package com.trilead.ssh2.crypto;

import a.b.b.a.a;
import com.hierynomus.sshj.userauth.keyprovider.OpenSSHKeyV1KeyFile;
import com.trilead.ssh2.crypto.cipher.AES;
import com.trilead.ssh2.crypto.cipher.BlockCipher;
import com.trilead.ssh2.crypto.cipher.DES;
import com.trilead.ssh2.crypto.cipher.DESede;
import com.trilead.ssh2.packets.TypesReader;
import com.trilead.ssh2.signature.ECDSASHA2Verify;
import java.io.BufferedReader;
import java.io.CharArrayReader;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.DigestException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.spec.DSAPrivateKeySpec;
import java.security.spec.DSAPublicKeySpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPrivateKeySpec;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.security.spec.RSAPrivateKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.Arrays;
import java.util.Locale;
import net.i2p.crypto.eddsa.EdDSAPrivateKey;
import net.i2p.crypto.eddsa.EdDSAPublicKey;
import net.i2p.crypto.eddsa.spec.EdDSANamedCurveSpec;
import net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable;
import net.i2p.crypto.eddsa.spec.EdDSAPrivateKeySpec;
import net.i2p.crypto.eddsa.spec.EdDSAPublicKeySpec;
import org.bouncycastle.crypto.util.OpenSSHPublicKeyUtil;
import org.bouncycastle.jcajce.provider.asymmetric.edec.KeyFactorySpi;
import org.mindrot.jbcrypt.BCrypt;

/* loaded from: classes.dex */
public class PEMDecoder {

    /* renamed from: a, reason: collision with root package name */
    public static final byte[] f8736a = {KeyFactorySpi.x448_type, KeyFactorySpi.Ed25519_type, 101, KeyFactorySpi.x25519_type, 115, 115, 104, 45, 107, 101, 121, 45, 118, 49, 0};

    public static int a(char c2) {
        char c3 = 'a';
        if (c2 < 'a' || c2 > 'f') {
            c3 = 'A';
            if (c2 < 'A' || c2 > 'F') {
                if (c2 < '0' || c2 > '9') {
                    throw new IllegalArgumentException("Need hex char");
                }
                return c2 - '0';
            }
        }
        return (c2 - c3) + 10;
    }

    public static final PEMStructure a(char[] cArr) {
        String str;
        PEMStructure pEMStructure = new PEMStructure();
        BufferedReader bufferedReader = new BufferedReader(new CharArrayReader(cArr));
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                throw new IOException("Invalid PEM structure, '-----BEGIN...' missing");
            }
            String trim = readLine.trim();
            if (trim.startsWith("-----BEGIN DSA PRIVATE KEY-----")) {
                pEMStructure.f8737a = 2;
                str = "-----END DSA PRIVATE KEY-----";
                break;
            }
            if (trim.startsWith("-----BEGIN RSA PRIVATE KEY-----")) {
                pEMStructure.f8737a = 1;
                str = "-----END RSA PRIVATE KEY-----";
                break;
            }
            if (trim.startsWith("-----BEGIN EC PRIVATE KEY-----")) {
                pEMStructure.f8737a = 3;
                str = "-----END EC PRIVATE KEY-----";
                break;
            }
            if (trim.startsWith("-----BEGIN OPENSSH PRIVATE KEY-----")) {
                pEMStructure.f8737a = 4;
                str = "-----END OPENSSH PRIVATE KEY-----";
                break;
            }
        }
        while (true) {
            String readLine2 = bufferedReader.readLine();
            if (readLine2 == null) {
                throw new IOException(a.a("Invalid PEM structure, ", str, " missing"));
            }
            String trim2 = readLine2.trim();
            int indexOf = trim2.indexOf(58);
            if (indexOf == -1) {
                StringBuffer stringBuffer = new StringBuffer();
                while (trim2 != null) {
                    String trim3 = trim2.trim();
                    if (trim3.startsWith(str)) {
                        int length = stringBuffer.length();
                        char[] cArr2 = new char[length];
                        stringBuffer.getChars(0, length, cArr2, 0);
                        byte[] a2 = Base64.a(cArr2);
                        pEMStructure.f8740d = a2;
                        if (a2.length != 0) {
                            return pEMStructure;
                        }
                        throw new IOException("Invalid PEM structure, no data available");
                    }
                    stringBuffer.append(trim3);
                    trim2 = bufferedReader.readLine();
                }
                throw new IOException(a.a("Invalid PEM structure, ", str, " missing"));
            }
            int i2 = indexOf + 1;
            String substring = trim2.substring(0, i2);
            String[] split = trim2.substring(i2).split(",");
            for (int i3 = 0; i3 < split.length; i3++) {
                split[i3] = split[i3].trim();
            }
            if ("Proc-Type:".equals(substring)) {
                pEMStructure.f8739c = split;
            } else if ("DEK-Info:".equals(substring)) {
                pEMStructure.f8738b = split;
            }
        }
    }

