package a.c.a.g.b;

import c.a.a.a.e;
import d.a.c;
import d.a.d;
import java.io.BufferedReader;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.PublicKey;
import java.security.spec.DSAPrivateKeySpec;
import java.security.spec.DSAPublicKeySpec;
import java.security.spec.RSAPrivateKeySpec;
import java.security.spec.RSAPublicKeySpec;
import net.schmizz.sshj.common.Base64;
import net.schmizz.sshj.common.Buffer;
import net.schmizz.sshj.common.ByteArrayUtils;
import net.schmizz.sshj.common.IOUtils;
import net.schmizz.sshj.common.KeyType;
import net.schmizz.sshj.common.SSHRuntimeException;
import net.schmizz.sshj.transport.cipher.AES128CBC;
import net.schmizz.sshj.transport.cipher.AES128CTR;
import net.schmizz.sshj.transport.cipher.AES192CBC;
import net.schmizz.sshj.transport.cipher.AES192CTR;
import net.schmizz.sshj.transport.cipher.AES256CBC;
import net.schmizz.sshj.transport.cipher.AES256CTR;
import net.schmizz.sshj.transport.cipher.Cipher;
import net.schmizz.sshj.transport.cipher.NoneCipher;
import net.schmizz.sshj.transport.cipher.TripleDESCBC;
import net.schmizz.sshj.userauth.keyprovider.BaseFileKeyProvider;
import net.schmizz.sshj.userauth.password.PasswordFinder;
import org.mindrot.jbcrypt.BCryptNative;
import xch.bouncycastle.asn1.nist.NISTNamedCurves;
import xch.bouncycastle.asn1.x9.X9ECParameters;
import xch.bouncycastle.jce.spec.ECParameterSpec;
import xch.bouncycastle.jce.spec.ECPrivateKeySpec;
import xch.bouncycastle.jce.spec.ECPublicKeySpec;
import xch.bouncycastle.math.ec.ECPoint;

/* loaded from: classes.dex */
public class b extends BaseFileKeyProvider {
    private static final String g = "-----BEGIN ";
    private static final String h = "-----END ";
    public static final String j = "OPENSSH PRIVATE KEY-----";
    private static final c f = d.a(b.class);
    private static final byte[] i = "openssh-key-v1\u0000".getBytes();

