package com.trilead.ssh2.transport;

import com.trilead.ssh2.compression.CompressionFactory;
import com.trilead.ssh2.compression.ICompressor;
import com.trilead.ssh2.crypto.CryptoWishList;
import com.trilead.ssh2.crypto.KeyMaterial;
import com.trilead.ssh2.crypto.cipher.BlockCipher;
import com.trilead.ssh2.crypto.cipher.BlockCipherFactory;
import com.trilead.ssh2.crypto.dh.DhGroupExchange;
import com.trilead.ssh2.crypto.dh.GenericDhExchange;
import com.trilead.ssh2.crypto.digest.MAC;
import com.trilead.ssh2.packets.PacketKexDHInit;
import com.trilead.ssh2.packets.PacketKexDHReply;
import com.trilead.ssh2.packets.PacketKexDhGexGroup;
import com.trilead.ssh2.packets.PacketKexDhGexInit;
import com.trilead.ssh2.packets.PacketKexDhGexReply;
import com.trilead.ssh2.packets.PacketKexDhGexRequest;
import com.trilead.ssh2.packets.PacketKexDhGexRequestOld;
import com.trilead.ssh2.packets.PacketKexInit;
import com.trilead.ssh2.packets.PacketNewKeys;
import com.trilead.ssh2.signature.DSASHA1Verify;
import com.trilead.ssh2.signature.ECDSASHA2Verify;
import com.trilead.ssh2.signature.RSASHA1Verify;
import defpackage.byl;
import defpackage.byn;
import defpackage.byv;
import defpackage.bzo;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.LinkedHashSet;
import java.util.Set;

/* loaded from: classes.dex */
public class KexManager {
    private static final bzo a = bzo.a(KexManager.class);

    /* renamed from: a, reason: collision with other field name */
    private static final Set<String> f3244a;
    private static final Set<String> b;
    private static final boolean c;

    /* renamed from: a, reason: collision with other field name */
    byv f3248a;

    /* renamed from: a, reason: collision with other field name */
    CryptoWishList f3249a;

    /* renamed from: a, reason: collision with other field name */
    KeyMaterial f3250a;

    /* renamed from: a, reason: collision with other field name */
    ClientServerHello f3251a;

    /* renamed from: a, reason: collision with other field name */
    KexState f3252a;

    /* renamed from: a, reason: collision with other field name */
    final TransportManager f3253a;

    /* renamed from: a, reason: collision with other field name */
    final String f3255a;

    /* renamed from: a, reason: collision with other field name */
    final SecureRandom f3256a;

    /* renamed from: a, reason: collision with other field name */
    byte[] f3258a;

    /* renamed from: b, reason: collision with other field name */
    final int f3259b;

    /* renamed from: a, reason: collision with other field name */
    int f3245a = 0;

    /* renamed from: a, reason: collision with other field name */
    final Object f3254a = new Object();

    /* renamed from: a, reason: collision with other field name */
    byl f3246a = null;

    /* renamed from: a, reason: collision with other field name */
    boolean f3257a = false;

    /* renamed from: b, reason: collision with other field name */
    boolean f3260b = false;

    /* renamed from: a, reason: collision with other field name */
    byn f3247a = new byn();

    static {
        KeyFactory keyFactory;
        try {
            keyFactory = KeyFactory.getInstance("EC");
        } catch (NoSuchAlgorithmException e) {
            keyFactory = null;
            a.a(10, "Disabling EC support due to lack of KeyFactory");
        }
        c = keyFactory != null;
        f3244a = new LinkedHashSet();
        if (c) {
            f3244a.add("ecdsa-sha2-nistp256");
            f3244a.add("ecdsa-sha2-nistp384");
            f3244a.add("ecdsa-sha2-nistp521");
        }
        f3244a.add("ssh-rsa");
        f3244a.add("ssh-dss");
        b = new LinkedHashSet();
        if (c) {
            b.add("ecdh-sha2-nistp256");
            b.add("ecdh-sha2-nistp384");
            b.add("ecdh-sha2-nistp521");
        }
        b.add("diffie-hellman-group-exchange-sha256");
        b.add("diffie-hellman-group-exchange-sha1");
        b.add("diffie-hellman-group14-sha1");
        b.add("diffie-hellman-group1-sha1");
    }

