package org.eclipse.jgit.internal.transport.sshd;

import java.io.File;
import java.io.IOException;
import java.net.URISyntaxException;
import java.nio.file.Files;
import java.nio.file.InvalidPathException;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.PublicKey;
import java.text.MessageFormat;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.Objects;
import java.util.stream.Collectors;
import org.apache.sshd.agent.SshAgent;
import org.apache.sshd.agent.SshAgentFactory;
import org.apache.sshd.agent.SshAgentKeyConstraint;
import org.apache.sshd.client.auth.pubkey.KeyAgentIdentity;
import org.apache.sshd.client.auth.pubkey.PublicKeyIdentity;
import org.apache.sshd.client.auth.pubkey.UserAuthPublicKey;
import org.apache.sshd.client.auth.pubkey.UserAuthPublicKeyIterator;
import org.apache.sshd.client.config.hosts.HostConfigEntry;
import org.apache.sshd.client.session.ClientSession;
import org.apache.sshd.common.FactoryManager;
import org.apache.sshd.common.NamedFactory;
import org.apache.sshd.common.config.keys.AuthorizedKeyEntry;
import org.apache.sshd.common.config.keys.KeyUtils;
import org.apache.sshd.common.config.keys.PublicKeyEntryResolver;
import org.apache.sshd.common.config.keys.u2f.SecurityKeyPublicKey;
import org.apache.sshd.common.session.SessionContext;
import org.apache.sshd.common.signature.Signature;
import org.apache.sshd.common.signature.SignatureFactoriesManager;
import org.apache.sshd.common.util.GenericUtils;
import org.eclipse.jgit.internal.transport.ssh.OpenSshConfigFile;
import org.eclipse.jgit.internal.transport.sshd.pkcs11.Pkcs11Provider;
import org.eclipse.jgit.transport.CredentialItem;
import org.eclipse.jgit.transport.CredentialsProvider;
import org.eclipse.jgit.transport.SshConstants;
import org.eclipse.jgit.transport.URIish;
import org.eclipse.jgit.util.FS;
import org.eclipse.jgit.util.StringUtils;

/* loaded from: input_file:WEB-INF/lib/org.eclipse.jgit.ssh.apache-6.8.0.202311291450-r.jar:org/eclipse/jgit/internal/transport/sshd/JGitPublicKeyAuthentication.class */
public class JGitPublicKeyAuthentication extends UserAuthPublicKey {
    private static final String LOG_FORMAT = "{}";
    private SshAgent agent;
    private HostConfigEntry hostConfig;
    private boolean addKeysToAgent;
    private boolean askBeforeAdding;
    private String skProvider;
    private SshAgentKeyConstraint[] constraints;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/org.eclipse.jgit.ssh.apache-6.8.0.202311291450-r.jar:org/eclipse/jgit/internal/transport/sshd/JGitPublicKeyAuthentication$KeyIterator.class */
    public class KeyIterator extends UserAuthPublicKeyIterator {
        public KeyIterator(ClientSession clientSession, SignatureFactoriesManager signatureFactoriesManager) throws Exception {
            super(clientSession, signatureFactoriesManager);
        }

        private List<PublicKey> getExplicitKeys(Collection<String> collection) {
            if (collection == null) {
                return null;
            }
            return (List) collection.stream().map(str -> {
                try {
                    Path path = Paths.get(str + ".pub", new String[0]);
                    if (Files.isRegularFile(path, LinkOption.NOFOLLOW_LINKS)) {
                        return ((AuthorizedKeyEntry) AuthorizedKeyEntry.readAuthorizedKeys(path, new OpenOption[0]).get(0)).resolvePublicKey((SessionContext) null, PublicKeyEntryResolver.IGNORING);
                    }
                    return null;
                } catch (IOException | InvalidPathException | GeneralSecurityException e) {
                    JGitPublicKeyAuthentication.this.log.warn(JGitPublicKeyAuthentication.LOG_FORMAT, MessageFormat.format(SshdText.get().cannotReadPublicKey, str), e);
                    return null;
                }
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            }).collect(Collectors.toList());
        }

