package net.schmizz.sshj.transport;

import com.android.tools.r8.GeneratedOutlineSupport;
import com.mikepenz.aboutlibraries.R$style;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.util.LinkedList;
import java.util.Objects;
import java.util.Queue;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicBoolean;
import net.schmizz.concurrent.Event;
import net.schmizz.concurrent.ExceptionChainer;
import net.schmizz.sshj.ConfigImpl;
import net.schmizz.sshj.common.Buffer;
import net.schmizz.sshj.common.DisconnectReason;
import net.schmizz.sshj.common.ErrorNotifiable;
import net.schmizz.sshj.common.KeyType;
import net.schmizz.sshj.common.LoggerFactory;
import net.schmizz.sshj.common.Message;
import net.schmizz.sshj.common.SSHException;
import net.schmizz.sshj.common.SSHPacket;
import net.schmizz.sshj.common.SSHPacketHandler;
import net.schmizz.sshj.common.SecurityUtils;
import net.schmizz.sshj.transport.TransportImpl;
import net.schmizz.sshj.transport.cipher.Cipher;
import net.schmizz.sshj.transport.compression.Compression;
import net.schmizz.sshj.transport.digest.Digest;
import net.schmizz.sshj.transport.kex.KeyExchange;
import net.schmizz.sshj.transport.mac.MAC;
import net.schmizz.sshj.transport.verification.AlgorithmsVerifier;
import net.schmizz.sshj.transport.verification.HostKeyVerifier;
import org.slf4j.Logger;

/* loaded from: classes.dex */
public final class KeyExchanger implements SSHPacketHandler, ErrorNotifiable {
    public Proposal clientProposal;
    public final Event<TransportException> done;
    public KeyExchange kex;
    public final Event<TransportException> kexInitSent;
    public final Logger log;
    public NegotiatedAlgorithms negotiatedAlgs;
    public byte[] sessionID;
    public final TransportImpl transport;
    public final Queue<HostKeyVerifier> hostVerifiers = new LinkedList();
    public final Queue<AlgorithmsVerifier> algorithmVerifiers = new LinkedList();
    public final AtomicBoolean kexOngoing = new AtomicBoolean();
    public Expected expected = Expected.KEXINIT;

    /* loaded from: classes.dex */
    public enum Expected {
        KEXINIT,
        FOLLOWUP,
        NEWKEYS
    }

    public KeyExchanger(TransportImpl transportImpl) {
        this.transport = transportImpl;
        Objects.requireNonNull((LoggerFactory.AnonymousClass1) ((ConfigImpl) transportImpl.config).loggerFactory);
        this.log = org.slf4j.LoggerFactory.getLogger((Class<?>) KeyExchanger.class);
        ExceptionChainer<TransportException> exceptionChainer = TransportException.chainer;
        this.kexInitSent = new Event<>("kexinit sent", exceptionChainer, ((ConfigImpl) transportImpl.config).loggerFactory);
        this.done = new Event<>("kex done", exceptionChainer, transportImpl.writeLock, ((ConfigImpl) transportImpl.config).loggerFactory);
    }

    public static void ensureReceivedMatchesExpected(Message message, Message message2) throws TransportException {
        if (message == message2) {
            return;
        }
        throw new TransportException(DisconnectReason.PROTOCOL_ERROR, "Was expecting " + message2);
    }

    public static byte[] resizedKey(byte[] bArr, int i, Digest digest, BigInteger bigInteger, byte[] bArr2) {
        while (i > bArr.length) {
            Buffer.PlainBuffer plainBuffer = new Buffer.PlainBuffer();
            plainBuffer.putMPInt(bigInteger);
            plainBuffer.putRawBytes(bArr2);
            plainBuffer.putRawBytes(bArr);
            digest.update(plainBuffer.data, 0, plainBuffer.available());
            byte[] digest2 = digest.digest();
            byte[] bArr3 = new byte[bArr.length + digest2.length];
            System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
            System.arraycopy(digest2, 0, bArr3, bArr.length, digest2.length);
            bArr = bArr3;
        }
        return bArr;
    }

    public final synchronized void ensureKexOngoing() throws TransportException {
        if (!isKexOngoing()) {
            throw new TransportException(DisconnectReason.PROTOCOL_ERROR, "Key exchange packet received when key exchange was not ongoing");
        }
    }

