package com.trilead.ssh2.transport;

import com.trilead.ssh2.ConnectionInfo;
import com.trilead.ssh2.DHGexParameters;
import com.trilead.ssh2.ExtendedServerHostKeyVerifier;
import com.trilead.ssh2.ServerHostKeyVerifier;
import com.trilead.ssh2.compression.CompressionFactory;
import com.trilead.ssh2.compression.ICompressor;
import com.trilead.ssh2.crypto.CryptoWishList;
import com.trilead.ssh2.crypto.KeyMaterial;
import com.trilead.ssh2.crypto.cipher.BlockCipher;
import com.trilead.ssh2.crypto.cipher.BlockCipherFactory;
import com.trilead.ssh2.crypto.dh.Curve25519Exchange;
import com.trilead.ssh2.crypto.digest.MAC;
import com.trilead.ssh2.log.Logger;
import com.trilead.ssh2.packets.PacketKexInit;
import com.trilead.ssh2.packets.PacketNewKeys;
import com.trilead.ssh2.signature.DSASHA1Verify;
import com.trilead.ssh2.signature.ECDSASHA2Verify;
import com.trilead.ssh2.signature.Ed25519Verify;
import com.trilead.ssh2.signature.RSASHA1Verify;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import net.i2p.crypto.eddsa.EdDSAPublicKey;

/* loaded from: classes.dex */
public class KexManager {
    private static final Set<String> HOSTKEY_ALGS;
    private static final Set<String> KEX_ALGS;
    private static final Logger log = Logger.getLogger(KexManager.class);
    private static final boolean supportsEc;
    ClientServerHello csh;
    final String hostname;
    KeyMaterial km;
    KexState kxs;
    CryptoWishList nextKEXcryptoWishList;
    final int port;
    final SecureRandom rnd;
    byte[] sessionId;
    final TransportManager tm;
    ServerHostKeyVerifier verifier;
    int kexCount = 0;
    final Object accessLock = new Object();
    ConnectionInfo lastConnInfo = null;
    boolean connectionClosed = false;
    boolean ignore_next_kex_packet = false;
    DHGexParameters nextKEXdhgexParameters = new DHGexParameters();

    static {
        KeyFactory keyFactory;
        try {
            keyFactory = KeyFactory.getInstance("EC");
        } catch (NoSuchAlgorithmException unused) {
            keyFactory = null;
            log.log(10, "Disabling EC support due to lack of KeyFactory");
        }
        supportsEc = keyFactory != null;
        HOSTKEY_ALGS = new LinkedHashSet();
        HOSTKEY_ALGS.add(Ed25519Verify.ED25519_ID);
        if (supportsEc) {
            HOSTKEY_ALGS.add("ecdsa-sha2-nistp256");
            HOSTKEY_ALGS.add("ecdsa-sha2-nistp384");
            HOSTKEY_ALGS.add("ecdsa-sha2-nistp521");
        }
        HOSTKEY_ALGS.add("ssh-rsa");
        HOSTKEY_ALGS.add("ssh-dss");
        KEX_ALGS = new LinkedHashSet();
        KEX_ALGS.add(Curve25519Exchange.NAME);
        if (supportsEc) {
            KEX_ALGS.add("ecdh-sha2-nistp256");
            KEX_ALGS.add("ecdh-sha2-nistp384");
            KEX_ALGS.add("ecdh-sha2-nistp521");
        }
        KEX_ALGS.add("diffie-hellman-group-exchange-sha256");
        KEX_ALGS.add("diffie-hellman-group-exchange-sha1");
        KEX_ALGS.add("diffie-hellman-group14-sha1");
        KEX_ALGS.add("diffie-hellman-group1-sha1");
    }

    public KexManager(TransportManager transportManager, ClientServerHello clientServerHello, CryptoWishList cryptoWishList, String str, int i, ServerHostKeyVerifier serverHostKeyVerifier, SecureRandom secureRandom) {
        this.tm = transportManager;
        this.csh = clientServerHello;
        this.nextKEXcryptoWishList = cryptoWishList;
        this.hostname = str;
        this.port = i;
        this.verifier = serverHostKeyVerifier;
        this.rnd = secureRandom;
    }

    public static final void checkKexAlgorithmList(String[] strArr) {
        for (int i = 0; i < strArr.length; i++) {
            if (!KEX_ALGS.contains(strArr[i])) {
                throw new IllegalArgumentException("Unknown kex algorithm '" + strArr[i] + "'");
            }
        }
    }