    public static KeyPair a(String str, KeySpec keySpec, KeySpec keySpec2) {
        try {
            KeyFactory keyFactory = KeyFactory.getInstance(str);
            return new KeyPair(keyFactory.generatePublic(keySpec2), keyFactory.generatePrivate(keySpec));
        } catch (NoSuchAlgorithmException e2) {
            throw new IOException(e2);
        } catch (InvalidKeySpecException e3) {
            throw new IOException("invalid keyspec", e3);
        }
    }

    public static KeyPair a(char[] cArr, String str) {
        KeyPair a2;
        KeySpec rSAPrivateKeySpec;
        byte[] bytes;
        PEMStructure a3 = a(cArr);
        if (a(a3) && a3.f8737a != 4) {
            if (str == null) {
                throw new IOException("PEM is encrypted, but no password was specified");
            }
            try {
                a(a3, str.getBytes("ISO-8859-1"));
            } catch (UnsupportedEncodingException unused) {
                a(a3, str.getBytes("ISO-8859-1"));
            }
        }
        int i2 = a3.f8737a;
        if (i2 == 2) {
            SimpleDERReader simpleDERReader = new SimpleDERReader(a3.f8740d);
            byte[] f2 = simpleDERReader.f();
            if (simpleDERReader.f8743c != 0) {
                throw new IOException("Padding in DSA PRIVATE KEY DER stream.");
            }
            simpleDERReader.a(f2);
            BigInteger b2 = simpleDERReader.b();
            if (b2.compareTo(BigInteger.ZERO) != 0) {
                throw new IOException("Wrong version (" + b2 + ") in DSA PRIVATE KEY DER stream.");
            }
            BigInteger b3 = simpleDERReader.b();
            BigInteger b4 = simpleDERReader.b();
            BigInteger b5 = simpleDERReader.b();
            BigInteger b6 = simpleDERReader.b();
            BigInteger b7 = simpleDERReader.b();
            if (simpleDERReader.f8743c == 0) {
                return a("DSA", new DSAPrivateKeySpec(b7, b3, b4, b5), new DSAPublicKeySpec(b6, b3, b4, b5));
            }
            throw new IOException("Padding in DSA PRIVATE KEY DER stream.");
        }
        if (i2 == 1) {
            SimpleDERReader simpleDERReader2 = new SimpleDERReader(a3.f8740d);
            byte[] f3 = simpleDERReader2.f();
            if (simpleDERReader2.f8743c != 0) {
                throw new IOException("Padding in RSA PRIVATE KEY DER stream.");
            }
            simpleDERReader2.a(f3);
            BigInteger b8 = simpleDERReader2.b();
            if (b8.compareTo(BigInteger.ZERO) == 0 || b8.compareTo(BigInteger.ONE) == 0) {
                BigInteger b9 = simpleDERReader2.b();
                BigInteger b10 = simpleDERReader2.b();
                return a("RSA", new RSAPrivateCrtKeySpec(b9, b10, simpleDERReader2.b(), simpleDERReader2.b(), simpleDERReader2.b(), simpleDERReader2.b(), simpleDERReader2.b(), simpleDERReader2.b()), new RSAPublicKeySpec(b9, b10));
            }
            throw new IOException("Wrong version (" + b8 + ") in RSA PRIVATE KEY DER stream.");
        }
        if (i2 == 3) {
            SimpleDERReader simpleDERReader3 = new SimpleDERReader(a3.f8740d);
            byte[] f4 = simpleDERReader3.f();
            if (simpleDERReader3.f8743c != 0) {
                throw new IOException("Padding in EC PRIVATE KEY DER stream.");
            }
            simpleDERReader3.a(f4);
            BigInteger b11 = simpleDERReader3.b();
            if (b11.compareTo(BigInteger.ONE) != 0) {
                throw new IOException("Wrong version (" + b11 + ") in EC PRIVATE KEY DER stream.");
            }
            byte[] d2 = simpleDERReader3.d();
            String str2 = null;
            byte[] bArr = null;
            while (simpleDERReader3.f8743c > 0) {
                int a4 = simpleDERReader3.a() & 255;
                if ((a4 & 32) != 32) {
                    throw new IOException(a.a("Expected constructed type, but was ", a4));
                }
                int i3 = a4 & 31;
                int c2 = simpleDERReader3.c();
                if (c2 < 0 || c2 > simpleDERReader3.f8743c) {
                    throw new IOException(a.a("Illegal len in DER object (", c2, ")"));
                }
                SimpleDERReader simpleDERReader4 = new SimpleDERReader(simpleDERReader3.f8741a, simpleDERReader3.f8742b, c2);
                simpleDERReader3.f8742b += c2;
                simpleDERReader3.f8743c -= c2;
                if (i3 == 0) {
                    str2 = simpleDERReader4.e();
                } else if (i3 == 1) {
                    bArr = simpleDERReader4.d();
                }
            }
            String str3 = ECDSASHA2Verify.f8846c.get(str2);
            ECParameterSpec eCParameterSpec = str3 != null ? ECDSASHA2Verify.f8844a.get(str3) : null;
