package net.schmizz.sshj.transport;

import androidx.fragment.app.l0;
import com.hierynomus.sshj.key.KeyAlgorithm;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicBoolean;
import net.schmizz.concurrent.ErrorDeliveryUtil;
import net.schmizz.concurrent.Event;
import net.schmizz.concurrent.ExceptionChainer;
import net.schmizz.sshj.common.Buffer;
import net.schmizz.sshj.common.DisconnectReason;
import net.schmizz.sshj.common.ErrorNotifiable;
import net.schmizz.sshj.common.Factory;
import net.schmizz.sshj.common.KeyType;
import net.schmizz.sshj.common.Message;
import net.schmizz.sshj.common.SSHException;
import net.schmizz.sshj.common.SSHPacket;
import net.schmizz.sshj.common.SSHPacketHandler;
import net.schmizz.sshj.common.SecurityUtils;
import net.schmizz.sshj.transport.cipher.Cipher;
import net.schmizz.sshj.transport.compression.Compression;
import net.schmizz.sshj.transport.digest.Digest;
import net.schmizz.sshj.transport.kex.KeyExchange;
import net.schmizz.sshj.transport.mac.MAC;
import net.schmizz.sshj.transport.verification.AlgorithmsVerifier;
import net.schmizz.sshj.transport.verification.HostKeyVerifier;
import org.slf4j.Logger;

/* loaded from: classes2.dex */
public final class d implements SSHPacketHandler, ErrorNotifiable {

    /* renamed from: a, reason: collision with root package name */
    public final Logger f27641a;

    /* renamed from: b, reason: collision with root package name */
    public final TransportImpl f27642b;
    public final LinkedList c = new LinkedList();

    /* renamed from: d, reason: collision with root package name */
    public final LinkedList f27643d = new LinkedList();

    /* renamed from: e, reason: collision with root package name */
    public final AtomicBoolean f27644e = new AtomicBoolean();
    public int f = 1;

    /* renamed from: g, reason: collision with root package name */
    public KeyExchange f27645g;

    /* renamed from: h, reason: collision with root package name */
    public byte[] f27646h;

    /* renamed from: i, reason: collision with root package name */
    public e f27647i;

    /* renamed from: j, reason: collision with root package name */
    public NegotiatedAlgorithms f27648j;

    /* renamed from: k, reason: collision with root package name */
    public final Event<TransportException> f27649k;
    public final Event<TransportException> l;

    public d(TransportImpl transportImpl) {
        this.f27642b = transportImpl;
        this.f27641a = transportImpl.getConfig().getLoggerFactory().getLogger(d.class);
        ExceptionChainer<TransportException> exceptionChainer = TransportException.chainer;
        this.f27649k = new Event<>("kexinit sent", exceptionChainer, transportImpl.getConfig().getLoggerFactory());
        this.l = new Event<>("kex done", exceptionChainer, transportImpl.getWriteLock(), transportImpl.getConfig().getLoggerFactory());
    }

    public static byte[] b(byte[] bArr, int i5, Digest digest, BigInteger bigInteger, byte[] bArr2) {
        while (i5 > bArr.length) {
            Buffer.PlainBuffer putRawBytes = new Buffer.PlainBuffer().putMPInt(bigInteger).putRawBytes(bArr2).putRawBytes(bArr);
            digest.update(putRawBytes.array(), 0, putRawBytes.available());
            byte[] digest2 = digest.digest();
            byte[] bArr3 = new byte[bArr.length + digest2.length];
            System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
            System.arraycopy(digest2, 0, bArr3, bArr.length, digest2.length);
            bArr = bArr3;
        }
        return bArr;
    }

    public final synchronized void a() throws TransportException {
        if (!this.f27644e.get()) {
            throw new TransportException(DisconnectReason.PROTOCOL_ERROR, "Key exchange packet received when key exchange was not ongoing");
        }
    }

    public final void c(boolean z8) throws TransportException {
        List<String> emptyList;
        boolean andSet = this.f27644e.getAndSet(true);
        TransportImpl transportImpl = this.f27642b;
        Event<TransportException> event = this.l;
        if (!andSet) {
            event.clear();
            this.f27641a.debug("Sending SSH_MSG_KEXINIT");
            String remoteHost = transportImpl.getRemoteHost();
            int remotePort = transportImpl.getRemotePort();
            Iterator it = this.c.iterator();
            while (true) {
                if (!it.hasNext()) {
                    emptyList = Collections.emptyList();
                    break;
                }
                emptyList = ((HostKeyVerifier) it.next()).findExistingAlgorithms(remoteHost, remotePort);
                if (emptyList != null && !emptyList.isEmpty()) {
                    break;
                }
            }
            e eVar = new e(transportImpl.getConfig(), emptyList);
            this.f27647i = eVar;
            transportImpl.write(new SSHPacket(eVar.f27656i));
            this.f27649k.set();
        }
        if (z8) {
            event.await(transportImpl.getTimeoutMs(), TimeUnit.MILLISECONDS);
        }
    }

