package com.sshtools.mobile.agent;

import com.hypersocket.json.JsonClient;
import com.hypersocket.json.JsonPrivateKey;
import com.hypersocket.json.JsonPrivateKeyList;
import com.hypersocket.json.JsonResourceStatus;
import com.hypersocket.json.JsonStatusException;
import com.hypersocket.json.RequestParameter;
import com.maverick.agent.ForwardingNotice;
import com.maverick.agent.KeyConstraints;
import com.maverick.agent.KeyStore;
import com.maverick.agent.exceptions.KeyTimeoutException;
import com.maverick.ssh.SshException;
import com.maverick.ssh.SshKeyUtils;
import com.maverick.ssh.components.SshKeyPair;
import com.maverick.ssh.components.SshPrivateKey;
import com.maverick.ssh.components.SshPublicKey;
import com.sshtools.publickey.SshPublicKeyFile;
import com.sshtools.publickey.SshPublicKeyFileFactory;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.commons.io.IOUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/sshtools/mobile/agent/MobileDeviceKeystore.class */
public class MobileDeviceKeystore implements KeyStore {
    static Logger log = LoggerFactory.getLogger(MobileDeviceKeystore.class);
    JsonClient client;
    String username;
    String authorization;
    String remoteName;
    MobileDeviceKeystoreListener listener;
    Set<SshPublicKey> temporaryKeys = new HashSet();
    Map<SshPublicKey, SshPrivateKey> tempoaryPrivateKeys = new HashMap();
    Map<SshPublicKey, String> tempoaryKeyDescriptions = new HashMap();
    Map<SshPublicKey, KeyConstraints> tempoaryKeyConstraints = new HashMap();

    public MobileDeviceKeystore(String str, int i, boolean z, String str2, String str3, String str4) throws IOException {
        this.username = str2;
        this.authorization = str4;
        this.remoteName = str3;
        this.client = new JsonClient(str, i, !z);
        getPublicKeys();
    }

    public void setListener(MobileDeviceKeystoreListener mobileDeviceKeystoreListener) {
        this.listener = mobileDeviceKeystoreListener;
    }

    public Map<SshPublicKey, String> getPublicKeys() {
        Map<SshPublicKey, String> deviceKeys = getDeviceKeys();
        deviceKeys.putAll(this.tempoaryKeyDescriptions);
        return deviceKeys;
    }

    public Map<SshPublicKey, String> getLocalKeys() {
        return Collections.unmodifiableMap(this.tempoaryKeyDescriptions);
    }

    public Map<SshPublicKey, String> getDeviceKeys() {
        HashMap hashMap = new HashMap();
        try {
            InputStream inputStream = IOUtils.toInputStream(this.client.doPost("/authorizedKeys/" + this.username, new RequestParameter[]{new RequestParameter("token", this.authorization)}), "UTF-8");
            Throwable th = null;
            try {
                try {
                    BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
                    while (true) {
                        String readLine = bufferedReader.readLine();
                        if (readLine == null) {
                            break;
                        }
                        SshPublicKeyFile parse = SshPublicKeyFileFactory.parse(readLine.getBytes("UTF-8"));
                        hashMap.put(parse.toPublicKey(), parse.getComment());
                    }
                    if (inputStream != null) {
                        if (0 != 0) {
                            try {
                                inputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            inputStream.close();
                        }
                    }
                    return hashMap;
                } finally {
                }
            } catch (Throwable th3) {
                if (inputStream != null) {
                    if (th != null) {
                        try {
                            inputStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        inputStream.close();
                    }
                }
                throw th3;
            }
        } catch (IOException e) {
            log.error("Failed to list authorized keys", e);
            throw new IllegalStateException(e.getMessage(), e);
        } catch (JsonStatusException e2) {
            if (e2.getStatusCode() == 403) {
                throw new IllegalStateException("This device has not been authorized to access the users account.");
            }
            throw new IllegalStateException(e2.getMessage(), e2);
        }
    }

    public List<JsonConnection> getConnections() {
        try {
            JsonConnectionList jsonConnectionList = (JsonConnectionList) this.client.doPost("api/serverConnections/myServerConnections", JsonConnectionList.class, new RequestParameter[]{new RequestParameter("username", this.username), new RequestParameter("token", this.authorization)});
            if (!jsonConnectionList.isSuccess()) {
                throw new IllegalStateException(jsonConnectionList.getError());
            }
            ArrayList arrayList = new ArrayList();
            arrayList.addAll(Arrays.asList(jsonConnectionList.getResources()));
            return arrayList;
        } catch (JsonStatusException e) {
            if (e.getStatusCode() == 403) {
                throw new IllegalStateException("This device has not been authorized to access the users account.");
            }
            throw new IllegalStateException(e.getMessage(), e);
        } catch (IOException e2) {
            log.error("Failed to list connections", e2);
            throw new IllegalStateException(e2.getMessage(), e2);
        }
    }

