package com.cloudbees.jenkins.plugins.sshcredentials.impl;

import com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator;
import com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticatorFactory;
import com.cloudbees.jenkins.plugins.sshcredentials.SSHUserPrivateKey;
import com.cloudbees.plugins.credentials.common.StandardUsernameCredentials;
import com.trilead.ssh2.Connection;
import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.Extension;
import hudson.util.Secret;
import java.io.IOException;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Logger;

/* loaded from: input_file:com/cloudbees/jenkins/plugins/sshcredentials/impl/TrileadSSHPublicKeyAuthenticator.class */
public class TrileadSSHPublicKeyAuthenticator extends SSHAuthenticator<Connection, SSHUserPrivateKey> {
    private static final Logger LOGGER = Logger.getLogger(TrileadSSHPublicKeyAuthenticator.class.getName());

    @Extension
    /* loaded from: input_file:com/cloudbees/jenkins/plugins/sshcredentials/impl/TrileadSSHPublicKeyAuthenticator$Factory.class */
    public static class Factory extends SSHAuthenticatorFactory {
        private static final long serialVersionUID = 1;

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticatorFactory
        public <C, U extends StandardUsernameCredentials> SSHAuthenticator<C, U> newInstance(@NonNull C c, @NonNull U u) {
            if (supports(c.getClass(), u.getClass())) {
                return new TrileadSSHPublicKeyAuthenticator((Connection) c, (SSHUserPrivateKey) u);
            }
            return null;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticatorFactory
        public <C, U extends StandardUsernameCredentials> boolean supports(@NonNull Class<C> cls, @NonNull Class<U> cls2) {
            return Connection.class.isAssignableFrom(cls) && SSHUserPrivateKey.class.isAssignableFrom(cls2);
        }
    }

    public TrileadSSHPublicKeyAuthenticator(Connection connection, SSHUserPrivateKey sSHUserPrivateKey) {
        super(connection, sSHUserPrivateKey);
    }

    @Override // com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator
    public boolean canAuthenticate() {
        try {
            return getRemainingAuthMethods().contains("publickey");
        } catch (IOException e) {
            e.printStackTrace(getListener().error("Failed to authenticate"));
            return false;
        }
    }

    private List<String> getRemainingAuthMethods() throws IOException {
        return Arrays.asList(getConnection().getRemainingAuthMethods(getUser().getUsername()));
    }

    @Override // com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator
    protected boolean doAuthenticate() {
        SSHUserPrivateKey user = getUser();
        String username = user.getUsername();
        try {
            Connection connection = getConnection();
            Secret passphrase = user.getPassphrase();
            String plainText = passphrase == null ? null : passphrase.getPlainText();
            List<String> remainingAuthMethods = getRemainingAuthMethods();
            if (!remainingAuthMethods.contains("publickey")) {
                getListener().error("The server does not allow public key authentication. Available options are %s", new Object[]{remainingAuthMethods});
                return false;
            }
            int i = 0;
            Iterator<String> it = user.getPrivateKeys().iterator();
            while (it.hasNext()) {
                if (connection.authenticateWithPublicKey(username, it.next().toCharArray(), plainText)) {
                    LOGGER.fine("Authentication with 'publickey' succeeded.");
                    return true;
                }
                i++;
                getListener().error("Server rejected the %d private key(s) for %s (credentialId:%s/method:publickey)", new Object[]{Integer.valueOf(i), username, user.getId()});
            }
            return false;
        } catch (IOException e) {
            e.printStackTrace(getListener().error("Failed to authenticate as %s with credential=%s", new Object[]{username, getUser().getId()}));
            return false;
        }
    }
}
