package com.hierynomus.sshj.userauth.keyprovider;

import androidx.compose.runtime.Anchor$$ExternalSyntheticOutline0;
import com.hierynomus.sshj.common.KeyDecryptionFailedException;
import com.hierynomus.sshj.transport.cipher.BlockCiphers$Factory;
import com.hierynomus.sshj.transport.cipher.GcmCiphers$Factory;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileReader;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.nio.CharBuffer;
import java.nio.charset.StandardCharsets;
import java.security.DigestException;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.ECPrivateKeySpec;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.util.Arrays;
import java.util.HashMap;
import kotlin.io.CloseableKt;
import net.i2p.crypto.eddsa.EdDSAPrivateKey;
import net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable;
import net.i2p.crypto.eddsa.spec.EdDSAPrivateKeySpec;
import net.schmizz.sshj.common.Base64Decoder;
import net.schmizz.sshj.common.Base64DecodingException;
import net.schmizz.sshj.common.Buffer;
import net.schmizz.sshj.common.Factory;
import net.schmizz.sshj.common.IOUtils;
import net.schmizz.sshj.common.KeyType;
import net.schmizz.sshj.common.SSHRuntimeException;
import net.schmizz.sshj.common.SecurityUtils;
import net.schmizz.sshj.signature.SignatureDSA;
import net.schmizz.sshj.transport.cipher.Cipher;
import net.schmizz.sshj.userauth.keyprovider.BaseFileKeyProvider;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.nist.NISTNamedCurves;
import org.bouncycastle.asn1.sec.SECNamedCurves;
import org.bouncycastle.asn1.x9.X9ECParameters;
import org.bouncycastle.jce.spec.ECNamedCurveSpec;
import org.bouncycastle.openssl.EncryptionException;
import org.bouncycastle.openssl.PEMException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.helpers.SubstituteLoggerFactory;

/* loaded from: classes.dex */
public final class OpenSSHKeyV1KeyFile extends BaseFileKeyProvider {
    public static final byte[] AUTH_MAGIC = "openssh-key-v1\u0000".getBytes();
    public static final HashMap SUPPORTED_CIPHERS;
    public final Logger log = LoggerFactory.getLogger(OpenSSHKeyV1KeyFile.class);
    public PublicKey pubKey;

    static {
        HashMap hashMap = new HashMap();
        SUPPORTED_CIPHERS = hashMap;
        hashMap.put("3des-cbc", new BlockCiphers$Factory(8, 192, "3des-cbc", "DESede", "CBC"));
        hashMap.put("aes128-cbc", new BlockCiphers$Factory(16, 128, "aes128-cbc", "AES", "CBC"));
        hashMap.put("aes192-cbc", new BlockCiphers$Factory(16, 192, "aes192-cbc", "AES", "CBC"));
        hashMap.put("aes256-cbc", new BlockCiphers$Factory(16, 256, "aes256-cbc", "AES", "CBC"));
        hashMap.put("aes128-ctr", new BlockCiphers$Factory(16, 128, "aes128-ctr", "AES", "CTR"));
        hashMap.put("aes192-ctr", new BlockCiphers$Factory(16, 192, "aes192-ctr", "AES", "CTR"));
        hashMap.put("aes256-ctr", new BlockCiphers$Factory(16, 256, "aes256-ctr", "AES", "CTR"));
        hashMap.put("aes256-gcm@openssh.com", new GcmCiphers$Factory("aes256-gcm@openssh.com", 256));
        hashMap.put("aes128-gcm@openssh.com", new GcmCiphers$Factory("aes128-gcm@openssh.com", 128));
        hashMap.put("chacha20-poly1305@openssh.com", new SignatureDSA.Factory(2));
    }

    public static boolean checkHeader(BufferedReader bufferedReader) {
        String readLine = bufferedReader.readLine();
        while (readLine != null && !readLine.startsWith("-----BEGIN ")) {
            readLine = bufferedReader.readLine();
        }
        if (readLine == null) {
            return false;
        }
        return readLine.substring(11).startsWith("OPENSSH PRIVATE KEY-----");
    }

    public static PrivateKey createECDSAPrivateKey(KeyType keyType, Buffer.PlainBuffer plainBuffer, String str) {
        keyType.readPubKeyFromBuffer(plainBuffer);
        BigInteger bigInteger = new BigInteger(1, plainBuffer.readBytes());
        ASN1ObjectIdentifier oid = NISTNamedCurves.getOID(str);
        X9ECParameters byOID = oid != null ? SECNamedCurves.getByOID(oid) : null;
        return SecurityUtils.getKeyFactory("ECDSA").generatePrivate(new ECPrivateKeySpec(bigInteger, new ECNamedCurveSpec(str, byOID.curve, byOID.g.getPoint(), byOID.n)));
    }

    public static String readEncodedKey(BufferedReader bufferedReader) {
        StringBuilder sb = new StringBuilder();
        String readLine = bufferedReader.readLine();
        while (readLine != null) {
            if (readLine.startsWith("-----END ")) {
                return sb.toString();
            }
            sb.append(readLine);
            readLine = bufferedReader.readLine();
        }
        throw new IOException("File footer not found [-----END OPENSSH PRIVATE KEY-----]");
    }

