package ug;

import ag.q;
import ag.s;
import df.g;
import java.nio.charset.StandardCharsets;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.util.Collection;
import java.util.List;
import java.util.concurrent.TimeUnit;
import ve.l;
import ve.n;
import zf.i;

/* loaded from: classes.dex */
public final class f extends rg.a implements i {
    public List<l<zf.e>> H;

    @Override // rg.a
    public final Boolean U4(bg.a aVar, boolean z10) {
        mh.b bVar;
        int i10;
        s.i("Instance not initialized", z10);
        ch.f fVar = this.E;
        String str = this.G;
        boolean j10 = aVar.j();
        String u10 = aVar.u(StandardCharsets.UTF_8);
        int S = aVar.S();
        int P = aVar.P();
        int x10 = (int) aVar.x();
        int b10 = ((bg.e) aVar).b();
        mh.b bVar2 = this.B;
        if (x10 < 0 || x10 > b10) {
            bVar2.m("doAuth({}@{}) illogical algorithm={} signature length ({}) when remaining={}", str, fVar, u10, Integer.valueOf(x10), Integer.valueOf(b10));
            throw new IndexOutOfBoundsException("Illogical signature length (" + x10 + ") for algorithm=" + u10);
        }
        aVar.T(aVar.P() + x10);
        PublicKey t10 = aVar.t(cg.c.f3344a);
        if (t10 instanceof df.g) {
            df.g gVar = (df.g) t10;
            try {
                if (!g.b.B.equals(gVar.getType())) {
                    throw new CertificateException("not a user certificate");
                }
                bVar = bVar2;
                long seconds = TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis()) ^ Long.MIN_VALUE;
                if (Long.compare(gVar.z() ^ Long.MIN_VALUE, seconds) > 0 || Long.compare(seconds, gVar.J() ^ Long.MIN_VALUE) >= 0) {
                    throw new CertificateException("expired");
                }
                Collection<String> h02 = gVar.h0();
                if (!ag.f.f(h02) && !h02.contains(str)) {
                    throw new CertificateException("not valid for the given username");
                }
            } catch (CertificateException e10) {
                R4("doAuth({}@{}): public key certificate (id={}) is not valid: {}", str, fVar, gVar.getId(), e10.getMessage(), e10);
                throw e10;
            }
        } else {
            bVar = bVar2;
        }
        List<l<zf.e>> h03 = h0();
        if (ag.f.f(h03)) {
            h03 = fVar == null ? null : fVar.h0();
        }
        s.f(h03, "No signature factories for session=%s", fVar);
        boolean c10 = bVar.c();
        if (c10) {
            bVar.n("doAuth({}@{}) verify key type={}, factories={}, fingerprint={}", str, fVar, u10, n.c(h03), df.f.e(t10));
        }
        zf.e eVar = (zf.e) q.a(u10, h03);
        s.c("No verifier located for algorithm=%s", eVar, u10);
        eVar.R2(fVar, t10);
        aVar.T(S);
        byte[] l10 = j10 ? aVar.l() : null;
        c j22 = fVar.j2();
        if (j22 == null) {
            if (c10) {
                bVar.n("doAuth({}@{}) key type={}, fingerprint={} - no authenticator", str, fVar, u10, df.f.e(t10));
            }
            return Boolean.FALSE;
        }
        try {
            boolean u42 = j22.u4(str, t10, fVar);
            if (c10) {
                i10 = 4;
                bVar.n("doAuth({}@{}) key type={}, fingerprint={} - authentication result: {}", str, fVar, u10, df.f.e(t10), Boolean.valueOf(u42));
            } else {
                i10 = 4;
            }
            if (!u42) {
                return Boolean.FALSE;
            }
            if (!j10) {
                byte[] c11 = aVar.c();
                int i11 = x10 + i10;
                if (bVar.c()) {
                    Object[] objArr = new Object[i10];
                    objArr[0] = str;
                    objArr[1] = fVar;
                    objArr[2] = u10;
                    objArr[3] = df.f.e(t10);
                    bVar.n("doAuth({}@{}) send SSH_MSG_USERAUTH_PK_OK for key type={}, fingerprint={}", objArr);
                }
                bg.e J1 = fVar.J1(ag.f.j(u10) + i11 + 32, (byte) 60);
                J1.K(u10);
                J1.G(P, i11, c11);
                fVar.n(J1);
                return null;
            }
            aVar.Q(P);
            aVar.T(P + 4 + x10);
            byte[] I3 = fVar.I3();
            String str2 = this.F;
            int length = str2.length() + str.length() + I3.length;
            String str3 = this.D;
            bg.e eVar2 = new bg.e(u10.length() + str3.length() + length + 320, false);
            eVar2.A(I3);
            eVar2.z((byte) 50);
            eVar2.K(str);
            eVar2.K(str2);
            eVar2.K(str3);
            eVar2.z((byte) 1);
            eVar2.K(u10);
            eVar2.X(aVar, true);
            if (bVar.l()) {
                bVar.B("verifySignature({}@{})[{}][{}] key type={}, fingerprint={} - verification data={}", str, fVar, str2, str3, u10, df.f.e(t10), bg.d.l(eVar2.C, eVar2.D, eVar2.b(), ' '));
                bVar.B("verifySignature({}@{})[{}][{}] key type={}, fingerprint={} - expected signature={}", str, fVar, str2, str3, u10, df.f.e(t10), bg.d.k(l10));
            }
            eVar.x0(eVar2.C, eVar2.D, eVar2.b());
            if (!eVar.a4(fVar, l10)) {
                throw new SignatureException("Key verification failed");
            }
            if (c10) {
                bVar.n("doAuth({}@{}) key type={}, fingerprint={} - verified", str, fVar, u10, df.f.e(t10));
            }
            return Boolean.TRUE;
        } catch (Error e11) {
            S4("doAuth({}@{}) failed ({}) to consult delegate for {} key={}: {}", str, fVar, e11.getClass().getSimpleName(), u10, df.f.e(t10), e11.getMessage(), e11);
            throw new h4.e(null, e11);
        }
    }

    @Override // zf.i
    public final List<l<zf.e>> h0() {
        return this.H;
    }

    @Override // zf.i
    public final List h3() {
        throw null;
    }
}
