package com.sshtools.desktop.agent;

import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.hypersocket.json.JsonClient;
import com.hypersocket.json.JsonPrivateKey;
import com.hypersocket.json.JsonPrivateKeyList;
import com.hypersocket.json.JsonResourceStatus;
import com.hypersocket.json.JsonResponse;
import com.hypersocket.json.JsonStatusException;
import com.hypersocket.json.RequestParameter;
import com.sshtools.agent.ForwardingNotice;
import com.sshtools.agent.KeyConstraints;
import com.sshtools.agent.KeyStore;
import com.sshtools.agent.exceptions.KeyTimeoutException;
import com.sshtools.common.logger.Log;
import com.sshtools.common.publickey.SshKeyUtils;
import com.sshtools.common.publickey.SshPublicKeyFile;
import com.sshtools.common.publickey.SshPublicKeyFileFactory;
import com.sshtools.common.ssh.SshException;
import com.sshtools.common.ssh.components.SshKeyPair;
import com.sshtools.common.ssh.components.SshPrivateKey;
import com.sshtools.common.ssh.components.SshPublicKey;
import com.sshtools.common.util.IOUtils;
import java.io.BufferedReader;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.TreeSet;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:com/sshtools/desktop/agent/MobileDeviceKeystore.class */
public class MobileDeviceKeystore implements KeyStore {
    JsonClient client;
    DesktopAgent agent;
    MobileDeviceKeystoreListener listener;
    KeyStore localKeystore;
    Set<JsonConnection> localConnections;

    public MobileDeviceKeystore(DesktopAgent desktopAgent, KeyStore keyStore) throws IOException {
        this.agent = desktopAgent;
        this.localKeystore = keyStore;
        loadCachedConnections();
    }

    private void loadCachedConnections() {
        File file = new File(AbstractAgentProcess.CONF_FOLDER, "connections.json");
        this.localConnections = new HashSet();
        if (file.exists()) {
            try {
                this.localConnections.addAll((Collection) new ObjectMapper().readValue(IOUtils.readUTF8StringFromFile(file), new TypeReference<List<JsonConnection>>() { // from class: com.sshtools.desktop.agent.MobileDeviceKeystore.1
                }));
            } catch (IOException e) {
                Log.error("Could not read local connection cache", e, new Object[0]);
            }
        }
    }

    private void saveCachedConnections() {
        try {
            IOUtils.writeUTF8StringToFile(new File(AbstractAgentProcess.CONF_FOLDER, "connections.json"), new ObjectMapper().writeValueAsString(this.localConnections));
        } catch (IOException e) {
            Log.error("Could not write local connection cache", e, new Object[0]);
        }
    }

    public void setListener(MobileDeviceKeystoreListener mobileDeviceKeystoreListener) {
        this.listener = mobileDeviceKeystoreListener;
    }

    public boolean ping() {
        try {
            verifyClient();
            this.client.doGet("/ping");
            return true;
        } catch (Throwable th) {
            return false;
        }
    }

    public boolean verify() {
        try {
            verifyClient();
            return ((JsonResponse) this.client.doPost("api/agent/check", JsonResponse.class, this.agent.generateAuthorizationParameters(new RequestParameter[0]))).isSuccess();
        } catch (Throwable th) {
            return false;
        }
    }

    private void verifyClient() throws IOException {
        if (Objects.isNull(this.client)) {
            this.client = new JsonClient(this.agent.getHostname(), this.agent.getPort(), !this.agent.isStrictSSL(), false);
            this.client.setPath("/app");
        }
    }

    public Map<SshPublicKey, String> getPublicKeys() {
        HashMap hashMap = new HashMap();
        if (ping()) {
            hashMap.putAll(getDeviceKeys());
        }
        hashMap.putAll(this.localKeystore.getPublicKeys());
        return hashMap;
    }

    public Map<SshPublicKey, String> getLocalKeys() {
        return this.localKeystore.getPublicKeys();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public JsonClient getClient() throws IOException {
        verifyClient();
        return this.client;
    }