            if (eCParameterSpec == null) {
                throw new IOException("invalid OID");
            }
            BigInteger bigInteger = new BigInteger(1, d2);
            int length = bArr.length - 1;
            byte[] bArr2 = new byte[length];
            System.arraycopy(bArr, 1, bArr2, 0, length);
            return a("EC", new ECPrivateKeySpec(bigInteger, eCParameterSpec), new ECPublicKeySpec(ECDSASHA2Verify.a(bArr2, eCParameterSpec.getCurve()), eCParameterSpec));
        }
        if (i2 != 4) {
            throw new IOException("PEM problem: it is of unknown type");
        }
        TypesReader typesReader = new TypesReader(a3.f8740d);
        byte[] a5 = typesReader.a(f8736a.length);
        if (!Arrays.equals(f8736a, a5)) {
            StringBuilder a6 = a.a("Could not find OPENSSH key magic: ");
            a6.append(new String(a5));
            throw new IOException(a6.toString());
        }
        String f5 = typesReader.f();
        String f6 = typesReader.f();
        byte[] c3 = typesReader.c();
        int g2 = typesReader.g();
        if (g2 != 1) {
            throw new IOException(a.a("Only one key supported, but encountered bundle of ", g2));
        }
        typesReader.c();
        byte[] c4 = typesReader.c();
        if (OpenSSHKeyV1KeyFile.BCRYPT.equals(f6)) {
            if (str == null) {
                throw new IOException("PEM is encrypted, but no password was specified");
            }
            TypesReader typesReader2 = new TypesReader(c3);
            byte[] c5 = typesReader2.c();
            int g3 = typesReader2.g();
            try {
                bytes = str.getBytes("UTF-8");
            } catch (UnsupportedEncodingException unused2) {
                bytes = str.getBytes();
            }
            c4 = a(c4, bytes, c5, g3, f5);
        } else if (!"none".equals(f5) || !"none".equals(f6)) {
            throw new IOException("encryption not supported");
        }
        TypesReader typesReader3 = new TypesReader(c4);
        if (typesReader3.g() != typesReader3.g()) {
            throw new IOException("Decryption failed when trying to read private keys");
        }
        String f7 = typesReader3.f();
        if (OpenSSHPublicKeyUtil.ED_25519.equals(f7)) {
            byte[] c6 = typesReader3.c();
            byte[] c7 = typesReader3.c();
            EdDSANamedCurveSpec byName = EdDSANamedCurveTable.getByName("Ed25519");
            a2 = new KeyPair(new EdDSAPublicKey(new EdDSAPublicKeySpec(c6, byName)), new EdDSAPrivateKey(new EdDSAPrivateKeySpec(Arrays.copyOfRange(c7, 0, 32), byName)));
        } else if (f7.startsWith("ecdsa-sha2-")) {
            ECParameterSpec eCParameterSpec2 = ECDSASHA2Verify.f8844a.get(typesReader3.f());
            if (eCParameterSpec2 == null) {
                throw new IOException("Invalid curve name");
            }
            byte[] c8 = typesReader3.c();
            BigInteger d3 = typesReader3.d();
            ECPoint a7 = ECDSASHA2Verify.a(c8, eCParameterSpec2.getCurve());
            if (a7 == null) {
                throw new IOException("Invalid ECDSA group");
            }
            a2 = a("EC", new ECPrivateKeySpec(d3, eCParameterSpec2), new ECPublicKeySpec(a7, eCParameterSpec2));
        } else if (OpenSSHPublicKeyUtil.RSA.equals(f7)) {
            BigInteger d4 = typesReader3.d();
            BigInteger d5 = typesReader3.d();
            BigInteger d6 = typesReader3.d();
            BigInteger d7 = typesReader3.d();
            BigInteger d8 = typesReader3.d();
            if (d8 == null || d7 == null) {
                rSAPrivateKeySpec = new RSAPrivateKeySpec(d4, d6);
            } else {
                BigInteger modInverse = d7.modInverse(d8);
                rSAPrivateKeySpec = new RSAPrivateCrtKeySpec(d4, d5, d6, d8, modInverse, d6.mod(d8.subtract(BigInteger.ONE)), d6.mod(modInverse.subtract(BigInteger.ONE)), d7);
            }
            a2 = a("RSA", rSAPrivateKeySpec, new RSAPublicKeySpec(d4, d5));
        } else {
            if (!OpenSSHPublicKeyUtil.DSS.equals(f7)) {
                throw new IOException(a.a("Unknown key type ", f7));
            }
            BigInteger d9 = typesReader3.d();
            BigInteger d10 = typesReader3.d();
            BigInteger d11 = typesReader3.d();
            a2 = a("DSA", new DSAPrivateKeySpec(typesReader3.d(), d9, d10, d11), new DSAPublicKeySpec(typesReader3.d(), d9, d10, d11));
        }
        typesReader3.c();
        int h2 = typesReader.h();
        for (int i4 = 1; i4 <= h2; i4++) {
            if (i4 != typesReader.b()) {
                throw new IOException("Bad padding value on decrypted private keys");
            }
        }
        return a2;
    }

