package ch.ethz.ssh2.transport;

import ch.ethz.ssh2.ConnectionInfo;
import ch.ethz.ssh2.DHGexParameters;
import ch.ethz.ssh2.ServerHostKeyVerifier;
import ch.ethz.ssh2.crypto.CryptoWishList;
import ch.ethz.ssh2.crypto.KeyMaterial;
import ch.ethz.ssh2.crypto.cipher.BlockCipherFactory;
import ch.ethz.ssh2.crypto.dh.DhExchange;
import ch.ethz.ssh2.crypto.dh.DhGroupExchange;
import ch.ethz.ssh2.crypto.digest.MAC;
import ch.ethz.ssh2.log.Logger;
import ch.ethz.ssh2.packets.PacketKexDHInit;
import ch.ethz.ssh2.packets.PacketKexDHReply;
import ch.ethz.ssh2.packets.PacketKexDhGexGroup;
import ch.ethz.ssh2.packets.PacketKexDhGexInit;
import ch.ethz.ssh2.packets.PacketKexDhGexReply;
import ch.ethz.ssh2.packets.PacketKexDhGexRequest;
import ch.ethz.ssh2.packets.PacketKexDhGexRequestOld;
import ch.ethz.ssh2.packets.PacketKexInit;
import ch.ethz.ssh2.packets.PacketNewKeys;
import ch.ethz.ssh2.signature.DSAPublicKey;
import ch.ethz.ssh2.signature.DSASHA1Verify;
import ch.ethz.ssh2.signature.DSASignature;
import ch.ethz.ssh2.signature.RSAPublicKey;
import ch.ethz.ssh2.signature.RSASHA1Verify;
import ch.ethz.ssh2.signature.RSASignature;
import java.io.IOException;
import java.security.SecureRandom;

/* loaded from: classes.dex */
public class KexManager {
    private static final Logger q = Logger.getLogger(KexManager.class);

    /* renamed from: a, reason: collision with root package name */
    KexState f957a;

    /* renamed from: c, reason: collision with root package name */
    KeyMaterial f959c;
    byte[] d;
    ClientServerHello e;
    final TransportManager j;
    CryptoWishList k;
    ServerHostKeyVerifier m;
    final String n;
    final int o;
    final SecureRandom p;

    /* renamed from: b, reason: collision with root package name */
    int f958b = 0;
    final Object f = new Object();
    ConnectionInfo g = null;
    boolean h = false;
    boolean i = false;
    DHGexParameters l = new DHGexParameters();

    public KexManager(TransportManager transportManager, ClientServerHello clientServerHello, CryptoWishList cryptoWishList, String str, int i, ServerHostKeyVerifier serverHostKeyVerifier, SecureRandom secureRandom) {
        this.j = transportManager;
        this.e = clientServerHello;
        this.k = cryptoWishList;
        this.n = str;
        this.o = i;
        this.m = serverHostKeyVerifier;
        this.p = secureRandom;
    }

    private String a(String[] strArr, String[] strArr2) {
        if (strArr == null || strArr2 == null) {
            throw new IllegalArgumentException();
        }
        if (strArr.length == 0) {
            return null;
        }
        for (int i = 0; i < strArr.length; i++) {
            for (String str : strArr2) {
                if (strArr[i].equals(str)) {
                    return strArr[i];
                }
            }
        }
        throw new NegotiateException();
    }

    private boolean a() {
        try {
            int keyLen = MAC.getKeyLen(this.f957a.np.mac_algo_client_to_server);
            int keySize = BlockCipherFactory.getKeySize(this.f957a.np.enc_algo_client_to_server);
            int blockSize = BlockCipherFactory.getBlockSize(this.f957a.np.enc_algo_client_to_server);
            int keyLen2 = MAC.getKeyLen(this.f957a.np.mac_algo_server_to_client);
            this.f959c = KeyMaterial.create("SHA1", this.f957a.H, this.f957a.K, this.d, keySize, blockSize, keyLen, BlockCipherFactory.getKeySize(this.f957a.np.enc_algo_server_to_client), BlockCipherFactory.getBlockSize(this.f957a.np.enc_algo_server_to_client), keyLen2);
            return true;
        } catch (IllegalArgumentException e) {
            return false;
        }
    }

