package org.eclipse.jgit.internal.signing.ssh;

import java.io.BufferedReader;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.StreamCorruptedException;
import java.io.StringReader;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.text.MessageFormat;
import java.util.AbstractMap;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import org.apache.sshd.client.auth.pubkey.PublicKeyIdentity;
import org.apache.sshd.common.config.keys.AuthorizedKeyEntry;
import org.apache.sshd.common.config.keys.KeyUtils;
import org.apache.sshd.common.config.keys.OpenSshCertificate;
import org.apache.sshd.common.config.keys.PublicKeyEntryResolver;
import org.apache.sshd.common.config.keys.loader.KeyPairResourceParser;
import org.apache.sshd.common.session.SessionContext;
import org.apache.sshd.common.signature.BuiltinSignatures;
import org.apache.sshd.common.signature.Signature;
import org.apache.sshd.common.util.security.SecurityUtils;
import org.eclipse.jgit.annotations.NonNull;
import org.eclipse.jgit.api.errors.CanceledException;
import org.eclipse.jgit.internal.transport.sshd.AuthenticationCanceledException;
import org.eclipse.jgit.internal.transport.sshd.PasswordProviderWrapper;
import org.eclipse.jgit.internal.transport.sshd.SshdText;
import org.eclipse.jgit.internal.transport.sshd.agent.SshAgentClient;
import org.eclipse.jgit.lib.GpgConfig;
import org.eclipse.jgit.lib.GpgSignature;
import org.eclipse.jgit.lib.PersonIdent;
import org.eclipse.jgit.lib.Repository;
import org.eclipse.jgit.lib.Signer;
import org.eclipse.jgit.transport.CredentialsProvider;
import org.eclipse.jgit.transport.sshd.KeyPasswordProviderFactory;
import org.eclipse.jgit.transport.sshd.agent.Connector;
import org.eclipse.jgit.transport.sshd.agent.ConnectorFactory;
import org.eclipse.jgit.util.Base64;
import org.eclipse.jgit.util.FS;
import org.eclipse.jgit.util.StringUtils;
import org.eclipse.jgit.util.SystemReader;
import org.eclipse.jgit.util.TemporaryBuffer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/jgit/internal/signing/ssh/SshSigner.class */
public class SshSigner implements Signer {
    private static final Logger LOG = LoggerFactory.getLogger(SshSigner.class);
    private static final String GIT_KEY_PREFIX = "key::";
    private static final int LINE_LENGTH = 75;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/eclipse/jgit/internal/signing/ssh/SshSigner$AgentIdentity.class */
    public static class AgentIdentity extends KeyPairIdentity {
        AgentIdentity(PublicKey publicKey) {
            super(new KeyPair(publicKey, null));
        }

        @Override // org.eclipse.jgit.internal.signing.ssh.SshSigner.KeyPairIdentity
        public Map.Entry<String, byte[]> sign(SessionContext sessionContext, String str, byte[] bArr) throws Exception {
            ConnectorFactory connectorFactory = ConnectorFactory.getDefault();
            Connector create = connectorFactory == null ? null : connectorFactory.create("", null);
            if (create == null) {
                throw new IOException(SshdText.get().signNoAgent);
            }
            Throwable th = null;
            try {
                SshAgentClient sshAgentClient = new SshAgentClient(create);
                try {
                    Map.Entry<String, byte[]> sign = sshAgentClient.sign(null, getKeyIdentity().getPublic(), str, bArr);
                    if (sshAgentClient != null) {
                        sshAgentClient.close();
                    }
                    return sign;
                } catch (Throwable th2) {
                    if (sshAgentClient != null) {
                        sshAgentClient.close();
                    }
                    throw th2;
                }
            } catch (Throwable th3) {
                if (0 == 0) {
                    th = th3;
                } else if (null != th3) {
                    th.addSuppressed(th3);
                }
                throw th;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/eclipse/jgit/internal/signing/ssh/SshSigner$KeyPairIdentity.class */
    public static class KeyPairIdentity implements PublicKeyIdentity {

        @NonNull
        private final KeyPair pair;

