package com.trilead.ssh2.transport;

import androidx.recyclerview.widget.RecyclerView$5$$ExternalSyntheticOutline0;
import com.trilead.ssh2.ConnectionInfo;
import com.trilead.ssh2.DHGexParameters;
import com.trilead.ssh2.ServerHostKeyVerifier;
import com.trilead.ssh2.crypto.CryptoWishList;
import com.trilead.ssh2.crypto.KeyMaterial;
import com.trilead.ssh2.crypto.cipher.BlockCipherFactory;
import com.trilead.ssh2.crypto.digest.MessageMac;
import com.trilead.ssh2.log.Logger;
import com.trilead.ssh2.packets.PacketKexInit;
import com.trilead.ssh2.packets.PacketNewKeys;
import com.trilead.ssh2.signature.KeyAlgorithm;
import com.trilead.ssh2.signature.KeyAlgorithmManager;
import java.io.IOException;
import java.io.InterruptedIOException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;

/* loaded from: classes2.dex */
public class KexManager implements MessageHandler {
    ClientServerHello csh;
    final String hostname;
    KeyMaterial km;
    KexState kxs;
    CryptoWishList nextKEXcryptoWishList;
    final int port;
    final SecureRandom rnd;
    byte[] sessionId;
    final TransportManager tm;
    ServerHostKeyVerifier verifier;
    private static final Logger log = Logger.getLogger(KexManager.class);
    private static final List<String> DEFAULT_KEY_ALGORITHMS = buildDefaultKeyAlgorithms();
    int kexCount = 0;
    final Object accessLock = new Object();
    ConnectionInfo lastConnInfo = null;
    boolean connectionClosed = false;
    boolean ignore_next_kex_packet = false;
    DHGexParameters nextKEXdhgexParameters = new DHGexParameters();

    public KexManager(TransportManager transportManager, ClientServerHello clientServerHello, CryptoWishList cryptoWishList, String str, int i, ServerHostKeyVerifier serverHostKeyVerifier, SecureRandom secureRandom) {
        this.tm = transportManager;
        this.csh = clientServerHello;
        this.nextKEXcryptoWishList = cryptoWishList;
        this.hostname = str;
        this.port = i;
        this.verifier = serverHostKeyVerifier;
        this.rnd = secureRandom;
    }

    private static List<String> buildDefaultKeyAlgorithms() {
        ArrayList arrayList = new ArrayList();
        Iterator<KeyAlgorithm<PublicKey, PrivateKey>> it = KeyAlgorithmManager.getSupportedAlgorithms().iterator();
        while (it.hasNext()) {
            arrayList.add(arrayList.size(), it.next().getName());
        }
        return arrayList;
    }

    private boolean compareFirstOfNameList(String[] strArr, String[] strArr2) {
        if (strArr == null || strArr2 == null) {
            throw new IllegalArgumentException();
        }
        if (strArr.length == 0 && strArr2.length == 0) {
            return true;
        }
        if (strArr.length == 0 || strArr2.length == 0) {
            return false;
        }
        return strArr[0].equals(strArr2[0]);
    }

    private boolean establishKeyMaterial() {
        try {
            int keyLength = MessageMac.getKeyLength(this.kxs.np.mac_algo_client_to_server);
            int keySize = BlockCipherFactory.getKeySize(this.kxs.np.enc_algo_client_to_server);
            int blockSize = BlockCipherFactory.getBlockSize(this.kxs.np.enc_algo_client_to_server);
            int keyLength2 = MessageMac.getKeyLength(this.kxs.np.mac_algo_server_to_client);
            int keySize2 = BlockCipherFactory.getKeySize(this.kxs.np.enc_algo_server_to_client);
            int blockSize2 = BlockCipherFactory.getBlockSize(this.kxs.np.enc_algo_server_to_client);
            String hashAlgorithm = this.kxs.getHashAlgorithm();
            KexState kexState = this.kxs;
            this.km = KeyMaterial.create(hashAlgorithm, kexState.H, kexState.K, this.sessionId, keySize, blockSize, keyLength, keySize2, blockSize2, keyLength2);
            return true;
        } catch (IllegalArgumentException unused) {
            return false;
        }
    }

