package org.eclipse.jgit.internal.transport.sshd;

import java.io.IOException;
import java.net.URISyntaxException;
import java.nio.file.Files;
import java.nio.file.InvalidPathException;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.PublicKey;
import java.text.MessageFormat;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.Objects;
import java.util.function.Function;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import org.apache.sshd.agent.SshAgent;
import org.apache.sshd.agent.SshAgentFactory;
import org.apache.sshd.agent.SshAgentKeyConstraint;
import org.apache.sshd.client.auth.keyboard.UserInteraction;
import org.apache.sshd.client.auth.pubkey.KeyAgentIdentity;
import org.apache.sshd.client.auth.pubkey.PublicKeyIdentity;
import org.apache.sshd.client.auth.pubkey.UserAuthPublicKey;
import org.apache.sshd.client.auth.pubkey.UserAuthPublicKeyIterator;
import org.apache.sshd.client.config.hosts.HostConfigEntry;
import org.apache.sshd.client.session.ClientSession;
import org.apache.sshd.common.FactoryManager;
import org.apache.sshd.common.NamedFactory;
import org.apache.sshd.common.config.keys.AuthorizedKeyEntry;
import org.apache.sshd.common.config.keys.KeyUtils;
import org.apache.sshd.common.config.keys.PublicKeyEntry;
import org.apache.sshd.common.config.keys.PublicKeyEntryResolver;
import org.apache.sshd.common.config.keys.u2f.SecurityKeyPublicKey;
import org.apache.sshd.common.signature.Signature;
import org.apache.sshd.common.signature.SignatureFactoriesManager;
import org.eclipse.jgit.internal.transport.sshd.JGitPublicKeyAuthentication;
import org.eclipse.jgit.transport.CredentialItem;
import org.eclipse.jgit.transport.CredentialsProvider;
import org.eclipse.jgit.transport.SshConstants;
import org.eclipse.jgit.transport.URIish;
import org.eclipse.jgit.util.StringUtils;

/* loaded from: classes11.dex */
public class JGitPublicKeyAuthentication extends UserAuthPublicKey {
    private boolean addKeysToAgent;
    private SshAgent agent;
    private boolean askBeforeAdding;
    private SshAgentKeyConstraint[] constraints;
    private HostConfigEntry hostConfig;
    private String skProvider;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes11.dex */
    public class KeyIterator extends UserAuthPublicKeyIterator {
        private Iterable<? extends Map.Entry<PublicKey, String>> agentKeys;
        private Collection<PublicKey> identityFiles;

        /* renamed from: org.eclipse.jgit.internal.transport.sshd.JGitPublicKeyAuthentication$KeyIterator$1, reason: invalid class name */
        /* loaded from: classes11.dex */
        class AnonymousClass1 implements Iterator<KeyAgentIdentity> {
            private final Iterator<? extends Map.Entry<PublicKey, String>> iter;
            private Map.Entry<PublicKey, String> next;

            AnonymousClass1() {
                this.iter = KeyIterator.this.agentKeys.iterator();
            }

            @Override // java.util.Iterator
            /* renamed from: hasNext */
            public boolean getHasNext() {
                while (this.next == null && this.iter.getHasNext()) {
                    Map.Entry<PublicKey, String> next = this.iter.next();
                    final PublicKey key = next.getKey();
                    if (KeyIterator.this.identityFiles == null || KeyIterator.this.identityFiles.stream().anyMatch(new Predicate() { // from class: org.eclipse.jgit.internal.transport.sshd.JGitPublicKeyAuthentication$KeyIterator$1$$ExternalSyntheticLambda0
                        @Override // java.util.function.Predicate
                        public final boolean test(Object obj) {
                            boolean compareKeys;
                            compareKeys = KeyUtils.compareKeys((PublicKey) obj, PublicKey.this);
                            return compareKeys;
                        }
                    })) {
                        this.next = next;
                        return true;
                    }
                    if (JGitPublicKeyAuthentication.this.log.isTraceEnabled()) {
                        JGitPublicKeyAuthentication.this.log.trace("Ignoring SSH agent {} key not in explicit IdentityFile in SSH config: {}", KeyUtils.getKeyType(key), KeyUtils.getFingerPrint(key));
                    }
                }
                return this.next != null;
            }