        KeyPairIdentity(@NonNull KeyPair keyPair) {
            this.pair = keyPair;
        }

        public KeyPair getKeyIdentity() {
            return this.pair;
        }

        public Map.Entry<String, byte[]> sign(SessionContext sessionContext, String str, byte[] bArr) throws Exception {
            BuiltinSignatures fromFactoryName = BuiltinSignatures.fromFactoryName(str);
            if (fromFactoryName == null || !fromFactoryName.isSupported()) {
                throw new GeneralSecurityException(MessageFormat.format(SshdText.get().signUnknownSignatureAlgorithm, str));
            }
            Signature signature = (Signature) fromFactoryName.create();
            signature.initSigner((SessionContext) null, this.pair.getPrivate());
            signature.update((SessionContext) null, bArr);
            return new AbstractMap.SimpleImmutableEntry(fromFactoryName.getName(), signature.sign((SessionContext) null));
        }
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Code restructure failed: missing block: B:14:0x00ef, code lost:
    
        if (r19.equals("ssh-dss") == false) goto L40;
     */
    /* JADX WARN: Code restructure failed: missing block: B:16:0x0129, code lost:
    
        throw new org.eclipse.jgit.api.errors.UnsupportedSigningFormatException(org.eclipse.jgit.internal.transport.sshd.SshdText.get().signInvalidKeyDSA);
     */
    /* JADX WARN: Code restructure failed: missing block: B:25:0x0116, code lost:
    
        if (r19.equals("ssh-dss-cert-v01@openssh.com") == false) goto L40;
     */
    /* JADX WARN: Failed to find 'out' block for switch in B:12:0x00bc. Please report as an issue. */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public org.eclipse.jgit.lib.GpgSignature sign(org.eclipse.jgit.lib.Repository r9, org.eclipse.jgit.lib.GpgConfig r10, byte[] r11, org.eclipse.jgit.lib.PersonIdent r12, java.lang.String r13, org.eclipse.jgit.transport.CredentialsProvider r14) throws org.eclipse.jgit.api.errors.CanceledException, java.io.IOException, org.eclipse.jgit.api.errors.UnsupportedSigningFormatException {
        /*
            Method dump skipped, instructions count: 483
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.eclipse.jgit.internal.signing.ssh.SshSigner.sign(org.eclipse.jgit.lib.Repository, org.eclipse.jgit.lib.GpgConfig, byte[], org.eclipse.jgit.lib.PersonIdent, java.lang.String, org.eclipse.jgit.transport.CredentialsProvider):org.eclipse.jgit.lib.GpgSignature");
    }

    private static String defaultKeyCommand(@NonNull Repository repository, @NonNull GpgConfig gpgConfig) throws IOException {
        String sshDefaultKeyCommand = gpgConfig.getSshDefaultKeyCommand();
        if (StringUtils.isEmptyOrNull(sshDefaultKeyCommand)) {
            return null;
        }
        FS fs = repository.getFS();
        if (fs == null) {
            fs = FS.DETECTED;
        }
        ProcessBuilder runInShell = fs.runInShell(sshDefaultKeyCommand, new String[0]);
        FS.ExecutionResult executionResult = null;
        try {
            try {
                FS.ExecutionResult execute = fs.execute(runInShell, (InputStream) null);
                int rc = execute.getRc();
                if (rc != 0) {
                    throw new IOException(MessageFormat.format(SshdText.get().signDefaultKeyFailed, sshDefaultKeyCommand, Integer.toString(rc), toString(execute.getStderr())));
                }
                Throwable th = null;
                try {
                    BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(execute.getStdout().openInputStream(), SystemReader.getInstance().getDefaultCharset()));
                    try {
                        String readLine = bufferedReader.readLine();
                        if (readLine != null) {
                            readLine = readLine.strip();
                        }
                        if (StringUtils.isEmptyOrNull(readLine)) {
                            throw new IOException(MessageFormat.format(SshdText.get().signDefaultKeyEmpty, sshDefaultKeyCommand));
                        }
                        String str = readLine;
                        if (execute != null) {
                            if (execute.getStderr() != null) {
                                execute.getStderr().destroy();
                            }
                            if (execute.getStdout() != null) {
                                execute.getStdout().destroy();
                            }
                        }
                        return str;
                    } finally {
                        if (bufferedReader != null) {
                            bufferedReader.close();
                        }
                    }
                } catch (Throwable th2) {
                    if (0 == 0) {
                        th = th2;
                    } else if (null != th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } catch (InterruptedException e) {
                Thread.currentThread().interrupt();
                throw new IOException(MessageFormat.format(SshdText.get().signDefaultKeyInterrupted, sshDefaultKeyCommand), e);
            }
        } catch (Throwable th3) {
            if (0 != 0) {
                if (executionResult.getStderr() != null) {
                    executionResult.getStderr().destroy();
                }
                if (executionResult.getStdout() != null) {
                    executionResult.getStdout().destroy();
                }
            }
            throw th3;
        }
    }

