package ch.ethz.ssh2.channel;

import ch.ethz.ssh2.AuthAgentCallback;
import ch.ethz.ssh2.crypto.SecureRandomFix;
import ch.ethz.ssh2.log.Logger;
import ch.ethz.ssh2.packets.TypesReader;
import ch.ethz.ssh2.packets.TypesWriter;
import ch.ethz.ssh2.signature.DSASHA1Verify;
import ch.ethz.ssh2.signature.ECDSASHA2Verify;
import ch.ethz.ssh2.signature.RSASHA1Verify;
import com.five_ten_sg.connectbot.util.PubkeyDatabase;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.DSAPrivateKeySpec;
import java.security.spec.DSAPublicKeySpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPrivateKeySpec;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.Map;
import net.sourceforge.jsocks.CProxy;

/* loaded from: classes.dex */
public class AuthAgentForwardThread extends Thread implements IChannelWorkerThread {
    private static final int SSH2_AGENTC_ADD_IDENTITY = 17;
    private static final int SSH2_AGENTC_ADD_ID_CONSTRAINED = 25;
    private static final int SSH2_AGENTC_REMOVE_ALL_IDENTITIES = 19;
    private static final int SSH2_AGENTC_REMOVE_IDENTITY = 18;
    private static final int SSH2_AGENTC_REQUEST_IDENTITIES = 11;
    private static final int SSH2_AGENTC_SIGN_REQUEST = 13;
    private static final int SSH2_AGENT_IDENTITIES_ANSWER = 12;
    private static final int SSH2_AGENT_SIGN_RESPONSE = 14;
    private static final int SSH_AGENTC_LOCK = 22;
    private static final int SSH_AGENTC_UNLOCK = 23;
    private static final int SSH_AGENT_CONSTRAIN_CONFIRM = 2;
    private static final int SSH_AGENT_CONSTRAIN_LIFETIME = 1;
    private static final byte[] SSH_AGENT_FAILURE = {0, 0, 0, 1, 5};
    private static final byte[] SSH_AGENT_SUCCESS = {0, 0, 0, 1, 6};
    private static final Logger log = Logger.getLogger(RemoteAcceptThread.class);
    AuthAgentCallback authAgent;
    byte[] buffer = new byte[CProxy.SOCKS_PROXY_IO_ERROR];
    Channel c;
    InputStream is;
    OutputStream os;

    public AuthAgentForwardThread(Channel channel, AuthAgentCallback authAgentCallback) {
        this.c = channel;
        this.authAgent = authAgentCallback;
        log.debug("AuthAgentForwardThread started");
    }

    private void addIdentity(TypesReader typesReader, boolean z) {
        String str;
        String readString;
        KeySpec eCPublicKeySpec;
        KeySpec eCPrivateKeySpec;
        int i;
        try {
            try {
                if (failWhenLocked()) {
                    return;
                }
                String readString2 = typesReader.readString();
                if (readString2.equals("ssh-rsa")) {
                    str = PubkeyDatabase.KEY_TYPE_RSA;
                    BigInteger readMPINT = typesReader.readMPINT();
                    BigInteger readMPINT2 = typesReader.readMPINT();
                    BigInteger readMPINT3 = typesReader.readMPINT();
                    BigInteger readMPINT4 = typesReader.readMPINT();
                    BigInteger readMPINT5 = typesReader.readMPINT();
                    BigInteger readMPINT6 = typesReader.readMPINT();
                    readString = typesReader.readString();
                    BigInteger mod = readMPINT3.mod(readMPINT5.subtract(BigInteger.ONE));
                    BigInteger mod2 = readMPINT3.mod(readMPINT6.subtract(BigInteger.ONE));
                    eCPublicKeySpec = new RSAPublicKeySpec(readMPINT, readMPINT2);
                    eCPrivateKeySpec = new RSAPrivateCrtKeySpec(readMPINT, readMPINT2, readMPINT3, readMPINT5, readMPINT6, mod, mod2, readMPINT4);
                } else if (readString2.equals("ssh-dss")) {
                    str = PubkeyDatabase.KEY_TYPE_DSA;
                    BigInteger readMPINT7 = typesReader.readMPINT();
                    BigInteger readMPINT8 = typesReader.readMPINT();
                    BigInteger readMPINT9 = typesReader.readMPINT();
                    BigInteger readMPINT10 = typesReader.readMPINT();
                    BigInteger readMPINT11 = typesReader.readMPINT();
                    readString = typesReader.readString();
                    eCPublicKeySpec = new DSAPublicKeySpec(readMPINT10, readMPINT7, readMPINT8, readMPINT9);
                    eCPrivateKeySpec = new DSAPrivateKeySpec(readMPINT11, readMPINT7, readMPINT8, readMPINT9);
                } else {
                    if (!readString2.equals("ecdsa-sha2-nistp256")) {
                        log.debug("Unknown key type: " + readString2);
                        this.os.write(SSH_AGENT_FAILURE);
                        return;
                    }
                    str = PubkeyDatabase.KEY_TYPE_EC;
                    String readString3 = typesReader.readString();
                    byte[] readByteString = typesReader.readByteString();
                    BigInteger readMPINT12 = typesReader.readMPINT();
                    readString = typesReader.readString();
                    if (!"nistp256".equals(readString3)) {
                        log.debug("Invalid curve name for ecdsa-sha2-nistp256: " + readString3);
                        this.os.write(SSH_AGENT_FAILURE);
                        return;
                    }
                    ECParameterSpec eCParameterSpec = ECDSASHA2Verify.EllipticCurves.nistp256;
                    ECPoint decodeECPoint = ECDSASHA2Verify.decodeECPoint(readByteString, eCParameterSpec.getCurve());
                    if (decodeECPoint == null) {
                        log.debug("No groupfor ecdsa-sha2-nistp256: ");
                        this.os.write(SSH_AGENT_FAILURE);
                        return;
                    } else {
                        eCPublicKeySpec = new ECPublicKeySpec(decodeECPoint, eCParameterSpec);
                        eCPrivateKeySpec = new ECPrivateKeySpec(readMPINT12, eCParameterSpec);
                    }
                }
                try {
                    KeyFactory keyFactory = KeyFactory.getInstance(str);
                    KeyPair keyPair = new KeyPair(keyFactory.generatePublic(eCPublicKeySpec), keyFactory.generatePrivate(eCPrivateKeySpec));
                    boolean z2 = false;
                    if (z) {
                        i = 0;
                        while (typesReader.remain() > 0) {
                            int readByte = typesReader.readByte();
                            if (readByte == 2) {
                                z2 = true;
                            } else {
                                if (readByte != 1) {
                                    this.os.write(SSH_AGENT_FAILURE);
                                    return;
                                }
                                i = typesReader.readUINT32();
                            }
                        }
                    } else {
                        i = 0;
                    }
                    if (this.authAgent.addIdentity(keyPair, readString, z2, i)) {
                        this.os.write(SSH_AGENT_SUCCESS);
                    } else {
                        this.os.write(SSH_AGENT_FAILURE);
                    }
                } catch (NoSuchAlgorithmException unused) {
                    this.os.write(SSH_AGENT_FAILURE);
                } catch (InvalidKeySpecException unused2) {
                    this.os.write(SSH_AGENT_FAILURE);
                }
            } catch (IOException unused3) {
            }
        } catch (IOException unused4) {
            this.os.write(SSH_AGENT_FAILURE);
        }
    }

