package com.urbanvpn.ssh2.crypto;

import ae.c;
import ae.d;
import com.urbanvpn.ssh2.crypto.cipher.AES;
import com.urbanvpn.ssh2.crypto.cipher.BlockCipher;
import com.urbanvpn.ssh2.crypto.cipher.DES;
import com.urbanvpn.ssh2.crypto.cipher.DESede;
import com.urbanvpn.ssh2.packets.TypesReader;
import com.urbanvpn.ssh2.signature.ECDSASHA2Verify;
import de.a;
import de.b;
import de.e;
import java.io.BufferedReader;
import java.io.CharArrayReader;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.DigestException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.spec.DSAPrivateKeySpec;
import java.security.spec.DSAPublicKeySpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPrivateKeySpec;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.security.spec.RSAPrivateKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.Arrays;
import java.util.Locale;

/* loaded from: classes.dex */
public class PEMDecoder {

    /* renamed from: a, reason: collision with root package name */
    private static final byte[] f9298a = {111, 112, 101, 110, 115, 115, 104, 45, 107, 101, 121, 45, 118, 49, 0};

    public static KeyPair a(PEMStructure pEMStructure, String str) {
        KeyPair f10;
        KeySpec rSAPrivateKeySpec;
        if (i(pEMStructure) && pEMStructure.f9299a != 4) {
            if (str == null) {
                throw new IOException("PEM is encrypted, but no password was specified");
            }
            d(pEMStructure, str.getBytes(StandardCharsets.ISO_8859_1));
        }
        int i10 = pEMStructure.f9299a;
        if (i10 == 2) {
            SimpleDERReader simpleDERReader = new SimpleDERReader(pEMStructure.f9302d);
            byte[] j10 = simpleDERReader.j();
            if (simpleDERReader.a() != 0) {
                throw new IOException("Padding in DSA PRIVATE KEY DER stream.");
            }
            simpleDERReader.k(j10);
            BigInteger f11 = simpleDERReader.f();
            if (f11.compareTo(BigInteger.ZERO) != 0) {
                throw new IOException("Wrong version (" + f11 + ") in DSA PRIVATE KEY DER stream.");
            }
            BigInteger f12 = simpleDERReader.f();
            BigInteger f13 = simpleDERReader.f();
            BigInteger f14 = simpleDERReader.f();
            BigInteger f15 = simpleDERReader.f();
            BigInteger f16 = simpleDERReader.f();
            if (simpleDERReader.a() == 0) {
                return f("DSA", new DSAPrivateKeySpec(f16, f12, f13, f14), new DSAPublicKeySpec(f15, f12, f13, f14));
            }
            throw new IOException("Padding in DSA PRIVATE KEY DER stream.");
        }
        if (i10 == 1) {
            SimpleDERReader simpleDERReader2 = new SimpleDERReader(pEMStructure.f9302d);
            byte[] j11 = simpleDERReader2.j();
            if (simpleDERReader2.a() != 0) {
                throw new IOException("Padding in RSA PRIVATE KEY DER stream.");
            }
            simpleDERReader2.k(j11);
            BigInteger f17 = simpleDERReader2.f();
            if (f17.compareTo(BigInteger.ZERO) == 0 || f17.compareTo(BigInteger.ONE) == 0) {
                BigInteger f18 = simpleDERReader2.f();
                BigInteger f19 = simpleDERReader2.f();
                return f("RSA", new RSAPrivateCrtKeySpec(f18, f19, simpleDERReader2.f(), simpleDERReader2.f(), simpleDERReader2.f(), simpleDERReader2.f(), simpleDERReader2.f(), simpleDERReader2.f()), new RSAPublicKeySpec(f18, f19));
            }
            throw new IOException("Wrong version (" + f17 + ") in RSA PRIVATE KEY DER stream.");
        }
        if (i10 == 3) {
            SimpleDERReader simpleDERReader3 = new SimpleDERReader(pEMStructure.f9302d);
            byte[] j12 = simpleDERReader3.j();
            if (simpleDERReader3.a() != 0) {
                throw new IOException("Padding in EC PRIVATE KEY DER stream.");
            }
            simpleDERReader3.k(j12);
            BigInteger f20 = simpleDERReader3.f();
            if (f20.compareTo(BigInteger.ONE) != 0) {
                throw new IOException("Wrong version (" + f20 + ") in EC PRIVATE KEY DER stream.");
            }
            byte[] h10 = simpleDERReader3.h();
            String str2 = null;
            byte[] bArr = null;
            while (simpleDERReader3.a() > 0) {
                int e10 = simpleDERReader3.e();
                SimpleDERReader d10 = simpleDERReader3.d();
                if (e10 == 0) {
                    str2 = d10.i();
                } else if (e10 == 1) {
                    bArr = d10.h();
