package com.sshtools.common.ssh.components.jce;

import com.sshtools.common.logger.Log;
import com.sshtools.common.ssh.SecurityLevel;
import com.sshtools.common.ssh.SshException;
import com.sshtools.common.ssh.SshKeyFingerprint;
import com.sshtools.common.ssh.components.SshPublicKey;
import com.sshtools.common.ssh.components.SshRsaPublicKey;
import com.sshtools.common.util.ByteArrayReader;
import com.sshtools.common.util.ByteArrayWriter;
import com.sshtools.synergy.ssh.SshContext;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;

/* loaded from: classes.dex */
public class Ssh2RsaPublicKey implements SshRsaPublicKey {
    protected RSAPublicKey pubKey;

    public Ssh2RsaPublicKey() {
    }

    public Ssh2RsaPublicKey(BigInteger bigInteger, BigInteger bigInteger2) throws NoSuchAlgorithmException, InvalidKeySpecException {
        this.pubKey = (RSAPublicKey) (JCEProvider.getProviderForAlgorithm("RSA") == null ? KeyFactory.getInstance("RSA") : KeyFactory.getInstance("RSA", JCEProvider.getProviderForAlgorithm("RSA"))).generatePublic(new RSAPublicKeySpec(bigInteger, bigInteger2));
    }

    public Ssh2RsaPublicKey(RSAPublicKey rSAPublicKey) {
        this.pubKey = rSAPublicKey;
    }

    private boolean verifyJCESignature(byte[] bArr, String str, byte[] bArr2, boolean z) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        byte[] bArr3;
        boolean z2;
        boolean z3;
        str.hashCode();
        Signature signature = !str.equals(SshContext.PUBLIC_KEY_RSA_SHA256) ? !str.equals(SshContext.PUBLIC_KEY_RSA_SHA512) ? JCEProvider.getProviderForAlgorithm(JCEAlgorithms.JCE_SHA1WithRSA) == null ? Signature.getInstance(JCEAlgorithms.JCE_SHA1WithRSA) : Signature.getInstance(JCEAlgorithms.JCE_SHA1WithRSA, JCEProvider.getProviderForAlgorithm(JCEAlgorithms.JCE_SHA1WithRSA)) : JCEProvider.getProviderForAlgorithm(JCEAlgorithms.JCE_SHA512WithRSA) == null ? Signature.getInstance(JCEAlgorithms.JCE_SHA512WithRSA) : Signature.getInstance(JCEAlgorithms.JCE_SHA512WithRSA, JCEProvider.getProviderForAlgorithm(JCEAlgorithms.JCE_SHA512WithRSA)) : JCEProvider.getProviderForAlgorithm(JCEAlgorithms.JCE_SHA256WithRSA) == null ? Signature.getInstance(JCEAlgorithms.JCE_SHA256WithRSA) : Signature.getInstance(JCEAlgorithms.JCE_SHA256WithRSA, JCEProvider.getProviderForAlgorithm(JCEAlgorithms.JCE_SHA256WithRSA));
        signature.initVerify(this.pubKey);
        signature.update(bArr2);
        int signatureLength = getSignatureLength();
        int length = bArr.length;
        if (!z || bArr.length >= signatureLength) {
            bArr3 = bArr;
            z2 = false;
        } else {
            if (Log.isDebugEnabled()) {
                Log.debug("No Padding Detected: Expected signature length of " + signatureLength + " (modulus=" + getModulus().bitLength() + ") but got " + bArr.length, new Object[0]);
            }
            bArr3 = new byte[signatureLength];
            System.arraycopy(bArr, 0, bArr3, signatureLength - bArr.length, bArr.length);
            z2 = true;
        }
        try {
            z3 = signature.verify(bArr3);
        } catch (SignatureException e) {
            if (!z) {
                throw e;
            }
            if (Log.isDebugEnabled()) {
                Log.debug("Signature failed. Falling back to raw signature data.", new Object[0]);
            }
            z3 = false;
        }
        if (!z3) {
            if (z2) {
                z3 = verifyJCESignature(bArr, str, bArr2, false);
            }
            if (!z3 && Log.isDebugEnabled() && Boolean.getBoolean("maverick.verbose")) {
                Log.debug("JCE Reports Invalid Signature: Expected signature length of " + signatureLength + " (modulus=" + getModulus().bitLength() + ") but got " + length, new Object[0]);
            }
        }
        return z3;
    }

