package com.hierynomus.sshj.userauth.keyprovider;

import com.enterprisedt.net.j2ssh.transport.compression.SshCompressionFactory;
import com.hierynomus.sshj.common.KeyAlgorithm;
import com.hierynomus.sshj.common.KeyDecryptionFailedException;
import com.hierynomus.sshj.transport.cipher.BlockCiphers;
import com.hierynomus.sshj.userauth.keyprovider.OpenSSHKeyFileUtil;
import com.hierynomus.sshj.userauth.keyprovider.bcrypt.BCrypt;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileReader;
import java.io.IOException;
import java.io.Reader;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.nio.CharBuffer;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.ECPrivateKeySpec;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.util.Arrays;
import lr.b;
import lr.d;
import net.schmizz.sshj.common.a0;
import net.schmizz.sshj.common.e;
import net.schmizz.sshj.common.i0;
import net.schmizz.sshj.common.j;
import net.schmizz.sshj.common.j0;
import net.schmizz.sshj.common.l;
import net.schmizz.sshj.userauth.keyprovider.a;
import net.schmizz.sshj.userauth.keyprovider.c;
import org.bouncycastle.asn1.nist.NISTNamedCurves;
import org.bouncycastle.asn1.x9.X9ECParameters;
import org.bouncycastle.jce.spec.ECNamedCurveSpec;

/* loaded from: classes4.dex */
public class OpenSSHKeyV1KeyFile extends a {
    public static final String BCRYPT = "bcrypt";
    private static final String BEGIN = "-----BEGIN ";
    private static final String END = "-----END ";
    public static final String OPENSSH_PRIVATE_KEY = "OPENSSH PRIVATE KEY-----";
    protected final b log = d.b(getClass());
    private PublicKey pubKey;
    private static final b logger = d.b(OpenSSHKeyV1KeyFile.class);
    private static final byte[] AUTH_MAGIC = "openssh-key-v1\u0000".getBytes();

    /* renamed from: com.hierynomus.sshj.userauth.keyprovider.OpenSSHKeyV1KeyFile$1, reason: invalid class name */
    /* loaded from: classes4.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$net$schmizz$sshj$common$KeyType;

        static {
            int[] iArr = new int[a0.values().length];
            $SwitchMap$net$schmizz$sshj$common$KeyType = iArr;
            try {
                iArr[a0.ED25519.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$net$schmizz$sshj$common$KeyType[a0.RSA.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$net$schmizz$sshj$common$KeyType[a0.ECDSA256.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                $SwitchMap$net$schmizz$sshj$common$KeyType[a0.ECDSA384.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                $SwitchMap$net$schmizz$sshj$common$KeyType[a0.ECDSA521.ordinal()] = 5;
            } catch (NoSuchFieldError unused5) {
            }
        }
    }

    /* loaded from: classes4.dex */
    public static class Factory implements j {
        @Override // net.schmizz.sshj.common.k
        public net.schmizz.sshj.userauth.keyprovider.b create() {
            return new OpenSSHKeyV1KeyFile();
        }

        @Override // net.schmizz.sshj.common.j
        public String getName() {
            return c.OpenSSHv1.name();
        }
    }

    private boolean checkHeader(BufferedReader bufferedReader) throws IOException {
        String readLine = bufferedReader.readLine();
        while (readLine != null && !readLine.startsWith(BEGIN)) {
            readLine = bufferedReader.readLine();
        }
        if (readLine == null) {
            return false;
        }
        return readLine.substring(11).startsWith(OPENSSH_PRIVATE_KEY);
    }

    private net.schmizz.sshj.transport.cipher.d createCipher(String str) {
        if (str.equals(BlockCiphers.AES256CTR().getName())) {
            return BlockCiphers.AES256CTR().create();
        }
        if (str.equals(BlockCiphers.AES256CBC().getName())) {
            return BlockCiphers.AES256CBC().create();
        }
        if (str.equals(BlockCiphers.AES128CBC().getName())) {
            return BlockCiphers.AES128CBC().create();
        }
        throw new IllegalStateException(m8.a.e("Cipher '", str, "' not currently implemented for openssh-key-v1 format"));
    }

    private PrivateKey createECDSAPrivateKey(a0 a0Var, net.schmizz.sshj.common.c cVar, String str) throws GeneralSecurityException, net.schmizz.sshj.common.b {
        a0Var.readPubKeyFromBuffer(cVar);
        BigInteger bigInteger = new BigInteger(1, cVar.t());
        X9ECParameters byName = NISTNamedCurves.getByName(str);
        return j0.d(KeyAlgorithm.ECDSA).generatePrivate(new ECPrivateKeySpec(bigInteger, new ECNamedCurveSpec(str, byName.getCurve(), byName.getG(), byName.getN())));
    }

