package net.schmizz.sshj.transport;

import com.android.tools.r8.GeneratedOutlineSupport;
import com.hierynomus.sshj.key.KeyAlgorithm;
import com.hierynomus.sshj.key.KeyAlgorithms;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.util.LinkedList;
import java.util.Objects;
import java.util.Queue;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicBoolean;
import me.zhanghai.android.fastscroll.R$dimen;
import net.schmizz.concurrent.Event;
import net.schmizz.concurrent.ExceptionChainer;
import net.schmizz.sshj.common.Buffer;
import net.schmizz.sshj.common.DisconnectReason;
import net.schmizz.sshj.common.ErrorNotifiable;
import net.schmizz.sshj.common.KeyType;
import net.schmizz.sshj.common.Message;
import net.schmizz.sshj.common.SSHException;
import net.schmizz.sshj.common.SSHPacket;
import net.schmizz.sshj.common.SSHPacketHandler;
import net.schmizz.sshj.common.SecurityUtils;
import net.schmizz.sshj.transport.TransportImpl;
import net.schmizz.sshj.transport.cipher.Cipher;
import net.schmizz.sshj.transport.compression.Compression;
import net.schmizz.sshj.transport.digest.BaseDigest;
import net.schmizz.sshj.transport.kex.AbstractDH;
import net.schmizz.sshj.transport.kex.KeyExchange;
import net.schmizz.sshj.transport.mac.BaseMAC;
import net.schmizz.sshj.transport.verification.AlgorithmsVerifier;
import net.schmizz.sshj.transport.verification.HostKeyVerifier;
import org.slf4j.Logger;

/* loaded from: classes.dex */
public final class KeyExchanger implements SSHPacketHandler, ErrorNotifiable {
    public Proposal clientProposal;
    public final Event done;
    public KeyExchange kex;
    public final Event kexInitSent;
    public final Logger log;
    public NegotiatedAlgorithms negotiatedAlgs;
    public byte[] sessionID;
    public final TransportImpl transport;
    public final Queue hostVerifiers = new LinkedList();
    public final Queue algorithmVerifiers = new LinkedList();
    public final AtomicBoolean kexOngoing = new AtomicBoolean();
    public Expected expected = Expected.KEXINIT;

    /* loaded from: classes.dex */
    public enum Expected {
        KEXINIT,
        FOLLOWUP,
        NEWKEYS
    }

    public KeyExchanger(TransportImpl transportImpl) {
        this.transport = transportImpl;
        this.log = transportImpl.config.loggerFactory.getLogger(KeyExchanger.class);
        ExceptionChainer exceptionChainer = TransportException.chainer;
        this.kexInitSent = new Event("kexinit sent", exceptionChainer, transportImpl.config.loggerFactory);
        this.done = new Event("kex done", exceptionChainer, transportImpl.writeLock, transportImpl.config.loggerFactory);
    }

    public static void ensureReceivedMatchesExpected(Message message, Message message2) {
        if (message == message2) {
            return;
        }
        throw new TransportException(DisconnectReason.PROTOCOL_ERROR, "Was expecting " + message2);
    }

    public static byte[] resizedKey(byte[] bArr, int i, BaseDigest baseDigest, BigInteger bigInteger, byte[] bArr2) {
        while (i > bArr.length) {
            Buffer.PlainBuffer plainBuffer = new Buffer.PlainBuffer();
            plainBuffer.putMPInt(bigInteger);
            plainBuffer.putRawBytes(bArr2);
            plainBuffer.putRawBytes(bArr);
            baseDigest.md.update(plainBuffer.data, 0, plainBuffer.available());
            byte[] digest = baseDigest.digest();
            byte[] bArr3 = new byte[bArr.length + digest.length];
            System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
            System.arraycopy(digest, 0, bArr3, bArr.length, digest.length);
            bArr = bArr3;
        }
        return bArr;
    }

    public final synchronized void ensureKexOngoing() {
        if (!isKexOngoing()) {
            throw new TransportException(DisconnectReason.PROTOCOL_ERROR, "Key exchange packet received when key exchange was not ongoing");
        }
    }

