package cn.schoolwow.ssh.flow.authenticate.login;

import cn.schoolwow.quickflow.domain.FlowContext;
import cn.schoolwow.quickflow.flow.BusinessFlow;
import cn.schoolwow.ssh.domain.SSHMessageCode;
import cn.schoolwow.ssh.domain.exception.SSHException;
import cn.schoolwow.ssh.domain.stream.DistinguishedEncodingRule;
import cn.schoolwow.ssh.domain.stream.SSHString;
import cn.schoolwow.ssh.layer.SSHSession;
import cn.schoolwow.ssh.layer.transport.digest.SSHDigest;
import cn.schoolwow.ssh.layer.transport.encrypt.AESCipher;
import cn.schoolwow.ssh.layer.transport.publickey.RSAHostKey;
import cn.schoolwow.ssh.stream.SSHInputStreamImpl;
import cn.schoolwow.ssh.stream.SSHOutputStream;
import cn.schoolwow.ssh.util.SSHUtil;
import com.alibaba.fastjson.JSONObject;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.security.KeyFactory;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.RSAPrivateKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.Base64;

/* loaded from: input_file:cn/schoolwow/ssh/flow/authenticate/login/LoginByPublicKeyFlow.class */
public class LoginByPublicKeyFlow implements BusinessFlow {
    private static String prefix = "-----BEGIN RSA PRIVATE KEY-----";
    private static String suffix = "-----END RSA PRIVATE KEY-----";

    @Override // cn.schoolwow.quickflow.flow.BusinessFlow
    public void executeBusinessFlow(FlowContext flowContext) throws Exception {
        checkPublicKeyType(flowContext);
        getPrivateKeyBytes(flowContext);
        writePublicKeyBlobAndSign(flowContext);
    }

    @Override // cn.schoolwow.quickflow.flow.BusinessFlow
    public String name() {
        return "根据公钥登录";
    }

    private void checkPublicKeyType(FlowContext flowContext) throws IOException {
        SSHSession sSHSession = (SSHSession) flowContext.checkData("sshSession");
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("host", sSHSession.quickSSHConfig.host);
        jSONObject.put("publicKeyFilePath", sSHSession.quickSSHConfig.publickeyFilePath);
        flowContext.putData("userLogin", jSONObject);
        String str = new String(Files.readAllBytes(sSHSession.quickSSHConfig.publickeyFilePath), StandardCharsets.UTF_8);
        if (!str.startsWith(prefix) && !str.endsWith(suffix)) {
            throw new SSHException("目前仅支持RSA私钥格式文件!");
        }
        flowContext.putTemporaryData("publicKeyContent", str);
    }

    private void getPrivateKeyBytes(FlowContext flowContext) throws Exception {
        byte[] decode;
        SSHSession sSHSession = (SSHSession) flowContext.checkData("sshSession");
        String str = (String) flowContext.checkData("publicKeyContent");
        if (str.contains("DEK-Info: AES-128-CBC,")) {
            int indexOf = str.indexOf("DEK-Info: AES-128-CBC,") + "DEK-Info: AES-128-CBC,".length();
            byte[] hexToByteArray = SSHUtil.hexToByteArray(str.substring(indexOf, indexOf + 32));
            byte[] decode2 = Base64.getDecoder().decode(str.substring(indexOf + 34, str.indexOf(suffix)).replace("\n", ""));
            AESCipher aESCipher = new AESCipher();
            aESCipher.algorithmName = "aes128-cbc";
            byte[] bArr = new byte[sSHSession.quickSSHConfig.passphrase.length + 8];
            System.arraycopy(sSHSession.quickSSHConfig.passphrase, 0, bArr, 0, sSHSession.quickSSHConfig.passphrase.length);
            System.arraycopy(hexToByteArray, 0, bArr, sSHSession.quickSSHConfig.passphrase.length, 8);
            decode = aESCipher.getServerCipher(hexToByteArray, SSHDigest.MD5.getMessageDigest().digest(bArr)).doFinal(decode2);
        } else {
            decode = Base64.getDecoder().decode(str.substring(prefix.length() + 1, str.indexOf(suffix)));
        }
        flowContext.putTemporaryData("privateKeyBytes", decode);
    }

