package com.microsoft.clarity.net.schmizz.sshj.transport.kex;

import androidx.work.NetworkType$EnumUnboxingLocalUtility;
import com.microsoft.clarity.com.google.crypto.tink.KeysetHandle;
import com.microsoft.clarity.com.hierynomus.sshj.userauth.certificate.Certificate;
import com.microsoft.clarity.net.schmizz.sshj.common.Buffer;
import com.microsoft.clarity.net.schmizz.sshj.common.DisconnectReason;
import com.microsoft.clarity.net.schmizz.sshj.common.IOUtils;
import com.microsoft.clarity.net.schmizz.sshj.common.KeyType;
import com.microsoft.clarity.net.schmizz.sshj.common.Message;
import com.microsoft.clarity.net.schmizz.sshj.common.SSHException;
import com.microsoft.clarity.net.schmizz.sshj.common.SSHPacket;
import com.microsoft.clarity.net.schmizz.sshj.common.SSHRuntimeException;
import com.microsoft.clarity.net.schmizz.sshj.common.SecurityUtils;
import com.microsoft.clarity.net.schmizz.sshj.signature.AbstractSignature;
import com.microsoft.clarity.net.schmizz.sshj.transport.TransportImpl;
import com.microsoft.clarity.net.schmizz.sshj.transport.digest.SHA1;
import java.math.BigInteger;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.util.Arrays;
import javax.crypto.spec.DHParameterSpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes2.dex */
public abstract class AbstractDHG {
    public final /* synthetic */ int $r8$classId;
    public byte[] H;
    public byte[] I_C;
    public byte[] I_S;
    public String V_C;
    public String V_S;
    public final DHBase dh;
    public final SHA1 digest;
    public PublicKey hostKey;
    public final Logger log;
    public TransportImpl trans;

    /* JADX WARN: 'this' call moved to the top of the method (can break code semantics) */
    public AbstractDHG(SHA1 sha1) {
        this(new DH(), sha1, (byte) 0);
        this.$r8$classId = 1;
        this.log = LoggerFactory.getLogger(getClass());
    }

    /* JADX WARN: 'this' call moved to the top of the method (can break code semantics) */
    public AbstractDHG(DHBase dHBase, SHA1 sha1) {
        this(dHBase, sha1, (byte) 0);
        this.$r8$classId = 0;
        this.log = LoggerFactory.getLogger(getClass());
    }

    public AbstractDHG(DHBase dHBase, SHA1 sha1, byte b) {
        this.digest = sha1;
        this.dh = dHBase;
    }

    public final void init(TransportImpl transportImpl, String str, String str2, byte[] bArr, byte[] bArr2) {
        switch (this.$r8$classId) {
            case 0:
                this.trans = transportImpl;
                this.V_S = str;
                this.V_C = str2;
                this.I_S = Arrays.copyOf(bArr, bArr.length);
                this.I_C = Arrays.copyOf(bArr2, bArr2.length);
                SHA1 sha1 = this.digest;
                sha1.getClass();
                try {
                    sha1.md = SecurityUtils.getMessageDigest(sha1.algorithm);
                    DHBase dHBase = this.dh;
                    initDH(dHBase);
                    this.log.debug("Sending SSH_MSG_KEXDH_INIT");
                    SSHPacket sSHPacket = new SSHPacket(Message.KEXDH_INIT);
                    byte[] bArr3 = (byte[]) dHBase.e;
                    sSHPacket.putBytes(0, bArr3.length, bArr3);
                    transportImpl.write(sSHPacket);
                    return;
                } catch (GeneralSecurityException e) {
                    throw new SSHRuntimeException(e.getMessage(), e);
                }
            default:
                this.trans = transportImpl;
                this.V_S = str;
                this.V_C = str2;
                this.I_S = Arrays.copyOf(bArr, bArr.length);
                this.I_C = Arrays.copyOf(bArr2, bArr2.length);
                SHA1 sha12 = this.digest;
                sha12.getClass();
                try {
                    sha12.md = SecurityUtils.getMessageDigest(sha12.algorithm);
                    Message message = Message.KEX_DH_GEX_REQUEST;
                    this.log.debug("Sending {}", message);
                    SSHPacket sSHPacket2 = new SSHPacket(message);
                    sSHPacket2.putUInt32(1024L);
                    sSHPacket2.putUInt32(2048L);
                    sSHPacket2.putUInt32(8192L);
                    transportImpl.write(sSHPacket2);
                    return;
                } catch (GeneralSecurityException e2) {
                    throw new SSHRuntimeException(e2.getMessage(), e2);
                }
        }
    }

    public abstract void initDH(DHBase dHBase);

