package org.apache.sshd.putty;

import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.sshd.common.NamedResource;
import org.apache.sshd.common.config.keys.IdentityResourceLoader;
import org.apache.sshd.common.config.keys.loader.KeyPairResourceParser;
import org.apache.sshd.common.digest.BuiltinDigests;
import org.apache.sshd.common.util.GenericUtils;
import org.apache.sshd.common.util.MapEntryUtils;
import org.apache.sshd.common.util.ValidateUtils;
import org.apache.sshd.common.util.buffer.BufferUtils;
import org.apache.sshd.common.util.security.SecurityUtils;
import org.bouncycastle.crypto.generators.Argon2BytesGenerator;
import org.bouncycastle.crypto.params.Argon2Parameters;

/* loaded from: input_file:org/apache/sshd/putty/PuttyKeyPairResourceParser.class */
public interface PuttyKeyPairResourceParser<PUB extends PublicKey, PRV extends PrivateKey> extends IdentityResourceLoader<PUB, PRV>, KeyPairResourceParser {
    public static final String PPK_FILE_SUFFIX = ".ppk";
    public static final String NO_PRIVATE_KEY_ENCRYPTION_VALUE = "none";
    public static final int FORMAT_3_MAC_KEY_LENGTH = 32;
    public static final String KEY_FILE_HEADER_PREFIX = "PuTTY-User-Key-File-";
    public static final String PUBLIC_LINES_HEADER = "Public-Lines";
    public static final String PRIVATE_LINES_HEADER = "Private-Lines";
    public static final List<String> KNOWN_HEADERS = Collections.unmodifiableList(Arrays.asList(KEY_FILE_HEADER_PREFIX, PUBLIC_LINES_HEADER, PRIVATE_LINES_HEADER));

    default boolean canExtractKeyPairs(NamedResource namedResource, List<String> list) throws IOException, GeneralSecurityException {
        if (GenericUtils.isEmpty(list)) {
            return false;
        }
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            String trimToEmpty = GenericUtils.trimToEmpty(it.next());
            Iterator<String> it2 = KNOWN_HEADERS.iterator();
            while (it2.hasNext()) {
                if (trimToEmpty.startsWith(it2.next())) {
                    return true;
                }
            }
        }
        return false;
    }

    static byte[] decodePrivateKeyBytes(int i, byte[] bArr, String str, int i2, String str2, String str3, Map<String, String> map) throws GeneralSecurityException {
        Objects.requireNonNull(bArr, "No encrypted key bytes");
        ValidateUtils.checkNotNullAndNotEmpty(str, "No encryption algorithm", GenericUtils.EMPTY_OBJECT_ARRAY);
        ValidateUtils.checkTrue(i2 > 0, "Invalid encryption key size: %d", i2);
        ValidateUtils.checkNotNullAndNotEmpty(str2, "No encryption mode", GenericUtils.EMPTY_OBJECT_ARRAY);
        ValidateUtils.checkNotNullAndNotEmpty(str3, "No encryption password", GenericUtils.EMPTY_OBJECT_ARRAY);
        if (!"AES".equalsIgnoreCase(str)) {
            throw new NoSuchAlgorithmException("decodePrivateKeyBytes(" + str + "-" + i2 + "-" + str2 + ") N/A");
        }
        if (i2 != 128 && i2 != 192 && i2 != 256) {
            throw new InvalidKeySpecException("Requested key size (" + i2 + ") is not supported");
        }
        byte[] bArr2 = new byte[16];
        byte[] bArr3 = new byte[i2 / 8];
        decodeEncryptionKey(i, str3, bArr2, bArr3, map);
        try {
            byte[] decodePrivateKeyBytes = decodePrivateKeyBytes(bArr, str, str2, i2, bArr2, bArr3);
            Arrays.fill(bArr2, (byte) 0);
            Arrays.fill(bArr3, (byte) 0);
            return decodePrivateKeyBytes;
        } catch (Throwable th) {
            Arrays.fill(bArr2, (byte) 0);
            Arrays.fill(bArr3, (byte) 0);
            throw th;
        }
    }

    static byte[] decodePrivateKeyBytes(byte[] bArr, String str, String str2, int i, byte[] bArr2, byte[] bArr3) throws GeneralSecurityException {
        String str3 = str + "/" + str2 + "/NoPadding";
        int maxAllowedKeyLength = Cipher.getMaxAllowedKeyLength(str3);
        if (i > maxAllowedKeyLength) {
            throw new InvalidKeySpecException("decodePrivateKeyBytes(" + str3 + ") required key length (" + i + ") exceeds max. available: " + maxAllowedKeyLength);
        }
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr3, str);
        IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr2);
        Cipher cipher = SecurityUtils.getCipher(str3);
        cipher.init(2, secretKeySpec, ivParameterSpec);
        return cipher.doFinal(bArr);
    }

