package org.tomitribe.churchkey.ssh;

import java.io.IOException;
import java.io.UncheckedIOException;
import java.math.BigInteger;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.ECPoint;
import java.security.spec.InvalidKeySpecException;
import java.util.HashMap;
import org.tomitribe.churchkey.Key;
import org.tomitribe.churchkey.dsa.Dsa;
import org.tomitribe.churchkey.ec.Curve;
import org.tomitribe.churchkey.ec.EcPoints;
import org.tomitribe.churchkey.ec.Ecdsa;
import org.tomitribe.churchkey.rsa.Rsa;
import org.tomitribe.churchkey.ssh.OpenSSHPublicKey;
import org.tomitribe.churchkey.util.Pem;

/* loaded from: input_file:org/tomitribe/churchkey/ssh/OpenSSHPrivateKey.class */
public class OpenSSHPrivateKey {
    private OpenSSHPrivateKey() {
    }

    public static Key decode(byte[] bArr) {
        try {
            try {
                KeyInput keyInput = new KeyInput(Pem.parse(bArr).getData());
                assertString("Auth Magic", "openssh-key-v1", keyInput.readAuthMagic());
                assertString("ciphername", "none", keyInput.readString());
                assertString("kdfname", "none", keyInput.readString());
                assertString("kdf", "", keyInput.readString());
                assertInt("number of keys", 1, keyInput.readInt());
                keyInput.readBytes();
                keyInput.readInt();
                keyInput.readInt();
                keyInput.readInt();
                String readString = keyInput.readString();
                if ("ssh-rsa".equals(readString)) {
                    return readRsaPrivateKey(keyInput);
                }
                if ("ssh-dss".equals(readString)) {
                    return readPrivateDssKey(keyInput);
                }
                if ("ecdsa-sha2-nistp256".equals(readString)) {
                    return readEcdsaPrivateKey(Curve.nistp256, keyInput);
                }
                if ("ecdsa-sha2-nistp384".equals(readString)) {
                    return readEcdsaPrivateKey(Curve.nistp384, keyInput);
                }
                if ("ecdsa-sha2-nistp521".equals(readString)) {
                    return readEcdsaPrivateKey(Curve.nistp521, keyInput);
                }
                throw new UnsupportedOperationException("Unsupported key type: " + readString);
            } catch (NoSuchAlgorithmException e) {
                throw new IllegalStateException(e);
            }
        } catch (IOException | InvalidKeySpecException e2) {
            throw new RuntimeException(e2);
        }
    }

    public static byte[] encode(Key key) {
        try {
            KeyOutput keyOutput = new KeyOutput();
            keyOutput.writeAuthMagic("openssh-key-v1");
            keyOutput.writeString("none");
            keyOutput.writeString("none");
            keyOutput.writeString("");
            keyOutput.writeInt(1);
            keyOutput.writeBytes(encodePublicKey(key));
            keyOutput.writeBytes(pad(encodePrivateKey(key)));
            return Pem.builder().type("OPENSSH PRIVATE KEY").wrap(70).data(keyOutput.toByteArray()).format().getBytes();
        } catch (IOException e) {
            throw new UncheckedIOException(e);
        }
    }

    private static byte[] pad(byte[] bArr) {
        int length = bArr.length % 8;
        if (length == 0) {
            return bArr;
        }
        int i = 8 - length;
        byte[] bArr2 = new byte[bArr.length + i];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        System.arraycopy(new byte[]{1, 2, 3, 4, 5, 6, 7}, 0, bArr2, bArr.length, i);
        return bArr2;
    }

