package com.trilead.ssh2.transport;

import androidx.activity.ComponentActivity$2$$ExternalSyntheticOutline0;
import androidx.activity.ComponentActivity$2$$ExternalSyntheticOutline1;
import androidx.core.util.Preconditions;
import com.trilead.ssh2.ConnectionInfo;
import com.trilead.ssh2.ExtendedServerHostKeyVerifier;
import com.trilead.ssh2.ServerHostKeyVerifier;
import com.trilead.ssh2.compression.CompressionFactory;
import com.trilead.ssh2.compression.ICompressor;
import com.trilead.ssh2.crypto.CryptoWishList;
import com.trilead.ssh2.crypto.KeyMaterial;
import com.trilead.ssh2.crypto.cipher.BlockCipher;
import com.trilead.ssh2.crypto.cipher.BlockCipherFactory;
import com.trilead.ssh2.crypto.cipher.CipherOutputStream;
import com.trilead.ssh2.crypto.cipher.NullCipher;
import com.trilead.ssh2.crypto.digest.HMAC;
import com.trilead.ssh2.crypto.digest.MACs;
import com.trilead.ssh2.log.Logger;
import com.trilead.ssh2.signature.DSASHA1Verify;
import com.trilead.ssh2.signature.ECDSASHA2Verify;
import com.trilead.ssh2.signature.Ed25519Verify;
import com.trilead.ssh2.signature.RSASHA1Verify;
import com.trilead.ssh2.signature.RSASHA256Verify;
import com.trilead.ssh2.signature.RSASHA512Verify;
import com.trilead.ssh2.signature.SSHSignature;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.ECParameterSpec;
import java.util.ArrayList;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Objects;
import java.util.Set;

/* loaded from: classes.dex */
public final class KexManager {
    public static final Set<String> HOSTKEY_ALGS;
    public static final Set<String> KEX_ALGS;
    public static final Logger log = new Logger(KexManager.class);
    public ClientServerHello csh;
    public final String hostname;
    public KeyMaterial km;
    public KexState kxs;
    public CryptoWishList nextKEXcryptoWishList;
    public final int port;
    public final SecureRandom rnd;
    public byte[] sessionId;
    public final TransportManager tm;
    public ServerHostKeyVerifier verifier;
    public int kexCount = 0;
    public final Object accessLock = new Object();
    public ConnectionInfo lastConnInfo = null;
    public boolean connectionClosed = false;
    public boolean ignore_next_kex_packet = false;
    public Preconditions nextKEXdhgexParameters = new Preconditions();

    static {
        KeyFactory keyFactory;
        try {
            keyFactory = KeyFactory.getInstance("EC");
        } catch (NoSuchAlgorithmException unused) {
            keyFactory = null;
            Objects.requireNonNull(log);
        }
        boolean z = keyFactory != null;
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        HOSTKEY_ALGS = linkedHashSet;
        linkedHashSet.add("ssh-ed25519");
        if (z) {
            linkedHashSet.add("ecdsa-sha2-nistp256");
            linkedHashSet.add("ecdsa-sha2-nistp384");
            linkedHashSet.add("ecdsa-sha2-nistp521");
        }
        linkedHashSet.add("rsa-sha2-512");
        linkedHashSet.add("rsa-sha2-256");
        linkedHashSet.add("ssh-rsa");
        linkedHashSet.add("ssh-dss");
        LinkedHashSet linkedHashSet2 = new LinkedHashSet();
        KEX_ALGS = linkedHashSet2;
        linkedHashSet2.add("curve25519-sha256");
        linkedHashSet2.add("curve25519-sha256@libssh.org");
        if (z) {
            linkedHashSet2.add("ecdh-sha2-nistp256");
            linkedHashSet2.add("ecdh-sha2-nistp384");
            linkedHashSet2.add("ecdh-sha2-nistp521");
        }
        linkedHashSet2.add("diffie-hellman-group18-sha512");
        linkedHashSet2.add("diffie-hellman-group16-sha512");
        linkedHashSet2.add("diffie-hellman-group-exchange-sha256");
        linkedHashSet2.add("diffie-hellman-group14-sha256");
        linkedHashSet2.add("diffie-hellman-group-exchange-sha1");
        linkedHashSet2.add("diffie-hellman-group14-sha1");
        linkedHashSet2.add("diffie-hellman-group1-sha1");
        linkedHashSet2.add("ext-info-c");
    }

