package com.trilead.ssh2.signature;

import com.trilead.ssh2.crypto.CertificateDecoder;
import com.trilead.ssh2.crypto.PEMStructure;
import com.trilead.ssh2.crypto.cipher.BlockCipher;
import com.trilead.ssh2.crypto.cipher.BlockCipherFactory;
import com.trilead.ssh2.crypto.cipher.CBCMode;
import com.trilead.ssh2.crypto.cipher.DES;
import com.trilead.ssh2.packets.TypesReader;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import org.mindrot.jbcrypt.BCrypt;

/* loaded from: input_file:com/trilead/ssh2/signature/OpenSshCertificateDecoder.class */
abstract class OpenSshCertificateDecoder extends CertificateDecoder {
    private final String keyAlgorithm;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/trilead/ssh2/signature/OpenSshCertificateDecoder$SshCipher.class */
    public enum SshCipher {
        DESEDE_CBC(24, 8, "des-ede3-cbc", new String[0]) { // from class: com.trilead.ssh2.signature.OpenSshCertificateDecoder.SshCipher.1
            @Override // com.trilead.ssh2.signature.OpenSshCertificateDecoder.SshCipher
            BlockCipher createBlockCipher(byte[] bArr, byte[] bArr2, boolean z) {
                return BlockCipherFactory.createCipher("3des-cbc", z, bArr, bArr2);
            }
        },
        DES_CBC(8, 8, "des-cbc", new String[0]) { // from class: com.trilead.ssh2.signature.OpenSshCertificateDecoder.SshCipher.2
            @Override // com.trilead.ssh2.signature.OpenSshCertificateDecoder.SshCipher
            BlockCipher createBlockCipher(byte[] bArr, byte[] bArr2, boolean z) {
                DES des = new DES();
                des.init(z, bArr);
                return new CBCMode(des, bArr2, z);
            }
        },
        AES128_CBC(16, 16, "aes-128-cbc", "aes128-cbc") { // from class: com.trilead.ssh2.signature.OpenSshCertificateDecoder.SshCipher.3
            @Override // com.trilead.ssh2.signature.OpenSshCertificateDecoder.SshCipher
            BlockCipher createBlockCipher(byte[] bArr, byte[] bArr2, boolean z) {
                return BlockCipherFactory.createCipher("aes128-cbc", z, bArr, bArr2);
            }
        },
        AES192_CBC(24, 16, "aes-192-cbc", "aes192-cbc") { // from class: com.trilead.ssh2.signature.OpenSshCertificateDecoder.SshCipher.4
            @Override // com.trilead.ssh2.signature.OpenSshCertificateDecoder.SshCipher
            BlockCipher createBlockCipher(byte[] bArr, byte[] bArr2, boolean z) {
                return BlockCipherFactory.createCipher("aes192-cbc", z, bArr, bArr2);
            }
        },
        AES256_CBC(32, 16, "aes-256-cbc", "aes256-cbc") { // from class: com.trilead.ssh2.signature.OpenSshCertificateDecoder.SshCipher.5
            @Override // com.trilead.ssh2.signature.OpenSshCertificateDecoder.SshCipher
            BlockCipher createBlockCipher(byte[] bArr, byte[] bArr2, boolean z) {
                return BlockCipherFactory.createCipher("aes256-cbc", z, bArr, bArr2);
            }
        },
        AES256_CTR(32, 16, "aes-256-ctr", "aes256-ctr") { // from class: com.trilead.ssh2.signature.OpenSshCertificateDecoder.SshCipher.6
            @Override // com.trilead.ssh2.signature.OpenSshCertificateDecoder.SshCipher
            BlockCipher createBlockCipher(byte[] bArr, byte[] bArr2, boolean z) {
                return BlockCipherFactory.createCipher("aes256-ctr", z, bArr, bArr2);
            }
        };

        private final String[] sshCipherNames;
        private final int keyLength;
        private final int blockSize;

        SshCipher(int i, int i2, String str, String... strArr) {
            this.keyLength = i;
            this.blockSize = i2;
            String[] strArr2 = new String[1 + (null == strArr ? 0 : strArr.length)];
            strArr2[0] = str;
            if (null != strArr) {
                System.arraycopy(strArr, 0, strArr2, 1, strArr.length);
            }
            this.sshCipherNames = strArr2;
        }

        abstract BlockCipher createBlockCipher(byte[] bArr, byte[] bArr2, boolean z);

        public int getBlockSize() {
            return this.blockSize;
        }

        public int getKeyLength() {
            return this.keyLength;
        }

        public static SshCipher getInstance(String str) {
            for (SshCipher sshCipher : values()) {
                for (String str2 : sshCipher.sshCipherNames) {
                    if (str2.equalsIgnoreCase(str)) {
                        return sshCipher;
                    }
                }
            }
            throw new IllegalArgumentException("Unknown Cipher: " + str);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public OpenSshCertificateDecoder(String str) {
        this.keyAlgorithm = str;
    }