    private boolean a(KexParameters kexParameters, KexParameters kexParameters2) {
        if (kexParameters == null || kexParameters2 == null) {
            throw new IllegalArgumentException();
        }
        return b(kexParameters.kex_algorithms, kexParameters2.kex_algorithms) && b(kexParameters.server_host_key_algorithms, kexParameters2.server_host_key_algorithms);
    }

    private boolean a(byte[] bArr, byte[] bArr2) {
        if (this.f957a.np.server_host_key_algo.equals("ssh-rsa")) {
            RSASignature decodeSSHRSASignature = RSASHA1Verify.decodeSSHRSASignature(bArr);
            RSAPublicKey decodeSSHRSAPublicKey = RSASHA1Verify.decodeSSHRSAPublicKey(bArr2);
            q.debug("Verifying ssh-rsa signature");
            return RSASHA1Verify.verifySignature(this.f957a.H, decodeSSHRSASignature, decodeSSHRSAPublicKey);
        }
        if (!this.f957a.np.server_host_key_algo.equals("ssh-dss")) {
            throw new IOException("Unknown server host key algorithm '" + this.f957a.np.server_host_key_algo + "'");
        }
        DSASignature decodeSSHDSASignature = DSASHA1Verify.decodeSSHDSASignature(bArr);
        DSAPublicKey decodeSSHDSAPublicKey = DSASHA1Verify.decodeSSHDSAPublicKey(bArr2);
        q.debug("Verifying ssh-dss signature");
        return DSASHA1Verify.verifySignature(this.f957a.H, decodeSSHDSASignature, decodeSSHDSAPublicKey);
    }

    private NegotiatedParameters b(KexParameters kexParameters, KexParameters kexParameters2) {
        NegotiatedParameters negotiatedParameters = new NegotiatedParameters();
        try {
            negotiatedParameters.kex_algo = a(kexParameters.kex_algorithms, kexParameters2.kex_algorithms);
            q.info("kex_algo=" + negotiatedParameters.kex_algo);
            negotiatedParameters.server_host_key_algo = a(kexParameters.server_host_key_algorithms, kexParameters2.server_host_key_algorithms);
            q.info("server_host_key_algo=" + negotiatedParameters.server_host_key_algo);
            negotiatedParameters.enc_algo_client_to_server = a(kexParameters.encryption_algorithms_client_to_server, kexParameters2.encryption_algorithms_client_to_server);
            negotiatedParameters.enc_algo_server_to_client = a(kexParameters.encryption_algorithms_server_to_client, kexParameters2.encryption_algorithms_server_to_client);
            q.info("enc_algo_client_to_server=" + negotiatedParameters.enc_algo_client_to_server);
            q.info("enc_algo_server_to_client=" + negotiatedParameters.enc_algo_server_to_client);
            negotiatedParameters.mac_algo_client_to_server = a(kexParameters.mac_algorithms_client_to_server, kexParameters2.mac_algorithms_client_to_server);
            negotiatedParameters.mac_algo_server_to_client = a(kexParameters.mac_algorithms_server_to_client, kexParameters2.mac_algorithms_server_to_client);
            q.info("mac_algo_client_to_server=" + negotiatedParameters.mac_algo_client_to_server);
            q.info("mac_algo_server_to_client=" + negotiatedParameters.mac_algo_server_to_client);
            negotiatedParameters.comp_algo_client_to_server = a(kexParameters.compression_algorithms_client_to_server, kexParameters2.compression_algorithms_client_to_server);
            negotiatedParameters.comp_algo_server_to_client = a(kexParameters.compression_algorithms_server_to_client, kexParameters2.compression_algorithms_server_to_client);
            q.info("comp_algo_client_to_server=" + negotiatedParameters.comp_algo_client_to_server);
            q.info("comp_algo_server_to_client=" + negotiatedParameters.comp_algo_server_to_client);
            try {
                negotiatedParameters.lang_client_to_server = a(kexParameters.languages_client_to_server, kexParameters2.languages_client_to_server);
            } catch (NegotiateException e) {
                negotiatedParameters.lang_client_to_server = null;
            }
            try {
                negotiatedParameters.lang_server_to_client = a(kexParameters.languages_server_to_client, kexParameters2.languages_server_to_client);
            } catch (NegotiateException e2) {
                negotiatedParameters.lang_server_to_client = null;
            }
            if (!a(kexParameters, kexParameters2)) {
                return negotiatedParameters;
            }
            negotiatedParameters.guessOK = true;
            return negotiatedParameters;
        } catch (NegotiateException e3) {
            return null;
        }
    }

