package com.hierynomus.sshj.userauth.keyprovider;

import com.efs.sdk.base.Constants;
import com.hierynomus.sshj.common.KeyAlgorithm;
import com.hierynomus.sshj.common.KeyDecryptionFailedException;
import com.hierynomus.sshj.transport.cipher.BlockCiphers;
import com.hierynomus.sshj.userauth.keyprovider.OpenSSHKeyFileUtil;
import com.hierynomus.sshj.userauth.keyprovider.bcrypt.BCrypt;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileReader;
import java.io.IOException;
import java.io.Reader;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.nio.CharBuffer;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.ECPrivateKeySpec;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.util.Arrays;
import net.i2p.crypto.eddsa.EdDSAPrivateKey;
import net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable;
import net.i2p.crypto.eddsa.spec.EdDSAPrivateKeySpec;
import net.schmizz.sshj.common.Base64;
import net.schmizz.sshj.common.Buffer;
import net.schmizz.sshj.common.ByteArrayUtils;
import net.schmizz.sshj.common.Factory;
import net.schmizz.sshj.common.IOUtils;
import net.schmizz.sshj.common.KeyType;
import net.schmizz.sshj.common.SSHRuntimeException;
import net.schmizz.sshj.common.SecurityUtils;
import net.schmizz.sshj.transport.cipher.Cipher;
import net.schmizz.sshj.userauth.keyprovider.BaseFileKeyProvider;
import net.schmizz.sshj.userauth.keyprovider.FileKeyProvider;
import net.schmizz.sshj.userauth.keyprovider.KeyFormat;
import org.apache.commons.lang3.CharEncoding;
import org.bouncycastle.asn1.nist.NISTNamedCurves;
import org.bouncycastle.asn1.x9.X9ECParameters;
import org.bouncycastle.jce.spec.ECNamedCurveSpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes2.dex */
public class OpenSSHKeyV1KeyFile extends BaseFileKeyProvider {
    public static final String BCRYPT = "bcrypt";
    private static final String BEGIN = "-----BEGIN ";
    private static final String END = "-----END ";
    public static final String OPENSSH_PRIVATE_KEY = "OPENSSH PRIVATE KEY-----";
    protected final Logger log = LoggerFactory.getLogger(getClass());
    private PublicKey pubKey;
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) OpenSSHKeyV1KeyFile.class);
    private static final byte[] AUTH_MAGIC = "openssh-key-v1\u0000".getBytes();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.hierynomus.sshj.userauth.keyprovider.OpenSSHKeyV1KeyFile$1, reason: invalid class name */
    /* loaded from: classes2.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$net$schmizz$sshj$common$KeyType;

        static {
            int[] iArr = new int[KeyType.values().length];
            $SwitchMap$net$schmizz$sshj$common$KeyType = iArr;
            try {
                iArr[KeyType.ED25519.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$net$schmizz$sshj$common$KeyType[KeyType.RSA.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$net$schmizz$sshj$common$KeyType[KeyType.ECDSA256.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                $SwitchMap$net$schmizz$sshj$common$KeyType[KeyType.ECDSA384.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                $SwitchMap$net$schmizz$sshj$common$KeyType[KeyType.ECDSA521.ordinal()] = 5;
            } catch (NoSuchFieldError unused5) {
            }
        }
    }

    /* loaded from: classes2.dex */
    public static class Factory implements Factory.Named<FileKeyProvider> {
        @Override // net.schmizz.sshj.common.Factory
        public FileKeyProvider create() {
            return new OpenSSHKeyV1KeyFile();
        }

        @Override // net.schmizz.sshj.common.Factory.Named
        public String getName() {
            return KeyFormat.OpenSSHv1.name();
        }
    }

    private boolean checkHeader(BufferedReader bufferedReader) throws IOException {
        String readLine = bufferedReader.readLine();
        while (readLine != null && !readLine.startsWith(BEGIN)) {
            readLine = bufferedReader.readLine();
        }
        if (readLine == null) {
            return false;
        }
        return readLine.substring(11).startsWith(OPENSSH_PRIVATE_KEY);
    }

    private Cipher createCipher(String str) {
        if (str.equals(BlockCiphers.AES256CTR().getName())) {
            return BlockCiphers.AES256CTR().create();
        }
        if (str.equals(BlockCiphers.AES256CBC().getName())) {
            return BlockCiphers.AES256CBC().create();
        }
        if (str.equals(BlockCiphers.AES128CBC().getName())) {
            return BlockCiphers.AES128CBC().create();
        }
        throw new IllegalStateException("Cipher '" + str + "' not currently implemented for openssh-key-v1 format");
    }

