package vg;

import ag.i;
import bg.r;
import c0.e2;
import ef.f;
import java.nio.charset.StandardCharsets;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.util.Collection;
import java.util.List;
import java.util.concurrent.TimeUnit;
import we.l;
import we.n;

/* loaded from: classes.dex */
public final class f extends sg.a implements i {
    public List<l<ag.e>> H;

    @Override // sg.a
    public final Boolean U4(cg.a aVar, boolean z10) {
        nh.b bVar;
        int i10;
        r.i("Instance not initialized", z10);
        dh.f fVar = this.E;
        String str = this.G;
        boolean j10 = aVar.j();
        String u10 = aVar.u(StandardCharsets.UTF_8);
        int U = aVar.U();
        int R = aVar.R();
        int w4 = (int) aVar.w();
        int b10 = ((cg.d) aVar).b();
        nh.b bVar2 = this.B;
        if (w4 < 0 || w4 > b10) {
            bVar2.m("doAuth({}@{}) illogical algorithm={} signature length ({}) when remaining={}", str, fVar, u10, Integer.valueOf(w4), Integer.valueOf(b10));
            throw new IndexOutOfBoundsException("Illogical signature length (" + w4 + ") for algorithm=" + u10);
        }
        aVar.V(aVar.R() + w4);
        PublicKey t10 = aVar.t(dg.c.f5132a);
        if (t10 instanceof ef.f) {
            ef.f fVar2 = (ef.f) t10;
            try {
                if (!f.b.B.equals(fVar2.getType())) {
                    throw new CertificateException("not a user certificate");
                }
                bVar = bVar2;
                long seconds = TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis()) ^ Long.MIN_VALUE;
                if (Long.compare(fVar2.x() ^ Long.MIN_VALUE, seconds) > 0 || Long.compare(seconds, fVar2.L() ^ Long.MIN_VALUE) >= 0) {
                    throw new CertificateException("expired");
                }
                Collection<String> h02 = fVar2.h0();
                if (!bg.f.f(h02) && !h02.contains(str)) {
                    throw new CertificateException("not valid for the given username");
                }
            } catch (CertificateException e10) {
                R4("doAuth({}@{}): public key certificate (id={}) is not valid: {}", str, fVar, fVar2.getId(), e10.getMessage(), e10);
                throw e10;
            }
        } else {
            bVar = bVar2;
        }
        List<l<ag.e>> n02 = n0();
        if (bg.f.f(n02)) {
            n02 = fVar == null ? null : fVar.n0();
        }
        r.f(n02, "No signature factories for session=%s", fVar);
        boolean c10 = bVar.c();
        if (c10) {
            bVar.n("doAuth({}@{}) verify key type={}, factories={}, fingerprint={}", str, fVar, u10, n.c(n02), ef.e.e(t10));
        }
        ag.e eVar = (ag.e) e2.b(u10, n02);
        r.c("No verifier located for algorithm=%s", eVar, u10);
        eVar.E0(fVar, t10);
        aVar.V(U);
        byte[] l10 = j10 ? aVar.l() : null;
        c m22 = fVar.m2();
        if (m22 == null) {
            if (c10) {
                bVar.n("doAuth({}@{}) key type={}, fingerprint={} - no authenticator", str, fVar, u10, ef.e.e(t10));
            }
            return Boolean.FALSE;
        }
        try {
            boolean q32 = m22.q3(str, t10, fVar);
            if (c10) {
                i10 = 4;
                bVar.n("doAuth({}@{}) key type={}, fingerprint={} - authentication result: {}", str, fVar, u10, ef.e.e(t10), Boolean.valueOf(q32));
            } else {
                i10 = 4;
            }
            if (!q32) {
                return Boolean.FALSE;
            }
            if (!j10) {
                byte[] c11 = aVar.c();
                int i11 = w4 + i10;
                if (bVar.c()) {
                    Object[] objArr = new Object[i10];
                    objArr[0] = str;
                    objArr[1] = fVar;
                    objArr[2] = u10;
                    objArr[3] = ef.e.e(t10);
                    bVar.n("doAuth({}@{}) send SSH_MSG_USERAUTH_PK_OK for key type={}, fingerprint={}", objArr);
                }
                cg.d J1 = fVar.J1(bg.f.j(u10) + i11 + 32, (byte) 60);
                J1.K(u10);
                J1.H(R, i11, c11);
                fVar.n(J1);
                return null;
            }
            aVar.S(R);
            aVar.V(R + 4 + w4);
            byte[] E3 = fVar.E3();
            String str2 = this.F;
            int length = str2.length() + str.length() + E3.length;
            String str3 = this.D;
            cg.d dVar = new cg.d(u10.length() + str3.length() + length + 320, false);
            dVar.z(E3);
            dVar.y((byte) 50);
            dVar.K(str);
            dVar.K(str2);
            dVar.K(str3);
            dVar.y((byte) 1);
            dVar.K(u10);
            dVar.Z(aVar, true);
            if (bVar.l()) {
                bVar.B("verifySignature({}@{})[{}][{}] key type={}, fingerprint={} - verification data={}", str, fVar, str2, str3, u10, ef.e.e(t10), cg.c.l(dVar.C, dVar.D, dVar.b(), ' '));
                bVar.B("verifySignature({}@{})[{}][{}] key type={}, fingerprint={} - expected signature={}", str, fVar, str2, str3, u10, ef.e.e(t10), cg.c.k(l10));
            }
            eVar.B0(dVar.C, dVar.D, dVar.b());
            if (!eVar.Q0(fVar, l10)) {
                throw new SignatureException("Key verification failed");
            }
            if (c10) {
                bVar.n("doAuth({}@{}) key type={}, fingerprint={} - verified", str, fVar, u10, ef.e.e(t10));
            }
            return Boolean.TRUE;
        } catch (Error e11) {
            S4("doAuth({}@{}) failed ({}) to consult delegate for {} key={}: {}", str, fVar, e11.getClass().getSimpleName(), u10, ef.e.e(t10), e11.getMessage(), e11);
            throw new a3.c(null, e11);
        }
    }

    @Override // ag.i
    public final List f3() {
        throw null;
    }

    @Override // ag.i
    public final List<l<ag.e>> n0() {
        return this.H;
    }
}
