkins/cli/shaded/org/apache/sshd/server/keyprovider/SimpleGeneratorHostKeyProvider$ValidatingObjectInputStream.class */
    private static class ValidatingObjectInputStream extends ObjectInputStream {
        private static final Set<String> ALLOWED = new HashSet();

        ValidatingObjectInputStream(InputStream inputStream) throws IOException {
            super(inputStream);
        }

        @Override // java.io.ObjectInputStream
        protected Class<?> resolveClass(ObjectStreamClass objectStreamClass) throws IOException, ClassNotFoundException {
            validate(objectStreamClass.getName());
            return super.resolveClass(objectStreamClass);
        }

        private void validate(String str) throws IOException {
            if (!ALLOWED.contains(str)) {
                throw new IOException(str + " blocked for deserialization");
            }
        }

        static {
            ALLOWED.add("[B");
            ALLOWED.add("java.lang.Enum");
            ALLOWED.add("java.lang.Number");
            ALLOWED.add("java.lang.String");
            ALLOWED.add("java.math.BigInteger");
            ALLOWED.add("java.security.KeyPair");
            ALLOWED.add("java.security.PublicKey");
            ALLOWED.add("java.security.PrivateKey");
            ALLOWED.add("java.security.KeyRep");
            ALLOWED.add("java.security.KeyRep$Type");
            ALLOWED.add("io.jenkins.cli.shaded.org.bouncycastle.jcajce.provider.asymmetric.dsa.BCDSAPrivateKey");
            ALLOWED.add("io.jenkins.cli.shaded.org.bouncycastle.jcajce.provider.asymmetric.dsa.BCDSAPublicKey");
            ALLOWED.add("io.jenkins.cli.shaded.org.bouncycastle.jcajce.provider.asymmetric.rsa.BCRSAPrivateCrtKey");
            ALLOWED.add("io.jenkins.cli.shaded.org.bouncycastle.jcajce.provider.asymmetric.rsa.BCRSAPrivateKey");
            ALLOWED.add("io.jenkins.cli.shaded.org.bouncycastle.jcajce.provider.asymmetric.rsa.BCRSAPublicKey");
            ALLOWED.add("io.jenkins.cli.shaded.org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey");
            ALLOWED.add("io.jenkins.cli.shaded.org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey");
            ALLOWED.add("io.jenkins.cli.shaded.com.android.org.bouncycastle.jcajce.provider.asymmetric.dsa.BCDSAPrivateKey");
            ALLOWED.add("io.jenkins.cli.shaded.com.android.org.bouncycastle.jcajce.provider.asymmetric.dsa.BCDSAPublicKey");
            ALLOWED.add("io.jenkins.cli.shaded.com.android.org.bouncycastle.jcajce.provider.asymmetric.rsa.BCRSAPrivateCrtKey");
            ALLOWED.add("io.jenkins.cli.shaded.com.android.org.bouncycastle.jcajce.provider.asymmetric.rsa.BCRSAPrivateKey");
            ALLOWED.add("io.jenkins.cli.shaded.com.android.org.bouncycastle.jcajce.provider.asymmetric.rsa.BCRSAPublicKey");
            ALLOWED.add("io.jenkins.cli.shaded.com.android.org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey");
            ALLOWED.add("io.jenkins.cli.shaded.com.android.org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey");
        }
    }

    public SimpleGeneratorHostKeyProvider() {
    }

    public SimpleGeneratorHostKeyProvider(Path path) {
        setPath(path);
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.server.keyprovider.AbstractGeneratorHostKeyProvider
    protected Iterable<KeyPair> doReadKeyPairs(SessionContext sessionContext, NamedResource namedResource, InputStream inputStream) throws IOException, GeneralSecurityException {
        BufferedInputStream bufferedInputStream = new BufferedInputStream(inputStream);
        try {
            if (!isJavaSerialization(bufferedInputStream, namedResource)) {
                Iterable<KeyPair> loadKeyPairIdentities = SecurityUtils.loadKeyPairIdentities(null, namedResource, bufferedInputStream, null);
                bufferedInputStream.close();
                return loadKeyPairIdentities;
            }
            try {
                ValidatingObjectInputStream validatingObjectInputStream = new ValidatingObjectInputStream(bufferedInputStream);
                try {
                    List singletonList = Collections.singletonList((KeyPair) validatingObjectInputStream.readObject());
                    validatingObjectInputStream.close();
                    bufferedInputStream.close();
                    return singletonList;
                } catch (Throwable th) {
                    try {
                        validatingObjectInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } catch (ClassNotFoundException e) {
                throw new InvalidKeySpecException("Cannot de-serialize " + namedResource + ": missing classes: " + e.getMessage(), e);
            }
        } catch (Throwable th3) {
            try {
                bufferedInputStream.close();
            } catch (Throwable th4) {
                th3.addSuppressed(th4);
            }
            throw th3;
        }
    }

    private boolean isJavaSerialization(BufferedInputStream bufferedInputStream, NamedResource namedResource) throws IOException {
        bufferedInputStream.mark(2);
        try {
            byte[] bArr = new byte[2];
            if (bufferedInputStream.read(bArr) != 2) {
                throw new StreamCorruptedException("File " + namedResource + " is not a host key");
            }
            return ((short) (((bArr[0] & 255) << 8) | (bArr[1] & 255))) == -21267;
        } finally {
            bufferedInputStream.reset();
        }
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.server.keyprovider.AbstractGeneratorHostKeyProvider
    protected void doWriteKeyPair(NamedResource namedResource, KeyPair keyPair, OutputStream outputStream) throws IOException, GeneralSecurityException {
        try {
            new OpenSSHKeyPairResourceWriter().writePrivateKey(keyPair, "host key", (OpenSSHKeyEncryptionContext) null, outputStream);
            if (outputStream != null) {
                outputStream.close();
            }
        } catch (Throwable th) {
            if (outputStream != null) {
                try {
                    outputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