    public static final void checkServerHostkeyAlgorithmsList(String[] strArr) {
        for (int i = 0; i < strArr.length; i++) {
            if (!HOSTKEY_ALGS.contains(strArr[i])) {
                throw new IllegalArgumentException("Unknown server host key algorithm '" + strArr[i] + "'");
            }
        }
    }

    private boolean compareFirstOfNameList(String[] strArr, String[] strArr2) {
        if (strArr == null || strArr2 == null) {
            throw new IllegalArgumentException();
        }
        if (strArr.length == 0 && strArr2.length == 0) {
            return true;
        }
        if (strArr.length == 0 || strArr2.length == 0) {
            return false;
        }
        return strArr[0].equals(strArr2[0]);
    }

    private boolean establishKeyMaterial() {
        try {
            int keyLen = MAC.getKeyLen(this.kxs.np.mac_algo_client_to_server);
            int keySize = BlockCipherFactory.getKeySize(this.kxs.np.enc_algo_client_to_server);
            int blockSize = BlockCipherFactory.getBlockSize(this.kxs.np.enc_algo_client_to_server);
            int keyLen2 = MAC.getKeyLen(this.kxs.np.mac_algo_server_to_client);
            this.km = KeyMaterial.create(this.kxs.hashAlgo, this.kxs.H, this.kxs.K, this.sessionId, keySize, blockSize, keyLen, BlockCipherFactory.getKeySize(this.kxs.np.enc_algo_server_to_client), BlockCipherFactory.getBlockSize(this.kxs.np.enc_algo_server_to_client), keyLen2);
            return true;
        } catch (IllegalArgumentException unused) {
            return false;
        }
    }

    private void filterHostKeyTypes(CryptoWishList cryptoWishList) {
        List<String> knownKeyAlgorithmsForHost;
        ServerHostKeyVerifier serverHostKeyVerifier = this.verifier;
        if (!(serverHostKeyVerifier instanceof ExtendedServerHostKeyVerifier) || (knownKeyAlgorithmsForHost = ((ExtendedServerHostKeyVerifier) serverHostKeyVerifier).getKnownKeyAlgorithmsForHost(this.hostname, this.port)) == null || knownKeyAlgorithmsForHost.size() <= 0) {
            return;
        }
        ArrayList arrayList = new ArrayList(knownKeyAlgorithmsForHost.size());
        for (String str : cryptoWishList.serverHostKeyAlgorithms) {
            for (String str2 : knownKeyAlgorithmsForHost) {
                if (str.equals(str2)) {
                    arrayList.add(str2);
                }
            }
        }
        if (arrayList.size() > 0) {
            cryptoWishList.serverHostKeyAlgorithms = (String[]) arrayList.toArray(new String[arrayList.size()]);
        }
    }

    private void finishKex() throws IOException {
        if (this.sessionId == null) {
            this.sessionId = this.kxs.H;
        }
        establishKeyMaterial();
        this.tm.sendKexMessage(new PacketNewKeys().getPayload());
        try {
            BlockCipher createCipher = BlockCipherFactory.createCipher(this.kxs.np.enc_algo_client_to_server, true, this.km.enc_key_client_to_server, this.km.initial_iv_client_to_server);
            MAC mac = new MAC(this.kxs.np.mac_algo_client_to_server, this.km.integrity_key_client_to_server);
            ICompressor createCompressor = CompressionFactory.createCompressor(this.kxs.np.comp_algo_client_to_server);
            this.tm.changeSendCipher(createCipher, mac);
            this.tm.changeSendCompression(createCompressor);
            this.tm.kexFinished();
        } catch (IllegalArgumentException unused) {
            throw new IOException("Fatal error during MAC startup!");
        }
    }

    public static final String[] getDefaultKexAlgorithmList() {
        Set<String> set = KEX_ALGS;
        return (String[]) set.toArray(new String[set.size()]);
    }

    public static final String[] getDefaultServerHostkeyAlgorithmList() {
        Set<String> set = HOSTKEY_ALGS;
        return (String[]) set.toArray(new String[set.size()]);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private String getFirstMatch(String[] strArr, String[] strArr2) throws NegotiateException {
        if (strArr == null || strArr2 == null) {
            throw new IllegalArgumentException();
        }
        if (strArr.length == 0) {
            return null;
        }
        for (int i = 0; i < strArr.length; i++) {
            for (String str : strArr2) {
                if (strArr[i].equals(str)) {
                    return strArr[i];
                }
            }
        }
        throw new NegotiateException();
    }

