package com.trilead.ssh2.signature;

import com.trilead.ssh2.packets.TypesReader;
import com.trilead.ssh2.packets.TypesWriter;
import com.trilead.ssh2.signature.RSASHA1Verify;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import kotlin.text.UStringsKt;

/* loaded from: classes.dex */
public final class RSASHA256Verify implements SSHSignature {
    public static final UStringsKt log = UStringsKt.getLogger(RSASHA256Verify.class);

    /* loaded from: classes.dex */
    public static class InstanceHolder {
        public static final RSASHA256Verify sInstance = new RSASHA256Verify();
    }

    public static byte[] encodeRSASHA256Signature(byte[] bArr) throws IOException {
        TypesWriter typesWriter = new TypesWriter();
        typesWriter.writeString("rsa-sha2-256");
        if (bArr.length <= 1 || bArr[0] != 0) {
            typesWriter.writeString(bArr, 0, bArr.length);
        } else {
            typesWriter.writeString(bArr, 1, bArr.length - 1);
        }
        return typesWriter.getBytes();
    }

    @Override // com.trilead.ssh2.signature.SSHSignature
    public final PublicKey decodePublicKey(byte[] bArr) throws IOException {
        UStringsKt uStringsKt = RSASHA1Verify.log;
        return RSASHA1Verify.InstanceHolder.sInstance.decodePublicKey(bArr);
    }

    @Override // com.trilead.ssh2.signature.SSHSignature
    public final String getKeyFormat() {
        return "rsa-sha2-256";
    }

    @Override // com.trilead.ssh2.signature.SSHSignature
    public final boolean verifySignature(byte[] bArr, byte[] bArr2, PublicKey publicKey) throws IOException {
        TypesReader typesReader = new TypesReader(bArr2);
        if (!typesReader.readString().equals("rsa-sha2-256")) {
            throw new IOException("Peer sent wrong signature format");
        }
        byte[] readByteString = typesReader.readByteString();
        if (readByteString.length == 0) {
            throw new IOException("Error in RSA signature, S is empty.");
        }
        log.getClass();
        if (typesReader.remain() != 0) {
            throw new IOException("Padding in RSA signature!");
        }
        try {
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initVerify(publicKey);
            signature.update(bArr);
            return signature.verify(readByteString);
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            throw new IOException(e);
        }
    }
}