                }
            }
            ECParameterSpec i11 = ECDSASHA2Verify.i(str2);
            if (i11 == null) {
                throw new IOException("invalid OID");
            }
            BigInteger bigInteger = new BigInteger(1, h10);
            int length = bArr.length - 1;
            byte[] bArr2 = new byte[length];
            System.arraycopy(bArr, 1, bArr2, 0, length);
            return f("EC", new ECPrivateKeySpec(bigInteger, i11), new ECPublicKeySpec(ECDSASHA2Verify.a(bArr2, i11.getCurve()), i11));
        }
        if (i10 != 4) {
            throw new IOException("PEM problem: it is of unknown type");
        }
        TypesReader typesReader = new TypesReader(pEMStructure.f9302d);
        byte[] bArr3 = f9298a;
        byte[] d11 = typesReader.d(bArr3.length);
        if (!Arrays.equals(bArr3, d11)) {
            throw new IOException("Could not find OPENSSH key magic: " + new String(d11, StandardCharsets.US_ASCII));
        }
        String g10 = typesReader.g();
        String g11 = typesReader.g();
        byte[] c10 = typesReader.c();
        int i12 = typesReader.i();
        if (i12 != 1) {
            throw new IOException("Only one key supported, but encountered bundle of " + i12);
        }
        typesReader.c();
        byte[] c11 = typesReader.c();
        if ("bcrypt".equals(g11)) {
            if (str == null) {
                throw new IOException("PEM is encrypted, but no password was specified");
            }
            TypesReader typesReader2 = new TypesReader(c10);
            c11 = c(c11, str.getBytes(StandardCharsets.UTF_8), typesReader2.c(), typesReader2.i(), g10);
        } else if (!"none".equals(g10) || !"none".equals(g11)) {
            throw new IOException("encryption not supported");
        }
        TypesReader typesReader3 = new TypesReader(c11);
        if (typesReader3.i() != typesReader3.i()) {
            throw new IOException("Decryption failed when trying to read private keys");
        }
        String g12 = typesReader3.g();
        if ("ssh-ed25519".equals(g12)) {
            byte[] c12 = typesReader3.c();
            byte[] c13 = typesReader3.c();
            a b10 = b.b("Ed25519");
            f10 = new KeyPair(new d(new e(c12, b10)), new c(new de.d(Arrays.copyOfRange(c13, 0, 32), b10)));
        } else if (g12.startsWith("ecdsa-sha2-")) {
            ECParameterSpec h11 = ECDSASHA2Verify.h(typesReader3.g());
            if (h11 == null) {
                throw new IOException("Invalid curve name");
            }
            byte[] c14 = typesReader3.c();
            BigInteger e11 = typesReader3.e();
            ECPoint a10 = ECDSASHA2Verify.a(c14, h11.getCurve());
            if (a10 == null) {
                throw new IOException("Invalid ECDSA group");
            }
            f10 = f("EC", new ECPrivateKeySpec(e11, h11), new ECPublicKeySpec(a10, h11));
        } else if ("ssh-rsa".equals(g12)) {
            BigInteger e12 = typesReader3.e();
            BigInteger e13 = typesReader3.e();
            BigInteger e14 = typesReader3.e();
            BigInteger e15 = typesReader3.e();
            BigInteger e16 = typesReader3.e();
            if (e16 == null || e15 == null) {
                rSAPrivateKeySpec = new RSAPrivateKeySpec(e12, e14);
            } else {
                BigInteger modInverse = e15.modInverse(e16);
                BigInteger bigInteger2 = BigInteger.ONE;
                rSAPrivateKeySpec = new RSAPrivateCrtKeySpec(e12, e13, e14, e16, modInverse, e14.mod(e16.subtract(bigInteger2)), e14.mod(modInverse.subtract(bigInteger2)), e15);
            }
            f10 = f("RSA", rSAPrivateKeySpec, new RSAPublicKeySpec(e12, e13));
        } else {
            if (!"ssh-dss".equals(g12)) {
                throw new IOException("Unknown key type " + g12);
            }
            BigInteger e17 = typesReader3.e();
            BigInteger e18 = typesReader3.e();
            BigInteger e19 = typesReader3.e();
            f10 = f("DSA", new DSAPrivateKeySpec(typesReader3.e(), e17, e18, e19), new DSAPublicKeySpec(typesReader3.e(), e17, e18, e19));
        }
        typesReader3.c();
        int j13 = typesReader.j();
        for (int i13 = 1; i13 <= j13; i13++) {
            if (i13 != typesReader.b()) {
                throw new IOException("Bad padding value on decrypted private keys");
            }
        }
        return f10;
    }

    public static KeyPair b(char[] cArr, String str) {
        return a(j(cArr), str);
    }

