package net.schmizz.sshj.userauth.keyprovider;

import com.hierynomus.sshj.common.KeyDecryptionFailedException;
import java.io.IOException;
import java.security.KeyPair;
import net.schmizz.sshj.common.Factory;
import net.schmizz.sshj.common.IOUtils;
import net.schmizz.sshj.common.SecurityUtils;
import net.schmizz.sshj.userauth.keyprovider.pkcs.KeyPairConverter;
import net.schmizz.sshj.userauth.keyprovider.pkcs.PrivateKeyInfoKeyPairConverter;
import net.schmizz.sshj.userauth.password.PasswordUtils;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.openssl.EncryptionException;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
import org.bouncycastle.pkcs.PKCSException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:marathon-cli.zip:marathon-0.7.3/lib/sshj-0.33.0.jar:net/schmizz/sshj/userauth/keyprovider/PKCS8KeyFile.class */
public class PKCS8KeyFile extends BaseFileKeyProvider {
    protected final Logger log = LoggerFactory.getLogger(getClass());
    protected KeyPairConverter<PrivateKeyInfo> privateKeyInfoKeyPairConverter = new PrivateKeyInfoKeyPairConverter();

    /* loaded from: input_file:marathon-cli.zip:marathon-0.7.3/lib/sshj-0.33.0.jar:net/schmizz/sshj/userauth/keyprovider/PKCS8KeyFile$Factory.class */
    public static class Factory implements Factory.Named<FileKeyProvider> {
        @Override // net.schmizz.sshj.common.Factory
        public FileKeyProvider create() {
            return new PKCS8KeyFile();
        }

        @Override // net.schmizz.sshj.common.Factory.Named
        public String getName() {
            return "PKCS8";
        }
    }

    @Override // net.schmizz.sshj.userauth.keyprovider.BaseFileKeyProvider
    protected KeyPair readKeyPair() throws IOException {
        KeyPair keyPair = null;
        while (true) {
            try {
                try {
                    PEMParser pEMParser = new PEMParser(this.resource.getReader());
                    Object readObject = pEMParser.readObject();
                    JcaPEMKeyConverter jcaPEMKeyConverter = new JcaPEMKeyConverter();
                    if (SecurityUtils.getSecurityProvider() != null) {
                        jcaPEMKeyConverter.setProvider(SecurityUtils.getSecurityProvider());
                    }
                    if (readObject instanceof PEMEncryptedKeyPair) {
                        keyPair = jcaPEMKeyConverter.getKeyPair(readEncryptedKeyPair((PEMEncryptedKeyPair) readObject));
                    } else if (readObject instanceof PEMKeyPair) {
                        keyPair = jcaPEMKeyConverter.getKeyPair((PEMKeyPair) readObject);
                    } else if (readObject instanceof PrivateKeyInfo) {
                        keyPair = jcaPEMKeyConverter.getKeyPair(this.privateKeyInfoKeyPairConverter.getKeyPair((PrivateKeyInfo) readObject));
                    } else if (readObject instanceof PKCS8EncryptedPrivateKeyInfo) {
                        keyPair = jcaPEMKeyConverter.getKeyPair(this.privateKeyInfoKeyPairConverter.getKeyPair(readEncryptedPrivateKeyInfo((PKCS8EncryptedPrivateKeyInfo) readObject)));
                    } else {
                        this.log.warn("Unexpected PKCS8 PEM Object [{}]", readObject);
                    }
                    IOUtils.closeQuietly(pEMParser);
                    if (keyPair == null) {
                        throw new IOException("Could not read key pair from: " + this.resource);
                    }
                    return keyPair;
                } catch (EncryptionException e) {
                    if (this.pwdf == null || !this.pwdf.shouldRetry(this.resource)) {
                        throw new KeyDecryptionFailedException(e);
                    }
                    IOUtils.closeQuietly(null);
                }
            } catch (Throwable th) {
                IOUtils.closeQuietly(null);
                throw th;
            }
        }
        throw new KeyDecryptionFailedException(e);
    }

    public String toString() {
        return "PKCS8KeyFile{resource=" + this.resource + "}";
    }

    private PEMKeyPair readEncryptedKeyPair(PEMEncryptedKeyPair pEMEncryptedKeyPair) throws IOException {
        JcePEMDecryptorProviderBuilder jcePEMDecryptorProviderBuilder = new JcePEMDecryptorProviderBuilder();
        if (SecurityUtils.getSecurityProvider() != null) {
            jcePEMDecryptorProviderBuilder.setProvider(SecurityUtils.getSecurityProvider());
        }
        char[] cArr = null;
        try {
            cArr = this.pwdf == null ? null : this.pwdf.reqPassword(this.resource);
            PEMKeyPair decryptKeyPair = pEMEncryptedKeyPair.decryptKeyPair(jcePEMDecryptorProviderBuilder.build(cArr));
            PasswordUtils.blankOut(cArr);
            return decryptKeyPair;
        } catch (Throwable th) {
            PasswordUtils.blankOut(cArr);
            throw th;
        }
    }

    private PrivateKeyInfo readEncryptedPrivateKeyInfo(PKCS8EncryptedPrivateKeyInfo pKCS8EncryptedPrivateKeyInfo) throws EncryptionException {
        JceOpenSSLPKCS8DecryptorProviderBuilder jceOpenSSLPKCS8DecryptorProviderBuilder = new JceOpenSSLPKCS8DecryptorProviderBuilder();
        if (SecurityUtils.getSecurityProvider() != null) {
            jceOpenSSLPKCS8DecryptorProviderBuilder.setProvider(SecurityUtils.getSecurityProvider());
        }
        char[] cArr = null;
        try {
            try {
                try {
                    cArr = this.pwdf == null ? null : this.pwdf.reqPassword(this.resource);
                    PrivateKeyInfo decryptPrivateKeyInfo = pKCS8EncryptedPrivateKeyInfo.decryptPrivateKeyInfo(jceOpenSSLPKCS8DecryptorProviderBuilder.build(cArr));
                    PasswordUtils.blankOut(cArr);
                    return decryptPrivateKeyInfo;
                } catch (OperatorCreationException e) {
                    throw new EncryptionException("Loading Password for Encrypted Private Key Failed", e);
                }
            } catch (PKCSException e2) {
                throw new EncryptionException("Reading Encrypted Private Key Failed", e2);
            }
        } catch (Throwable th) {
            PasswordUtils.blankOut(cArr);
            throw th;
        }
    }
}