    /* JADX WARN: Type inference failed for: r12v2, types: [org.bouncycastle.openssl.EncryptionException, org.bouncycastle.openssl.PEMException] */
    public static KeyPair readUnencrypted(Buffer.PlainBuffer plainBuffer, PublicKey publicKey) {
        KeyPair keyPair;
        if (plainBuffer.available() % 8 != 0) {
            throw new IOException("The private key section must be a multiple of the block size (8)");
        }
        if (((int) plainBuffer.readUInt32()) != ((int) plainBuffer.readUInt32())) {
            throw new KeyDecryptionFailedException(new PEMException("OpenSSH Private Key integer comparison failed"));
        }
        String readString$1 = plainBuffer.readString$1();
        KeyType fromString = KeyType.fromString(readString$1);
        int ordinal = fromString.ordinal();
        if (ordinal == 0) {
            BigInteger readMPInt = plainBuffer.readMPInt();
            BigInteger readMPInt2 = plainBuffer.readMPInt();
            BigInteger readMPInt3 = plainBuffer.readMPInt();
            BigInteger readMPInt4 = plainBuffer.readMPInt();
            BigInteger readMPInt5 = plainBuffer.readMPInt();
            BigInteger readMPInt6 = plainBuffer.readMPInt();
            BigInteger bigInteger = BigInteger.ONE;
            keyPair = new KeyPair(publicKey, SecurityUtils.getKeyFactory("RSA").generatePrivate(new RSAPrivateCrtKeySpec(readMPInt, readMPInt2, readMPInt3, readMPInt5, readMPInt6, readMPInt3.remainder(readMPInt5.subtract(bigInteger)), readMPInt3.remainder(readMPInt6.subtract(bigInteger)), readMPInt4)));
        } else if (ordinal == 2) {
            keyPair = new KeyPair(publicKey, createECDSAPrivateKey(fromString, plainBuffer, "P-256"));
        } else if (ordinal == 3) {
            keyPair = new KeyPair(publicKey, createECDSAPrivateKey(fromString, plainBuffer, "P-384"));
        } else if (ordinal == 4) {
            keyPair = new KeyPair(publicKey, createECDSAPrivateKey(fromString, plainBuffer, "P-521"));
        } else {
            if (ordinal != 5) {
                throw new IOException(Anchor$$ExternalSyntheticOutline0.m("Cannot decode keytype ", readString$1, " in openssh-key-v1 files (yet)."));
            }
            plainBuffer.readBytes();
            plainBuffer.readUInt32();
            byte[] bArr = new byte[32];
            plainBuffer.readRawBytes(bArr);
            plainBuffer.readRawBytes(new byte[32]);
            keyPair = new KeyPair(publicKey, new EdDSAPrivateKey(new EdDSAPrivateKeySpec(bArr, EdDSANamedCurveTable.getByName())));
        }
        plainBuffer.readString$1();
        int available = plainBuffer.available();
        byte[] bArr2 = new byte[available];
        plainBuffer.readRawBytes(bArr2);
        int i = 0;
        while (i < available) {
            int i2 = i + 1;
            if (bArr2[i] != i2) {
                throw new IOException(Anchor$$ExternalSyntheticOutline0.m("Padding of key format contained wrong byte at position: ", i));
            }
            i = i2;
        }
        return keyPair;
    }

