package org.eclipse.jgit.internal.transport.sshd;

import java.io.IOException;
import java.net.URISyntaxException;
import java.nio.file.Files;
import java.nio.file.InvalidPathException;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.PublicKey;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.Objects;
import java.util.stream.Collectors;
import org.apache.sshd.agent.SshAgent;
import org.apache.sshd.agent.SshAgentFactory;
import org.apache.sshd.agent.SshAgentKeyConstraint;
import org.apache.sshd.client.auth.pubkey.KeyAgentIdentity;
import org.apache.sshd.client.auth.pubkey.PublicKeyIdentity;
import org.apache.sshd.client.auth.pubkey.UserAuthPublicKey;
import org.apache.sshd.client.auth.pubkey.UserAuthPublicKeyIterator;
import org.apache.sshd.client.config.hosts.HostConfigEntry;
import org.apache.sshd.client.session.ClientSession;
import org.apache.sshd.common.FactoryManager;
import org.apache.sshd.common.NamedFactory;
import org.apache.sshd.common.config.keys.AuthorizedKeyEntry;
import org.apache.sshd.common.config.keys.KeyUtils;
import org.apache.sshd.common.config.keys.PublicKeyEntryResolver;
import org.apache.sshd.common.config.keys.u2f.SecurityKeyPublicKey;
import org.apache.sshd.common.signature.Signature;
import org.apache.sshd.common.signature.SignatureFactoriesManager;
import org.eclipse.jgit.internal.transport.ssh.OpenSshConfigFile;
import org.eclipse.jgit.transport.CredentialItem;
import org.eclipse.jgit.transport.CredentialsProvider;
import org.eclipse.jgit.transport.SshConstants;
import org.eclipse.jgit.transport.URIish;
import org.eclipse.jgit.util.StringUtils;

/* loaded from: input_file:org/eclipse/jgit/internal/transport/sshd/JGitPublicKeyAuthentication.class */
public class JGitPublicKeyAuthentication extends UserAuthPublicKey {
    private SshAgent agent;
    private HostConfigEntry hostConfig;
    private boolean addKeysToAgent;
    private boolean askBeforeAdding;
    private String skProvider;
    private SshAgentKeyConstraint[] constraints;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/eclipse/jgit/internal/transport/sshd/JGitPublicKeyAuthentication$KeyIterator.class */
    public class KeyIterator extends UserAuthPublicKeyIterator {
        private Iterable<? extends Map.Entry<PublicKey, String>> agentKeys;
        private Collection<PublicKey> identityFiles;

        public KeyIterator(ClientSession clientSession, SignatureFactoriesManager signatureFactoriesManager) throws Exception {
            super(clientSession, signatureFactoriesManager);
        }

        private List<PublicKey> getExplicitKeys(Collection<String> collection) {
            if (collection == null) {
                return null;
            }
            return (List) collection.stream().map(str -> {
                try {
                    Path path = Paths.get(str + ".pub", new String[0]);
                    if (Files.isRegularFile(path, LinkOption.NOFOLLOW_LINKS)) {
                        return AuthorizedKeyEntry.readAuthorizedKeys(path, new OpenOption[0]).get(0).resolvePublicKey(null, PublicKeyEntryResolver.IGNORING);
                    }
                    return null;
                } catch (IOException | InvalidPathException | GeneralSecurityException e) {
                    JGitPublicKeyAuthentication.this.log.warn(MessageFormat.format(SshdText.get().cannotReadPublicKey, str), e);
                    return null;
                }
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            }).collect(Collectors.toList());
        }

        @Override // org.apache.sshd.client.auth.pubkey.UserAuthPublicKeyIterator
        protected Iterable<KeyAgentIdentity> initializeAgentIdentities(ClientSession clientSession) throws IOException {
            if (JGitPublicKeyAuthentication.this.agent == null) {
                return null;
            }
            this.agentKeys = JGitPublicKeyAuthentication.this.agent.getIdentities();
            if (JGitPublicKeyAuthentication.this.hostConfig != null && JGitPublicKeyAuthentication.this.hostConfig.isIdentitiesOnly()) {
                this.identityFiles = getExplicitKeys(JGitPublicKeyAuthentication.this.hostConfig.getIdentities());
            }
            return () -> {
                return new Iterator<KeyAgentIdentity>() { // from class: org.eclipse.jgit.internal.transport.sshd.JGitPublicKeyAuthentication.KeyIterator.1
                    private final Iterator iter;
                    private Map.Entry next;

                    {
                        this.iter = KeyIterator.this.agentKeys.iterator();
                    }

                    @Override // java.util.Iterator
                    public boolean hasNext() {
                        while (this.next == null && this.iter.hasNext()) {
                            Map.Entry entry = (Map.Entry) this.iter.next();
                            PublicKey publicKey = (PublicKey) entry.getKey();
                            if (KeyIterator.this.identityFiles == null || KeyIterator.this.identityFiles.stream().anyMatch(publicKey2 -> {
                                return KeyUtils.compareKeys(publicKey2, publicKey);
                            })) {
                                this.next = entry;
                                return true;
                            }
                            if (JGitPublicKeyAuthentication.this.log.isTraceEnabled()) {
                                JGitPublicKeyAuthentication.this.log.trace("Ignoring SSH agent {} key not in explicit IdentityFile in SSH config: {}", KeyUtils.getKeyType(publicKey), KeyUtils.getFingerPrint(publicKey));
                            }
                        }
                        return this.next != null;
                    }