    private PrivateKey createECDSAPrivateKey(KeyType keyType, Buffer.PlainBuffer plainBuffer, String str) throws GeneralSecurityException, Buffer.BufferException {
        keyType.readPubKeyFromBuffer(plainBuffer);
        BigInteger bigInteger = new BigInteger(1, plainBuffer.readBytes());
        X9ECParameters byName = NISTNamedCurves.getByName(str);
        return SecurityUtils.getKeyFactory(KeyAlgorithm.ECDSA).generatePrivate(new ECPrivateKeySpec(bigInteger, new ECNamedCurveSpec(str, byName.getCurve(), byName.getG(), byName.getN())));
    }

    private Buffer.PlainBuffer decryptBuffer(Buffer.PlainBuffer plainBuffer, String str, String str2, byte[] bArr) throws IOException {
        Cipher createCipher = createCipher(str);
        initializeCipher(str2, bArr, createCipher);
        byte[] array = plainBuffer.array();
        createCipher.update(array, 0, plainBuffer.available());
        return new Buffer.PlainBuffer(array);
    }

    private void initPubKey(Reader reader) throws IOException {
        OpenSSHKeyFileUtil.ParsedPubKey initPubKey = OpenSSHKeyFileUtil.initPubKey(reader);
        this.type = initPubKey.getType();
        this.pubKey = initPubKey.getPubKey();
    }

    private void initializeCipher(String str, byte[] bArr, Cipher cipher) throws Buffer.BufferException {
        if (!str.equals(BCRYPT)) {
            throw new IllegalStateException("No support for KDF '" + str + "'.");
        }
        Buffer.PlainBuffer plainBuffer = new Buffer.PlainBuffer(bArr);
        byte[] bArr2 = new byte[0];
        if (this.pwdf != null) {
            CharBuffer wrap = CharBuffer.wrap(this.pwdf.reqPassword(null));
            ByteBuffer encode = Charset.forName(CharEncoding.UTF_8).encode(wrap);
            byte[] copyOfRange = Arrays.copyOfRange(encode.array(), encode.position(), encode.limit());
            Arrays.fill(wrap.array(), (char) 0);
            Arrays.fill(encode.array(), (byte) 0);
            bArr2 = copyOfRange;
        }
        byte[] bArr3 = new byte[cipher.getIVSize() + cipher.getBlockSize()];
        new BCrypt().pbkdf(bArr2, plainBuffer.readBytes(), plainBuffer.readUInt32AsInt(), bArr3);
        Arrays.fill(bArr2, (byte) 0);
        cipher.init(Cipher.Mode.Decrypt, Arrays.copyOfRange(bArr3, 0, cipher.getBlockSize()), Arrays.copyOfRange(bArr3, cipher.getBlockSize(), cipher.getIVSize() + cipher.getBlockSize()));
    }

    private KeyPair readDecodedKeyPair(Buffer.PlainBuffer plainBuffer) throws IOException, GeneralSecurityException {
        byte[] bArr = AUTH_MAGIC;
        byte[] bArr2 = new byte[bArr.length];
        plainBuffer.readRawBytes(bArr2);
        if (!ByteArrayUtils.equals(bArr2, 0, bArr, 0, bArr.length)) {
            throw new IOException("This key does not contain the 'openssh-key-v1' format magic header");
        }
        String readString = plainBuffer.readString();
        String readString2 = plainBuffer.readString();
        byte[] readBytes = plainBuffer.readBytes();
        if (plainBuffer.readUInt32AsInt() != 1) {
            throw new IOException("We don't support having more than 1 key in the file (yet).");
        }
        PublicKey publicKey = this.pubKey;
        if (publicKey == null) {
            publicKey = readPublicKey(new Buffer.PlainBuffer(plainBuffer.readBytes()));
        } else {
            plainBuffer.readBytes();
        }
        Buffer.PlainBuffer plainBuffer2 = new Buffer.PlainBuffer(plainBuffer.readBytes());
        if (Constants.CP_NONE.equals(readString)) {
            logger.debug("Reading unencrypted keypair");
            return readUnencrypted(plainBuffer2, publicKey);
        }
        logger.info("Keypair is encrypted with: " + readString + ", " + readString2 + ", " + Arrays.toString(readBytes));
        do {
            try {
                return readUnencrypted(decryptBuffer(new Buffer.PlainBuffer(plainBuffer2), readString, readString2, readBytes), publicKey);
            } catch (KeyDecryptionFailedException e) {
                if (this.pwdf == null) {
                    break;
                }
                throw e;
            }
        } while (this.pwdf.shouldRetry(this.resource));
        throw e;
    }

    private String readKeyFile(BufferedReader bufferedReader) throws IOException {
        StringBuilder sb = new StringBuilder();
        String readLine = bufferedReader.readLine();
        while (!readLine.startsWith(END)) {
            sb.append(readLine);
            readLine = bufferedReader.readLine();
        }
        return sb.toString();
    }

