package com.sshtools.common.publickey.bc;

import com.sshtools.common.publickey.InvalidPassphraseException;
import com.sshtools.common.publickey.OpenSSHPrivateKeyFile;
import com.sshtools.common.publickey.PEMReader;
import com.sshtools.common.publickey.SshPrivateKeyFile;
import com.sshtools.common.ssh.components.SshKeyPair;
import com.sshtools.common.ssh.components.jce.JCEProvider;
import com.sshtools.common.ssh.components.jce.Ssh2DsaPrivateKey;
import com.sshtools.common.ssh.components.jce.Ssh2DsaPublicKey;
import com.sshtools.common.ssh.components.jce.Ssh2EcdsaSha2NistPrivateKey;
import com.sshtools.common.ssh.components.jce.Ssh2EcdsaSha2NistPublicKey;
import com.sshtools.common.ssh.components.jce.Ssh2RsaPrivateCrtKey;
import com.sshtools.common.ssh.components.jce.Ssh2RsaPublicKey;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.io.StringReader;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPublicKey;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.openssl.EncryptionException;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.bouncycastle.openssl.jcajce.JcePEMEncryptorBuilder;
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
import org.bouncycastle.pkcs.jcajce.JcePKCSPBEInputDecryptorProviderBuilder;

/* loaded from: input_file:com/sshtools/common/publickey/bc/OpenSSHPrivateKeyFileBC.class */
public class OpenSSHPrivateKeyFileBC implements SshPrivateKeyFile {
    byte[] formattedkey;

    public OpenSSHPrivateKeyFileBC(byte[] bArr) throws IOException {
        if (!isFormatted(bArr)) {
            throw new IOException("Formatted key data is not a valid OpenSSH key format");
        }
        this.formattedkey = bArr;
        try {
            toKeyPair(null);
        } catch (InvalidPassphraseException e) {
        }
    }

    public OpenSSHPrivateKeyFileBC(SshKeyPair sshKeyPair, String str) throws IOException {
        this.formattedkey = encryptKey(sshKeyPair, str);
    }

    public boolean isPassphraseProtected() {
        try {
            PEMReader pEMReader = new PEMReader(new StringReader(new String(this.formattedkey, "US-ASCII")));
            if (!pEMReader.getHeader().containsKey("DEK-Info")) {
                if (!pEMReader.getType().startsWith("ENCRYPTED")) {
                    return false;
                }
            }
            return true;
        } catch (IOException e) {
            return true;
        }
    }