    public KexManager(TransportManager transportManager, ClientServerHello clientServerHello, CryptoWishList cryptoWishList, String str, int i, byv byvVar, SecureRandom secureRandom) {
        this.f3253a = transportManager;
        this.f3251a = clientServerHello;
        this.f3249a = cryptoWishList;
        this.f3255a = str;
        this.f3259b = i;
        this.f3248a = byvVar;
        this.f3256a = secureRandom;
    }

    private NegotiatedParameters a(KexParameters kexParameters, KexParameters kexParameters2) {
        NegotiatedParameters negotiatedParameters = new NegotiatedParameters();
        try {
            negotiatedParameters.a = a(kexParameters.f3263a, kexParameters2.f3263a);
            a.a(20, "kex_algo=" + negotiatedParameters.a);
            negotiatedParameters.b = a(kexParameters.b, kexParameters2.b);
            a.a(20, "server_host_key_algo=" + negotiatedParameters.b);
            negotiatedParameters.c = a(kexParameters.c, kexParameters2.c);
            negotiatedParameters.d = a(kexParameters.d, kexParameters2.d);
            a.a(20, "enc_algo_client_to_server=" + negotiatedParameters.c);
            a.a(20, "enc_algo_server_to_client=" + negotiatedParameters.d);
            negotiatedParameters.e = a(kexParameters.e, kexParameters2.e);
            negotiatedParameters.f = a(kexParameters.f, kexParameters2.f);
            a.a(20, "mac_algo_client_to_server=" + negotiatedParameters.e);
            a.a(20, "mac_algo_server_to_client=" + negotiatedParameters.f);
            negotiatedParameters.g = a(kexParameters.g, kexParameters2.g);
            negotiatedParameters.h = a(kexParameters.h, kexParameters2.h);
            a.a(20, "comp_algo_client_to_server=" + negotiatedParameters.g);
            a.a(20, "comp_algo_server_to_client=" + negotiatedParameters.h);
            try {
                negotiatedParameters.i = a(kexParameters.i, kexParameters2.i);
            } catch (NegotiateException e) {
                negotiatedParameters.i = null;
            }
            try {
                negotiatedParameters.j = a(kexParameters.j, kexParameters2.j);
            } catch (NegotiateException e2) {
                negotiatedParameters.j = null;
            }
            if (!m1143a(kexParameters, kexParameters2)) {
                return negotiatedParameters;
            }
            negotiatedParameters.f3273a = true;
            return negotiatedParameters;
        } catch (NegotiateException e3) {
            return null;
        }
    }

    private String a(String[] strArr, String[] strArr2) {
        if (strArr == null || strArr2 == null) {
            throw new IllegalArgumentException();
        }
        if (strArr.length == 0) {
            return null;
        }
        for (int i = 0; i < strArr.length; i++) {
            for (String str : strArr2) {
                if (strArr[i].equals(str)) {
                    return strArr[i];
                }
            }
        }
        throw new NegotiateException();
    }

    private void a() {
        if (this.f3258a == null) {
            this.f3258a = this.f3252a.f3271a;
        }
        m1142a();
        this.f3253a.a(new PacketNewKeys().a());
        try {
            BlockCipher a2 = BlockCipherFactory.a(this.f3252a.f3268a.c, true, this.f3250a.c, this.f3250a.a);
            MAC mac = new MAC(this.f3252a.f3268a.e, this.f3250a.e);
            ICompressor m1116a = CompressionFactory.m1116a(this.f3252a.f3268a.g);
            this.f3253a.b(a2, mac);
            this.f3253a.b(m1116a);
            this.f3253a.m1149a();
        } catch (IllegalArgumentException e) {
            throw new IOException("Fatal error during MAC startup!");
        }
    }

    /* renamed from: a, reason: collision with other method in class */
    private boolean m1142a() {
        try {
            int a2 = MAC.a(this.f3252a.f3268a.e);
            int b2 = BlockCipherFactory.b(this.f3252a.f3268a.c);
            int a3 = BlockCipherFactory.a(this.f3252a.f3268a.c);
            int a4 = MAC.a(this.f3252a.f3268a.f);
            this.f3250a = KeyMaterial.a(this.f3252a.f3269a, this.f3252a.f3271a, this.f3252a.f3270a, this.f3258a, b2, a3, a2, BlockCipherFactory.b(this.f3252a.f3268a.d), BlockCipherFactory.a(this.f3252a.f3268a.d), a4);
            return true;
        } catch (IllegalArgumentException e) {
            return false;
        }
    }