    public static void a(PEMStructure pEMStructure, byte[] bArr) {
        String[] strArr = pEMStructure.f8738b;
        if (strArr == null) {
            throw new IOException("Broken PEM, no mode and salt given, but encryption enabled");
        }
        if (strArr.length != 2) {
            throw new IOException("Broken PEM, DEK-Info is incomplete!");
        }
        String str = strArr[0];
        String str2 = strArr[1];
        if (str2 == null) {
            throw new IllegalArgumentException("null argument");
        }
        if (str2.length() % 2 != 0) {
            throw new IllegalArgumentException("Uneven string length in hex encoding.");
        }
        int length = str2.length() / 2;
        byte[] bArr2 = new byte[length];
        for (int i2 = 0; i2 < length; i2++) {
            int i3 = i2 * 2;
            bArr2[i2] = (byte) ((a(str2.charAt(i3)) * 16) + a(str2.charAt(i3 + 1)));
        }
        pEMStructure.f8740d = a(pEMStructure.f8740d, bArr, bArr2, -1, str);
        pEMStructure.f8738b = null;
        pEMStructure.f8739c = null;
    }

    public static final boolean a(PEMStructure pEMStructure) {
        if (pEMStructure.f8737a == 4) {
            TypesReader typesReader = new TypesReader(pEMStructure.f8740d);
            byte[] a2 = typesReader.a(f8736a.length);
            if (Arrays.equals(f8736a, a2)) {
                typesReader.f();
                return !"none".equals(typesReader.f());
            }
            StringBuilder a3 = a.a("Could not find OPENSSH key magic: ");
            a3.append(new String(a2));
            throw new IOException(a3.toString());
        }
        String[] strArr = pEMStructure.f8739c;
        if (strArr == null) {
            return false;
        }
        if (strArr.length != 2) {
            throw new IOException("Unknown Proc-Type field.");
        }
        if ("4".equals(strArr[0])) {
            return "ENCRYPTED".equals(pEMStructure.f8739c[1]);
        }
        throw new IOException(a.a(a.a("Unknown Proc-Type field ("), pEMStructure.f8739c[0], ")"));
    }