    public Map<SshPublicKey, String> getDeviceKeys() {
        if (StringUtils.isAnyBlank(new CharSequence[]{this.agent.getUsername(), this.agent.getAuthorizationToken()})) {
            return Collections.emptyMap();
        }
        HashMap hashMap = new HashMap();
        try {
            InputStream inputStream = IOUtils.toInputStream(getClient().doGet("/authorizedKeys/" + this.agent.getUsername()), "UTF-8");
            Throwable th = null;
            try {
                try {
                    BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
                    while (true) {
                        String readLine = bufferedReader.readLine();
                        if (readLine == null) {
                            break;
                        }
                        SshPublicKeyFile parse = SshPublicKeyFileFactory.parse(readLine.getBytes("UTF-8"));
                        hashMap.put(parse.toPublicKey(), parse.getComment());
                    }
                    if (inputStream != null) {
                        if (0 != 0) {
                            try {
                                inputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            inputStream.close();
                        }
                    }
                    return hashMap;
                } finally {
                }
            } catch (Throwable th3) {
                if (inputStream != null) {
                    if (th != null) {
                        try {
                            inputStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        inputStream.close();
                    }
                }
                throw th3;
            }
        } catch (IOException e) {
            Log.error("Failed to list authorized keys", e, new Object[0]);
            throw new IllegalStateException(e.getMessage(), e);
        } catch (JsonStatusException e2) {
            if (e2.getStatusCode() == 403) {
                throw new IllegalStateException("This device has not been authorized to access the users account.");
            }
            throw new IllegalStateException(e2.getMessage(), e2);
        }
    }

    public List<JsonConnection> getConnections() {
        return new ArrayList(this.localConnections);
    }

    public KeyConstraints getKeyConstraints(SshPublicKey sshPublicKey) {
        KeyConstraints keyConstraints = this.localKeystore.getKeyConstraints(sshPublicKey);
        return !Objects.isNull(keyConstraints) ? keyConstraints : new KeyConstraints();
    }

    public int size() {
        return getPublicKeys().size();
    }

    public boolean addKey(SshPrivateKey sshPrivateKey, SshPublicKey sshPublicKey, String str, KeyConstraints keyConstraints) {
        try {
            if (getDeviceKeys().containsKey(sshPublicKey)) {
                Log.error(String.format("The key %s is already installed as a device key", sshPublicKey.getFingerprint()), new Object[0]);
                return false;
            }
            if (this.listener != null) {
                return this.listener.addKey(sshPrivateKey, sshPublicKey, str, keyConstraints);
            }
            return false;
        } catch (IOException | SshException e) {
            Log.error("Failed to process addKey", e, new Object[0]);
            return false;
        }
    }

    public boolean addKey(SshKeyPair sshKeyPair, String str, KeyConstraints keyConstraints) {
        try {
            if (getDeviceKeys().containsKey(sshKeyPair.getPublicKey())) {
                Log.error(String.format("The key %s is already installed as a device key", sshKeyPair.getPublicKey().getFingerprint()), new Object[0]);
                return false;
            }
            if (this.listener != null) {
                return this.listener.addKey(sshKeyPair.getPrivateKey(), sshKeyPair.getPublicKey(), str, keyConstraints);
            }
            return false;
        } catch (IOException | SshException e) {
            Log.error("Failed to process addKey", e, new Object[0]);
            return false;
        }
    }

    public void addTemporaryKey(SshKeyPair sshKeyPair, String str, KeyConstraints keyConstraints) throws IOException {
        this.localKeystore.addKey(sshKeyPair, str, keyConstraints);
        if (this.listener != null) {
            this.listener.onKeysChanged();
        }
    }

    public void removeTemporaryKey(SshPublicKey sshPublicKey) throws IOException {
        this.localKeystore.deleteKey(sshPublicKey);
        if (this.listener != null) {
            this.listener.onKeysChanged();
        }
    }

    public boolean deleteAllKeys() {
        if (this.listener != null) {
            return this.listener.deleteAllKeys();
        }
        return false;
    }

    public byte[] performHashAndSign(SshPublicKey sshPublicKey, List<ForwardingNotice> list, byte[] bArr, int i) throws KeyTimeoutException, SshException {
        if (!ping()) {
            throw new SshException("Authentication gateway is not available!", 13);
        }
        KeyConstraints keyConstraints = getKeyConstraints(sshPublicKey);
        if (Objects.isNull(keyConstraints)) {
            throw new SshException("Key not in store", 13);
        }
        if (!keyConstraints.canUse()) {
            throw new SshException("Key cannot be used", 13);
        }
        if (keyConstraints.hasTimedOut()) {
            throw new KeyTimeoutException();
        }
        if (keyConstraints.requiresUserVerification()) {
        }
        keyConstraints.use();
        return this.localKeystore.getPublicKeys().containsKey(sshPublicKey) ? this.localKeystore.performHashAndSign(sshPublicKey, list, bArr, i) : performDeviceHashAndSign(sshPublicKey, list, bArr, i);
    }