    private static byte[] encodePublicKey(Key key) throws IOException {
        if (key.getPublicKey() == null) {
            return new byte[0];
        }
        java.security.Key key2 = key.getPublicKey().getKey();
        if (key2 instanceof RSAPublicKey) {
            return OpenSSHPublicKey.RsaPublic.write((RSAPublicKey) key2);
        }
        if (key2 instanceof DSAPublicKey) {
            return OpenSSHPublicKey.DsaPublic.write((DSAPublicKey) key2);
        }
        if (!(key2 instanceof ECPublicKey)) {
            throw new UnsupportedOperationException("Unsupported key type: " + key2.getClass().getName());
        }
        ECPublicKey eCPublicKey = (ECPublicKey) key2;
        return OpenSSHPublicKey.EcPublic.write(eCPublicKey, OpenSSHPublicKey.EcPublic.curveName(eCPublicKey.getParams()));
    }

    private static byte[] encodePrivateKey(Key key) throws IOException {
        KeyOutput keyOutput = new KeyOutput();
        int nextInt = new SecureRandom().nextInt();
        keyOutput.writeInt(nextInt);
        keyOutput.writeInt(nextInt);
        if (key.getAlgorithm() == Key.Algorithm.RSA) {
            keyOutput.writeString("ssh-rsa");
            return writeRsaPrivateKey(key, keyOutput);
        }
        if (key.getAlgorithm() == Key.Algorithm.DSA) {
            keyOutput.writeString("ssh-dss");
            return writePrivateDssKey(key, keyOutput);
        }
        if (key.getAlgorithm() != Key.Algorithm.EC) {
            throw new UnsupportedOperationException("Unsupported key type: " + key.getAlgorithm());
        }
        String curveName = OpenSSHPublicKey.EcPublic.curveName(((ECPrivateKey) key.getKey()).getParams());
        keyOutput.writeString("ecdsa-sha2-" + curveName);
        return writeEcdsaPrivateKey(key, curveName, keyOutput);
    }

    private static byte[] writePrivateDssKey(Key key, KeyOutput keyOutput) throws IOException {
        DSAPublicKey dSAPublicKey = (DSAPublicKey) key.getPublicKey().getKey();
        DSAPrivateKey dSAPrivateKey = (DSAPrivateKey) key.getKey();
        keyOutput.writeBigInteger(dSAPrivateKey.getParams().getP());
        keyOutput.writeBigInteger(dSAPrivateKey.getParams().getQ());
        keyOutput.writeBigInteger(dSAPrivateKey.getParams().getG());
        keyOutput.writeBigInteger(dSAPublicKey.getY());
        keyOutput.writeBigInteger(dSAPrivateKey.getX());
        keyOutput.writeString(getComment(key));
        return keyOutput.toByteArray();
    }

    private static Key readPrivateDssKey(KeyInput keyInput) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
        BigInteger readBigInteger = keyInput.readBigInteger();
        BigInteger readBigInteger2 = keyInput.readBigInteger();
        BigInteger readBigInteger3 = keyInput.readBigInteger();
        keyInput.readBigInteger();
        Dsa.Private build = Dsa.Private.builder().p(readBigInteger).q(readBigInteger2).g(readBigInteger3).x(keyInput.readBigInteger()).build();
        DSAPrivateKey key = build.toKey();
        DSAPublicKey key2 = build.toPublic().toKey();
        HashMap hashMap = new HashMap();
        hashMap.put("Comment", keyInput.readString());
        return new Key(key, key2, Key.Type.PRIVATE, Key.Algorithm.DSA, Key.Format.OPENSSH, hashMap);
    }

    private static byte[] writeRsaPrivateKey(Key key, KeyOutput keyOutput) throws IOException {
        RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) key.getKey();
        keyOutput.writeBigInteger(rSAPrivateCrtKey.getModulus());
        keyOutput.writeBigInteger(rSAPrivateCrtKey.getPublicExponent());
        keyOutput.writeBigInteger(rSAPrivateCrtKey.getPrivateExponent());
        keyOutput.writeBigInteger(rSAPrivateCrtKey.getCrtCoefficient());
        keyOutput.writeBigInteger(rSAPrivateCrtKey.getPrimeP());
        keyOutput.writeBigInteger(rSAPrivateCrtKey.getPrimeQ());
        keyOutput.writeString(getComment(key));
        return keyOutput.toByteArray();
    }

