package net.schmizz.sshj.transport;

import androidx.constraintlayout.solver.SolverVariable$Type$EnumUnboxingSharedUtility;
import com.google.android.gms.internal.cast.zzd;
import com.hierynomus.sshj.key.BaseKeyAlgorithm;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicBoolean;
import jcifs.SmbConstants;
import net.schmizz.concurrent.Event;
import net.schmizz.sshj.DefaultConfig;
import net.schmizz.sshj.common.Buffer;
import net.schmizz.sshj.common.ByteArrayUtils;
import net.schmizz.sshj.common.DisconnectReason;
import net.schmizz.sshj.common.ErrorNotifiable;
import net.schmizz.sshj.common.KeyType;
import net.schmizz.sshj.common.Message;
import net.schmizz.sshj.common.SSHException;
import net.schmizz.sshj.common.SSHPacket;
import net.schmizz.sshj.common.SSHPacketHandler;
import net.schmizz.sshj.common.SecurityUtils;
import net.schmizz.sshj.transport.cipher.Cipher;
import net.schmizz.sshj.transport.digest.SHA1;
import net.schmizz.sshj.transport.kex.AbstractDHG;
import net.schmizz.sshj.transport.mac.BaseMAC;
import net.schmizz.sshj.transport.verification.PromiscuousVerifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes.dex */
public final class KeyExchanger implements SSHPacketHandler, ErrorNotifiable {
    public Proposal clientProposal;
    public final Event done;
    public AbstractDHG kex;
    public final Event kexInitSent;
    public final Logger log;
    public NegotiatedAlgorithms negotiatedAlgs;
    public byte[] sessionID;
    public final TransportImpl transport;
    public final LinkedList hostVerifiers = new LinkedList();
    public final LinkedList algorithmVerifiers = new LinkedList();
    public final AtomicBoolean kexOngoing = new AtomicBoolean();
    public final AtomicBoolean initialKex = new AtomicBoolean(true);
    public final AtomicBoolean strictKex = new AtomicBoolean();
    public int expected = 1;

    public KeyExchanger(TransportImpl transportImpl) {
        this.transport = transportImpl;
        transportImpl.config.loggerFactory.getClass();
        this.log = LoggerFactory.getLogger((Class<?>) KeyExchanger.class);
        Event.AnonymousClass1 anonymousClass1 = TransportException.chainer;
        DefaultConfig defaultConfig = transportImpl.config;
        this.kexInitSent = new Event("kexinit sent", anonymousClass1, defaultConfig.loggerFactory);
        this.done = new Event("kex done", anonymousClass1, transportImpl.writeLock, defaultConfig.loggerFactory);
    }

    public static byte[] resizedKey(byte[] bArr, int i, SHA1 sha1, BigInteger bigInteger, byte[] bArr2) {
        while (i > bArr.length) {
            Buffer buffer = new Buffer();
            buffer.putMPInt(bigInteger);
            buffer.putRawBytes(0, bArr2.length, bArr2);
            buffer.putRawBytes(0, bArr.length, bArr);
            sha1.update(buffer.data, 0, buffer.available());
            byte[] digest = sha1.md.digest();
            byte[] bArr3 = new byte[bArr.length + digest.length];
            System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
            System.arraycopy(digest, 0, bArr3, bArr.length, digest.length);
            bArr = bArr3;
        }
        return bArr;
    }

    public final synchronized void ensureKexOngoing() {
        if (!this.kexOngoing.get()) {
            throw new SSHException(DisconnectReason.PROTOCOL_ERROR, "Key exchange packet received when key exchange was not ongoing", null);
        }
    }