    public KeyConstraints getKeyConstraints(SshPublicKey sshPublicKey) {
        return this.temporaryKeys.contains(sshPublicKey) ? this.tempoaryKeyConstraints.get(sshPublicKey) : new KeyConstraints();
    }

    public int size() {
        return getPublicKeys().size();
    }

    public boolean addKey(SshPrivateKey sshPrivateKey, SshPublicKey sshPublicKey, String str, KeyConstraints keyConstraints) {
        try {
            if (getDeviceKeys().containsKey(sshPublicKey)) {
                log.error(String.format("The key %s is already installed as a device key", sshPublicKey.getFingerprint()));
                return false;
            }
            if (this.listener != null) {
                return this.listener.addKey(sshPrivateKey, sshPublicKey, str, keyConstraints);
            }
            return false;
        } catch (IOException | SshException e) {
            log.error("Failed to process addKey", e);
            return false;
        }
    }

    public boolean addKey(SshKeyPair sshKeyPair, String str, KeyConstraints keyConstraints) {
        try {
            if (getDeviceKeys().containsKey(sshKeyPair.getPublicKey())) {
                log.error(String.format("The key %s is already installed as a device key", sshKeyPair.getPublicKey().getFingerprint()));
                return false;
            }
            if (this.listener != null) {
                return this.listener.addKey(sshKeyPair.getPrivateKey(), sshKeyPair.getPublicKey(), str, keyConstraints);
            }
            return false;
        } catch (IOException | SshException e) {
            log.error("Failed to process addKey", e);
            return false;
        }
    }

    public void addTemporaryKey(SshKeyPair sshKeyPair, String str, KeyConstraints keyConstraints) throws IOException {
        if (this.temporaryKeys.contains(sshKeyPair.getPublicKey())) {
            throw new IOException("Public key already in keystore");
        }
        this.temporaryKeys.add(sshKeyPair.getPublicKey());
        this.tempoaryKeyDescriptions.put(sshKeyPair.getPublicKey(), str);
        this.tempoaryPrivateKeys.put(sshKeyPair.getPublicKey(), sshKeyPair.getPrivateKey());
        this.tempoaryKeyConstraints.put(sshKeyPair.getPublicKey(), keyConstraints);
        if (this.listener != null) {
            this.listener.onKeysChanged();
        }
    }

    public void removeTemporaryKey(SshPublicKey sshPublicKey) {
        this.temporaryKeys.remove(sshPublicKey);
        this.tempoaryKeyDescriptions.remove(sshPublicKey);
        this.tempoaryPrivateKeys.remove(sshPublicKey);
        this.tempoaryKeyConstraints.remove(sshPublicKey);
        if (this.listener != null) {
            this.listener.onKeysChanged();
        }
    }

    public boolean deleteAllKeys() {
        if (this.listener != null) {
            return this.listener.deleteAllKeys();
        }
        return false;
    }

    public byte[] performHashAndSign(SshPublicKey sshPublicKey, List<ForwardingNotice> list, byte[] bArr) throws KeyTimeoutException, SshException {
        KeyConstraints keyConstraints = getKeyConstraints(sshPublicKey);
        if (!keyConstraints.canUse()) {
            throw new SshException("Key cannot be used", 13);
        }
        if (keyConstraints.hasTimedOut()) {
            throw new KeyTimeoutException();
        }
        if (keyConstraints.requiresUserVerification()) {
        }
        keyConstraints.use();
        if (!this.temporaryKeys.contains(sshPublicKey)) {
            return performDeviceHashAndSign(sshPublicKey, list, bArr);
        }
        try {
            return this.tempoaryPrivateKeys.get(sshPublicKey).sign(bArr);
        } catch (IOException e) {
            throw new SshException(e, 13);
        }
    }

    public byte[] performDeviceHashAndSign(SshPublicKey sshPublicKey, List<ForwardingNotice> list, byte[] bArr) throws KeyTimeoutException, SshException {
        String encodeToString = Base64.getUrlEncoder().encodeToString(bArr);
        if (log.isInfoEnabled()) {
            log.info(String.format("Performing sign operation for %s with payload %s", sshPublicKey.getFingerprint(), encodeToString));
        }
        try {
            JsonSignRequestStatus jsonSignRequestStatus = (JsonSignRequestStatus) this.client.doPost("api/agent/signPayload", JsonSignRequestStatus.class, new RequestParameter[]{new RequestParameter("username", this.username), new RequestParameter("token", this.authorization), new RequestParameter("fingerprint", sshPublicKey.getFingerprint()), new RequestParameter("remoteName", this.remoteName), new RequestParameter("payload", encodeToString)});
            if (log.isInfoEnabled()) {
                log.info("Received response from {}", sshPublicKey.getFingerprint());
            }
            if (jsonSignRequestStatus.isSuccess()) {
                if (log.isInfoEnabled()) {
                    log.info(String.format("Received sign operation for %s with response %s", sshPublicKey.getFingerprint(), jsonSignRequestStatus.getSignature()));
                }
                return Base64.getUrlDecoder().decode(jsonSignRequestStatus.getSignature());
            }
            if (log.isInfoEnabled()) {
                log.info("Received  failed response from {}", sshPublicKey.getFingerprint());
            }
            throw new SshException("Remote response returned unknown failure", 13);
        } catch (IOException | JsonStatusException e) {
            System.err.println(e.getMessage());
            throw new SshException(e);
        }
    }