    private boolean isGuessOK(KexParameters kexParameters, KexParameters kexParameters2) {
        if (kexParameters == null || kexParameters2 == null) {
            throw new IllegalArgumentException();
        }
        return compareFirstOfNameList(kexParameters.kex_algorithms, kexParameters2.kex_algorithms) && compareFirstOfNameList(kexParameters.server_host_key_algorithms, kexParameters2.server_host_key_algorithms);
    }

    private NegotiatedParameters mergeKexParameters(KexParameters kexParameters, KexParameters kexParameters2) {
        NegotiatedParameters negotiatedParameters = new NegotiatedParameters();
        try {
            negotiatedParameters.kex_algo = getFirstMatch(kexParameters.kex_algorithms, kexParameters2.kex_algorithms);
            log.log(20, "kex_algo=" + negotiatedParameters.kex_algo);
            negotiatedParameters.server_host_key_algo = getFirstMatch(kexParameters.server_host_key_algorithms, kexParameters2.server_host_key_algorithms);
            log.log(20, "server_host_key_algo=" + negotiatedParameters.server_host_key_algo);
            negotiatedParameters.enc_algo_client_to_server = getFirstMatch(kexParameters.encryption_algorithms_client_to_server, kexParameters2.encryption_algorithms_client_to_server);
            negotiatedParameters.enc_algo_server_to_client = getFirstMatch(kexParameters.encryption_algorithms_server_to_client, kexParameters2.encryption_algorithms_server_to_client);
            log.log(20, "enc_algo_client_to_server=" + negotiatedParameters.enc_algo_client_to_server);
            log.log(20, "enc_algo_server_to_client=" + negotiatedParameters.enc_algo_server_to_client);
            negotiatedParameters.mac_algo_client_to_server = getFirstMatch(kexParameters.mac_algorithms_client_to_server, kexParameters2.mac_algorithms_client_to_server);
            negotiatedParameters.mac_algo_server_to_client = getFirstMatch(kexParameters.mac_algorithms_server_to_client, kexParameters2.mac_algorithms_server_to_client);
            log.log(20, "mac_algo_client_to_server=" + negotiatedParameters.mac_algo_client_to_server);
            log.log(20, "mac_algo_server_to_client=" + negotiatedParameters.mac_algo_server_to_client);
            negotiatedParameters.comp_algo_client_to_server = getFirstMatch(kexParameters.compression_algorithms_client_to_server, kexParameters2.compression_algorithms_client_to_server);
            negotiatedParameters.comp_algo_server_to_client = getFirstMatch(kexParameters.compression_algorithms_server_to_client, kexParameters2.compression_algorithms_server_to_client);
            log.log(20, "comp_algo_client_to_server=" + negotiatedParameters.comp_algo_client_to_server);
            log.log(20, "comp_algo_server_to_client=" + negotiatedParameters.comp_algo_server_to_client);
            try {
                negotiatedParameters.lang_client_to_server = getFirstMatch(kexParameters.languages_client_to_server, kexParameters2.languages_client_to_server);
            } catch (NegotiateException unused) {
                negotiatedParameters.lang_client_to_server = null;
            }
            try {
                negotiatedParameters.lang_server_to_client = getFirstMatch(kexParameters.languages_server_to_client, kexParameters2.languages_server_to_client);
            } catch (NegotiateException unused2) {
                negotiatedParameters.lang_server_to_client = null;
            }
            if (isGuessOK(kexParameters, kexParameters2)) {
                negotiatedParameters.guessOK = true;
            }
            return negotiatedParameters;
        } catch (NegotiateException unused3) {
            return null;
        }
    }

