package com.sshtools.client.components;

import com.sshtools.client.SshClientContext;
import com.sshtools.client.SshKeyExchangeClient;
import com.sshtools.common.logger.Log;
import com.sshtools.common.ssh.SecurityLevel;
import com.sshtools.common.ssh.SshException;
import com.sshtools.common.ssh.SshIOException;
import com.sshtools.common.ssh.components.DiffieHellmanGroups;
import com.sshtools.common.ssh.components.Digest;
import com.sshtools.common.ssh.components.SshPrivateKey;
import com.sshtools.common.ssh.components.SshPublicKey;
import com.sshtools.common.ssh.components.jce.JCEAlgorithms;
import com.sshtools.common.ssh.components.jce.JCEComponentManager;
import com.sshtools.common.ssh.components.jce.JCEProvider;
import com.sshtools.common.sshd.SshMessage;
import com.sshtools.common.util.ByteArrayReader;
import com.sshtools.common.util.UnsignedInteger32;
import com.sshtools.synergy.ssh.SshTransport;
import com.sshtools.synergy.ssh.components.jce.AbstractKeyExchange;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import javax.crypto.KeyAgreement;
import javax.crypto.interfaces.DHPublicKey;
import javax.crypto.spec.DHParameterSpec;
import javax.crypto.spec.DHPublicKeySpec;
import kotlin.jvm.internal.ByteCompanionObject;

/* loaded from: classes.dex */
public class DiffieHellmanGroupExchange extends SshKeyExchangeClient implements AbstractKeyExchange {
    static final int SSH_MSG_KEY_DH_GEX_GROUP = 31;
    static final int SSH_MSG_KEY_DH_GEX_INIT = 32;
    static final int SSH_MSG_KEY_DH_GEX_REPLY = 33;
    static final int SSH_MSG_KEY_DH_GEX_REQUEST = 34;
    static final int SSH_MSG_KEY_DH_GEX_REQUEST_OLD = 30;
    KeyAgreement dhKeyAgreement;
    KeyFactory dhKeyFactory;
    KeyPair dhKeyPair;
    KeyPairGenerator dhKeyPairGen;
    BigInteger e;
    BigInteger f;
    BigInteger g;
    String hashAlgorithm;
    String kexAlgorithm;
    UnsignedInteger32 max;
    UnsignedInteger32 min;
    UnsignedInteger32 n;
    BigInteger p;
    BigInteger x;
    BigInteger y;
    static final BigInteger ONE = BigInteger.valueOf(1);
    static final BigInteger TWO = BigInteger.valueOf(2);
    static int maxSupportedSize = -1;
    static int minSupportedSize = -1;

    public DiffieHellmanGroupExchange(String str, String str2, SecurityLevel securityLevel, int i) {
        super(str2, securityLevel, i);
        this.g = null;
        this.p = null;
        this.e = null;
        this.f = null;
        this.y = null;
        this.x = null;
        this.min = null;
        this.n = null;
        this.max = null;
        this.kexAlgorithm = str;
    }

    private void calculateE() throws SshException, NoSuchAlgorithmException {
        if (Log.isDebugEnabled()) {
            if (Boolean.getBoolean("maverick.dhBypassJCE")) {
                Log.debug("Performing DH e parameter calculation manually because it has been forced by system configuration", new Object[0]);
            } else {
                Log.debug("Performing DH e parameter calculation manually because P bit length is not multiple of 64 [{}]", Integer.valueOf(this.p.bitLength()));
            }
        }
        int i = 3;
        while (i != 0) {
            i--;
            SecureRandom secureRandom = JCEComponentManager.getSecureRandom();
            BigInteger bigInteger = new BigInteger((int) ((((this.p.subtract(BigInteger.ONE).divide(new BigInteger("2")).bitLength() - r4) + 1) * secureRandom.nextFloat()) + this.g.bitLength()), secureRandom);
            this.x = bigInteger;
            BigInteger modPow = this.g.modPow(bigInteger, this.p);
            this.e = modPow;
            BigInteger bigInteger2 = ONE;
            if (modPow.compareTo(bigInteger2) >= 0 && this.e.compareTo(this.p.subtract(bigInteger2)) <= 0) {
                return;
            }
        }
        this.transport.disconnect(3, "Failed to generate key exchange value");
        throw new SshException("Key exchange failed to generate e value", 5);
    }

