package net.schmizz.sshj.userauth.keyprovider;

import com.hierynomus.asn1.ASN1InputStream;
import com.hierynomus.asn1.encodingrules.der.DERDecoder;
import com.hierynomus.asn1.types.ASN1Tag;
import com.hierynomus.asn1.types.constructed.ASN1Sequence;
import com.hierynomus.asn1.types.constructed.ASN1TaggedObject;
import com.hierynomus.asn1.types.primitive.ASN1Integer;
import com.hierynomus.asn1.types.primitive.ASN1ObjectIdentifier;
import com.hierynomus.asn1.types.string.ASN1BitString;
import com.hierynomus.asn1.types.string.ASN1OctetString;
import com.hierynomus.sshj.common.KeyAlgorithm;
import com.hierynomus.sshj.common.KeyDecryptionFailedException;
import java.io.BufferedReader;
import java.io.IOException;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.DSAParams;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.spec.DSAPrivateKeySpec;
import java.security.spec.DSAPublicKeySpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.security.spec.RSAPublicKeySpec;
import javax.crypto.Cipher;
import javax.crypto.EncryptedPrivateKeyInfo;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import net.schmizz.sshj.common.ECDSACurve;
import net.schmizz.sshj.common.ECDSAKeyFactory;
import net.schmizz.sshj.common.Factory;
import net.schmizz.sshj.common.SecurityUtils;
import net.schmizz.sshj.userauth.keyprovider.PEMKey;
import net.schmizz.sshj.userauth.password.PasswordUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes3.dex */
public class PKCS8KeyFile extends BaseFileKeyProvider {
    private static final String BOUNCY_CASTLE_CLASS = "org.bouncycastle.openssl.PEMDecryptor";
    private static final boolean HISTORICAL_DECRYPTION_SUPPORTED = isHistoricalDecryptionSupported();
    protected final Logger log = LoggerFactory.getLogger(getClass());

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes3.dex */
    public enum ECNamedCurveObjectIdentifier {
        SECP256R1("1.2.840.10045.3.1.7", ECDSACurve.SECP256R1),
        SECP384R1("1.3.132.0.34", ECDSACurve.SECP384R1),
        SECP521R1("1.3.132.0.35", ECDSACurve.SECP521R1);

        private final ECDSACurve ecdsaCurve;
        private final String objectId;

        ECNamedCurveObjectIdentifier(String str, ECDSACurve eCDSACurve) {
            this.objectId = str;
            this.ecdsaCurve = eCDSACurve;
        }
    }

    /* loaded from: classes3.dex */
    public static class Factory implements Factory.Named<FileKeyProvider> {
        @Override // net.schmizz.sshj.common.Factory
        public FileKeyProvider create() {
            return new PKCS8KeyFile();
        }

        @Override // net.schmizz.sshj.common.Factory.Named
        public String getName() {
            return "PKCS8";
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes3.dex */
    public enum KeyAlgorithmObjectIdentifier {
        DSA("1.2.840.10040.4.1"),
        EC("1.2.840.10045.2.1"),
        RSA("1.2.840.113549.1.1.1");

        private final String objectId;

        KeyAlgorithmObjectIdentifier(String str) {
            this.objectId = str;
        }

        String getObjectId() {
            return this.objectId;
        }
    }

    private BigInteger getBigInteger(ASN1Sequence aSN1Sequence, int i) {
        return ((ASN1Integer) aSN1Sequence.get(i)).getValue();
    }

    private ECNamedCurveObjectIdentifier getEcNamedCurve(String str) {
        ECNamedCurveObjectIdentifier eCNamedCurveObjectIdentifier = null;
        for (ECNamedCurveObjectIdentifier eCNamedCurveObjectIdentifier2 : ECNamedCurveObjectIdentifier.values()) {
            if (eCNamedCurveObjectIdentifier2.objectId.equals(str)) {
                eCNamedCurveObjectIdentifier = eCNamedCurveObjectIdentifier2;
            }
        }
        if (eCNamedCurveObjectIdentifier != null) {
            return eCNamedCurveObjectIdentifier;
        }
        throw new IllegalArgumentException(String.format("ECDSA Key Algorithm [%s] not supported", str));
    }