            @Override // java.util.Iterator
            public KeyAgentIdentity next() {
                if (!getHasNext()) {
                    throw new NoSuchElementException();
                }
                KeyAgentIdentity keyAgentIdentity = new KeyAgentIdentity(JGitPublicKeyAuthentication.this.agent, this.next.getKey(), this.next.getValue());
                this.next = null;
                return keyAgentIdentity;
            }
        }

        public KeyIterator(ClientSession clientSession, SignatureFactoriesManager signatureFactoriesManager) throws Exception {
            super(clientSession, signatureFactoriesManager);
        }

        private List<PublicKey> getExplicitKeys(Collection<String> collection) {
            if (collection == null) {
                return null;
            }
            return (List) collection.stream().map(new Function() { // from class: org.eclipse.jgit.internal.transport.sshd.JGitPublicKeyAuthentication$KeyIterator$$ExternalSyntheticLambda0
                @Override // java.util.function.Function
                public final Object apply(Object obj) {
                    return JGitPublicKeyAuthentication.KeyIterator.this.m11268x50b49a4d((String) obj);
                }
            }).filter(new Predicate() { // from class: org.eclipse.jgit.internal.transport.sshd.JGitPublicKeyAuthentication$KeyIterator$$ExternalSyntheticLambda1
                @Override // java.util.function.Predicate
                public final boolean test(Object obj) {
                    return Objects.nonNull((PublicKey) obj);
                }
            }).collect(Collectors.toList());
        }

        @Override // org.apache.sshd.client.auth.pubkey.UserAuthPublicKeyIterator
        protected Iterable<KeyAgentIdentity> initializeAgentIdentities(ClientSession clientSession) throws IOException {
            if (JGitPublicKeyAuthentication.this.agent == null) {
                return null;
            }
            this.agentKeys = JGitPublicKeyAuthentication.this.agent.getIdentities();
            if (JGitPublicKeyAuthentication.this.hostConfig != null && JGitPublicKeyAuthentication.this.hostConfig.isIdentitiesOnly()) {
                this.identityFiles = getExplicitKeys(JGitPublicKeyAuthentication.this.hostConfig.getIdentities());
            }
            return new Iterable() { // from class: org.eclipse.jgit.internal.transport.sshd.JGitPublicKeyAuthentication$KeyIterator$$ExternalSyntheticLambda2
                @Override // java.lang.Iterable
                public final Iterator iterator() {
                    return JGitPublicKeyAuthentication.KeyIterator.this.m11269xae176e8b();
                }
            };
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        /* renamed from: lambda$0$org-eclipse-jgit-internal-transport-sshd-JGitPublicKeyAuthentication$KeyIterator, reason: not valid java name */
        public /* synthetic */ PublicKey m11268x50b49a4d(String str) {
            try {
                Path path = Paths.get(String.valueOf(str) + PublicKeyEntry.PUBKEY_FILE_SUFFIX, new String[0]);
                if (Files.isRegularFile(path, LinkOption.NOFOLLOW_LINKS)) {
                    return AuthorizedKeyEntry.readAuthorizedKeys(path, new OpenOption[0]).get(0).resolvePublicKey(null, PublicKeyEntryResolver.IGNORING);
                }
            } catch (IOException | InvalidPathException | GeneralSecurityException e) {
                JGitPublicKeyAuthentication.this.log.warn(MessageFormat.format(SshdText.get().cannotReadPublicKey, str), e);
            }
            return null;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        /* renamed from: lambda$2$org-eclipse-jgit-internal-transport-sshd-JGitPublicKeyAuthentication$KeyIterator, reason: not valid java name */
        public /* synthetic */ Iterator m11269xae176e8b() {
            return new AnonymousClass1();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public JGitPublicKeyAuthentication(List<NamedFactory<Signature>> list) {
        super(list);
    }