    static void decodeEncryptionKey(int i, String str, byte[] bArr, byte[] bArr2, Map<String, String> map) throws GeneralSecurityException {
        String stringHeaderValue = getStringHeaderValue(map, "Key-Derivation");
        if (GenericUtils.isBlank(stringHeaderValue)) {
            deriveFormat2EncryptionKey(str, bArr, bArr2);
        } else {
            if (!"Argon2id".equalsIgnoreCase(stringHeaderValue) && !"Argon2i".equalsIgnoreCase(stringHeaderValue) && !"Argon2d".equalsIgnoreCase(stringHeaderValue)) {
                throw new NoSuchAlgorithmException("Unsupported KDF method: " + stringHeaderValue);
            }
            deriveFormat3EncryptionKey(str, stringHeaderValue, bArr, bArr2, map);
        }
    }

    static void deriveFormat3EncryptionKey(String str, String str2, byte[] bArr, byte[] bArr2, Map<String, String> map) throws GeneralSecurityException {
        Argon2Parameters.Builder builder;
        ValidateUtils.checkNotNullAndNotEmpty(map, "Mising file headers for KDF purposes", new Object[0]);
        Objects.requireNonNull(str, "No passphrase provded");
        int integerHeaderValue = getIntegerHeaderValue(map, "Argon2-Parallelism");
        int integerHeaderValue2 = getIntegerHeaderValue(map, "Argon2-Passes");
        int integerHeaderValue3 = getIntegerHeaderValue(map, "Argon2-Memory");
        byte[] checkNotNullAndNotEmpty = ValidateUtils.checkNotNullAndNotEmpty(getHexArrayHeaderValue(map, "Argon2-Salt"), "No Argon2 salt value provided");
        byte[] bArr3 = new byte[bArr2.length + bArr.length + 32];
        byte[] bytes = str.getBytes(StandardCharsets.UTF_8);
        try {
            if ("Argon2id".equalsIgnoreCase(str2)) {
                builder = new Argon2Parameters.Builder(2);
            } else if ("Argon2i".equalsIgnoreCase(str2)) {
                builder = new Argon2Parameters.Builder(1);
            } else {
                if (!"Argon2d".equalsIgnoreCase(str2)) {
                    throw new NoSuchAlgorithmException("Unsupported key derivation type: " + str2);
                }
                builder = new Argon2Parameters.Builder(1);
            }
            Argon2Parameters build = builder.withSalt(checkNotNullAndNotEmpty).withParallelism(integerHeaderValue).withMemoryAsKB(integerHeaderValue3).withIterations(integerHeaderValue2).build();
            Argon2BytesGenerator argon2BytesGenerator = new Argon2BytesGenerator();
            argon2BytesGenerator.init(build);
            argon2BytesGenerator.generateBytes(bytes, bArr3);
            Arrays.fill(bytes, (byte) 0);
            try {
                System.arraycopy(bArr3, 0, bArr2, 0, bArr2.length);
                System.arraycopy(bArr3, bArr2.length, bArr, 0, bArr.length);
                Arrays.fill(bArr3, (byte) 0);
            } catch (Throwable th) {
                Arrays.fill(bArr3, (byte) 0);
                throw th;
            }
        } catch (Throwable th2) {
            Arrays.fill(bytes, (byte) 0);
            throw th2;
        }
    }

    static String getStringHeaderValue(Map<String, String> map, String str) {
        if (MapEntryUtils.isEmpty(map)) {
            return null;
        }
        return map.get(str);
    }

    static byte[] getHexArrayHeaderValue(Map<String, String> map, String str) {
        return BufferUtils.decodeHex((char) 0, getStringHeaderValue(map, str));
    }

    static int getIntegerHeaderValue(Map<String, String> map, String str) {
        return Integer.parseInt(ValidateUtils.checkNotNullAndNotEmpty(getStringHeaderValue(map, str), "Missing %s header value", str));
    }

    /* JADX WARN: Finally extract failed */
    static void deriveFormat2EncryptionKey(String str, byte[] bArr, byte[] bArr2) throws GeneralSecurityException {
        Objects.requireNonNull(str, "No passphrase provded");
        byte[] bytes = str.getBytes(StandardCharsets.UTF_8);
        try {
            MessageDigest messageDigest = SecurityUtils.getMessageDigest(BuiltinDigests.sha1.getAlgorithm());
            byte[] bArr3 = {0, 0, 0, 0};
            try {
                int i = 0;
                int length = bArr2.length;
                while (length > 0) {
                    messageDigest.reset();
                    bArr3[3] = (byte) i;
                    messageDigest.update(bArr3);
                    messageDigest.update(bytes);
                    byte[] digest = messageDigest.digest();
                    try {
                        System.arraycopy(digest, 0, bArr2, i * 20, Math.min(20, length));
                        Arrays.fill(digest, (byte) 0);
                        length -= 20;
                        i++;
                    } finally {
                    }
                }
                Arrays.fill(bArr3, (byte) 0);
                Arrays.fill(bArr, (byte) 0);
                Arrays.fill(bytes, (byte) 0);
            } catch (Throwable th) {
                Arrays.fill(bArr3, (byte) 0);
                throw th;
            }
        } catch (Throwable th2) {
            Arrays.fill(bytes, (byte) 0);
            throw th2;
        }
    }
}
