package net.schmizz.sshj.transport;

import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Queue;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicBoolean;
import net.schmizz.concurrent.ErrorDeliveryUtil;
import net.schmizz.concurrent.Event;
import net.schmizz.concurrent.ExceptionChainer;
import net.schmizz.sshj.common.Buffer;
import net.schmizz.sshj.common.DisconnectReason;
import net.schmizz.sshj.common.ErrorNotifiable;
import net.schmizz.sshj.common.Factory;
import net.schmizz.sshj.common.KeyType;
import net.schmizz.sshj.common.Message;
import net.schmizz.sshj.common.SSHException;
import net.schmizz.sshj.common.SSHPacket;
import net.schmizz.sshj.common.SSHPacketHandler;
import net.schmizz.sshj.common.SecurityUtils;
import net.schmizz.sshj.transport.cipher.Cipher;
import net.schmizz.sshj.transport.compression.Compression;
import net.schmizz.sshj.transport.digest.Digest;
import net.schmizz.sshj.transport.kex.KeyExchange;
import net.schmizz.sshj.transport.mac.MAC;
import net.schmizz.sshj.transport.verification.AlgorithmsVerifier;
import net.schmizz.sshj.transport.verification.HostKeyVerifier;

/* loaded from: classes.dex */
public final class KeyExchanger implements SSHPacketHandler, ErrorNotifiable {
    public static String H5;
    static final /* synthetic */ boolean I5 = false;
    private KeyExchange B5;
    private byte[] C5;
    private f D5;
    private NegotiatedAlgorithms E5;
    private final Event F5;
    private final Event G5;
    private final org.slf4j.c v5;
    private final TransportImpl w5;
    private final Queue x5 = new LinkedList();
    private final Queue y5 = new LinkedList();
    private final AtomicBoolean z5 = new AtomicBoolean();
    private e A5 = e.KEXINIT;

    /* JADX INFO: Access modifiers changed from: package-private */
    public KeyExchanger(TransportImpl transportImpl) {
        this.w5 = transportImpl;
        this.v5 = transportImpl.s0().d().b(KeyExchanger.class);
        ExceptionChainer exceptionChainer = TransportException.x5;
        this.F5 = new Event("kexinit sent", exceptionChainer, transportImpl.s0().d());
        this.G5 = new Event("kex done", exceptionChainer, transportImpl.U(), transportImpl.s0().d());
    }

    private boolean N() {
        return !B() || this.w5.I();
    }

    private static byte[] U(byte[] bArr, int i2, Digest digest, BigInteger bigInteger, byte[] bArr2) {
        while (i2 > bArr.length) {
            Buffer.PlainBuffer plainBuffer = (Buffer.PlainBuffer) ((Buffer.PlainBuffer) ((Buffer.PlainBuffer) new Buffer.PlainBuffer().o(bigInteger)).q(bArr2)).q(bArr);
            digest.update(plainBuffer.a(), 0, plainBuffer.b());
            byte[] a2 = digest.a();
            byte[] bArr3 = new byte[bArr.length + a2.length];
            System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
            System.arraycopy(a2, 0, bArr3, bArr.length, a2.length);
            bArr = bArr3;
        }
        return bArr;
    }

    private void Y() throws TransportException {
        this.v5.Q("Sending SSH_MSG_KEXINIT");
        f fVar = new f(this.w5.s0(), q(this.w5.K(), this.w5.v0()));
        this.D5 = fVar;
        this.w5.R(fVar.i());
        this.F5.i();
    }

    private void Z() throws TransportException {
        this.v5.Q("Sending SSH_MSG_NEWKEYS");
        this.w5.R(new SSHPacket(Message.NEWKEYS));
    }

    private synchronized void e() throws TransportException {
        if (!H()) {
            throw new TransportException(DisconnectReason.PROTOCOL_ERROR, "Key exchange packet received when key exchange was not ongoing");
        }
    }

    private static void h(Message message, Message message2) throws TransportException {
        if (message == message2) {
            return;
        }
        throw new TransportException(DisconnectReason.PROTOCOL_ERROR, "Was expecting " + message2);
    }