    private PublicKey getEcPublicKey(byte[] bArr, ECParameterSpec eCParameterSpec) throws GeneralSecurityException {
        int fieldSize = (eCParameterSpec.getCurve().getField().getFieldSize() + 7) / 8;
        byte[] bArr2 = new byte[fieldSize];
        byte[] bArr3 = new byte[fieldSize];
        int length = bArr.length - (fieldSize * 2);
        System.arraycopy(bArr, length, bArr2, 0, fieldSize);
        System.arraycopy(bArr, length + fieldSize, bArr3, 0, fieldSize);
        return SecurityUtils.getKeyFactory("EC").generatePublic(new ECPublicKeySpec(new ECPoint(new BigInteger(1, bArr2), new BigInteger(1, bArr3)), eCParameterSpec));
    }

    private KeyAlgorithmObjectIdentifier getKeyAlgorithmObjectIdentifier(String str) {
        KeyAlgorithmObjectIdentifier keyAlgorithmObjectIdentifier = null;
        for (KeyAlgorithmObjectIdentifier keyAlgorithmObjectIdentifier2 : KeyAlgorithmObjectIdentifier.values()) {
            if (keyAlgorithmObjectIdentifier2.getObjectId().equals(str)) {
                keyAlgorithmObjectIdentifier = keyAlgorithmObjectIdentifier2;
            }
        }
        if (keyAlgorithmObjectIdentifier != null) {
            return keyAlgorithmObjectIdentifier;
        }
        throw new IllegalArgumentException(String.format("PKCS8 Private Key Algorithm [%s] not supported", str));
    }

    private PKCS8EncodedKeySpec getPkcs8DecryptedKeySpec(char[] cArr, byte[] bArr) throws IOException, GeneralSecurityException {
        try {
            EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(bArr);
            AlgorithmParameters algParameters = encryptedPrivateKeyInfo.getAlgParameters();
            String algorithmParameters = algParameters.toString();
            SecretKey generateSecret = SecretKeyFactory.getInstance(algorithmParameters).generateSecret(new PBEKeySpec(cArr));
            Cipher cipher = Cipher.getInstance(algorithmParameters);
            cipher.init(2, generateSecret, algParameters);
            try {
                return encryptedPrivateKeyInfo.getKeySpec(cipher);
            } catch (GeneralSecurityException e) {
                throw new KeyDecryptionFailedException(String.format("PKCS8 Key Decryption failed for algorithm [%s]", algorithmParameters), e);
            }
        } finally {
            PasswordUtils.blankOut(cArr);
        }
    }

    private KeyPair getPkcs8KeyPair(KeyAlgorithmObjectIdentifier keyAlgorithmObjectIdentifier, byte[] bArr) throws GeneralSecurityException {
        PublicKey ecPublicKey;
        PrivateKey pkcs8PrivateKey = getPkcs8PrivateKey(keyAlgorithmObjectIdentifier, bArr);
        if (pkcs8PrivateKey instanceof RSAPrivateCrtKey) {
            RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) pkcs8PrivateKey;
            ecPublicKey = SecurityUtils.getKeyFactory(pkcs8PrivateKey.getAlgorithm()).generatePublic(new RSAPublicKeySpec(rSAPrivateCrtKey.getModulus(), rSAPrivateCrtKey.getPublicExponent()));
        } else if (pkcs8PrivateKey instanceof DSAPrivateKey) {
            DSAPrivateKey dSAPrivateKey = (DSAPrivateKey) pkcs8PrivateKey;
            DSAParams params = dSAPrivateKey.getParams();
            BigInteger p = params.getP();
            BigInteger g = params.getG();
            ecPublicKey = SecurityUtils.getKeyFactory(pkcs8PrivateKey.getAlgorithm()).generatePublic(new DSAPublicKeySpec(g.modPow(dSAPrivateKey.getX(), p), p, params.getQ(), g));
        } else {
            if (!(pkcs8PrivateKey instanceof ECPrivateKey)) {
                throw new GeneralSecurityException(String.format("PEM Key [PKCS8] algorithm [%s] Key Pair derivation not supported", pkcs8PrivateKey.getAlgorithm()));
            }
            ECParameterSpec params2 = ((ECPrivateKey) pkcs8PrivateKey).getParams();
            try {
                ASN1InputStream aSN1InputStream = new ASN1InputStream(new DERDecoder(), bArr);
                try {
                    ASN1InputStream aSN1InputStream2 = new ASN1InputStream(new DERDecoder(), ((ASN1OctetString) ((ASN1Sequence) aSN1InputStream.readObject()).get(2)).getValue());
                    try {
                        ecPublicKey = getEcPublicKey(((ASN1BitString) ((ASN1TaggedObject) ((ASN1Sequence) aSN1InputStream2.readObject()).get(2)).getObject(ASN1Tag.BIT_STRING)).getValueBytes(), params2);
                        aSN1InputStream2.close();
                        aSN1InputStream.close();
                    } finally {
                    }
                } finally {
                }
            } catch (IOException e) {
                throw new GeneralSecurityException("ECDSA Private Key Info parsing failed", e);
            }
        }
        return new KeyPair(ecPublicKey, pkcs8PrivateKey);
    }