    /* JADX WARN: Type inference failed for: r0v0, types: [com.microsoft.clarity.net.schmizz.sshj.common.Buffer$PlainBuffer, com.microsoft.clarity.net.schmizz.sshj.common.Buffer] */
    public final Buffer.PlainBuffer initializedBuffer() {
        ?? buffer = new Buffer();
        String str = this.V_C;
        Charset charset = IOUtils.UTF8;
        buffer.putString(str, charset);
        buffer.putString(this.V_S, charset);
        byte[] bArr = this.I_C;
        buffer.putBytes(0, bArr.length, bArr);
        byte[] bArr2 = this.I_S;
        buffer.putBytes(0, bArr2.length, bArr2);
        return buffer;
    }

    public final boolean next(Message message, SSHPacket sSHPacket) {
        String str;
        String str2;
        Logger logger = this.log;
        switch (this.$r8$classId) {
            case 0:
                Message message2 = Message.KEXDH_31;
                DisconnectReason disconnectReason = DisconnectReason.KEY_EXCHANGE_FAILED;
                if (message != message2) {
                    throw new SSHException(disconnectReason, "Unexpected packet: " + message, null);
                }
                logger.debug("Received SSH_MSG_KEXDH_REPLY");
                try {
                    byte[] readBytes = sSHPacket.readBytes();
                    byte[] readBytes2 = sSHPacket.readBytes();
                    byte[] readBytes3 = sSHPacket.readBytes();
                    this.hostKey = new Buffer(readBytes, true).readPublicKey();
                    DHBase dHBase = this.dh;
                    dHBase.computeK(readBytes2);
                    Buffer.PlainBuffer initializedBuffer = initializedBuffer();
                    initializedBuffer.putBytes(0, readBytes.length, readBytes);
                    byte[] bArr = (byte[]) dHBase.e;
                    initializedBuffer.putBytes(0, bArr.length, bArr);
                    initializedBuffer.putBytes(0, readBytes2.length, readBytes2);
                    initializedBuffer.putMPInt((BigInteger) dHBase.K);
                    byte[] bArr2 = initializedBuffer.data;
                    int i = initializedBuffer.rpos;
                    int available = initializedBuffer.available();
                    SHA1 sha1 = this.digest;
                    sha1.update(bArr2, i, available);
                    this.H = sha1.md.digest();
                    AbstractSignature abstractSignature = (AbstractSignature) this.trans.hostKeyAlgorithm.signature.create();
                    PublicKey publicKey = this.hostKey;
                    if (publicKey instanceof Certificate) {
                        abstractSignature.initVerify(((Certificate) publicKey).publicKey);
                    } else {
                        abstractSignature.initVerify(publicKey);
                    }
                    byte[] bArr3 = this.H;
                    abstractSignature.update(bArr3.length, bArr3);
                    if (!abstractSignature.verify(readBytes3)) {
                        throw new SSHException(disconnectReason, "KeyExchange signature verification failed", null);
                    }
                    PublicKey publicKey2 = this.hostKey;
                    if ((publicKey2 instanceof Certificate) && this.trans.config.verifyHostKeyCertificates) {
                        Certificate certificate = (Certificate) publicKey2;
                        try {
                            str = new Buffer(certificate.signature, true).readString(IOUtils.UTF8);
                        } catch (Buffer.BufferException unused) {
                            str = null;
                        }
                        try {
                            str2 = new Buffer(certificate.signatureKey, true).readString(IOUtils.UTF8);
                        } catch (Buffer.BufferException unused2) {
                            str2 = null;
                        }
                        logger.debug("Verifying signature of the key with type {} (signature type {}, CA key type {})", Long.valueOf(certificate.type), str, str2);
                        try {
                            String verifyHostCertificate = KeyType.CertUtils.verifyHostCertificate(readBytes, certificate, (String) this.trans.connInfo.zzb);
                            if (verifyHostCertificate != null) {
                                throw new SSHException(disconnectReason, "KeyExchange certificate check failed: ".concat(verifyHostCertificate), null);
                            }
                        } catch (Buffer.BufferException | SSHRuntimeException e) {
                            throw new SSHException(disconnectReason, "KeyExchange certificate check failed", e);
                        }
                    }
                    return true;
                } catch (Buffer.BufferException e2) {
                    throw new SSHException(e2);
                }
            default:
                logger.debug("Got message {}", message);
                try {
                    int ordinal = message.ordinal();
                    if (ordinal == 11) {
                        parseGexGroup(sSHPacket);
                        return false;
                    }
                    if (ordinal == 13) {
                        parseGexReply(sSHPacket);
                        return true;
                    }
                    throw new SSHException("Unexpected message " + message);
                } catch (Buffer.BufferException e3) {
                    throw new SSHException(e3);
                }
        }
    }