    private KeyPair a(Buffer.PlainBuffer plainBuffer) {
        Cipher aes128cbc;
        byte[] bArr = new byte[i.length];
        plainBuffer.d(bArr);
        byte[] bArr2 = i;
        if (!ByteArrayUtils.a(bArr, 0, bArr2, 0, bArr2.length)) {
            throw new IOException("This key does not contain the 'openssh-key-v1' format magic header");
        }
        String l = plainBuffer.l();
        String l2 = plainBuffer.l();
        byte[] i2 = plainBuffer.i();
        if (plainBuffer.o() != 1) {
            throw new IOException("We don't support having more than 1 key in the file (yet).");
        }
        PublicKey b2 = b(new Buffer.PlainBuffer(plainBuffer.i()));
        byte[] i3 = plainBuffer.i();
        Buffer.PlainBuffer plainBuffer2 = new Buffer.PlainBuffer(i3);
        if ("none".equals(l)) {
            f.b("Reading unencrypted keypair");
            return a(plainBuffer2, b2);
        }
        if (l2.equalsIgnoreCase("bcrypt")) {
            f.b("Reading bcrypt-encrypted keypair");
            PasswordFinder passwordFinder = this.f426b;
            char[] b3 = passwordFinder == null ? null : passwordFinder.b(this.f425a);
            if (b3 == null) {
                throw new IOException("Key encrypted, no password.");
            }
            byte[] bytes = new String(b3).getBytes("UTF-8");
            Buffer.PlainBuffer plainBuffer3 = new Buffer.PlainBuffer(i2);
            byte[] i4 = plainBuffer3.i();
            int o = plainBuffer3.o();
            if (o > 0) {
                String upperCase = l.toUpperCase();
                new NoneCipher();
                int i5 = 32;
                if (!"DES-EDE3-CBC".equals(upperCase)) {
                    if ("AES-128-CBC".equals(upperCase) || "AES128-CBC".equals(upperCase)) {
                        aes128cbc = new AES128CBC();
                    } else {
                        if (!"AES-192-CBC".equals(upperCase) && !"AES192-CBC".equals(upperCase)) {
                            if ("AES-256-CBC".equals(upperCase) || "AES256-CBC".equals(upperCase)) {
                                aes128cbc = new AES256CBC();
                            } else if ("AES-128-CTR".equals(upperCase) || "AES128-CTR".equals(upperCase)) {
                                aes128cbc = new AES128CTR();
                            } else if ("AES-192-CTR".equals(upperCase) || "AES192-CTR".equals(upperCase)) {
                                aes128cbc = new AES192CTR();
                            } else {
                                if (!"AES-256-CTR".equals(upperCase) && !"AES256-CTR".equals(upperCase)) {
                                    throw new IOException(a.a.a.a.a.a("Unsupported cipher ", l, " for key pair."));
                                }
                                aes128cbc = new AES256CTR();
                            }
                            byte[] bArr3 = new byte[i5];
                            int d2 = aes128cbc.d();
                            byte[] bArr4 = new byte[d2];
                            byte[] bArr5 = new byte[i5 + d2];
                            new BCryptNative().pbkdfNative(bytes, i4, o, bArr5);
                            System.arraycopy(bArr5, 0, bArr3, 0, i5);
                            System.arraycopy(bArr5, i5, bArr4, 0, d2);
                            aes128cbc.a(Cipher.Mode.Decrypt, bArr3, bArr4);
                            aes128cbc.update(i3, 0, i3.length);
                            return a(new Buffer.PlainBuffer(i3), b2);
                        }
                        aes128cbc = new AES192CBC();
                    }
                    i5 = 16;
                    byte[] bArr32 = new byte[i5];
                    int d22 = aes128cbc.d();
                    byte[] bArr42 = new byte[d22];
                    byte[] bArr52 = new byte[i5 + d22];
                    new BCryptNative().pbkdfNative(bytes, i4, o, bArr52);
                    System.arraycopy(bArr52, 0, bArr32, 0, i5);
                    System.arraycopy(bArr52, i5, bArr42, 0, d22);
                    aes128cbc.a(Cipher.Mode.Decrypt, bArr32, bArr42);
                    aes128cbc.update(i3, 0, i3.length);
                    return a(new Buffer.PlainBuffer(i3), b2);
                }
                aes128cbc = new TripleDESCBC();
                i5 = 24;
                byte[] bArr322 = new byte[i5];
                int d222 = aes128cbc.d();
                byte[] bArr422 = new byte[d222];
                byte[] bArr522 = new byte[i5 + d222];
                new BCryptNative().pbkdfNative(bytes, i4, o, bArr522);
                System.arraycopy(bArr522, 0, bArr322, 0, i5);
                System.arraycopy(bArr522, i5, bArr422, 0, d222);
                aes128cbc.a(Cipher.Mode.Decrypt, bArr322, bArr422);
                aes128cbc.update(i3, 0, i3.length);
                return a(new Buffer.PlainBuffer(i3), b2);
            }
        }
        f.d("Keypair is encrypted with: " + l + ", " + l2);
        throw new IOException(a.a.a.a.a.a("Cannot read encrypted keypair with ", l, " yet."));
    }