    private void b() {
        if (this.d == null) {
            this.d = this.f957a.H;
        }
        a();
        this.j.sendKexMessage(new PacketNewKeys().getPayload());
        try {
            this.j.changeSendCipher(BlockCipherFactory.createCipher(this.f957a.np.enc_algo_client_to_server, true, this.f959c.enc_key_client_to_server, this.f959c.initial_iv_client_to_server), new MAC(this.f957a.np.mac_algo_client_to_server, this.f959c.integrity_key_client_to_server));
            this.j.kexFinished();
        } catch (IllegalArgumentException e) {
            throw new IOException("Fatal error during MAC startup!");
        }
    }

    private boolean b(String[] strArr, String[] strArr2) {
        if (strArr == null || strArr2 == null) {
            throw new IllegalArgumentException();
        }
        if (strArr.length == 0 && strArr2.length == 0) {
            return true;
        }
        if (strArr.length == 0 || strArr2.length == 0) {
            return false;
        }
        return strArr[0].equals(strArr2[0]);
    }

    public static void checkKexAlgorithmList(String[] strArr) {
        for (int i = 0; i < strArr.length; i++) {
            if (!"diffie-hellman-group-exchange-sha1".equals(strArr[i]) && !"diffie-hellman-group14-sha1".equals(strArr[i]) && !"diffie-hellman-group1-sha1".equals(strArr[i])) {
                throw new IllegalArgumentException("Unknown kex algorithm '" + strArr[i] + "'");
            }
        }
    }

    public static void checkServerHostkeyAlgorithmsList(String[] strArr) {
        for (int i = 0; i < strArr.length; i++) {
            if (!"ssh-rsa".equals(strArr[i]) && !"ssh-dss".equals(strArr[i])) {
                throw new IllegalArgumentException("Unknown server host key algorithm '" + strArr[i] + "'");
            }
        }
    }

    public static String[] getDefaultKexAlgorithmList() {
        return new String[]{"diffie-hellman-group-exchange-sha1", "diffie-hellman-group14-sha1", "diffie-hellman-group1-sha1"};
    }

    public static String[] getDefaultServerHostkeyAlgorithmList() {
        return new String[]{"ssh-rsa", "ssh-dss"};
    }

    public ConnectionInfo getOrWaitForConnectionInfo(int i) {
        ConnectionInfo connectionInfo;
        boolean z = false;
        try {
            synchronized (this.f) {
                while (true) {
                    if (this.g != null && this.g.keyExchangeCounter >= i) {
                        connectionInfo = this.g;
                    } else {
                        if (this.h) {
                            throw ((IOException) new IOException("Key exchange was not finished, connection is closed.").initCause(this.j.getReasonClosedCause()));
                        }
                        try {
                            this.f.wait();
                        } catch (InterruptedException e) {
                            z = true;
                        }
                    }
                }
            }
            return connectionInfo;
        } finally {
            if (z) {
                Thread.currentThread().interrupt();
            }
        }
    }

