package com.sshtools.client;

import com.sshtools.common.logger.Log;
import com.sshtools.common.policy.SignaturePolicy;
import com.sshtools.common.publickey.SignatureGenerator;
import com.sshtools.common.publickey.SshKeyUtils;
import com.sshtools.common.publickey.SshPrivateKeyFile;
import com.sshtools.common.ssh.SshException;
import com.sshtools.common.ssh.components.SshCertificate;
import com.sshtools.common.ssh.components.SshKeyPair;
import com.sshtools.common.ssh.components.SshPrivateKey;
import com.sshtools.common.ssh.components.SshPublicKey;
import com.sshtools.common.ssh.components.SshRsaPublicKey;
import com.sshtools.common.ssh.components.jce.Ssh2RsaPublicKeySHA256;
import com.sshtools.common.ssh.components.jce.Ssh2RsaPublicKeySHA512;
import com.sshtools.common.util.ByteArrayReader;
import com.sshtools.common.util.ByteArrayWriter;
import com.sshtools.common.util.Utils;
import com.sshtools.synergy.ssh.Connection;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Objects;

/* loaded from: input_file:com/sshtools/client/PublicKeyAuthenticator.class */
public class PublicKeyAuthenticator extends SimpleClientAuthenticator implements ClientAuthenticator {
    public static final int SSH_MSG_USERAUTH_PK_OK = 60;
    TransportProtocolClient transport;
    String username;
    SignatureGenerator signatureGenerator;
    boolean isAuthenticating = false;
    List<SshKeyPair> keypairs = new ArrayList();
    SshKeyPair authenticatingPair = null;
    SshPrivateKeyFile authenticatingFile = null;

    public PublicKeyAuthenticator() {
    }

    public PublicKeyAuthenticator(SshKeyPair... sshKeyPairArr) {
        this.keypairs.addAll(Arrays.asList(sshKeyPairArr));
    }

    public void setKeyPair(SshKeyPair... sshKeyPairArr) {
        this.keypairs = new ArrayList();
        this.keypairs.addAll(Arrays.asList(sshKeyPairArr));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addKeyPair(SshKeyPair sshKeyPair) {
        this.keypairs.add(sshKeyPair);
    }

    public void authenticate(TransportProtocolClient transportProtocolClient, String str) throws IOException, SshException {
        onStartAuthentication(transportProtocolClient.getConnection());
        this.transport = transportProtocolClient;
        this.username = str;
        doPublicKeyAuth();
    }

    protected void onStartAuthentication(Connection<SshClientContext> connection) {
    }

    void doPublicKeyAuth() throws SshException, IOException {
        try {
            final byte[] generateAuthenticationRequest = generateAuthenticationRequest(generateSignatureData());
            this.transport.postMessage(new AuthenticationMessage(this.username, "ssh-connection", "publickey") { // from class: com.sshtools.client.PublicKeyAuthenticator.1
                @Override // com.sshtools.client.AuthenticationMessage
                public boolean writeMessageIntoBuffer(ByteBuffer byteBuffer) {
                    super.writeMessageIntoBuffer(byteBuffer);
                    byteBuffer.put(generateAuthenticationRequest);
                    return true;
                }
            });
        } catch (SshException e) {
            Log.error("Public key operation failed", e, new Object[0]);
            failure();
        } catch (IOException e2) {
            Log.error("Public key operation failed", e2, new Object[0]);
            failure();
        }
    }

    byte[] generateSignatureData() throws IOException, SshException {
        if (Objects.isNull(this.authenticatingPair) && !this.keypairs.isEmpty()) {
            this.authenticatingPair = setupNextKey();
        }
        if (Objects.isNull(this.authenticatingPair)) {
            throw new IOException("No suitable key found");
        }
        ByteArrayWriter byteArrayWriter = new ByteArrayWriter();
        Throwable th = null;
        try {
            byteArrayWriter.writeBinaryString(this.transport.getSessionKey());
            byteArrayWriter.write(50);
            byteArrayWriter.writeString(this.username);
            byteArrayWriter.writeString("ssh-connection");
            byteArrayWriter.writeString("publickey");
            byteArrayWriter.writeBoolean(this.isAuthenticating);
            writePublicKey(byteArrayWriter, getPublicKey(this.authenticatingPair));
            byte[] byteArray = byteArrayWriter.toByteArray();
            if (byteArrayWriter != null) {
                if (0 != 0) {
                    try {
                        byteArrayWriter.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    byteArrayWriter.close();
                }
            }
            return byteArray;
        } catch (Throwable th3) {
            if (byteArrayWriter != null) {
                if (0 != 0) {
                    try {
                        byteArrayWriter.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    byteArrayWriter.close();
                }
            }
            throw th3;
        }
    }

