package t9;

import fb.g;
import ga.x;
import ga.y;
import hb.f;
import ib.n0;
import ib.r;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.security.PublicKey;
import java.util.Collection;
import java.util.Objects;
import jb.e;
import y9.a1;
import y9.u;
import ya.s;
import ya.v;
import ya.w;

/* compiled from: DHGClient.java */
/* loaded from: classes.dex */
public class b extends t9.a {
    protected final ya.d Y;
    protected ya.a Z;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: DHGClient.java */
    /* loaded from: classes.dex */
    public class a implements w {
        final /* synthetic */ ya.d K;

        a(ya.d dVar) {
            this.K = dVar;
        }

        @Override // ya.w
        public v C6(g gVar) {
            return new b(this.K, gVar);
        }

        @Override // y9.e0
        public String getName() {
            return this.K.getName();
        }

        public String toString() {
            return y9.v.class.getSimpleName() + "<" + v.class.getSimpleName() + ">[" + getName() + "]";
        }
    }

    protected b(ya.d dVar, g gVar) {
        super(gVar);
        Objects.requireNonNull(dVar, "No factory");
        this.Y = dVar;
    }

    public static w T7(ya.d dVar) {
        return new a(dVar);
    }

    protected ya.a S7() {
        return this.Y.h1(new Object[0]);
    }

    @Override // za.a, ya.v
    public void U(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) {
        super.U(bArr, bArr2, bArr3, bArr4);
        ya.a S7 = S7();
        this.Z = S7;
        na.c e10 = S7.e();
        this.Q = e10;
        e10.O3();
        byte[] M7 = M7(this.Z.d());
        g l82 = l8();
        if (this.K.e()) {
            this.K.d("init({})[{}] Send SSH_MSG_KEXDH_INIT", this, l82);
        }
        jb.a W1 = l82.W1((byte) 30, M7.length + 32);
        this.Z.i(W1, M7);
        l82.m(W1);
    }

    protected void U7(g gVar, y yVar) {
        PublicKey N = yVar.N();
        String y10 = ga.v.y(N);
        String id2 = yVar.getId();
        String C = yVar.C();
        if (r.s(C) || !"ssh-rsa".equals(ga.v.p(C))) {
            throw new a1(3, "Found invalid signature alg " + C + " for key ID=" + id2);
        }
        if (this.K.e()) {
            this.K.A("verifyCertificate({})[id={}] Allowing to use variant {} instead of {}", gVar, id2, C, y10);
        }
        f fVar = (f) n0.g((f) u.a(gVar.Q0(), C), "No KeyExchange CA verifier located for algorithm=%s of key ID=%s", C, id2);
        fVar.C5(gVar, N);
        fVar.z0(gVar, yVar.n());
        if (!fVar.W2(gVar, yVar.getSignature())) {
            throw new a1(3, "KeyExchange CA signature verification failed for key type=" + C + " of key ID=" + id2);
        }
        if (!y.b.HOST.equals(yVar.getType())) {
            throw new a1(3, "KeyExchange signature verification failed, not a host key (2) " + yVar.getType() + " for key ID=" + id2);
        }
        if (!x.a(yVar)) {
            throw new a1(3, "KeyExchange signature verification failed, CA expired for key ID=" + id2);
        }
        SocketAddress K2 = R7().K2();
        if (K2 instanceof ub.d) {
            K2 = ((ub.d) K2).G();
        }
        if (!(K2 instanceof InetSocketAddress)) {
            throw new a1(3, "KeyExchange signature verification failed, could not determine connect host for key ID=" + id2);
        }
        String hostString = ((InetSocketAddress) K2).getHostString();
        Collection<String> X = yVar.X();
        if (r.u(X) || !X.contains(hostString)) {
            throw new a1(3, "KeyExchange signature verification failed, invalid principal " + hostString + " for key ID=" + id2 + " - allowed=" + X);
        }
        if (r.u(yVar.t())) {
            return;
        }
        throw new a1(3, "KeyExchange signature verification failed, unrecognized critical options " + yVar.t() + " for key ID=" + id2);
    }

    @Override // y9.e0
    public final String getName() {
        return this.Y.getName();
    }

    @Override // ya.v
    public boolean n7(int i10, jb.a aVar) {
        PublicKey publicKey;
        v9.a R7 = R7();
        if (this.K.e()) {
            this.K.A("next({})[{}] process command={}", this, R7, ya.u.b(i10));
        }
        if (i10 != 31) {
            throw new a1(3, "Protocol error: expected packet SSH_MSG_KEXDH_REPLY, got " + ya.u.b(i10));
        }
        byte[] t10 = aVar.t();
        byte[] N7 = N7(aVar);
        byte[] t11 = aVar.t();
        this.Z.k(N7);
        this.R = this.Z.f();
        PublicKey J = new e(t10).J();
        if (J instanceof y) {
            y yVar = (y) J;
            PublicKey R = yVar.R();
            try {
                U7(R7, yVar);
                publicKey = J;
            } catch (a1 e10) {
                if (zb.f.f15545r.J4(R7).booleanValue()) {
                    throw e10;
                }
                publicKey = yVar.R();
                this.K.P("Ignoring invalid certificate {}", yVar.getId(), e10);
            }
            J = R;
        } else {
            publicKey = J;
        }
        String f62 = R7.f6(s.SERVERKEYS);
        if (r.s(f62)) {
            throw new a1("Unsupported server key type: " + J.getAlgorithm() + "[" + J.getFormat() + "]");
        }
        e eVar = new e();
        eVar.d0(this.N);
        eVar.d0(this.M);
        eVar.d0(this.P);
        eVar.d0(this.O);
        eVar.d0(t10);
        this.Z.i(eVar, G7());
        this.Z.j(eVar, N7);
        eVar.m0(this.R);
        this.Q.update(eVar.b(), 0, eVar.available());
        this.S = this.Q.e();
        f fVar = (f) n0.f((f) u.a(R7.Q0(), f62), "No verifier located for algorithm=%s", f62);
        fVar.C5(R7, J);
        fVar.z0(R7, this.S);
        if (fVar.W2(R7, t11)) {
            R7.Eb(publicKey);
            return true;
        }
        throw new a1(3, "KeyExchange signature verification failed for key type=" + f62);
    }
}
