package com.sshtools.server.components.jce;

import com.sshtools.common.logger.Log;
import com.sshtools.common.ssh.SshException;
import com.sshtools.common.ssh.SshIOException;
import com.sshtools.common.ssh.SshMessage;
import com.sshtools.common.ssh.SshTransport;
import com.sshtools.common.ssh.components.ComponentManager;
import com.sshtools.common.ssh.components.DiffieHellmanGroups;
import com.sshtools.common.ssh.components.Digest;
import com.sshtools.common.ssh.components.SshPrivateKey;
import com.sshtools.common.ssh.components.SshPublicKey;
import com.sshtools.common.ssh.components.jce.AbstractKeyExchange;
import com.sshtools.common.ssh.components.jce.JCEComponentManager;
import com.sshtools.common.ssh.components.jce.JCEProvider;
import com.sshtools.common.util.ByteArrayReader;
import com.sshtools.common.util.ByteArrayWriter;
import com.sshtools.common.util.UnsignedInteger32;
import com.sshtools.server.SftpFileAttributes;
import com.sshtools.server.SshServerContext;
import com.sshtools.server.components.SshKeyExchangeServer;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import javax.crypto.KeyAgreement;
import javax.crypto.interfaces.DHPublicKey;
import javax.crypto.spec.DHParameterSpec;
import javax.crypto.spec.DHPublicKeySpec;

/* loaded from: input_file:com/sshtools/server/components/jce/DiffieHellmanGroupExchangeSha1JCE.class */
public class DiffieHellmanGroupExchangeSha1JCE extends SshKeyExchangeServer implements AbstractKeyExchange {
    static final int SSH_MSG_KEY_DH_GEX_REQUEST_OLD = 30;
    static final int SSH_MSG_KEY_DH_GEX_GROUP = 31;
    static final int SSH_MSG_KEY_DH_GEX_INIT = 32;
    static final int SSH_MSG_KEY_DH_GEX_REPLY = 33;
    static final int SSH_MSG_KEY_DH_GEX_REQUEST = 34;
    BigInteger g;
    BigInteger p;
    BigInteger e;
    BigInteger f;
    UnsignedInteger32 min;
    UnsignedInteger32 n;
    UnsignedInteger32 max;
    KeyPairGenerator dhKeyPairGen;
    KeyAgreement dhKeyAgreement;
    KeyFactory dhKeyFactory;
    public static final String DIFFIE_HELLMAN_GROUP_EXCHANGE_SHA1 = "diffie-hellman-group-exchange-sha1";
    static final BigInteger ONE = BigInteger.valueOf(1);
    static final BigInteger TWO = BigInteger.valueOf(2);
    static int maxSupportedSize = -1;
    static int minSupportedSize = -1;

    public DiffieHellmanGroupExchangeSha1JCE() {
        super("SHA-1");
        this.g = null;
        this.p = null;
        this.e = null;
        this.f = null;
        this.min = null;
        this.n = null;
        this.max = null;
    }

    public DiffieHellmanGroupExchangeSha1JCE(String str) {
        super(str);
        this.g = null;
        this.p = null;
        this.e = null;
        this.f = null;
        this.min = null;
        this.n = null;
        this.max = null;
    }

    @Override // com.sshtools.server.components.SshKeyExchangeServer
    public String getAlgorithm() {
        return DIFFIE_HELLMAN_GROUP_EXCHANGE_SHA1;
    }

    void initCrypto() throws NoSuchAlgorithmException {
        this.dhKeyFactory = JCEProvider.getProviderForAlgorithm("DH") == null ? KeyFactory.getInstance("DH") : KeyFactory.getInstance("DH", JCEProvider.getProviderForAlgorithm("DH"));
        this.dhKeyPairGen = JCEProvider.getProviderForAlgorithm("DH") == null ? KeyPairGenerator.getInstance("DH") : KeyPairGenerator.getInstance("DH", JCEProvider.getProviderForAlgorithm("DH"));
        this.dhKeyAgreement = JCEProvider.getProviderForAlgorithm("DH") == null ? KeyAgreement.getInstance("DH") : KeyAgreement.getInstance("DH", JCEProvider.getProviderForAlgorithm("DH"));
    }