    public byte[] performDeviceHashAndSign(SshPublicKey sshPublicKey, List<ForwardingNotice> list, byte[] bArr, int i) throws KeyTimeoutException, SshException {
        String encodeToString = Base64.getUrlEncoder().encodeToString(bArr);
        if (Log.isInfoEnabled()) {
            Log.info(String.format("Performing sign operation for %s with payload %s", sshPublicKey.getFingerprint(), encodeToString), new Object[0]);
        }
        try {
            JsonSignRequestStatus jsonSignRequestStatus = (JsonSignRequestStatus) getClient().doPost("api/agent/signPayload", JsonSignRequestStatus.class, this.agent.generateAuthorizationParameters(new RequestParameter("flags", String.valueOf(i)), new RequestParameter("fingerprint", sshPublicKey.getFingerprint()), new RequestParameter("remoteName", this.agent.getDeviceName()), new RequestParameter("payload", encodeToString)));
            if (Log.isInfoEnabled()) {
                Log.info("Received response from %s", new Object[]{sshPublicKey.getFingerprint()});
            }
            if (jsonSignRequestStatus.isSuccess()) {
                if (Log.isInfoEnabled()) {
                    Log.info(String.format("Received sign operation for %s with response %s", sshPublicKey.getFingerprint(), jsonSignRequestStatus.getSignature()), new Object[0]);
                }
                return Base64.getUrlDecoder().decode(jsonSignRequestStatus.getSignature());
            }
            if (Log.isInfoEnabled()) {
                Log.info("Received  failed response from %s", new Object[]{sshPublicKey.getFingerprint()});
            }
            throw new SshException("Remote response returned unknown failure", 13);
        } catch (IOException | JsonStatusException e) {
            System.err.println(e.getMessage());
            throw new SshException(e);
        }
    }

    public boolean deleteKey(SshPublicKey sshPublicKey) throws IOException {
        if (this.listener != null) {
            return this.listener.deleteKey(sshPublicKey);
        }
        return false;
    }

    public boolean lock(String str) throws IOException {
        return false;
    }

    public boolean unlock(String str) throws IOException {
        return false;
    }

    public boolean isLocked() {
        return false;
    }

    public void deleteTemporaryKeys() {
        this.localKeystore.deleteAllKeys();
        if (this.listener != null) {
            this.listener.onKeysChanged();
        }
    }

    public void deleteDeviceKey(SshPublicKey sshPublicKey) throws IOException, JsonStatusException {
        doDeleteDeviceKeys(sshPublicKey);
    }

    public void deleteDeviceKeys() throws IOException, JsonStatusException {
        doDeleteDeviceKeys((SshPublicKey[]) getDeviceKeys().keySet().toArray(new SshPublicKey[0]));
    }

    private void doDeleteDeviceKeys(SshPublicKey... sshPublicKeyArr) throws IOException, JsonStatusException {
        verifyClient();
        JsonPrivateKeyList jsonPrivateKeyList = (JsonPrivateKeyList) this.client.doPost("api/userPrivateKeys/personal", JsonPrivateKeyList.class, this.agent.generateAuthorizationParameters(new RequestParameter[0]));
        if (!jsonPrivateKeyList.isSuccess()) {
            throw new IOException(jsonPrivateKeyList.getError());
        }
        HashMap hashMap = new HashMap();
        for (SshPublicKey sshPublicKey : sshPublicKeyArr) {
            JsonPrivateKey[] resources = jsonPrivateKeyList.getResources();
            int length = resources.length;
            int i = 0;
            while (true) {
                if (i < length) {
                    JsonPrivateKey jsonPrivateKey = resources[i];
                    if (jsonPrivateKey.getFingerprint().equals(SshKeyUtils.getFingerprint(sshPublicKey))) {
                        hashMap.put(sshPublicKey, jsonPrivateKey.getId());
                        break;
                    }
                    i++;
                }
            }
        }
        Iterator it = hashMap.entrySet().iterator();
        while (it.hasNext()) {
            try {
                this.client.doDelete("api/userPrivateKeys/key/" + ((Long) ((Map.Entry) it.next()).getValue()).toString(), JsonResourceStatus.class, this.agent.generateAuthorizationParameters(new RequestParameter("fromDevice", "false")));
            } catch (JsonStatusException e) {
                if (e.getStatusCode() != 404) {
                    throw e;
                }
            }
        }
        if (this.listener != null) {
            this.listener.onKeysChanged();
        }
    }

