package com.sshtools.common.ssh.components.jce;

import com.sshtools.common.logger.Log;
import com.sshtools.common.sftp.SftpStatusException;
import com.sshtools.common.ssh.SecurityLevel;
import com.sshtools.common.ssh.SshException;
import com.sshtools.common.ssh.SshKeyFingerprint;
import com.sshtools.common.ssh.components.SshPublicKey;
import com.sshtools.common.ssh.components.SshPublicKeyFactory;
import com.sshtools.common.util.Arrays;
import com.sshtools.common.util.ByteArrayReader;
import com.sshtools.common.util.ByteArrayWriter;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;

/* loaded from: input_file:com/sshtools/common/ssh/components/jce/SshEd25519PublicKeyJCE.class */
public class SshEd25519PublicKeyJCE implements SshEd25519PublicKey {
    public static final byte[] ASN_HEADER = {48, 42, 48, 5, 6, 3, 43, 101, 112, 3, 33, 0};
    public static final String ALGORITHM_NAME = "ssh-ed25519";
    PublicKey publicKey;
    byte[] pk;

    /* loaded from: input_file:com/sshtools/common/ssh/components/jce/SshEd25519PublicKeyJCE$SshEd25519PublicKeyJCEFactory.class */
    public static class SshEd25519PublicKeyJCEFactory implements SshPublicKeyFactory<SshEd25519PublicKeyJCE> {
        @Override // com.sshtools.common.ssh.components.ComponentInstanceFactory
        public SshEd25519PublicKeyJCE create() throws NoSuchAlgorithmException, IOException {
            return new SshEd25519PublicKeyJCE();
        }

        @Override // com.sshtools.common.ssh.components.ComponentInstanceFactory
        public String[] getKeys() {
            return new String[]{SshEd25519PublicKeyJCE.ALGORITHM_NAME};
        }
    }

    public SshEd25519PublicKeyJCE() {
    }

    @Override // com.sshtools.common.ssh.SecureComponent
    public SecurityLevel getSecurityLevel() {
        return SecurityLevel.PARANOID;
    }

    @Override // com.sshtools.common.ssh.SecureComponent
    public int getPriority() {
        return SftpStatusException.ATTRIBUTE_BITS_NOT_AVAILABLE;
    }

    public SshEd25519PublicKeyJCE(byte[] bArr) throws NoSuchAlgorithmException, InvalidKeySpecException, IOException, NoSuchProviderException {
        this.pk = bArr;
        loadPublicKey(bArr);
    }

    private void loadPublicKey(byte[] bArr) throws NoSuchAlgorithmException, InvalidKeySpecException, IOException, NoSuchProviderException {
        this.publicKey = JCEProvider.getKeyFactory(JCEAlgorithms.ED25519).generatePublic(new X509EncodedKeySpec(Arrays.cat(ASN_HEADER, bArr)));
    }

    public SshEd25519PublicKeyJCE(PublicKey publicKey) {
        this.publicKey = publicKey;
    }

    @Override // com.sshtools.common.ssh.components.SshPublicKey
    public SshPublicKey init(byte[] bArr, int i, int i2) throws SshException {
        ByteArrayReader byteArrayReader = new ByteArrayReader(bArr, i, i2);
        try {
            try {
                if (!byteArrayReader.readString().equals(ALGORITHM_NAME)) {
                    throw new SshException("The encoded key is not ed25519", 5);
                }
                loadPublicKey(byteArrayReader.readBinaryString());
                byteArrayReader.close();
                return this;
            } catch (IOException | NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException e) {
                Log.error("Failed to initialise public key", e, new Object[0]);
                throw new SshException("Failed to read encoded key data", e);
            }
        } catch (Throwable th) {
            byteArrayReader.close();
            throw th;
        }
    }

    @Override // com.sshtools.common.ssh.components.SshPublicKey, com.sshtools.common.ssh.SecureComponent
    public String getAlgorithm() {
        return ALGORITHM_NAME;
    }

    @Override // com.sshtools.common.ssh.components.SshPublicKey
    public String getEncodingAlgorithm() {
        return getAlgorithm();
    }

    @Override // com.sshtools.common.ssh.components.SshPublicKey
    public int getBitLength() {
        return 256;
    }

    @Override // com.sshtools.common.ssh.components.SshPublicKey
    public byte[] getEncoded() throws SshException {
        ByteArrayWriter byteArrayWriter = new ByteArrayWriter();
        try {
            try {
                byteArrayWriter.writeString(getAlgorithm());
                byteArrayWriter.writeBinaryString(decodeJCEKey());
                return byteArrayWriter.toByteArray();
            } catch (IOException e) {
                throw new SshException("Failed to encoded key data", 5, e);
            }
        } finally {
            try {
                byteArrayWriter.close();
            } catch (IOException e2) {
            }
        }
    }

    private byte[] decodeJCEKey() {
        byte[] encoded = this.publicKey.getEncoded();
        return Arrays.copy(encoded, encoded.length - 32, 32);
    }

    @Override // com.sshtools.common.ssh.components.jce.SshEd25519PublicKey
    public byte[] getA() {
        return decodeJCEKey();
    }

    @Override // com.sshtools.common.ssh.components.SshPublicKey
    public String getFingerprint() throws SshException {
        return SshKeyFingerprint.getFingerprint(getEncoded());
    }

    /* JADX WARN: Finally extract failed */
    @Override // com.sshtools.common.ssh.components.SshPublicKey
    public boolean verifySignature(byte[] bArr, byte[] bArr2) throws SshException {
        try {
            ByteArrayReader byteArrayReader = new ByteArrayReader(bArr);
            try {
                long readInt = byteArrayReader.readInt();
                if (readInt > 0 && readInt == getSigningAlgorithm().length()) {
                    byteArrayReader.reset();
                    new String(byteArrayReader.readBinaryString());
                    bArr = byteArrayReader.readBinaryString();
                }
                byteArrayReader.close();
                return verifyJCESignature(bArr, bArr2);
            } catch (Throwable th) {
                byteArrayReader.close();
                throw th;
            }
        } catch (Exception e) {
            throw new SshException(16, e);
        }
    }

    private boolean verifyJCESignature(byte[] bArr, byte[] bArr2) throws SshException {
        try {
            Signature signature = JCEProvider.getSignature(JCEAlgorithms.ED25519);
            signature.initVerify(this.publicKey);
            signature.update(bArr2);
            return signature.verify(bArr);
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            throw new SshException(e, 5);
        }
    }

    public boolean equals(Object obj) {
        if (!(obj instanceof SshEd25519PublicKeyJCE)) {
            return false;
        }
        try {
            return ((SshPublicKey) obj).getFingerprint().equals(getFingerprint());
        } catch (SshException e) {
            return false;
        }
    }

    public int hashCode() {
        try {
            return getFingerprint().hashCode();
        } catch (SshException e) {
            return 0;
        }
    }

    @Override // com.sshtools.common.ssh.components.SshPublicKey
    public String getSigningAlgorithm() {
        return getAlgorithm();
    }

    @Override // com.sshtools.common.ssh.components.SshPublicKey
    public String test() {
        try {
            return JCEProvider.getKeyFactory(JCEAlgorithms.ED25519).getProvider().getName();
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException(e.getMessage(), e);
        }
    }

    @Override // com.sshtools.common.ssh.components.SshPublicKey
    public PublicKey getJCEPublicKey() {
        return this.publicKey;
    }
}