    private static String toString(TemporaryBuffer temporaryBuffer) {
        if (temporaryBuffer == null) {
            return "";
        }
        try {
            return new String(temporaryBuffer.toByteArray(4000), SystemReader.getInstance().getDefaultCharset());
        } catch (IOException e) {
            LOG.warn("{}", SshdText.get().signStderr, e);
            return "";
        }
    }

    /* JADX WARN: Finally extract failed */
    private static PublicKeyIdentity getIdentity(String str, PersonIdent personIdent, CredentialsProvider credentialsProvider) throws CanceledException, GeneralSecurityException, IOException {
        StringReader stringReader;
        String verify;
        if (StringUtils.isEmptyOrNull(str)) {
            throw new IllegalArgumentException(SshdText.get().signNoSigningKey);
        }
        PublicKey publicKey = null;
        PrivateKey privateKey = null;
        File file = null;
        if (str.startsWith(GIT_KEY_PREFIX)) {
            Throwable th = null;
            try {
                stringReader = new StringReader(str.substring(GIT_KEY_PREFIX.length()));
                try {
                    publicKey = fromEntry(AuthorizedKeyEntry.readAuthorizedKeys(stringReader, true));
                    if (stringReader != null) {
                        stringReader.close();
                    }
                } finally {
                }
            } catch (Throwable th2) {
                if (0 == 0) {
                    th = th2;
                } else if (null != th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } else if (str.startsWith("~/") || str.startsWith("~" + File.separator)) {
            file = new File(FS.DETECTED.userHome(), str.substring(2));
        } else {
            Throwable th3 = null;
            try {
                try {
                    stringReader = new StringReader(str);
                    try {
                        publicKey = fromEntry(AuthorizedKeyEntry.readAuthorizedKeys(stringReader, true));
                        if (stringReader != null) {
                            stringReader.close();
                        }
                    } finally {
                    }
                } catch (IOException e) {
                    file = new File(str);
                }
            } catch (Throwable th4) {
                if (0 == 0) {
                    th3 = th4;
                } else if (null != th4) {
                    th3.addSuppressed(th4);
                }
                throw th3;
            }
        }
        if (file != null && file.isFile()) {
            try {
                publicKey = fromEntry(AuthorizedKeyEntry.readAuthorizedKeys(file.toPath(), new OpenOption[0]));
                if (publicKey == null) {
                    throw new IOException(MessageFormat.format(SshdText.get().signTooManyPublicKeys, file));
                }
                File privateKeyFile = getPrivateKeyFile(file.getParentFile(), file.getName());
                if (privateKeyFile != null) {
                    try {
                        KeyPair loadPrivateKey = loadPrivateKey(privateKeyFile.toPath(), credentialsProvider);
                        if (loadPrivateKey != null) {
                            PublicKey publicKey2 = loadPrivateKey.getPublic();
                            if (publicKey2 == null) {
                                privateKey = loadPrivateKey.getPrivate();
                            } else {
                                PublicKey publicKey3 = publicKey;
                                if (publicKey instanceof OpenSshCertificate) {
                                    publicKey3 = ((OpenSshCertificate) publicKey).getCertPubKey();
                                }
                                if (KeyUtils.compareKeys(publicKey3, publicKey2)) {
                                    privateKey = loadPrivateKey.getPrivate();
                                }
                            }
                        }
                    } catch (IOException e2) {
                    }
                }
            } catch (StreamCorruptedException e3) {
                KeyPair loadPrivateKey2 = loadPrivateKey(file.toPath(), credentialsProvider);
                if (loadPrivateKey2 != null) {
                    publicKey = loadPrivateKey2.getPublic();
                    privateKey = loadPrivateKey2.getPrivate();
                }
            }
        }
        if (publicKey == null) {
            throw new IOException(MessageFormat.format(SshdText.get().signNoPublicKey, str));
        }
        if (!(publicKey instanceof OpenSshCertificate) || (verify = SshCertificateUtils.verify((OpenSshCertificate) publicKey, personIdent.getWhenAsInstant())) == null) {
            return privateKey == null ? new AgentIdentity(publicKey) : new KeyPairIdentity(new KeyPair(publicKey, privateKey));
        }
        throw new IOException(verify);
    }

