package org.connectbot.util;

import android.util.Log;
import com.trilead.ssh2.crypto.Base64;
import com.trilead.ssh2.crypto.SimpleDERReader;
import com.trilead.ssh2.signature.DSASHA1Verify;
import com.trilead.ssh2.signature.ECDSASHA2Verify;
import com.trilead.ssh2.signature.RSASHA1Verify;
import java.io.IOException;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.interfaces.DSAParams;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.DSAPublicKeySpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.EncryptedPrivateKeyInfo;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.keyczar.jce.EcCore;

/* loaded from: classes.dex */
public class PubkeyUtils {
    private static final char[] HEX_DIGITS = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};

    private PubkeyUtils() {
    }

    public static byte[] cipher(int i, byte[] bArr, byte[] bArr2) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
        SecretKeySpec secretKeySpec = new SecretKeySpec(sha256(bArr2), "AES");
        Cipher cipher = Cipher.getInstance("AES");
        cipher.init(i, secretKeySpec);
        return cipher.doFinal(bArr);
    }

    public static String convertToOpenSSHFormat(PublicKey publicKey, String str) throws IOException, InvalidKeyException {
        String str2 = str;
        if (str2 == null) {
            str2 = "connectbot@android";
        }
        if (publicKey instanceof RSAPublicKey) {
            return ("ssh-rsa " + String.valueOf(Base64.encode(RSASHA1Verify.encodeSSHRSAPublicKey((RSAPublicKey) publicKey)))) + " " + str2;
        }
        if (publicKey instanceof DSAPublicKey) {
            return ("ssh-dss " + String.valueOf(Base64.encode(DSASHA1Verify.encodeSSHDSAPublicKey((DSAPublicKey) publicKey)))) + " " + str2;
        }
        if (!(publicKey instanceof ECPublicKey)) {
            throw new InvalidKeyException("Unknown key type");
        }
        ECPublicKey eCPublicKey = (ECPublicKey) publicKey;
        return "ecdsa-sha2-" + ECDSASHA2Verify.getCurveName(eCPublicKey.getParams().getCurve().getField().getFieldSize()) + " " + String.valueOf(Base64.encode(ECDSASHA2Verify.encodeSSHECDSAPublicKey(eCPublicKey))) + " " + str2;
    }

    public static PrivateKey decodePrivate(byte[] bArr, String str) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return KeyFactory.getInstance(str).generatePrivate(new PKCS8EncodedKeySpec(bArr));
    }

    public static PrivateKey decodePrivate(byte[] bArr, String str, String str2) throws Exception {
        return (str2 == null || str2.length() <= 0) ? decodePrivate(bArr, str) : decodePrivate(decrypt(bArr, str2), str);
    }

    public static PublicKey decodePublic(byte[] bArr, String str) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return KeyFactory.getInstance(str).generatePublic(new X509EncodedKeySpec(bArr));
    }

    public static byte[] decrypt(byte[] bArr, String str) throws Exception {
        try {
            byte[] bArr2 = new byte[8];
            byte[] bArr3 = new byte[bArr.length - bArr2.length];
            System.arraycopy(bArr, 0, bArr2, 0, bArr2.length);
            System.arraycopy(bArr, bArr2.length, bArr3, 0, bArr3.length);
            return Encryptor.decrypt(bArr2, 1000, str, bArr3);
        } catch (Exception e) {
            Log.d("decrypt", "Could not decrypt with new method", e);
            return cipher(2, bArr, str.getBytes());
        }
    }

    protected static String encodeHex(byte[] bArr) {
        char[] cArr = new char[bArr.length * 2];
        int i = 0;
        for (byte b : bArr) {
            int i2 = i + 1;
            cArr[i] = HEX_DIGITS[(b >> 4) & 15];
            i = i2 + 1;
            cArr[i2] = HEX_DIGITS[b & 15];
        }
        return String.valueOf(cArr);
    }

    public static byte[] encrypt(byte[] bArr, String str) throws Exception {
        byte[] bArr2 = new byte[8];
        byte[] encrypt = Encryptor.encrypt(bArr2, 1000, str, bArr);
        byte[] bArr3 = new byte[bArr2.length + encrypt.length];
        System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
        System.arraycopy(encrypt, 0, bArr3, bArr2.length, encrypt.length);
        Arrays.fill(bArr2, (byte) 0);
        Arrays.fill(encrypt, (byte) 0);
        return bArr3;
    }

    public static String exportPEM(PrivateKey privateKey, String str) throws NoSuchAlgorithmException, InvalidParameterSpecException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, InvalidKeySpecException, IllegalBlockSizeException, IOException {
        StringBuilder sb = new StringBuilder();
        byte[] encoded = privateKey.getEncoded();
        sb.append("-----BEGIN PRIVATE KEY-----");
        sb.append('\n');
        if (str != null) {
            byte[] bArr = new byte[8];
            new SecureRandom().nextBytes(bArr);
            PBEParameterSpec pBEParameterSpec = new PBEParameterSpec(bArr, 1);
            AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance(privateKey.getAlgorithm());
            algorithmParameters.init(pBEParameterSpec);
            PBEKeySpec pBEKeySpec = new PBEKeySpec(str.toCharArray());
            SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(privateKey.getAlgorithm());
            Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm());
            cipher.init(3, secretKeyFactory.generateSecret(pBEKeySpec), algorithmParameters);
            encoded = new EncryptedPrivateKeyInfo(algorithmParameters, cipher.wrap(privateKey)).getEncoded();
            sb.append("Proc-Type: 4,ENCRYPTED\n");
            sb.append("DEK-Info: DES-EDE3-CBC,");
            sb.append(encodeHex(bArr));
            sb.append("\n\n");
        }
        int length = sb.length();
        sb.append(Base64.encode(encoded));
        for (int i = length + 63; i < sb.length(); i += 64) {
            sb.insert(i, "\n");
        }
        sb.append('\n');
        sb.append("-----END PRIVATE KEY-----");
        sb.append('\n');
        return sb.toString();
    }

