package org.apache.sshd.common.config.keys.loader.openpgp;

import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.spec.KeySpec;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.NavigableMap;
import java.util.TreeMap;
import java.util.concurrent.atomic.AtomicReference;
import org.apache.sshd.common.NamedResource;
import org.apache.sshd.common.config.keys.KeyUtils;
import org.apache.sshd.common.session.SessionContext;
import org.apache.sshd.common.util.GenericUtils;
import org.apache.sshd.common.util.io.ModifiableFileWatcher;
import org.apache.sshd.common.util.io.resource.IoResource;
import org.apache.sshd.common.util.io.resource.PathResource;
import org.apache.sshd.common.util.security.SecurityUtils;
import org.bouncycastle.openpgp.PGPException;
import org.c02e.jpgpj.Key;
import org.c02e.jpgpj.Ring;
import org.c02e.jpgpj.Subkey;

/* loaded from: input_file:org/apache/sshd/common/config/keys/loader/openpgp/PGPPublicRingWatcher.class */
public class PGPPublicRingWatcher extends ModifiableFileWatcher implements PGPAuthorizedKeyEntriesLoader {
    public static final String DEFAULT_PUBLIC_RING_FILENAME = "pubring.gpg";
    protected final AtomicReference<NavigableMap<String, PublicKey>> ringKeys;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/sshd/common/config/keys/loader/openpgp/PGPPublicRingWatcher$LazyDefaultPublicRingPathHolder.class */
    public static final class LazyDefaultPublicRingPathHolder {
        private static final Path PATH = PGPUtils.getDefaultPgpFolderPath().resolve(PGPPublicRingWatcher.DEFAULT_PUBLIC_RING_FILENAME);

        private LazyDefaultPublicRingPathHolder() {
            throw new UnsupportedOperationException("No instance");
        }
    }

    public PGPPublicRingWatcher() {
        this(getDefaultPublicRingFilePath());
    }

    public PGPPublicRingWatcher(Path path) {
        super(path);
        this.ringKeys = new AtomicReference<>(Collections.emptyNavigableMap());
    }

    @Override // org.apache.sshd.common.config.keys.loader.openpgp.PGPAuthorizedKeyEntriesLoader
    public List<PublicKey> loadMatchingKeyFingerprints(SessionContext sessionContext, Collection<String> collection) throws IOException, GeneralSecurityException, PGPException {
        int size = GenericUtils.size(collection);
        if (size <= 0) {
            return Collections.emptyList();
        }
        NavigableMap<String, PublicKey> resolveRingKeys = resolveRingKeys(sessionContext);
        if (GenericUtils.isEmpty(resolveRingKeys)) {
            return Collections.emptyList();
        }
        List<PublicKey> emptyList = Collections.emptyList();
        Iterator<String> it = collection.iterator();
        while (it.hasNext()) {
            PublicKey publicKey = resolveRingKeys.get(it.next());
            if (publicKey != null) {
                if (GenericUtils.isEmpty(emptyList)) {
                    emptyList = new ArrayList(size);
                }
                emptyList.add(publicKey);
            }
        }
        return emptyList;
    }

    protected NavigableMap<String, PublicKey> resolveRingKeys(SessionContext sessionContext) throws IOException, GeneralSecurityException, PGPException {
        NavigableMap<String, PublicKey> navigableMap = this.ringKeys.get();
        if (GenericUtils.isEmpty(navigableMap) || checkReloadRequired()) {
            this.ringKeys.set(Collections.emptyNavigableMap());
            if (!exists()) {
                return this.ringKeys.get();
            }
            Path path = getPath();
            navigableMap = reloadRingKeys(sessionContext, new PathResource(path));
            int size = GenericUtils.size(navigableMap);
            if (this.log.isDebugEnabled()) {
                this.log.debug("resolveRingKeys({}) reloaded {} keys from {}", new Object[]{sessionContext, Integer.valueOf(size), path});
            }
            if (size > 0) {
                this.ringKeys.set(navigableMap);
                updateReloadAttributes();
            }
        }
        return navigableMap;
    }

    protected NavigableMap<String, PublicKey> reloadRingKeys(SessionContext sessionContext, IoResource<?> ioResource) throws IOException, GeneralSecurityException, PGPException {
        InputStream openInputStream = ioResource.openInputStream();
        Throwable th = null;
        try {
            try {
                Ring ring = new Ring(openInputStream);
                if (openInputStream != null) {
                    if (0 != 0) {
                        try {
                            openInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        openInputStream.close();
                    }
                }
                return reloadRingKeys(sessionContext, (NamedResource) ioResource, ring);
            } finally {
            }
        } catch (Throwable th3) {
            if (openInputStream != null) {
                if (th != null) {
                    try {
                        openInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    openInputStream.close();
                }
            }
            throw th3;
        }
    }