    @Override // net.schmizz.sshj.common.SSHPacketHandler
    public final void handle(Message message, SSHPacket sSHPacket) {
        BaseMAC baseMAC;
        BaseMAC baseMAC2;
        int ordinal = SolverVariable$Type$EnumUnboxingSharedUtility.ordinal(this.expected);
        DisconnectReason disconnectReason = DisconnectReason.KEY_EXCHANGE_FAILED;
        AtomicBoolean atomicBoolean = this.initialKex;
        AtomicBoolean atomicBoolean2 = this.strictKex;
        DisconnectReason disconnectReason2 = DisconnectReason.PROTOCOL_ERROR;
        Event event = this.kexInitSent;
        Logger logger = this.log;
        TransportImpl transportImpl = this.transport;
        if (ordinal == 0) {
            Message message2 = Message.KEXINIT;
            if (message != message2) {
                throw new SSHException(disconnectReason2, "Was expecting " + message2, null);
            }
            logger.debug("Received SSH_MSG_KEXINIT");
            startKex(false);
            transportImpl.getClass();
            long j = SmbConstants.DEFAULT_RESPONSE_TIMEOUT;
            TimeUnit timeUnit = TimeUnit.MILLISECONDS;
            event.await(j);
            sSHPacket.rpos--;
            Proposal proposal = new Proposal(sSHPacket);
            boolean z = atomicBoolean.get();
            List list = proposal.kex;
            if (z && list.contains("kex-strict-s-v00@openssh.com")) {
                atomicBoolean2.set(true);
                logger.debug("Enabling strict key exchange extension");
                if (transportImpl.decoder.seq != 0) {
                    throw new SSHException(disconnectReason, "SSH_MSG_KEXINIT was not first package during strict key exchange", null);
                }
            }
            Proposal proposal2 = this.clientProposal;
            proposal2.getClass();
            NegotiatedAlgorithms negotiatedAlgorithms = new NegotiatedAlgorithms(Proposal.firstMatch("KeyExchangeAlgorithms", proposal2.kex, list), Proposal.firstMatch("HostKeyAlgorithms", proposal2.sig, proposal.sig), Proposal.firstMatch("Client2ServerCipherAlgorithms", proposal2.c2sCipher, proposal.c2sCipher), Proposal.firstMatch("Server2ClientCipherAlgorithms", proposal2.s2cCipher, proposal.s2cCipher), Proposal.firstMatch("Client2ServerMACAlgorithms", proposal2.c2sMAC, proposal.c2sMAC), Proposal.firstMatch("Server2ClientMACAlgorithms", proposal2.s2cMAC, proposal.s2cMAC), Proposal.firstMatch("Client2ServerCompressionAlgorithms", proposal2.c2sComp, proposal.c2sComp), Proposal.firstMatch("Server2ClientCompressionAlgorithms", proposal2.s2cComp, proposal.s2cComp));
            this.negotiatedAlgs = negotiatedAlgorithms;
            logger.debug("Negotiated algorithms: {}", negotiatedAlgorithms);
            Iterator it = this.algorithmVerifiers.iterator();
            if (it.hasNext()) {
                if (it.next() != null) {
                    throw new ClassCastException();
                }
                logger.debug("Trying to verify algorithms with {}", (Object) null);
                throw null;
            }
            DefaultConfig defaultConfig = transportImpl.config;
            this.kex = (AbstractDHG) ByteArrayUtils.create(this.negotiatedAlgs.kex, defaultConfig.kexFactories);
            transportImpl.hostKeyAlgorithm = (BaseKeyAlgorithm) ByteArrayUtils.create(this.negotiatedAlgs.sig, defaultConfig.keyAlgorithms);
            try {
                AbstractDHG abstractDHG = this.kex;
                String str = transportImpl.serverID;
                String str2 = transportImpl.clientID;
                byte[] compactData = new SSHPacket(sSHPacket).getCompactData();
                Proposal proposal3 = this.clientProposal;
                proposal3.getClass();
                abstractDHG.init(transportImpl, str, str2, compactData, new SSHPacket(proposal3.packet).getCompactData());
                this.expected = 2;
                return;
            } catch (GeneralSecurityException e) {
                throw new SSHException(disconnectReason, null, e);
            }
        }
        if (ordinal == 1) {
            ensureKexOngoing();
            logger.debug("Received kex followup data");
            try {
                if (this.kex.next(message, sSHPacket)) {
                    verifyHost(this.kex.hostKey);
                    logger.debug("Sending SSH_MSG_NEWKEYS");
                    transportImpl.write(new SSHPacket(Message.NEWKEYS));
                    if (atomicBoolean2.get()) {
                        transportImpl.encoder.seq = -1L;
                    }
                    this.expected = 3;
                    return;
                }
                return;
            } catch (GeneralSecurityException e2) {