    public final synchronized void d(PublicKey publicKey) throws TransportException {
        for (HostKeyVerifier hostKeyVerifier : this.c) {
            this.f27641a.debug("Trying to verify host key with {}", hostKeyVerifier);
            if (hostKeyVerifier.verify(this.f27642b.getRemoteHost(), this.f27642b.getRemotePort(), publicKey)) {
            }
        }
        this.f27641a.error("Disconnecting because none of the configured Host key verifiers ({}) could verify '{}' host key with fingerprint {} for {}:{}", this.c, KeyType.fromKey(publicKey), SecurityUtils.getFingerprint(publicKey), this.f27642b.getRemoteHost(), Integer.valueOf(this.f27642b.getRemotePort()));
        throw new TransportException(DisconnectReason.HOST_KEY_NOT_VERIFIABLE, "Could not verify `" + KeyType.fromKey(publicKey) + "` host key with fingerprint `" + SecurityUtils.getFingerprint(publicKey) + "` for `" + this.f27642b.getRemoteHost() + "` on port " + this.f27642b.getRemotePort());
    }

    @Override // net.schmizz.sshj.common.SSHPacketHandler
    public final void handle(Message message, SSHPacket sSHPacket) throws TransportException {
        MAC mac;
        int b9 = l0.b(this.f);
        Event<TransportException> event = this.f27649k;
        TransportImpl transportImpl = this.f27642b;
        Logger logger = this.f27641a;
        if (b9 == 0) {
            Message message2 = Message.KEXINIT;
            if (message != message2) {
                throw new TransportException(DisconnectReason.PROTOCOL_ERROR, "Was expecting " + message2);
            }
            logger.debug("Received SSH_MSG_KEXINIT");
            c(false);
            event.await(transportImpl.getTimeoutMs(), TimeUnit.MILLISECONDS);
            sSHPacket.rpos(sSHPacket.rpos() - 1);
            e eVar = new e(sSHPacket);
            e eVar2 = this.f27647i;
            eVar2.getClass();
            NegotiatedAlgorithms negotiatedAlgorithms = new NegotiatedAlgorithms(e.a("KeyExchangeAlgorithms", eVar2.f27650a, eVar.f27650a), e.a("HostKeyAlgorithms", eVar2.f27651b, eVar.f27651b), e.a("Client2ServerCipherAlgorithms", eVar2.c, eVar.c), e.a("Server2ClientCipherAlgorithms", eVar2.f27652d, eVar.f27652d), e.a("Client2ServerMACAlgorithms", eVar2.f27653e, eVar.f27653e), e.a("Server2ClientMACAlgorithms", eVar2.f, eVar.f), e.a("Client2ServerCompressionAlgorithms", eVar2.f27654g, eVar.f27654g), e.a("Server2ClientCompressionAlgorithms", eVar2.f27655h, eVar.f27655h));
            this.f27648j = negotiatedAlgorithms;
            logger.debug("Negotiated algorithms: {}", negotiatedAlgorithms);
            for (AlgorithmsVerifier algorithmsVerifier : this.f27643d) {
                logger.debug("Trying to verify algorithms with {}", algorithmsVerifier);
                if (!algorithmsVerifier.verify(this.f27648j)) {
                    throw new TransportException(DisconnectReason.KEY_EXCHANGE_FAILED, "Failed to verify negotiated algorithms `" + this.f27648j + "`");
                }
            }
            this.f27645g = (KeyExchange) Factory.Named.Util.create(transportImpl.getConfig().getKeyExchangeFactories(), this.f27648j.getKeyExchangeAlgorithm());
            transportImpl.setHostKeyAlgorithm((KeyAlgorithm) Factory.Named.Util.create(transportImpl.getConfig().getKeyAlgorithms(), this.f27648j.getSignatureAlgorithm()));
            try {
                KeyExchange keyExchange = this.f27645g;
                String serverID = transportImpl.getServerID();
                String clientID = transportImpl.getClientID();
                byte[] compactData = new SSHPacket(eVar.f27656i).getCompactData();
                e eVar3 = this.f27647i;
                eVar3.getClass();
                keyExchange.init(transportImpl, serverID, clientID, compactData, new SSHPacket(eVar3.f27656i).getCompactData());
                this.f = 2;
                return;
            } catch (GeneralSecurityException e9) {
                throw new TransportException(DisconnectReason.KEY_EXCHANGE_FAILED, e9);
            }
        }
        if (b9 == 1) {
            synchronized (this) {
                if (!this.f27644e.get()) {
                    throw new TransportException(DisconnectReason.PROTOCOL_ERROR, "Key exchange packet received when key exchange was not ongoing");
                }
            }