    @Override // net.schmizz.sshj.common.SSHPacketHandler
    public void handle(Message message, SSHPacket sSHPacket) throws TransportException {
        DisconnectReason disconnectReason = DisconnectReason.KEY_EXCHANGE_FAILED;
        int ordinal = this.expected.ordinal();
        if (ordinal == 0) {
            ensureReceivedMatchesExpected(message, Message.KEXINIT);
            this.log.debug("Received SSH_MSG_KEXINIT");
            startKex(false);
            Event<TransportException> event = this.kexInitSent;
            Objects.requireNonNull(this.transport);
            event.promise.retrieve(30000, TimeUnit.MILLISECONDS);
            sSHPacket.rpos--;
            Proposal proposal = new Proposal(sSHPacket);
            Proposal proposal2 = this.clientProposal;
            NegotiatedAlgorithms negotiatedAlgorithms = new NegotiatedAlgorithms(Proposal.firstMatch(proposal2.kex, proposal.kex), Proposal.firstMatch(proposal2.sig, proposal.sig), Proposal.firstMatch(proposal2.c2sCipher, proposal.c2sCipher), Proposal.firstMatch(proposal2.s2cCipher, proposal.s2cCipher), Proposal.firstMatch(proposal2.c2sMAC, proposal.c2sMAC), Proposal.firstMatch(proposal2.s2cMAC, proposal.s2cMAC), Proposal.firstMatch(proposal2.c2sComp, proposal.c2sComp), Proposal.firstMatch(proposal2.s2cComp, proposal.s2cComp));
            this.negotiatedAlgs = negotiatedAlgorithms;
            this.log.debug("Negotiated algorithms: {}", negotiatedAlgorithms);
            for (AlgorithmsVerifier algorithmsVerifier : this.algorithmVerifiers) {
                this.log.debug("Trying to verify algorithms with {}", algorithmsVerifier);
                if (!algorithmsVerifier.verify(this.negotiatedAlgs)) {
                    StringBuilder outline31 = GeneratedOutlineSupport.outline31("Failed to verify negotiated algorithms `");
                    outline31.append(this.negotiatedAlgs);
                    outline31.append("`");
                    throw new TransportException(disconnectReason, outline31.toString());
                }
            }
            KeyExchange keyExchange = (KeyExchange) R$style.create(((ConfigImpl) this.transport.config).kexFactories, this.negotiatedAlgs.kex);
            this.kex = keyExchange;
            try {
                TransportImpl transportImpl = this.transport;
                keyExchange.init(transportImpl, transportImpl.serverID, transportImpl.clientID, proposal.getPacket().getCompactData(), this.clientProposal.getPacket().getCompactData());
                this.expected = Expected.FOLLOWUP;
                return;
            } catch (GeneralSecurityException e) {
                throw new TransportException(disconnectReason, e);
            }
        }
        if (ordinal == 1) {
            ensureKexOngoing();
            this.log.debug("Received kex followup data");
            try {
                if (this.kex.next(message, sSHPacket)) {
                    verifyHost(this.kex.getHostKey());
                    this.log.debug("Sending SSH_MSG_NEWKEYS");
                    this.transport.write(new SSHPacket(Message.NEWKEYS));
                    this.expected = Expected.NEWKEYS;
                    return;
                }
                return;
            } catch (GeneralSecurityException e2) {
                throw new TransportException(disconnectReason, e2);
            }
        }
        if (ordinal != 2) {
            return;
        }
        ensureReceivedMatchesExpected(message, Message.NEWKEYS);
        ensureKexOngoing();
        this.log.debug("Received SSH_MSG_NEWKEYS");
        Digest hash = this.kex.getHash();
        byte[] h = this.kex.getH();
        if (this.sessionID == null) {
            this.sessionID = h;
        }
        Buffer.PlainBuffer plainBuffer = new Buffer.PlainBuffer();
        plainBuffer.putMPInt(this.kex.getK());
        plainBuffer.putRawBytes(h);
        plainBuffer.putByte((byte) 0);
        plainBuffer.putRawBytes(this.sessionID);
        int available = (plainBuffer.available() - this.sessionID.length) - 1;
        byte[] bArr = plainBuffer.data;
        bArr[available] = 65;
        hash.update(bArr, 0, plainBuffer.available());
        byte[] digest = hash.digest();
        byte[] bArr2 = plainBuffer.data;
        bArr2[available] = 66;
        hash.update(bArr2, 0, plainBuffer.available());
        byte[] digest2 = hash.digest();
        byte[] bArr3 = plainBuffer.data;
        bArr3[available] = 67;
        hash.update(bArr3, 0, plainBuffer.available());
        byte[] digest3 = hash.digest();
        byte[] bArr4 = plainBuffer.data;
        bArr4[available] = 68;
        hash.update(bArr4, 0, plainBuffer.available());
        byte[] digest4 = hash.digest();
        byte[] bArr5 = plainBuffer.data;
        bArr5[available] = 69;
        hash.update(bArr5, 0, plainBuffer.available());
        byte[] digest5 = hash.digest();
        byte[] bArr6 = plainBuffer.data;
        bArr6[available] = 70;
        hash.update(bArr6, 0, plainBuffer.available());
        byte[] digest6 = hash.digest();
        Cipher cipher = (Cipher) R$style.create(((ConfigImpl) this.transport.config).cipherFactories, this.negotiatedAlgs.c2sCipher);
        cipher.init(Cipher.Mode.Encrypt, resizedKey(digest3, cipher.getBlockSize(), hash, this.kex.getK(), this.kex.getH()), digest);
        Cipher cipher2 = (Cipher) R$style.create(((ConfigImpl) this.transport.config).cipherFactories, this.negotiatedAlgs.s2cCipher);
        cipher2.init(Cipher.Mode.Decrypt, resizedKey(digest4, cipher2.getBlockSize(), hash, this.kex.getK(), this.kex.getH()), digest2);
        MAC mac = (MAC) R$style.create(((ConfigImpl) this.transport.config).macFactories, this.negotiatedAlgs.c2sMAC);
        mac.init(resizedKey(digest5, mac.getBlockSize(), hash, this.kex.getK(), this.kex.getH()));
        MAC mac2 = (MAC) R$style.create(((ConfigImpl) this.transport.config).macFactories, this.negotiatedAlgs.s2cMAC);
        mac2.init(resizedKey(digest6, mac2.getBlockSize(), hash, this.kex.getK(), this.kex.getH()));
        Compression compression = (Compression) R$style.create(((ConfigImpl) this.transport.config).compressionFactories, this.negotiatedAlgs.s2cComp);
        this.transport.encoder.setAlgorithms(cipher, mac, (Compression) R$style.create(((ConfigImpl) this.transport.config).compressionFactories, this.negotiatedAlgs.c2sComp));
        this.transport.decoder.setAlgorithms(cipher2, mac2, compression);
        this.kexOngoing.set(false);
        this.kexInitSent.promise.clear();
        this.done.set();
        this.expected = Expected.KEXINIT;
    }

