package ch.ethz.ssh2.transport;

import ch.ethz.ssh2.ConnectionInfo;
import ch.ethz.ssh2.ServerHostKeyVerifier;
import ch.ethz.ssh2.crypto.CryptoWishList;
import ch.ethz.ssh2.crypto.cipher.BlockCipherFactory;
import ch.ethz.ssh2.crypto.dh.DhExchange;
import ch.ethz.ssh2.crypto.dh.DhGroupExchange;
import ch.ethz.ssh2.crypto.digest.MAC;
import ch.ethz.ssh2.packets.PacketKexDHInit;
import ch.ethz.ssh2.packets.PacketKexDHReply;
import ch.ethz.ssh2.packets.PacketKexDhGexGroup;
import ch.ethz.ssh2.packets.PacketKexDhGexInit;
import ch.ethz.ssh2.packets.PacketKexDhGexReply;
import ch.ethz.ssh2.packets.PacketKexDhGexRequest;
import ch.ethz.ssh2.packets.PacketKexDhGexRequestOld;
import ch.ethz.ssh2.packets.PacketKexInit;
import ch.ethz.ssh2.signature.DSAPublicKey;
import ch.ethz.ssh2.signature.DSASHA1Verify;
import ch.ethz.ssh2.signature.DSASignature;
import ch.ethz.ssh2.signature.RSAPublicKey;
import ch.ethz.ssh2.signature.RSASHA1Verify;
import ch.ethz.ssh2.signature.RSASignature;
import java.io.IOException;
import java.security.SecureRandom;

/* loaded from: classes.dex */
public class ClientKexManager extends KexManager {

    /* renamed from: a, reason: collision with root package name */
    ServerHostKeyVerifier f928a;

    /* renamed from: b, reason: collision with root package name */
    final String f929b;
    final int c;

    public ClientKexManager(TransportManager transportManager, ClientServerHello clientServerHello, CryptoWishList cryptoWishList, String str, int i, ServerHostKeyVerifier serverHostKeyVerifier, SecureRandom secureRandom) {
        super(transportManager, clientServerHello, cryptoWishList, secureRandom);
        this.f929b = str;
        this.c = i;
        this.f928a = serverHostKeyVerifier;
    }

    protected boolean a(byte[] bArr, byte[] bArr2) {
        if (this.e.np.server_host_key_algo.equals("ssh-rsa")) {
            RSASignature decodeSSHRSASignature = RSASHA1Verify.decodeSSHRSASignature(bArr);
            RSAPublicKey decodeSSHRSAPublicKey = RSASHA1Verify.decodeSSHRSAPublicKey(bArr2);
            d.debug("Verifying ssh-rsa signature");
            return RSASHA1Verify.verifySignature(this.e.H, decodeSSHRSASignature, decodeSSHRSAPublicKey);
        }
        if (!this.e.np.server_host_key_algo.equals("ssh-dss")) {
            throw new IOException("Unknown server host key algorithm '" + this.e.np.server_host_key_algo + "'");
        }
        DSASignature decodeSSHDSASignature = DSASHA1Verify.decodeSSHDSASignature(bArr);
        DSAPublicKey decodeSSHDSAPublicKey = DSASHA1Verify.decodeSSHDSAPublicKey(bArr2);
        d.debug("Verifying ssh-dss signature");
        return DSASHA1Verify.verifySignature(this.e.H, decodeSSHDSASignature, decodeSSHDSAPublicKey);
    }

