package com.hierynomus.sshj.userauth.keyprovider;

import A3.i;
import Sg.b;
import Sg.d;
import com.hierynomus.sshj.common.KeyAlgorithm;
import com.hierynomus.sshj.common.KeyDecryptionFailedException;
import com.hierynomus.sshj.transport.cipher.BlockCiphers;
import com.hierynomus.sshj.transport.cipher.ChachaPolyCiphers;
import com.hierynomus.sshj.transport.cipher.GcmCiphers;
import com.hierynomus.sshj.userauth.keyprovider.OpenSSHKeyFileUtil;
import com.hierynomus.sshj.userauth.keyprovider.bcrypt.BCrypt;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileReader;
import java.io.IOException;
import java.io.Reader;
import java.io.StringReader;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.nio.CharBuffer;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.ECPrivateKeySpec;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import n.AbstractC6294c;
import net.schmizz.sshj.transport.cipher.c;
import net.schmizz.sshj.userauth.keyprovider.a;
import org.bouncycastle.asn1.nist.NISTNamedCurves;
import org.bouncycastle.asn1.x9.X9ECParameters;
import org.bouncycastle.jce.spec.ECNamedCurveSpec;
import org.bouncycastle.openssl.EncryptionException;
import p000if.C5574b;
import zf.B;
import zf.C7804a;
import zf.C7805b;
import zf.C7806c;
import zf.C7807d;
import zf.C7808e;
import zf.C7816m;
import zf.InterfaceC7814k;
import zf.J;
import zf.K;
import zf.r;

/* loaded from: classes2.dex */
public class OpenSSHKeyV1KeyFile extends a {
    private static final byte[] AUTH_MAGIC = "openssh-key-v1\u0000".getBytes();
    public static final String BCRYPT = "bcrypt";
    private static final String BEGIN = "-----BEGIN ";
    private static final String END = "-----END ";
    private static final String NONE_CIPHER = "none";
    public static final String OPENSSH_PRIVATE_KEY = "OPENSSH PRIVATE KEY-----";
    private static final Map<String, InterfaceC7814k> SUPPORTED_CIPHERS;
    protected final b log = d.b(getClass());
    private PublicKey pubKey;

    /* renamed from: com.hierynomus.sshj.userauth.keyprovider.OpenSSHKeyV1KeyFile$1, reason: invalid class name */
    /* loaded from: classes2.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$net$schmizz$sshj$common$KeyType;

        static {
            int[] iArr = new int[B.values().length];
            $SwitchMap$net$schmizz$sshj$common$KeyType = iArr;
            try {
                iArr[B.f67505g.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                int[] iArr2 = $SwitchMap$net$schmizz$sshj$common$KeyType;
                r rVar = B.f67500b;
                iArr2[0] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                int[] iArr3 = $SwitchMap$net$schmizz$sshj$common$KeyType;
                r rVar2 = B.f67500b;
                iArr3[2] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                int[] iArr4 = $SwitchMap$net$schmizz$sshj$common$KeyType;
                r rVar3 = B.f67500b;
                iArr4[3] = 4;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                int[] iArr5 = $SwitchMap$net$schmizz$sshj$common$KeyType;
                r rVar4 = B.f67500b;
                iArr5[4] = 5;
            } catch (NoSuchFieldError unused5) {
            }
        }
    }

    /* loaded from: classes2.dex */
    public static class Factory implements InterfaceC7814k {
        @Override // zf.InterfaceC7815l
        public net.schmizz.sshj.userauth.keyprovider.b create() {
            return new OpenSSHKeyV1KeyFile();
        }

        @Override // zf.InterfaceC7814k
        public String getName() {
            return "OpenSSHv1";
        }
    }

    static {
        HashMap hashMap = new HashMap();
        SUPPORTED_CIPHERS = hashMap;
        hashMap.put(BlockCiphers.TripleDESCBC().getName(), BlockCiphers.TripleDESCBC());
        hashMap.put(BlockCiphers.AES128CBC().getName(), BlockCiphers.AES128CBC());
        hashMap.put(BlockCiphers.AES192CBC().getName(), BlockCiphers.AES192CBC());
        hashMap.put(BlockCiphers.AES256CBC().getName(), BlockCiphers.AES256CBC());
        hashMap.put(BlockCiphers.AES128CTR().getName(), BlockCiphers.AES128CTR());
        hashMap.put(BlockCiphers.AES192CTR().getName(), BlockCiphers.AES192CTR());
        hashMap.put(BlockCiphers.AES256CTR().getName(), BlockCiphers.AES256CTR());
        hashMap.put(GcmCiphers.AES256GCM().getName(), GcmCiphers.AES256GCM());
        hashMap.put(GcmCiphers.AES128GCM().getName(), GcmCiphers.AES128GCM());
        hashMap.put(ChachaPolyCiphers.CHACHA_POLY_OPENSSH().getName(), ChachaPolyCiphers.CHACHA_POLY_OPENSSH());
    }