    public static byte[] extractOpenSSHPublic(KeyPair keyPair) {
        try {
            PublicKey publicKey = keyPair.getPublic();
            return publicKey instanceof RSAPublicKey ? RSASHA1Verify.encodeSSHRSAPublicKey((RSAPublicKey) keyPair.getPublic()) : publicKey instanceof DSAPublicKey ? DSASHA1Verify.encodeSSHDSAPublicKey((DSAPublicKey) keyPair.getPublic()) : publicKey instanceof ECPublicKey ? ECDSASHA2Verify.encodeSSHECDSAPublicKey((ECPublicKey) keyPair.getPublic()) : null;
        } catch (IOException e) {
            return null;
        }
    }

    public static String formatKey(Key key) {
        return "Key[algorithm=" + key.getAlgorithm() + ", format=" + key.getFormat() + ", bytes=" + key.getEncoded().length + "]";
    }

    static String getAlgorithmForOid(String str) throws NoSuchAlgorithmException {
        if ("1.2.840.10045.2.1".equals(str)) {
            return "EC";
        }
        if ("1.2.840.113549.1.1.1".equals(str)) {
            return "RSA";
        }
        if ("1.2.840.10040.4.1".equals(str)) {
            return "DSA";
        }
        throw new NoSuchAlgorithmException("Unknown algorithm OID " + str);
    }

    public static byte[] getEncodedPrivate(PrivateKey privateKey, String str) throws Exception {
        byte[] encoded = privateKey.getEncoded();
        return (str == null || str.length() == 0) ? encoded : encrypt(privateKey.getEncoded(), str);
    }

    static String getOidFromPkcs8Encoded(byte[] bArr) throws NoSuchAlgorithmException {
        if (bArr == null) {
            throw new NoSuchAlgorithmException("encoding is null");
        }
        try {
            SimpleDERReader simpleDERReader = new SimpleDERReader(bArr);
            simpleDERReader.resetInput(simpleDERReader.readSequenceAsByteArray());
            simpleDERReader.readInt();
            simpleDERReader.resetInput(simpleDERReader.readSequenceAsByteArray());
            return simpleDERReader.readOid();
        } catch (IOException e) {
            Log.w("PubkeyUtils", "Could not read OID", e);
            throw new NoSuchAlgorithmException("Could not read key", e);
        }
    }

    public static KeyPair recoverKeyPair(byte[] bArr) throws NoSuchAlgorithmException, InvalidKeySpecException {
        String algorithmForOid = getAlgorithmForOid(getOidFromPkcs8Encoded(bArr));
        PKCS8EncodedKeySpec pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(bArr);
        KeyFactory keyFactory = KeyFactory.getInstance(algorithmForOid);
        PrivateKey generatePrivate = keyFactory.generatePrivate(pKCS8EncodedKeySpec);
        return new KeyPair(recoverPublicKey(keyFactory, generatePrivate), generatePrivate);
    }

    static PublicKey recoverPublicKey(KeyFactory keyFactory, PrivateKey privateKey) throws NoSuchAlgorithmException, InvalidKeySpecException {
        if (privateKey instanceof RSAPrivateCrtKey) {
            RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) privateKey;
            return keyFactory.generatePublic(new RSAPublicKeySpec(rSAPrivateCrtKey.getModulus(), rSAPrivateCrtKey.getPublicExponent()));
        }
        if (privateKey instanceof DSAPrivateKey) {
            DSAPrivateKey dSAPrivateKey = (DSAPrivateKey) privateKey;
            DSAParams params = dSAPrivateKey.getParams();
            return keyFactory.generatePublic(new DSAPublicKeySpec(params.getG().modPow(dSAPrivateKey.getX(), params.getP()), params.getP(), params.getQ(), params.getG()));
        }
        if (!(privateKey instanceof ECPrivateKey)) {
            throw new NoSuchAlgorithmException("Key type must be RSA, DSA, or EC");
        }
        ECPrivateKey eCPrivateKey = (ECPrivateKey) privateKey;
        ECParameterSpec params2 = eCPrivateKey.getParams();
        ECPoint generator = params2.getGenerator();
        BigInteger[] multiplyPointA = EcCore.multiplyPointA(new BigInteger[]{generator.getAffineX(), generator.getAffineY()}, eCPrivateKey.getS(), params2);
        return keyFactory.generatePublic(new ECPublicKeySpec(new ECPoint(multiplyPointA[0], multiplyPointA[1]), params2));
    }

    public static byte[] sha256(byte[] bArr) throws NoSuchAlgorithmException {
        return MessageDigest.getInstance("SHA-256").digest(bArr);
    }
}