    public String getType() {
        return "OpenSSH";
    }

    public boolean supportsPassphraseChange() {
        return true;
    }

    public SshKeyPair toKeyPair(String str) throws IOException, InvalidPassphraseException {
        PEMParser pEMParser = new PEMParser(new StringReader(new String(this.formattedkey, "US-ASCII")));
        try {
            try {
                try {
                    Object readObject = pEMParser.readObject();
                    if (readObject == null) {
                        throw new IOException("Invalid key file");
                    }
                    SshKeyPair sshKeyPair = new SshKeyPair();
                    if (readObject instanceof PKCS8EncryptedPrivateKeyInfo) {
                        if (str == null || str.equals("")) {
                            throw new InvalidPassphraseException();
                        }
                        readObject = new JcaPEMKeyConverter().setProvider(JCEProvider.getBCProvider().getName()).getPrivateKey(((PKCS8EncryptedPrivateKeyInfo) readObject).decryptPrivateKeyInfo(new JcePKCSPBEInputDecryptorProviderBuilder().setProvider(JCEProvider.getBCProvider().getName()).build(str.toCharArray())));
                    }
                    if (readObject instanceof PEMEncryptedKeyPair) {
                        if (str == null || str.equals("")) {
                            throw new InvalidPassphraseException();
                        }
                        readObject = new JcaPEMKeyConverter().setProvider(JCEProvider.getBCProvider().getName()).getKeyPair(((PEMEncryptedKeyPair) readObject).decryptKeyPair(new JcePEMDecryptorProviderBuilder().setProvider(JCEProvider.getBCProvider().getName()).build(str.toCharArray())));
                    }
                    if (readObject instanceof PEMKeyPair) {
                        readObject = new JcaPEMKeyConverter().setProvider(JCEProvider.getBCProvider().getName()).getKeyPair((PEMKeyPair) readObject);
                    } else if (readObject instanceof PrivateKeyInfo) {
                        readObject = new JcaPEMKeyConverter().setProvider(JCEProvider.getBCProvider().getName()).getPrivateKey((PrivateKeyInfo) readObject);
                    }
                    if (readObject instanceof KeyPair) {
                        KeyPair keyPair = (KeyPair) readObject;
                        if (keyPair.getPrivate() instanceof ECPrivateKey) {
                            ECPrivateKey eCPrivateKey = (ECPrivateKey) keyPair.getPrivate();
                            String name = eCPrivateKey.getParams().getName();
                            sshKeyPair.setPrivateKey(new Ssh2EcdsaSha2NistPrivateKey(eCPrivateKey, name));
                            sshKeyPair.setPublicKey(new Ssh2EcdsaSha2NistPublicKey((ECPublicKey) keyPair.getPublic(), name));
                            pEMParser.close();
                            return sshKeyPair;
                        }
                        if (keyPair.getPrivate() instanceof RSAPrivateCrtKey) {
                            sshKeyPair.setPrivateKey(new Ssh2RsaPrivateCrtKey((RSAPrivateCrtKey) keyPair.getPrivate()));
                            sshKeyPair.setPublicKey(new Ssh2RsaPublicKey((RSAPublicKey) keyPair.getPublic()));
                            pEMParser.close();
                            return sshKeyPair;
                        }
                        if (keyPair.getPrivate() instanceof DSAPrivateKey) {
                            sshKeyPair.setPrivateKey(new Ssh2DsaPrivateKey((DSAPrivateKey) keyPair.getPrivate(), (DSAPublicKey) keyPair.getPublic()));
                            sshKeyPair.setPublicKey(new Ssh2DsaPublicKey((DSAPublicKey) keyPair.getPublic()));
                            pEMParser.close();
                            return sshKeyPair;
                        }
                    } else {
                        if (readObject instanceof DSAPrivateKey) {
                            try {
                                Ssh2DsaPrivateKey ssh2DsaPrivateKey = new Ssh2DsaPrivateKey((DSAPrivateKey) readObject);
                                sshKeyPair.setPrivateKey(ssh2DsaPrivateKey);
                                sshKeyPair.setPublicKey(ssh2DsaPrivateKey.getPublicKey());
                                pEMParser.close();
                                return sshKeyPair;
                            } catch (Exception e) {
                                throw new IOException("Failed to generate DSA public key from private key: " + e.getMessage());
                            }
                        }
                        if (readObject instanceof RSAPrivateCrtKey) {
                            RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) readObject;
                            try {
                                sshKeyPair.setPrivateKey(new Ssh2RsaPrivateCrtKey(rSAPrivateCrtKey));
                                sshKeyPair.setPublicKey(new Ssh2RsaPublicKey(rSAPrivateCrtKey.getModulus(), rSAPrivateCrtKey.getPublicExponent()));
                                pEMParser.close();
                                return sshKeyPair;
                            } catch (Exception e2) {
                                throw new IOException("Failed to generate RSA public key from private key: " + e2.getMessage());
                            }
                        }
                    }
                    throw new IOException("Unsupported type");
                } catch (InvalidPassphraseException | IOException e3) {
                    throw e3;
                }
            } catch (EncryptionException e4) {
                throw new InvalidPassphraseException();
            } catch (Throwable th) {
                SshKeyPair keyPair2 = new OpenSSHPrivateKeyFile(this.formattedkey).toKeyPair(str);
                pEMParser.close();
                return keyPair2;
            }
        } catch (Throwable th2) {
            pEMParser.close();
            throw th2;
        }
    }

    public byte[] encryptKey(SshKeyPair sshKeyPair, String str) throws IOException {
        PrivateKey jCEPrivateKey;
        PublicKey jCEPublicKey;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(new OutputStreamWriter(byteArrayOutputStream));
        try {
            if (sshKeyPair.getPrivateKey() instanceof Ssh2DsaPrivateKey) {
                jCEPrivateKey = sshKeyPair.getPrivateKey().getJCEPrivateKey();
                jCEPublicKey = sshKeyPair.getPublicKey().getJCEPublicKey();
            } else if (sshKeyPair.getPrivateKey() instanceof Ssh2RsaPrivateCrtKey) {
                jCEPrivateKey = sshKeyPair.getPrivateKey().getJCEPrivateKey();
                jCEPublicKey = sshKeyPair.getPublicKey().getJCEPublicKey();
            } else {
                if (!(sshKeyPair.getPrivateKey() instanceof Ssh2EcdsaSha2NistPrivateKey)) {
                    throw new IOException(sshKeyPair.getPrivateKey().getClass().getName() + " is not supported in OpenSSH private key files");
                }
                jCEPrivateKey = sshKeyPair.getPrivateKey().getJCEPrivateKey();
                jCEPublicKey = sshKeyPair.getPublicKey().getJCEPublicKey();
            }
            KeyPair keyPair = new KeyPair(jCEPublicKey, jCEPrivateKey);
            if (str == null || "".equals(str)) {
                jcaPEMWriter.writeObject(keyPair);
            } else {
                jcaPEMWriter.writeObject(keyPair, new JcePEMEncryptorBuilder("AES-128-CBC").setProvider(JCEProvider.getBCProvider().getName()).build(str.toCharArray()));
            }
            jcaPEMWriter.flush();
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            jcaPEMWriter.close();
            byteArrayOutputStream.close();
            return byteArray;
        } catch (Throwable th) {
            jcaPEMWriter.close();
            byteArrayOutputStream.close();
            throw th;
        }
    }

    public void changePassphrase(String str, String str2) throws IOException, InvalidPassphraseException {
        this.formattedkey = encryptKey(toKeyPair(str), str2);
    }

    public byte[] getFormattedKey() {
        return this.formattedkey;
    }

    public static boolean isFormatted(byte[] bArr) {
        try {
            new PEMReader(new StringReader(new String(bArr, "UTF-8")));
            return true;
        } catch (IOException e) {
            return false;
        }
    }

    public String getComment() {
        return "";
    }
}