    private boolean failWhenLocked() throws IOException {
        if (!this.authAgent.isAgentLocked()) {
            return false;
        }
        this.os.write(SSH_AGENT_FAILURE);
        return true;
    }

    private void processLockRequest(TypesReader typesReader) {
        try {
            try {
                if (failWhenLocked()) {
                    return;
                }
                if (this.authAgent.setAgentLock(typesReader.readString())) {
                    this.os.write(SSH_AGENT_SUCCESS);
                } else {
                    this.os.write(SSH_AGENT_FAILURE);
                }
            } catch (IOException unused) {
            }
        } catch (IOException unused2) {
            this.os.write(SSH_AGENT_FAILURE);
        }
    }

    private void processSignRequest(TypesReader typesReader) {
        byte[] encodeSSHECDSASignature;
        try {
            try {
                if (failWhenLocked()) {
                    return;
                }
                byte[] readByteString = typesReader.readByteString();
                byte[] readByteString2 = typesReader.readByteString();
                if (typesReader.readUINT32() != 0) {
                    this.os.write(SSH_AGENT_FAILURE);
                    return;
                }
                KeyPair keyPair = this.authAgent.getKeyPair(readByteString);
                if (keyPair == null) {
                    this.os.write(SSH_AGENT_FAILURE);
                    return;
                }
                PrivateKey privateKey = keyPair.getPrivate();
                if (privateKey instanceof RSAPrivateKey) {
                    encodeSSHECDSASignature = RSASHA1Verify.encodeSSHRSASignature(RSASHA1Verify.generateSignature(readByteString2, (RSAPrivateKey) privateKey));
                } else if (privateKey instanceof DSAPrivateKey) {
                    encodeSSHECDSASignature = DSASHA1Verify.encodeSSHDSASignature(DSASHA1Verify.generateSignature(readByteString2, (DSAPrivateKey) privateKey, new SecureRandomFix()));
                } else if (!(privateKey instanceof ECPrivateKey)) {
                    this.os.write(SSH_AGENT_FAILURE);
                    return;
                } else {
                    ECPrivateKey eCPrivateKey = (ECPrivateKey) privateKey;
                    encodeSSHECDSASignature = ECDSASHA2Verify.encodeSSHECDSASignature(ECDSASHA2Verify.generateSignature(readByteString2, eCPrivateKey), eCPrivateKey.getParams());
                }
                TypesWriter typesWriter = new TypesWriter();
                typesWriter.writeByte(14);
                typesWriter.writeString(encodeSSHECDSASignature, 0, encodeSSHECDSASignature.length);
                sendPacket(typesWriter.getBytes());
            } catch (IOException unused) {
                this.os.write(SSH_AGENT_FAILURE);
            }
        } catch (IOException unused2) {
        }
    }

