package c9;

import F8.l;
import G8.E;
import H8.i;
import I8.o;
import a2.C0809d;
import f8.C1335n;
import f8.InterfaceC1333l;
import java.nio.charset.StandardCharsets;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.util.Collection;
import java.util.List;
import java.util.concurrent.TimeUnit;
import n8.d;

/* compiled from: UserAuthPublicKey.java */
/* loaded from: classes.dex */
public final class f extends Z8.a implements i {
    @Override // Z8.a
    public final Boolean b4(l lVar, boolean z3) {
        W9.b bVar;
        boolean z10;
        o.i("Instance not initialized", z3);
        k9.f fVar = this.f10219E;
        String str = this.f10221G;
        boolean j10 = lVar.j();
        String u10 = lVar.u(StandardCharsets.UTF_8);
        int i10 = lVar.f4805E;
        int i11 = lVar.f4804D;
        int p2 = lVar.p();
        int b10 = lVar.b();
        W9.b bVar2 = this.f6996B;
        if (p2 < 0 || p2 > b10) {
            bVar2.k("doAuth({}@{}) illogical algorithm={} signature length ({}) when remaining={}", str, fVar, u10, Integer.valueOf(p2), Integer.valueOf(b10));
            throw new IndexOutOfBoundsException("Illogical signature length (" + p2 + ") for algorithm=" + u10);
        }
        lVar.S(lVar.f4804D + p2);
        PublicKey t9 = lVar.t(K8.c.f5012a);
        if (t9 instanceof n8.d) {
            n8.d dVar = (n8.d) t9;
            try {
                if (!d.b.f22320B.equals(dVar.getType())) {
                    throw new CertificateException("not a user certificate");
                }
                bVar = bVar2;
                long seconds = TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis()) ^ Long.MIN_VALUE;
                if (Long.compare(dVar.v() ^ Long.MIN_VALUE, seconds) > 0 || Long.compare(seconds, dVar.Q() ^ Long.MIN_VALUE) >= 0) {
                    throw new CertificateException("expired");
                }
                Collection<String> s02 = dVar.s0();
                if (!I8.e.d(s02) && !s02.contains(str)) {
                    throw new CertificateException("not valid for the given username");
                }
            } catch (CertificateException e10) {
                X3("doAuth({}@{}): public key certificate (id={}) is not valid: {}", str, fVar, dVar.getId(), e10.getMessage(), e10);
                throw e10;
            }
        } else {
            bVar = bVar2;
        }
        List i02 = (!I8.e.d(null) || fVar == null) ? null : fVar.i0();
        o.f(i02, "No signature factories for session=%s", fVar);
        boolean b11 = bVar.b();
        if (b11) {
            bVar.n("doAuth({}@{}) verify key type={}, factories={}, fingerprint={}", str, fVar, u10, C1335n.c(i02), n8.c.e(t9));
        }
        H8.e eVar = (H8.e) D8.c.a(u10, i02);
        o.b(eVar, u10, "No verifier located for algorithm=%s");
        eVar.V(fVar, t9);
        lVar.S(i10);
        byte[] l10 = j10 ? lVar.l() : null;
        c S12 = fVar.S1();
        if (S12 == null) {
            if (b11) {
                bVar.n("doAuth({}@{}) key type={}, fingerprint={} - no authenticator", str, fVar, u10, n8.c.e(t9));
            }
            return Boolean.FALSE;
        }
        try {
            boolean T12 = S12.T1(str, t9, fVar);
            if (b11) {
                z10 = b11;
                bVar.n("doAuth({}@{}) key type={}, fingerprint={} - authentication result: {}", str, fVar, u10, n8.c.e(t9), Boolean.valueOf(T12));
            } else {
                z10 = b11;
            }
            if (!T12) {
                return Boolean.FALSE;
            }
            if (!j10) {
                byte[] bArr = lVar.f4803C;
                int i12 = p2 + 4;
                if (bVar.b()) {
                    bVar.n("doAuth({}@{}) send SSH_MSG_USERAUTH_PK_OK for key type={}, fingerprint={}", str, fVar, u10, n8.c.e(t9));
                }
                E w12 = fVar.w1(u10.length() + i12 + 32, (byte) 60);
                w12.K(u10);
                w12.H(i11, i12, bArr);
                fVar.A2(w12);
                return null;
            }
            lVar.f4804D = i11;
            lVar.S(i11 + 4 + p2);
            byte[] Z22 = fVar.Z2();
            String str2 = this.f10220F;
            int length = str2.length() + str.length() + Z22.length;
            String str3 = this.f10218D;
            J8.e eVar2 = new J8.e(u10.length() + str3.length() + length + 320, false);
            eVar2.A(Z22);
            eVar2.y((byte) 50);
            eVar2.K(str);
            eVar2.K(str2);
            eVar2.K(str3);
            eVar2.y((byte) 1);
            eVar2.K(u10);
            eVar2.W(lVar, true);
            if (bVar.j()) {
                bVar.A("verifySignature({}@{})[{}][{}] key type={}, fingerprint={} - verification data={}", str, fVar, str2, str3, u10, n8.c.e(t9), J8.d.m(eVar2.f4803C, eVar2.f4804D, eVar2.b(), ' '));
                bVar.A("verifySignature({}@{})[{}][{}] key type={}, fingerprint={} - expected signature={}", str, fVar, str2, str3, u10, n8.c.e(t9), J8.d.l(l10));
            }
            eVar.d1(eVar2.f4804D, eVar2.b(), eVar2.f4803C);
            if (!eVar.A1(fVar, l10)) {
                throw new SignatureException("Key verification failed");
            }
            if (z10) {
                bVar.n("doAuth({}@{}) key type={}, fingerprint={} - verified", str, fVar, u10, n8.c.e(t9));
            }
            return Boolean.TRUE;
        } catch (Error e11) {
            Y3("doAuth({}@{}) failed ({}) to consult delegate for {} key={}: {}", str, fVar, e11.getClass().getSimpleName(), u10, n8.c.e(t9), e11.getMessage(), e11);
            throw new C0809d(null, e11);
        }
    }

    @Override // H8.i
    public final List<InterfaceC1333l<H8.e>> i0() {
        return null;
    }
}