    private boolean checkHeader(BufferedReader bufferedReader) throws IOException {
        String readLine = bufferedReader.readLine();
        while (readLine != null && !readLine.startsWith(BEGIN)) {
            readLine = bufferedReader.readLine();
        }
        if (readLine == null) {
            return false;
        }
        return readLine.substring(11).startsWith(OPENSSH_PRIVATE_KEY);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private net.schmizz.sshj.transport.cipher.d createCipher(String str) {
        Map<String, InterfaceC7814k> map = SUPPORTED_CIPHERS;
        if (map.containsKey(str)) {
            return (net.schmizz.sshj.transport.cipher.d) map.get(str).create();
        }
        throw new IllegalStateException(i.l("OpenSSH Key encryption cipher not supported [", str, "]"));
    }

    private PrivateKey createECDSAPrivateKey(B b7, C7807d.a aVar, String str) throws GeneralSecurityException, C7806c {
        b7.f(aVar);
        BigInteger bigInteger = new BigInteger(1, aVar.u());
        X9ECParameters byName = NISTNamedCurves.getByName(str);
        return K.c(KeyAlgorithm.ECDSA).generatePrivate(new ECPrivateKeySpec(bigInteger, new ECNamedCurveSpec(str, byName.getCurve(), byName.getG(), byName.getN())));
    }

    /* JADX WARN: Type inference failed for: r8v2, types: [zf.d, zf.d$a] */
    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private C7807d.a decryptPrivateKey(byte[] bArr, int i10, String str, String str2, byte[] bArr2) throws IOException {
        try {
            net.schmizz.sshj.transport.cipher.d createCipher = createCipher(str);
            initializeCipher(str2, bArr2, createCipher);
            createCipher.update(bArr, 0, i10);
            ?? c7807d = new C7807d(i10);
            c7807d.j(0, i10, bArr);
            return c7807d;
        } catch (J e10) {
            throw new KeyDecryptionFailedException(new EncryptionException(i.l("OpenSSH Private Key decryption failed with cipher [", str, "]"), e10));
        }
    }

