package com.trilead.ssh2.signature;

import androidx.lifecycle.ViewModelProvider$Factory;
import com.google.crypto.tink.subtle.Ed25519Sign;
import com.trilead.ssh2.crypto.keys.Ed25519PrivateKey;
import com.trilead.ssh2.crypto.keys.Ed25519PublicKey;
import com.trilead.ssh2.log.Logger;
import com.trilead.ssh2.packets.TypesWriter;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.DSAParams;
import java.security.interfaces.DSAPublicKey;
import java.security.spec.DSAPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
import okhttp3.ConnectionPool;
import okhttp3.internal.http2.Huffman;
import org.joda.time.tz.CachedDateTimeZone;

/* loaded from: classes.dex */
public final class RSASHA1Verify implements SSHSignature {
    public static final Logger log = new Logger(0);
    public static final Logger log$1 = new Logger(0);
    public static final Logger log$2 = new Logger(0);
    public final /* synthetic */ int $r8$classId;

    /* loaded from: classes.dex */
    public abstract class InstanceHolder {
        public static final RSASHA1Verify sInstance = new RSASHA1Verify(0);
    }

    public /* synthetic */ RSASHA1Verify(int i) {
        this.$r8$classId = i;
    }

    public static byte[] encodeRSASHA256Signature(byte[] bArr) {
        TypesWriter typesWriter = new TypesWriter();
        typesWriter.writeString("rsa-sha2-256");
        if (bArr.length <= 1 || bArr[0] != 0) {
            typesWriter.writeString(bArr, 0, bArr.length);
        } else {
            typesWriter.writeString(bArr, 1, bArr.length - 1);
        }
        return typesWriter.getBytes();
    }

    public static byte[] encodeRSASHA512Signature(byte[] bArr) {
        TypesWriter typesWriter = new TypesWriter();
        typesWriter.writeString("rsa-sha2-512");
        if (bArr.length <= 1 || bArr[0] != 0) {
            typesWriter.writeString(bArr, 0, bArr.length);
        } else {
            typesWriter.writeString(bArr, 1, bArr.length - 1);
        }
        return typesWriter.getBytes();
    }

    public static byte[] encodeSignature(byte[] bArr) {
        TypesWriter typesWriter = new TypesWriter();
        typesWriter.writeString("ssh-rsa");
        if (bArr.length <= 1 || bArr[0] != 0) {
            typesWriter.writeString(bArr, 0, bArr.length);
        } else {
            typesWriter.writeString(bArr, 1, bArr.length - 1);
        }
        return typesWriter.getBytes();
    }

    public static byte[] encodeSignature$1(byte[] bArr) {
        TypesWriter typesWriter = new TypesWriter();
        typesWriter.writeString("ssh-dss");
        int i = bArr[3] & 255;
        byte[] bArr2 = new byte[i];
        System.arraycopy(bArr, 4, bArr2, 0, i);
        int i2 = bArr[i + 5] & 255;
        byte[] bArr3 = new byte[i2];
        System.arraycopy(bArr, i + 6, bArr3, 0, i2);
        byte[] bArr4 = new byte[40];
        int i3 = i < 20 ? i : 20;
        int i4 = i2 < 20 ? i2 : 20;
        System.arraycopy(bArr2, i - i3, bArr4, 20 - i3, i3);
        System.arraycopy(bArr3, i2 - i4, bArr4, 40 - i4, i4);
        typesWriter.writeString(bArr4, 0, 40);
        return typesWriter.getBytes();
    }

