package com.maverick.ssh.components.jce.client;

import com.maverick.ssh.SshException;
import com.maverick.ssh.components.ComponentManager;
import com.maverick.ssh.components.DiffieHellmanGroups;
import com.maverick.ssh.components.Digest;
import com.maverick.ssh.components.jce.AbstractKeyExchange;
import com.maverick.ssh.components.jce.JCEProvider;
import com.maverick.ssh2.SshKeyExchangeClient;
import com.maverick.util.ByteArrayReader;
import com.maverick.util.ByteArrayWriter;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.spec.InvalidKeySpecException;
import javax.crypto.KeyAgreement;
import javax.crypto.interfaces.DHPublicKey;
import javax.crypto.spec.DHParameterSpec;
import javax.crypto.spec.DHPublicKeySpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/maverick/ssh/components/jce/client/DiffieHellmanGroupExchangeSha1.class */
public class DiffieHellmanGroupExchangeSha1 extends SshKeyExchangeClient implements AbstractKeyExchange {
    public static final String DIFFIE_HELLMAN_GROUP_EXCHANGE_SHA1 = "diffie-hellman-group-exchange-sha1";
    static final int SSH_MSG_KEXDH_GEX_REQUEST_OLD = 30;
    static final int SSH_MSG_KEXDH_GEX_GROUP = 31;
    static final int SSH_MSG_KEXDH_GEX_INIT = 32;
    static final int SSH_MSG_KEXDH_GEX_REPLY = 33;
    static final int SSH_MSG_KEXDH_GEX_REQUEST = 34;
    BigInteger g;
    BigInteger p;
    BigInteger e;
    BigInteger f;
    BigInteger y;
    String clientId;
    String serverId;
    byte[] clientKexInit;
    byte[] serverKexInit;
    KeyPairGenerator dhKeyPairGen;
    KeyAgreement dhKeyAgreement;
    KeyFactory dhKeyFactory;
    KeyPair dhKeyPair;
    private static Logger log = LoggerFactory.getLogger(DiffieHellmanGroupExchangeSha1.class);
    static final BigInteger ONE = BigInteger.valueOf(1);
    static final BigInteger TWO = BigInteger.valueOf(2);
    static int maxSupportedSize = -1;
    static int minSupportedSize = -1;

    public DiffieHellmanGroupExchangeSha1() {
        this("SHA-1");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public DiffieHellmanGroupExchangeSha1(String str) {
        super(str);
        this.g = TWO;
        this.e = null;
        this.f = null;
        this.y = null;
    }

    @Override // com.maverick.ssh2.SshKeyExchangeClient
    public boolean isKeyExchangeMessage(int i) {
        switch (i) {
            case 30:
            case 31:
            case 32:
            case 33:
            case 34:
                return true;
            default:
                return false;
        }
    }

    @Override // com.maverick.ssh2.SshKeyExchangeClient
    public String getAlgorithm() {
        return "diffie-hellman-group-exchange-sha1";
    }

    public void test() {
        try {
            ComponentManager.getInstance().supportedDigests().getInstance(getHashAlgorithm());
            initCrypto();
            if (minSupportedSize == -1) {
                Provider provider = this.dhKeyAgreement.getProvider();
                if (provider != null && provider.getName().equals("BC")) {
                    minSupportedSize = 1024;
                    maxSupportedSize = 8192;
                    if (log.isInfoEnabled()) {
                        log.info(String.format("Using BC for DH; prime range is %d to %d bits", Integer.valueOf(minSupportedSize), Integer.valueOf(maxSupportedSize)));
                        return;
                    }
                    return;
                }
                for (BigInteger bigInteger : DiffieHellmanGroups.allDefaultGroups()) {
                    try {
                        this.dhKeyPairGen.initialize(new DHParameterSpec(bigInteger, this.g));
                        this.dhKeyAgreement.init(this.dhKeyPairGen.generateKeyPair().getPrivate());
                        if (minSupportedSize == -1) {
                            minSupportedSize = bigInteger.bitLength();
                        }
                        maxSupportedSize = bigInteger.bitLength();
                    } catch (Exception e) {
                    }
                }
                if (maxSupportedSize == -1) {
                    throw new IllegalStateException("The diffie hellman algorithm does not appear to be configured correctly on this machine");
                }
                if (maxSupportedSize < 2048) {
                    throw new IllegalStateException(String.format("The maximum supported DH prime is %d bits which is smaller than this algorithm requires", Integer.valueOf(maxSupportedSize)));
                }
                if (log.isInfoEnabled()) {
                    log.info(String.format("The supported DH prime range is %d to %d bits", Integer.valueOf(minSupportedSize), Integer.valueOf(maxSupportedSize)));
                }
            }
        } catch (Throwable th) {
            throw new IllegalStateException(th.getMessage(), th);
        }
    }

    void initCrypto() throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException {
        this.dhKeyFactory = JCEProvider.getDHKeyFactory();
        this.dhKeyPairGen = JCEProvider.getDHKeyGenerator();
        this.dhKeyAgreement = JCEProvider.getDHKeyAgreement();
    }

    private int maybeLog(String str, int i) {
        if (log.isDebugEnabled()) {
            log.debug(String.format("%s size is %d", str, Integer.valueOf(i)));
        }
        return i;
    }