    /* renamed from: a, reason: collision with other method in class */
    private boolean m1143a(KexParameters kexParameters, KexParameters kexParameters2) {
        if (kexParameters == null || kexParameters2 == null) {
            throw new IllegalArgumentException();
        }
        return m1144a(kexParameters.f3263a, kexParameters2.f3263a) && m1144a(kexParameters.b, kexParameters2.b);
    }

    private boolean a(byte[] bArr, byte[] bArr2) {
        if (this.f3252a.f3268a.b.startsWith("ecdsa-sha2-")) {
            byte[] m1140a = ECDSASHA2Verify.m1140a(bArr);
            ECPublicKey a2 = ECDSASHA2Verify.a(bArr2);
            a.a(50, "Verifying ecdsa signature");
            return ECDSASHA2Verify.a(this.f3252a.f3271a, m1140a, a2);
        }
        if (this.f3252a.f3268a.b.equals("ssh-rsa")) {
            byte[] m1141a = RSASHA1Verify.m1141a(bArr);
            RSAPublicKey a3 = RSASHA1Verify.a(bArr2);
            a.a(50, "Verifying ssh-rsa signature");
            return RSASHA1Verify.a(this.f3252a.f3271a, m1141a, a3);
        }
        if (!this.f3252a.f3268a.b.equals("ssh-dss")) {
            throw new IOException("Unknown server host key algorithm '" + this.f3252a.f3268a.b + "'");
        }
        byte[] b2 = DSASHA1Verify.b(bArr);
        DSAPublicKey a4 = DSASHA1Verify.a(bArr2);
        a.a(50, "Verifying ssh-dss signature");
        return DSASHA1Verify.a(this.f3252a.f3271a, b2, a4);
    }

    /* renamed from: a, reason: collision with other method in class */
    private boolean m1144a(String[] strArr, String[] strArr2) {
        if (strArr == null || strArr2 == null) {
            throw new IllegalArgumentException();
        }
        if (strArr.length == 0 && strArr2.length == 0) {
            return true;
        }
        if (strArr.length == 0 || strArr2.length == 0) {
            return false;
        }
        return strArr[0].equals(strArr2[0]);
    }

    /* renamed from: a, reason: collision with other method in class */
    public static final String[] m1145a() {
        return (String[]) f3244a.toArray(new String[f3244a.size()]);
    }

    public static final String[] b() {
        return (String[]) b.toArray(new String[b.size()]);
    }

    public byl a(int i) {
        byl bylVar;
        synchronized (this.f3254a) {
            while (true) {
                if (this.f3246a != null && this.f3246a.a >= i) {
                    bylVar = this.f3246a;
                } else {
                    if (this.f3257a) {
                        throw ((IOException) new IOException("Key exchange was not finished, connection is closed.").initCause(this.f3253a.m1148a()));
                    }
                    try {
                        this.f3254a.wait();
                    } catch (InterruptedException e) {
                    }
                }
            }
        }
        return bylVar;
    }

    public synchronized void a(CryptoWishList cryptoWishList, byn bynVar) {
        this.f3249a = cryptoWishList;
        this.f3247a = bynVar;
        if (this.f3252a == null) {
            this.f3252a = new KexState();
            this.f3252a.f3264a = this.f3247a;
            PacketKexInit packetKexInit = new PacketKexInit(this.f3249a);
            this.f3252a.f3267a = packetKexInit;
            this.f3253a.a(packetKexInit.m1128a());
        }
    }