                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.util.Iterator
                    public KeyAgentIdentity next() {
                        if (!hasNext()) {
                            throw new NoSuchElementException();
                        }
                        KeyAgentIdentity keyAgentIdentity = new KeyAgentIdentity(JGitPublicKeyAuthentication.this.agent, (PublicKey) this.next.getKey(), (String) this.next.getValue());
                        this.next = null;
                        return keyAgentIdentity;
                    }
                };
            };
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public JGitPublicKeyAuthentication(List<NamedFactory<Signature>> list) {
        super(list);
    }

    @Override // org.apache.sshd.client.auth.pubkey.UserAuthPublicKey, org.apache.sshd.client.auth.AbstractUserAuth, org.apache.sshd.client.auth.UserAuth
    public void init(ClientSession clientSession, String str) throws Exception {
        if (!(clientSession instanceof JGitClientSession)) {
            throw new IllegalStateException("Wrong session type: " + clientSession.getClass().getCanonicalName());
        }
        JGitClientSession jGitClientSession = (JGitClientSession) clientSession;
        this.hostConfig = jGitClientSession.getHostConfigEntry();
        String property = this.hostConfig.getProperty(SshConstants.PUBKEY_ACCEPTED_ALGORITHMS);
        if (!StringUtils.isEmptyOrNull(property)) {
            List<String> modifyAlgorithmList = jGitClientSession.modifyAlgorithmList(jGitClientSession.getSignatureFactoriesNames(), jGitClientSession.getAllAvailableSignatureAlgorithms(), property, SshConstants.PUBKEY_ACCEPTED_ALGORITHMS);
            if (!modifyAlgorithmList.isEmpty()) {
                if (this.log.isDebugEnabled()) {
                    this.log.debug("PubkeyAcceptedAlgorithms " + modifyAlgorithmList);
                }
                setSignatureFactoriesNames(modifyAlgorithmList);
                super.init(jGitClientSession, str);
                return;
            }
            this.log.warn(MessageFormat.format(SshdText.get().configNoKnownAlgorithms, SshConstants.PUBKEY_ACCEPTED_ALGORITHMS, property));
        }
        List<NamedFactory<Signature>> signatureFactories = getSignatureFactories();
        if (signatureFactories == null || signatureFactories.isEmpty()) {
            setSignatureFactoriesNames(jGitClientSession.getSignatureFactoriesNames());
        }
        super.init(jGitClientSession, str);
    }

    @Override // org.apache.sshd.client.auth.pubkey.UserAuthPublicKey
    protected Iterator<PublicKeyIdentity> createPublicKeyIterator(ClientSession clientSession, SignatureFactoriesManager signatureFactoriesManager) throws Exception {
        this.agent = getAgent(clientSession);
        if (this.agent != null) {
            parseAddKeys(this.hostConfig);
            if (this.addKeysToAgent) {
                this.skProvider = this.hostConfig.getProperty(SshConstants.SECURITY_KEY_PROVIDER);
            }
        }
        return new KeyIterator(clientSession, signatureFactoriesManager);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.sshd.client.auth.pubkey.UserAuthPublicKey
    public PublicKeyIdentity resolveAttemptedPublicKeyIdentity(ClientSession clientSession, String str) throws Exception {
        PublicKeyIdentity nextKey = getNextKey(clientSession, str);
        this.currentAlgorithms.clear();
        return nextKey;
    }

    private PublicKeyIdentity getNextKey(ClientSession clientSession, String str) throws Exception {
        KeyPair keyIdentity;
        PublicKeyIdentity resolveAttemptedPublicKeyIdentity = super.resolveAttemptedPublicKeyIdentity(clientSession, str);
        if (this.addKeysToAgent && resolveAttemptedPublicKeyIdentity != null && !(resolveAttemptedPublicKeyIdentity instanceof KeyAgentIdentity) && (keyIdentity = resolveAttemptedPublicKeyIdentity.getKeyIdentity()) != null && keyIdentity.getPublic() != null && keyIdentity.getPrivate() != null) {
            PublicKey publicKey = keyIdentity.getPublic();
            String fingerPrint = KeyUtils.getFingerPrint(publicKey);
            String keyType = KeyUtils.getKeyType(keyIdentity);
            try {
                if (agentHasKey(publicKey)) {
                    return resolveAttemptedPublicKeyIdentity;
                }
                if (this.askBeforeAdding && (clientSession instanceof JGitClientSession)) {
                    CredentialsProvider credentialsProvider = ((JGitClientSession) clientSession).getCredentialsProvider();
                    CredentialItem.YesNoType yesNoType = new CredentialItem.YesNoType(MessageFormat.format(SshdText.get().pubkeyAuthAddKeyToAgentQuestion, keyType, fingerPrint));
                    if (!(credentialsProvider != null && credentialsProvider.supports(yesNoType) && credentialsProvider.get(getUri(), yesNoType)) || !yesNoType.getValue()) {
                        return resolveAttemptedPublicKeyIdentity;
                    }
                }
                SshAgentKeyConstraint[] sshAgentKeyConstraintArr = this.constraints;
                if ((publicKey instanceof SecurityKeyPublicKey) && !StringUtils.isEmptyOrNull(this.skProvider)) {
                    sshAgentKeyConstraintArr = (SshAgentKeyConstraint[]) Arrays.copyOf(sshAgentKeyConstraintArr, sshAgentKeyConstraintArr.length + 1);
                    sshAgentKeyConstraintArr[sshAgentKeyConstraintArr.length - 1] = new SshAgentKeyConstraint.FidoProviderExtension(this.skProvider);
                }
                this.agent.addIdentity(keyIdentity, null, sshAgentKeyConstraintArr);
            } catch (IOException e) {
                this.log.error(MessageFormat.format(SshdText.get().pubkeyAuthAddKeyToAgentError, keyType, fingerPrint), (Throwable) e);
            }
        }
        return resolveAttemptedPublicKeyIdentity;
    }