    private void calculateEwithJCE() throws SshException, InvalidKeyException {
        int i = 3;
        while (i != 0) {
            i--;
            try {
                this.dhKeyPairGen.initialize(new DHParameterSpec(this.p, this.g));
                KeyPair generateKeyPair = this.dhKeyPairGen.generateKeyPair();
                this.dhKeyAgreement.init(generateKeyPair.getPrivate());
                BigInteger y = ((DHPublicKey) generateKeyPair.getPublic()).getY();
                this.e = y;
                BigInteger bigInteger = ONE;
                if (y.compareTo(bigInteger) >= 0 && this.e.compareTo(this.p.subtract(bigInteger)) <= 0) {
                    return;
                }
            } catch (InvalidAlgorithmParameterException e) {
                throw new SshException("Failed to generate DH value: " + e.getMessage(), 16, e);
            }
        }
        this.transport.disconnect(3, "Failed to generate key exchange value");
        throw new SshException("Key exchange failed to generate e value", 5);
    }

    private void calculateK() {
        this.secret = this.f.modPow(this.x, this.p);
    }

    private void calculateKwithJCE() throws InvalidKeySpecException, InvalidKeyException, IllegalStateException {
        this.dhKeyAgreement.doPhase((DHPublicKey) this.dhKeyFactory.generatePublic(new DHPublicKeySpec(this.f, this.p, this.g)), true);
        byte[] generateSecret = this.dhKeyAgreement.generateSecret();
        if ((generateSecret[0] & ByteCompanionObject.MIN_VALUE) == 128) {
            byte[] bArr = new byte[generateSecret.length + 1];
            System.arraycopy(generateSecret, 0, bArr, 1, generateSecret.length);
            generateSecret = bArr;
        }
        this.secret = new BigInteger(generateSecret);
    }

    private void initCrypto() throws NoSuchAlgorithmException {
        this.dhKeyFactory = JCEProvider.getProviderForAlgorithm(JCEAlgorithms.JCE_DH) == null ? KeyFactory.getInstance(JCEAlgorithms.JCE_DH) : KeyFactory.getInstance(JCEAlgorithms.JCE_DH, JCEProvider.getProviderForAlgorithm(JCEAlgorithms.JCE_DH));
        this.dhKeyPairGen = JCEProvider.getProviderForAlgorithm(JCEAlgorithms.JCE_DH) == null ? KeyPairGenerator.getInstance(JCEAlgorithms.JCE_DH) : KeyPairGenerator.getInstance(JCEAlgorithms.JCE_DH, JCEProvider.getProviderForAlgorithm(JCEAlgorithms.JCE_DH));
        this.dhKeyAgreement = JCEProvider.getProviderForAlgorithm(JCEAlgorithms.JCE_DH) == null ? KeyAgreement.getInstance(JCEAlgorithms.JCE_DH) : KeyAgreement.getInstance(JCEAlgorithms.JCE_DH, JCEProvider.getProviderForAlgorithm(JCEAlgorithms.JCE_DH));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public int maybeLog(String str, int i) {
        if (Log.isDebugEnabled()) {
            Log.debug("{} size is {}", str, Integer.valueOf(i));
        }
        return i;
    }