    private void writePublicKeyBlobAndSign(FlowContext flowContext) throws Exception {
        SSHInputStreamImpl sSHInputStreamImpl = new SSHInputStreamImpl(new SSHInputStreamImpl((byte[]) flowContext.checkData("privateKeyBytes")).readDER().content);
        DistinguishedEncodingRule readDER = sSHInputStreamImpl.readDER();
        DistinguishedEncodingRule readDER2 = sSHInputStreamImpl.readDER();
        BigInteger bigInteger = new BigInteger(readDER2.content);
        DistinguishedEncodingRule readDER3 = sSHInputStreamImpl.readDER();
        BigInteger bigInteger2 = new BigInteger(readDER3.content);
        DistinguishedEncodingRule readDER4 = sSHInputStreamImpl.readDER();
        BigInteger bigInteger3 = new BigInteger(readDER4.content);
        DistinguishedEncodingRule readDER5 = sSHInputStreamImpl.readDER();
        BigInteger bigInteger4 = new BigInteger(readDER5.content);
        DistinguishedEncodingRule readDER6 = sSHInputStreamImpl.readDER();
        BigInteger bigInteger5 = new BigInteger(readDER6.content);
        DistinguishedEncodingRule readDER7 = sSHInputStreamImpl.readDER();
        BigInteger bigInteger6 = new BigInteger(readDER7.content);
        DistinguishedEncodingRule readDER8 = sSHInputStreamImpl.readDER();
        BigInteger bigInteger7 = new BigInteger(readDER8.content);
        DistinguishedEncodingRule readDER9 = sSHInputStreamImpl.readDER();
        new BigInteger(readDER9.content);
        flowContext.putData("[私钥文件版本号]{}", Integer.valueOf(new BigInteger(readDER.content).intValue()));
        flowContext.putData("[私钥文件modulus]{}", SSHUtil.byteArrayToHex(readDER2.content));
        flowContext.putData("[私钥文件publicExponent]{}", SSHUtil.byteArrayToHex(readDER3.content));
        flowContext.putData("[私钥文件privateExponent]{}", SSHUtil.byteArrayToHex(readDER4.content));
        flowContext.putData("[私钥文件prime1]{}", SSHUtil.byteArrayToHex(readDER5.content));
        flowContext.putData("[私钥文件prime2]{}", SSHUtil.byteArrayToHex(readDER6.content));
        flowContext.putData("[私钥文件exponent1]{}", SSHUtil.byteArrayToHex(readDER7.content));
        flowContext.putData("[私钥文件exponent2]{}", SSHUtil.byteArrayToHex(readDER8.content));
        flowContext.putData("[私钥文件coefficient]{}", SSHUtil.byteArrayToHex(readDER9.content));
        if (!bigInteger6.equals(bigInteger3.mod(bigInteger4.subtract(BigInteger.ONE)))) {
            throw new SSHException("私钥文件校验失败!校验 exponent1 = d mod (p-1)失败!");
        }
        if (!bigInteger7.equals(bigInteger3.mod(bigInteger5.subtract(BigInteger.ONE)))) {
            throw new SSHException("私钥文件校验失败!校验 exponent2 = d mod (q-1)失败!");
        }
        SSHSession sSHSession = (SSHSession) flowContext.checkData("sshSession");
        SSHOutputStream sSHOutputStream = (SSHOutputStream) flowContext.checkData("sos");
        sSHOutputStream.writeByte(SSHMessageCode.SSH_MSG_USERAUTH_REQUEST.value);
        sSHOutputStream.writeSSHString(new SSHString(sSHSession.quickSSHConfig.username));
        sSHOutputStream.writeSSHString(new SSHString("ssh-connection"));
        sSHOutputStream.writeSSHString(new SSHString("publickey"));
        sSHOutputStream.writeBoolean(true);
        sSHOutputStream.writeSSHString(new SSHString("ssh-rsa"));
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        RSAPublicKey rSAPublicKey = (RSAPublicKey) keyFactory.generatePublic(new RSAPublicKeySpec(bigInteger, bigInteger2));
        RSAHostKey rSAHostKey = new RSAHostKey();
        sSHOutputStream.writeSSHString(new SSHString(rSAHostKey.formatPublicKey(rSAPublicKey)));
        byte[] byteArray = sSHOutputStream.toByteArray();
        flowContext.putTemporaryData("commonBytes", byteArray);
        sSHOutputStream.reset();
        sSHOutputStream.writeSSHString(new SSHString(sSHSession.sessionId));
        sSHOutputStream.write(byteArray);
        byte[] sign = rSAHostKey.sign(sSHOutputStream.toByteArray(), (RSAPrivateKey) keyFactory.generatePrivate(new RSAPrivateKeySpec(bigInteger, bigInteger3)));
        sSHOutputStream.reset();
        sSHOutputStream.write(byteArray);
        sSHOutputStream.writeSSHString(new SSHString(sign));
        sSHSession.writeSSHProtocolPayload(sSHOutputStream.toByteArray());
    }
}