        protected Iterable<KeyAgentIdentity> initializeAgentIdentities(ClientSession clientSession) throws IOException {
            Iterable<KeyAgentIdentity> agentIdentities = getAgentIdentities();
            if (agentIdentities == null) {
                return null;
            }
            Collection<PublicKey> identitiesOnly = identitiesOnly();
            return GenericUtils.isEmpty(identitiesOnly) ? agentIdentities : () -> {
                return new Iterator<KeyAgentIdentity>(agentIdentities, identitiesOnly) { // from class: org.eclipse.jgit.internal.transport.sshd.JGitPublicKeyAuthentication.KeyIterator.1
                    private final Iterator<KeyAgentIdentity> identities;
                    private KeyAgentIdentity next;
                    private final /* synthetic */ Collection val$identityFiles;

                    {
                        this.val$identityFiles = identitiesOnly;
                        this.identities = agentIdentities.iterator();
                    }

                    @Override // java.util.Iterator
                    public boolean hasNext() {
                        while (this.next == null && this.identities.hasNext()) {
                            KeyAgentIdentity next = this.identities.next();
                            PublicKey publicKey = next.getKeyIdentity().getPublic();
                            if (this.val$identityFiles.stream().anyMatch(publicKey2 -> {
                                return KeyUtils.compareKeys(publicKey2, publicKey);
                            })) {
                                this.next = next;
                                return true;
                            }
                            if (JGitPublicKeyAuthentication.this.log.isTraceEnabled()) {
                                JGitPublicKeyAuthentication.this.log.trace("Ignoring SSH agent or PKCS11 {} key not in explicit IdentityFile in SSH config: {}", KeyUtils.getKeyType(publicKey), KeyUtils.getFingerPrint(publicKey));
                            }
                        }
                        return this.next != null;
                    }

                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.util.Iterator
                    public KeyAgentIdentity next() {
                        if (!hasNext()) {
                            throw new NoSuchElementException();
                        }
                        KeyAgentIdentity keyAgentIdentity = this.next;
                        this.next = null;
                        return keyAgentIdentity;
                    }
                };
            };
        }

        private Collection<PublicKey> identitiesOnly() {
            return (JGitPublicKeyAuthentication.this.hostConfig == null || !JGitPublicKeyAuthentication.this.hostConfig.isIdentitiesOnly()) ? Collections.emptyList() : getExplicitKeys(JGitPublicKeyAuthentication.this.hostConfig.getIdentities());
        }

        private Iterable<KeyAgentIdentity> getAgentIdentities() throws IOException {
            Iterable<KeyAgentIdentity> pkcs11Keys = getPkcs11Keys();
            if (JGitPublicKeyAuthentication.this.agent == null) {
                return pkcs11Keys;
            }
            Iterable identities = JGitPublicKeyAuthentication.this.agent.getIdentities();
            if (GenericUtils.isEmpty(identities)) {
                return pkcs11Keys;
            }
            Iterable<KeyAgentIdentity> iterable = () -> {
                return new Iterator<KeyAgentIdentity>(identities) { // from class: org.eclipse.jgit.internal.transport.sshd.JGitPublicKeyAuthentication.KeyIterator.2
                    private final Iterator<? extends Map.Entry<PublicKey, String>> iter;

                    {
                        this.iter = identities.iterator();
                    }

                    @Override // java.util.Iterator
                    public boolean hasNext() {
                        return this.iter.hasNext();
                    }

                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.util.Iterator
                    public KeyAgentIdentity next() {
                        Map.Entry<PublicKey, String> next = this.iter.next();
                        return new KeyAgentIdentity(JGitPublicKeyAuthentication.this.agent, next.getKey(), next.getValue());
                    }
                };
            };
            return GenericUtils.isEmpty(pkcs11Keys) ? iterable : () -> {
                return new Iterator<KeyAgentIdentity>(pkcs11Keys, iterable) { // from class: org.eclipse.jgit.internal.transport.sshd.JGitPublicKeyAuthentication.KeyIterator.3
                    private final Iterator<Iterator<KeyAgentIdentity>> keyIter;
                    private Iterator<KeyAgentIdentity> currentKeys;
                    private Boolean hasElement;