    @Override // com.trilead.ssh2.signature.SSHSignature
    public final PublicKey decodePublicKey(byte[] bArr) {
        switch (this.$r8$classId) {
            case CachedDateTimeZone.cInfoCacheMask /* 0 */:
                Huffman.Node node = new Huffman.Node(bArr);
                if (!node.readString().equals("ssh-rsa")) {
                    throw new IllegalArgumentException("This is not a ssh-rsa public key");
                }
                BigInteger readMPINT = node.readMPINT();
                BigInteger readMPINT2 = node.readMPINT();
                if (node.remain() != 0) {
                    throw new IOException("Padding in RSA public key!");
                }
                try {
                    return KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(readMPINT2, readMPINT));
                } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
                    throw new IOException("No RSA KeyFactory available", e);
                }
            case 1:
                return InstanceHolder.sInstance.decodePublicKey(bArr);
            case 2:
                return InstanceHolder.sInstance.decodePublicKey(bArr);
            case 3:
                Huffman.Node node2 = new Huffman.Node(bArr);
                if (!node2.readString().equals("ssh-dss")) {
                    throw new IllegalArgumentException("This is not a ssh-dss public key!");
                }
                BigInteger readMPINT3 = node2.readMPINT();
                BigInteger readMPINT4 = node2.readMPINT();
                BigInteger readMPINT5 = node2.readMPINT();
                BigInteger readMPINT6 = node2.readMPINT();
                if (node2.remain() != 0) {
                    throw new IOException("Padding in DSA public key!");
                }
                try {
                    return (DSAPublicKey) KeyFactory.getInstance("DSA").generatePublic(new DSAPublicKeySpec(readMPINT6, readMPINT3, readMPINT4, readMPINT5));
                } catch (NoSuchAlgorithmException | InvalidKeySpecException e2) {
                    throw new IOException(e2);
                }
            default:
                Huffman.Node node3 = new Huffman.Node(bArr);
                if (!node3.readString().equals("ssh-ed25519")) {
                    throw new IOException("This is not an Ed25519 key");
                }
                byte[] readByteString = node3.readByteString();
                if (node3.remain() != 0) {
                    throw new IOException("Padding in Ed25519 public key! " + node3.remain() + " bytes left.");
                }
                if (readByteString.length == 32) {
                    return new Ed25519PublicKey(readByteString);
                }
                throw new IOException("Ed25519 was not of correct length: " + readByteString.length + " vs 32");
        }
    }

    public byte[] encodePublicKey(PublicKey publicKey) {
        DSAPublicKey dSAPublicKey = (DSAPublicKey) publicKey;
        TypesWriter typesWriter = new TypesWriter();
        typesWriter.writeString("ssh-dss");
        DSAParams params = dSAPublicKey.getParams();
        typesWriter.writeMPInt(params.getP());
        typesWriter.writeMPInt(params.getQ());
        typesWriter.writeMPInt(params.getG());
        typesWriter.writeMPInt(dSAPublicKey.getY());
        return typesWriter.getBytes();
    }

    public byte[] generateSignature(byte[] bArr, PrivateKey privateKey, SecureRandom secureRandom) {
        try {
            byte[] sign = new Ed25519Sign(((Ed25519PrivateKey) privateKey).getSeed()).sign(bArr);
            TypesWriter typesWriter = new TypesWriter();
            typesWriter.writeString("ssh-ed25519");
            typesWriter.writeString(sign, 0, sign.length);
            return typesWriter.getBytes();
        } catch (GeneralSecurityException e) {
            throw new IOException(e);
        }
    }

    @Override // com.trilead.ssh2.signature.SSHSignature
    public final String getKeyFormat() {
        switch (this.$r8$classId) {
            case CachedDateTimeZone.cInfoCacheMask /* 0 */:
                return "ssh-rsa";
            case 1:
                return "rsa-sha2-256";
            case 2:
                return "rsa-sha2-512";
            case 3:
                return "ssh-dss";
            default:
                return "ssh-ed25519";
        }
    }