    public synchronized void handleMessage(byte[] bArr, int i) {
        if (bArr == null) {
            synchronized (this.f) {
                this.h = true;
                this.f.notifyAll();
            }
        } else {
            if (this.f957a == null && bArr[0] != 20) {
                throw new IOException("Unexpected KEX message (type " + ((int) bArr[0]) + ")");
            }
            if (this.i) {
                this.i = false;
            } else if (bArr[0] == 20) {
                if (this.f957a != null && this.f957a.state != 0) {
                    throw new IOException("Unexpected SSH_MSG_KEXINIT message during on-going kex exchange!");
                }
                if (this.f957a == null) {
                    this.f957a = new KexState();
                    this.f957a.dhgexParameters = this.l;
                    PacketKexInit packetKexInit = new PacketKexInit(this.k, this.p);
                    this.f957a.localKEX = packetKexInit;
                    this.j.sendKexMessage(packetKexInit.getPayload());
                }
                this.f957a.remoteKEX = new PacketKexInit(bArr, 0, i);
                this.f957a.np = b(this.f957a.localKEX.getKexParameters(), this.f957a.remoteKEX.getKexParameters());
                if (this.f957a.np == null) {
                    throw new IOException("Cannot negotiate, proposals do not match.");
                }
                if (this.f957a.remoteKEX.isFirst_kex_packet_follows() && !this.f957a.np.guessOK) {
                    this.i = true;
                }
                if (this.f957a.np.kex_algo.equals("diffie-hellman-group-exchange-sha1")) {
                    if (this.f957a.dhgexParameters.getMin_group_len() == 0) {
                        this.j.sendKexMessage(new PacketKexDhGexRequestOld(this.f957a.dhgexParameters).getPayload());
                    } else {
                        this.j.sendKexMessage(new PacketKexDhGexRequest(this.f957a.dhgexParameters).getPayload());
                    }
                    this.f957a.state = 1;
                } else {
                    if (!this.f957a.np.kex_algo.equals("diffie-hellman-group1-sha1") && !this.f957a.np.kex_algo.equals("diffie-hellman-group14-sha1")) {
                        throw new IllegalStateException("Unkown KEX method!");
                    }
                    this.f957a.dhx = new DhExchange();
                    if (this.f957a.np.kex_algo.equals("diffie-hellman-group1-sha1")) {
                        this.f957a.dhx.init(1, this.p);
                    } else {
                        this.f957a.dhx.init(14, this.p);
                    }
                    this.j.sendKexMessage(new PacketKexDHInit(this.f957a.dhx.getE()).getPayload());
                    this.f957a.state = 1;
                }
            } else if (bArr[0] == 21) {
                if (this.f959c == null) {
                    throw new IOException("Peer sent SSH_MSG_NEWKEYS, but I have no key material ready!");
                }
                try {
                    this.j.changeRecvCipher(BlockCipherFactory.createCipher(this.f957a.np.enc_algo_server_to_client, false, this.f959c.enc_key_server_to_client, this.f959c.initial_iv_server_to_client), new MAC(this.f957a.np.mac_algo_server_to_client, this.f959c.integrity_key_server_to_client));
                    ConnectionInfo connectionInfo = new ConnectionInfo();
                    this.f958b++;
                    connectionInfo.keyExchangeAlgorithm = this.f957a.np.kex_algo;
                    connectionInfo.keyExchangeCounter = this.f958b;
                    connectionInfo.clientToServerCryptoAlgorithm = this.f957a.np.enc_algo_client_to_server;
                    connectionInfo.serverToClientCryptoAlgorithm = this.f957a.np.enc_algo_server_to_client;
                    connectionInfo.clientToServerMACAlgorithm = this.f957a.np.mac_algo_client_to_server;
                    connectionInfo.serverToClientMACAlgorithm = this.f957a.np.mac_algo_server_to_client;
                    connectionInfo.serverHostKeyAlgorithm = this.f957a.np.server_host_key_algo;
                    connectionInfo.serverHostKey = this.f957a.hostkey;
                    synchronized (this.f) {
                        this.g = connectionInfo;
                        this.f.notifyAll();
                    }
                    this.f957a = null;
                } catch (IllegalArgumentException e) {
                    throw new IOException("Fatal error during MAC startup!");
                }
            } else {
                if (this.f957a == null || this.f957a.state == 0) {
                    throw new IOException("Unexpected Kex submessage!");
                }
                if (this.f957a.np.kex_algo.equals("diffie-hellman-group-exchange-sha1")) {
                    if (this.f957a.state == 1) {