    private void processUnlockRequest(TypesReader typesReader) {
        try {
            try {
                if (this.authAgent.requestAgentUnlock(typesReader.readString())) {
                    this.os.write(SSH_AGENT_SUCCESS);
                } else {
                    this.os.write(SSH_AGENT_FAILURE);
                }
            } catch (IOException unused) {
            }
        } catch (IOException unused2) {
            this.os.write(SSH_AGENT_FAILURE);
        }
    }

    private void removeAllIdentities(TypesReader typesReader) {
        try {
            try {
                if (failWhenLocked()) {
                    return;
                }
                if (this.authAgent.removeAllIdentities()) {
                    this.os.write(SSH_AGENT_SUCCESS);
                } else {
                    this.os.write(SSH_AGENT_FAILURE);
                }
            } catch (IOException unused) {
            }
        } catch (IOException unused2) {
            this.os.write(SSH_AGENT_FAILURE);
        }
    }

    private void removeIdentity(TypesReader typesReader) {
        try {
            try {
                if (failWhenLocked()) {
                    return;
                }
                if (this.authAgent.removeIdentity(typesReader.readByteString())) {
                    this.os.write(SSH_AGENT_SUCCESS);
                } else {
                    this.os.write(SSH_AGENT_FAILURE);
                }
            } catch (IOException unused) {
            }
        } catch (IOException unused2) {
            this.os.write(SSH_AGENT_FAILURE);
        }
    }

    private void sendIdentities() throws IOException {
        TypesWriter typesWriter = new TypesWriter();
        typesWriter.writeByte(12);
        Map<String, byte[]> retrieveIdentities = !this.authAgent.isAgentLocked() ? this.authAgent.retrieveIdentities() : null;
        typesWriter.writeUINT32(retrieveIdentities != null ? retrieveIdentities.size() : 0);
        if (retrieveIdentities != null) {
            for (Map.Entry<String, byte[]> entry : retrieveIdentities.entrySet()) {
                byte[] value = entry.getValue();
                typesWriter.writeString(value, 0, value.length);
                typesWriter.writeString(entry.getKey());
            }
        }
        sendPacket(typesWriter.getBytes());
    }

    private void sendPacket(byte[] bArr) throws IOException {
        TypesWriter typesWriter = new TypesWriter();
        typesWriter.writeUINT32(bArr.length);
        typesWriter.writeBytes(bArr);
        this.os.write(typesWriter.getBytes());
    }

    @Override // java.lang.Thread, java.lang.Runnable
    public void run() {
        try {
            this.c.cm.registerThread(this);
            try {
                this.c.cm.sendOpenConfirmation(this.c);
                this.is = this.c.getStdoutStream();
                this.os = this.c.getStdinStream();
                int i = 0;
                int i2 = 4;
                while (true) {
                    try {
                        int read = this.is.read(this.buffer, i, this.buffer.length - i);
                        if (read <= 0) {
                            this.c.cm.closeChannel(this.c, "EOF on both streams reached.", true);
                            return;
                        }
                        i += read;
                        if (i >= 4) {
                            i2 = new TypesReader(this.buffer, 0, 4).readUINT32() + 4;
                        }
                        if (i2 == i) {
                            TypesReader typesReader = new TypesReader(this.buffer, 4, i - 4);
                            int readByte = typesReader.readByte();
                            if (readByte == 11) {
                                sendIdentities();
                            } else if (readByte == 13) {
                                processSignRequest(typesReader);
                            } else if (readByte == 25) {
                                addIdentity(typesReader, true);
                            } else if (readByte == 22) {
                                processLockRequest(typesReader);
                            } else if (readByte != 23) {
                                switch (readByte) {
                                    case 17:
                                        addIdentity(typesReader, false);
                                        break;
                                    case 18:
                                        removeIdentity(typesReader);
                                        break;
                                    case 19:
                                        removeAllIdentities(typesReader);
                                        break;
                                    default:
                                        this.os.write(SSH_AGENT_FAILURE);
                                        break;
                                }
                            } else {
                                processUnlockRequest(typesReader);
                            }
                            i = 0;
                        }
                    } catch (IOException unused) {
                        stopWorking();
                        return;
                    }
                }
            } catch (IOException e) {
                log.debug("IOException in agent forwarder: " + e.getMessage());
                try {
                    this.is.close();
                } catch (IOException unused2) {
                }
                try {
                    this.os.close();
                } catch (IOException unused3) {
                }
                try {
                    this.c.cm.closeChannel(this.c, "IOException in agent forwarder (" + e.getMessage() + ")", true);
                } catch (IOException unused4) {
                }
            }
        } catch (IOException unused5) {
            stopWorking();
        }
    }

    @Override // ch.ethz.ssh2.channel.IChannelWorkerThread
    public void stopWorking() {
        try {
            this.is.close();
        } catch (IOException unused) {
        }
    }
}