    @Override // net.schmizz.sshj.common.SSHPacketHandler
    public void handle(Message message, SSHPacket sSHPacket) {
        DisconnectReason disconnectReason = DisconnectReason.KEY_EXCHANGE_FAILED;
        int ordinal = this.expected.ordinal();
        if (ordinal == 0) {
            ensureReceivedMatchesExpected(message, Message.KEXINIT);
            this.log.debug("Received SSH_MSG_KEXINIT");
            startKex(false);
            Event event = this.kexInitSent;
            Objects.requireNonNull(this.transport);
            event.promise.retrieve(30000, TimeUnit.MILLISECONDS);
            sSHPacket.rpos--;
            Proposal proposal = new Proposal(sSHPacket);
            Proposal proposal2 = this.clientProposal;
            NegotiatedAlgorithms negotiatedAlgorithms = new NegotiatedAlgorithms(Proposal.firstMatch(proposal2.kex, proposal.kex), Proposal.firstMatch(proposal2.sig, proposal.sig), Proposal.firstMatch(proposal2.c2sCipher, proposal.c2sCipher), Proposal.firstMatch(proposal2.s2cCipher, proposal.s2cCipher), Proposal.firstMatch(proposal2.c2sMAC, proposal.c2sMAC), Proposal.firstMatch(proposal2.s2cMAC, proposal.s2cMAC), Proposal.firstMatch(proposal2.c2sComp, proposal.c2sComp), Proposal.firstMatch(proposal2.s2cComp, proposal.s2cComp), proposal.sig.containsAll(KeyAlgorithms.SSH_RSA_SHA2_ALGORITHMS));
            this.negotiatedAlgs = negotiatedAlgorithms;
            this.log.debug("Negotiated algorithms: {}", negotiatedAlgorithms);
            for (AlgorithmsVerifier algorithmsVerifier : this.algorithmVerifiers) {
                this.log.debug("Trying to verify algorithms with {}", algorithmsVerifier);
                if (!algorithmsVerifier.verify(this.negotiatedAlgs)) {
                    StringBuilder outline32 = GeneratedOutlineSupport.outline32("Failed to verify negotiated algorithms `");
                    outline32.append(this.negotiatedAlgs);
                    outline32.append("`");
                    throw new TransportException(disconnectReason, outline32.toString());
                }
            }
            this.kex = (KeyExchange) R$dimen.create(this.transport.config.kexFactories, this.negotiatedAlgs.kex);
            TransportImpl transportImpl = this.transport;
            transportImpl.hostKeyAlgorithm = (KeyAlgorithm) R$dimen.create(transportImpl.config.keyAlgorithms, this.negotiatedAlgs.sig);
            TransportImpl transportImpl2 = this.transport;
            transportImpl2.rsaSHA2Support = this.negotiatedAlgs.rsaSHA2Support;
            try {
                this.kex.init(transportImpl2, transportImpl2.serverID, transportImpl2.clientID, proposal.getPacket().getCompactData(), this.clientProposal.getPacket().getCompactData());
                this.expected = Expected.FOLLOWUP;
                return;
            } catch (GeneralSecurityException e) {
                throw new TransportException(disconnectReason, e);
            }
        }
        if (ordinal == 1) {
            ensureKexOngoing();
            this.log.debug("Received kex followup data");
            try {
                if (this.kex.next(message, sSHPacket)) {
                    verifyHost(((AbstractDH) this.kex).hostKey);
                    this.log.debug("Sending SSH_MSG_NEWKEYS");
                    this.transport.write(new SSHPacket(Message.NEWKEYS));
                    this.expected = Expected.NEWKEYS;
                    return;
                }
                return;
            } catch (GeneralSecurityException e2) {
                throw new TransportException(disconnectReason, e2);
            }
        }
        if (ordinal != 2) {
            return;
        }
        ensureReceivedMatchesExpected(message, Message.NEWKEYS);
        ensureKexOngoing();
        this.log.debug("Received SSH_MSG_NEWKEYS");
        AbstractDH abstractDH = (AbstractDH) this.kex;
        BaseDigest baseDigest = abstractDH.digest;
        byte[] h = abstractDH.getH();
        if (this.sessionID == null) {
            this.sessionID = h;
        }
        Buffer.PlainBuffer plainBuffer = new Buffer.PlainBuffer();
        plainBuffer.putMPInt(((AbstractDH) this.kex).dh.K);
        plainBuffer.putRawBytes(h);
        plainBuffer.putByte((byte) 0);
        plainBuffer.putRawBytes(this.sessionID);
        int available = (plainBuffer.available() - this.sessionID.length) - 1;
        byte[] bArr = plainBuffer.data;
        bArr[available] = 65;
        baseDigest.md.update(bArr, 0, plainBuffer.available());
        byte[] digest = baseDigest.digest();
        byte[] bArr2 = plainBuffer.data;
        bArr2[available] = 66;
        baseDigest.md.update(bArr2, 0, plainBuffer.available());
        byte[] digest2 = baseDigest.digest();
        byte[] bArr3 = plainBuffer.data;
        bArr3[available] = 67;
        baseDigest.md.update(bArr3, 0, plainBuffer.available());
        byte[] digest3 = baseDigest.digest();
        byte[] bArr4 = plainBuffer.data;
        bArr4[available] = 68;
        baseDigest.md.update(bArr4, 0, plainBuffer.available());
        byte[] digest4 = baseDigest.digest();
        byte[] bArr5 = plainBuffer.data;
        bArr5[available] = 69;
        baseDigest.md.update(bArr5, 0, plainBuffer.available());
        byte[] digest5 = baseDigest.digest();
        byte[] bArr6 = plainBuffer.data;
        bArr6[available] = 70;
        baseDigest.md.update(bArr6, 0, plainBuffer.available());
        byte[] digest6 = baseDigest.digest();
        Cipher cipher = (Cipher) R$dimen.create(this.transport.config.cipherFactories, this.negotiatedAlgs.c2sCipher);
        Cipher.Mode mode = Cipher.Mode.Encrypt;
        int blockSize = cipher.getBlockSize();
        AbstractDH abstractDH2 = (AbstractDH) this.kex;
        cipher.init(mode, resizedKey(digest3, blockSize, baseDigest, abstractDH2.dh.K, abstractDH2.getH()), digest);
        Cipher cipher2 = (Cipher) R$dimen.create(this.transport.config.cipherFactories, this.negotiatedAlgs.s2cCipher);
        Cipher.Mode mode2 = Cipher.Mode.Decrypt;
        int blockSize2 = cipher2.getBlockSize();
        AbstractDH abstractDH3 = (AbstractDH) this.kex;
        cipher2.init(mode2, resizedKey(digest4, blockSize2, baseDigest, abstractDH3.dh.K, abstractDH3.getH()), digest2);
        BaseMAC baseMAC = (BaseMAC) R$dimen.create(this.transport.config.macFactories, this.negotiatedAlgs.c2sMAC);
        int i = baseMAC.bsize;
        AbstractDH abstractDH4 = (AbstractDH) this.kex;
        baseMAC.init(resizedKey(digest5, i, baseDigest, abstractDH4.dh.K, abstractDH4.getH()));
        BaseMAC baseMAC2 = (BaseMAC) R$dimen.create(this.transport.config.macFactories, this.negotiatedAlgs.s2cMAC);
        int i2 = baseMAC2.bsize;
        AbstractDH abstractDH5 = (AbstractDH) this.kex;
        baseMAC2.init(resizedKey(digest6, i2, baseDigest, abstractDH5.dh.K, abstractDH5.getH()));
        Compression compression = (Compression) R$dimen.create(this.transport.config.compressionFactories, this.negotiatedAlgs.s2cComp);
        this.transport.encoder.setAlgorithms(cipher, baseMAC, (Compression) R$dimen.create(this.transport.config.compressionFactories, this.negotiatedAlgs.c2sComp));
        this.transport.decoder.setAlgorithms(cipher2, baseMAC2, compression);
        this.kexOngoing.set(false);
        this.kexInitSent.promise.clear();
        this.done.set();
        this.expected = Expected.KEXINIT;
    }