    @Override // ch.ethz.ssh2.transport.MessageHandler
    public synchronized void handleMessage(byte[] bArr, int i) {
        if (bArr == null) {
            synchronized (this.j) {
                this.l = true;
                this.j.notifyAll();
            }
        } else {
            if (this.e == null && bArr[0] != 20) {
                throw new IOException("Unexpected KEX message (type " + ((int) bArr[0]) + ")");
            }
            if (this.m) {
                this.m = false;
            } else if (bArr[0] == 20) {
                if (this.e != null && this.e.state != 0) {
                    throw new IOException("Unexpected SSH_MSG_KEXINIT message during on-going kex exchange!");
                }
                if (this.e == null) {
                    this.e = new KexState();
                    this.e.dhgexParameters = this.p;
                    PacketKexInit packetKexInit = new PacketKexInit(this.o, this.s);
                    this.e.localKEX = packetKexInit;
                    this.n.sendKexMessage(packetKexInit.getPayload());
                }
                this.e.remoteKEX = new PacketKexInit(bArr, 0, i);
                this.e.np = a(this.e.localKEX.getKexParameters(), this.e.remoteKEX.getKexParameters());
                if (this.e.np == null) {
                    throw new IOException("Cannot negotiate, proposals do not match.");
                }
                if (this.e.remoteKEX.isFirst_kex_packet_follows() && !this.e.np.guessOK) {
                    this.m = true;
                }
                if (this.e.np.kex_algo.equals("diffie-hellman-group-exchange-sha1")) {
                    if (this.e.dhgexParameters.getMin_group_len() == 0) {
                        this.n.sendKexMessage(new PacketKexDhGexRequestOld(this.e.dhgexParameters).getPayload());
                    } else {
                        this.n.sendKexMessage(new PacketKexDhGexRequest(this.e.dhgexParameters).getPayload());
                    }
                    this.e.state = 1;
                } else {
                    if (!this.e.np.kex_algo.equals("diffie-hellman-group1-sha1") && !this.e.np.kex_algo.equals("diffie-hellman-group14-sha1")) {
                        throw new IllegalStateException("Unkown KEX method!");
                    }
                    this.e.dhx = new DhExchange();
                    if (this.e.np.kex_algo.equals("diffie-hellman-group1-sha1")) {
                        this.e.dhx.clientInit(1, this.s);
                    } else {
                        this.e.dhx.clientInit(14, this.s);
                    }
                    this.n.sendKexMessage(new PacketKexDHInit(this.e.dhx.getE()).getPayload());
                    this.e.state = 1;
                }
            } else if (bArr[0] == 21) {
                if (this.g == null) {
                    throw new IOException("Peer sent SSH_MSG_NEWKEYS, but I have no key material ready!");
                }
                try {
                    this.n.changeRecvCipher(BlockCipherFactory.createCipher(this.e.np.enc_algo_server_to_client, false, this.g.enc_key_server_to_client, this.g.initial_iv_server_to_client), new MAC(this.e.np.mac_algo_server_to_client, this.g.integrity_key_server_to_client));
                    ConnectionInfo connectionInfo = new ConnectionInfo();
                    this.f++;
                    connectionInfo.keyExchangeAlgorithm = this.e.np.kex_algo;
                    connectionInfo.keyExchangeCounter = this.f;
                    connectionInfo.clientToServerCryptoAlgorithm = this.e.np.enc_algo_client_to_server;
                    connectionInfo.serverToClientCryptoAlgorithm = this.e.np.enc_algo_server_to_client;
                    connectionInfo.clientToServerMACAlgorithm = this.e.np.mac_algo_client_to_server;
                    connectionInfo.serverToClientMACAlgorithm = this.e.np.mac_algo_server_to_client;
                    connectionInfo.serverHostKeyAlgorithm = this.e.np.server_host_key_algo;
                    connectionInfo.serverHostKey = this.e.remote_hostkey;
                    synchronized (this.j) {
                        this.k = connectionInfo;
                        this.j.notifyAll();
                    }
                    this.e = null;
                } catch (IllegalArgumentException e) {
                    throw new IOException("Fatal error during MAC startup!");
                }
            } else {
                if (this.e == null || this.e.state == 0) {
                    throw new IOException("Unexpected Kex submessage!");
                }
                if (this.e.np.kex_algo.equals("diffie-hellman-group-exchange-sha1")) {
                    if (this.e.state == 1) {
                        PacketKexDhGexGroup packetKexDhGexGroup = new PacketKexDhGexGroup(bArr, 0, i);
                        this.e.dhgx = new DhGroupExchange(packetKexDhGexGroup.getP(), packetKexDhGexGroup.getG());
                        this.e.dhgx.init(this.s);
                        this.n.sendKexMessage(new PacketKexDhGexInit(this.e.dhgx.getE()).getPayload());
                        this.e.state = 2;
                    } else {
                        if (this.e.state != 2) {
                            throw new IllegalStateException("Illegal State in KEX Exchange!");
                        }
                        PacketKexDhGexReply packetKexDhGexReply = new PacketKexDhGexReply(bArr, 0, i);
                        this.e.remote_hostkey = packetKexDhGexReply.getHostKey();
                        if (this.f928a != null) {
                            try {
                                if (!this.f928a.verifyServerHostKey(this.f929b, this.c, this.e.np.server_host_key_algo, this.e.remote_hostkey)) {
                                    throw new IOException("The server hostkey was not accepted by the verifier callback");
                                }
                            } catch (Exception e2) {
                                throw new IOException("The server hostkey was not accepted by the verifier callback.", e2);
                            }
                        }
                        this.e.dhgx.setF(packetKexDhGexReply.getF());
                        try {
                            this.e.H = this.e.dhgx.calculateH(this.i.getClientString(), this.i.getServerString(), this.e.localKEX.getPayload(), this.e.remoteKEX.getPayload(), packetKexDhGexReply.getHostKey(), this.e.dhgexParameters);
                            if (!a(packetKexDhGexReply.getSignature(), this.e.remote_hostkey)) {
                                throw new IOException("Hostkey signature sent by remote is wrong!");
                            }
                            this.e.K = this.e.dhgx.getK();
                            a(true);
                            this.e.state = -1;
                        } catch (IllegalArgumentException e3) {
                            throw new IOException("KEX error.", e3);
                        }
                    }
                } else {
                    if ((!this.e.np.kex_algo.equals("diffie-hellman-group1-sha1") && !this.e.np.kex_algo.equals("diffie-hellman-group14-sha1")) || this.e.state != 1) {
                        throw new IllegalStateException("Unkown KEX method! (" + this.e.np.kex_algo + ")");
                    }
                    PacketKexDHReply packetKexDHReply = new PacketKexDHReply(bArr, 0, i);
                    this.e.remote_hostkey = packetKexDHReply.getHostKey();
                    if (this.f928a != null) {
                        try {
                            if (!this.f928a.verifyServerHostKey(this.f929b, this.c, this.e.np.server_host_key_algo, this.e.remote_hostkey)) {
                                throw new IOException("The server hostkey was not accepted by the verifier callback");
                            }
                        } catch (Exception e4) {
                            throw new IOException("The server hostkey was not accepted by the verifier callback.", e4);
                        }
                    }
                    this.e.dhx.setF(packetKexDHReply.getF());
                    try {
                        this.e.H = this.e.dhx.calculateH(this.i.getClientString(), this.i.getServerString(), this.e.localKEX.getPayload(), this.e.remoteKEX.getPayload(), packetKexDHReply.getHostKey());
                        if (!a(packetKexDHReply.getSignature(), this.e.remote_hostkey)) {
                            throw new IOException("Hostkey signature sent by remote is wrong!");
                        }
                        this.e.K = this.e.dhx.getK();
                        a(true);
                        this.e.state = -1;
                    } catch (IllegalArgumentException e5) {
                        throw new IOException("KEX error.", e5);
                    }
                }
            }
        }
    }
}