    private boolean verifySignature(byte[] bArr, byte[] bArr2) throws IOException {
        if (this.kxs.np.server_host_key_algo.equals(Ed25519Verify.ED25519_ID)) {
            byte[] decodeSSHEd25519Signature = Ed25519Verify.decodeSSHEd25519Signature(bArr);
            EdDSAPublicKey decodeSSHEd25519PublicKey = Ed25519Verify.decodeSSHEd25519PublicKey(bArr2);
            log.log(50, "Verifying ed25519 signature");
            return Ed25519Verify.verifySignature(this.kxs.H, decodeSSHEd25519Signature, decodeSSHEd25519PublicKey);
        }
        if (this.kxs.np.server_host_key_algo.startsWith(ECDSASHA2Verify.ECDSA_SHA2_PREFIX)) {
            byte[] decodeSSHECDSASignature = ECDSASHA2Verify.decodeSSHECDSASignature(bArr);
            ECPublicKey decodeSSHECDSAPublicKey = ECDSASHA2Verify.decodeSSHECDSAPublicKey(bArr2);
            log.log(50, "Verifying ecdsa signature");
            return ECDSASHA2Verify.verifySignature(this.kxs.H, decodeSSHECDSASignature, decodeSSHECDSAPublicKey);
        }
        if (this.kxs.np.server_host_key_algo.equals("ssh-rsa")) {
            byte[] decodeSSHRSASignature = RSASHA1Verify.decodeSSHRSASignature(bArr);
            RSAPublicKey decodeSSHRSAPublicKey = RSASHA1Verify.decodeSSHRSAPublicKey(bArr2);
            log.log(50, "Verifying ssh-rsa signature");
            return RSASHA1Verify.verifySignature(this.kxs.H, decodeSSHRSASignature, decodeSSHRSAPublicKey);
        }
        if (this.kxs.np.server_host_key_algo.equals("ssh-dss")) {
            byte[] decodeSSHDSASignature = DSASHA1Verify.decodeSSHDSASignature(bArr);
            DSAPublicKey decodeSSHDSAPublicKey = DSASHA1Verify.decodeSSHDSAPublicKey(bArr2);
            log.log(50, "Verifying ssh-dss signature");
            return DSASHA1Verify.verifySignature(this.kxs.H, decodeSSHDSASignature, decodeSSHDSAPublicKey);
        }
        throw new IOException("Unknown server host key algorithm '" + this.kxs.np.server_host_key_algo + "'");
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public ConnectionInfo getOrWaitForConnectionInfo(int i) throws IOException {
        ConnectionInfo connectionInfo;
        synchronized (this.accessLock) {
            while (true) {
                if (this.lastConnInfo != null && this.lastConnInfo.keyExchangeCounter >= i) {
                    connectionInfo = this.lastConnInfo;
                } else {
                    if (this.connectionClosed) {
                        throw ((IOException) new IOException("Key exchange was not finished, connection is closed.").initCause(this.tm.getReasonClosedCause()));
                    }
                    try {
                        this.accessLock.wait();
                    } catch (InterruptedException unused) {
                    }
                }
            }
        }
        return connectionInfo;
    }