                    {
                        this.keyIter = List.of(pkcs11Keys.iterator(), iterable.iterator()).iterator();
                    }

                    @Override // java.util.Iterator
                    public boolean hasNext() {
                        if (this.hasElement != null) {
                            return this.hasElement.booleanValue();
                        }
                        while (true) {
                            if (this.currentKeys != null && this.currentKeys.hasNext()) {
                                this.hasElement = Boolean.TRUE;
                                return true;
                            }
                            if (!this.keyIter.hasNext()) {
                                this.currentKeys = null;
                                this.hasElement = Boolean.FALSE;
                                return false;
                            }
                            this.currentKeys = this.keyIter.next();
                        }
                    }

                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.util.Iterator
                    public KeyAgentIdentity next() {
                        KeyAgentIdentity keyAgentIdentity;
                        if ((this.hasElement == null && !hasNext()) || !this.hasElement.booleanValue()) {
                            throw new NoSuchElementException();
                        }
                        this.hasElement = null;
                        try {
                            keyAgentIdentity = this.currentKeys.next();
                        } catch (NoSuchElementException e) {
                            keyAgentIdentity = null;
                        }
                        return keyAgentIdentity;
                    }
                };
            };
        }

        private Iterable<KeyAgentIdentity> getPkcs11Keys() throws IOException {
            String property = JGitPublicKeyAuthentication.this.hostConfig.getProperty(SshConstants.PKCS11_PROVIDER);
            if (StringUtils.isEmptyOrNull(property) || SshConstants.NONE.equals(property)) {
                return null;
            }
            if (property.startsWith("~/") || property.startsWith("~" + File.separator)) {
                property = new File(FS.DETECTED.userHome(), property.substring(2)).toString();
            }
            Path path = Paths.get(property, new String[0]);
            if (!path.isAbsolute()) {
                throw new IOException(MessageFormat.format(SshdText.get().pkcs11NotAbsolute, JGitPublicKeyAuthentication.this.hostConfig.getHost(), JGitPublicKeyAuthentication.this.hostConfig.getHostName(), SshConstants.PKCS11_PROVIDER, property));
            }
            if (!Files.isRegularFile(path, new LinkOption[0])) {
                throw new IOException(MessageFormat.format(SshdText.get().pkcs11NonExisting, JGitPublicKeyAuthentication.this.hostConfig.getHost(), JGitPublicKeyAuthentication.this.hostConfig.getHostName(), SshConstants.PKCS11_PROVIDER, property));
            }
            try {
                Pkcs11Provider provider = Pkcs11Provider.getProvider(path, OpenSshConfigFile.positive(JGitPublicKeyAuthentication.this.hostConfig.getProperty(SshConstants.PKCS11_SLOT_LIST_INDEX)));
                if (provider == null) {
                    throw new UnsupportedOperationException();
                }
                Iterable<KeyAgentIdentity> keys = provider.getKeys(getSession());
                if (!GenericUtils.isEmpty(keys)) {
                    return keys;
                }
                JGitPublicKeyAuthentication.this.log.warn(JGitPublicKeyAuthentication.LOG_FORMAT, MessageFormat.format(SshdText.get().pkcs11NoKeys, JGitPublicKeyAuthentication.this.hostConfig.getHost(), JGitPublicKeyAuthentication.this.hostConfig.getHostName(), SshConstants.PKCS11_PROVIDER, property));
                return null;
            } catch (UnsupportedOperationException e) {
                throw new UnsupportedOperationException(MessageFormat.format(SshdText.get().pkcs11Unsupported, JGitPublicKeyAuthentication.this.hostConfig.getHost(), JGitPublicKeyAuthentication.this.hostConfig.getHostName(), SshConstants.PKCS11_PROVIDER, property), e);
            } catch (Exception e2) {
                checkCancellation(e2);
                throw new IOException(MessageFormat.format(SshdText.get().pkcs11FailedInstantiation, JGitPublicKeyAuthentication.this.hostConfig.getHost(), JGitPublicKeyAuthentication.this.hostConfig.getHostName(), SshConstants.PKCS11_PROVIDER, property), e2);
            }
        }