    private static byte[] c(byte[] bArr, byte[] bArr2, byte[] bArr3, int i10, String str) {
        BlockCipher cbc;
        String lowerCase = str.toLowerCase(Locale.US);
        int i11 = 24;
        if (lowerCase.equals("des-ede3-cbc")) {
            cbc = new DESede.CBC();
        } else if (lowerCase.equals("des-cbc")) {
            cbc = new DES.CBC();
            i11 = 8;
        } else {
            if (!lowerCase.equals("aes-128-cbc") && !lowerCase.equals("aes128-cbc")) {
                if (lowerCase.equals("aes-192-cbc") || lowerCase.equals("aes192-cbc")) {
                    cbc = new AES.CBC();
                } else {
                    if (!lowerCase.equals("aes-256-cbc") && !lowerCase.equals("aes256-cbc")) {
                        throw new IOException("Cannot decrypt PEM structure, unknown cipher " + str);
                    }
                    cbc = new AES.CBC();
                    i11 = 32;
                }
            }
            cbc = new AES.CBC();
            i11 = 16;
        }
        if (i10 == -1) {
            cbc.c(false, e(bArr2, bArr3, i11), bArr3);
        } else {
            byte[] bArr4 = new byte[i11];
            int b10 = cbc.b();
            byte[] bArr5 = new byte[b10];
            byte[] bArr6 = new byte[i11 + b10];
            new ve.a().f(bArr2, bArr3, i10, bArr6);
            System.arraycopy(bArr6, 0, bArr4, 0, i11);
            System.arraycopy(bArr6, i11, bArr5, 0, b10);
            cbc.c(false, bArr4, bArr5);
        }
        if (bArr.length % cbc.b() != 0) {
            throw new IOException("Invalid PEM structure, size of encrypted block is not a multiple of " + cbc.b());
        }
        byte[] bArr7 = new byte[bArr.length];
        for (int i12 = 0; i12 < bArr.length / cbc.b(); i12++) {
            cbc.a(bArr, cbc.b() * i12, bArr7, cbc.b() * i12);
        }
        return i10 == -1 ? k(bArr7, cbc.b()) : bArr7;
    }

    private static void d(PEMStructure pEMStructure, byte[] bArr) {
        String[] strArr = pEMStructure.f9300b;
        if (strArr == null) {
            throw new IOException("Broken PEM, no mode and salt given, but encryption enabled");
        }
        if (strArr.length != 2) {
            throw new IOException("Broken PEM, DEK-Info is incomplete!");
        }
        String str = strArr[0];
        pEMStructure.f9302d = c(pEMStructure.f9302d, bArr, g(strArr[1]), -1, str);
        pEMStructure.f9300b = null;
        pEMStructure.f9301c = null;
    }

    private static byte[] e(byte[] bArr, byte[] bArr2, int i10) {
        if (bArr2.length < 8) {
            throw new IllegalArgumentException("Salt needs to be at least 8 bytes for key generation.");
        }
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("MD5");
            byte[] bArr3 = new byte[i10];
            int digestLength = messageDigest.getDigestLength();
            byte[] bArr4 = new byte[digestLength];
            int i11 = i10;
            while (true) {
                messageDigest.update(bArr, 0, bArr.length);
                messageDigest.update(bArr2, 0, 8);
                int i12 = i11 < digestLength ? i11 : digestLength;
                try {
                    messageDigest.digest(bArr4, 0, digestLength);
                    System.arraycopy(bArr4, 0, bArr3, i10 - i11, i12);
                    i11 -= i12;
                    if (i11 == 0) {
                        return bArr3;
                    }
                    messageDigest.update(bArr4, 0, digestLength);
                } catch (DigestException e10) {
                    throw new IOException("could not digest password", e10);
                }
            }
        } catch (NoSuchAlgorithmException e11) {
            throw new IllegalArgumentException("VM does not support MD5", e11);
        }
    }

    private static KeyPair f(String str, KeySpec keySpec, KeySpec keySpec2) {
        try {
            KeyFactory keyFactory = KeyFactory.getInstance(str);
            return new KeyPair(keyFactory.generatePublic(keySpec2), keyFactory.generatePrivate(keySpec));
        } catch (NoSuchAlgorithmException e10) {
            throw new IOException(e10);
        } catch (InvalidKeySpecException e11) {
            throw new IOException("invalid keyspec", e11);
        }
    }

    private static byte[] g(String str) {
        if (str == null) {
            throw new IllegalArgumentException("null argument");
        }
        if (str.length() % 2 != 0) {
            throw new IllegalArgumentException("Uneven string length in hex encoding.");
        }
        int length = str.length() / 2;
        byte[] bArr = new byte[length];
        int i10 = 6 | 0;
        for (int i11 = 0; i11 < length; i11++) {
            int i12 = i11 * 2;
            bArr[i11] = (byte) ((h(str.charAt(i12)) * 16) + h(str.charAt(i12 + 1)));
        }
        return bArr;
    }