    private void h0() {
        this.z5.set(false);
        this.F5.c();
        this.G5.i();
    }

    private synchronized void p0(PublicKey publicKey) throws TransportException {
        for (HostKeyVerifier hostKeyVerifier : this.x5) {
            this.v5.t0("Trying to verify host key with {}", hostKeyVerifier);
            if (hostKeyVerifier.a(this.w5.K(), this.w5.v0(), publicKey)) {
            }
        }
        this.v5.X("Disconnecting because none of the configured Host key verifiers ({}) could verify '{}' host key with fingerprint {} for {}:{}", new String[]{this.x5.toString(), KeyType.e(publicKey).toString(), SecurityUtils.d(publicKey), this.w5.K(), "" + this.w5.v0()});
        throw new TransportException(DisconnectReason.HOST_KEY_NOT_VERIFIABLE, "Could not verify `" + KeyType.e(publicKey) + "` host key with fingerprint `" + SecurityUtils.d(publicKey) + "` for `" + this.w5.K() + "` on port " + this.w5.v0());
    }

    private List q(String str, int i2) {
        Iterator it = this.x5.iterator();
        while (it.hasNext()) {
            List b2 = ((HostKeyVerifier) it.next()).b(str, i2);
            if (b2 != null && !b2.isEmpty()) {
                return b2;
            }
        }
        return Collections.emptyList();
    }

    private void v(SSHPacket sSHPacket) throws TransportException {
        sSHPacket.S(sSHPacket.R() - 1);
        f fVar = new f(sSHPacket);
        NegotiatedAlgorithms m2 = this.D5.m(fVar);
        this.E5 = m2;
        this.v5.t0("Negotiated algorithms: {}", m2);
        H5 = "Negotiated algorithms: " + this.E5.toString();
        for (AlgorithmsVerifier algorithmsVerifier : this.y5) {
            this.v5.t0("Trying to verify algorithms with {}", algorithmsVerifier);
            if (!algorithmsVerifier.a(this.E5)) {
                throw new TransportException(DisconnectReason.KEY_EXCHANGE_FAILED, "Failed to verify negotiated algorithms `" + this.E5 + "`");
            }
        }
        this.B5 = (KeyExchange) Factory.Named.Util.a(this.w5.s0().B(), this.E5.d());
        TransportImpl transportImpl = this.w5;
        transportImpl.M0((h.b) Factory.Named.Util.a(transportImpl.s0().w(), this.E5.h()));
        try {
            KeyExchange keyExchange = this.B5;
            TransportImpl transportImpl2 = this.w5;
            keyExchange.b(transportImpl2, transportImpl2.T(), this.w5.w(), fVar.i().g(), this.D5.i().g());
        } catch (GeneralSecurityException e2) {
            throw new TransportException(DisconnectReason.KEY_EXCHANGE_FAILED, e2);
        }
    }