    private void verifyDHPrimeThresholds() {
        if (minSupportedSize == -1) {
            Provider provider = this.dhKeyAgreement.getProvider();
            if (provider != null && provider.getName().equals("BC")) {
                minSupportedSize = 1024;
                maxSupportedSize = 8192;
                if (Log.isInfoEnabled()) {
                    Log.info("Using BC for DH; prime range is {} to {} bits", Integer.valueOf(minSupportedSize), Integer.valueOf(maxSupportedSize));
                    return;
                }
                return;
            }
            for (BigInteger bigInteger : DiffieHellmanGroups.allDefaultGroups()) {
                try {
                    this.dhKeyPairGen.initialize(new DHParameterSpec(bigInteger, TWO));
                    this.dhKeyAgreement.init(this.dhKeyPairGen.generateKeyPair().getPrivate());
                    if (minSupportedSize == -1) {
                        minSupportedSize = bigInteger.bitLength();
                    }
                    maxSupportedSize = bigInteger.bitLength();
                } catch (Exception e) {
                    Log.warn("DH prime size {} will not be supported because {}", Integer.valueOf(bigInteger.bitLength()), e.getMessage());
                }
            }
            int i = maxSupportedSize;
            if (i == -1) {
                throw new IllegalStateException("The diffie hellman algorithm does not appear to be configured correctly on this machine");
            }
            if (i < 2048) {
                throw new IllegalStateException(String.format("The maximum supported DH prime is %d bits which is smaller than this algorithm requires", Integer.valueOf(maxSupportedSize)));
            }
            if (Log.isInfoEnabled()) {
                Log.info("The supported DH prime range is {} to {} bits", Integer.valueOf(minSupportedSize), Integer.valueOf(maxSupportedSize));
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.sshtools.client.SshKeyExchangeClient
    public void calculateExchangeHash() throws SshException {
        Digest componentFactory = this.transport.getContext().getComponentManager().supportedDigests().getInstance(getHashAlgorithm());
        componentFactory.putString(this.clientId);
        componentFactory.putString(this.serverId);
        componentFactory.putInt(this.clientKexInit.length);
        componentFactory.putBytes(this.clientKexInit);
        componentFactory.putInt(this.serverKexInit.length);
        componentFactory.putBytes(this.serverKexInit);
        componentFactory.putInt(this.hostKey.length);
        componentFactory.putBytes(this.hostKey);
        componentFactory.putInt(this.min.intValue());
        componentFactory.putInt(this.n.intValue());
        componentFactory.putInt(this.max.intValue());
        componentFactory.putBigInteger(this.p);
        componentFactory.putBigInteger(this.g);
        componentFactory.putBigInteger(this.e);
        componentFactory.putBigInteger(this.f);
        componentFactory.putBigInteger(this.secret);
        this.exchangeHash = componentFactory.doFinal();
    }

    public boolean exchangeGroup(ByteArrayReader byteArrayReader) throws SshException, IOException {
        if (byteArrayReader.read() != 31) {
            return false;
        }
        this.p = byteArrayReader.readBigInteger();
        this.g = byteArrayReader.readBigInteger();
        if (Log.isDebugEnabled()) {
            Log.debug("Received {} bit DH prime with group {}", Integer.valueOf(this.p.bitLength()), this.g.toString(16));
        }
        if (this.p.bitLength() > maxSupportedSize) {
            throw new SshException(String.format("Server sent a prime larger than our configuration can handle! p=%d, max=%d", Integer.valueOf(this.p.bitLength()), Integer.valueOf(maxSupportedSize)), 5);
        }
        if (this.g.compareTo(BigInteger.ONE) <= 0) {
            throw new SshException("Invalid DH g value [" + this.g.toString(16) + "]", 3);
        }
        if (this.p.bitLength() < Math.max(this.min.longValue(), 1024L)) {
            throw new SshException("Minimum DH p value not provided [" + this.p.bitLength() + "]", 3);
        }
        if (!Boolean.getBoolean("maverick.dhBypassJCE") && this.p.bitLength() % 64 == 0) {
            calculateEwithJCE();
            final byte[] byteArray = this.e.toByteArray();
            this.transport.postMessage(new SshMessage() { // from class: com.sshtools.client.components.DiffieHellmanGroupExchange.2
                @Override // com.sshtools.common.sshd.SshMessage
                public void messageSent(Long l) {
                    if (Log.isDebugEnabled()) {
                        Log.debug("Sent SSH_MSG_KEXDH_INIT", new Object[0]);
                    }
                }