    @Override // com.sshtools.common.ssh.components.SshRsaPublicKey
    public BigInteger doPublic(BigInteger bigInteger) throws SshException {
        try {
            Cipher cipher = JCEProvider.getProviderForAlgorithm("RSA") == null ? Cipher.getInstance("RSA") : Cipher.getInstance("RSA", JCEProvider.getProviderForAlgorithm("RSA"));
            cipher.init(1, this.pubKey, JCEProvider.getSecureRandom());
            byte[] byteArray = bigInteger.toByteArray();
            return new BigInteger(cipher.doFinal(byteArray, byteArray[0] == 0 ? 1 : 0, byteArray[0] == 0 ? byteArray.length - 1 : byteArray.length));
        } catch (Throwable th) {
            if (th.getMessage().indexOf("RSA") > -1) {
                throw new SshException("JCE provider requires BouncyCastle provider for RSA/NONE/PKCS1Padding component. Add bcprov.jar to your classpath or configure an alternative provider for this algorithm", 5);
            }
            throw new SshException(th);
        }
    }

    public boolean equals(Object obj) {
        if (!(obj instanceof SshRsaPublicKey)) {
            return false;
        }
        try {
            return ((SshPublicKey) obj).getFingerprint().equals(getFingerprint());
        } catch (SshException unused) {
            return false;
        }
    }

    @Override // com.sshtools.common.ssh.components.SshPublicKey, com.sshtools.common.ssh.SecureComponent
    public String getAlgorithm() {
        return "ssh-rsa";
    }

    @Override // com.sshtools.common.ssh.components.SshPublicKey
    public int getBitLength() {
        return this.pubKey.getModulus().bitLength();
    }

    @Override // com.sshtools.common.ssh.components.SshPublicKey
    public byte[] getEncoded() throws SshException {
        ByteArrayWriter byteArrayWriter = new ByteArrayWriter();
        try {
            try {
                byteArrayWriter.writeString(getEncodingAlgorithm());
                byteArrayWriter.writeBigInteger(this.pubKey.getPublicExponent());
                byteArrayWriter.writeBigInteger(this.pubKey.getModulus());
                byte[] byteArray = byteArrayWriter.toByteArray();
                try {
                    byteArrayWriter.close();
                } catch (IOException unused) {
                }
                return byteArray;
            } catch (IOException e) {
                throw new SshException("Failed to encoded key data", 5, e);
            }
        } catch (Throwable th) {
            try {
                byteArrayWriter.close();
            } catch (IOException unused2) {
            }
            throw th;
        }
    }

    @Override // com.sshtools.common.ssh.components.SshPublicKey
    public String getEncodingAlgorithm() {
        return getAlgorithm();
    }

    @Override // com.sshtools.common.ssh.components.SshPublicKey
    public String getFingerprint() throws SshException {
        return SshKeyFingerprint.getFingerprint(getEncoded());
    }

    @Override // com.sshtools.common.ssh.components.SshRsaPublicKey, com.sshtools.common.ssh.components.SshPublicKey
    public PublicKey getJCEPublicKey() {
        return this.pubKey;
    }

    @Override // com.sshtools.common.ssh.components.SshRsaPublicKey
    public BigInteger getModulus() {
        return this.pubKey.getModulus();
    }

    @Override // com.sshtools.common.ssh.SecureComponent
    public int getPriority() {
        return 1000;
    }

    @Override // com.sshtools.common.ssh.components.SshRsaPublicKey
    public BigInteger getPublicExponent() {
        return this.pubKey.getPublicExponent();
    }