    public boolean deleteKey(SshPublicKey sshPublicKey) throws IOException {
        if (this.listener != null) {
            return this.listener.deleteKey(sshPublicKey);
        }
        return false;
    }

    public boolean lock(String str) throws IOException {
        return false;
    }

    public boolean unlock(String str) throws IOException {
        return false;
    }

    public boolean isLocked() {
        return false;
    }

    public JsonClient getLoggedOnClient(PasswordPrompt passwordPrompt, int i) throws IOException, JsonStatusException {
        if (this.client.isLoggedOn()) {
            return this.client;
        }
        IOException iOException = null;
        while (true) {
            IOException iOException2 = iOException;
            if (i <= 0) {
                throw iOException2;
            }
            try {
                this.client.logon(this.username, passwordPrompt.getPassword(this.username));
                return this.client;
            } catch (IOException e) {
                iOException = e;
            }
        }
    }

    public void deleteTemporaryKeys() {
        this.temporaryKeys.clear();
        this.tempoaryKeyDescriptions.clear();
        this.tempoaryPrivateKeys.clear();
        this.tempoaryKeyConstraints.clear();
        if (this.listener != null) {
            this.listener.onKeysChanged();
        }
    }

    public void deleteDeviceKey(SshPublicKey sshPublicKey, PasswordPrompt passwordPrompt, int i) throws IOException, JsonStatusException {
        doDeleteDeviceKeys(passwordPrompt, i, sshPublicKey);
    }

    public void deleteDeviceKeys(PasswordPrompt passwordPrompt, int i) throws IOException, JsonStatusException {
        doDeleteDeviceKeys(passwordPrompt, i, (SshPublicKey[]) getDeviceKeys().keySet().toArray(new SshPublicKey[0]));
    }

    private void doDeleteDeviceKeys(PasswordPrompt passwordPrompt, int i, SshPublicKey... sshPublicKeyArr) throws IOException, JsonStatusException {
        IOException iOException = null;
        if (!this.client.isLoggedOn()) {
            while (i > 0) {
                try {
                    this.client.logon(this.username, passwordPrompt.getPassword(this.username));
                    break;
                } catch (IOException e) {
                    iOException = e;
                }
            }
        }
        if (!this.client.isLoggedOn()) {
            throw iOException;
        }
        JsonPrivateKeyList jsonPrivateKeyList = (JsonPrivateKeyList) this.client.doGet("api/userPrivateKeys/personal", JsonPrivateKeyList.class);
        if (!jsonPrivateKeyList.isSuccess()) {
            throw new IOException(jsonPrivateKeyList.getError());
        }
        HashMap hashMap = new HashMap();
        for (SshPublicKey sshPublicKey : sshPublicKeyArr) {
            JsonPrivateKey[] resources = jsonPrivateKeyList.getResources();
            int length = resources.length;
            int i2 = 0;
            while (true) {
                if (i2 < length) {
                    JsonPrivateKey jsonPrivateKey = resources[i2];
                    if (jsonPrivateKey.getFingerprint().equals(SshKeyUtils.getFingerprint(sshPublicKey))) {
                        hashMap.put(sshPublicKey, jsonPrivateKey.getId());
                        break;
                    }
                    i2++;
                }
            }
        }
        Iterator it = hashMap.entrySet().iterator();
        while (it.hasNext()) {
            try {
                this.client.doDelete("api/userPrivateKeys/key/" + ((Long) ((Map.Entry) it.next()).getValue()).toString() + "?fromDevice=false", JsonResourceStatus.class);
            } catch (JsonStatusException e2) {
                if (e2.getStatusCode() != 404) {
                    throw e2;
                }
            }
        }
        if (this.listener != null) {
            this.listener.onKeysChanged();
        }
    }

    public boolean isDeviceKey(SshPublicKey sshPublicKey) {
        return getDeviceKeys().containsKey(sshPublicKey);
    }

    public String getKeyName(SshPublicKey sshPublicKey) {
        Map<SshPublicKey, String> localKeys = getLocalKeys();
        if (localKeys.containsKey(sshPublicKey)) {
            return localKeys.get(sshPublicKey);
        }
        Map<SshPublicKey, String> deviceKeys = getDeviceKeys();
        if (deviceKeys.containsKey(sshPublicKey)) {
            return deviceKeys.get(sshPublicKey);
        }
        throw new IllegalStateException(String.format("No key name for ", SshKeyUtils.getFingerprint(sshPublicKey)));
    }
}
