package net.schmizz.sshj.userauth.keyprovider;

import io.restassured.http.Cookie;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataInput;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.spec.DSAPrivateKeySpec;
import java.security.spec.DSAPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPrivateKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import net.schmizz.sshj.common.Base64;
import net.schmizz.sshj.common.Factory;
import net.schmizz.sshj.common.KeyType;
import net.schmizz.sshj.userauth.password.PasswordUtils;
import org.bouncycastle.util.encoders.Hex;

/* loaded from: input_file:net/schmizz/sshj/userauth/keyprovider/PuTTYKeyFile.class */
public class PuTTYKeyFile extends BaseFileKeyProvider {
    private byte[] privateKey;
    private byte[] publicKey;
    private Map<String, String> payload = new HashMap();
    private final Map<String, String> headers = new HashMap();

    /* loaded from: input_file:net/schmizz/sshj/userauth/keyprovider/PuTTYKeyFile$Factory.class */
    public static class Factory implements Factory.Named<FileKeyProvider> {
        @Override // net.schmizz.sshj.common.Factory
        public FileKeyProvider create() {
            return new PuTTYKeyFile();
        }

        @Override // net.schmizz.sshj.common.Factory.Named
        public String getName() {
            return "PuTTY";
        }
    }

    /* loaded from: input_file:net/schmizz/sshj/userauth/keyprovider/PuTTYKeyFile$KeyReader.class */
    private static final class KeyReader {
        private final DataInput di;

        public KeyReader(byte[] bArr) {
            this.di = new DataInputStream(new ByteArrayInputStream(bArr));
        }

        public void skip() throws IOException {
            int readInt = this.di.readInt();
            if (readInt != this.di.skipBytes(readInt)) {
                throw new IOException(String.format("Failed to skip %d bytes", Integer.valueOf(readInt)));
            }
        }

        private byte[] read() throws IOException {
            int readInt = this.di.readInt();
            if (readInt <= 0 || readInt > 513) {
                throw new IOException(String.format("Invalid length %d", Integer.valueOf(readInt)));
            }
            byte[] bArr = new byte[readInt];
            this.di.readFully(bArr);
            return bArr;
        }

        public BigInteger readInt() throws IOException {
            return new BigInteger(read());
        }
    }

    @Override // net.schmizz.sshj.userauth.keyprovider.BaseFileKeyProvider, net.schmizz.sshj.userauth.keyprovider.KeyProvider
    public KeyType getType() throws IOException {
        return KeyType.fromString(this.headers.get("PuTTY-User-Key-File-2"));
    }

    public boolean isEncrypted() {
        return "aes256-cbc".equals(this.headers.get("Encryption"));
    }

    @Override // net.schmizz.sshj.userauth.keyprovider.BaseFileKeyProvider
    protected KeyPair readKeyPair() throws IOException {
        parseKeyPair();
        if (KeyType.RSA.equals(getType())) {
            KeyReader keyReader = new KeyReader(this.publicKey);
            keyReader.skip();
            BigInteger readInt = keyReader.readInt();
            BigInteger readInt2 = keyReader.readInt();
            BigInteger readInt3 = new KeyReader(this.privateKey).readInt();
            try {
                KeyFactory keyFactory = KeyFactory.getInstance("RSA");
                try {
                    return new KeyPair(keyFactory.generatePublic(new RSAPublicKeySpec(readInt2, readInt)), keyFactory.generatePrivate(new RSAPrivateKeySpec(readInt2, readInt3)));
                } catch (InvalidKeySpecException e) {
                    throw new IOException(e.getMessage(), e);
                }
            } catch (NoSuchAlgorithmException e2) {
                throw new IOException(e2.getMessage(), e2);
            }
        }
        if (!KeyType.DSA.equals(getType())) {
            throw new IOException(String.format("Unknown key type %s", getType()));
        }
        KeyReader keyReader2 = new KeyReader(this.publicKey);
        keyReader2.skip();
        BigInteger readInt4 = keyReader2.readInt();
        BigInteger readInt5 = keyReader2.readInt();
        BigInteger readInt6 = keyReader2.readInt();
        BigInteger readInt7 = keyReader2.readInt();
        BigInteger readInt8 = new KeyReader(this.privateKey).readInt();
        try {
            KeyFactory keyFactory2 = KeyFactory.getInstance("DSA");
            try {
                return new KeyPair(keyFactory2.generatePublic(new DSAPublicKeySpec(readInt7, readInt4, readInt5, readInt6)), keyFactory2.generatePrivate(new DSAPrivateKeySpec(readInt8, readInt4, readInt5, readInt6)));
            } catch (InvalidKeySpecException e3) {
                throw new IOException(e3.getMessage(), e3);
            }
        } catch (NoSuchAlgorithmException e4) {
            throw new IOException(e4.getMessage(), e4);
        }
    }

