package xl;

import b0.e2;
import cl.h;
import dl.n;
import hk.e;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.util.Collection;
import java.util.List;
import java.util.concurrent.TimeUnit;
import sa.w;
import zj.l;

/* loaded from: classes.dex */
public final class f extends ul.a implements h {
    public final List<l<cl.d>> U;

    public f() {
        super("publickey");
        this.U = null;
    }

    @Override // ul.a
    public final Boolean b5(el.a aVar, boolean z10) {
        on.b bVar;
        int i10;
        n.i("Instance not initialized", z10);
        fm.f fVar = this.R;
        String str = this.T;
        boolean j10 = aVar.j();
        String v10 = aVar.v();
        int U = aVar.U();
        int R = aVar.R();
        int y10 = (int) aVar.y();
        el.d dVar = (el.d) aVar;
        int i11 = dVar.R - dVar.Q;
        on.b bVar2 = this.O;
        if (y10 < 0 || y10 > i11) {
            bVar2.l("doAuth({}@{}) illogical algorithm={} signature length ({}) when remaining={}", str, fVar, v10, Integer.valueOf(y10), Integer.valueOf(i11));
            throw new IndexOutOfBoundsException("Illogical signature length (" + y10 + ") for algorithm=" + v10);
        }
        aVar.V(aVar.R() + y10);
        PublicKey u10 = aVar.u(fl.c.f6556a);
        if (u10 instanceof hk.e) {
            hk.e eVar = (hk.e) u10;
            try {
                if (!e.b.O.equals(eVar.getType())) {
                    throw new CertificateException("not a user certificate");
                }
                bVar = bVar2;
                long seconds = TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis()) ^ Long.MIN_VALUE;
                if (!(Long.compare(eVar.x() ^ Long.MIN_VALUE, seconds) <= 0 && Long.compare(seconds, eVar.U() ^ Long.MIN_VALUE) < 0)) {
                    throw new CertificateException("expired");
                }
                Collection<String> v02 = eVar.v0();
                if (!dl.e.g(v02) && !v02.contains(str)) {
                    throw new CertificateException("not valid for the given username");
                }
            } catch (CertificateException e10) {
                Y4("doAuth({}@{}): public key certificate (id={}) is not valid: {}", str, fVar, eVar.getId(), e10.getMessage(), e10);
                throw e10;
            }
        } else {
            bVar = bVar2;
        }
        List<l<cl.d>> l02 = l0();
        if (dl.e.g(l02)) {
            l02 = fVar == null ? null : fVar.l0();
        }
        n.f(l02, "No signature factories for session=%s", fVar);
        boolean d10 = bVar.d();
        if (d10) {
            bVar.o("doAuth({}@{}) verify key type={}, factories={}, fingerprint={}", str, fVar, v10, zj.n.c(l02), hk.d.e(u10));
        }
        cl.d dVar2 = (cl.d) e2.a(v10, l02);
        n.b(dVar2, v10, "No verifier located for algorithm=%s");
        dVar2.s0(fVar, u10);
        aVar.V(U);
        byte[] l10 = j10 ? aVar.l() : null;
        c u22 = fVar.u2();
        if (u22 == null) {
            if (d10) {
                bVar.o("doAuth({}@{}) key type={}, fingerprint={} - no authenticator", str, fVar, v10, hk.d.e(u10));
            }
            return Boolean.FALSE;
        }
        try {
            boolean f42 = u22.f4(str, u10, fVar);
            if (d10) {
                i10 = 4;
                bVar.o("doAuth({}@{}) key type={}, fingerprint={} - authentication result: {}", str, fVar, v10, hk.d.e(u10), Boolean.valueOf(f42));
            } else {
                i10 = 4;
            }
            if (!f42) {
                return Boolean.FALSE;
            }
            if (!j10) {
                byte[] c10 = aVar.c();
                int i12 = y10 + i10;
                if (bVar.d()) {
                    Object[] objArr = new Object[i10];
                    objArr[0] = str;
                    objArr[1] = fVar;
                    objArr[2] = v10;
                    objArr[3] = hk.d.e(u10);
                    bVar.o("doAuth({}@{}) send SSH_MSG_USERAUTH_PK_OK for key type={}, fingerprint={}", objArr);
                }
                el.d Q1 = fVar.Q1(dl.e.k(v10) + i12 + 32, (byte) 60);
                Q1.M(v10);
                Q1.I(R, i12, c10);
                fVar.t(Q1);
                return null;
            }
            aVar.S(R);
            aVar.V(R + 4 + y10);
            byte[] U3 = fVar.U3();
            String str2 = this.S;
            int length = str2.length() + str.length() + U3.length;
            String str3 = this.Q;
            el.d dVar3 = new el.d(v10.length() + str3.length() + length + 256 + 64, false);
            dVar3.B(U3);
            dVar3.A((byte) 50);
            dVar3.M(str);
            dVar3.M(str2);
            dVar3.M(str3);
            dVar3.A((byte) 1);
            dVar3.M(v10);
            dVar3.Z(aVar, true);
            if (bVar.k()) {
                byte[] bArr = dVar3.P;
                int i13 = dVar3.Q;
                bVar.B("verifySignature({}@{})[{}][{}] key type={}, fingerprint={} - verification data={}", str, fVar, str2, str3, v10, hk.d.e(u10), el.c.l(bArr, i13, dVar3.R - i13, ' '));
                bVar.B("verifySignature({}@{})[{}][{}] key type={}, fingerprint={} - expected signature={}", str, fVar, str2, str3, v10, hk.d.e(u10), el.c.k(l10));
            }
            byte[] bArr2 = dVar3.P;
            int i14 = dVar3.Q;
            dVar2.A0(bArr2, i14, dVar3.R - i14);
            if (!dVar2.I1(fVar, l10)) {
                throw new SignatureException("Key verification failed");
            }
            if (d10) {
                bVar.o("doAuth({}@{}) key type={}, fingerprint={} - verified", str, fVar, v10, hk.d.e(u10));
            }
            return Boolean.TRUE;
        } catch (Error e11) {
            Z4("doAuth({}@{}) failed ({}) to consult delegate for {} key={}: {}", str, fVar, e11.getClass().getSimpleName(), v10, hk.d.e(u10), e11.getMessage(), e11);
            throw new w(null, e11);
        }
    }

    @Override // cl.h
    public final List<l<cl.d>> l0() {
        return this.U;
    }

    @Override // cl.h
    public final List s3() {
        throw null;
    }
}