    public boolean isKexOngoing() {
        return this.kexOngoing.get();
    }

    @Override // net.schmizz.sshj.common.ErrorNotifiable
    public void notifyError(SSHException sSHException) {
        this.log.debug("Got notified of {}", sSHException.toString());
        R$style.alertEvents(sSHException, this.kexInitSent, this.done);
    }

    public void startKex(boolean z) throws TransportException {
        if (!this.kexOngoing.getAndSet(true)) {
            this.done.promise.clear();
            this.log.debug("Sending SSH_MSG_KEXINIT");
            Proposal proposal = new Proposal(this.transport.config);
            this.clientProposal = proposal;
            this.transport.write(proposal.getPacket());
            this.kexInitSent.set();
        }
        if (z) {
            Event<TransportException> event = this.done;
            Objects.requireNonNull(this.transport);
            event.promise.retrieve(30000, TimeUnit.MILLISECONDS);
        }
    }

    public final synchronized void verifyHost(PublicKey publicKey) throws TransportException {
        for (HostKeyVerifier hostKeyVerifier : this.hostVerifiers) {
            this.log.debug("Trying to verify host key with {}", hostKeyVerifier);
            TransportImpl.ConnInfo connInfo = this.transport.connInfo;
            if (hostKeyVerifier.verify(connInfo.host, connInfo.port, publicKey)) {
            }
        }
        Logger logger = this.log;
        TransportImpl.ConnInfo connInfo2 = this.transport.connInfo;
        logger.error("Disconnecting because none of the configured Host key verifiers ({}) could verify '{}' host key with fingerprint {} for {}:{}", this.hostVerifiers, KeyType.fromKey(publicKey), SecurityUtils.getFingerprint(publicKey), connInfo2.host, Integer.valueOf(connInfo2.port));
        throw new TransportException(DisconnectReason.HOST_KEY_NOT_VERIFIABLE, "Could not verify `" + KeyType.fromKey(publicKey) + "` host key with fingerprint `" + SecurityUtils.getFingerprint(publicKey) + "` for `" + this.transport.connInfo.host + "` on port " + this.transport.connInfo.port);
    }
}