    public void init(SshTransport<SshServerContext> sshTransport, String str, String str2, byte[] bArr, byte[] bArr2, SshPrivateKey sshPrivateKey, SshPublicKey sshPublicKey, boolean z, boolean z2) throws IOException {
        this.clientId = str;
        this.serverId = str2;
        this.clientKexInit = bArr;
        this.serverKexInit = bArr2;
        this.prvkey = sshPrivateKey;
        this.pubkey = sshPublicKey;
        this.firstPacketFollows = z;
        this.useFirstPacket = z2;
        this.transport = sshTransport;
        try {
            initCrypto();
        } catch (NoSuchAlgorithmException e) {
            throw new SshIOException(new SshException("JCE does not support Diffie Hellman key exchange", 16));
        }
    }

    public String getProvider() {
        return this.dhKeyAgreement != null ? this.dhKeyAgreement.getProvider().getName() : "";
    }

    public boolean exchangeGroup(byte[] bArr) throws SshException, IOException {
        if (this.firstPacketFollows && !this.useFirstPacket) {
            if (Log.isDebugEnabled()) {
                Log.debug("Client attempted to guess the kex in use but we determined it was wrong so we're waiting for another message", new Object[0]);
            }
            this.firstPacketFollows = false;
            return true;
        }
        ByteArrayReader byteArrayReader = new ByteArrayReader(bArr);
        try {
            switch (byteArrayReader.read()) {
                case 30:
                    this.n = byteArrayReader.readUINT32();
                    if (Log.isDebugEnabled()) {
                        Log.debug("Received SSH_MSG_KEY_DH_GEX_REQUEST_OLD n=%d", new Object[]{Long.valueOf(this.n.longValue())});
                    }
                    DiffieHellmanGroups.DHGroup safePrime = DiffieHellmanGroups.getSafePrime(new UnsignedInteger32(Math.min(maxSupportedSize, Math.max(Math.min(this.n.intValue(), ((SshServerContext) this.transport.getContext()).getMaxDHGroupExchangeKeySize()), ((SshServerContext) this.transport.getContext()).getMinDHGroupExchangeKeySize()))));
                    this.p = safePrime.getP();
                    this.g = safePrime.getG();
                    break;
                case SSH_MSG_KEY_DH_GEX_REQUEST /* 34 */:
                    this.min = byteArrayReader.readUINT32();
                    this.n = byteArrayReader.readUINT32();
                    this.max = byteArrayReader.readUINT32();
                    if (Log.isDebugEnabled()) {
                        Log.debug("Recieved SSH_MSG_KEY_DH_GEX_REQUEST min=%d n=%d max=%d", new Object[]{Long.valueOf(this.min.longValue()), Long.valueOf(this.n.longValue()), Long.valueOf(this.max.longValue())});
                    }
                    DiffieHellmanGroups.DHGroup safePrime2 = DiffieHellmanGroups.getSafePrime(new UnsignedInteger32(Math.min(maxSupportedSize, Math.max(Math.min(this.n.intValue(), ((SshServerContext) this.transport.getContext()).getMaxDHGroupExchangeKeySize()), ((SshServerContext) this.transport.getContext()).getMinDHGroupExchangeKeySize()))));
                    this.p = safePrime2.getP();
                    this.g = safePrime2.getG();
                    if (Log.isDebugEnabled()) {
                        Log.debug("Selected %d bit prime and %d bit group", new Object[]{Integer.valueOf(this.p.bitLength()), Integer.valueOf(this.g.bitLength())});
                        break;
                    }
                    break;
                default:
                    return false;
            }
            if (Boolean.getBoolean("maverick.disableAsyncKex")) {
                prepareGroup();
            } else {
                ((SshServerContext) this.transport.getContext()).getExecutorService().submit(new Runnable() { // from class: com.sshtools.server.components.jce.DiffieHellmanGroupExchangeSha1JCE.1
                    @Override // java.lang.Runnable
                    public void run() {
                        DiffieHellmanGroupExchangeSha1JCE.this.prepareGroup();
                    }
                });
            }
            byteArrayReader.close();
            return true;
        } finally {
            byteArrayReader.close();
        }
    }