    private KeyPair getPkcs8KeyPair(byte[] bArr) throws IOException {
        try {
            ASN1InputStream aSN1InputStream = new ASN1InputStream(new DERDecoder(), bArr);
            try {
                KeyPair pkcs8KeyPair = getPkcs8KeyPair(getKeyAlgorithmObjectIdentifier(((ASN1ObjectIdentifier) ((ASN1Sequence) ((ASN1Sequence) aSN1InputStream.readObject()).get(1)).get(0)).getValue()), bArr);
                aSN1InputStream.close();
                return pkcs8KeyPair;
            } finally {
            }
        } catch (Exception e) {
            throw new IOException("PEM Key [PKCS8] processing failed", e);
        }
    }

    private PrivateKey getPkcs8PrivateKey(KeyAlgorithmObjectIdentifier keyAlgorithmObjectIdentifier, byte[] bArr) throws GeneralSecurityException {
        return SecurityUtils.getKeyFactory(keyAlgorithmObjectIdentifier.name()).generatePrivate(new PKCS8EncodedKeySpec(bArr));
    }

    private static boolean isHistoricalDecryptionSupported() {
        try {
            Class.forName(BOUNCY_CASTLE_CLASS);
            return true;
        } catch (Exception unused) {
            return false;
        }
    }

    private KeyPair readDsaKeyPair(byte[] bArr) throws IOException {
        try {
            ASN1InputStream aSN1InputStream = new ASN1InputStream(new DERDecoder(), bArr);
            try {
                ASN1Sequence aSN1Sequence = (ASN1Sequence) aSN1InputStream.readObject();
                BigInteger bigInteger = getBigInteger(aSN1Sequence, 1);
                BigInteger bigInteger2 = getBigInteger(aSN1Sequence, 2);
                BigInteger bigInteger3 = getBigInteger(aSN1Sequence, 3);
                BigInteger bigInteger4 = getBigInteger(aSN1Sequence, 4);
                DSAPrivateKeySpec dSAPrivateKeySpec = new DSAPrivateKeySpec(getBigInteger(aSN1Sequence, 5), bigInteger, bigInteger2, bigInteger3);
                DSAPublicKeySpec dSAPublicKeySpec = new DSAPublicKeySpec(bigInteger4, bigInteger, bigInteger2, bigInteger3);
                KeyFactory keyFactory = SecurityUtils.getKeyFactory(KeyAlgorithm.DSA);
                KeyPair keyPair = new KeyPair(keyFactory.generatePublic(dSAPublicKeySpec), keyFactory.generatePrivate(dSAPrivateKeySpec));
                aSN1InputStream.close();
                return keyPair;
            } finally {
            }
        } catch (Exception e) {
            throw new IOException("PEM Key [DSA] processing failed", e);
        }
    }

    private KeyPair readEcKeyPair(byte[] bArr) throws IOException {
        try {
            ASN1InputStream aSN1InputStream = new ASN1InputStream(new DERDecoder(), bArr);
            try {
                ASN1Sequence aSN1Sequence = (ASN1Sequence) aSN1InputStream.readObject();
                ECPrivateKey eCPrivateKey = (ECPrivateKey) ECDSAKeyFactory.getPrivateKey(new BigInteger(1, ((ASN1OctetString) aSN1Sequence.get(1)).getValue()), getEcNamedCurve(((ASN1ObjectIdentifier) ((ASN1TaggedObject) aSN1Sequence.get(2)).getObject()).getValue()).ecdsaCurve);
                KeyPair keyPair = new KeyPair(getEcPublicKey(((ASN1BitString) ((ASN1TaggedObject) aSN1Sequence.get(3)).getObject()).getValueBytes(), eCPrivateKey.getParams()), eCPrivateKey);
                aSN1InputStream.close();
                return keyPair;
            } finally {
            }
        } catch (Exception e) {
            throw new IOException("PEM Key [EC] processing failed", e);
        }
    }