    /* JADX WARN: Type inference failed for: r5v2, types: [net.schmizz.sshj.common.Buffer$PlainBuffer, net.schmizz.sshj.common.Buffer] */
    public final Buffer.PlainBuffer decryptPrivateKey(byte[] bArr, int i, String str, String str2, byte[] bArr2) {
        try {
            HashMap hashMap = SUPPORTED_CIPHERS;
            if (!hashMap.containsKey(str)) {
                throw new IllegalStateException(Anchor$$ExternalSyntheticOutline0.m("OpenSSH Key encryption cipher not supported [", str, "]"));
            }
            Cipher cipher = (Cipher) ((Factory.Named) hashMap.get(str)).create();
            initializeCipher(str2, bArr2, cipher);
            cipher.update(bArr, 0, i);
            ?? buffer = new Buffer(i);
            buffer.putRawBytes(bArr, 0, i);
            return buffer;
        } catch (SSHRuntimeException e) {
            throw new KeyDecryptionFailedException(new EncryptionException(Anchor$$ExternalSyntheticOutline0.m("OpenSSH Private Key decryption failed with cipher [", str, "]"), e));
        }
    }

    @Override // net.schmizz.sshj.userauth.keyprovider.BaseFileKeyProvider, net.schmizz.sshj.userauth.keyprovider.KeyProvider
    public final PublicKey getPublic() {
        PublicKey publicKey = this.pubKey;
        return publicKey != null ? publicKey : super.getPublic();
    }

    @Override // net.schmizz.sshj.userauth.keyprovider.BaseFileKeyProvider
    public final void init(File file, SubstituteLoggerFactory substituteLoggerFactory) {
        File publicKeyFile = CloseableKt.getPublicKeyFile(file);
        if (publicKeyFile != null) {
            try {
                this.pubKey = (PublicKey) CloseableKt.initPubKey(new FileReader(publicKeyFile)).cipher;
            } catch (IOException e) {
                this.log.warn("Error reading public key file: {}", e.toString());
            }
        }
        super.init(file, substituteLoggerFactory);
    }