    public void prepareGroup() {
        int i = 3;
        while (i != 0) {
            try {
                i--;
                this.dhKeyPairGen.initialize(new DHParameterSpec(this.p, this.g));
                KeyPair generateKeyPair = this.dhKeyPairGen.generateKeyPair();
                this.dhKeyAgreement.init(generateKeyPair.getPrivate());
                this.f = ((DHPublicKey) generateKeyPair.getPublic()).getY();
                if (DiffieHellmanGroups.verifyParameters(this.f, this.p)) {
                    this.transport.postMessage(new SshMessage() { // from class: com.sshtools.server.components.jce.DiffieHellmanGroupExchangeSha1JCE.2
                        public boolean writeMessageIntoBuffer(ByteBuffer byteBuffer) {
                            byteBuffer.put((byte) 31);
                            byte[] byteArray = DiffieHellmanGroupExchangeSha1JCE.this.p.toByteArray();
                            byteBuffer.putInt(byteArray.length);
                            byteBuffer.put(byteArray);
                            byte[] byteArray2 = DiffieHellmanGroupExchangeSha1JCE.this.g.toByteArray();
                            byteBuffer.putInt(byteArray2.length);
                            byteBuffer.put(byteArray2);
                            return true;
                        }

                        public void messageSent(Long l) {
                            if (Log.isDebugEnabled()) {
                                Log.debug("Sent SSH_MSG_KEY_DH_GEX_GROUP p=%s, g=%s", new Object[]{DiffieHellmanGroupExchangeSha1JCE.this.p.toString(16), DiffieHellmanGroupExchangeSha1JCE.this.g.toString(16)});
                            }
                        }
                    }, true);
                    return;
                }
            } catch (InvalidAlgorithmParameterException e) {
                this.transport.disconnect(3, e.getMessage());
                return;
            } catch (InvalidKeyException e2) {
                this.transport.disconnect(3, e2.getMessage());
                return;
            }
        }
        this.transport.disconnect(3, "Failed to generate key exchange value");
    }

    @Override // com.sshtools.server.components.SshKeyExchangeServer
    public boolean processMessage(byte[] bArr) throws SshException, IOException {
        if (exchangeGroup(bArr)) {
            return true;
        }
        ByteArrayReader byteArrayReader = new ByteArrayReader(bArr);
        try {
            if (byteArrayReader.read() != 32) {
                return false;
            }
            this.e = byteArrayReader.readBigInteger();
            if (Log.isDebugEnabled()) {
                Log.debug("Recieved SSH_MSG_KEY_DH_GEX_INIT e=%s", new Object[]{this.e.toString(16)});
            }
            if (!DiffieHellmanGroups.verifyParameters(this.e, this.p)) {
                throw new SshException(String.format("Key exchange detected invalid e value %s", this.e.toString(16)), 3);
            }
            if (Boolean.getBoolean("maverick.disableAsyncKex")) {
                doKex();
            } else {
                ((SshServerContext) this.transport.getContext()).getExecutorService().submit(new Runnable() { // from class: com.sshtools.server.components.jce.DiffieHellmanGroupExchangeSha1JCE.3
                    @Override // java.lang.Runnable
                    public void run() {
                        DiffieHellmanGroupExchangeSha1JCE.this.doKex();
                    }
                });
            }
            byteArrayReader.close();
            return true;
        } finally {
            byteArrayReader.close();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void doKex() {
        try {
            try {
                this.dhKeyAgreement.doPhase((DHPublicKey) this.dhKeyFactory.generatePublic(new DHPublicKeySpec(this.e, this.p, this.g)), true);
                byte[] generateSecret = this.dhKeyAgreement.generateSecret();
                if ((generateSecret[0] & 128) == 128) {
                    byte[] bArr = new byte[generateSecret.length + 1];
                    System.arraycopy(generateSecret, 0, bArr, 1, generateSecret.length);
                    generateSecret = bArr;
                }
                this.secret = new BigInteger(generateSecret);
                if (!DiffieHellmanGroups.verifyParameters(this.secret, this.p)) {
                    throw new SshException(String.format("Key exchange detected invalid k value %s", this.e.toString(16)), 3);
                }
                this.hostKey = this.pubkey.getEncoded();
                calculateExchangeHash();
                this.signature = this.prvkey.sign(this.exchangeHash);
                this.transport.postMessage(new SshMessage() { // from class: com.sshtools.server.components.jce.DiffieHellmanGroupExchangeSha1JCE.4
                    public boolean writeMessageIntoBuffer(ByteBuffer byteBuffer) {
                        ByteArrayWriter byteArrayWriter = new ByteArrayWriter();
                        try {
                            try {
                                byteBuffer.put((byte) 33);
                                byteBuffer.putInt(DiffieHellmanGroupExchangeSha1JCE.this.hostKey.length);
                                byteBuffer.put(DiffieHellmanGroupExchangeSha1JCE.this.hostKey);
                                byte[] byteArray = DiffieHellmanGroupExchangeSha1JCE.this.f.toByteArray();
                                byteBuffer.putInt(byteArray.length);
                                byteBuffer.put(byteArray);
                                byteArrayWriter.writeString(DiffieHellmanGroupExchangeSha1JCE.this.pubkey.getAlgorithm());
                                byteArrayWriter.writeBinaryString(DiffieHellmanGroupExchangeSha1JCE.this.signature);
                                byte[] byteArray2 = byteArrayWriter.toByteArray();
                                byteBuffer.putInt(byteArray2.length);
                                byteBuffer.put(byteArray2);
                                try {
                                    return true;
                                } catch (IOException e) {
                                    return true;
                                }
                            } catch (IOException e2) {
                                DiffieHellmanGroupExchangeSha1JCE.this.transport.disconnect(3, "Could not read host key");
                                try {
                                    byteArrayWriter.close();
                                    return true;
                                } catch (IOException e3) {
                                    return true;
                                }
                            }
                        } finally {
                            try {
                                byteArrayWriter.close();
                            } catch (IOException e4) {
                            }
                        }
                    }