    /* JADX WARN: Finally extract failed */
    protected void parseKeyPair() throws IOException {
        BufferedReader bufferedReader = new BufferedReader(this.resource.getReader());
        String str = null;
        while (true) {
            try {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                }
                int indexOf = readLine.indexOf(": ");
                if (indexOf > 0) {
                    str = readLine.substring(0, indexOf);
                    this.headers.put(str, readLine.substring(indexOf + 2));
                } else {
                    String str2 = this.payload.get(str);
                    this.payload.put(str, str2 == null ? readLine : str2 + readLine);
                }
            } finally {
                bufferedReader.close();
            }
        }
        this.publicKey = Base64.decode(this.payload.get("Public-Lines"));
        if (!isEncrypted()) {
            this.privateKey = Base64.decode(this.payload.get("Private-Lines"));
            return;
        }
        char[] reqPassword = this.pwdf != null ? this.pwdf.reqPassword(this.resource) : "".toCharArray();
        try {
            this.privateKey = decrypt(Base64.decode(this.payload.get("Private-Lines")), new String(reqPassword));
            verify(new String(reqPassword));
            PasswordUtils.blankOut(reqPassword);
        } catch (Throwable th) {
            PasswordUtils.blankOut(reqPassword);
            throw th;
        }
    }

    private byte[] toKey(String str) throws IOException {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
            messageDigest.update(new byte[]{0, 0, 0, 0});
            messageDigest.update(str.getBytes());
            byte[] digest = messageDigest.digest();
            messageDigest.update(new byte[]{0, 0, 0, 1});
            messageDigest.update(str.getBytes());
            byte[] digest2 = messageDigest.digest();
            byte[] bArr = new byte[32];
            System.arraycopy(digest, 0, bArr, 0, 20);
            System.arraycopy(digest2, 0, bArr, 20, 12);
            return bArr;
        } catch (NoSuchAlgorithmException e) {
            throw new IOException(e.getMessage(), e);
        }
    }

    private void verify(String str) throws IOException {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
            messageDigest.update("putty-private-key-file-mac-key".getBytes());
            if (str != null) {
                messageDigest.update(str.getBytes());
            }
            byte[] digest = messageDigest.digest();
            Mac mac = Mac.getInstance("HmacSHA1");
            mac.init(new SecretKeySpec(digest, 0, 20, mac.getAlgorithm()));
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
            dataOutputStream.writeInt(getType().toString().length());
            dataOutputStream.writeBytes(getType().toString());
            dataOutputStream.writeInt(this.headers.get("Encryption").length());
            dataOutputStream.writeBytes(this.headers.get("Encryption"));
            dataOutputStream.writeInt(this.headers.get(Cookie.COMMENT).length());
            dataOutputStream.writeBytes(this.headers.get(Cookie.COMMENT));
            dataOutputStream.writeInt(this.publicKey.length);
            dataOutputStream.write(this.publicKey);
            dataOutputStream.writeInt(this.privateKey.length);
            dataOutputStream.write(this.privateKey);
            if (Hex.toHexString(mac.doFinal(byteArrayOutputStream.toByteArray())).equals(this.headers.get("Private-MAC"))) {
            } else {
                throw new IOException("Invalid passphrase");
            }
        } catch (GeneralSecurityException e) {
            throw new IOException(e.getMessage(), e);
        }
    }

    private byte[] decrypt(byte[] bArr, String str) throws IOException {
        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
            cipher.init(2, new SecretKeySpec(toKey(str), 0, 32, "AES"), new IvParameterSpec(new byte[16]));
            return cipher.doFinal(bArr);
        } catch (GeneralSecurityException e) {
            throw new IOException(e.getMessage(), e);
        }
    }
}