    private void finishKex() throws IOException {
        if (this.sessionId == null) {
            this.sessionId = this.kxs.H;
        }
        establishKeyMaterial();
        this.tm.sendKexMessage(new PacketNewKeys().getPayload());
        try {
            String str = this.kxs.np.enc_algo_client_to_server;
            KeyMaterial keyMaterial = this.km;
            this.tm.changeSendCipher(BlockCipherFactory.createCipher(str, true, keyMaterial.enc_key_client_to_server, keyMaterial.initial_iv_client_to_server), new MessageMac(this.kxs.np.mac_algo_client_to_server, this.km.integrity_key_client_to_server));
            this.tm.kexFinished();
        } catch (IllegalArgumentException unused) {
            throw new IOException("Fatal error during MAC startup!");
        }
    }

    public static String[] getDefaultKexAlgorithmList() {
        return new String[]{"diffie-hellman-group-exchange-sha256", "diffie-hellman-group-exchange-sha1", "diffie-hellman-group14-sha1", "diffie-hellman-group1-sha1"};
    }

    public static String[] getDefaultServerHostkeyAlgorithmList() {
        List<String> list = DEFAULT_KEY_ALGORITHMS;
        return (String[]) list.toArray(new String[list.size()]);
    }

    private String getFirstMatch(String[] strArr, String[] strArr2) throws NegotiateException {
        if (strArr == null || strArr2 == null) {
            throw new IllegalArgumentException();
        }
        if (strArr.length == 0) {
            return null;
        }
        for (String str : strArr) {
            for (String str2 : strArr2) {
                if (str.equals(str2)) {
                    return str;
                }
            }
        }
        throw new NegotiateException();
    }

    private boolean isGuessOK(KexParameters kexParameters, KexParameters kexParameters2) {
        if (kexParameters == null || kexParameters2 == null) {
            throw new IllegalArgumentException();
        }
        return compareFirstOfNameList(kexParameters.kex_algorithms, kexParameters2.kex_algorithms) && compareFirstOfNameList(kexParameters.server_host_key_algorithms, kexParameters2.server_host_key_algorithms);
    }

    private NegotiatedParameters mergeKexParameters(KexParameters kexParameters, KexParameters kexParameters2) {
        NegotiatedParameters negotiatedParameters = new NegotiatedParameters();
        try {
            negotiatedParameters.kex_algo = getFirstMatch(kexParameters.kex_algorithms, kexParameters2.kex_algorithms);
            Logger logger = log;
            logger.log(30, "kex_algo=" + negotiatedParameters.kex_algo);
            negotiatedParameters.server_host_key_algo = getFirstMatch(kexParameters.server_host_key_algorithms, kexParameters2.server_host_key_algorithms);
            logger.log(30, "server_host_key_algo=" + negotiatedParameters.server_host_key_algo);
            negotiatedParameters.enc_algo_client_to_server = getFirstMatch(kexParameters.encryption_algorithms_client_to_server, kexParameters2.encryption_algorithms_client_to_server);
            negotiatedParameters.enc_algo_server_to_client = getFirstMatch(kexParameters.encryption_algorithms_server_to_client, kexParameters2.encryption_algorithms_server_to_client);
            logger.log(30, "enc_algo_client_to_server=" + negotiatedParameters.enc_algo_client_to_server);
            logger.log(30, "enc_algo_server_to_client=" + negotiatedParameters.enc_algo_server_to_client);
            negotiatedParameters.mac_algo_client_to_server = getFirstMatch(kexParameters.mac_algorithms_client_to_server, kexParameters2.mac_algorithms_client_to_server);
            negotiatedParameters.mac_algo_server_to_client = getFirstMatch(kexParameters.mac_algorithms_server_to_client, kexParameters2.mac_algorithms_server_to_client);
            logger.log(30, "mac_algo_client_to_server=" + negotiatedParameters.mac_algo_client_to_server);
            logger.log(30, "mac_algo_server_to_client=" + negotiatedParameters.mac_algo_server_to_client);
            negotiatedParameters.comp_algo_client_to_server = getFirstMatch(kexParameters.compression_algorithms_client_to_server, kexParameters2.compression_algorithms_client_to_server);
            negotiatedParameters.comp_algo_server_to_client = getFirstMatch(kexParameters.compression_algorithms_server_to_client, kexParameters2.compression_algorithms_server_to_client);
            logger.log(30, "comp_algo_client_to_server=" + negotiatedParameters.comp_algo_client_to_server);
            logger.log(30, "comp_algo_server_to_client=" + negotiatedParameters.comp_algo_server_to_client);
            try {
                negotiatedParameters.lang_client_to_server = getFirstMatch(kexParameters.languages_client_to_server, kexParameters2.languages_client_to_server);
            } catch (NegotiateException unused) {
                negotiatedParameters.lang_client_to_server = null;
            }
            try {
                negotiatedParameters.lang_server_to_client = getFirstMatch(kexParameters.languages_server_to_client, kexParameters2.languages_server_to_client);
            } catch (NegotiateException unused2) {
                negotiatedParameters.lang_server_to_client = null;
            }
            if (isGuessOK(kexParameters, kexParameters2)) {
                negotiatedParameters.guessOK = true;
            }
            return negotiatedParameters;
        } catch (NegotiateException unused3) {
            return null;
        }
    }

