package net.schmizz.sshj.transport.kex;

import com.hierynomus.sshj.userauth.certificate.Certificate;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import zd.C7240F;
import zd.C7241G;
import zd.C7243I;
import zd.C7244J;
import zd.C7249b;
import zd.C7250c;
import zd.C7251d;
import zd.C7259l;
import zd.EnumC7238D;
import zd.EnumC7253f;
import zd.z;

/* loaded from: classes3.dex */
public abstract class b extends a {
    private final se.b log;

    public b(i iVar, Gd.b bVar) {
        super(iVar, bVar);
        this.log = se.d.b(getClass());
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // net.schmizz.sshj.transport.kex.u, net.schmizz.sshj.transport.kex.t
    public void init(Ed.g gVar, String str, String str2, byte[] bArr, byte[] bArr2) throws GeneralSecurityException, Ed.i {
        super.init(gVar, str, str2, bArr, bArr2);
        Gd.a aVar = (Gd.a) this.digest;
        aVar.getClass();
        try {
            aVar.f4531b = C7244J.e(aVar.f4530a);
            initDH(this.dh);
            this.log.n("Sending SSH_MSG_KEXDH_INIT");
            C7241G c7241g = new C7241G(EnumC7238D.KEXDH_INIT);
            byte[] bArr3 = this.dh.f56161c;
            c7241g.h(0, bArr3.length, bArr3);
            ((Ed.l) gVar).f(c7241g);
        } catch (GeneralSecurityException e10) {
            throw new C7243I(e10.getMessage(), e10);
        }
    }

    public abstract void initDH(i iVar);

    /* JADX WARN: Unreachable blocks removed: 4, instructions: 4 */
    @Override // net.schmizz.sshj.transport.kex.t
    public boolean next(EnumC7238D enumC7238D, C7241G c7241g) throws GeneralSecurityException, Ed.i {
        String str;
        String str2;
        EnumC7238D enumC7238D2 = EnumC7238D.KEXDH_31;
        EnumC7253f enumC7253f = EnumC7253f.f63850c;
        if (enumC7238D != enumC7238D2) {
            throw new C7240F(enumC7253f, "Unexpected packet: " + enumC7238D, null);
        }
        this.log.n("Received SSH_MSG_KEXDH_REPLY");
        try {
            byte[] u10 = c7241g.u();
            byte[] u11 = c7241g.u();
            byte[] u12 = c7241g.u();
            this.hostKey = new C7251d(u10, true).w();
            this.dh.a(u11);
            C7250c initializedBuffer = initializedBuffer();
            initializedBuffer.getClass();
            initializedBuffer.h(0, u10.length, u10);
            byte[] bArr = this.dh.f56161c;
            initializedBuffer.h(0, bArr.length, bArr);
            initializedBuffer.h(0, u11.length, u11);
            initializedBuffer.i(this.dh.f56162d);
            ((Gd.a) this.digest).a(initializedBuffer.f63844a, initializedBuffer.f63845b, initializedBuffer.a());
            this.f56172H = ((Gd.a) this.digest).f4531b.digest();
            net.schmizz.sshj.signature.c newSignature = ((Ed.l) this.trans).f3497i.newSignature();
            PublicKey publicKey = this.hostKey;
            if (publicKey instanceof Certificate) {
                newSignature.initVerify(((Certificate) publicKey).getKey());
            } else {
                newSignature.initVerify(publicKey);
            }
            byte[] bArr2 = this.f56172H;
            newSignature.update(bArr2, 0, bArr2.length);
            if (!newSignature.verify(u12)) {
                throw new C7240F(enumC7253f, "KeyExchange signature verification failed", null);
            }
            PublicKey publicKey2 = this.hostKey;
            if ((publicKey2 instanceof Certificate) && ((Ed.l) this.trans).f3492d.f63319k) {
                Certificate certificate = (Certificate) publicKey2;
                try {
                    str = new C7251d(certificate.getSignature(), true).y(C7259l.f63860a);
                } catch (C7249b unused) {
                    str = null;
                }
                try {
                    str2 = new C7251d(certificate.getSignatureKey(), true).y(C7259l.f63860a);
                } catch (C7249b unused2) {
                    str2 = null;
                }
                this.log.v("Verifying signature of the key with type {} (signature type {}, CA key type {})", Long.valueOf(certificate.getType()), str, str2);
                try {
                    String f10 = z.f(u10, certificate, (String) ((Ed.l) this.trans).f3505q.f3486c);
                    if (f10 != null) {
                        throw new C7240F(enumC7253f, "KeyExchange certificate check failed: ".concat(f10), null);
                    }
                } catch (C7243I | C7249b e10) {
                    throw new C7240F(enumC7253f, "KeyExchange certificate check failed", e10);
                }
            }
            return true;
        } catch (C7249b e11) {
            throw new C7240F(e11);
        }
    }
}
