package com.mindbright.ssh2;

import com.mindbright.asn1.ASN1DER;
import com.mindbright.ssh2.SSH2DSS;
import com.mindbright.util.Crypto;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.KeyPairGenerator;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPublicKeySpec;

/* loaded from: input_file:com/mindbright/ssh2/SSH2ECDSASHA2NIST.class */
public abstract class SSH2ECDSASHA2NIST extends SSH2SimpleSignature {
    private String curve;

    /* loaded from: input_file:com/mindbright/ssh2/SSH2ECDSASHA2NIST$P256.class */
    public static class P256 extends SSH2ECDSASHA2NIST {
        public P256() {
            super("SHA256withECDSA", "ecdsa-sha2-nistp256", "secp256r1");
        }
    }

    /* loaded from: input_file:com/mindbright/ssh2/SSH2ECDSASHA2NIST$P384.class */
    public static class P384 extends SSH2ECDSASHA2NIST {
        public P384() {
            super("SHA384withECDSA", "ecdsa-sha2-nistp384", "secp384r1");
        }
    }

    /* loaded from: input_file:com/mindbright/ssh2/SSH2ECDSASHA2NIST$P521.class */
    public static class P521 extends SSH2ECDSASHA2NIST {
        public P521() {
            super("SHA512withECDSA", "ecdsa-sha2-nistp521", "secp521r1");
        }
    }

    public SSH2ECDSASHA2NIST(String str, String str2, String str3) {
        super(str, str2);
        this.curve = str3;
    }

    @Override // com.mindbright.ssh2.SSH2Signature, com.mindbright.ssh2.SSH2PKISigner
    public byte[] sign(byte[] bArr) throws SSH2SignatureException {
        try {
            this.signature.update(bArr);
            byte[] sign = this.signature.sign();
            try {
                SSH2DSS.DSASIG dsasig = new SSH2DSS.DSASIG();
                new ASN1DER().decode(new ByteArrayInputStream(sign), dsasig);
                SSH2DataBuffer sSH2DataBuffer = new SSH2DataBuffer(256);
                sSH2DataBuffer.writeBigInt(dsasig.r.getValue());
                sSH2DataBuffer.writeBigInt(dsasig.s.getValue());
                return encodeSignature(sSH2DataBuffer.readRestRaw());
            } catch (IOException e) {
                throw new SSH2SignatureException("DER decode failed: " + e.getMessage());
            }
        } catch (SignatureException e2) {
            throw new SSH2SignatureException("Error in " + this.algorithm + " sign: " + e2.getMessage());
        }
    }

    @Override // com.mindbright.ssh2.SSH2Signature
    public boolean verify(byte[] bArr, byte[] bArr2) throws SSH2SignatureException {
        try {
            this.signature.update(bArr2);
            byte[] decodeSignature = decodeSignature(bArr);
            SSH2DataBuffer sSH2DataBuffer = new SSH2DataBuffer(decodeSignature.length);
            sSH2DataBuffer.writeRaw(decodeSignature);
            SSH2DSS.DSASIG dsasig = new SSH2DSS.DSASIG(sSH2DataBuffer.readBigInt(), sSH2DataBuffer.readBigInt());
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(128);
            try {
                new ASN1DER().encode(byteArrayOutputStream, dsasig);
                return this.signature.verify(byteArrayOutputStream.toByteArray());
            } catch (IOException e) {
                throw new SSH2SignatureException("DER encode failed: " + e.getMessage());
            }
        } catch (SignatureException e2) {
            throw new SSH2SignatureException("Error in " + this.algorithm + " verify: " + e2.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.mindbright.ssh2.SSH2Signature
    public byte[] encodePublicKey(PublicKey publicKey) throws SSH2Exception {
        try {
            ECPublicKey eCPublicKey = (ECPublicKey) publicKey;
            SSH2DataBuffer sSH2DataBuffer = new SSH2DataBuffer(256);
            sSH2DataBuffer.writeString(this.ssh2KeyFormat);
            sSH2DataBuffer.writeString(this.ssh2KeyFormat.substring(this.ssh2KeyFormat.lastIndexOf("-") + 1));
            sSH2DataBuffer.writeString(SSH2KEXECDHSHA2NIST.tobytes(eCPublicKey.getW(), eCPublicKey.getParams().getCurve()));
            return sSH2DataBuffer.readRestRaw();
        } catch (Throwable th) {
            throw new SSH2FatalException("Failed to encode public key");
        }
    }

    public static ECParameterSpec getParamsForCurve(String str) {
        try {
            KeyPairGenerator keyPairGenerator = Crypto.getKeyPairGenerator("EC");
            keyPairGenerator.initialize(new ECGenParameterSpec(str), Crypto.getSecureRandom());
            return ((ECPublicKey) keyPairGenerator.generateKeyPair().getPublic()).getParams();
        } catch (Throwable th) {
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.mindbright.ssh2.SSH2Signature
    public PublicKey decodePublicKey(byte[] bArr) throws SSH2Exception {
        try {
            SSH2DataBuffer sSH2DataBuffer = new SSH2DataBuffer(bArr.length);
            sSH2DataBuffer.writeRaw(bArr);
            String readJavaString = sSH2DataBuffer.readJavaString();
            if (!readJavaString.equals(this.ssh2KeyFormat)) {
                throw new SSH2FatalException("SSH2ECDSAHSA2NIST, keyblob type mismatch, got '" + readJavaString + ", (expected '" + this.ssh2KeyFormat + "')");
            }
            sSH2DataBuffer.readJavaString();
            byte[] readString = sSH2DataBuffer.readString();
            ECParameterSpec paramsForCurve = getParamsForCurve(this.curve);
            return Crypto.getKeyFactory("EC").generatePublic(new ECPublicKeySpec(SSH2KEXECDHSHA2NIST.frombytes(readString, paramsForCurve.getCurve()), paramsForCurve));
        } catch (Throwable th) {
            throw new SSH2FatalException("Failed to decode public key blob");
        }
    }
}