    private PublicKey readPublicKey(Buffer.PlainBuffer plainBuffer) throws Buffer.BufferException, GeneralSecurityException {
        return KeyType.fromString(plainBuffer.readString()).readPubKeyFromBuffer(plainBuffer);
    }

    private RSAPrivateCrtKeySpec readRsaPrivateKeySpec(Buffer.PlainBuffer plainBuffer) throws Buffer.BufferException {
        BigInteger readMPInt = plainBuffer.readMPInt();
        BigInteger readMPInt2 = plainBuffer.readMPInt();
        BigInteger readMPInt3 = plainBuffer.readMPInt();
        BigInteger readMPInt4 = plainBuffer.readMPInt();
        BigInteger readMPInt5 = plainBuffer.readMPInt();
        BigInteger readMPInt6 = plainBuffer.readMPInt();
        return new RSAPrivateCrtKeySpec(readMPInt, readMPInt2, readMPInt3, readMPInt5, readMPInt6, readMPInt3.remainder(readMPInt5.subtract(BigInteger.ONE)), readMPInt3.remainder(readMPInt6.subtract(BigInteger.ONE)), readMPInt4);
    }

    private KeyPair readUnencrypted(Buffer.PlainBuffer plainBuffer, PublicKey publicKey) throws IOException, GeneralSecurityException {
        KeyPair keyPair;
        if (plainBuffer.available() % 8 != 0) {
            throw new IOException("The private key section must be a multiple of the block size (8)");
        }
        if (plainBuffer.readUInt32AsInt() != plainBuffer.readUInt32AsInt()) {
            throw new KeyDecryptionFailedException();
        }
        String readString = plainBuffer.readString();
        KeyType fromString = KeyType.fromString(readString);
        logger.info("Read key type: {}", readString, fromString);
        int i = AnonymousClass1.$SwitchMap$net$schmizz$sshj$common$KeyType[fromString.ordinal()];
        if (i == 1) {
            plainBuffer.readBytes();
            plainBuffer.readUInt32();
            byte[] bArr = new byte[32];
            plainBuffer.readRawBytes(bArr);
            plainBuffer.readRawBytes(new byte[32]);
            keyPair = new KeyPair(publicKey, new EdDSAPrivateKey(new EdDSAPrivateKeySpec(bArr, EdDSANamedCurveTable.getByName("Ed25519"))));
        } else if (i == 2) {
            keyPair = new KeyPair(publicKey, SecurityUtils.getKeyFactory(KeyAlgorithm.RSA).generatePrivate(readRsaPrivateKeySpec(plainBuffer)));
        } else if (i == 3) {
            keyPair = new KeyPair(publicKey, createECDSAPrivateKey(fromString, plainBuffer, "P-256"));
        } else if (i == 4) {
            keyPair = new KeyPair(publicKey, createECDSAPrivateKey(fromString, plainBuffer, "P-384"));
        } else {
            if (i != 5) {
                throw new IOException("Cannot decode keytype " + readString + " in openssh-key-v1 files (yet).");
            }
            keyPair = new KeyPair(publicKey, createECDSAPrivateKey(fromString, plainBuffer, "P-521"));
        }
        plainBuffer.readString();
        int available = plainBuffer.available();
        byte[] bArr2 = new byte[available];
        plainBuffer.readRawBytes(bArr2);
        int i2 = 0;
        while (i2 < available) {
            int i3 = i2 + 1;
            if (bArr2[i2] != i3) {
                throw new IOException("Padding of key format contained wrong byte at position: " + i2);
            }
            i2 = i3;
        }
        return keyPair;
    }

    @Override // net.schmizz.sshj.userauth.keyprovider.BaseFileKeyProvider, net.schmizz.sshj.userauth.keyprovider.FileKeyProvider
    public void init(File file) {
        File publicKeyFile = OpenSSHKeyFileUtil.getPublicKeyFile(file);
        if (publicKeyFile != null) {
            try {
                initPubKey(new FileReader(publicKeyFile));
            } catch (IOException e) {
                this.log.warn("Error reading public key file: {}", e.toString());
            }
        }
        super.init(file);
    }

    @Override // net.schmizz.sshj.userauth.keyprovider.BaseFileKeyProvider
    protected KeyPair readKeyPair() throws IOException {
        BufferedReader bufferedReader = new BufferedReader(this.resource.getReader());
        try {
            try {
                if (!checkHeader(bufferedReader)) {
                    throw new IOException("This key is not in 'openssh-key-v1' format");
                }
                KeyPair readDecodedKeyPair = readDecodedKeyPair(new Buffer.PlainBuffer(Base64.decode(readKeyFile(bufferedReader))));
                IOUtils.closeQuietly(bufferedReader);
                return readDecodedKeyPair;
            } catch (GeneralSecurityException e) {
                throw new SSHRuntimeException(e);
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly(bufferedReader);
            throw th;
        }
    }
}