    private SshKeyPair setupNextKey() throws IOException, SshException {
        Object obj;
        if (this.keypairs.isEmpty()) {
            return null;
        }
        do {
            SshKeyPair remove = this.keypairs.remove(0);
            SshRsaPublicKey publicKey = remove.getPublicKey();
            String signingAlgorithm = publicKey.getSigningAlgorithm();
            SignaturePolicy signaturePolicy = (SignaturePolicy) ((SshClientContext) this.transport.getContext()).getPolicy(SignaturePolicy.class);
            if (!signaturePolicy.getSupportedSignatures().isEmpty()) {
                if ((publicKey instanceof SshRsaPublicKey) && publicKey.getBitLength() >= 1024) {
                    if (signaturePolicy.getSupportedSignatures().contains("rsa-sha2-512")) {
                        obj = "rsa-sha2-512";
                        remove.setPublicKey(new Ssh2RsaPublicKeySHA512(publicKey));
                    } else if (signaturePolicy.getSupportedSignatures().contains("rsa-sha2-256")) {
                        obj = "rsa-sha2-256";
                        remove.setPublicKey(new Ssh2RsaPublicKeySHA256(publicKey));
                    } else {
                        Log.debug("Server does not support {} signature for key {}", new Object[]{publicKey.getSigningAlgorithm(), SshKeyUtils.getOpenSSHFormattedKey(publicKey)});
                    }
                    if (Log.isDebugEnabled()) {
                        Log.debug("Upgrading key {} to use {} signature", new Object[]{publicKey.getAlgorithm(), obj});
                    }
                } else if (!signaturePolicy.getSupportedSignatures().contains(signingAlgorithm)) {
                    Log.debug("Server does not support {} signature for key {}", new Object[]{publicKey.getSigningAlgorithm(), SshKeyUtils.getOpenSSHFormattedKey(publicKey)});
                }
            }
            if (Log.isDebugEnabled()) {
                Log.debug("Authenticating with {} signature and key {}", new Object[]{remove.getPublicKey().getSigningAlgorithm(), SshKeyUtils.getOpenSSHFormattedKey(publicKey)});
            }
            return remove;
        } while (!this.keypairs.isEmpty());
        return null;
    }

    private void writePublicKey(ByteArrayWriter byteArrayWriter, SshPublicKey sshPublicKey) throws IOException, SshException {
        byteArrayWriter.writeString(sshPublicKey.getAlgorithm());
        byteArrayWriter.writeBinaryString(sshPublicKey.getEncoded());
    }

    private SshPublicKey getPublicKey(SshKeyPair sshKeyPair) {
        return sshKeyPair instanceof SshCertificate ? ((SshCertificate) sshKeyPair).getCertificate() : sshKeyPair.getPublicKey();
    }

    byte[] generateAuthenticationRequest(byte[] bArr) throws IOException, SshException {
        ByteArrayWriter byteArrayWriter = new ByteArrayWriter();
        try {
            byteArrayWriter.writeBoolean(this.isAuthenticating);
            SshPublicKey publicKey = getPublicKey(this.authenticatingPair);
            if (!this.isAuthenticating && Log.isDebugEnabled()) {
                Log.debug("Verifying key {}", new Object[]{publicKey.getAlgorithm()});
                Log.debug(Utils.bytesToHex(publicKey.getEncoded(), 32, true, true), new Object[0]);
            }
            writePublicKey(byteArrayWriter, publicKey);
            if (this.isAuthenticating) {
                byte[] sign = sign(this.authenticatingPair.getPrivateKey(), publicKey.getSigningAlgorithm(), bArr);
                byteArrayWriter = new ByteArrayWriter();
                try {
                    byteArrayWriter.writeString(publicKey.getSigningAlgorithm());
                    byteArrayWriter.writeBinaryString(sign);
                    byteArrayWriter.writeBinaryString(byteArrayWriter.toByteArray());
                    byteArrayWriter.close();
                } finally {
                    byteArrayWriter.close();
                }
            }
            return byteArrayWriter.toByteArray();
        } catch (Throwable th) {
            byteArrayWriter.close();
            throw th;
        }
    }

    @Override // com.sshtools.client.SimpleClientAuthenticator, com.sshtools.client.ClientAuthenticator
    public boolean processMessage(ByteArrayReader byteArrayReader) throws IOException, SshException {
        switch (byteArrayReader.read()) {
            case 51:
                if (Log.isDebugEnabled()) {
                    Log.debug("Received SSH_MSG_USERAUTH_FAILURE", new Object[0]);
                }
                if (this.isAuthenticating) {
                    return false;
                }
                this.authenticatingPair = null;
                if (this.keypairs.isEmpty()) {
                    return false;
                }
                doPublicKeyAuth();
                return true;
            case 60:
                if (Log.isDebugEnabled()) {
                    Log.debug("Received SSH_MSG_USERAUTH_PK_OK", new Object[0]);
                }
                this.isAuthenticating = true;
                try {
                    doPublicKeyAuth();
                    return true;
                } catch (SshException | IOException e) {
                    Log.error("Public key operation failed", e, new Object[0]);
                    failure();
                    return true;
                }
            default:
                return false;
        }
    }

    public byte[] sign(SshPrivateKey sshPrivateKey, String str, byte[] bArr) throws SshException {
        try {
            return sshPrivateKey.sign(bArr, str);
        } catch (IOException e) {
            throw new SshException(e);
        }
    }

    @Override // com.sshtools.client.ClientAuthenticator
    public String getName() {
        return "publickey";
    }
}