    private KeyPair a(Buffer.PlainBuffer plainBuffer, PublicKey publicKey) {
        if (plainBuffer.b() % 8 != 0) {
            throw new IOException("The private key section must be a multiple of the block size (8)");
        }
        if (plainBuffer.o() != plainBuffer.o()) {
            throw new IOException("The checkInts differed, the key was not correctly decoded.");
        }
        String l = plainBuffer.l();
        f.b("Read key type: {}", l);
        if (l.equalsIgnoreCase("ssh-ed25519")) {
            plainBuffer.i();
            plainBuffer.n();
            byte[] bArr = new byte[32];
            plainBuffer.d(bArr);
            plainBuffer.d(new byte[32]);
            try {
                plainBuffer.l();
                int b2 = plainBuffer.b();
                byte[] bArr2 = new byte[b2];
                plainBuffer.d(bArr2);
                int i2 = 0;
                while (i2 < b2) {
                    int i3 = i2 + 1;
                    if (bArr2[i2] != i3) {
                        throw new IOException("Padding of key format contained wrong byte at position: " + i2);
                    }
                    i2 = i3;
                }
            } catch (Throwable unused) {
            }
            return new KeyPair(publicKey, new e(new c.a.a.a.m.e(bArr, c.a.a.a.m.c.a("Ed25519"))));
        }
        if (l.equalsIgnoreCase("ssh-rsa")) {
            KeyFactory keyFactory = KeyFactory.getInstance(a.c.a.b.a.f25a);
            BigInteger j2 = plainBuffer.j();
            return new KeyPair(keyFactory.generatePublic(new RSAPublicKeySpec(j2, plainBuffer.j())), keyFactory.generatePrivate(new RSAPrivateKeySpec(j2, plainBuffer.j())));
        }
        if (l.equalsIgnoreCase("ssh-dss")) {
            KeyFactory keyFactory2 = KeyFactory.getInstance(a.c.a.b.a.f26b);
            BigInteger j3 = plainBuffer.j();
            BigInteger j4 = plainBuffer.j();
            BigInteger j5 = plainBuffer.j();
            return new KeyPair(keyFactory2.generatePublic(new DSAPublicKeySpec(plainBuffer.j(), j3, j4, j5)), keyFactory2.generatePrivate(new DSAPrivateKeySpec(plainBuffer.j(), j3, j4, j5)));
        }
        if (!l.equalsIgnoreCase("ecdsa-sha2-nistp256") && !l.equalsIgnoreCase("ecdsa-sha2-nistp384") && !l.equalsIgnoreCase("ecdsa-sha2-nistp521")) {
            throw new IOException(a.a.a.a.a.a("Unknown key type: ", l));
        }
        KeyFactory keyFactory3 = KeyFactory.getInstance(a.c.a.b.a.f27c);
        plainBuffer.l();
        int o = plainBuffer.o();
        plainBuffer.h();
        int i4 = (o - 1) / 2;
        byte[] bArr3 = new byte[i4];
        byte[] bArr4 = new byte[i4];
        plainBuffer.d(bArr3);
        plainBuffer.d(bArr4);
        BigInteger bigInteger = new BigInteger(1, bArr3);
        BigInteger bigInteger2 = new BigInteger(1, bArr4);
        BigInteger j6 = plainBuffer.j();
        StringBuilder a2 = a.a.a.a.a.a("p-");
        a2.append(l.substring(l.length() - 3));
        X9ECParameters a3 = NISTNamedCurves.a(a2.toString());
        ECPoint a4 = a3.i().a(bigInteger, bigInteger2);
        ECParameterSpec eCParameterSpec = new ECParameterSpec(a3.i(), a3.l(), a3.n());
        return new KeyPair(keyFactory3.generatePublic(new ECPublicKeySpec(a4, eCParameterSpec)), keyFactory3.generatePrivate(new ECPrivateKeySpec(j6, eCParameterSpec)));
    }

    private boolean a(BufferedReader bufferedReader) {
        String readLine;
        do {
            readLine = bufferedReader.readLine();
            if (readLine == null) {
                break;
            }
        } while (!readLine.startsWith(g));
        return readLine.substring(11).startsWith(j);
    }

    private String b(BufferedReader bufferedReader) {
        StringBuilder sb = new StringBuilder();
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine.startsWith(h)) {
                return sb.toString();
            }
            sb.append(readLine);
        }
    }

    private PublicKey b(Buffer.PlainBuffer plainBuffer) {
        return KeyType.a(plainBuffer.l()).a(plainBuffer);
    }

    @Override // net.schmizz.sshj.userauth.keyprovider.BaseFileKeyProvider
    protected KeyPair a() {
        BufferedReader bufferedReader = new BufferedReader(this.f425a.b());
        try {
            try {
                if (!a(bufferedReader)) {
                    throw new IOException("This key is not in 'openssh-key-v1' format");
                }
                KeyPair a2 = a(new Buffer.PlainBuffer(Base64.a(b(bufferedReader))));
                IOUtils.a(bufferedReader);
                return a2;
            } catch (GeneralSecurityException e) {
                throw new SSHRuntimeException(e);
            }
        } catch (Throwable th) {
            IOUtils.a(bufferedReader);
            throw th;
        }
    }
}