    /* JADX WARN: Type inference failed for: r1v2, types: [net.schmizz.sshj.common.d, net.schmizz.sshj.common.c] */
    private net.schmizz.sshj.common.c decryptBuffer(net.schmizz.sshj.common.c cVar, String str, String str2, byte[] bArr) throws IOException {
        net.schmizz.sshj.transport.cipher.d createCipher = createCipher(str);
        initializeCipher(str2, bArr, createCipher);
        byte[] bArr2 = cVar.f42570a;
        createCipher.update(bArr2, 0, cVar.a());
        return new net.schmizz.sshj.common.d(bArr2, true);
    }

    private void initPubKey(Reader reader) throws IOException {
        OpenSSHKeyFileUtil.ParsedPubKey initPubKey = OpenSSHKeyFileUtil.initPubKey(reader);
        this.type = initPubKey.getType();
        this.pubKey = initPubKey.getPubKey();
    }

    private void initializeCipher(String str, byte[] bArr, net.schmizz.sshj.transport.cipher.d dVar) throws net.schmizz.sshj.common.b {
        if (!str.equals(BCRYPT)) {
            throw new IllegalStateException(m8.a.e("No support for KDF '", str, "'."));
        }
        net.schmizz.sshj.common.d dVar2 = new net.schmizz.sshj.common.d(bArr, true);
        byte[] bArr2 = new byte[0];
        lq.b bVar = this.pwdf;
        if (bVar != null) {
            CharBuffer wrap = CharBuffer.wrap(bVar.reqPassword(null));
            ByteBuffer encode = Charset.forName("UTF-8").encode(wrap);
            byte[] copyOfRange = Arrays.copyOfRange(encode.array(), encode.position(), encode.limit());
            Arrays.fill(wrap.array(), (char) 0);
            Arrays.fill(encode.array(), (byte) 0);
            bArr2 = copyOfRange;
        }
        byte[] bArr3 = new byte[dVar.getBlockSize() + dVar.getIVSize()];
        new BCrypt().pbkdf(bArr2, dVar2.t(), (int) dVar2.z(), bArr3);
        Arrays.fill(bArr2, (byte) 0);
        dVar.init(net.schmizz.sshj.transport.cipher.c.Decrypt, Arrays.copyOfRange(bArr3, 0, dVar.getBlockSize()), Arrays.copyOfRange(bArr3, dVar.getBlockSize(), dVar.getBlockSize() + dVar.getIVSize()));
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r3v5, types: [net.schmizz.sshj.common.d, net.schmizz.sshj.common.c] */
    /* JADX WARN: Type inference failed for: r5v0, types: [net.schmizz.sshj.common.d, net.schmizz.sshj.common.c] */
    /* JADX WARN: Type inference failed for: r8v7, types: [net.schmizz.sshj.common.d, net.schmizz.sshj.common.c] */
    private KeyPair readDecodedKeyPair(net.schmizz.sshj.common.c cVar) throws IOException, GeneralSecurityException {
        byte[] bArr = AUTH_MAGIC;
        int length = bArr.length;
        byte[] bArr2 = new byte[length];
        cVar.getClass();
        cVar.w(bArr2, 0, length);
        if (!e.a(bArr2, bArr, 0, bArr.length)) {
            throw new IOException("This key does not contain the 'openssh-key-v1' format magic header");
        }
        Charset charset = l.f42583a;
        String x10 = cVar.x(charset);
        String x11 = cVar.x(charset);
        byte[] t10 = cVar.t();
        if (((int) cVar.z()) != 1) {
            throw new IOException("We don't support having more than 1 key in the file (yet).");
        }
        PublicKey publicKey = this.pubKey;
        if (publicKey == null) {
            publicKey = readPublicKey(new net.schmizz.sshj.common.d(cVar.t(), true));
        } else {
            cVar.t();
        }
        ?? dVar = new net.schmizz.sshj.common.d(cVar.t(), true);
        if (SshCompressionFactory.COMP_NONE.equals(x10)) {
            logger.k("Reading unencrypted keypair");
            return readUnencrypted(dVar, publicKey);
        }
        b bVar = logger;
        StringBuilder h10 = org.bouncycastle.jce.provider.a.h("Keypair is encrypted with: ", x10, ", ", x11, ", ");
        h10.append(Arrays.toString(t10));
        bVar.x(h10.toString());
        do {
            try {
                return readUnencrypted(decryptBuffer(new net.schmizz.sshj.common.d((net.schmizz.sshj.common.d) dVar), x10, x11, t10), publicKey);
            } catch (KeyDecryptionFailedException e10) {
                if (this.pwdf == null) {
                    break;
                }
                throw e10;
            }
        } while (this.pwdf.shouldRetry(this.resource));
        throw e10;
    }