    public KexManager(TransportManager transportManager, ClientServerHello clientServerHello, CryptoWishList cryptoWishList, String str, int i, ServerHostKeyVerifier serverHostKeyVerifier, SecureRandom secureRandom) {
        this.tm = transportManager;
        this.csh = clientServerHello;
        this.nextKEXcryptoWishList = cryptoWishList;
        this.hostname = str;
        this.port = i;
        this.verifier = serverHostKeyVerifier;
        this.rnd = secureRandom;
    }

    public final boolean compareFirstOfNameList(String[] strArr, String[] strArr2) {
        if (strArr == null || strArr2 == null) {
            throw new IllegalArgumentException();
        }
        if (strArr.length == 0 && strArr2.length == 0) {
            return true;
        }
        if (strArr.length == 0 || strArr2.length == 0) {
            return false;
        }
        return strArr[0].equals(strArr2[0]);
    }

    public final void filterHostKeyTypes(CryptoWishList cryptoWishList) {
        List<String> knownKeyAlgorithmsForHost;
        ServerHostKeyVerifier serverHostKeyVerifier = this.verifier;
        if (!(serverHostKeyVerifier instanceof ExtendedServerHostKeyVerifier) || (knownKeyAlgorithmsForHost = ((ExtendedServerHostKeyVerifier) serverHostKeyVerifier).getKnownKeyAlgorithmsForHost()) == null || knownKeyAlgorithmsForHost.size() <= 0) {
            return;
        }
        ArrayList arrayList = new ArrayList(knownKeyAlgorithmsForHost.size());
        for (String str : cryptoWishList.serverHostKeyAlgorithms) {
            for (String str2 : knownKeyAlgorithmsForHost) {
                if (str.equals(str2)) {
                    arrayList.add(str2);
                }
            }
        }
        if (arrayList.size() > 0) {
            cryptoWishList.serverHostKeyAlgorithms = (String[]) arrayList.toArray(new String[0]);
        }
    }

    public final void finishKex() throws IOException {
        if (this.sessionId == null) {
            this.sessionId = this.kxs.H;
        }
        try {
            int keyLen = MACs.getKeyLen(this.kxs.np.mac_algo_client_to_server);
            int i = BlockCipherFactory.getEntry(this.kxs.np.enc_algo_client_to_server).keysize;
            int i2 = BlockCipherFactory.getEntry(this.kxs.np.enc_algo_client_to_server).blocksize;
            int keyLen2 = MACs.getKeyLen(this.kxs.np.mac_algo_server_to_client);
            int i3 = BlockCipherFactory.getEntry(this.kxs.np.enc_algo_server_to_client).keysize;
            int i4 = BlockCipherFactory.getEntry(this.kxs.np.enc_algo_server_to_client).blocksize;
            KexState kexState = this.kxs;
            this.km = KeyMaterial.create(kexState.hashAlgo, kexState.H, kexState.K, this.sessionId, i, i2, keyLen, i3, i4, keyLen2);
            TransportManager transportManager = this.tm;
            byte[] bArr = new byte[256];
            bArr[0] = (byte) 21;
            byte[] bArr2 = new byte[1];
            System.arraycopy(bArr, 0, bArr2, 0, 1);
            transportManager.sendKexMessage(bArr2);
            try {
                String str = this.kxs.np.enc_algo_client_to_server;
                KeyMaterial keyMaterial = this.km;
                BlockCipher createCipher = BlockCipherFactory.createCipher(str, true, keyMaterial.enc_key_client_to_server, keyMaterial.initial_iv_client_to_server);
                HMAC hmac = new HMAC(this.kxs.np.mac_algo_client_to_server, this.km.integrity_key_client_to_server);
                ICompressor createCompressor = CompressionFactory.createCompressor(this.kxs.np.comp_algo_client_to_server);
                TransportConnection transportConnection = this.tm.tc;
                Objects.requireNonNull(transportConnection);
                if (!(createCipher instanceof NullCipher)) {
                    transportConnection.useRandomPadding = true;
                }
                CipherOutputStream cipherOutputStream = transportConnection.cos;
                cipherOutputStream.currentCipher = createCipher;
                int blockSize = createCipher.getBlockSize();
                cipherOutputStream.blockSize = blockSize;
                cipherOutputStream.buffer = new byte[blockSize];
                cipherOutputStream.enc = new byte[blockSize];
                cipherOutputStream.pos = 0;
                transportConnection.send_mac = hmac;
                transportConnection.send_mac_buffer = new byte[hmac.outSize];
                int blockSize2 = createCipher.getBlockSize();
                transportConnection.send_padd_blocksize = blockSize2;
                if (blockSize2 < 8) {
                    transportConnection.send_padd_blocksize = 8;
                }
                TransportConnection transportConnection2 = this.tm.tc;
                transportConnection2.send_comp = createCompressor;
                if (createCompressor != null) {
                    transportConnection2.send_comp_buffer = new byte[createCompressor.getBufferSize()];
                    transportConnection2.can_send_compress |= transportConnection2.send_comp.canCompressPreauth();
                }
                TransportManager transportManager2 = this.tm;
                synchronized (transportManager2.connectionSemaphore) {
                    transportManager2.flagKexOngoing = false;
                    transportManager2.connectionSemaphore.notifyAll();
                }
            } catch (IllegalArgumentException unused) {
                throw new IOException("Fatal error during MAC startup!");
            }
        } catch (IllegalArgumentException e) {
            StringBuilder m = ComponentActivity$2$$ExternalSyntheticOutline1.m("Could not establish key material: ");
            m.append(e.getMessage());
            throw new IOException(m.toString());
        }
    }