    private KeyPair readEncryptedPkcs8KeyPair(byte[] bArr) throws IOException {
        KeyPair keyPair;
        if (this.pwdf == null) {
            throw new KeyDecryptionFailedException("Password not provided for encrypted PKCS8 key");
        }
        try {
            char[] reqPassword = this.pwdf.reqPassword(this.resource);
            while (true) {
                if (reqPassword == null) {
                    keyPair = null;
                    break;
                }
                try {
                    keyPair = getPkcs8KeyPair(getPkcs8DecryptedKeySpec(reqPassword, bArr).getEncoded());
                    break;
                } catch (KeyDecryptionFailedException e) {
                    if (!this.pwdf.shouldRetry(this.resource)) {
                        throw e;
                    }
                    reqPassword = this.pwdf.reqPassword(this.resource);
                }
            }
            if (keyPair != null) {
                return keyPair;
            }
            throw new KeyDecryptionFailedException("PEM Key [PKCS8] decryption failed");
        } catch (GeneralSecurityException e2) {
            throw new IOException("PEM Key [PKCS8] processing failed", e2);
        }
    }

    private KeyPair readKeyPair(PEMKey pEMKey) throws IOException {
        PEMKey.PEMKeyType pemKeyType = pEMKey.getPemKeyType();
        byte[] body = pEMKey.getBody();
        if (PEMKey.PEMKeyType.DSA == pemKeyType) {
            return readDsaKeyPair(body);
        }
        if (PEMKey.PEMKeyType.EC == pemKeyType) {
            return readEcKeyPair(body);
        }
        if (PEMKey.PEMKeyType.PKCS8 == pemKeyType) {
            return getPkcs8KeyPair(body);
        }
        if (PEMKey.PEMKeyType.PKCS8_ENCRYPTED == pemKeyType) {
            return readEncryptedPkcs8KeyPair(body);
        }
        if (PEMKey.PEMKeyType.RSA == pemKeyType) {
            return readRsaKeyPair(body);
        }
        throw new IOException(String.format("PEM Key Type [%s] not supported", pemKeyType));
    }

    private KeyPair readRsaKeyPair(byte[] bArr) throws IOException {
        try {
            ASN1InputStream aSN1InputStream = new ASN1InputStream(new DERDecoder(), bArr);
            try {
                ASN1Sequence aSN1Sequence = (ASN1Sequence) aSN1InputStream.readObject();
                BigInteger bigInteger = getBigInteger(aSN1Sequence, 1);
                BigInteger bigInteger2 = getBigInteger(aSN1Sequence, 2);
                RSAPrivateCrtKeySpec rSAPrivateCrtKeySpec = new RSAPrivateCrtKeySpec(bigInteger, bigInteger2, getBigInteger(aSN1Sequence, 3), getBigInteger(aSN1Sequence, 4), getBigInteger(aSN1Sequence, 5), getBigInteger(aSN1Sequence, 6), getBigInteger(aSN1Sequence, 7), getBigInteger(aSN1Sequence, 8));
                KeyFactory keyFactory = SecurityUtils.getKeyFactory(KeyAlgorithm.RSA);
                KeyPair keyPair = new KeyPair(keyFactory.generatePublic(new RSAPublicKeySpec(bigInteger, bigInteger2)), keyFactory.generatePrivate(rSAPrivateCrtKeySpec));
                aSN1InputStream.close();
                return keyPair;
            } finally {
            }
        } catch (Exception e) {
            throw new IOException("PEM Key [RSA] processing failed", e);
        }
    }

    @Override // net.schmizz.sshj.userauth.keyprovider.BaseFileKeyProvider
    protected KeyPair readKeyPair() throws IOException {
        PEMKeyReader standardPEMKeyReader = HISTORICAL_DECRYPTION_SUPPORTED ? this.pwdf == null ? new StandardPEMKeyReader() : new EncryptedPEMKeyReader(this.pwdf, this.resource) : new StandardPEMKeyReader();
        BufferedReader bufferedReader = new BufferedReader(this.resource.getReader());
        try {
            KeyPair readKeyPair = readKeyPair(standardPEMKeyReader.readPemKey(bufferedReader));
            bufferedReader.close();
            return readKeyPair;
        } catch (Throwable th) {
            try {
                bufferedReader.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public String toString() {
        return "PKCS8KeyFile{resource=" + this.resource + "}";
    }
}