                throw new SSHException(disconnectReason, null, e2);
            }
        }
        if (ordinal != 2) {
            return;
        }
        Message message3 = Message.NEWKEYS;
        if (message != message3) {
            throw new SSHException(disconnectReason2, "Was expecting " + message3, null);
        }
        ensureKexOngoing();
        logger.debug("Received SSH_MSG_NEWKEYS");
        AbstractDHG abstractDHG2 = this.kex;
        SHA1 sha1 = abstractDHG2.digest;
        byte[] bArr = abstractDHG2.H;
        byte[] copyOf = Arrays.copyOf(bArr, bArr.length);
        if (this.sessionID == null) {
            this.sessionID = copyOf;
        }
        Buffer buffer = new Buffer();
        buffer.putMPInt((BigInteger) this.kex.dh.K);
        buffer.putRawBytes(0, copyOf.length, copyOf);
        buffer.putByte((byte) 0);
        byte[] bArr2 = this.sessionID;
        buffer.putRawBytes(0, bArr2.length, bArr2);
        int available = (buffer.available() - this.sessionID.length) - 1;
        byte[] bArr3 = buffer.data;
        bArr3[available] = 65;
        sha1.update(bArr3, 0, buffer.available());
        byte[] digest = sha1.md.digest();
        byte[] bArr4 = buffer.data;
        bArr4[available] = 66;
        sha1.update(bArr4, 0, buffer.available());
        byte[] digest2 = sha1.md.digest();
        byte[] bArr5 = buffer.data;
        bArr5[available] = 67;
        sha1.update(bArr5, 0, buffer.available());
        byte[] digest3 = sha1.md.digest();
        byte[] bArr6 = buffer.data;
        bArr6[available] = 68;
        sha1.update(bArr6, 0, buffer.available());
        byte[] digest4 = sha1.md.digest();
        byte[] bArr7 = buffer.data;
        bArr7[available] = 69;
        sha1.update(bArr7, 0, buffer.available());
        byte[] digest5 = sha1.md.digest();
        byte[] bArr8 = buffer.data;
        bArr8[available] = 70;
        sha1.update(bArr8, 0, buffer.available());
        byte[] digest6 = sha1.md.digest();
        Cipher cipher = (Cipher) ByteArrayUtils.create(this.negotiatedAlgs.c2sCipher, transportImpl.config.cipherFactories);
        int blockSize = cipher.getBlockSize();
        AbstractDHG abstractDHG3 = this.kex;
        BigInteger bigInteger = (BigInteger) abstractDHG3.dh.K;
        byte[] bArr9 = abstractDHG3.H;
        cipher.init(1, resizedKey(digest3, blockSize, sha1, bigInteger, Arrays.copyOf(bArr9, bArr9.length)), digest);
        DefaultConfig defaultConfig2 = transportImpl.config;
        Cipher cipher2 = (Cipher) ByteArrayUtils.create(this.negotiatedAlgs.s2cCipher, defaultConfig2.cipherFactories);
        int blockSize2 = cipher2.getBlockSize();
        AbstractDHG abstractDHG4 = this.kex;
        BigInteger bigInteger2 = (BigInteger) abstractDHG4.dh.K;
        byte[] bArr10 = abstractDHG4.H;
        cipher2.init(2, resizedKey(digest4, blockSize2, sha1, bigInteger2, Arrays.copyOf(bArr10, bArr10.length)), digest2);
        if (cipher.getAuthenticationTagSize() == 0) {
            baseMAC = (BaseMAC) ByteArrayUtils.create(this.negotiatedAlgs.c2sMAC, defaultConfig2.macFactories);
            int i = baseMAC.bsize;
            AbstractDHG abstractDHG5 = this.kex;
            BigInteger bigInteger3 = (BigInteger) abstractDHG5.dh.K;
            byte[] bArr11 = abstractDHG5.H;
            baseMAC.init(resizedKey(digest5, i, sha1, bigInteger3, Arrays.copyOf(bArr11, bArr11.length)));
        } else {
            baseMAC = null;
        }
        if (cipher2.getAuthenticationTagSize() == 0) {
            baseMAC2 = (BaseMAC) ByteArrayUtils.create(this.negotiatedAlgs.s2cMAC, defaultConfig2.macFactories);
            int i2 = baseMAC2.bsize;
            AbstractDHG abstractDHG6 = this.kex;
            BigInteger bigInteger4 = (BigInteger) abstractDHG6.dh.K;
            byte[] bArr12 = abstractDHG6.H;
            baseMAC2.init(resizedKey(digest6, i2, sha1, bigInteger4, Arrays.copyOf(bArr12, bArr12.length)));
        } else {
            baseMAC2 = null;
        }
        if (ByteArrayUtils.create(this.negotiatedAlgs.s2cComp, defaultConfig2.compressionFactories) != null) {
            throw new ClassCastException();
        }
        if (ByteArrayUtils.create(this.negotiatedAlgs.c2sComp, defaultConfig2.compressionFactories) != null) {
            throw new ClassCastException();
        }
        transportImpl.encoder.setAlgorithms(cipher, baseMAC);
        Decoder decoder = transportImpl.decoder;
        decoder.setAlgorithms(cipher2, baseMAC2);
        this.kexOngoing.set(false);
        atomicBoolean.set(false);
        if (atomicBoolean2.get()) {
            decoder.seq = -1L;
        }
        event.promise.clear();
        this.done.set();
        this.expected = 1;
    }