    private boolean agentHasKey(PublicKey publicKey) throws IOException {
        Iterable<? extends Map.Entry<PublicKey, String>> identities = this.agent.getIdentities();
        if (identities == null) {
            return false;
        }
        Iterator<? extends Map.Entry<PublicKey, String>> it2 = identities.iterator();
        while (it2.getHasNext()) {
            if (KeyUtils.compareKeys(it2.next().getKey(), publicKey)) {
                return true;
            }
        }
        return false;
    }

    private SshAgent getAgent(ClientSession clientSession) throws Exception {
        FactoryManager factoryManager = (FactoryManager) Objects.requireNonNull(clientSession.getFactoryManager(), "No session factory manager");
        SshAgentFactory agentFactory = factoryManager.getAgentFactory();
        if (agentFactory == null) {
            return null;
        }
        return agentFactory.createClient(clientSession, factoryManager);
    }

    private URIish getUri() {
        String username = this.hostConfig.getUsername();
        String str = "ssh://";
        if (!StringUtils.isEmptyOrNull(username)) {
            str = "ssh://" + username + '@';
        }
        String str2 = String.valueOf(str) + this.hostConfig.getHost();
        int port = this.hostConfig.getPort();
        if (port > 0 && port != 22) {
            str2 = String.valueOf(str2) + UserInteraction.DEFAULT_CHECK_INTERACTIVE_PASSWORD_DELIM + port;
        }
        try {
            return new URIish(str2);
        } catch (URISyntaxException e) {
            this.log.error(e.getLocalizedMessage(), (Throwable) e);
            return new URIish();
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:25:0x0085  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void parseAddKeys(org.apache.sshd.client.config.hosts.HostConfigEntry r7) {
        /*
            r6 = this;
            java.lang.String r0 = "AddKeysToAgent"
            java.lang.String r7 = r7.getProperty(r0)
            boolean r0 = org.eclipse.jgit.util.StringUtils.isEmptyOrNull(r7)
            r1 = 0
            if (r0 == 0) goto L10
            r6.addKeysToAgent = r1
            return
        L10:
            java.lang.String r0 = ","
            java.lang.String[] r7 = r7.split(r0)
            java.util.ArrayList r0 = new java.util.ArrayList
            r2 = 2
            r0.<init>(r2)
            r2 = r7[r1]
            int r3 = r2.hashCode()
            r4 = 3521(0xdc1, float:4.934E-42)
            r5 = 1
            if (r3 == r4) goto L75
            r4 = 96889(0x17a79, float:1.3577E-40)
            if (r3 == r4) goto L67
            r4 = 119527(0x1d2e7, float:1.67493E-40)
            if (r3 == r4) goto L5b
            r4 = 951117504(0x38b0e6c0, float:8.4353145E-5)
            if (r3 == r4) goto L37
            goto L7d
        L37:
            java.lang.String r3 = "confirm"
            boolean r2 = r2.equals(r3)
            if (r2 != 0) goto L40
            goto L7d
        L40:
            r6.addKeysToAgent = r5
            org.apache.sshd.agent.SshAgentKeyConstraint r2 = org.apache.sshd.agent.SshAgentKeyConstraint.CONFIRM
            r0.mo1924add(r2)
            int r2 = r7.length
            if (r2 <= r5) goto L92
            r7 = r7[r5]
            int r7 = org.eclipse.jgit.internal.transport.ssh.OpenSshConfigFile.timeSpec(r7)
            if (r7 <= 0) goto L92
            org.apache.sshd.agent.SshAgentKeyConstraint$LifeTime r2 = new org.apache.sshd.agent.SshAgentKeyConstraint$LifeTime
            r2.<init>(r7)
            r0.mo1924add(r2)
            goto L92
        L5b:
            java.lang.String r3 = "yes"
            boolean r2 = r2.equals(r3)
            if (r2 != 0) goto L64
            goto L7d
        L64:
            r6.addKeysToAgent = r5
            goto L92
        L67:
            java.lang.String r3 = "ask"
            boolean r2 = r2.equals(r3)
            if (r2 != 0) goto L70
            goto L7d
        L70:
            r6.addKeysToAgent = r5
            r6.askBeforeAdding = r5
            goto L92
        L75:
            java.lang.String r3 = "no"
            boolean r2 = r2.equals(r3)
            if (r2 != 0) goto L90
        L7d:
            r7 = r7[r1]
            int r7 = org.eclipse.jgit.internal.transport.ssh.OpenSshConfigFile.timeSpec(r7)
            if (r7 <= 0) goto L92
            r6.addKeysToAgent = r5
            org.apache.sshd.agent.SshAgentKeyConstraint$LifeTime r2 = new org.apache.sshd.agent.SshAgentKeyConstraint$LifeTime
            r2.<init>(r7)
            r0.mo1924add(r2)
            goto L92
        L90:
            r6.addKeysToAgent = r1
        L92:
            org.apache.sshd.agent.SshAgentKeyConstraint[] r7 = new org.apache.sshd.agent.SshAgentKeyConstraint[r1]
            java.lang.Object[] r7 = r0.toArray(r7)
            org.apache.sshd.agent.SshAgentKeyConstraint[] r7 = (org.apache.sshd.agent.SshAgentKeyConstraint[]) r7
            r6.constraints = r7
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: org.eclipse.jgit.internal.transport.sshd.JGitPublicKeyAuthentication.parseAddKeys(org.apache.sshd.client.config.hosts.HostConfigEntry):void");
    }