    private String readKeyFile(BufferedReader bufferedReader) throws IOException {
        StringBuilder sb2 = new StringBuilder();
        String readLine = bufferedReader.readLine();
        while (!readLine.startsWith(END)) {
            sb2.append(readLine);
            readLine = bufferedReader.readLine();
        }
        return sb2.toString();
    }

    private PublicKey readPublicKey(net.schmizz.sshj.common.c cVar) throws net.schmizz.sshj.common.b, GeneralSecurityException {
        cVar.getClass();
        return a0.fromString(cVar.x(l.f42583a)).readPubKeyFromBuffer(cVar);
    }

    private RSAPrivateCrtKeySpec readRsaPrivateKeySpec(net.schmizz.sshj.common.c cVar) throws net.schmizz.sshj.common.b {
        BigInteger u10 = cVar.u();
        BigInteger u11 = cVar.u();
        BigInteger u12 = cVar.u();
        BigInteger u13 = cVar.u();
        BigInteger u14 = cVar.u();
        BigInteger u15 = cVar.u();
        BigInteger bigInteger = BigInteger.ONE;
        return new RSAPrivateCrtKeySpec(u10, u11, u12, u14, u15, u12.remainder(u14.subtract(bigInteger)), u12.remainder(u15.subtract(bigInteger)), u13);
    }

    private KeyPair readUnencrypted(net.schmizz.sshj.common.c cVar, PublicKey publicKey) throws IOException, GeneralSecurityException {
        KeyPair keyPair;
        if (cVar.a() % 8 != 0) {
            throw new IOException("The private key section must be a multiple of the block size (8)");
        }
        if (((int) cVar.z()) != ((int) cVar.z())) {
            throw new KeyDecryptionFailedException();
        }
        String x10 = cVar.x(l.f42583a);
        a0 fromString = a0.fromString(x10);
        logger.C("Read key type: {}", x10, fromString);
        int i10 = AnonymousClass1.$SwitchMap$net$schmizz$sshj$common$KeyType[fromString.ordinal()];
        int i11 = 0;
        if (i10 == 1) {
            cVar.t();
            cVar.z();
            byte[] bArr = new byte[32];
            cVar.w(bArr, 0, 32);
            cVar.w(new byte[32], 0, 32);
            keyPair = new KeyPair(publicKey, new fp.d(new ip.d(bArr, ip.b.a())));
        } else if (i10 == 2) {
            keyPair = new KeyPair(publicKey, j0.d(KeyAlgorithm.RSA).generatePrivate(readRsaPrivateKeySpec(cVar)));
        } else if (i10 == 3) {
            keyPair = new KeyPair(publicKey, createECDSAPrivateKey(fromString, cVar, "P-256"));
        } else if (i10 == 4) {
            keyPair = new KeyPair(publicKey, createECDSAPrivateKey(fromString, cVar, "P-384"));
        } else {
            if (i10 != 5) {
                throw new IOException(m8.a.e("Cannot decode keytype ", x10, " in openssh-key-v1 files (yet)."));
            }
            keyPair = new KeyPair(publicKey, createECDSAPrivateKey(fromString, cVar, "P-521"));
        }
        cVar.y();
        int a10 = cVar.a();
        byte[] bArr2 = new byte[a10];
        cVar.w(bArr2, 0, a10);
        while (i11 < a10) {
            int i12 = i11 + 1;
            if (bArr2[i11] != i12) {
                throw new IOException(gr.a.l("Padding of key format contained wrong byte at position: ", i11));
            }
            i11 = i12;
        }
        return keyPair;
    }

    @Override // net.schmizz.sshj.userauth.keyprovider.a
    public void init(File file) {
        File publicKeyFile = OpenSSHKeyFileUtil.getPublicKeyFile(file);
        if (publicKeyFile != null) {
            try {
                initPubKey(new FileReader(publicKeyFile));
            } catch (IOException e10) {
                this.log.c("Error reading public key file: {}", e10.toString());
            }
        }
        super.init(file);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r4v2, types: [net.schmizz.sshj.common.d, net.schmizz.sshj.common.c] */
    @Override // net.schmizz.sshj.userauth.keyprovider.a
    public KeyPair readKeyPair() throws IOException {
        BufferedReader bufferedReader = new BufferedReader(this.resource.a());
        try {
            try {
                if (!checkHeader(bufferedReader)) {
                    throw new IOException("This key is not in 'openssh-key-v1' format");
                }
                KeyPair readDecodedKeyPair = readDecodedKeyPair(new net.schmizz.sshj.common.d(net.schmizz.sshj.common.a.a(readKeyFile(bufferedReader)), true));
                l.a(bufferedReader);
                return readDecodedKeyPair;
            } catch (GeneralSecurityException e10) {
                throw new i0(e10.getMessage(), e10);
            }
        } catch (Throwable th2) {
            l.a(bufferedReader);
            throw th2;
        }
    }
}