    /* JADX WARN: Type inference failed for: r10v1, types: [com.hierynomus.sshj.userauth.keyprovider.bcrypt.BCrypt, java.lang.Object] */
    public final void initializeCipher(String str, byte[] bArr, Cipher cipher) {
        if (!str.equals("bcrypt")) {
            throw new IllegalStateException(Anchor$$ExternalSyntheticOutline0.m("OpenSSH Private Key encryption KDF not supported [", str, "]"));
        }
        Buffer buffer = new Buffer(true, bArr);
        byte[] bArr2 = new byte[0];
        SubstituteLoggerFactory substituteLoggerFactory = this.pwdf;
        if (substituteLoggerFactory != null) {
            CharBuffer wrap = CharBuffer.wrap(substituteLoggerFactory.reqPassword());
            ByteBuffer encode = StandardCharsets.UTF_8.encode(wrap);
            byte[] copyOfRange = Arrays.copyOfRange(encode.array(), encode.position(), encode.limit());
            Arrays.fill(wrap.array(), (char) 0);
            Arrays.fill(encode.array(), (byte) 0);
            bArr2 = copyOfRange;
        }
        int iVSize = cipher.getIVSize();
        int blockSize = cipher.getBlockSize();
        int i = iVSize + blockSize;
        byte[] bArr3 = new byte[i];
        byte[] readBytes = buffer.readBytes();
        int readUInt32 = (int) buffer.readUInt32();
        ?? obj = new Object();
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-512");
            int i2 = (i + 31) / 32;
            byte[] digest = messageDigest.digest(bArr2);
            byte[] bArr4 = new byte[64];
            byte[] bArr5 = new byte[32];
            byte b = 0;
            byte[] bArr6 = new byte[32];
            int i3 = 1;
            while (i3 <= i2) {
                byte[] bArr7 = new byte[4];
                bArr7[b] = (byte) ((i3 >> 24) & 255);
                bArr7[1] = (byte) ((i3 >> 16) & 255);
                bArr7[2] = (byte) ((i3 >> 8) & 255);
                bArr7[3] = (byte) (i3 & 255);
                messageDigest.reset();
                messageDigest.update(readBytes);
                messageDigest.update(bArr7);
                byte b2 = b;
                messageDigest.digest(bArr4, b2, 64);
                obj.hash(digest, bArr4, bArr5);
                System.arraycopy(bArr5, b2, bArr6, b2, 32);
                int i4 = 1;
                while (i4 < readUInt32) {
                    messageDigest.reset();
                    messageDigest.update(bArr6);
                    int i5 = readUInt32;
                    messageDigest.digest(bArr4, b2, 64);
                    obj.hash(digest, bArr4, bArr6);
                    for (int i6 = 0; i6 < 32; i6++) {
                        bArr5[i6] = (byte) (bArr5[i6] ^ bArr6[i6]);
                    }
                    i4++;
                    readUInt32 = i5;
                    b2 = 0;
                }
                int i7 = readUInt32;
                for (int i8 = 0; i8 < 32; i8++) {
                    int i9 = (i3 - 1) + (i8 * i2);
                    if (i9 < i) {
                        bArr3[i9] = bArr5[i8];
                    }
                }
                i3++;
                readUInt32 = i7;
                b = 0;
            }
            byte b3 = b;
            Arrays.fill(bArr2, b3);
            cipher.init(Arrays.copyOfRange(bArr3, (int) b3, blockSize), 2, Arrays.copyOfRange(bArr3, blockSize, i));
        } catch (DigestException e) {
            throw new RuntimeException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException(e2);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v16, types: [net.schmizz.sshj.common.Buffer$PlainBuffer, net.schmizz.sshj.common.Buffer] */
    /* JADX WARN: Type inference failed for: r0v9, types: [net.schmizz.sshj.common.Buffer$PlainBuffer, net.schmizz.sshj.common.Buffer] */
    public final KeyPair readDecodedKeyPair(Buffer.PlainBuffer plainBuffer) {
        byte[] bArr;
        OpenSSHKeyV1KeyFile openSSHKeyV1KeyFile;
        byte[] bArr2 = AUTH_MAGIC;
        byte[] bArr3 = new byte[bArr2.length];
        plainBuffer.readRawBytes(bArr3);
        if (!Base64Decoder.equals(0, bArr2.length, bArr3, bArr2)) {
            throw new IOException("This key does not contain the 'openssh-key-v1' format magic header");
        }
        String readString$1 = plainBuffer.readString$1();
        String readString$12 = plainBuffer.readString$1();
        byte[] readBytes = plainBuffer.readBytes();
        int readUInt32 = (int) plainBuffer.readUInt32();
        if (readUInt32 != 1) {
            throw new IOException(String.format("OpenSSH Private Key number of keys not supported [%d]", Integer.valueOf(readUInt32)));
        }
        PublicKey publicKey = this.pubKey;
        if (publicKey == null) {
            ?? buffer = new Buffer(true, plainBuffer.readBytes());
            publicKey = KeyType.fromString(buffer.readString$1()).readPubKeyFromBuffer(buffer);
        } else {
            plainBuffer.readBytes();
        }
        PublicKey publicKey2 = publicKey;
        byte[] readBytes2 = plainBuffer.readBytes();
        ?? buffer2 = new Buffer(true, readBytes2);
        if ("none".equals(readString$1)) {
            return readUnencrypted(buffer2, publicKey2);
        }
        int available = plainBuffer.available();
        if (available == 0) {
            bArr = readBytes2;
        } else {
            byte[] bArr4 = new byte[available];
            plainBuffer.readRawBytes(bArr4);
            int length = readBytes2.length + available;
            Buffer buffer3 = new Buffer(length);
            buffer3.putRawBytes(readBytes2, 0, readBytes2.length);
            buffer3.putRawBytes(bArr4, 0, available);
            bArr = new byte[length];
            buffer3.readRawBytes(bArr);
        }
        do {
            try {
                openSSHKeyV1KeyFile = this;
            } catch (KeyDecryptionFailedException e) {
                e = e;
                openSSHKeyV1KeyFile = this;
            }
            try {
                return readUnencrypted(openSSHKeyV1KeyFile.decryptPrivateKey((byte[]) bArr.clone(), readBytes2.length, readString$1, readString$12, readBytes), publicKey2);
            } catch (KeyDecryptionFailedException e2) {
                e = e2;
            }
        } while (openSSHKeyV1KeyFile.pwdf != null);
        throw e;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r4v3, types: [net.schmizz.sshj.common.Buffer$PlainBuffer, net.schmizz.sshj.common.Buffer] */
    @Override // net.schmizz.sshj.userauth.keyprovider.BaseFileKeyProvider
    public final KeyPair readKeyPair() {
        BufferedReader bufferedReader = new BufferedReader(this.resource.getReader());
        try {
            try {
                if (!checkHeader(bufferedReader)) {
                    throw new IOException("File header not found [-----BEGIN OPENSSH PRIVATE KEY-----]");
                }
                KeyPair readDecodedKeyPair = readDecodedKeyPair(new Buffer(true, Base64Decoder.decode(readEncodedKey(bufferedReader))));
                IOUtils.closeQuietly(bufferedReader);
                return readDecodedKeyPair;
            } catch (GeneralSecurityException e) {
                throw new SSHRuntimeException("Read OpenSSH Version 1 Key failed", e);
            } catch (Base64DecodingException e2) {
                throw new SSHRuntimeException("Private Key decoding failed", e2);
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly(bufferedReader);
            throw th;
        }
    }
}
