package org.eclipse.jgit.internal.transport.sshd;

import java.io.IOException;
import java.security.PublicKey;
import java.security.spec.InvalidKeySpecException;
import java.text.MessageFormat;
import java.util.Deque;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import org.apache.sshd.client.auth.pubkey.PublicKeyIdentity;
import org.apache.sshd.client.auth.pubkey.UserAuthPublicKey;
import org.apache.sshd.client.session.ClientSession;
import org.apache.sshd.common.NamedFactory;
import org.apache.sshd.common.NamedResource;
import org.apache.sshd.common.RuntimeSshException;
import org.apache.sshd.common.SshConstants;
import org.apache.sshd.common.config.keys.KeyUtils;
import org.apache.sshd.common.signature.Signature;
import org.apache.sshd.common.signature.SignatureFactoriesHolder;
import org.apache.sshd.common.util.buffer.Buffer;

/* loaded from: input_file:org/eclipse/jgit/internal/transport/sshd/JGitPublicKeyAuthentication.class */
public class JGitPublicKeyAuthentication extends UserAuthPublicKey {
    private final Deque<String> currentAlgorithms;
    private String chosenAlgorithm;

    /* JADX INFO: Access modifiers changed from: package-private */
    public JGitPublicKeyAuthentication(List<NamedFactory<Signature>> list) {
        super(list);
        this.currentAlgorithms = new LinkedList();
    }

    protected boolean sendAuthDataRequest(ClientSession clientSession, String str) throws Exception {
        Set set;
        if (this.current == null) {
            this.currentAlgorithms.clear();
            this.chosenAlgorithm = null;
        }
        String str2 = null;
        if (this.current != null && !this.currentAlgorithms.isEmpty()) {
            str2 = this.currentAlgorithms.poll();
            if (this.chosenAlgorithm != null && (set = (Set) clientSession.getAttribute(JGitKexExtensionHandler.SERVER_ALGORITHMS)) != null && set.contains(this.chosenAlgorithm)) {
                str2 = null;
            }
        }
        if (str2 == null) {
            try {
                if (this.keys == null || !this.keys.hasNext()) {
                    if (this.log.isDebugEnabled()) {
                        this.log.debug("sendAuthDataRequest({})[{}] no more keys to send", clientSession, str);
                    }
                    this.current = null;
                    return false;
                }
                this.current = (PublicKeyIdentity) this.keys.next();
                this.currentAlgorithms.clear();
                this.chosenAlgorithm = null;
            } catch (Error e) {
                throw new RuntimeSshException(e);
            }
        }
        try {
            PublicKey publicKey = this.current.getPublicKey();
            if (str2 == null) {
                String keyType = KeyUtils.getKeyType(publicKey);
                HashSet hashSet = new HashSet(KeyUtils.getAllEquivalentKeyTypes(keyType));
                hashSet.add(keyType);
                List signatureFactories = this.current instanceof SignatureFactoriesHolder ? this.current.getSignatureFactories() : getSignatureFactories();
                if (signatureFactories != null) {
                    if (this.log.isDebugEnabled()) {
                        this.log.debug("sendAuthDataRequest({})[{}] selecting from PubKeyAcceptedAlgorithms {}", new Object[]{clientSession, str, NamedResource.getNames(signatureFactories)});
                    }
                    signatureFactories.forEach(namedFactory -> {
                        if (hashSet.contains(namedFactory.getName())) {
                            this.currentAlgorithms.add(namedFactory.getName());
                        }
                    });
                }
                str2 = this.currentAlgorithms.isEmpty() ? keyType : this.currentAlgorithms.poll();
            }
            String name = getName();
            if (this.log.isDebugEnabled()) {
                this.log.debug("sendAuthDataRequest({})[{}] send SSH_MSG_USERAUTH_REQUEST request {} type={} - fingerprint={}", new Object[]{clientSession, str, name, str2, KeyUtils.getFingerPrint(publicKey)});
            }
            this.chosenAlgorithm = str2;
            Buffer createBuffer = clientSession.createBuffer((byte) 50);
            createBuffer.putString(clientSession.getUsername());
            createBuffer.putString(str);
            createBuffer.putString(name);
            createBuffer.putBoolean(false);
            createBuffer.putString(str2);
            createBuffer.putPublicKey(publicKey);
            clientSession.writePacket(createBuffer);
            return true;
        } catch (Error e2) {
            throw new RuntimeSshException(e2);
        }
    }

    protected boolean processAuthDataRequest(ClientSession clientSession, String str, Buffer buffer) throws Exception {
        String name = getName();
        int uByte = buffer.getUByte();
        if (uByte != 60) {
            throw new IllegalStateException(MessageFormat.format(SshdText.get().pubkeyAuthWrongCommand, SshConstants.getCommandMessageName(uByte), clientSession.getConnectAddress(), clientSession.getServerVersion()));
        }
        try {
            PublicKey publicKey = this.current.getPublicKey();
            String string = buffer.getString();
            PublicKey publicKey2 = buffer.getPublicKey();
            if (this.log.isDebugEnabled()) {
                this.log.debug("processAuthDataRequest({})[{}][{}] SSH_MSG_USERAUTH_PK_OK type={}, fingerprint={}", new Object[]{clientSession, str, name, string, KeyUtils.getFingerPrint(publicKey2)});
            }
            if (!KeyUtils.compareKeys(publicKey2, publicKey)) {
                throw new InvalidKeySpecException(MessageFormat.format(SshdText.get().pubkeyAuthWrongKey, KeyUtils.getFingerPrint(publicKey), KeyUtils.getFingerPrint(publicKey2), clientSession.getConnectAddress(), clientSession.getServerVersion()));
            }
            if (!this.chosenAlgorithm.equalsIgnoreCase(string)) {
                this.log.warn(MessageFormat.format(SshdText.get().pubkeyAuthWrongSignatureAlgorithm, this.chosenAlgorithm, string, clientSession.getConnectAddress(), clientSession.getServerVersion()));
            }
            String username = clientSession.getUsername();
            Buffer createBuffer = clientSession.createBuffer((byte) 50);
            createBuffer.putString(username);
            createBuffer.putString(str);
            createBuffer.putString(name);
            createBuffer.putBoolean(true);
            createBuffer.putString(this.chosenAlgorithm);
            createBuffer.putPublicKey(publicKey);
            if (this.log.isDebugEnabled()) {
                this.log.debug("processAuthDataRequest({})[{}][{}]: signing with algorithm {}", new Object[]{clientSession, str, name, this.chosenAlgorithm});
            }
            appendSignature(clientSession, str, name, username, this.chosenAlgorithm, publicKey, createBuffer);
            clientSession.writePacket(createBuffer);
            return true;
        } catch (Error e) {
            throw new RuntimeSshException(e);
        }
    }

    protected void releaseKeys() throws IOException {
        this.currentAlgorithms.clear();
        this.current = null;
        this.chosenAlgorithm = null;
        super.releaseKeys();
    }
}