    public static byte[] a(byte[] bArr, byte[] bArr2, byte[] bArr3, int i2, String str) {
        BlockCipher cbc;
        String lowerCase = str.toLowerCase(Locale.US);
        int i3 = 24;
        if (lowerCase.equals("des-ede3-cbc")) {
            cbc = new DESede.CBC();
        } else if (lowerCase.equals("des-cbc")) {
            cbc = new DES.CBC();
            i3 = 8;
        } else if (lowerCase.equals("aes-128-cbc") || lowerCase.equals("aes128-cbc")) {
            cbc = new AES.CBC();
            i3 = 16;
        } else if (lowerCase.equals("aes-192-cbc") || lowerCase.equals("aes192-cbc")) {
            cbc = new AES.CBC();
        } else {
            if (!lowerCase.equals("aes-256-cbc") && !lowerCase.equals("aes256-cbc")) {
                throw new IOException(a.a("Cannot decrypt PEM structure, unknown cipher ", str));
            }
            cbc = new AES.CBC();
            i3 = 32;
        }
        if (i2 != -1) {
            byte[] bArr4 = new byte[i3];
            int blockSize = cbc.getBlockSize();
            byte[] bArr5 = new byte[blockSize];
            byte[] bArr6 = new byte[i3 + blockSize];
            new BCrypt().pbkdf(bArr2, bArr3, i2, bArr6);
            System.arraycopy(bArr6, 0, bArr4, 0, i3);
            System.arraycopy(bArr6, i3, bArr5, 0, blockSize);
            cbc.a(false, bArr4, bArr5);
        } else {
            if (bArr3.length < 8) {
                throw new IllegalArgumentException("Salt needs to be at least 8 bytes for key generation.");
            }
            try {
                MessageDigest messageDigest = MessageDigest.getInstance("MD5");
                byte[] bArr7 = new byte[i3];
                int digestLength = messageDigest.getDigestLength();
                byte[] bArr8 = new byte[digestLength];
                int i4 = i3;
                while (true) {
                    messageDigest.update(bArr2, 0, bArr2.length);
                    messageDigest.update(bArr3, 0, 8);
                    int i5 = i4 < digestLength ? i4 : digestLength;
                    try {
                        messageDigest.digest(bArr8, 0, digestLength);
                        System.arraycopy(bArr8, 0, bArr7, i3 - i4, i5);
                        i4 -= i5;
                        if (i4 == 0) {
                            break;
                        }
                        messageDigest.update(bArr8, 0, digestLength);
                    } catch (DigestException e2) {
                        throw new IOException("could not digest password", e2);
                    }
                }
                cbc.a(false, bArr7, bArr3);
            } catch (NoSuchAlgorithmException e3) {
                throw new IllegalArgumentException("VM does not support MD5", e3);
            }
        }
        if (bArr.length % cbc.getBlockSize() != 0) {
            StringBuilder a2 = a.a("Invalid PEM structure, size of encrypted block is not a multiple of ");
            a2.append(cbc.getBlockSize());
            throw new IOException(a2.toString());
        }
        int length = bArr.length;
        byte[] bArr9 = new byte[length];
        for (int i6 = 0; i6 < bArr.length / cbc.getBlockSize(); i6++) {
            cbc.a(bArr, cbc.getBlockSize() * i6, bArr9, cbc.getBlockSize() * i6);
        }
        if (i2 != -1) {
            return bArr9;
        }
        int blockSize2 = cbc.getBlockSize();
        int i7 = bArr9[length - 1] & 255;
        if (i7 < 1 || i7 > blockSize2) {
            throw new IOException("Decrypted PEM has wrong padding, did you specify the correct password?");
        }
        for (int i8 = 2; i8 <= i7; i8++) {
            if (bArr9[length - i8] != i7) {
                throw new IOException("Decrypted PEM has wrong padding, did you specify the correct password?");
            }
        }
        int i9 = length - i7;
        byte[] bArr10 = new byte[i9];
        System.arraycopy(bArr9, 0, bArr10, 0, i9);
        return bArr10;
    }
}
