package u9;

import gb.g;
import ha.x;
import ha.y;
import ib.f;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.security.PublicKey;
import java.util.Collection;
import java.util.Objects;
import jb.n0;
import jb.r;
import kb.e;
import z9.a1;
import z9.u;
import za.s;
import za.v;
import za.w;

/* compiled from: DHGClient.java */
/* loaded from: classes.dex */
public class b extends u9.a {
    protected final za.d Y;
    protected za.a Z;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: DHGClient.java */
    /* loaded from: classes.dex */
    public class a implements w {
        final /* synthetic */ za.d K;

        a(za.d dVar) {
            this.K = dVar;
        }

        @Override // z9.e0
        public String getName() {
            return this.K.getName();
        }

        @Override // za.w
        public v q4(g gVar) {
            return new b(this.K, gVar);
        }

        public String toString() {
            return z9.v.class.getSimpleName() + "<" + v.class.getSimpleName() + ">[" + getName() + "]";
        }
    }

    protected b(za.d dVar, g gVar) {
        super(gVar);
        Objects.requireNonNull(dVar, "No factory");
        this.Y = dVar;
    }

    public static w T7(za.d dVar) {
        return new a(dVar);
    }

    protected za.a S7() {
        return this.Y.d1(new Object[0]);
    }

    protected void U7(g gVar, y yVar) {
        PublicKey O = yVar.O();
        String y10 = ha.v.y(O);
        String id2 = yVar.getId();
        String E = yVar.E();
        if (r.s(E) || !"ssh-rsa".equals(ha.v.p(E))) {
            throw new a1(3, "Found invalid signature alg " + E + " for key ID=" + id2);
        }
        if (this.K.f()) {
            this.K.y("verifyCertificate({})[id={}] Allowing to use variant {} instead of {}", gVar, id2, E, y10);
        }
        f fVar = (f) n0.g((f) u.a(gVar.N0(), E), "No KeyExchange CA verifier located for algorithm=%s of key ID=%s", E, id2);
        fVar.K5(gVar, O);
        fVar.O3(gVar, yVar.n());
        if (!fVar.a3(gVar, yVar.getSignature())) {
            throw new a1(3, "KeyExchange CA signature verification failed for key type=" + E + " of key ID=" + id2);
        }
        if (!y.b.HOST.equals(yVar.getType())) {
            throw new a1(3, "KeyExchange signature verification failed, not a host key (2) " + yVar.getType() + " for key ID=" + id2);
        }
        if (!x.a(yVar)) {
            throw new a1(3, "KeyExchange signature verification failed, CA expired for key ID=" + id2);
        }
        SocketAddress H2 = R7().H2();
        if (H2 instanceof vb.d) {
            H2 = ((vb.d) H2).F();
        }
        if (!(H2 instanceof InetSocketAddress)) {
            throw new a1(3, "KeyExchange signature verification failed, could not determine connect host for key ID=" + id2);
        }
        String hostString = ((InetSocketAddress) H2).getHostString();
        Collection<String> Z = yVar.Z();
        if (r.u(Z) || !Z.contains(hostString)) {
            throw new a1(3, "KeyExchange signature verification failed, invalid principal " + hostString + " for key ID=" + id2 + " - allowed=" + Z);
        }
        if (r.u(yVar.x())) {
            return;
        }
        throw new a1(3, "KeyExchange signature verification failed, unrecognized critical options " + yVar.x() + " for key ID=" + id2);
    }

    @Override // ab.a, za.v
    public void X(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) {
        super.X(bArr, bArr2, bArr3, bArr4);
        za.a S7 = S7();
        this.Z = S7;
        oa.c e10 = S7.e();
        this.Q = e10;
        e10.R3();
        byte[] M7 = M7(this.Z.d());
        g l82 = l8();
        if (this.K.f()) {
            this.K.e("init({})[{}] Send SSH_MSG_KEXDH_INIT", this, l82);
        }
        kb.a K1 = l82.K1((byte) 30, M7.length + 32);
        this.Z.i(K1, M7);
        l82.m(K1);
    }

    @Override // za.v
    public boolean Z4(int i10, kb.a aVar) {
        PublicKey publicKey;
        w9.a R7 = R7();
        if (this.K.f()) {
            this.K.y("next({})[{}] process command={}", this, R7, za.u.b(i10));
        }
        if (i10 != 31) {
            throw new a1(3, "Protocol error: expected packet SSH_MSG_KEXDH_REPLY, got " + za.u.b(i10));
        }
        byte[] t10 = aVar.t();
        byte[] N7 = N7(aVar);
        byte[] t11 = aVar.t();
        this.Z.k(N7);
        this.R = this.Z.f();
        PublicKey L = new e(t10).L();
        if (L instanceof y) {
            y yVar = (y) L;
            PublicKey R = yVar.R();
            try {
                U7(R7, yVar);
                publicKey = L;
            } catch (a1 e10) {
                if (ac.f.f176r.Y0(R7).booleanValue()) {
                    throw e10;
                }
                publicKey = yVar.R();
                this.K.P("Ignoring invalid certificate {}", yVar.getId(), e10);
            }
            L = R;
        } else {
            publicKey = L;
        }
        String Q5 = R7.Q5(s.SERVERKEYS);
        if (r.s(Q5)) {
            throw new a1("Unsupported server key type: " + L.getAlgorithm() + "[" + L.getFormat() + "]");
        }
        e eVar = new e();
        eVar.e0(this.N);
        eVar.e0(this.M);
        eVar.e0(this.P);
        eVar.e0(this.O);
        eVar.e0(t10);
        this.Z.i(eVar, G7());
        this.Z.j(eVar, N7);
        eVar.m0(this.R);
        this.Q.update(eVar.b(), 0, eVar.available());
        this.S = this.Q.f();
        f fVar = (f) n0.f((f) u.a(R7.N0(), Q5), "No verifier located for algorithm=%s", Q5);
        fVar.K5(R7, L);
        fVar.O3(R7, this.S);
        if (fVar.a3(R7, t11)) {
            R7.Eb(publicKey);
            return true;
        }
        throw new a1(3, "KeyExchange signature verification failed for key type=" + Q5);
    }

    @Override // z9.e0
    public final String getName() {
        return this.Y.getName();
    }
}