    private boolean agentHasKey(PublicKey publicKey) throws IOException {
        Iterable<? extends Map.Entry<PublicKey, String>> identities = this.agent.getIdentities();
        if (identities == null) {
            return false;
        }
        Iterator<? extends Map.Entry<PublicKey, String>> it = identities.iterator();
        while (it.hasNext()) {
            if (KeyUtils.compareKeys(it.next().getKey(), publicKey)) {
                return true;
            }
        }
        return false;
    }

    private URIish getUri() {
        String str;
        str = "ssh://";
        String username = this.hostConfig.getUsername();
        String str2 = (StringUtils.isEmptyOrNull(username) ? "ssh://" : str + username + "@") + this.hostConfig.getHost();
        int port = this.hostConfig.getPort();
        if (port > 0 && port != 22) {
            str2 = str2 + ":" + port;
        }
        try {
            return new URIish(str2);
        } catch (URISyntaxException e) {
            this.log.error(e.getLocalizedMessage(), (Throwable) e);
            return new URIish();
        }
    }

    private SshAgent getAgent(ClientSession clientSession) throws Exception {
        FactoryManager factoryManager = (FactoryManager) Objects.requireNonNull(clientSession.getFactoryManager(), "No session factory manager");
        SshAgentFactory agentFactory = factoryManager.getAgentFactory();
        if (agentFactory == null) {
            return null;
        }
        return agentFactory.createClient(clientSession, factoryManager);
    }

    private void parseAddKeys(HostConfigEntry hostConfigEntry) {
        int timeSpec;
        String property = hostConfigEntry.getProperty(SshConstants.ADD_KEYS_TO_AGENT);
        if (StringUtils.isEmptyOrNull(property)) {
            this.addKeysToAgent = false;
            return;
        }
        String[] split = property.split(",");
        ArrayList arrayList = new ArrayList(2);
        String str = split[0];
        boolean z = -1;
        switch (str.hashCode()) {
            case 3521:
                if (str.equals(SshConstants.NO)) {
                    z = true;
                    break;
                }
                break;
            case 96889:
                if (str.equals("ask")) {
                    z = 2;
                    break;
                }
                break;
            case 119527:
                if (str.equals("yes")) {
                    z = false;
                    break;
                }
                break;
            case 951117504:
                if (str.equals("confirm")) {
                    z = 3;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                this.addKeysToAgent = true;
                break;
            case true:
                this.addKeysToAgent = false;
                break;
            case true:
                this.addKeysToAgent = true;
                this.askBeforeAdding = true;
                break;
            case true:
                this.addKeysToAgent = true;
                arrayList.add(SshAgentKeyConstraint.CONFIRM);
                if (split.length > 1 && (timeSpec = OpenSshConfigFile.timeSpec(split[1])) > 0) {
                    arrayList.add(new SshAgentKeyConstraint.LifeTime(timeSpec));
                    break;
                }
                break;
            default:
                int timeSpec2 = OpenSshConfigFile.timeSpec(split[0]);
                if (timeSpec2 > 0) {
                    this.addKeysToAgent = true;
                    arrayList.add(new SshAgentKeyConstraint.LifeTime(timeSpec2));
                    break;
                }
                break;
        }
        this.constraints = (SshAgentKeyConstraint[]) arrayList.toArray(new SshAgentKeyConstraint[0]);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.sshd.client.auth.pubkey.UserAuthPublicKey
    public void releaseKeys() throws IOException {
        this.addKeysToAgent = false;
        this.askBeforeAdding = false;
        this.skProvider = null;
        this.constraints = null;
        try {
            if (this.agent != null) {
                try {
                    this.agent.close();
                    this.agent = null;
                } catch (Throwable th) {
                    this.agent = null;
                    throw th;
                }
            }
        } finally {
            super.releaseKeys();
        }
    }
}