    public synchronized void a(byte[] bArr, int i) {
        if (bArr == null) {
            synchronized (this.f3254a) {
                this.f3257a = true;
                this.f3254a.notifyAll();
            }
        } else {
            if (this.f3252a == null && bArr[0] != 20) {
                throw new IOException("Unexpected KEX message (type " + ((int) bArr[0]) + ")");
            }
            if (this.f3260b) {
                this.f3260b = false;
            } else if (bArr[0] == 20) {
                if (this.f3252a != null && this.f3252a.a != 0) {
                    throw new IOException("Unexpected SSH_MSG_KEXINIT message during on-going kex exchange!");
                }
                if (this.f3252a == null) {
                    this.f3252a = new KexState();
                    this.f3252a.f3264a = this.f3247a;
                    PacketKexInit packetKexInit = new PacketKexInit(this.f3249a);
                    this.f3252a.f3267a = packetKexInit;
                    this.f3253a.a(packetKexInit.m1128a());
                }
                this.f3252a.b = new PacketKexInit(bArr, 0, i);
                this.f3252a.f3268a = a(this.f3252a.f3267a.a(), this.f3252a.b.a());
                if (this.f3252a.f3268a == null) {
                    throw new IOException("Cannot negotiate, proposals do not match.");
                }
                if (this.f3252a.b.m1127a() && !this.f3252a.f3268a.f3273a) {
                    this.f3260b = true;
                }
                if (this.f3252a.f3268a.a.equals("diffie-hellman-group-exchange-sha1") || this.f3252a.f3268a.a.equals("diffie-hellman-group-exchange-sha256")) {
                    if (this.f3252a.f3264a.b() == 0 || this.f3251a.c.matches("OpenSSH_2\\.([0-4]\\.|5\\.[0-2]).*")) {
                        this.f3253a.a(new PacketKexDhGexRequestOld(this.f3252a.f3264a).a());
                    } else {
                        this.f3253a.a(new PacketKexDhGexRequest(this.f3252a.f3264a).a());
                    }
                    if (this.f3252a.f3268a.a.endsWith("sha1")) {
                        this.f3252a.f3269a = "SHA1";
                    } else {
                        this.f3252a.f3269a = "SHA-256";
                    }
                    this.f3252a.a = 1;
                } else {
                    if (!this.f3252a.f3268a.a.equals("diffie-hellman-group1-sha1") && !this.f3252a.f3268a.a.equals("diffie-hellman-group14-sha1") && !this.f3252a.f3268a.a.equals("ecdh-sha2-nistp256") && !this.f3252a.f3268a.a.equals("ecdh-sha2-nistp384") && !this.f3252a.f3268a.a.equals("ecdh-sha2-nistp521")) {
                        throw new IllegalStateException("Unknown KEX method!");
                    }
                    this.f3252a.f3266a = GenericDhExchange.a(this.f3252a.f3268a.a);
                    this.f3252a.f3266a.mo1122a(this.f3252a.f3268a.a);
                    this.f3252a.f3269a = this.f3252a.f3266a.a();
                    this.f3253a.a(new PacketKexDHInit(this.f3252a.f3266a.mo1120a()).a());
                    this.f3252a.a = 1;
                }
            } else if (bArr[0] == 21) {
                if (this.f3250a == null) {
                    throw new IOException("Peer sent SSH_MSG_NEWKEYS, but I have no key material ready!");
                }
                try {
                    BlockCipher a2 = BlockCipherFactory.a(this.f3252a.f3268a.d, false, this.f3250a.d, this.f3250a.b);
                    MAC mac = new MAC(this.f3252a.f3268a.f, this.f3250a.f);
                    ICompressor m1116a = CompressionFactory.m1116a(this.f3252a.f3268a.h);
                    this.f3253a.a(a2, mac);
                    this.f3253a.a(m1116a);
                    byl bylVar = new byl();
                    this.f3245a++;
                    bylVar.f2371a = this.f3252a.f3268a.a;
                    bylVar.a = this.f3245a;
                    bylVar.b = this.f3252a.f3268a.c;
                    bylVar.c = this.f3252a.f3268a.d;
                    bylVar.d = this.f3252a.f3268a.e;
                    bylVar.e = this.f3252a.f3268a.f;
                    bylVar.f = this.f3252a.f3268a.b;
                    bylVar.f2372a = this.f3252a.f3272b;
                    synchronized (this.f3254a) {
                        this.f3246a = bylVar;
                        this.f3254a.notifyAll();
                    }
                    this.f3252a = null;
                } catch (IllegalArgumentException e) {
                    throw new IOException("Fatal error during MAC startup!");
                }
            } else {
                if (this.f3252a == null || this.f3252a.a == 0) {