    private boolean verifySignature(byte[] bArr, byte[] bArr2) throws IOException {
        for (KeyAlgorithm<PublicKey, PrivateKey> keyAlgorithm : KeyAlgorithmManager.getSupportedAlgorithms()) {
            if (keyAlgorithm.getName().equals(this.kxs.np.server_host_key_algo)) {
                PublicKey decodePublicKey = keyAlgorithm.decodePublicKey(bArr2);
                return keyAlgorithm.verifySignature(this.kxs.H, keyAlgorithm.decodeSignature(bArr), decodePublicKey);
            }
        }
        throw new IOException(RecyclerView$5$$ExternalSyntheticOutline0.m(new StringBuilder("Unknown server host key algorithm '"), this.kxs.np.server_host_key_algo, "'"));
    }

    public ConnectionInfo getOrWaitForConnectionInfo(int i) throws IOException {
        ConnectionInfo connectionInfo;
        synchronized (this.accessLock) {
            while (true) {
                connectionInfo = this.lastConnInfo;
                if (connectionInfo == null || connectionInfo.keyExchangeCounter < i) {
                    if (this.connectionClosed) {
                        Throwable reasonClosedCause = this.tm.getReasonClosedCause();
                        if (reasonClosedCause instanceof NotAcceptedException) {
                            throw ((NotAcceptedException) reasonClosedCause);
                        }
                        throw new KexException("Key exchange was not finished, connection is closed.", this.tm.getReasonClosedCause());
                    }
                    try {
                        this.accessLock.wait();
                    } catch (InterruptedException e) {
                        throw new InterruptedIOException(e.getMessage());
                    }
                }
            }
        }
        return connectionInfo;
    }

    @Override // com.trilead.ssh2.transport.MessageHandler
    public void handleEndMessage(Throwable th) throws IOException {
        synchronized (this.accessLock) {
            this.connectionClosed = true;
            this.accessLock.notifyAll();
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:26:0x0048, code lost:
    
        r0 = new com.trilead.ssh2.transport.KexState();
        r10.kxs = r0;
        r0.dhgexParameters = r10.nextKEXdhgexParameters;
        r0 = new com.trilead.ssh2.packets.PacketKexInit(r10.nextKEXcryptoWishList, r10.rnd);
        r10.kxs.localKEX = r0;
        r10.tm.sendKexMessage(r0.getPayload());
     */
    @Override // com.trilead.ssh2.transport.MessageHandler
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public synchronized void handleMessage(byte[] r11, int r12) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 1020
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.trilead.ssh2.transport.KexManager.handleMessage(byte[], int):void");
    }

    public synchronized void initiateKEX(CryptoWishList cryptoWishList, DHGexParameters dHGexParameters) throws IOException {
        this.nextKEXcryptoWishList = cryptoWishList;
        this.nextKEXdhgexParameters = dHGexParameters;
        if (this.kxs == null) {
            KexState kexState = new KexState();
            this.kxs = kexState;
            kexState.dhgexParameters = this.nextKEXdhgexParameters;
            PacketKexInit packetKexInit = new PacketKexInit(this.nextKEXcryptoWishList, this.rnd);
            this.kxs.localKEX = packetKexInit;
            this.tm.sendKexMessage(packetKexInit.getPayload());
        }
    }
}