    private static File getPrivateKeyFile(File file, String str) {
        if (!str.endsWith(".pub")) {
            return null;
        }
        String substring = str.substring(0, str.length() - 4);
        if (substring.isEmpty()) {
            return null;
        }
        File file2 = new File(file, substring);
        if (file2.isFile()) {
            return file2;
        }
        if (!substring.endsWith("-cert")) {
            return null;
        }
        String substring2 = substring.substring(0, substring.length() - 5);
        if (substring2.isEmpty()) {
            return null;
        }
        File file3 = new File(file, substring2);
        if (file3.isFile()) {
            return file3;
        }
        return null;
    }

    private static KeyPair loadPrivateKey(Path path, CredentialsProvider credentialsProvider) throws CanceledException, GeneralSecurityException, IOException {
        KeyPairResourceParser keyPairResourceParser;
        if (!Files.isRegularFile(path, new LinkOption[0]) || (keyPairResourceParser = SecurityUtils.getKeyPairResourceParser()) == null) {
            return null;
        }
        PasswordProviderWrapper passwordProviderWrapper = null;
        if (credentialsProvider != null) {
            passwordProviderWrapper = new PasswordProviderWrapper(() -> {
                return KeyPasswordProviderFactory.getInstance().apply(credentialsProvider);
            });
        }
        try {
            Collection loadKeyPairs = keyPairResourceParser.loadKeyPairs((SessionContext) null, path, passwordProviderWrapper, new OpenOption[0]);
            if (loadKeyPairs.size() != 1) {
                throw new GeneralSecurityException(MessageFormat.format(SshdText.get().signTooManyPrivateKeys, path));
            }
            return (KeyPair) loadKeyPairs.iterator().next();
        } catch (AuthenticationCanceledException e) {
            throw new CanceledException(e.getMessage());
        }
    }

    private static GpgSignature armor(byte[] bArr) throws IOException {
        Throwable th = null;
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            try {
                byteArrayOutputStream.write(SshSignatureConstants.ARMOR_HEAD);
                byteArrayOutputStream.write(10);
                String encodeBytes = Base64.encodeBytes(bArr);
                int length = encodeBytes.length();
                int i = 0;
                for (int i2 = 0; i2 < length; i2++) {
                    byteArrayOutputStream.write(encodeBytes.charAt(i2));
                    i++;
                    if (i == LINE_LENGTH) {
                        byteArrayOutputStream.write(10);
                        i = 0;
                    }
                }
                if (i > 0) {
                    byteArrayOutputStream.write(10);
                }
                byteArrayOutputStream.write(SshSignatureConstants.ARMOR_END);
                byteArrayOutputStream.write(10);
                GpgSignature gpgSignature = new GpgSignature(byteArrayOutputStream.toByteArray());
                if (byteArrayOutputStream != null) {
                    byteArrayOutputStream.close();
                }
                return gpgSignature;
            } catch (Throwable th2) {
                if (byteArrayOutputStream != null) {
                    byteArrayOutputStream.close();
                }
                throw th2;
            }
        } catch (Throwable th3) {
            if (0 == 0) {
                th = th3;
            } else if (null != th3) {
                th.addSuppressed(th3);
            }
            throw th;
        }
    }

    private static PublicKey fromEntry(List<AuthorizedKeyEntry> list) throws GeneralSecurityException, IOException {
        if (list == null || list.size() != 1) {
            return null;
        }
        return list.get(0).resolvePublicKey((SessionContext) null, PublicKeyEntryResolver.FAILING);
    }

    public boolean canLocateSigningKey(Repository repository, GpgConfig gpgConfig, PersonIdent personIdent, String str, CredentialsProvider credentialsProvider) throws CanceledException {
        String str2 = str;
        if (str2 == null) {
            str2 = gpgConfig.getSigningKey();
        }
        return (StringUtils.isEmptyOrNull(str2) && StringUtils.isEmptyOrNull(gpgConfig.getSshDefaultKeyCommand())) ? false : true;
    }
}