    private void w() {
        MAC mac;
        Digest f2 = this.B5.f();
        byte[] e2 = this.B5.e();
        if (this.C5 == null) {
            this.C5 = e2;
        }
        Buffer.PlainBuffer plainBuffer = (Buffer.PlainBuffer) ((Buffer.PlainBuffer) ((Buffer.PlainBuffer) ((Buffer.PlainBuffer) new Buffer.PlainBuffer().o(this.B5.c())).q(e2)).l((byte) 0)).q(this.C5);
        int b2 = (plainBuffer.b() - this.C5.length) - 1;
        plainBuffer.a()[b2] = 65;
        f2.update(plainBuffer.a(), 0, plainBuffer.b());
        byte[] a2 = f2.a();
        plainBuffer.a()[b2] = 66;
        f2.update(plainBuffer.a(), 0, plainBuffer.b());
        byte[] a3 = f2.a();
        plainBuffer.a()[b2] = 67;
        f2.update(plainBuffer.a(), 0, plainBuffer.b());
        byte[] a4 = f2.a();
        plainBuffer.a()[b2] = 68;
        f2.update(plainBuffer.a(), 0, plainBuffer.b());
        byte[] a5 = f2.a();
        plainBuffer.a()[b2] = 69;
        f2.update(plainBuffer.a(), 0, plainBuffer.b());
        byte[] a6 = f2.a();
        plainBuffer.a()[b2] = 70;
        f2.update(plainBuffer.a(), 0, plainBuffer.b());
        byte[] a7 = f2.a();
        Cipher cipher = (Cipher) Factory.Named.Util.a(this.w5.s0().h(), this.E5.a());
        cipher.n(Cipher.Mode.Encrypt, U(a4, cipher.e(), f2, this.B5.c(), this.B5.e()), a2);
        Cipher cipher2 = (Cipher) Factory.Named.Util.a(this.w5.s0().h(), this.E5.e());
        cipher2.n(Cipher.Mode.Decrypt, U(a5, cipher2.e(), f2, this.B5.c(), this.B5.e()), a3);
        MAC mac2 = null;
        if (cipher.q() == 0) {
            mac = (MAC) Factory.Named.Util.a(this.w5.s0().k(), this.E5.c());
            mac.f(U(a6, mac.e(), f2, this.B5.c(), this.B5.e()));
        } else {
            mac = null;
        }
        if (cipher2.q() == 0) {
            mac2 = (MAC) Factory.Named.Util.a(this.w5.s0().k(), this.E5.g());
            mac2.f(U(a7, mac2.e(), f2, this.B5.c(), this.B5.e()));
        }
        Compression compression = (Compression) Factory.Named.Util.a(this.w5.s0().l(), this.E5.f());
        this.w5.N().c(cipher, mac, (Compression) Factory.Named.Util.a(this.w5.s0().l(), this.E5.b()));
        this.w5.H().c(cipher2, mac2, compression);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized void A(HostKeyVerifier hostKeyVerifier) {
        this.x5.add(hostKeyVerifier);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean B() {
        return this.G5.g();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized void C0(AlgorithmsVerifier algorithmsVerifier) {
        this.y5.add(algorithmsVerifier);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean H() {
        return this.z5.get();
    }

    @Override // net.schmizz.sshj.common.SSHPacketHandler
    public void L(Message message, SSHPacket sSHPacket) throws TransportException {
        e eVar;
        int i2 = d.f823a[this.A5.ordinal()];
        if (i2 == 1) {
            h(message, Message.KEXINIT);
            this.v5.Q("Received SSH_MSG_KEXINIT");
            j0(false);
            this.F5.b(this.w5.b(), TimeUnit.MILLISECONDS);
            v(sSHPacket);
            eVar = e.FOLLOWUP;
        } else {
            if (i2 == 2) {
                e();
                this.v5.Q("Received kex followup data");
                try {
                    if (this.B5.a(message, sSHPacket)) {
                        p0(this.B5.d());
                        Z();
                        this.A5 = e.NEWKEYS;
                        return;
                    }
                    return;
                } catch (GeneralSecurityException e2) {
                    throw new TransportException(DisconnectReason.KEY_EXCHANGE_FAILED, e2);
                }
            }
            if (i2 != 3) {
                return;
            }
            h(message, Message.NEWKEYS);
            e();
            this.v5.Q("Received SSH_MSG_NEWKEYS");
            w();
            h0();
            eVar = e.KEXINIT;
        }
        this.A5 = eVar;
    }

    @Override // net.schmizz.sshj.common.ErrorNotifiable
    public void T(SSHException sSHException) {
        this.v5.t0("Got notified of {}", sSHException.toString());
        ErrorDeliveryUtil.b(sSHException, this.F5, this.G5);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] g0() {
        byte[] bArr = this.C5;
        return Arrays.copyOf(bArr, bArr.length);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void j0(boolean z) throws TransportException {
        if (!this.z5.getAndSet(true)) {
            if (N()) {
                this.v5.Q("Initiating key exchange");
                this.G5.c();
                Y();
            } else {
                this.z5.set(false);
            }
        }
        if (z) {
            r0();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void r0() throws TransportException {
        this.G5.b(this.w5.b(), TimeUnit.MILLISECONDS);
    }
}