    private static int h(char c10) {
        char c11 = 'a';
        if (c10 < 'a' || c10 > 'f') {
            c11 = 'A';
            if (c10 < 'A' || c10 > 'F') {
                if (c10 < '0' || c10 > '9') {
                    throw new IllegalArgumentException("Need hex char");
                }
                return c10 - '0';
            }
        }
        return (c10 - c11) + 10;
    }

    public static final boolean i(PEMStructure pEMStructure) {
        if (pEMStructure.f9299a == 4) {
            TypesReader typesReader = new TypesReader(pEMStructure.f9302d);
            byte[] bArr = f9298a;
            byte[] d10 = typesReader.d(bArr.length);
            if (Arrays.equals(bArr, d10)) {
                typesReader.g();
                return !"none".equals(typesReader.g());
            }
            throw new IOException("Could not find OPENSSH key magic: " + new String(d10, StandardCharsets.US_ASCII));
        }
        String[] strArr = pEMStructure.f9301c;
        if (strArr == null) {
            return false;
        }
        if (strArr.length != 2) {
            throw new IOException("Unknown Proc-Type field.");
        }
        if ("4".equals(strArr[0])) {
            return "ENCRYPTED".equals(pEMStructure.f9301c[1]);
        }
        throw new IOException("Unknown Proc-Type field (" + pEMStructure.f9301c[0] + ")");
    }

    public static final PEMStructure j(char[] cArr) {
        String str;
        PEMStructure pEMStructure = new PEMStructure();
        BufferedReader bufferedReader = new BufferedReader(new CharArrayReader(cArr));
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                throw new IOException("Invalid PEM structure, '-----BEGIN...' missing");
            }
            String trim = readLine.trim();
            if (trim.startsWith("-----BEGIN DSA PRIVATE KEY-----")) {
                pEMStructure.f9299a = 2;
                str = "-----END DSA PRIVATE KEY-----";
                break;
            }
            if (trim.startsWith("-----BEGIN RSA PRIVATE KEY-----")) {
                pEMStructure.f9299a = 1;
                str = "-----END RSA PRIVATE KEY-----";
                break;
            }
            if (trim.startsWith("-----BEGIN EC PRIVATE KEY-----")) {
                pEMStructure.f9299a = 3;
                str = "-----END EC PRIVATE KEY-----";
                break;
            }
            if (trim.startsWith("-----BEGIN OPENSSH PRIVATE KEY-----")) {
                pEMStructure.f9299a = 4;
                str = "-----END OPENSSH PRIVATE KEY-----";
                break;
            }
        }
        while (true) {
            String readLine2 = bufferedReader.readLine();
            if (readLine2 == null) {
                throw new IOException("Invalid PEM structure, " + str + " missing");
            }
            String trim2 = readLine2.trim();
            int indexOf = trim2.indexOf(58);
            if (indexOf == -1) {
                StringBuffer stringBuffer = new StringBuffer();
                while (trim2 != null) {
                    String trim3 = trim2.trim();
                    if (trim3.startsWith(str)) {
                        int length = stringBuffer.length();
                        char[] cArr2 = new char[length];
                        stringBuffer.getChars(0, length, cArr2, 0);
                        byte[] a10 = Base64.a(cArr2);
                        pEMStructure.f9302d = a10;
                        if (a10.length != 0) {
                            return pEMStructure;
                        }
                        throw new IOException("Invalid PEM structure, no data available");
                    }
                    stringBuffer.append(trim3);
                    trim2 = bufferedReader.readLine();
                }
                throw new IOException("Invalid PEM structure, " + str + " missing");
            }
            int i10 = indexOf + 1;
            String substring = trim2.substring(0, i10);
            String[] split = trim2.substring(i10).split(",");
            for (int i11 = 0; i11 < split.length; i11++) {
                split[i11] = split[i11].trim();
            }
            if ("Proc-Type:".equals(substring)) {
                pEMStructure.f9301c = split;
            } else if ("DEK-Info:".equals(substring)) {
                pEMStructure.f9300b = split;
            }
        }
    }

    private static byte[] k(byte[] bArr, int i10) {
        int i11 = bArr[bArr.length - 1] & 255;
        if (i11 < 1 || i11 > i10) {
            throw new IOException("Decrypted PEM has wrong padding, did you specify the correct password?");
        }
        for (int i12 = 2; i12 <= i11; i12++) {
            if (bArr[bArr.length - i12] != i11) {
                throw new IOException("Decrypted PEM has wrong padding, did you specify the correct password?");
            }
        }
        byte[] bArr2 = new byte[bArr.length - i11];
        int i13 = 5 & 0;
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length - i11);
        return bArr2;
    }
}