    public final String getFirstMatch(String[] strArr, String[] strArr2) throws NegotiateException {
        if (strArr == null || strArr2 == null) {
            throw new IllegalArgumentException();
        }
        if (strArr.length == 0) {
            return null;
        }
        for (String str : strArr) {
            for (String str2 : strArr2) {
                if (str.equals(str2)) {
                    return str;
                }
            }
        }
        throw new NegotiateException();
    }

    /* JADX WARN: Code restructure failed: missing block: B:38:0x005b, code lost:
    
        r1 = new com.trilead.ssh2.transport.KexState();
        r11.kxs = r1;
        r1.dhgexParameters = r11.nextKEXdhgexParameters;
        r1 = new com.trilead.ssh2.packets.PacketKexInit(r11.nextKEXcryptoWishList);
        r11.kxs.localKEX = r1;
        r11.tm.sendKexMessage(r1.getPayload());
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final synchronized void handleMessage(byte[] r12, int r13) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 1451
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.trilead.ssh2.transport.KexManager.handleMessage(byte[], int):void");
    }

    public final NegotiatedParameters mergeKexParameters(KexParameters kexParameters, KexParameters kexParameters2) {
        NegotiatedParameters negotiatedParameters = new NegotiatedParameters();
        try {
            negotiatedParameters.kex_algo = getFirstMatch(kexParameters.kex_algorithms, kexParameters2.kex_algorithms);
            Logger logger = log;
            Objects.requireNonNull(logger);
            negotiatedParameters.server_host_key_algo = getFirstMatch(kexParameters.server_host_key_algorithms, kexParameters2.server_host_key_algorithms);
            Objects.requireNonNull(logger);
            negotiatedParameters.enc_algo_client_to_server = getFirstMatch(kexParameters.encryption_algorithms_client_to_server, kexParameters2.encryption_algorithms_client_to_server);
            negotiatedParameters.enc_algo_server_to_client = getFirstMatch(kexParameters.encryption_algorithms_server_to_client, kexParameters2.encryption_algorithms_server_to_client);
            Objects.requireNonNull(logger);
            Objects.requireNonNull(logger);
            negotiatedParameters.mac_algo_client_to_server = getFirstMatch(kexParameters.mac_algorithms_client_to_server, kexParameters2.mac_algorithms_client_to_server);
            negotiatedParameters.mac_algo_server_to_client = getFirstMatch(kexParameters.mac_algorithms_server_to_client, kexParameters2.mac_algorithms_server_to_client);
            Objects.requireNonNull(logger);
            Objects.requireNonNull(logger);
            negotiatedParameters.comp_algo_client_to_server = getFirstMatch(kexParameters.compression_algorithms_client_to_server, kexParameters2.compression_algorithms_client_to_server);
            negotiatedParameters.comp_algo_server_to_client = getFirstMatch(kexParameters.compression_algorithms_server_to_client, kexParameters2.compression_algorithms_server_to_client);
            Objects.requireNonNull(logger);
            Objects.requireNonNull(logger);
            try {
                getFirstMatch(kexParameters.languages_client_to_server, kexParameters2.languages_client_to_server);
            } catch (NegotiateException unused) {
            }
            try {
                getFirstMatch(kexParameters.languages_server_to_client, kexParameters2.languages_server_to_client);
            } catch (NegotiateException unused2) {
            }
            if (!compareFirstOfNameList(kexParameters.kex_algorithms, kexParameters2.kex_algorithms) ? false : compareFirstOfNameList(kexParameters.server_host_key_algorithms, kexParameters2.server_host_key_algorithms)) {
                negotiatedParameters.guessOK = true;
            }
            return negotiatedParameters;
        } catch (NegotiateException unused3) {
            return null;
        }
    }