                @Override // com.sshtools.common.sshd.SshMessage
                public boolean writeMessageIntoBuffer(ByteBuffer byteBuffer) {
                    byteBuffer.put((byte) 32);
                    byteBuffer.putInt(byteArray.length);
                    byteBuffer.put(byteArray);
                    return true;
                }
            }, true);
            return true;
        }
        calculateE();
        final byte[] byteArray2 = this.e.toByteArray();
        this.transport.postMessage(new SshMessage() { // from class: com.sshtools.client.components.DiffieHellmanGroupExchange.2
            @Override // com.sshtools.common.sshd.SshMessage
            public void messageSent(Long l) {
                if (Log.isDebugEnabled()) {
                    Log.debug("Sent SSH_MSG_KEXDH_INIT", new Object[0]);
                }
            }

            @Override // com.sshtools.common.sshd.SshMessage
            public boolean writeMessageIntoBuffer(ByteBuffer byteBuffer) {
                byteBuffer.put((byte) 32);
                byteBuffer.putInt(byteArray2.length);
                byteBuffer.put(byteArray2);
                return true;
            }
        }, true);
        return true;
    }

    @Override // com.sshtools.synergy.ssh.components.SshKeyExchange, com.sshtools.common.ssh.components.SshComponent, com.sshtools.common.ssh.SecureComponent
    public String getAlgorithm() {
        return this.kexAlgorithm;
    }

    @Override // com.sshtools.synergy.ssh.components.SshKeyExchange
    public String getProvider() {
        KeyAgreement keyAgreement = this.dhKeyAgreement;
        return keyAgreement != null ? keyAgreement.getProvider().getName() : "";
    }

    @Override // com.sshtools.synergy.ssh.components.SshKeyExchange
    public void init(SshTransport<SshClientContext> sshTransport, String str, String str2, byte[] bArr, byte[] bArr2, SshPrivateKey sshPrivateKey, SshPublicKey sshPublicKey, boolean z, boolean z2) throws IOException, SshException {
        init(sshTransport, str, str2, bArr, bArr2, z, z2);
    }

    public void init(final SshTransport<SshClientContext> sshTransport, String str, String str2, byte[] bArr, byte[] bArr2, boolean z, boolean z2) throws IOException {
        this.clientId = str;
        this.serverId = str2;
        this.clientKexInit = bArr;
        this.serverKexInit = bArr2;
        this.firstPacketFollows = z;
        this.useFirstPacket = z2;
        this.transport = sshTransport;
        try {
            initCrypto();
            verifyDHPrimeThresholds();
            sshTransport.postMessage(new SshMessage() { // from class: com.sshtools.client.components.DiffieHellmanGroupExchange.1
                @Override // com.sshtools.common.sshd.SshMessage
                public void messageSent(Long l) {
                    if (Log.isDebugEnabled()) {
                        Log.debug("Sent SSH_MSG_KEY_DH_GEX_REQUEST", new Object[0]);
                    }
                }

                @Override // com.sshtools.common.sshd.SshMessage
                public boolean writeMessageIntoBuffer(ByteBuffer byteBuffer) {
                    int maybeLog = DiffieHellmanGroupExchange.this.maybeLog("Minimum DH prime", Math.min(DiffieHellmanGroupExchange.maxSupportedSize, Math.max(((SshClientContext) sshTransport.getContext()).getMinDHGroupExchangeKeySize(), 1024)));
                    int maybeLog2 = DiffieHellmanGroupExchange.this.maybeLog("Preferred DH prime", Math.min(DiffieHellmanGroupExchange.maxSupportedSize, ((SshClientContext) sshTransport.getContext()).getPreferredDHGroupExchangeKeySize()));
                    int maybeLog3 = DiffieHellmanGroupExchange.this.maybeLog("Maximum DH prime", Math.min(DiffieHellmanGroupExchange.maxSupportedSize, ((SshClientContext) sshTransport.getContext()).getMaxDHGroupExchangeKeySize()));
                    byteBuffer.put((byte) 34);
                    byteBuffer.putInt(maybeLog);
                    DiffieHellmanGroupExchange.this.min = new UnsignedInteger32(maybeLog);
                    byteBuffer.putInt(maybeLog2);
                    DiffieHellmanGroupExchange.this.n = new UnsignedInteger32(maybeLog2);
                    byteBuffer.putInt(maybeLog3);
                    DiffieHellmanGroupExchange.this.max = new UnsignedInteger32(maybeLog3);
                    return true;
                }
            }, true);
        } catch (NoSuchAlgorithmException unused) {
            throw new SshIOException(new SshException("JCE does not support Diffie Hellman key exchange", 16));
        }
    }