    private void initPubKey(Reader reader) throws IOException {
        OpenSSHKeyFileUtil.ParsedPubKey initPubKey = OpenSSHKeyFileUtil.initPubKey(reader);
        this.type = initPubKey.getType();
        this.pubKey = initPubKey.getPubKey();
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private void initializeCipher(String str, byte[] bArr, net.schmizz.sshj.transport.cipher.d dVar) throws C7806c {
        if (!str.equals(BCRYPT)) {
            throw new IllegalStateException(i.l("OpenSSH Private Key encryption KDF not supported [", str, "]"));
        }
        C7807d c7807d = new C7807d(bArr, true);
        byte[] bArr2 = new byte[0];
        Nf.a aVar = this.pwdf;
        if (aVar != null) {
            CharBuffer wrap = CharBuffer.wrap(aVar.reqPassword(null));
            ByteBuffer encode = StandardCharsets.UTF_8.encode(wrap);
            byte[] copyOfRange = Arrays.copyOfRange(encode.array(), encode.position(), encode.limit());
            Arrays.fill(wrap.array(), (char) 0);
            Arrays.fill(encode.array(), (byte) 0);
            bArr2 = copyOfRange;
        }
        int iVSize = dVar.getIVSize();
        int blockSize = dVar.getBlockSize();
        int i10 = iVSize + blockSize;
        byte[] bArr3 = new byte[i10];
        new BCrypt().pbkdf(bArr2, c7807d.u(), (int) c7807d.A(), bArr3);
        Arrays.fill(bArr2, (byte) 0);
        dVar.init(c.f58760b, Arrays.copyOfRange(bArr3, 0, blockSize), Arrays.copyOfRange(bArr3, blockSize, i10));
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v11, types: [zf.d, zf.d$a] */
    /* JADX WARN: Type inference failed for: r1v6, types: [zf.d, zf.d$a] */
    /* JADX WARN: Unreachable blocks removed: 3, instructions: 3 */
    private KeyPair readDecodedKeyPair(C7807d.a aVar) throws IOException, GeneralSecurityException {
        Nf.a aVar2;
        byte[] bArr = AUTH_MAGIC;
        byte[] bArr2 = new byte[bArr.length];
        aVar.x(bArr2);
        if (!C7808e.a(0, bArr.length, bArr2, bArr)) {
            throw new IOException("This key does not contain the 'openssh-key-v1' format magic header");
        }
        Charset charset = C7816m.f67570a;
        String y10 = aVar.y(charset);
        String y11 = aVar.y(charset);
        byte[] u10 = aVar.u();
        int A10 = (int) aVar.A();
        if (A10 != 1) {
            throw new IOException(String.format("OpenSSH Private Key number of keys not supported [%d]", Integer.valueOf(A10)));
        }
        PublicKey publicKey = this.pubKey;
        if (publicKey == null) {
            publicKey = readPublicKey(new C7807d(aVar.u(), true));
        } else {
            aVar.u();
        }
        PublicKey publicKey2 = publicKey;
        byte[] u11 = aVar.u();
        ?? c7807d = new C7807d(u11, true);
        if ("none".equals(y10)) {
            return readUnencrypted(c7807d, publicKey2);
        }
        byte[] readEncryptedPrivateKey = readEncryptedPrivateKey(u11, aVar);
        do {
            try {
                return readUnencrypted(decryptPrivateKey((byte[]) readEncryptedPrivateKey.clone(), u11.length, y10, y11, u10), publicKey2);
            } catch (KeyDecryptionFailedException e10) {
                aVar2 = this.pwdf;
                if (aVar2 == null) {
                    break;
                }
                throw e10;
            }
        } while (aVar2.shouldRetry(this.resource));
        throw e10;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private String readEncodedKey(BufferedReader bufferedReader) throws IOException {
        StringBuilder sb2 = new StringBuilder();
        String readLine = bufferedReader.readLine();
        while (readLine != null) {
            if (readLine.startsWith(END)) {
                return sb2.toString();
            }
            sb2.append(readLine);
            readLine = bufferedReader.readLine();
        }
        throw new IOException("File footer not found [-----END OPENSSH PRIVATE KEY-----]");
    }

    private byte[] readEncryptedPrivateKey(byte[] bArr, C7807d.a aVar) throws C7806c {
        int a10 = aVar.a();
        if (a10 == 0) {
            return bArr;
        }
        byte[] bArr2 = new byte[a10];
        aVar.x(bArr2);
        int length = bArr.length + a10;
        C7807d c7807d = new C7807d(length);
        c7807d.j(0, bArr.length, bArr);
        c7807d.j(0, a10, bArr2);
        byte[] bArr3 = new byte[length];
        c7807d.x(bArr3);
        return bArr3;
    }

    private PublicKey readPublicKey(C7807d.a aVar) throws C7806c, GeneralSecurityException {
        aVar.getClass();
        return B.b(aVar.y(C7816m.f67570a)).f(aVar);
    }

    private RSAPrivateCrtKeySpec readRsaPrivateKeySpec(C7807d.a aVar) throws C7806c {
        BigInteger v10 = aVar.v();
        BigInteger v11 = aVar.v();
        BigInteger v12 = aVar.v();
        BigInteger v13 = aVar.v();
        BigInteger v14 = aVar.v();
        BigInteger v15 = aVar.v();
        BigInteger bigInteger = BigInteger.ONE;
        return new RSAPrivateCrtKeySpec(v10, v11, v12, v14, v15, v12.remainder(v14.subtract(bigInteger)), v12.remainder(v15.subtract(bigInteger)), v13);
    }

