package ghidra.framework.remote.security;

import ghidra.security.KeyStorePasswordProvider;
import ghidra.util.Msg;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.StringReader;
import java.security.InvalidKeyException;
import java.security.Security;
import java.util.Arrays;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.util.OpenSSHPublicKeyUtil;
import org.bouncycastle.crypto.util.PrivateKeyFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.bouncycastle.util.encoders.Base64;

/* loaded from: input_file:ghidra/framework/remote/security/SSHKeyManager.class */
public class SSHKeyManager {
    private static KeyStorePasswordProvider passwordProvider;

    private SSHKeyManager() {
    }

    public static synchronized void setProtectedKeyStorePasswordProvider(KeyStorePasswordProvider keyStorePasswordProvider) {
        passwordProvider = keyStorePasswordProvider;
    }

    public static CipherParameters getSSHPrivateKey(File file) throws InvalidKeyException, IOException {
        if (!file.isFile()) {
            throw new FileNotFoundException("SSH private key file not found: " + String.valueOf(file));
        }
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            CipherParameters sSHPrivateKey = getSSHPrivateKey(fileInputStream, file.getAbsolutePath());
            fileInputStream.close();
            return sSHPrivateKey;
        } catch (Throwable th) {
            try {
                fileInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public static CipherParameters getSSHPrivateKey(InputStream inputStream) throws InvalidKeyException, IOException {
        return getSSHPrivateKey(inputStream, "Protected SSH Key");
    }

    private static CipherParameters getSSHPrivateKey(InputStream inputStream, String str) throws InvalidKeyException, IOException {
        PrivateKeyInfo privateKeyInfo;
        StringBuffer stringBuffer = new StringBuffer();
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
        boolean z = true;
        while (true) {
            try {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    bufferedReader.close();
                    char[] cArr = null;
                    try {
                        StringReader stringReader = new StringReader(stringBuffer.toString());
                        try {
                            Object readObject = new PEMParser(stringReader).readObject();
                            if (readObject instanceof PEMEncryptedKeyPair) {
                                cArr = passwordProvider.getKeyStorePassword(str, false);
                                if (cArr == null) {
                                    throw new IOException("Password required to open SSH private keystore");
                                }
                                privateKeyInfo = ((PEMEncryptedKeyPair) readObject).decryptKeyPair(new JcePEMDecryptorProviderBuilder().build(cArr)).getPrivateKeyInfo();
                            } else {
                                privateKeyInfo = ((PEMKeyPair) readObject).getPrivateKeyInfo();
                            }
                            AsymmetricKeyParameter createKey = PrivateKeyFactory.createKey(privateKeyInfo);
                            stringReader.close();
                            if (cArr != null) {
                                Arrays.fill(cArr, (char) 0);
                            }
                            return createKey;
                        } finally {
                        }
                    } catch (Throwable th) {
                        if (0 != 0) {
                            Arrays.fill((char[]) null, (char) 0);
                        }
                        throw th;
                    }
                }
                if (z) {
                    if (!readLine.startsWith("-----BEGIN ") || readLine.indexOf(" KEY-----") < 0) {
                        break;
                    }
                    if (!readLine.startsWith("-----BEGIN RSA PRIVATE KEY-----") && !readLine.startsWith("-----BEGIN DSA PRIVATE KEY-----")) {
                        Msg.error(SSHKeyManager.class, "Unsupported SSH Key Format (see svrREADME.html)");
                        throw new IOException("Unsupported SSH Private Key");
                    }
                    z = false;
                }
                if (stringBuffer.length() != 0) {
                    stringBuffer.append('\n');
                }
                stringBuffer.append(readLine);
            } catch (Throwable th2) {
                try {
                    bufferedReader.close();
                } catch (Throwable th3) {
                    th2.addSuppressed(th3);
                }
                throw th2;
            }
        }
        throw new InvalidKeyException("Invalid SSH Private Key");
    }

    public static CipherParameters getSSHPublicKey(File file) throws IOException {
        String str = null;
        BufferedReader bufferedReader = new BufferedReader(new FileReader(file));
        while (true) {
            try {
                String readLine = bufferedReader.readLine();
                if (readLine != null) {
                    if (readLine.startsWith("ssh-")) {
                        str = readLine;
                        break;
                    }
                } else {
                    break;
                }
            } catch (Throwable th) {
                try {
                    bufferedReader.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        }
        bufferedReader.close();
        if (str != null) {
            String[] split = str.split("\\s+");
            if (split.length >= 2 && split[0].startsWith("ssh-")) {
                return OpenSSHPublicKeyUtil.parsePublicKey(Base64.decode(split[1]));
            }
        }
        throw new IOException("Invalid SSH public key file, supported SSH public key not found: " + String.valueOf(file));
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