                    throw new IOException("Unexpected Kex submessage!");
                }
                if (this.f3252a.f3268a.a.equals("diffie-hellman-group-exchange-sha1") || this.f3252a.f3268a.a.equals("diffie-hellman-group-exchange-sha256")) {
                    if (this.f3252a.a == 1) {
                        PacketKexDhGexGroup packetKexDhGexGroup = new PacketKexDhGexGroup(bArr, 0, i);
                        this.f3252a.f3265a = new DhGroupExchange(packetKexDhGexGroup.b(), packetKexDhGexGroup.a());
                        this.f3252a.f3265a.a(this.f3256a);
                        this.f3253a.a(new PacketKexDhGexInit(this.f3252a.f3265a.a()).a());
                        this.f3252a.a = 2;
                    } else {
                        if (this.f3252a.a != 2) {
                            throw new IllegalStateException("Illegal State in KEX Exchange!");
                        }
                        PacketKexDhGexReply packetKexDhGexReply = new PacketKexDhGexReply(bArr, 0, i);
                        this.f3252a.f3272b = packetKexDhGexReply.m1126a();
                        if (this.f3248a != null) {
                            try {
                                if (!this.f3248a.a(this.f3255a, this.f3259b, this.f3252a.f3268a.b, this.f3252a.f3272b)) {
                                    throw new IOException("The server hostkey was not accepted by the verifier callback");
                                }
                            } catch (Exception e2) {
                                throw ((IOException) new IOException("The server hostkey was not accepted by the verifier callback.").initCause(e2));
                            }
                        }
                        this.f3252a.f3265a.a(packetKexDhGexReply.a());
                        try {
                            this.f3252a.f3271a = this.f3252a.f3265a.a(this.f3252a.f3269a, this.f3251a.a(), this.f3251a.b(), this.f3252a.f3267a.m1128a(), this.f3252a.b.m1128a(), packetKexDhGexReply.m1126a(), this.f3252a.f3264a);
                            if (!a(packetKexDhGexReply.b(), this.f3252a.f3272b)) {
                                throw new IOException("Hostkey signature sent by remote is wrong!");
                            }
                            this.f3252a.f3270a = this.f3252a.f3265a.b();
                            a();
                            this.f3252a.a = -1;
                        } catch (IllegalArgumentException e3) {
                            throw ((IOException) new IOException("KEX error.").initCause(e3));
                        }
                    }
                } else {
                    if ((!this.f3252a.f3268a.a.equals("diffie-hellman-group1-sha1") && !this.f3252a.f3268a.a.equals("diffie-hellman-group14-sha1") && !this.f3252a.f3268a.a.equals("ecdh-sha2-nistp256") && !this.f3252a.f3268a.a.equals("ecdh-sha2-nistp384") && !this.f3252a.f3268a.a.equals("ecdh-sha2-nistp521")) || this.f3252a.a != 1) {
                        throw new IllegalStateException("Unkown KEX method! (" + this.f3252a.f3268a.a + ")");
                    }
                    PacketKexDHReply packetKexDHReply = new PacketKexDHReply(bArr, 0, i);
                    this.f3252a.f3272b = packetKexDHReply.b();
                    if (this.f3248a != null) {
                        try {
                            if (!this.f3248a.a(this.f3255a, this.f3259b, this.f3252a.f3268a.b, this.f3252a.f3272b)) {
                                throw new IOException("The server hostkey was not accepted by the verifier callback");
                            }
                        } catch (Exception e4) {
                            throw ((IOException) new IOException("The server hostkey was not accepted by the verifier callback.").initCause(e4));
                        }
                    }
                    this.f3252a.f3266a.a(packetKexDHReply.a());
                    try {
                        this.f3252a.f3271a = this.f3252a.f3266a.a(this.f3251a.a(), this.f3251a.b(), this.f3252a.f3267a.m1128a(), this.f3252a.b.m1128a(), packetKexDHReply.b());
                        if (!a(packetKexDHReply.c(), this.f3252a.f3272b)) {
                            throw new IOException("Hostkey signature sent by remote is wrong!");
                        }
                        this.f3252a.f3270a = this.f3252a.f3266a.m1121a();
                        a();
                        this.f3252a.a = -1;
                    } catch (IllegalArgumentException e5) {
                        throw ((IOException) new IOException("KEX error.").initCause(e5));
                    }
                }
            }
        }
    }
}