    public void parseGexGroup(SSHPacket sSHPacket) {
        BigInteger readMPInt = sSHPacket.readMPInt();
        BigInteger readMPInt2 = sSHPacket.readMPInt();
        int bitLength = readMPInt.bitLength();
        if (bitLength < 1024 || bitLength > 8192) {
            throw new GeneralSecurityException(NetworkType$EnumUnboxingLocalUtility.m(bitLength, "Server generated gex p is out of range (", " bits)"));
        }
        Integer valueOf = Integer.valueOf(bitLength);
        Logger logger = this.log;
        logger.debug("Received server p bitlength {}", valueOf);
        DHParameterSpec dHParameterSpec = new DHParameterSpec(readMPInt, readMPInt2);
        KeysetHandle keysetHandle = this.trans.config.randomFactory;
        DHBase dHBase = this.dh;
        dHBase.init(dHParameterSpec);
        Message message = Message.KEX_DH_GEX_INIT;
        logger.debug("Sending {}", message);
        TransportImpl transportImpl = this.trans;
        SSHPacket sSHPacket2 = new SSHPacket(message);
        byte[] bArr = (byte[]) dHBase.e;
        sSHPacket2.putBytes(0, bArr.length, bArr);
        transportImpl.write(sSHPacket2);
    }

    public void parseGexReply(SSHPacket sSHPacket) {
        byte[] readBytes = sSHPacket.readBytes();
        byte[] readBytes2 = sSHPacket.readBytes();
        byte[] readBytes3 = sSHPacket.readBytes();
        this.hostKey = new Buffer(readBytes, true).readPublicKey();
        DHBase dHBase = this.dh;
        dHBase.computeK(readBytes2);
        BigInteger bigInteger = (BigInteger) dHBase.K;
        Buffer.PlainBuffer initializedBuffer = initializedBuffer();
        initializedBuffer.putBytes(0, readBytes.length, readBytes);
        initializedBuffer.putUInt32(1024L);
        initializedBuffer.putUInt32(2048L);
        initializedBuffer.putUInt32(8192L);
        DH dh = (DH) dHBase;
        initializedBuffer.putMPInt(dh.p);
        initializedBuffer.putMPInt(dh.g);
        byte[] bArr = (byte[]) dHBase.e;
        initializedBuffer.putBytes(0, bArr.length, bArr);
        initializedBuffer.putBytes(0, readBytes2.length, readBytes2);
        initializedBuffer.putMPInt(bigInteger);
        byte[] bArr2 = initializedBuffer.data;
        int i = initializedBuffer.rpos;
        int available = initializedBuffer.available();
        SHA1 sha1 = this.digest;
        sha1.update(bArr2, i, available);
        this.H = sha1.md.digest();
        AbstractSignature abstractSignature = (AbstractSignature) this.trans.hostKeyAlgorithm.signature.create();
        PublicKey publicKey = this.hostKey;
        if (publicKey instanceof Certificate) {
            abstractSignature.initVerify(((Certificate) publicKey).publicKey);
        } else {
            abstractSignature.initVerify(publicKey);
        }
        byte[] bArr3 = this.H;
        abstractSignature.update(bArr3.length, bArr3);
        if (!abstractSignature.verify(readBytes3)) {
            throw new SSHException(DisconnectReason.KEY_EXCHANGE_FAILED, "KeyExchange signature verification failed", null);
        }
    }
}