    @Override // com.trilead.ssh2.crypto.CertificateDecoder
    public String getStartLine() {
        return "-----BEGIN OPENSSH PRIVATE KEY-----";
    }

    @Override // com.trilead.ssh2.crypto.CertificateDecoder
    public String getEndLine() {
        return "-----END OPENSSH PRIVATE KEY-----";
    }

    @Override // com.trilead.ssh2.crypto.CertificateDecoder
    public KeyPair createKeyPair(PEMStructure pEMStructure) {
        return null;
    }

    @Override // com.trilead.ssh2.crypto.CertificateDecoder
    public KeyPair createKeyPair(PEMStructure pEMStructure, String str) throws IOException {
        TypesReader typesReader = new TypesReader(pEMStructure.getData());
        if (!"openssh-key-v1".equals(new String(typesReader.readBytes(15), StandardCharsets.UTF_8).trim())) {
            throw new IOException("Could not find openssh header in key");
        }
        String readString = typesReader.readString();
        String readString2 = typesReader.readString();
        byte[] readByteString = typesReader.readByteString();
        if (typesReader.readUINT32() != 1) {
            throw new IOException("Only single OpenSSH keys are supported");
        }
        typesReader.readByteString();
        byte[] readByteString2 = typesReader.readByteString();
        if ("bcrypt".equals(readString2)) {
            if (str == null) {
                throw new IOException("PEM is encrypted but password has not been specified");
            }
            TypesReader typesReader2 = new TypesReader(readByteString);
            byte[] readByteString3 = typesReader2.readByteString();
            int readUINT32 = typesReader2.readUINT32();
            SshCipher sshCipher = SshCipher.getInstance(readString);
            readByteString2 = decryptData(readByteString2, generateKayAndIvPbkdf2(str.getBytes(StandardCharsets.UTF_8), readByteString3, readUINT32, sshCipher.getKeyLength(), sshCipher.getBlockSize()), sshCipher);
        } else if (!"none".equals(readString) || !"none".equals(readString2)) {
            throw new IOException("Unexpected encryption method for key");
        }
        TypesReader typesReader3 = new TypesReader(readByteString2);
        if (typesReader3.readUINT32() != typesReader3.readUINT32()) {
            throw new IOException("Check integers didn't match");
        }
        String readString3 = typesReader3.readString();
        if (!readString3.equals(this.keyAlgorithm)) {
            throw new IOException("Invalid key type: " + readString3);
        }
        try {
            KeyPair generateKeyPair = generateKeyPair(typesReader3);
            typesReader3.readByteString();
            for (int i = 0; i < typesReader.remain(); i++) {
                if (i + 1 != typesReader.readByte()) {
                    throw new IOException("Incorrect padding on private keys");
                }
            }
            return generateKeyPair;
        } catch (GeneralSecurityException e) {
            throw new IOException("Could not create key pair", e);
        }
    }

    abstract KeyPair generateKeyPair(TypesReader typesReader) throws GeneralSecurityException, IOException;

    private static byte[] decryptData(byte[] bArr, byte[] bArr2, SshCipher sshCipher) {
        byte[] bArr3 = new byte[sshCipher.getKeyLength()];
        byte[] bArr4 = new byte[sshCipher.getBlockSize()];
        System.arraycopy(bArr2, 0, bArr3, 0, bArr3.length);
        System.arraycopy(bArr2, bArr3.length, bArr4, 0, bArr4.length);
        BlockCipher createBlockCipher = sshCipher.createBlockCipher(bArr3, bArr4, false);
        byte[] bArr5 = new byte[bArr.length];
        for (int i = 0; i < bArr.length / createBlockCipher.getBlockSize(); i++) {
            createBlockCipher.transformBlock(bArr, i * createBlockCipher.getBlockSize(), bArr5, i * createBlockCipher.getBlockSize());
        }
        return bArr5;
    }

    private static byte[] generateKayAndIvPbkdf2(byte[] bArr, byte[] bArr2, int i, int i2, int i3) {
        byte[] bArr3 = new byte[i2 + i3];
        new BCrypt().pbkdf(bArr, bArr2, i, bArr3);
        return bArr3;
    }
}