    @Override // com.sshtools.common.ssh.SecureComponent
    public SecurityLevel getSecurityLevel() {
        return SecurityLevel.WEAK;
    }

    public int getSignatureLength() {
        int bitLength = getModulus().bitLength() / 8;
        return getModulus().bitLength() % 8 != 0 ? bitLength + 1 : bitLength;
    }

    @Override // com.sshtools.common.ssh.components.SshPublicKey
    public String getSigningAlgorithm() {
        return "ssh-rsa";
    }

    @Override // com.sshtools.common.ssh.components.SshRsaPublicKey
    public int getVersion() {
        return 2;
    }

    public int hashCode() {
        try {
            return getFingerprint().hashCode();
        } catch (SshException unused) {
            return 0;
        }
    }

    @Override // com.sshtools.common.ssh.components.SshPublicKey
    public void init(byte[] bArr, int i, int i2) throws SshException {
        ByteArrayReader byteArrayReader = new ByteArrayReader(bArr, i, i2);
        try {
            try {
                if (!byteArrayReader.readString().equals(getEncodingAlgorithm())) {
                    throw new SshException("The encoded key is not " + getEncodingAlgorithm(), 5);
                }
                try {
                    this.pubKey = (RSAPublicKey) (JCEProvider.getProviderForAlgorithm("RSA") == null ? KeyFactory.getInstance("RSA") : KeyFactory.getInstance("RSA", JCEProvider.getProviderForAlgorithm("RSA"))).generatePublic(new RSAPublicKeySpec(byteArrayReader.readBigInteger(), byteArrayReader.readBigInteger()));
                } catch (Exception e) {
                    throw new SshException("Failed to obtain RSA key instance from JCE", 5, e);
                }
            } catch (IOException unused) {
                throw new SshException("Failed to read encoded key data", 5);
            }
        } finally {
            byteArrayReader.close();
        }
    }

    @Override // com.sshtools.common.ssh.components.SshPublicKey
    public /* synthetic */ boolean isCertificate() {
        return SshPublicKey.CC.$default$isCertificate(this);
    }

    @Override // com.sshtools.common.ssh.components.SshPublicKey
    public String test() {
        try {
            KeyFactory keyFactory = JCEProvider.getProviderForAlgorithm("RSA") == null ? KeyFactory.getInstance("RSA") : KeyFactory.getInstance("RSA", JCEProvider.getProviderForAlgorithm("RSA"));
            if (JCEProvider.getProviderForAlgorithm("RSA") == null) {
                Cipher.getInstance("RSA");
            } else {
                Cipher.getInstance("RSA", JCEProvider.getProviderForAlgorithm("RSA"));
            }
            if (JCEProvider.getProviderForAlgorithm(JCEAlgorithms.JCE_SHA1WithRSA) == null) {
                Signature.getInstance(JCEAlgorithms.JCE_SHA1WithRSA);
            } else {
                Signature.getInstance(JCEAlgorithms.JCE_SHA1WithRSA, JCEProvider.getProviderForAlgorithm(JCEAlgorithms.JCE_SHA1WithRSA));
            }
            return keyFactory.getProvider().getName();
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
            throw new IllegalStateException(e.getMessage(), e);
        }
    }

    @Override // com.sshtools.common.ssh.components.SshPublicKey
    public boolean verifySignature(byte[] bArr, byte[] bArr2) throws SshException {
        try {
            ByteArrayReader byteArrayReader = new ByteArrayReader(bArr);
            String str = "ssh-rsa";
            try {
                long readInt = byteArrayReader.readInt();
                if (readInt > 0 && readInt < 100) {
                    byteArrayReader.reset();
                    str = new String(byteArrayReader.readBinaryString());
                    bArr = byteArrayReader.readBinaryString();
                }
                byteArrayReader.close();
                return verifyJCESignature(bArr, str, bArr2, true);
            } catch (Throwable th) {
                byteArrayReader.close();
                throw th;
            }
        } catch (Exception e) {
            throw new SshException(16, e);
        }
    }
}