        private void checkCancellation(Throwable th) {
            Throwable th2 = th;
            while (true) {
                Throwable th3 = th2;
                if (th3 == null) {
                    return;
                }
                if (th3 instanceof AuthenticationCanceledException) {
                    throw ((AuthenticationCanceledException) th3);
                }
                th2 = th3.getCause();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public JGitPublicKeyAuthentication(List<NamedFactory<Signature>> list) {
        super(list);
    }

    public void init(ClientSession clientSession, String str) throws Exception {
        if (!(clientSession instanceof JGitClientSession)) {
            throw new IllegalStateException("Wrong session type: " + clientSession.getClass().getCanonicalName());
        }
        JGitClientSession jGitClientSession = (JGitClientSession) clientSession;
        this.hostConfig = jGitClientSession.getHostConfigEntry();
        String property = this.hostConfig.getProperty(SshConstants.PUBKEY_ACCEPTED_ALGORITHMS);
        if (!StringUtils.isEmptyOrNull(property)) {
            List<String> modifyAlgorithmList = jGitClientSession.modifyAlgorithmList(jGitClientSession.getSignatureFactoriesNames(), jGitClientSession.getAllAvailableSignatureAlgorithms(), property, SshConstants.PUBKEY_ACCEPTED_ALGORITHMS);
            if (!modifyAlgorithmList.isEmpty()) {
                if (this.log.isDebugEnabled()) {
                    this.log.debug("PubkeyAcceptedAlgorithms " + String.valueOf(modifyAlgorithmList));
                }
                setSignatureFactoriesNames(modifyAlgorithmList);
                super.init(jGitClientSession, str);
                return;
            }
            this.log.warn(LOG_FORMAT, MessageFormat.format(SshdText.get().configNoKnownAlgorithms, SshConstants.PUBKEY_ACCEPTED_ALGORITHMS, property));
        }
        List signatureFactories = getSignatureFactories();
        if (signatureFactories == null || signatureFactories.isEmpty()) {
            setSignatureFactoriesNames(jGitClientSession.getSignatureFactoriesNames());
        }
        super.init(jGitClientSession, str);
    }

    protected Iterator<PublicKeyIdentity> createPublicKeyIterator(ClientSession clientSession, SignatureFactoriesManager signatureFactoriesManager) throws Exception {
        this.agent = getAgent(clientSession);
        if (this.agent != null) {
            parseAddKeys(this.hostConfig);
            if (this.addKeysToAgent) {
                this.skProvider = this.hostConfig.getProperty(SshConstants.SECURITY_KEY_PROVIDER);
            }
        }
        return new KeyIterator(clientSession, signatureFactoriesManager);
    }

