package com.cloudbees.jenkins.plugins.sshcredentials.impl;

import com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator;
import com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticatorFactory;
import com.cloudbees.jenkins.plugins.sshcredentials.SSHUserPrivateKey;
import com.cloudbees.plugins.credentials.common.StandardUsernameCredentials;
import edu.umd.cs.findbugs.annotations.CheckForNull;
import edu.umd.cs.findbugs.annotations.NonNull;
import edu.umd.cs.findbugs.annotations.Nullable;
import hudson.Extension;
import hudson.util.Secret;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.sshd.client.auth.pubkey.UserAuthPublicKeyFactory;
import org.apache.sshd.client.future.AuthFuture;
import org.apache.sshd.client.session.ClientSession;
import org.apache.sshd.common.config.keys.FilePasswordProvider;
import org.apache.sshd.common.session.SessionContext;
import org.apache.sshd.common.util.io.resource.PathResource;
import org.apache.sshd.common.util.security.SecurityUtils;

/* loaded from: input_file:WEB-INF/lib/ssh-credentials.jar:com/cloudbees/jenkins/plugins/sshcredentials/impl/MinaSSHPublicKeyAuthenticator.class */
public class MinaSSHPublicKeyAuthenticator extends SSHAuthenticator<ClientSession, SSHUserPrivateKey> {
    static int authTimeout = Integer.parseInt(System.getProperty(MinaSSHPublicKeyAuthenticator.class.getName() + ".authTimeout", "15"));
    private static final Logger LOGGER = Logger.getLogger(MinaSSHPublicKeyAuthenticator.class.getName());

    @Extension
    /* loaded from: input_file:WEB-INF/lib/ssh-credentials.jar:com/cloudbees/jenkins/plugins/sshcredentials/impl/MinaSSHPublicKeyAuthenticator$Factory.class */
    public static class Factory extends SSHAuthenticatorFactory {
        private static final long serialVersionUID = 1;

        @Override // com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticatorFactory
        @Nullable
        protected <C, U extends StandardUsernameCredentials> SSHAuthenticator<C, U> newInstance(@NonNull C c, @NonNull U u) {
            return newInstance(c, u, null);
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticatorFactory
        @Nullable
        public <C, U extends StandardUsernameCredentials> SSHAuthenticator<C, U> newInstance(@NonNull C c, @NonNull U u, @CheckForNull String str) {
            if (supports(c.getClass(), u.getClass())) {
                return new MinaSSHPublicKeyAuthenticator((ClientSession) c, (SSHUserPrivateKey) u, str);
            }
            return null;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticatorFactory
        public <C, U extends StandardUsernameCredentials> boolean supports(@NonNull Class<C> cls, @NonNull Class<U> cls2) {
            return ClientSession.class.isAssignableFrom(cls) && SSHUserPrivateKey.class.isAssignableFrom(cls2);
        }
    }

    MinaSSHPublicKeyAuthenticator(@NonNull ClientSession clientSession, @NonNull SSHUserPrivateKey sSHUserPrivateKey) {
        super(clientSession, sSHUserPrivateKey, null);
    }

    MinaSSHPublicKeyAuthenticator(@NonNull ClientSession clientSession, @NonNull SSHUserPrivateKey sSHUserPrivateKey, @CheckForNull String str) {
        super(clientSession, sSHUserPrivateKey, str);
    }

    @Override // com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator
    public boolean canAuthenticate() {
        return getConnection().getUserAuthFactories().stream().anyMatch(userAuthFactory -> {
            return userAuthFactory instanceof UserAuthPublicKeyFactory;
        }) && !getConnection().isAuthenticated() && getConnection().isOpen();
    }

    @Override // com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator
    @NonNull
    public SSHAuthenticator.Mode getAuthenticationMode() {
        return SSHAuthenticator.Mode.AFTER_CONNECT;
    }

    @Override // com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator
    protected boolean doAuthenticate() {
        SSHUserPrivateKey user = getUser();
        for (String str : user.getPrivateKeys()) {
            try {
                Secret passphrase = user.getPassphrase();
                SecurityUtils.loadKeyPairIdentities((SessionContext) null, new PathResource(Paths.get("key", new String[0])), new ByteArrayInputStream(str.getBytes(StandardCharsets.UTF_8)), passphrase == null ? null : FilePasswordProvider.of(passphrase.getPlainText())).forEach(keyPair -> {
                    getConnection().addPublicKeyIdentity(keyPair);
                });
                getConnection().setUsername(getUsername());
                return ((AuthFuture) getConnection().auth().verify(authTimeout, TimeUnit.SECONDS)).isSuccess();
            } catch (IOException e) {
                LOGGER.log(Level.WARNING, "Could not authenticate due to I/O issue", (Throwable) e);
            } catch (GeneralSecurityException e2) {
                LOGGER.log(Level.WARNING, "Could not authenticate because unrecoverable key pair", (Throwable) e2);
            }
        }
        return false;
    }
}