                    public void messageSent(Long l) {
                        if (Log.isDebugEnabled()) {
                            Log.debug("Sent SSH_MSG_KEY_DH_GEX_REPLY f=%s", new Object[]{DiffieHellmanGroupExchangeSha1JCE.this.f.toString(16)});
                        }
                    }
                }, true);
                this.transport.sendNewKeys();
            } catch (Exception e) {
                throw new SshException(e);
            }
        } catch (Exception e2) {
            this.transport.disconnect(3, e2.getMessage());
        }
    }

    protected void calculateExchangeHash() throws SshException {
        Digest digest = (Digest) ComponentManager.getDefaultInstance().supportedDigests().getInstance(getHashAlgorithm());
        digest.putString(this.clientId);
        digest.putString(this.serverId);
        digest.putInt(this.clientKexInit.length);
        digest.putBytes(this.clientKexInit);
        digest.putInt(this.serverKexInit.length);
        digest.putBytes(this.serverKexInit);
        digest.putInt(this.hostKey.length);
        digest.putBytes(this.hostKey);
        if (this.min != null) {
            digest.putInt(this.min.intValue());
        }
        digest.putInt(this.n.intValue());
        if (this.max != null) {
            digest.putInt(this.max.intValue());
        }
        digest.putBigInteger(this.p);
        digest.putBigInteger(this.g);
        digest.putBigInteger(this.e);
        digest.putBigInteger(this.f);
        digest.putBigInteger(this.secret);
        this.exchangeHash = digest.doFinal();
    }

    public void test() {
        try {
            ComponentManager.getDefaultInstance().supportedDigests().getInstance(getHashAlgorithm());
            initCrypto();
            if (minSupportedSize == -1) {
                Provider providerForAlgorithm = JCEComponentManager.getProviderForAlgorithm("DH");
                if (providerForAlgorithm == null || !providerForAlgorithm.getName().equals("BC")) {
                    maxSupportedSize = -1;
                    for (BigInteger bigInteger : DiffieHellmanGroups.allDefaultGroups()) {
                        try {
                            this.dhKeyPairGen.initialize(new DHParameterSpec(bigInteger, TWO));
                            this.dhKeyAgreement.init(this.dhKeyPairGen.generateKeyPair().getPrivate());
                            if (minSupportedSize == -1) {
                                minSupportedSize = bigInteger.bitLength();
                            }
                            maxSupportedSize = bigInteger.bitLength();
                        } catch (Exception e) {
                        }
                    }
                    if (maxSupportedSize == -1) {
                        throw new IllegalStateException("The diffie hellman algorithm does not appear to be configured correctly on this machine");
                    }
                    if (Log.isInfoEnabled()) {
                        Log.info(String.format("The supported DH prime range is %d to %d bits", Integer.valueOf(minSupportedSize), Integer.valueOf(maxSupportedSize)), new Object[0]);
                    }
                } else {
                    minSupportedSize = SftpFileAttributes.S_ISGID;
                    maxSupportedSize = 8192;
                    if (Log.isInfoEnabled()) {
                        Log.info(String.format("Using BC for DH; prime range is %d to %d bits", Integer.valueOf(minSupportedSize), Integer.valueOf(maxSupportedSize)), new Object[0]);
                    }
                }
            }
        } catch (Throwable th) {
            throw new IllegalStateException(th.getMessage(), th);
        }
    }
}
