package net.neoforged.snowblower;

import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import java.io.IOException;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.Base64;
import java.util.Date;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.eclipse.jgit.errors.UnsupportedCredentialItem;
import org.eclipse.jgit.transport.CredentialItem;
import org.eclipse.jgit.transport.CredentialsProvider;
import org.eclipse.jgit.transport.URIish;
import org.kohsuke.github.GHApp;
import org.kohsuke.github.GHAppInstallationToken;
import org.kohsuke.github.GitHubBuilder;

/* loaded from: input_file:net/neoforged/snowblower/GitHubAppCredentials.class */
public class GitHubAppCredentials {
    private static final String PKCS1_KEY_START = "-----BEGIN RSA PRIVATE KEY-----\n";
    private static final String PKCS1_KEY_END = "-----END RSA PRIVATE KEY-----";
    private static final String PKCS8_KEY_START = "-----BEGIN PRIVATE KEY-----\n";
    private static final String PKCS8_KEY_END = "-----END PRIVATE KEY-----";

    /* loaded from: input_file:net/neoforged/snowblower/GitHubAppCredentials$Jwt.class */
    public static final class Jwt extends Record {
        private final Instant expirationDate;
        private final String jwt;

        public Jwt(Instant instant, String str) {
            this.expirationDate = instant;
            this.jwt = str;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, Jwt.class), Jwt.class, "expirationDate;jwt", "FIELD:Lnet/neoforged/snowblower/GitHubAppCredentials$Jwt;->expirationDate:Ljava/time/Instant;", "FIELD:Lnet/neoforged/snowblower/GitHubAppCredentials$Jwt;->jwt:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, Jwt.class), Jwt.class, "expirationDate;jwt", "FIELD:Lnet/neoforged/snowblower/GitHubAppCredentials$Jwt;->expirationDate:Ljava/time/Instant;", "FIELD:Lnet/neoforged/snowblower/GitHubAppCredentials$Jwt;->jwt:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, Jwt.class, Object.class), Jwt.class, "expirationDate;jwt", "FIELD:Lnet/neoforged/snowblower/GitHubAppCredentials$Jwt;->expirationDate:Ljava/time/Instant;", "FIELD:Lnet/neoforged/snowblower/GitHubAppCredentials$Jwt;->jwt:Ljava/lang/String;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public Instant expirationDate() {
            return this.expirationDate;
        }

        public String jwt() {
            return this.jwt;
        }
    }

    /* loaded from: input_file:net/neoforged/snowblower/GitHubAppCredentials$TokenGetter.class */
    public interface TokenGetter {
        GHAppInstallationToken getToken(GHApp gHApp) throws IOException;
    }

    public static PrivateKey parsePKCS8(String str) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
        byte[] encoded;
        if (str.startsWith(PKCS8_KEY_START)) {
            encoded = Base64.getDecoder().decode(str.replace(PKCS8_KEY_START, "").replace(PKCS8_KEY_END, "").replaceAll("\\s", ""));
        } else {
            encoded = new PrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), ASN1Sequence.getInstance(Base64.getDecoder().decode(str.replace(PKCS1_KEY_START, "").replace(PKCS1_KEY_END, "").replaceAll("\\s", "")))).getEncoded();
        }
        return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(encoded));
    }

    public static CredentialsProvider jwt(final String str, final PrivateKey privateKey, final TokenGetter tokenGetter) {
        return new CredentialsProvider() { // from class: net.neoforged.snowblower.GitHubAppCredentials.1
            private Jwt jwt = null;

            public boolean isInteractive() {
                return false;
            }

            public boolean supports(CredentialItem... credentialItemArr) {
                for (CredentialItem credentialItem : credentialItemArr) {
                    if (!(credentialItem instanceof CredentialItem.InformationalMessage) && !(credentialItem instanceof CredentialItem.Username) && !(credentialItem instanceof CredentialItem.Password) && (!(credentialItem instanceof CredentialItem.StringType) || !credentialItem.getPromptText().equals("Password: "))) {
                        return false;
                    }
                }
                return true;
            }

            public boolean get(URIish uRIish, CredentialItem... credentialItemArr) throws UnsupportedCredentialItem {
                try {
                    for (CredentialItem credentialItem : credentialItemArr) {
                        if (!(credentialItem instanceof CredentialItem.InformationalMessage)) {
                            if (credentialItem instanceof CredentialItem.Username) {
                                ((CredentialItem.Username) credentialItem).setValue(jwt());
                            } else if (credentialItem instanceof CredentialItem.Password) {
                                ((CredentialItem.Password) credentialItem).setValue(jwt().toCharArray());
                            } else {
                                if (!(credentialItem instanceof CredentialItem.StringType) || !credentialItem.getPromptText().equals("Password: ")) {
                                    throw new UnsupportedCredentialItem(uRIish, credentialItem.getClass().getName() + ":" + credentialItem.getPromptText());
                                }
                                ((CredentialItem.StringType) credentialItem).setValue(new String(jwt()));
                            }
                        }
                    }
                    return true;
                } catch (IOException e) {
                    throw new RuntimeException(e);
                }
            }

            public String jwt() throws IOException {
                Instant now = Instant.now();
                if (this.jwt == null) {
                    this.jwt = newJwt();
                } else if (now.isAfter(this.jwt.expirationDate())) {
                    this.jwt = newJwt();
                }
                return this.jwt.jwt();
            }

            public Jwt newJwt() throws IOException {
                GHAppInstallationToken token = tokenGetter.getToken(new GitHubBuilder().withJwtToken(GitHubAppCredentials.refreshJWT(str, privateKey)).build().getApp());
                return new Jwt(token.getExpiresAt().toInstant(), token.getToken());
            }
        };
    }

    private static String refreshJWT(String str, PrivateKey privateKey) {
        Instant now = Instant.now();
        return Jwts.builder().setIssuedAt(Date.from(now)).setExpiration(Date.from(now.plus((TemporalAmount) Duration.ofMinutes(10L)))).setIssuer(str).signWith(privateKey, SignatureAlgorithm.RS256).compact();
    }
}