    public boolean isDeviceKey(SshPublicKey sshPublicKey) {
        return getDeviceKeys().containsKey(sshPublicKey);
    }

    public String getKeyName(SshPublicKey sshPublicKey) {
        Map<SshPublicKey, String> deviceKeys = getDeviceKeys();
        if (deviceKeys.containsKey(sshPublicKey)) {
            return deviceKeys.get(sshPublicKey);
        }
        Map publicKeys = this.localKeystore.getPublicKeys();
        if (publicKeys.containsKey(sshPublicKey)) {
            return (String) publicKeys.get(sshPublicKey);
        }
        throw new IllegalStateException(String.format("No key name for ", SshKeyUtils.getFingerprint(sshPublicKey)));
    }

    public JsonConnection createConnection(String str, String str2, Integer num, String str3, Set<String> set, Set<SshPublicKey> set2) {
        try {
            TreeSet treeSet = new TreeSet();
            Iterator<SshPublicKey> it = set2.iterator();
            while (it.hasNext()) {
                treeSet.add(SshKeyUtils.getOpenSSHFormattedKey(it.next()));
            }
            JsonConnection jsonConnection = new JsonConnection();
            jsonConnection.setName(str);
            jsonConnection.setHostname(str2);
            jsonConnection.setPort(num.intValue());
            jsonConnection.setUsername(str3);
            jsonConnection.setAliases((String[]) set.toArray(new String[0]));
            jsonConnection.setHostKeys((String[]) treeSet.toArray(new String[0]));
            this.localConnections.add(jsonConnection);
            saveCachedConnections();
            return jsonConnection;
        } catch (IOException e) {
            Log.error("Failed to list connections", e, new Object[0]);
            throw new IllegalStateException(e.getMessage(), e);
        }
    }

    public void deleteConnection(JsonConnection jsonConnection) throws IOException {
        verifyClient();
        this.localConnections.remove(jsonConnection);
        try {
            if (Objects.nonNull(jsonConnection.getId()) && ping()) {
                try {
                    this.client.doDelete("api/serverConnections/delete/" + jsonConnection.getId(), JsonResourceStatus.class, this.agent.generateAuthorizationParameters(new RequestParameter[0]));
                } catch (JsonStatusException e) {
                    throw new IOException(e.getMessage(), e);
                }
            }
        } finally {
            saveCachedConnections();
        }
    }

    public JsonConnection updateConnection(String str, String str2, String str3, Integer num, String str4, Set<String> set, Set<SshPublicKey> set2) {
        try {
            TreeSet treeSet = new TreeSet();
            Iterator<SshPublicKey> it = set2.iterator();
            while (it.hasNext()) {
                treeSet.add(SshKeyUtils.getOpenSSHFormattedKey(it.next()));
            }
            JsonConnection jsonConnection = null;
            Iterator<JsonConnection> it2 = this.localConnections.iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                JsonConnection next = it2.next();
                if (next.getName().equals(str)) {
                    jsonConnection = next;
                    break;
                }
            }
            if (Objects.isNull(jsonConnection)) {
                return createConnection(str2, str3, num, str4, set, set2);
            }
            if (Objects.isNull(jsonConnection)) {
                jsonConnection = new JsonConnection();
            }
            jsonConnection.setName(str2);
            jsonConnection.setHostname(str3);
            jsonConnection.setPort(num.intValue());
            jsonConnection.setUsername(str4);
            jsonConnection.setAliases((String[]) set.toArray(new String[0]));
            jsonConnection.setHostKeys((String[]) treeSet.toArray(new String[0]));
            saveCachedConnections();
            return jsonConnection;
        } catch (IOException e) {
            Log.error("Failed to list connections", e, new Object[0]);
            throw new IllegalStateException(e.getMessage(), e);
        }
    }
}