    @Override // org.apache.sshd.client.auth.pubkey.UserAuthPublicKey
    protected Iterator<PublicKeyIdentity> createPublicKeyIterator(ClientSession clientSession, SignatureFactoriesManager signatureFactoriesManager) throws Exception {
        SshAgent agent = getAgent(clientSession);
        this.agent = agent;
        if (agent != null) {
            parseAddKeys(this.hostConfig);
            if (this.addKeysToAgent) {
                this.skProvider = this.hostConfig.getProperty(SshConstants.SECURITY_KEY_PROVIDER);
            }
        }
        return new KeyIterator(clientSession, signatureFactoriesManager);
    }

    @Override // org.apache.sshd.client.auth.pubkey.UserAuthPublicKey, org.apache.sshd.client.auth.AbstractUserAuth, org.apache.sshd.client.auth.UserAuth
    public void init(ClientSession clientSession, String str) throws Exception {
        if (!(clientSession instanceof JGitClientSession)) {
            throw new IllegalStateException("Wrong session type: " + clientSession.getClass().getCanonicalName());
        }
        JGitClientSession jGitClientSession = (JGitClientSession) clientSession;
        HostConfigEntry hostConfigEntry = jGitClientSession.getHostConfigEntry();
        this.hostConfig = hostConfigEntry;
        String property = hostConfigEntry.getProperty(SshConstants.PUBKEY_ACCEPTED_ALGORITHMS);
        if (!StringUtils.isEmptyOrNull(property)) {
            List<String> modifyAlgorithmList = jGitClientSession.modifyAlgorithmList(jGitClientSession.getSignatureFactoriesNames(), jGitClientSession.getAllAvailableSignatureAlgorithms(), property, SshConstants.PUBKEY_ACCEPTED_ALGORITHMS);
            if (!modifyAlgorithmList.isEmpty()) {
                if (this.log.isDebugEnabled()) {
                    this.log.debug("PubkeyAcceptedAlgorithms " + modifyAlgorithmList);
                }
                setSignatureFactoriesNames(modifyAlgorithmList);
                super.init(jGitClientSession, str);
                return;
            }
            this.log.warn(MessageFormat.format(SshdText.get().configNoKnownAlgorithms, SshConstants.PUBKEY_ACCEPTED_ALGORITHMS, property));
        }
        List<NamedFactory<Signature>> signatureFactories = getSignatureFactories();
        if (signatureFactories == null || signatureFactories.isEmpty()) {
            setSignatureFactoriesNames(jGitClientSession.getSignatureFactoriesNames());
        }
        super.init(jGitClientSession, str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.sshd.client.auth.pubkey.UserAuthPublicKey
    public void releaseKeys() throws IOException {
        this.addKeysToAgent = false;
        this.askBeforeAdding = false;
        this.skProvider = null;
        this.constraints = null;
        try {
            SshAgent sshAgent = this.agent;
            if (sshAgent != null) {
                try {
                    sshAgent.m11185lambda$0$orgeclipsejgitinternalstoragefileGC$PidLock();