    public final boolean verifySignature(byte[] bArr, byte[] bArr2) throws IOException {
        String str = this.kxs.np.server_host_key_algo;
        SSHSignature sSHSignature = Ed25519Verify.InstanceHolder.sInstance;
        if (!str.equals("ssh-ed25519")) {
            String str2 = this.kxs.np.server_host_key_algo;
            ECParameterSpec eCParameterSpec = ECDSASHA2Verify.ECDSASHA2NISTP256Verify.nistp256;
            sSHSignature = ECDSASHA2Verify.ECDSASHA2NISTP256Verify.InstanceHolder.sInstance;
            Objects.requireNonNull(sSHSignature);
            if (!str2.equals("ecdsa-sha2-nistp256")) {
                String str3 = this.kxs.np.server_host_key_algo;
                ECParameterSpec eCParameterSpec2 = ECDSASHA2Verify.ECDSASHA2NISTP384Verify.nistp384;
                sSHSignature = ECDSASHA2Verify.ECDSASHA2NISTP384Verify.InstanceHolder.sInstance;
                Objects.requireNonNull(sSHSignature);
                if (!str3.equals("ecdsa-sha2-nistp384")) {
                    String str4 = this.kxs.np.server_host_key_algo;
                    ECParameterSpec eCParameterSpec3 = ECDSASHA2Verify.ECDSASHA2NISTP521Verify.nistp521;
                    sSHSignature = ECDSASHA2Verify.ECDSASHA2NISTP521Verify.InstanceHolder.sInstance;
                    Objects.requireNonNull(sSHSignature);
                    if (!str4.equals("ecdsa-sha2-nistp521")) {
                        String str5 = this.kxs.np.server_host_key_algo;
                        Logger logger = RSASHA512Verify.log;
                        sSHSignature = RSASHA512Verify.InstanceHolder.sInstance;
                        Objects.requireNonNull(sSHSignature);
                        if (!str5.equals("rsa-sha2-512")) {
                            String str6 = this.kxs.np.server_host_key_algo;
                            Logger logger2 = RSASHA256Verify.log;
                            Objects.requireNonNull(RSASHA256Verify.InstanceHolder.sInstance);
                            if (str6.equals("rsa-sha2-256")) {
                                sSHSignature = RSASHA256Verify.InstanceHolder.sInstance;
                            } else {
                                String str7 = this.kxs.np.server_host_key_algo;
                                Logger logger3 = RSASHA1Verify.log;
                                Objects.requireNonNull(RSASHA1Verify.InstanceHolder.sInstance);
                                if (str7.equals("ssh-rsa")) {
                                    sSHSignature = RSASHA1Verify.InstanceHolder.sInstance;
                                } else {
                                    String str8 = this.kxs.np.server_host_key_algo;
                                    sSHSignature = DSASHA1Verify.InstanceHolder.sInstance;
                                    if (!str8.equals("ssh-dss")) {
                                        throw new IOException(ComponentActivity$2$$ExternalSyntheticOutline0.m(ComponentActivity$2$$ExternalSyntheticOutline1.m("Unknown server host key algorithm '"), this.kxs.np.server_host_key_algo, "'"));
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
        PublicKey decodePublicKey = sSHSignature.decodePublicKey(bArr2);
        Logger logger4 = log;
        sSHSignature.getKeyFormat();
        Objects.requireNonNull(logger4);
        return sSHSignature.verifySignature(this.kxs.H, bArr, decodePublicKey);
    }
}
