package net.schmizz.sshj.transport;

import com.android.tools.r8.GeneratedOutlineSupport;
import com.hierynomus.sshj.transport.cipher.StreamCiphers;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.util.Arrays;
import java.util.LinkedList;
import java.util.Objects;
import java.util.Queue;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicBoolean;
import net.schmizz.concurrent.Event;
import net.schmizz.concurrent.ExceptionChainer;
import net.schmizz.sshj.common.Buffer;
import net.schmizz.sshj.common.DisconnectReason;
import net.schmizz.sshj.common.ErrorNotifiable;
import net.schmizz.sshj.common.KeyType;
import net.schmizz.sshj.common.Message;
import net.schmizz.sshj.common.SSHException;
import net.schmizz.sshj.common.SSHPacket;
import net.schmizz.sshj.common.SSHPacketHandler;
import net.schmizz.sshj.common.SecurityUtils;
import net.schmizz.sshj.transport.cipher.Cipher;
import net.schmizz.sshj.transport.compression.Compression;
import net.schmizz.sshj.transport.digest.BaseDigest;
import net.schmizz.sshj.transport.kex.AbstractDH;
import net.schmizz.sshj.transport.kex.KeyExchange;
import net.schmizz.sshj.transport.mac.BaseMAC;
import net.schmizz.sshj.transport.verification.AlgorithmsVerifier;
import net.schmizz.sshj.transport.verification.HostKeyVerifier;
import org.slf4j.Logger;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public final class KeyExchanger implements SSHPacketHandler, ErrorNotifiable {
    private Proposal clientProposal;
    private final Event done;
    private KeyExchange kex;
    private final Event kexInitSent;
    private final Logger log;
    private NegotiatedAlgorithms negotiatedAlgs;
    private byte[] sessionID;
    private final TransportImpl transport;
    private final Queue hostVerifiers = new LinkedList();
    private final Queue algorithmVerifiers = new LinkedList();
    private final AtomicBoolean kexOngoing = new AtomicBoolean();
    private Expected expected = Expected.KEXINIT;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public enum Expected {
        KEXINIT,
        FOLLOWUP,
        NEWKEYS
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public KeyExchanger(TransportImpl transportImpl) {
        this.transport = transportImpl;
        this.log = transportImpl.getConfig().getLoggerFactory().getLogger(KeyExchanger.class);
        ExceptionChainer exceptionChainer = TransportException.chainer;
        this.kexInitSent = new Event("kexinit sent", exceptionChainer, transportImpl.getConfig().getLoggerFactory());
        this.done = new Event("kex done", exceptionChainer, transportImpl.getWriteLock(), transportImpl.getConfig().getLoggerFactory());
    }

    private synchronized void ensureKexOngoing() {
        if (!isKexOngoing()) {
            throw new TransportException(DisconnectReason.PROTOCOL_ERROR, "Key exchange packet received when key exchange was not ongoing");
        }
    }

    private static void ensureReceivedMatchesExpected(Message message, Message message2) {
        if (message == message2) {
            return;
        }
        throw new TransportException(DisconnectReason.PROTOCOL_ERROR, "Was expecting " + message2);
    }

    private static byte[] resizedKey(byte[] bArr, int i, BaseDigest baseDigest, BigInteger bigInteger, byte[] bArr2) {
        while (i > bArr.length) {
            Buffer.PlainBuffer plainBuffer = new Buffer.PlainBuffer();
            plainBuffer.putMPInt(bigInteger);
            plainBuffer.putRawBytes(bArr2);
            plainBuffer.putRawBytes(bArr);
            baseDigest.update(plainBuffer.array(), 0, plainBuffer.available());
            byte[] digest = baseDigest.digest();
            byte[] bArr3 = new byte[bArr.length + digest.length];
            System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
            System.arraycopy(digest, 0, bArr3, bArr.length, digest.length);
            bArr = bArr3;
        }
        return bArr;
    }

