package com.sshtools.publickey;

import com.maverick.ssh.components.SshKeyPair;
import com.maverick.ssh.components.jce.JCEProvider;
import com.maverick.ssh.components.jce.Ssh2DsaPrivateKey;
import com.maverick.ssh.components.jce.Ssh2DsaPublicKey;
import com.maverick.ssh.components.jce.Ssh2EcdsaSha2NistPrivateKey;
import com.maverick.ssh.components.jce.Ssh2EcdsaSha2NistPublicKey;
import com.maverick.ssh.components.jce.Ssh2RsaPrivateCrtKey;
import com.maverick.ssh.components.jce.Ssh2RsaPublicKey;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.io.StringReader;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPublicKey;
import org.bouncycastle.openssl.PasswordFinder;

/* loaded from: input_file:com/sshtools/publickey/OpenSSHPrivateKeyFileBC.class */
class OpenSSHPrivateKeyFileBC implements SshPrivateKeyFile {
    byte[] formattedkey;

    /* JADX INFO: Access modifiers changed from: package-private */
    public OpenSSHPrivateKeyFileBC(byte[] bArr) throws IOException {
        if (!isFormatted(bArr)) {
            throw new IOException("Formatted key data is not a valid OpenSSH key format");
        }
        this.formattedkey = bArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public OpenSSHPrivateKeyFileBC(SshKeyPair sshKeyPair, String str) throws IOException {
        this.formattedkey = encryptKey(sshKeyPair, str);
    }

    @Override // com.sshtools.publickey.SshPrivateKeyFile
    public boolean isPassphraseProtected() {
        try {
            PEMReader pEMReader = new PEMReader(new StringReader(new String(this.formattedkey, "US-ASCII")));
            if (pEMReader.getHeader().containsKey("DEK-Info")) {
                return true;
            }
            return pEMReader.getType().startsWith("ENCRYPTED");
        } catch (IOException e) {
            return true;
        }
    }

    @Override // com.sshtools.publickey.SshPrivateKeyFile
    public String getType() {
        return "OpenSSH";
    }

    @Override // com.sshtools.publickey.SshPrivateKeyFile
    public boolean supportsPassphraseChange() {
        return true;
    }

    @Override // com.sshtools.publickey.SshPrivateKeyFile
    public SshKeyPair toKeyPair(final String str) throws IOException, InvalidPassphraseException {
        Object readObject;
        org.bouncycastle.openssl.PEMReader pEMReader = new org.bouncycastle.openssl.PEMReader(new StringReader(new String(this.formattedkey, "US-ASCII")), new PasswordFinder() { // from class: com.sshtools.publickey.OpenSSHPrivateKeyFileBC.1
            public char[] getPassword() {
                return str.toCharArray();
            }
        });
        try {
            readObject = pEMReader.readObject();
        } finally {
        }
        if (readObject == null) {
            throw new IOException("Invalid key file");
        }
        SshKeyPair sshKeyPair = new SshKeyPair();
        if (!(readObject instanceof KeyPair)) {
            if (readObject instanceof DSAPrivateKey) {
                try {
                    Ssh2DsaPrivateKey ssh2DsaPrivateKey = new Ssh2DsaPrivateKey((DSAPrivateKey) readObject);
                    sshKeyPair.setPrivateKey(ssh2DsaPrivateKey);
                    sshKeyPair.setPublicKey(ssh2DsaPrivateKey.getPublicKey());
                    return sshKeyPair;
                } catch (Exception e) {
                    throw new IOException("Failed to generate DSA public key from private key");
                }
            }
            if (readObject instanceof RSAPrivateCrtKey) {
                RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) readObject;
                try {
                    sshKeyPair.setPrivateKey(new Ssh2RsaPrivateCrtKey(rSAPrivateCrtKey));
                    sshKeyPair.setPublicKey(new Ssh2RsaPublicKey(rSAPrivateCrtKey.getModulus(), rSAPrivateCrtKey.getPublicExponent()));
                    return sshKeyPair;
                } catch (Exception e2) {
                    throw new IOException("Failed to generate RSA public key from private key");
                }
            }
            pEMReader.close();
        }
        KeyPair keyPair = (KeyPair) readObject;
        if (keyPair.getPrivate() instanceof ECPrivateKey) {
            sshKeyPair.setPrivateKey(new Ssh2EcdsaSha2NistPrivateKey((ECPrivateKey) keyPair.getPrivate()));
            sshKeyPair.setPublicKey(new Ssh2EcdsaSha2NistPublicKey((ECPublicKey) keyPair.getPublic()));
            return sshKeyPair;
        }
        if (keyPair.getPrivate() instanceof RSAPrivateCrtKey) {
            sshKeyPair.setPrivateKey(new Ssh2RsaPrivateCrtKey((RSAPrivateCrtKey) keyPair.getPrivate()));
            sshKeyPair.setPublicKey(new Ssh2RsaPublicKey((RSAPublicKey) keyPair.getPublic()));
            return sshKeyPair;
        }
        if (keyPair.getPrivate() instanceof DSAPrivateKey) {
            sshKeyPair.setPrivateKey(new Ssh2DsaPrivateKey((DSAPrivateKey) keyPair.getPrivate(), (DSAPublicKey) keyPair.getPublic()));
            sshKeyPair.setPublicKey(new Ssh2DsaPublicKey((DSAPublicKey) keyPair.getPublic()));
            return sshKeyPair;
        }
        throw new IOException("Unsupported type");
    }

