package net.schmizz.sshj.userauth.keyprovider;

import com.hierynomus.sshj.common.KeyDecryptionFailedException;
import j$.util.Objects;
import java.io.BufferedReader;
import java.io.IOException;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import net.schmizz.sshj.common.ByteArrayUtils;
import net.schmizz.sshj.userauth.password.PasswordFinder;
import net.schmizz.sshj.userauth.password.PasswordUtils;
import net.schmizz.sshj.userauth.password.Resource;
import org.bouncycastle.openssl.PEMException;
import org.bouncycastle.openssl.bc.BcPEMDecryptorProvider;
import org.bouncycastle.operator.OperatorCreationException;

/* loaded from: classes3.dex */
class EncryptedPEMKeyReader extends StandardPEMKeyReader {
    private static final int DEK_INFO_ALGORITHM_GROUP = 1;
    private static final int DEK_INFO_IV_GROUP = 2;
    private static final Pattern DEK_INFO_PATTERN = Pattern.compile("^DEK-Info: ([A-Z0-9\\-]+),([A-F0-9]{16,32})$");
    private static final String PROC_TYPE_ENCRYPTED_HEADER = "Proc-Type: 4,ENCRYPTED";
    private final PasswordFinder passwordFinder;
    private final Resource<?> resource;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes3.dex */
    public static class DataEncryptionKeyInfo {
        private final String algorithm;
        private final byte[] initializationVector;

        private DataEncryptionKeyInfo(String str, byte[] bArr) {
            this.algorithm = str;
            this.initializationVector = bArr;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public EncryptedPEMKeyReader(PasswordFinder passwordFinder, Resource<?> resource) {
        this.passwordFinder = (PasswordFinder) Objects.requireNonNull(passwordFinder, "Password Finder required");
        this.resource = (Resource) Objects.requireNonNull(resource, "Resource required");
    }

    private DataEncryptionKeyInfo getDataEncryptionKeyInfo(List<String> list) throws IOException {
        Iterator<String> it = list.iterator();
        DataEncryptionKeyInfo dataEncryptionKeyInfo = null;
        while (it.hasNext()) {
            Matcher matcher = DEK_INFO_PATTERN.matcher(it.next());
            if (matcher.matches()) {
                dataEncryptionKeyInfo = new DataEncryptionKeyInfo(matcher.group(1), ByteArrayUtils.parseHex(matcher.group(2)));
            }
        }
        if (dataEncryptionKeyInfo != null) {
            return dataEncryptionKeyInfo;
        }
        throw new IOException("Data Encryption Key Information header [DEK-Info] not found");
    }

    private byte[] getDecryptedPemKeyBody(char[] cArr, byte[] bArr, DataEncryptionKeyInfo dataEncryptionKeyInfo) throws IOException {
        String str = dataEncryptionKeyInfo.algorithm;
        try {
            try {
                return new BcPEMDecryptorProvider(cArr).get(str).decrypt(bArr, dataEncryptionKeyInfo.initializationVector);
            } catch (PEMException e) {
                throw new KeyDecryptionFailedException(String.format("PEM Key decryption failed for algorithm [%s]", str), e);
            } catch (OperatorCreationException e2) {
                throw new IOException(String.format("PEM decryption support not found for algorithm [%s]", str), e2);
            }
        } finally {
            PasswordUtils.blankOut(cArr);
        }
    }

    private boolean isEncrypted(List<String> list) {
        return list.contains(PROC_TYPE_ENCRYPTED_HEADER);
    }

    private PEMKey readEncryptedPemKey(PEMKey pEMKey) throws IOException {
        byte[] bArr;
        List<String> headers = pEMKey.getHeaders();
        DataEncryptionKeyInfo dataEncryptionKeyInfo = getDataEncryptionKeyInfo(headers);
        byte[] body = pEMKey.getBody();
        char[] reqPassword = this.passwordFinder.reqPassword(this.resource);
        while (true) {
            if (reqPassword == null) {
                bArr = null;
                break;
            }
            try {
                bArr = getDecryptedPemKeyBody(reqPassword, body, dataEncryptionKeyInfo);
                break;
            } catch (KeyDecryptionFailedException e) {
                if (!this.passwordFinder.shouldRetry(this.resource)) {
                    throw e;
                }
                reqPassword = this.passwordFinder.reqPassword(this.resource);
            }
        }
        if (bArr != null) {
            return new PEMKey(pEMKey.getPemKeyType(), headers, bArr);
        }
        throw new KeyDecryptionFailedException("PEM Key password-based decryption failed");
    }

    @Override // net.schmizz.sshj.userauth.keyprovider.StandardPEMKeyReader, net.schmizz.sshj.userauth.keyprovider.PEMKeyReader
    public PEMKey readPemKey(BufferedReader bufferedReader) throws IOException {
        PEMKey readPemKey = super.readPemKey(bufferedReader);
        return isEncrypted(readPemKey.getHeaders()) ? readEncryptedPemKey(readPemKey) : readPemKey;
    }
}
