package org.apache.sshd.common.config.keys.loader.putty;

import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.sshd.common.config.keys.IdentityResourceLoader;
import org.apache.sshd.common.config.keys.loader.AESPrivateKeyObfuscator;
import org.apache.sshd.common.config.keys.loader.KeyPairResourceParser;
import org.apache.sshd.common.digest.BuiltinDigests;
import org.apache.sshd.common.util.GenericUtils;
import org.apache.sshd.common.util.ValidateUtils;
import org.apache.sshd.common.util.security.SecurityUtils;

/* loaded from: input_file:WEB-INF/lib/sshd-putty-2.1.0.jar:org/apache/sshd/common/config/keys/loader/putty/PuttyKeyPairResourceParser.class */
public interface PuttyKeyPairResourceParser<PUB extends PublicKey, PRV extends PrivateKey> extends IdentityResourceLoader<PUB, PRV>, KeyPairResourceParser {
    public static final String PPK_FILE_SUFFIX = ".ppk";
    public static final String NO_PRIVATE_KEY_ENCRYPTION_VALUE = "none";
    public static final String KEY_FILE_HEADER_PREFIX = "PuTTY-User-Key-File";
    public static final String PUBLIC_LINES_HEADER = "Public-Lines";
    public static final String PRIVATE_LINES_HEADER = "Private-Lines";
    public static final List<String> KNOWN_HEADERS = Collections.unmodifiableList(Arrays.asList(KEY_FILE_HEADER_PREFIX, PUBLIC_LINES_HEADER, PRIVATE_LINES_HEADER));

    @Override // org.apache.sshd.common.config.keys.loader.KeyPairResourceParser
    default boolean canExtractKeyPairs(String str, List<String> list) throws IOException, GeneralSecurityException {
        if (GenericUtils.isEmpty((Collection<?>) list)) {
            return false;
        }
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            String trimToEmpty = GenericUtils.trimToEmpty(it.next());
            Iterator<String> it2 = KNOWN_HEADERS.iterator();
            while (it2.hasNext()) {
                if (trimToEmpty.startsWith(it2.next())) {
                    return true;
                }
            }
        }
        return false;
    }

    static byte[] decodePrivateKeyBytes(byte[] bArr, String str, int i, String str2, String str3) throws GeneralSecurityException {
        Objects.requireNonNull(bArr, "No encrypted key bytes");
        ValidateUtils.checkNotNullAndNotEmpty(str, "No encryption algorithm", GenericUtils.EMPTY_OBJECT_ARRAY);
        ValidateUtils.checkTrue(i > 0, "Invalid encryption key size: %d", i);
        ValidateUtils.checkNotNullAndNotEmpty(str2, "No encryption mode", GenericUtils.EMPTY_OBJECT_ARRAY);
        ValidateUtils.checkNotNullAndNotEmpty(str3, "No encryption password", GenericUtils.EMPTY_OBJECT_ARRAY);
        if (AESPrivateKeyObfuscator.CIPHER_NAME.equalsIgnoreCase(str)) {
            return decodePrivateKeyBytes(bArr, str, str2, i, new byte[16], toEncryptionKey(str3));
        }
        throw new NoSuchAlgorithmException("decodePrivateKeyBytes(" + str + "-" + i + "-" + str2 + ") N/A");
    }

    static byte[] decodePrivateKeyBytes(byte[] bArr, String str, String str2, int i, byte[] bArr2, byte[] bArr3) throws GeneralSecurityException {
        String str3 = str + "/" + str2 + "/NoPadding";
        int maxAllowedKeyLength = Cipher.getMaxAllowedKeyLength(str3);
        if (i > maxAllowedKeyLength) {
            throw new InvalidKeySpecException("decodePrivateKeyBytes(" + str3 + ") required key length (" + i + ") exceeds max. available: " + maxAllowedKeyLength);
        }
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr3, str);
        IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr2);
        Cipher cipher = SecurityUtils.getCipher(str3);
        cipher.init(2, secretKeySpec, ivParameterSpec);
        return cipher.doFinal(bArr);
    }

    static byte[] toEncryptionKey(String str) throws GeneralSecurityException {
        if (GenericUtils.isEmpty(str)) {
            return null;
        }
        MessageDigest messageDigest = SecurityUtils.getMessageDigest(BuiltinDigests.sha1.getAlgorithm());
        byte[] bArr = {0, 0, 0, 0};
        byte[] bytes = str.getBytes(StandardCharsets.UTF_8);
        byte[] bArr2 = new byte[32];
        int length = bArr2.length;
        for (int i = 0; i < 2; i++) {
            messageDigest.reset();
            bArr[3] = (byte) i;
            messageDigest.update(bArr);
            messageDigest.update(bytes);
            System.arraycopy(messageDigest.digest(), 0, bArr2, i * 20, Math.min(20, length));
            length -= 20;
        }
        return bArr2;
    }
}