    public byte[] encryptKey(SshKeyPair sshKeyPair, String str) throws IOException {
        PrivateKey jCEPrivateKey;
        PublicKey jCEPublicKey;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        org.bouncycastle.openssl.PEMWriter pEMWriter = new org.bouncycastle.openssl.PEMWriter(new OutputStreamWriter(byteArrayOutputStream));
        try {
            try {
                if (sshKeyPair.getPrivateKey() instanceof Ssh2DsaPrivateKey) {
                    jCEPrivateKey = ((Ssh2DsaPrivateKey) sshKeyPair.getPrivateKey()).getJCEPrivateKey();
                    jCEPublicKey = ((Ssh2DsaPublicKey) sshKeyPair.getPublicKey()).getJCEPublicKey();
                } else if (sshKeyPair.getPrivateKey() instanceof Ssh2RsaPrivateCrtKey) {
                    jCEPrivateKey = ((Ssh2RsaPrivateCrtKey) sshKeyPair.getPrivateKey()).getJCEPrivateKey();
                    jCEPublicKey = ((Ssh2RsaPublicKey) sshKeyPair.getPublicKey()).getJCEPublicKey();
                } else {
                    if (!(sshKeyPair.getPrivateKey() instanceof Ssh2EcdsaSha2NistPrivateKey)) {
                        throw new IOException(String.valueOf(sshKeyPair.getPrivateKey().getClass().getName()) + " is not supported in OpenSSH private key files");
                    }
                    jCEPrivateKey = ((Ssh2EcdsaSha2NistPrivateKey) sshKeyPair.getPrivateKey()).getJCEPrivateKey();
                    jCEPublicKey = ((Ssh2EcdsaSha2NistPublicKey) sshKeyPair.getPublicKey()).getJCEPublicKey();
                }
                KeyPair keyPair = new KeyPair(jCEPublicKey, jCEPrivateKey);
                if (str == null || "".equals(str)) {
                    pEMWriter.writeObject(keyPair);
                } else {
                    pEMWriter.writeObject(keyPair, "AES-128-CBC", str.toCharArray(), JCEProvider.getSecureRandom());
                }
                pEMWriter.flush();
                return byteArrayOutputStream.toByteArray();
            } catch (NoSuchAlgorithmException e) {
                throw new IOException(e.getMessage());
            }
        } finally {
            pEMWriter.close();
            byteArrayOutputStream.close();
        }
    }

    @Override // com.sshtools.publickey.SshPrivateKeyFile
    public void changePassphrase(String str, String str2) throws IOException, InvalidPassphraseException {
        this.formattedkey = encryptKey(toKeyPair(str), str2);
    }

    @Override // com.sshtools.publickey.SshPrivateKeyFile
    public byte[] getFormattedKey() {
        return this.formattedkey;
    }

    public static boolean isFormatted(byte[] bArr) {
        try {
            new PEMReader(new StringReader(new String(bArr, "UTF-8")));
            return true;
        } catch (IOException e) {
            return false;
        }
    }
}