    public boolean isKexOngoing() {
        return this.kexOngoing.get();
    }

    @Override // net.schmizz.sshj.common.ErrorNotifiable
    public void notifyError(SSHException sSHException) {
        this.log.debug("Got notified of {}", sSHException.toString());
        R$dimen.alertEvents(sSHException, this.kexInitSent, this.done);
    }

    public void startKex(boolean z) {
        if (!this.kexOngoing.getAndSet(true)) {
            this.done.promise.clear();
            this.log.debug("Sending SSH_MSG_KEXINIT");
            Proposal proposal = new Proposal(this.transport.config);
            this.clientProposal = proposal;
            this.transport.write(proposal.getPacket());
            this.kexInitSent.set();
        }
        if (z) {
            Event event = this.done;
            Objects.requireNonNull(this.transport);
            event.promise.retrieve(30000, TimeUnit.MILLISECONDS);
        }
    }

    public final synchronized void verifyHost(PublicKey publicKey) {
        for (HostKeyVerifier hostKeyVerifier : this.hostVerifiers) {
            this.log.debug("Trying to verify host key with {}", hostKeyVerifier);
            TransportImpl.ConnInfo connInfo = this.transport.connInfo;
            if (hostKeyVerifier.verify(connInfo.host, connInfo.port, publicKey)) {
            }
        }
        Logger logger = this.log;
        TransportImpl.ConnInfo connInfo2 = this.transport.connInfo;
        logger.error("Disconnecting because none of the configured Host key verifiers ({}) could verify '{}' host key with fingerprint {} for {}:{}", this.hostVerifiers, KeyType.fromKey(publicKey), SecurityUtils.getFingerprint(publicKey), connInfo2.host, Integer.valueOf(connInfo2.port));
        throw new TransportException(DisconnectReason.HOST_KEY_NOT_VERIFIABLE, "Could not verify `" + KeyType.fromKey(publicKey) + "` host key with fingerprint `" + SecurityUtils.getFingerprint(publicKey) + "` for `" + this.transport.connInfo.host + "` on port " + this.transport.connInfo.port);
    }
}