                    this.agent = null;
                } catch (Throwable th) {
                    this.agent = null;
                    throw th;
                }
            }
        } finally {
            super.releaseKeys();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.sshd.client.auth.pubkey.UserAuthPublicKey
    public PublicKeyIdentity resolveAttemptedPublicKeyIdentity(ClientSession clientSession, String str) throws Exception {
        KeyPair keyIdentity;
        PublicKeyIdentity resolveAttemptedPublicKeyIdentity = super.resolveAttemptedPublicKeyIdentity(clientSession, str);
        if (this.addKeysToAgent && resolveAttemptedPublicKeyIdentity != null && !(resolveAttemptedPublicKeyIdentity instanceof KeyAgentIdentity) && (keyIdentity = resolveAttemptedPublicKeyIdentity.getKeyIdentity()) != null && keyIdentity.getPublic() != null && keyIdentity.getPrivate() != null) {
            PublicKey publicKey = keyIdentity.getPublic();
            String fingerPrint = KeyUtils.getFingerPrint(publicKey);
            String keyType = KeyUtils.getKeyType(keyIdentity);
            try {
                if (agentHasKey(publicKey)) {
                    return resolveAttemptedPublicKeyIdentity;
                }
                if (this.askBeforeAdding && (clientSession instanceof JGitClientSession)) {
                    CredentialsProvider credentialsProvider = ((JGitClientSession) clientSession).getCredentialsProvider();
                    CredentialItem.YesNoType yesNoType = new CredentialItem.YesNoType(MessageFormat.format(SshdText.get().pubkeyAuthAddKeyToAgentQuestion, keyType, fingerPrint));
                    boolean z = false;
                    if (credentialsProvider != null && credentialsProvider.supports(yesNoType) && credentialsProvider.get(getUri(), yesNoType)) {
                        z = true;
                    }
                    if (!z || !yesNoType.getValue()) {
                        return resolveAttemptedPublicKeyIdentity;
                    }
                }
                SshAgentKeyConstraint[] sshAgentKeyConstraintArr = this.constraints;
                if ((publicKey instanceof SecurityKeyPublicKey) && !StringUtils.isEmptyOrNull(this.skProvider)) {
                    sshAgentKeyConstraintArr = (SshAgentKeyConstraint[]) Arrays.copyOf(sshAgentKeyConstraintArr, sshAgentKeyConstraintArr.length + 1);
                    sshAgentKeyConstraintArr[sshAgentKeyConstraintArr.length - 1] = new SshAgentKeyConstraint.FidoProviderExtension(this.skProvider);
                }
                this.agent.addIdentity(keyIdentity, null, sshAgentKeyConstraintArr);
            } catch (IOException e) {
                this.log.error(MessageFormat.format(SshdText.get().pubkeyAuthAddKeyToAgentError, keyType, fingerPrint), (Throwable) e);
            }
        }
        return resolveAttemptedPublicKeyIdentity;
    }
}