    /* JADX WARN: Unreachable blocks removed: 4, instructions: 4 */
    private KeyPair readUnencrypted(C7807d.a aVar, PublicKey publicKey) throws IOException, GeneralSecurityException {
        KeyPair keyPair;
        if (aVar.a() % 8 != 0) {
            throw new IOException("The private key section must be a multiple of the block size (8)");
        }
        if (((int) aVar.A()) != ((int) aVar.A())) {
            throw new KeyDecryptionFailedException(new EncryptionException("OpenSSH Private Key integer comparison failed"));
        }
        String y10 = aVar.y(C7816m.f67570a);
        B b7 = B.b(y10);
        int ordinal = b7.ordinal();
        if (ordinal == 0) {
            keyPair = new KeyPair(publicKey, K.c(KeyAlgorithm.RSA).generatePrivate(readRsaPrivateKeySpec(aVar)));
        } else if (ordinal == 2) {
            keyPair = new KeyPair(publicKey, createECDSAPrivateKey(b7, aVar, "P-256"));
        } else if (ordinal == 3) {
            keyPair = new KeyPair(publicKey, createECDSAPrivateKey(b7, aVar, "P-384"));
        } else if (ordinal == 4) {
            keyPair = new KeyPair(publicKey, createECDSAPrivateKey(b7, aVar, "P-521"));
        } else {
            if (ordinal != 5) {
                throw new IOException(i.l("Cannot decode keytype ", y10, " in openssh-key-v1 files (yet)."));
            }
            aVar.u();
            aVar.A();
            byte[] bArr = new byte[32];
            aVar.x(bArr);
            aVar.x(new byte[32]);
            keyPair = new KeyPair(publicKey, new ff.c(new p000if.d(bArr, C5574b.a())));
        }
        aVar.z();
        int a10 = aVar.a();
        byte[] bArr2 = new byte[a10];
        aVar.x(bArr2);
        int i10 = 0;
        while (i10 < a10) {
            int i11 = i10 + 1;
            if (bArr2[i10] != i11) {
                throw new IOException(AbstractC6294c.e(i10, "Padding of key format contained wrong byte at position: "));
            }
            i10 = i11;
        }
        return keyPair;
    }

    @Override // net.schmizz.sshj.userauth.keyprovider.a, net.schmizz.sshj.userauth.keyprovider.b
    public PublicKey getPublic() throws IOException {
        PublicKey publicKey = this.pubKey;
        return publicKey != null ? publicKey : super.getPublic();
    }

    @Override // net.schmizz.sshj.userauth.keyprovider.a, net.schmizz.sshj.userauth.keyprovider.b
    public void init(File file, Nf.a aVar) {
        File publicKeyFile = OpenSSHKeyFileUtil.getPublicKeyFile(file);
        if (publicKeyFile != null) {
            try {
                initPubKey(new FileReader(publicKeyFile));
            } catch (IOException e10) {
                this.log.s("Error reading public key file: {}", e10.toString());
            }
            super.init(file, aVar);
        }
        super.init(file, aVar);
    }

    @Override // net.schmizz.sshj.userauth.keyprovider.a
    public void init(Reader reader, Reader reader2, Nf.a aVar) {
        if (this.pubKey != null) {
            try {
                initPubKey(reader2);
            } catch (IOException e10) {
                this.log.s("Error reading public key file: {}", e10.toString());
            }
            super.init(reader, (Reader) null, aVar);
        }
        super.init(reader, (Reader) null, aVar);
    }

    @Override // net.schmizz.sshj.userauth.keyprovider.a
    public void init(String str, String str2, Nf.a aVar) {
        if (this.pubKey != null) {
            try {
                initPubKey(new StringReader(str2));
            } catch (IOException e10) {
                this.log.s("Error reading public key file: {}", e10.toString());
            }
            super.init(str, (String) null, aVar);
        }
        super.init(str, (String) null, aVar);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r4v3, types: [zf.d, zf.d$a] */
    /* JADX WARN: Unreachable blocks removed: 2, instructions: 2 */
    @Override // net.schmizz.sshj.userauth.keyprovider.a
    public KeyPair readKeyPair() throws IOException {
        BufferedReader bufferedReader = new BufferedReader(this.resource.a());
        try {
            try {
                if (!checkHeader(bufferedReader)) {
                    throw new IOException("File header not found [-----BEGIN OPENSSH PRIVATE KEY-----]");
                }
                KeyPair readDecodedKeyPair = readDecodedKeyPair(new C7807d(C7804a.a(readEncodedKey(bufferedReader)), true));
                C7816m.a(bufferedReader);
                return readDecodedKeyPair;
            } catch (GeneralSecurityException e10) {
                throw new J("Read OpenSSH Version 1 Key failed", e10);
            } catch (C7805b e11) {
                throw new J("Private Key decoding failed", e11);
            }
        } catch (Throwable th) {
            C7816m.a(bufferedReader);
            throw th;
        }
    }
}
