package org.apache.sshd.openpgp;

import java.io.IOException;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.spec.KeySpec;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.NavigableMap;
import java.util.Objects;
import java.util.stream.Collectors;
import org.apache.sshd.common.NamedResource;
import org.apache.sshd.common.config.keys.FilePasswordProvider;
import org.apache.sshd.common.config.keys.FilePasswordProviderManager;
import org.apache.sshd.common.config.keys.KeyUtils;
import org.apache.sshd.common.session.SessionContext;
import org.apache.sshd.common.util.GenericUtils;
import org.apache.sshd.common.util.MapEntryUtils;
import org.apache.sshd.common.util.logging.AbstractLoggingBean;
import org.apache.sshd.common.util.security.SecurityUtils;
import org.bouncycastle.openpgp.PGPException;
import org.c02e.jpgpj.Subkey;

/* loaded from: input_file:org/apache/sshd/openpgp/PGPAuthorizedEntriesTracker.class */
public class PGPAuthorizedEntriesTracker extends AbstractLoggingBean implements PGPAuthorizedKeyEntriesLoader, FilePasswordProviderManager {
    private FilePasswordProvider filePasswordProvider;
    private final List<PGPPublicKeyFileWatcher> keyFiles;

    public PGPAuthorizedEntriesTracker() {
        this(Collections.emptyList());
    }

    public PGPAuthorizedEntriesTracker(Path path) {
        this(path, (FilePasswordProvider) null);
    }

    public PGPAuthorizedEntriesTracker(Path path, FilePasswordProvider filePasswordProvider) {
        this(Collections.singletonList((Path) Objects.requireNonNull(path, "No path provided")), filePasswordProvider);
    }

    public PGPAuthorizedEntriesTracker(Collection<? extends Path> collection) {
        this(collection, (FilePasswordProvider) null);
    }

    public PGPAuthorizedEntriesTracker(Collection<? extends Path> collection, FilePasswordProvider filePasswordProvider) {
        this.keyFiles = GenericUtils.isEmpty(collection) ? new ArrayList<>() : (List) collection.stream().map(path -> {
            return new PGPPublicKeyFileWatcher(path);
        }).collect(Collectors.toCollection(() -> {
            return new ArrayList(collection.size());
        }));
    }

    public FilePasswordProvider getFilePasswordProvider() {
        return this.filePasswordProvider;
    }

    public void setFilePasswordProvider(FilePasswordProvider filePasswordProvider) {
        this.filePasswordProvider = filePasswordProvider;
    }

    public List<PGPPublicKeyFileWatcher> getWatchedFiles() {
        return this.keyFiles;
    }

    public void addWatchedFile(Path path) {
        Objects.requireNonNull(path, "No file provided");
        getWatchedFiles().add(new PGPPublicKeyFileWatcher(path));
    }

    @Override // org.apache.sshd.openpgp.PGPAuthorizedKeyEntriesLoader
    public List<PublicKey> loadMatchingKeyFingerprints(SessionContext sessionContext, Collection<String> collection) throws IOException, GeneralSecurityException, PGPException {
        List<PGPPublicKeyFileWatcher> watchedFiles;
        int size;
        int size2 = GenericUtils.size(collection);
        if (size2 > 0 && (size = GenericUtils.size((watchedFiles = getWatchedFiles()))) > 0) {
            ArrayList arrayList = new ArrayList(Math.min(size2, size));
            FilePasswordProvider filePasswordProvider = getFilePasswordProvider();
            boolean isDebugEnabled = this.log.isDebugEnabled();
            for (PGPPublicKeyFileWatcher pGPPublicKeyFileWatcher : watchedFiles) {
                NamedResource pathResource = pGPPublicKeyFileWatcher.toPathResource();
                NavigableMap<String, Subkey> mapSubKeysByFingerprint = PGPUtils.mapSubKeysByFingerprint(pGPPublicKeyFileWatcher.loadPublicKey(sessionContext, pathResource, filePasswordProvider));
                int size3 = MapEntryUtils.size(mapSubKeysByFingerprint);
                Collection<Subkey> emptyList = size3 <= 0 ? Collections.emptyList() : (Collection) mapSubKeysByFingerprint.entrySet().stream().filter(entry -> {
                    return collection.contains(entry.getKey());
                }).map((v0) -> {
                    return v0.getValue();
                }).collect(Collectors.toCollection(() -> {
                    return new ArrayList(size3);
                }));
                int size4 = GenericUtils.size(emptyList);
                if (isDebugEnabled) {
                    this.log.debug("loadMatchingKeyFingerprints({}) found {}/{} matches in {}", new Object[]{sessionContext, Integer.valueOf(size4), Integer.valueOf(size2), pathResource});
                }
                if (size4 > 0) {
                    for (Subkey subkey : emptyList) {
                        try {
                            PublicKey extractPublicKey = extractPublicKey(pathResource, subkey);
                            if (extractPublicKey != null) {
                                if (isDebugEnabled) {
                                    this.log.debug("loadMatchingKeyFingerprints({}) loaded key={}, fingerprint={}, hash={} from {}", new Object[]{sessionContext, KeyUtils.getKeyType(extractPublicKey), subkey.getFingerprint(), KeyUtils.getFingerPrint(extractPublicKey), pathResource});
                                }
                                arrayList.add(extractPublicKey);
                            }
                        } catch (IOException | RuntimeException | GeneralSecurityException e) {
                            error("loadMatchingKeyFingerprints({}) failed ({}) to convert {} from {} to public key: {}", sessionContext, e.getClass().getSimpleName(), subkey, pathResource, e.getMessage(), e);
                            throw e;
                        }
                    }
                }
            }
            return arrayList;
        }
        return Collections.emptyList();
    }

    @Override // org.apache.sshd.openpgp.PGPPublicKeyExtractor
    public <K extends PublicKey> K generatePublicKey(String str, Class<K> cls, KeySpec keySpec) throws GeneralSecurityException {
        return cls.cast(getKeyFactory(str).generatePublic(keySpec));
    }

    protected KeyFactory getKeyFactory(String str) throws GeneralSecurityException {
        return SecurityUtils.getKeyFactory(str);
    }
}