    private static String getComment(Key key) {
        return key.getAttribute("Comment") == null ? "none" : key.getAttribute("Comment");
    }

    private static Key readRsaPrivateKey(KeyInput keyInput) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
        BigInteger readBigInteger = keyInput.readBigInteger();
        BigInteger readBigInteger2 = keyInput.readBigInteger();
        BigInteger readBigInteger3 = keyInput.readBigInteger();
        BigInteger readBigInteger4 = keyInput.readBigInteger();
        BigInteger readBigInteger5 = keyInput.readBigInteger();
        BigInteger readBigInteger6 = keyInput.readBigInteger();
        String readString = keyInput.readString();
        BigInteger valueOf = BigInteger.valueOf(1L);
        BigInteger mod = readBigInteger3.mod(readBigInteger5.subtract(valueOf));
        Rsa.Private build = Rsa.Private.builder().modulus(readBigInteger).publicExponent(readBigInteger2).privateExponent(readBigInteger3).crtCoefficient(readBigInteger4).primeP(readBigInteger5).primeQ(readBigInteger6).primeExponentP(mod).primeExponentQ(readBigInteger3.mod(readBigInteger6.subtract(valueOf))).build();
        RSAPrivateCrtKey key = build.toKey();
        RSAPublicKey key2 = build.toPublic().toKey();
        HashMap hashMap = new HashMap();
        hashMap.put("Comment", readString);
        return new Key(key, key2, Key.Type.PRIVATE, Key.Algorithm.RSA, Key.Format.OPENSSH, hashMap);
    }

    private static byte[] writeEcdsaPrivateKey(Key key, String str, KeyOutput keyOutput) throws IOException {
        if (key.getPublicKey() == null) {
            throw new IllegalStateException("ECPublicKey is missing.  This is required to write an ECPrivateKey to OPENSSH private key format");
        }
        ECPrivateKey eCPrivateKey = (ECPrivateKey) key.getKey();
        ECPublicKey eCPublicKey = (ECPublicKey) key.getPublicKey().getKey();
        keyOutput.writeString(str);
        keyOutput.writeBytes(EcPoints.toBytes(eCPublicKey.getW()));
        keyOutput.writeBigInteger(eCPrivateKey.getS());
        keyOutput.writeString(getComment(key));
        return keyOutput.toByteArray();
    }

    private static Key readEcdsaPrivateKey(Curve curve, KeyInput keyInput) throws IOException {
        String readString = keyInput.readString();
        if (!curve.name().equals(readString)) {
            throw new IllegalStateException(String.format("Mismatched curve %s does not match key type of ecdsa-sha2-%s", readString, curve.name()));
        }
        ECPoint fromBytes = EcPoints.fromBytes(keyInput.readBytes());
        Ecdsa.Private build = Ecdsa.Private.builder().curveName(readString).d(new BigInteger(1, keyInput.readBytes())).x(fromBytes.getAffineX()).y(fromBytes.getAffineY()).build();
        ECPrivateKey key = build.toKey();
        ECPublicKey key2 = build.toPublic().toKey();
        HashMap hashMap = new HashMap();
        String readString2 = keyInput.readString();
        if (readString2 != null) {
            hashMap.put("Comment", readString2);
        } else {
            hashMap.put("Comment", "");
        }
        return new Key(key, key2, Key.Type.PRIVATE, Key.Algorithm.EC, Key.Format.OPENSSH, hashMap);
    }

    public static void assertString(String str, String str2, String str3) {
        if (!str2.equals(str3)) {
            throw new IllegalArgumentException(String.format("Expected %s of '%s'. Found '%s'", str, str2, str3));
        }
    }

    public static void assertInt(String str, int i, int i2) {
        if (i != i2) {
            throw new IllegalArgumentException(String.format("Expected %s of '%s'. Found '%s'", str, Integer.valueOf(i), Integer.valueOf(i2)));
        }
    }
}