    protected NavigableMap<String, PublicKey> reloadRingKeys(SessionContext sessionContext, NamedResource namedResource, Ring ring) throws IOException, GeneralSecurityException, PGPException {
        return reloadRingKeys(sessionContext, namedResource, ring.getKeys());
    }

    protected NavigableMap<String, PublicKey> reloadRingKeys(SessionContext sessionContext, NamedResource namedResource, Collection<Key> collection) throws IOException, GeneralSecurityException, PGPException {
        PublicKey handlePublicKeyExtractionError;
        PublicKey publicKey;
        if (GenericUtils.isEmpty(collection)) {
            return Collections.emptyNavigableMap();
        }
        TreeMap treeMap = new TreeMap(String.CASE_INSENSITIVE_ORDER);
        boolean isDebugEnabled = this.log.isDebugEnabled();
        Iterator<Key> it = collection.iterator();
        while (it.hasNext()) {
            for (Map.Entry<String, Subkey> entry : PGPUtils.mapSubKeysByFingerprint(it.next()).entrySet()) {
                String key = entry.getKey();
                Subkey value = entry.getValue();
                try {
                    handlePublicKeyExtractionError = extractPublicKey(namedResource, value);
                } catch (IOException | RuntimeException | GeneralSecurityException e) {
                    handlePublicKeyExtractionError = handlePublicKeyExtractionError(sessionContext, namedResource, key, value, e);
                }
                if (isDebugEnabled) {
                    this.log.debug("reloadRingKeys({}) loaded {} key ({}) for fingerprint={} from {}", new Object[]{sessionContext, KeyUtils.getKeyType(handlePublicKeyExtractionError), KeyUtils.getFingerPrint(handlePublicKeyExtractionError), key, namedResource.getName()});
                }
                if (handlePublicKeyExtractionError != null && (publicKey = (PublicKey) treeMap.put(key, handlePublicKeyExtractionError)) != null) {
                    PublicKey handleDuplicateKeyFingerprint = handleDuplicateKeyFingerprint(sessionContext, namedResource, key, value, publicKey, handlePublicKeyExtractionError);
                    if (handleDuplicateKeyFingerprint == null) {
                        treeMap.remove(key);
                    } else if (!GenericUtils.isSameReference(handleDuplicateKeyFingerprint, handlePublicKeyExtractionError)) {
                        treeMap.put(key, handleDuplicateKeyFingerprint);
                    }
                }
            }
        }
        return treeMap;
    }

    protected PublicKey handlePublicKeyExtractionError(SessionContext sessionContext, NamedResource namedResource, String str, Subkey subkey, Throwable th) throws IOException, GeneralSecurityException, PGPException {
        this.log.warn("handlePublicKeyExtractionError({}) failed ({}) to extract value for fingerprint={} from {}: {}", new Object[]{sessionContext, th.getClass().getSimpleName(), str, namedResource.getName(), th.getMessage()});
        return null;
    }

    protected PublicKey handleDuplicateKeyFingerprint(SessionContext sessionContext, NamedResource namedResource, String str, Subkey subkey, PublicKey publicKey, PublicKey publicKey2) throws IOException, GeneralSecurityException, PGPException {
        this.log.warn("handleDuplicateKeyFingerprint({}) duplicate keys found for fingerprint={} ({}[{}] / {}[{}]) in {}", new Object[]{sessionContext, str, KeyUtils.getKeyType(publicKey), KeyUtils.getFingerPrint(publicKey), KeyUtils.getKeyType(publicKey2), KeyUtils.getFingerPrint(publicKey2), namedResource.getName()});
        return publicKey2;
    }

    @Override // org.apache.sshd.common.config.keys.loader.openpgp.PGPPublicKeyExtractor
    public <K extends PublicKey> K generatePublicKey(String str, Class<K> cls, KeySpec keySpec) throws GeneralSecurityException {
        return cls.cast(getKeyFactory(str).generatePublic(keySpec));
    }

    protected KeyFactory getKeyFactory(String str) throws GeneralSecurityException {
        return SecurityUtils.getKeyFactory(str);
    }

    public static Path getDefaultPublicRingFilePath() {
        return LazyDefaultPublicRingPathHolder.PATH;
    }
}