                        PacketKexDhGexGroup packetKexDhGexGroup = new PacketKexDhGexGroup(bArr, 0, i);
                        this.f957a.dhgx = new DhGroupExchange(packetKexDhGexGroup.getP(), packetKexDhGexGroup.getG());
                        this.f957a.dhgx.init(this.p);
                        this.j.sendKexMessage(new PacketKexDhGexInit(this.f957a.dhgx.getE()).getPayload());
                        this.f957a.state = 2;
                    } else {
                        if (this.f957a.state != 2) {
                            throw new IllegalStateException("Illegal State in KEX Exchange!");
                        }
                        PacketKexDhGexReply packetKexDhGexReply = new PacketKexDhGexReply(bArr, 0, i);
                        this.f957a.hostkey = packetKexDhGexReply.getHostKey();
                        if (this.m != null) {
                            try {
                                if (!this.m.verifyServerHostKey(this.n, this.o, this.f957a.np.server_host_key_algo, this.f957a.hostkey)) {
                                    throw new IOException("The server hostkey was not accepted by the verifier callback");
                                }
                            } catch (Exception e2) {
                                throw ((IOException) new IOException("The server hostkey was not accepted by the verifier callback.").initCause(e2));
                            }
                        }
                        this.f957a.dhgx.setF(packetKexDhGexReply.getF());
                        try {
                            this.f957a.H = this.f957a.dhgx.calculateH(this.e.getClientString(), this.e.getServerString(), this.f957a.localKEX.getPayload(), this.f957a.remoteKEX.getPayload(), packetKexDhGexReply.getHostKey(), this.f957a.dhgexParameters);
                            if (!a(packetKexDhGexReply.getSignature(), this.f957a.hostkey)) {
                                throw new IOException("Hostkey signature sent by remote is wrong!");
                            }
                            this.f957a.K = this.f957a.dhgx.getK();
                            b();
                            this.f957a.state = -1;
                        } catch (IllegalArgumentException e3) {
                            throw ((IOException) new IOException("KEX error.").initCause(e3));
                        }
                    }
                } else {
                    if ((!this.f957a.np.kex_algo.equals("diffie-hellman-group1-sha1") && !this.f957a.np.kex_algo.equals("diffie-hellman-group14-sha1")) || this.f957a.state != 1) {
                        throw new IllegalStateException("Unkown KEX method! (" + this.f957a.np.kex_algo + ")");
                    }
                    PacketKexDHReply packetKexDHReply = new PacketKexDHReply(bArr, 0, i);
                    this.f957a.hostkey = packetKexDHReply.getHostKey();
                    if (this.m != null) {
                        try {
                            if (!this.m.verifyServerHostKey(this.n, this.o, this.f957a.np.server_host_key_algo, this.f957a.hostkey)) {
                                throw new IOException("The server hostkey was not accepted by the verifier callback");
                            }
                        } catch (Exception e4) {
                            throw ((IOException) new IOException("The server hostkey was not accepted by the verifier callback.").initCause(e4));
                        }
                    }
                    this.f957a.dhx.setF(packetKexDHReply.getF());
                    try {
                        this.f957a.H = this.f957a.dhx.calculateH(this.e.getClientString(), this.e.getServerString(), this.f957a.localKEX.getPayload(), this.f957a.remoteKEX.getPayload(), packetKexDHReply.getHostKey());
                        if (!a(packetKexDHReply.getSignature(), this.f957a.hostkey)) {
                            throw new IOException("Hostkey signature sent by remote is wrong!");
                        }
                        this.f957a.K = this.f957a.dhx.getK();
                        b();
                        this.f957a.state = -1;
                    } catch (IllegalArgumentException e5) {
                        throw ((IOException) new IOException("KEX error.").initCause(e5));
                    }
                }
            }
        }
    }

    public synchronized void initiateKEX(CryptoWishList cryptoWishList, DHGexParameters dHGexParameters) {
        this.k = cryptoWishList;
        this.l = dHGexParameters;
        if (this.f957a == null) {
            this.f957a = new KexState();
            this.f957a.dhgexParameters = this.l;
            PacketKexInit packetKexInit = new PacketKexInit(this.k, this.p);
            this.f957a.localKEX = packetKexInit;
            this.j.sendKexMessage(packetKexInit.getPayload());
        }
    }
}