    @Override // net.schmizz.sshj.common.ErrorNotifiable
    public final void notifyError(SSHException sSHException) {
        this.log.debug("Got notified of {}", sSHException.toString());
        Event[] eventArr = {this.kexInitSent, this.done};
        for (int i = 0; i < 2; i++) {
            eventArr[i].promise.deliverError(sSHException);
        }
    }

    public final void startKex(boolean z) {
        if (!this.kexOngoing.getAndSet(true)) {
            if (!this.done.isSet() || this.transport.authed) {
                this.log.debug("Initiating key exchange");
                this.done.promise.clear();
                List list = Collections.EMPTY_LIST;
                this.log.debug("Sending SSH_MSG_KEXINIT");
                TransportImpl transportImpl = this.transport;
                Object obj = transportImpl.connInfo.zzb;
                Iterator it = this.hostVerifiers.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        List list2 = Collections.EMPTY_LIST;
                        break;
                    }
                    ((PromiscuousVerifier) it.next()).getClass();
                    List list3 = Collections.EMPTY_LIST;
                    if (list3 != null && !list3.isEmpty()) {
                        break;
                    }
                }
                Proposal proposal = new Proposal(transportImpl.config, this.initialKex.get());
                this.clientProposal = proposal;
                transportImpl.write(new SSHPacket(proposal.packet));
                this.kexInitSent.set();
            } else {
                this.kexOngoing.set(false);
            }
        }
        if (z) {
            this.transport.getClass();
            long j = SmbConstants.DEFAULT_RESPONSE_TIMEOUT;
            TimeUnit timeUnit = TimeUnit.MILLISECONDS;
            this.done.await(j);
        }
    }

    public final synchronized void verifyHost(PublicKey publicKey) {
        Iterator it = this.hostVerifiers.iterator();
        if (!it.hasNext()) {
            Logger logger = this.log;
            LinkedList linkedList = this.hostVerifiers;
            KeyType fromKey = KeyType.fromKey(publicKey);
            String fingerprint = SecurityUtils.getFingerprint(publicKey);
            zzd zzdVar = this.transport.connInfo;
            logger.error("Disconnecting because none of the configured Host key verifiers ({}) could verify '{}' host key with fingerprint {} for {}:{}", linkedList, fromKey, fingerprint, (String) zzdVar.zzb, Integer.valueOf(zzdVar.zzc));
            throw new SSHException(DisconnectReason.HOST_KEY_NOT_VERIFIABLE, "Could not verify `" + KeyType.fromKey(publicKey) + "` host key with fingerprint `" + SecurityUtils.getFingerprint(publicKey) + "` for `" + ((String) this.transport.connInfo.zzb) + "` on port " + this.transport.connInfo.zzc, null);
        }
        PromiscuousVerifier promiscuousVerifier = (PromiscuousVerifier) it.next();
        this.log.debug("Trying to verify host key with {}", promiscuousVerifier);
        Object obj = this.transport.connInfo.zzb;
        promiscuousVerifier.getClass();
    }
}