    public boolean isKeyExchangeMessage(int i) {
        switch (i) {
            case 30:
            case 31:
            case 32:
            case 33:
            case 34:
                return true;
            default:
                return false;
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:34:0x00e7 A[Catch: Exception -> 0x014a, all -> 0x0154, TryCatch #1 {Exception -> 0x014a, blocks: (B:15:0x0028, B:17:0x0042, B:18:0x00a2, B:20:0x00a8, B:21:0x00af, B:23:0x00ba, B:25:0x00c0, B:26:0x00c7, B:28:0x00cf, B:31:0x00da, B:32:0x00e1, B:34:0x00e7, B:35:0x00ee, B:37:0x00f8, B:39:0x00fe, B:40:0x0105, B:42:0x010e, B:43:0x0115, B:46:0x011e, B:47:0x0133, B:48:0x00de, B:49:0x0134, B:50:0x0149), top: B:14:0x0028, outer: #0 }] */
    /* JADX WARN: Removed duplicated region for block: B:37:0x00f8 A[Catch: Exception -> 0x014a, all -> 0x0154, TryCatch #1 {Exception -> 0x014a, blocks: (B:15:0x0028, B:17:0x0042, B:18:0x00a2, B:20:0x00a8, B:21:0x00af, B:23:0x00ba, B:25:0x00c0, B:26:0x00c7, B:28:0x00cf, B:31:0x00da, B:32:0x00e1, B:34:0x00e7, B:35:0x00ee, B:37:0x00f8, B:39:0x00fe, B:40:0x0105, B:42:0x010e, B:43:0x0115, B:46:0x011e, B:47:0x0133, B:48:0x00de, B:49:0x0134, B:50:0x0149), top: B:14:0x0028, outer: #0 }] */
    /* JADX WARN: Removed duplicated region for block: B:46:0x011e A[Catch: Exception -> 0x014a, all -> 0x0154, TRY_ENTER, TryCatch #1 {Exception -> 0x014a, blocks: (B:15:0x0028, B:17:0x0042, B:18:0x00a2, B:20:0x00a8, B:21:0x00af, B:23:0x00ba, B:25:0x00c0, B:26:0x00c7, B:28:0x00cf, B:31:0x00da, B:32:0x00e1, B:34:0x00e7, B:35:0x00ee, B:37:0x00f8, B:39:0x00fe, B:40:0x0105, B:42:0x010e, B:43:0x0115, B:46:0x011e, B:47:0x0133, B:48:0x00de, B:49:0x0134, B:50:0x0149), top: B:14:0x0028, outer: #0 }] */
    @Override // com.sshtools.client.SshKeyExchangeClient, com.sshtools.synergy.ssh.components.SshKeyExchange
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public boolean processMessage(byte[] r9) throws com.sshtools.common.ssh.SshException, java.io.IOException {
        /*
            Method dump skipped, instructions count: 345
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.sshtools.client.components.DiffieHellmanGroupExchange.processMessage(byte[]):boolean");
    }

    @Override // com.sshtools.synergy.ssh.components.SshKeyExchange
    public void test() throws IOException, SshException {
        try {
            initCrypto();
        } catch (Exception e) {
            throw new IOException(e.getMessage(), e);
        }
    }
}
