package org.apache.karaf.shell.ssh.keygenerator;

import java.io.IOException;
import java.io.InputStream;
import java.io.InvalidClassException;
import java.io.ObjectInputStream;
import java.io.ObjectStreamClass;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.attribute.PosixFilePermission;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import org.apache.sshd.common.keyprovider.AbstractKeyPairProvider;
import org.apache.sshd.common.session.SessionContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/karaf/shell/ssh/keygenerator/OpenSSHKeyPairProvider.class */
public class OpenSSHKeyPairProvider extends AbstractKeyPairProvider {
    private static final Logger LOGGER = LoggerFactory.getLogger(OpenSSHKeyPairProvider.class);
    private Path privateKeyPath;
    private Path publicKeyPath;
    private String password;
    private KeyPair cachedKey;
    private String algorithm;
    private int keySize;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/karaf/shell/ssh/keygenerator/OpenSSHKeyPairProvider$KeyPairObjectInputStream.class */
    public static class KeyPairObjectInputStream extends ObjectInputStream {
        private boolean valid;

        public KeyPairObjectInputStream(InputStream inputStream) throws IOException {
            super(inputStream);
        }

        @Override // java.io.ObjectInputStream
        protected Class<?> resolveClass(ObjectStreamClass objectStreamClass) throws IOException, ClassNotFoundException {
            if (!this.valid) {
                if (!objectStreamClass.getName().equals(KeyPair.class.getName())) {
                    throw new InvalidClassException("Unauthorized deserialization attempt", objectStreamClass.getName());
                }
                this.valid = true;
            }
            return super.resolveClass(objectStreamClass);
        }
    }

    public OpenSSHKeyPairProvider(Path path, Path path2, String str, int i, String str2) {
        this.privateKeyPath = path;
        this.publicKeyPath = path2;
        this.algorithm = str;
        this.keySize = i;
        this.password = str2;
    }

    public synchronized Iterable<KeyPair> loadKeys(SessionContext sessionContext) throws IOException, GeneralSecurityException {
        if (this.cachedKey != null) {
            return Collections.singleton(this.cachedKey);
        }
        if (!this.privateKeyPath.toFile().exists()) {
            createServerKey();
        }
        try {
            InputStream newInputStream = Files.newInputStream(this.privateKeyPath, new OpenOption[0]);
            try {
                KeyPair keyPair = KeyPairLoader.getKeyPair(newInputStream, this.password);
                this.cachedKey = keyPair;
                Set singleton = Collections.singleton(keyPair);
                if (newInputStream != null) {
                    newInputStream.close();
                }
                return singleton;
            } finally {
            }
        } catch (Exception e) {
            LOGGER.warn("Failed to parse keypair in {}. Attempting to parse it 'directly'", this.privateKeyPath);
            try {
                KeyPair keyPairUsingPublicKeyFile = getKeyPairUsingPublicKeyFile();
                LOGGER.info("Successfully loaded key pair");
                this.cachedKey = keyPairUsingPublicKeyFile;
                return Collections.singleton(this.cachedKey);
            } catch (IOException | IllegalArgumentException | NoSuchAlgorithmException | InvalidKeySpecException e2) {
                LOGGER.warn("Failed to parse keypair in {}. Attempting to parse it as a legacy 'simple' key", this.privateKeyPath);
                try {
                    KeyPair convertLegacyKey = convertLegacyKey(this.privateKeyPath);
                    LOGGER.info("Successfully loaded legacy simple key. Converted to PEM format");
                    this.cachedKey = convertLegacyKey;
                    return Collections.singleton(convertLegacyKey);
                } catch (Exception e3) {
                    LOGGER.warn(this.privateKeyPath + " is not a 'simple' key either", e3);
                    throw new RuntimeException(e);
                }
            }
        }
    }

    private KeyPair convertLegacyKey(Path path) throws GeneralSecurityException, IOException {
        try {
            KeyPairObjectInputStream keyPairObjectInputStream = new KeyPairObjectInputStream(Files.newInputStream(path, new OpenOption[0]));
            try {
                KeyPair keyPair = (KeyPair) keyPairObjectInputStream.readObject();
                keyPairObjectInputStream.close();
                new PemWriter(path, this.publicKeyPath).writeKeyPair(this.algorithm, keyPair);
                return keyPair;
            } finally {
            }
        } catch (ClassNotFoundException e) {
            throw new InvalidKeySpecException("Missing classes: " + e.getMessage(), e);
        }
    }

    private KeyPair getKeyPairUsingPublicKeyFile() throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
        KeyFactory keyFactory = KeyFactory.getInstance(this.algorithm);
        return new KeyPair(keyFactory.generatePublic(new X509EncodedKeySpec(Base64.getMimeDecoder().decode(new String(Files.readAllBytes(this.publicKeyPath), StandardCharsets.UTF_8).replace("-----BEGIN PUBLIC KEY-----", "").replace("-----END PUBLIC KEY-----", "")))), keyFactory.generatePrivate(new PKCS8EncodedKeySpec(Base64.getMimeDecoder().decode(new String(Files.readAllBytes(this.privateKeyPath), StandardCharsets.UTF_8).replace("-----BEGIN PRIVATE KEY-----", "").replace("-----END PRIVATE KEY-----", "")))));
    }

    private KeyPair createServerKey() {
        try {
            LOGGER.info("Creating ssh server private key at " + this.privateKeyPath);
            KeyPair generate = new OpenSSHKeyPairGenerator(this.algorithm, this.keySize).generate();
            new PemWriter(this.privateKeyPath, this.publicKeyPath).writeKeyPair(this.algorithm, generate);
            LOGGER.debug("Changing key files permissions");
            HashSet hashSet = new HashSet();
            hashSet.add(PosixFilePermission.OWNER_READ);
            hashSet.add(PosixFilePermission.OWNER_WRITE);
            try {
                Files.setPosixFilePermissions(this.privateKeyPath, hashSet);
                Files.setPosixFilePermissions(this.publicKeyPath, hashSet);
            } catch (Exception e) {
                LOGGER.debug("Can't change file permissions", e);
            }
            return generate;
        } catch (Exception e2) {
            throw new RuntimeException("Key file generation failed", e2);
        }
    }
}