            logger.debug("Received kex followup data");
            try {
                if (this.f27645g.next(message, sSHPacket)) {
                    d(this.f27645g.getHostKey());
                    logger.debug("Sending SSH_MSG_NEWKEYS");
                    transportImpl.write(new SSHPacket(Message.NEWKEYS));
                    this.f = 3;
                    return;
                }
                return;
            } catch (GeneralSecurityException e10) {
                throw new TransportException(DisconnectReason.KEY_EXCHANGE_FAILED, e10);
            }
        }
        if (b9 != 2) {
            return;
        }
        Message message3 = Message.NEWKEYS;
        if (message != message3) {
            throw new TransportException(DisconnectReason.PROTOCOL_ERROR, "Was expecting " + message3);
        }
        a();
        logger.debug("Received SSH_MSG_NEWKEYS");
        Digest hash = this.f27645g.getHash();
        byte[] h9 = this.f27645g.getH();
        if (this.f27646h == null) {
            this.f27646h = h9;
        }
        Buffer.PlainBuffer putRawBytes = new Buffer.PlainBuffer().putMPInt(this.f27645g.getK()).putRawBytes(h9).putByte((byte) 0).putRawBytes(this.f27646h);
        int available = (putRawBytes.available() - this.f27646h.length) - 1;
        putRawBytes.array()[available] = 65;
        hash.update(putRawBytes.array(), 0, putRawBytes.available());
        byte[] digest = hash.digest();
        putRawBytes.array()[available] = 66;
        hash.update(putRawBytes.array(), 0, putRawBytes.available());
        byte[] digest2 = hash.digest();
        putRawBytes.array()[available] = 67;
        hash.update(putRawBytes.array(), 0, putRawBytes.available());
        byte[] digest3 = hash.digest();
        putRawBytes.array()[available] = 68;
        hash.update(putRawBytes.array(), 0, putRawBytes.available());
        byte[] digest4 = hash.digest();
        putRawBytes.array()[available] = 69;
        hash.update(putRawBytes.array(), 0, putRawBytes.available());
        byte[] digest5 = hash.digest();
        putRawBytes.array()[available] = 70;
        hash.update(putRawBytes.array(), 0, putRawBytes.available());
        byte[] digest6 = hash.digest();
        Cipher cipher = (Cipher) Factory.Named.Util.create(transportImpl.getConfig().getCipherFactories(), this.f27648j.getClient2ServerCipherAlgorithm());
        cipher.init(Cipher.Mode.Encrypt, b(digest3, cipher.getBlockSize(), hash, this.f27645g.getK(), this.f27645g.getH()), digest);
        Cipher cipher2 = (Cipher) Factory.Named.Util.create(transportImpl.getConfig().getCipherFactories(), this.f27648j.getServer2ClientCipherAlgorithm());
        cipher2.init(Cipher.Mode.Decrypt, b(digest4, cipher2.getBlockSize(), hash, this.f27645g.getK(), this.f27645g.getH()), digest2);
        MAC mac2 = null;
        if (cipher.getAuthenticationTagSize() == 0) {
            mac = (MAC) Factory.Named.Util.create(transportImpl.getConfig().getMACFactories(), this.f27648j.getClient2ServerMACAlgorithm());
            mac.init(b(digest5, mac.getBlockSize(), hash, this.f27645g.getK(), this.f27645g.getH()));
        } else {
            mac = null;
        }
        if (cipher2.getAuthenticationTagSize() == 0) {
            mac2 = (MAC) Factory.Named.Util.create(transportImpl.getConfig().getMACFactories(), this.f27648j.getServer2ClientMACAlgorithm());
            mac2.init(b(digest6, mac2.getBlockSize(), hash, this.f27645g.getK(), this.f27645g.getH()));
        }
        Compression compression = (Compression) Factory.Named.Util.create(transportImpl.getConfig().getCompressionFactories(), this.f27648j.getServer2ClientCompressionAlgorithm());
        transportImpl.getEncoder().b(cipher, mac, (Compression) Factory.Named.Util.create(transportImpl.getConfig().getCompressionFactories(), this.f27648j.getClient2ServerCompressionAlgorithm()));
        transportImpl.getDecoder().b(cipher2, mac2, compression);
        this.f27644e.set(false);
        event.clear();
        this.l.set();
        this.f = 1;
    }

    @Override // net.schmizz.sshj.common.ErrorNotifiable
    public final void notifyError(SSHException sSHException) {
        this.f27641a.debug("Got notified of {}", sSHException.toString());
        ErrorDeliveryUtil.alertEvents(sSHException, (Event<?>[]) new Event[]{this.f27649k, this.l});
    }
}