    protected PublicKeyIdentity resolveAttemptedPublicKeyIdentity(ClientSession clientSession, String str) throws Exception {
        KeyPair keyIdentity;
        PublicKeyIdentity resolveAttemptedPublicKeyIdentity = super.resolveAttemptedPublicKeyIdentity(clientSession, str);
        if (this.addKeysToAgent && resolveAttemptedPublicKeyIdentity != null && !(resolveAttemptedPublicKeyIdentity instanceof KeyAgentIdentity) && (keyIdentity = resolveAttemptedPublicKeyIdentity.getKeyIdentity()) != null && keyIdentity.getPublic() != null && keyIdentity.getPrivate() != null) {
            PublicKey publicKey = keyIdentity.getPublic();
            String fingerPrint = KeyUtils.getFingerPrint(publicKey);
            String keyType = KeyUtils.getKeyType(keyIdentity);
            try {
                if (agentHasKey(publicKey)) {
                    return resolveAttemptedPublicKeyIdentity;
                }
                if (this.askBeforeAdding && (clientSession instanceof JGitClientSession)) {
                    CredentialsProvider credentialsProvider = ((JGitClientSession) clientSession).getCredentialsProvider();
                    CredentialItem.YesNoType yesNoType = new CredentialItem.YesNoType(MessageFormat.format(SshdText.get().pubkeyAuthAddKeyToAgentQuestion, keyType, fingerPrint));
                    if (!(credentialsProvider != null && credentialsProvider.supports(yesNoType) && credentialsProvider.get(getUri(), yesNoType)) || !yesNoType.getValue()) {
                        return resolveAttemptedPublicKeyIdentity;
                    }
                }
                SshAgentKeyConstraint[] sshAgentKeyConstraintArr = this.constraints;
                if ((publicKey instanceof SecurityKeyPublicKey) && !StringUtils.isEmptyOrNull(this.skProvider)) {
                    sshAgentKeyConstraintArr = (SshAgentKeyConstraint[]) Arrays.copyOf(sshAgentKeyConstraintArr, sshAgentKeyConstraintArr.length + 1);
                    sshAgentKeyConstraintArr[sshAgentKeyConstraintArr.length - 1] = new SshAgentKeyConstraint.FidoProviderExtension(this.skProvider);
                }
                this.agent.addIdentity(keyIdentity, (String) null, sshAgentKeyConstraintArr);
            } catch (IOException e) {
                this.log.error(LOG_FORMAT, MessageFormat.format(SshdText.get().pubkeyAuthAddKeyToAgentError, keyType, fingerPrint), e);
            }
        }
        return resolveAttemptedPublicKeyIdentity;
    }

    private boolean agentHasKey(PublicKey publicKey) throws IOException {
        Iterable identities = this.agent.getIdentities();
        if (identities == null) {
            return false;
        }
        Iterator it = identities.iterator();
        while (it.hasNext()) {
            if (KeyUtils.compareKeys((PublicKey) ((Map.Entry) it.next()).getKey(), publicKey)) {
                return true;
            }
        }
        return false;
    }

    private URIish getUri() {
        String str;
        str = "ssh://";
        String username = this.hostConfig.getUsername();
        String str2 = (StringUtils.isEmptyOrNull(username) ? "ssh://" : str + username + "@") + this.hostConfig.getHost();
        int port = this.hostConfig.getPort();
        if (port > 0 && port != 22) {
            str2 = str2 + ":" + port;
        }
        try {
            return new URIish(str2);
        } catch (URISyntaxException e) {
            this.log.error(e.getLocalizedMessage(), e);
            return new URIish();
        }
    }

    private SshAgent getAgent(ClientSession clientSession) throws Exception {
        FactoryManager factoryManager = (FactoryManager) Objects.requireNonNull(clientSession.getFactoryManager(), "No session factory manager");
        SshAgentFactory agentFactory = factoryManager.getAgentFactory();
        if (agentFactory == null) {
            return null;
        }
        return agentFactory.createClient(clientSession, factoryManager);
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Removed duplicated region for block: B:28:0x00f5  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void parseAddKeys(org.apache.sshd.client.config.hosts.HostConfigEntry r6) {
        /*
            Method dump skipped, instructions count: 286
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.eclipse.jgit.internal.transport.sshd.JGitPublicKeyAuthentication.parseAddKeys(org.apache.sshd.client.config.hosts.HostConfigEntry):void");
    }

    protected void releaseKeys() throws IOException {
        this.addKeysToAgent = false;
        this.askBeforeAdding = false;
        this.skProvider = null;
        this.constraints = null;
        try {
            if (this.agent != null) {
                try {
                    this.agent.close();
                    this.agent = null;
                } catch (Throwable th) {
                    this.agent = null;
                    throw th;
                }
            }
        } finally {
            super.releaseKeys();
        }
    }
}