    private synchronized void verifyHost(PublicKey publicKey) {
        for (HostKeyVerifier hostKeyVerifier : this.hostVerifiers) {
            this.log.debug("Trying to verify host key with {}", hostKeyVerifier);
            if (hostKeyVerifier.verify(this.transport.getRemoteHost(), this.transport.getRemotePort(), publicKey)) {
            }
        }
        this.log.error("Disconnecting because none of the configured Host key verifiers ({}) could verify '{}' host key with fingerprint {} for {}:{}", this.hostVerifiers, KeyType.fromKey(publicKey), SecurityUtils.getFingerprint(publicKey), this.transport.getRemoteHost(), Integer.valueOf(this.transport.getRemotePort()));
        throw new TransportException(DisconnectReason.HOST_KEY_NOT_VERIFIABLE, "Could not verify `" + KeyType.fromKey(publicKey) + "` host key with fingerprint `" + SecurityUtils.getFingerprint(publicKey) + "` for `" + this.transport.getRemoteHost() + "` on port " + this.transport.getRemotePort());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized void addHostKeyVerifier(HostKeyVerifier hostKeyVerifier) {
        this.hostVerifiers.add(hostKeyVerifier);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] getSessionID() {
        byte[] bArr = this.sessionID;
        return Arrays.copyOf(bArr, bArr.length);
    }

    @Override // net.schmizz.sshj.common.SSHPacketHandler
    public void handle(Message message, SSHPacket sSHPacket) {
        Expected expected;
        DisconnectReason disconnectReason = DisconnectReason.KEY_EXCHANGE_FAILED;
        int ordinal = this.expected.ordinal();
        if (ordinal == 0) {
            ensureReceivedMatchesExpected(message, Message.KEXINIT);
            this.log.debug("Received SSH_MSG_KEXINIT");
            startKex(false);
            Event event = this.kexInitSent;
            Objects.requireNonNull(this.transport);
            event.await(30000, TimeUnit.MILLISECONDS);
            sSHPacket.rpos(sSHPacket.rpos() - 1);
            Proposal proposal = new Proposal(sSHPacket);
            NegotiatedAlgorithms negotiate = this.clientProposal.negotiate(proposal);
            this.negotiatedAlgs = negotiate;
            this.log.debug("Negotiated algorithms: {}", negotiate);
            for (AlgorithmsVerifier algorithmsVerifier : this.algorithmVerifiers) {
                this.log.debug("Trying to verify algorithms with {}", algorithmsVerifier);
                if (!algorithmsVerifier.verify(this.negotiatedAlgs)) {
                    StringBuilder outline37 = GeneratedOutlineSupport.outline37("Failed to verify negotiated algorithms `");
                    outline37.append(this.negotiatedAlgs);
                    outline37.append("`");
                    throw new TransportException(disconnectReason, outline37.toString());
                }
            }
            KeyExchange keyExchange = (KeyExchange) StreamCiphers.create(this.transport.getConfig().getKeyExchangeFactories(), this.negotiatedAlgs.getKeyExchangeAlgorithm());
            this.kex = keyExchange;
            try {
                TransportImpl transportImpl = this.transport;
                keyExchange.init(transportImpl, transportImpl.getServerID(), this.transport.getClientID(), proposal.getPacket().getCompactData(), this.clientProposal.getPacket().getCompactData());
                expected = Expected.FOLLOWUP;
            } catch (GeneralSecurityException e) {
                throw new TransportException(disconnectReason, e);
            }
        } else {
            if (ordinal == 1) {
                ensureKexOngoing();
                this.log.debug("Received kex followup data");
                try {
                    if (this.kex.next(message, sSHPacket)) {
                        verifyHost(((AbstractDH) this.kex).getHostKey());
                        this.log.debug("Sending SSH_MSG_NEWKEYS");
                        this.transport.write(new SSHPacket(Message.NEWKEYS));
                        this.expected = Expected.NEWKEYS;
                        return;
                    }
                    return;
                } catch (GeneralSecurityException e2) {
                    throw new TransportException(disconnectReason, e2);
                }
            }
            if (ordinal != 2) {
                return;
            }
            ensureReceivedMatchesExpected(message, Message.NEWKEYS);
            ensureKexOngoing();
            this.log.debug("Received SSH_MSG_NEWKEYS");
            BaseDigest hash = ((AbstractDH) this.kex).getHash();
            byte[] h = ((AbstractDH) this.kex).getH();