    @Override // com.trilead.ssh2.signature.SSHSignature
    public final boolean verifySignature(byte[] bArr, byte[] bArr2, PublicKey publicKey) {
        byte b;
        byte b2;
        byte[] bArr3 = bArr2;
        switch (this.$r8$classId) {
            case CachedDateTimeZone.cInfoCacheMask /* 0 */:
                Huffman.Node node = new Huffman.Node(bArr3);
                if (!node.readString().equals("ssh-rsa")) {
                    throw new IOException("Peer sent wrong signature format");
                }
                byte[] readByteString = node.readByteString();
                if (readByteString.length == 0) {
                    throw new IOException("Error in RSA signature, S is empty.");
                }
                log.getClass();
                if (node.remain() != 0) {
                    throw new IOException("Padding in RSA signature!");
                }
                try {
                    Signature signature = Signature.getInstance("SHA1withRSA");
                    signature.initVerify(publicKey);
                    signature.update(bArr);
                    return signature.verify(readByteString);
                } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
                    throw new IOException(e);
                }
            case 1:
                Huffman.Node node2 = new Huffman.Node(bArr3);
                if (!node2.readString().equals("rsa-sha2-256")) {
                    throw new IOException("Peer sent wrong signature format");
                }
                byte[] readByteString2 = node2.readByteString();
                if (readByteString2.length == 0) {
                    throw new IOException("Error in RSA signature, S is empty.");
                }
                log$1.getClass();
                if (node2.remain() != 0) {
                    throw new IOException("Padding in RSA signature!");
                }
                try {
                    Signature signature2 = Signature.getInstance("SHA256withRSA");
                    signature2.initVerify(publicKey);
                    signature2.update(bArr);
                    return signature2.verify(readByteString2);
                } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e2) {
                    throw new IOException(e2);
                }
            case 2:
                Huffman.Node node3 = new Huffman.Node(bArr3);
                if (!node3.readString().equals("rsa-sha2-512")) {
                    throw new IOException("Peer sent wrong signature format");
                }
                byte[] readByteString3 = node3.readByteString();
                if (readByteString3.length == 0) {
                    throw new IOException("Error in RSA signature, S is empty.");
                }
                log$2.getClass();
                if (node3.remain() != 0) {
                    throw new IOException("Padding in RSA signature!");
                }
                try {
                    Signature signature3 = Signature.getInstance("SHA512withRSA");
                    signature3.initVerify(publicKey);
                    signature3.update(bArr);
                    return signature3.verify(readByteString3);
                } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e3) {
                    throw new IOException(e3);
                }
            case 3:
                if (bArr3.length != 40) {
                    Huffman.Node node4 = new Huffman.Node(bArr3);
                    if (!node4.readString().equals("ssh-dss")) {
                        throw new IOException("Peer sent wrong signature format");
                    }
                    bArr3 = node4.readByteString();
                    if (bArr3.length != 40) {
                        throw new IOException("Peer sent corrupt signature");
                    }
                    if (node4.remain() != 0) {
                        throw new IOException("Padding in DSA signature!");
                    }
                }
                byte b3 = bArr3[0];
                if (b3 == 0 && (b = bArr3[1]) == 0 && (b2 = bArr3[2]) == 0) {
                    int i = ((b3 << 24) & (-16777216)) | ((b << 16) & 16711680) | ((b2 << 8) & 65280) | (bArr3[3] & 255);
                    int i2 = ((bArr3[4 + i] << 24) & (-16777216)) | ((bArr3[i + 5] << 16) & 16711680) | (65280 & (bArr3[i + 6] << 8)) | (bArr3[i + 7] & 255);
                    byte[] bArr4 = new byte[i2];
                    System.arraycopy(bArr3, i + 8, bArr4, 0, i2);
                    bArr3 = bArr4;
                }
                int i3 = (bArr3[0] & 128) != 0 ? 1 : 0;
                byte b4 = (bArr3[20] & 128) != 0 ? (byte) 1 : (byte) 0;
                byte[] bArr5 = new byte[ViewModelProvider$Factory.CC.m(bArr3.length, 6, i3, b4)];
                bArr5[0] = 48;
                if (bArr3.length != 40) {
                    throw new IOException("Peer sent corrupt signature");
                }
                bArr5[1] = 44;
                byte b5 = (byte) (44 + i3);
                bArr5[1] = b5;
                bArr5[1] = (byte) (b5 + b4);
                bArr5[2] = 2;
                bArr5[3] = 20;
                bArr5[3] = (byte) (20 + i3);
                System.arraycopy(bArr3, 0, bArr5, i3 + 4, 20);
                bArr5[bArr5[3] + 4] = 2;
                bArr5[bArr5[3] + 5] = 20;
                int i4 = bArr5[3] + 5;
                bArr5[i4] = (byte) (bArr5[i4] + b4);
                System.arraycopy(bArr3, 20, bArr5, bArr5[3] + 6 + b4, 20);
                try {
                    Signature signature4 = Signature.getInstance("SHA1withDSA");
                    signature4.initVerify(publicKey);
                    signature4.update(bArr);
                    return signature4.verify(bArr5);
                } catch (InvalidKeyException e4) {
                    e = e4;
                    throw new IOException("No such algorithm", e);
                } catch (NoSuchAlgorithmException e5) {
                    e = e5;
                    throw new IOException("No such algorithm", e);
                } catch (SignatureException e6) {
                    throw new IOException(e6);
                }
            default:
                Ed25519PublicKey ed25519PublicKey = (Ed25519PublicKey) publicKey;
                Huffman.Node node5 = new Huffman.Node(bArr3);
                if (!node5.readString().equals("ssh-ed25519")) {
                    throw new IOException("Peer sent wrong signature format");
                }
                byte[] readByteString4 = node5.readByteString();
                if (node5.remain() != 0) {
                    throw new IOException("Padding in Ed25519 signature!");
                }
                if (readByteString4.length <= 64) {
                    try {
                        new ConnectionPool(ed25519PublicKey.getAbyte()).verify(readByteString4, bArr);
                        return true;
                    } catch (GeneralSecurityException unused) {
                        return false;
                    }
                }
                throw new IOException("Ed25519 signature was " + readByteString4.length + " bytes (32 expected)");
        }
    }
}