    /* JADX WARN: Removed duplicated region for block: B:79:0x01c5 A[Catch: all -> 0x04eb, TryCatch #5 {, blocks: (B:5:0x0004, B:6:0x0006, B:16:0x0013, B:17:0x0014, B:19:0x001b, B:22:0x0020, B:23:0x003d, B:24:0x003e, B:26:0x0042, B:29:0x0046, B:31:0x004a, B:33:0x004e, B:36:0x0055, B:37:0x005c, B:38:0x005d, B:40:0x0061, B:41:0x0082, B:43:0x00a9, B:45:0x00b3, B:47:0x00bb, B:48:0x00bd, B:50:0x00cb, B:53:0x00db, B:55:0x00e9, B:57:0x00f7, B:59:0x0105, B:61:0x0113, B:63:0x0121, B:66:0x0130, B:67:0x0137, B:68:0x0138, B:71:0x017b, B:73:0x0185, B:76:0x0192, B:77:0x01b7, B:79:0x01c5, B:80:0x01d2, B:83:0x01cc, B:84:0x01a5, B:85:0x01d8, B:86:0x01df, B:87:0x01e0, B:89:0x01e6, B:94:0x01ea, B:95:0x0215, B:96:0x0265, B:101:0x026f, B:107:0x0275, B:91:0x027e, B:92:0x0285, B:109:0x0276, B:110:0x027d, B:111:0x0286, B:113:0x028a, B:115:0x0290, B:117:0x029f, B:120:0x02af, B:122:0x02bd, B:124:0x02cb, B:126:0x02d9, B:128:0x02e7, B:130:0x02f5, B:132:0x03b9, B:133:0x03da, B:134:0x0303, B:136:0x0309, B:153:0x031a, B:155:0x0331, B:156:0x0338, B:138:0x0348, B:140:0x0353, B:141:0x037f, B:143:0x038d, B:146:0x03a2, B:147:0x03a9, B:150:0x03ab, B:151:0x03b8, B:159:0x033a, B:160:0x0347, B:161:0x03db, B:163:0x03e2, B:166:0x041d, B:168:0x0423, B:185:0x0434, B:187:0x044b, B:188:0x0452, B:170:0x0462, B:172:0x046d, B:173:0x04a1, B:175:0x04af, B:178:0x04c4, B:179:0x04cb, B:182:0x04cd, B:183:0x04da, B:191:0x0454, B:192:0x0461, B:193:0x04db, B:194:0x04e2, B:195:0x04e3, B:196:0x04ea, B:8:0x0007, B:9:0x000e, B:98:0x0266, B:99:0x026d), top: B:3:0x0002, inners: #0, #1, #2, #3, #4, #6, #7 }] */
    /* JADX WARN: Removed duplicated region for block: B:83:0x01cc A[Catch: all -> 0x04eb, TryCatch #5 {, blocks: (B:5:0x0004, B:6:0x0006, B:16:0x0013, B:17:0x0014, B:19:0x001b, B:22:0x0020, B:23:0x003d, B:24:0x003e, B:26:0x0042, B:29:0x0046, B:31:0x004a, B:33:0x004e, B:36:0x0055, B:37:0x005c, B:38:0x005d, B:40:0x0061, B:41:0x0082, B:43:0x00a9, B:45:0x00b3, B:47:0x00bb, B:48:0x00bd, B:50:0x00cb, B:53:0x00db, B:55:0x00e9, B:57:0x00f7, B:59:0x0105, B:61:0x0113, B:63:0x0121, B:66:0x0130, B:67:0x0137, B:68:0x0138, B:71:0x017b, B:73:0x0185, B:76:0x0192, B:77:0x01b7, B:79:0x01c5, B:80:0x01d2, B:83:0x01cc, B:84:0x01a5, B:85:0x01d8, B:86:0x01df, B:87:0x01e0, B:89:0x01e6, B:94:0x01ea, B:95:0x0215, B:96:0x0265, B:101:0x026f, B:107:0x0275, B:91:0x027e, B:92:0x0285, B:109:0x0276, B:110:0x027d, B:111:0x0286, B:113:0x028a, B:115:0x0290, B:117:0x029f, B:120:0x02af, B:122:0x02bd, B:124:0x02cb, B:126:0x02d9, B:128:0x02e7, B:130:0x02f5, B:132:0x03b9, B:133:0x03da, B:134:0x0303, B:136:0x0309, B:153:0x031a, B:155:0x0331, B:156:0x0338, B:138:0x0348, B:140:0x0353, B:141:0x037f, B:143:0x038d, B:146:0x03a2, B:147:0x03a9, B:150:0x03ab, B:151:0x03b8, B:159:0x033a, B:160:0x0347, B:161:0x03db, B:163:0x03e2, B:166:0x041d, B:168:0x0423, B:185:0x0434, B:187:0x044b, B:188:0x0452, B:170:0x0462, B:172:0x046d, B:173:0x04a1, B:175:0x04af, B:178:0x04c4, B:179:0x04cb, B:182:0x04cd, B:183:0x04da, B:191:0x0454, B:192:0x0461, B:193:0x04db, B:194:0x04e2, B:195:0x04e3, B:196:0x04ea, B:8:0x0007, B:9:0x000e, B:98:0x0266, B:99:0x026d), top: B:3:0x0002, inners: #0, #1, #2, #3, #4, #6, #7 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public synchronized void handleMessage(byte[] r12, int r13) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 1262
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.trilead.ssh2.transport.KexManager.handleMessage(byte[], int):void");
    }

    public synchronized void initiateKEX(CryptoWishList cryptoWishList, DHGexParameters dHGexParameters) throws IOException {
        this.nextKEXcryptoWishList = cryptoWishList;
        filterHostKeyTypes(this.nextKEXcryptoWishList);
        this.nextKEXdhgexParameters = dHGexParameters;
        if (this.kxs == null) {
            this.kxs = new KexState();
            this.kxs.dhgexParameters = this.nextKEXdhgexParameters;
            PacketKexInit packetKexInit = new PacketKexInit(this.nextKEXcryptoWishList);
            this.kxs.localKEX = packetKexInit;
            this.tm.sendKexMessage(packetKexInit.getPayload());
        }
    }
}