            if (this.sessionID == null) {
                this.sessionID = h;
            }
            Buffer.PlainBuffer plainBuffer = new Buffer.PlainBuffer();
            plainBuffer.putMPInt(((AbstractDH) this.kex).getK());
            plainBuffer.putRawBytes(h);
            plainBuffer.putByte((byte) 0);
            plainBuffer.putRawBytes(this.sessionID);
            int available = (plainBuffer.available() - this.sessionID.length) - 1;
            plainBuffer.array()[available] = 65;
            hash.update(plainBuffer.array(), 0, plainBuffer.available());
            byte[] digest = hash.digest();
            plainBuffer.array()[available] = 66;
            hash.update(plainBuffer.array(), 0, plainBuffer.available());
            byte[] digest2 = hash.digest();
            plainBuffer.array()[available] = 67;
            hash.update(plainBuffer.array(), 0, plainBuffer.available());
            byte[] digest3 = hash.digest();
            plainBuffer.array()[available] = 68;
            hash.update(plainBuffer.array(), 0, plainBuffer.available());
            byte[] digest4 = hash.digest();
            plainBuffer.array()[available] = 69;
            hash.update(plainBuffer.array(), 0, plainBuffer.available());
            byte[] digest5 = hash.digest();
            plainBuffer.array()[available] = 70;
            hash.update(plainBuffer.array(), 0, plainBuffer.available());
            byte[] digest6 = hash.digest();
            Cipher cipher = (Cipher) StreamCiphers.create(this.transport.getConfig().getCipherFactories(), this.negotiatedAlgs.getClient2ServerCipherAlgorithm());
            cipher.init(Cipher.Mode.Encrypt, resizedKey(digest3, cipher.getBlockSize(), hash, ((AbstractDH) this.kex).getK(), ((AbstractDH) this.kex).getH()), digest);
            Cipher cipher2 = (Cipher) StreamCiphers.create(this.transport.getConfig().getCipherFactories(), this.negotiatedAlgs.getServer2ClientCipherAlgorithm());
            cipher2.init(Cipher.Mode.Decrypt, resizedKey(digest4, cipher2.getBlockSize(), hash, ((AbstractDH) this.kex).getK(), ((AbstractDH) this.kex).getH()), digest2);
            BaseMAC baseMAC = (BaseMAC) StreamCiphers.create(this.transport.getConfig().getMACFactories(), this.negotiatedAlgs.getClient2ServerMACAlgorithm());
            baseMAC.init(resizedKey(digest5, baseMAC.getBlockSize(), hash, ((AbstractDH) this.kex).getK(), ((AbstractDH) this.kex).getH()));
            BaseMAC baseMAC2 = (BaseMAC) StreamCiphers.create(this.transport.getConfig().getMACFactories(), this.negotiatedAlgs.getServer2ClientMACAlgorithm());
            baseMAC2.init(resizedKey(digest6, baseMAC2.getBlockSize(), hash, ((AbstractDH) this.kex).getK(), ((AbstractDH) this.kex).getH()));
            Compression compression = (Compression) StreamCiphers.create(this.transport.getConfig().getCompressionFactories(), this.negotiatedAlgs.getServer2ClientCompressionAlgorithm());
            this.transport.getEncoder().setAlgorithms(cipher, baseMAC, (Compression) StreamCiphers.create(this.transport.getConfig().getCompressionFactories(), this.negotiatedAlgs.getClient2ServerCompressionAlgorithm()));
            this.transport.getDecoder().setAlgorithms(cipher2, baseMAC2, compression);
            this.kexOngoing.set(false);
            this.kexInitSent.clear();
            this.done.set();
            expected = Expected.KEXINIT;
        }
        this.expected = expected;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isKexOngoing() {
        return this.kexOngoing.get();
    }

    @Override // net.schmizz.sshj.common.ErrorNotifiable
    public void notifyError(SSHException sSHException) {
        this.log.debug("Got notified of {}", sSHException.toString());
        StreamCiphers.alertEvents(sSHException, this.kexInitSent, this.done);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void startKex(boolean z) {
        if (!this.kexOngoing.getAndSet(true)) {
            this.done.clear();
            this.log.debug("Sending SSH_MSG_KEXINIT");
            Proposal proposal = new Proposal(this.transport.getConfig());
            this.clientProposal = proposal;
            this.transport.write(proposal.getPacket());
            this.kexInitSent.set();
        }
        if (z) {
            Event event = this.done;
            Objects.requireNonNull(this.transport);
            event.await(30000, TimeUnit.MILLISECONDS);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void waitForDone() {
        Event event = this.done;
        Objects.requireNonNull(this.transport);
        event.await(30000, TimeUnit.MILLISECONDS);
    }
}