    @Override // com.maverick.ssh2.SshKeyExchangeClient
    public void performClientExchange(String str, String str2, byte[] bArr, byte[] bArr2) throws SshException {
        try {
            initCrypto();
            ByteArrayWriter byteArrayWriter = new ByteArrayWriter();
            try {
                try {
                    this.clientId = str;
                    this.serverId = str2;
                    this.clientKexInit = bArr;
                    this.serverKexInit = bArr2;
                    boolean z = !this.transport.getContext().isDHGroupExchangeBackwardsCompatible();
                    int maybeLog = maybeLog("Minimum DH prime", Math.min(maxSupportedSize, Math.max(this.transport.getContext().getMinDHGroupSize(), 1024)));
                    int maybeLog2 = maybeLog("Preferred DH prime", Math.min(maxSupportedSize, this.transport.getContext().getDHGroupExchangeKeySize()));
                    int maybeLog3 = maybeLog("Maximum DH prime", Math.min(maxSupportedSize, this.transport.getContext().getMaxDHGroupSize()));
                    byteArrayWriter.write(z ? 34 : 30);
                    if (z) {
                        byteArrayWriter.writeInt(maybeLog);
                        byteArrayWriter.writeInt(maybeLog2);
                        byteArrayWriter.writeInt(maybeLog3);
                    } else {
                        byteArrayWriter.writeInt(Math.min(maxSupportedSize, maybeLog2));
                    }
                    if (log.isDebugEnabled()) {
                        log.debug("Sending " + (z ? "SSH_MSG_KEXDH_GEX_REQUEST" : "SSH_MSG_KEXDH_GEX_REQUEST_OLD"));
                    }
                    this.transport.sendMessage(byteArrayWriter.toByteArray(), true);
                    byte[] nextMessage = this.transport.nextMessage(0L);
                    if (nextMessage[0] != 31) {
                        this.transport.disconnect(3, "Expected SSH_MSG_KEX_GEX_GROUP");
                        throw new SshException("Key exchange failed: Expected SSH_MSG_KEX_GEX_GROUP [id=" + ((int) nextMessage[0]) + "]", 9);
                    }
                    if (log.isDebugEnabled()) {
                        log.debug("Received SSH_MSG_KEXDH_GEX_GROUP");
                    }
                    ByteArrayReader byteArrayReader = new ByteArrayReader(nextMessage, 1, nextMessage.length - 1);
                    try {
                        this.p = byteArrayReader.readBigInteger();
                        this.g = byteArrayReader.readBigInteger();
                        if (log.isDebugEnabled()) {
                            log.debug(String.format("Received %d bit DH prime with group %s", Integer.valueOf(this.p.bitLength()), this.g.toString(16)));
                        }
                        if (this.p.bitLength() > maxSupportedSize) {
                            throw new SshException(String.format("Server sent a prime larger than our configuration can handle! p=%d, max=%d", Integer.valueOf(this.p.bitLength()), Integer.valueOf(maxSupportedSize)), 5);
                        }
                        if (this.g.compareTo(BigInteger.ONE) <= 0) {
                            throw new SshException("Invalid DH g value [" + this.g.toString(16) + "]", 3);
                        }
                        if (this.p.bitLength() < Math.max(this.transport.getContext().getMinDHGroupSize(), 1024)) {
                            throw new SshException("Minimum DH p value not provided [" + this.p.bitLength() + "]", 3);
                        }
                        int i = 3;
                        while (i != 0) {
                            try {
                                i--;
                                try {
                                    this.dhKeyPairGen.initialize(new DHParameterSpec(this.p, this.g));
                                    KeyPair generateKeyPair = this.dhKeyPairGen.generateKeyPair();
                                    this.dhKeyAgreement.init(generateKeyPair.getPrivate());
                                    this.e = ((DHPublicKey) generateKeyPair.getPublic()).getY();
                                    if (DiffieHellmanGroups.verifyParameters(this.e, this.p)) {
                                        byteArrayWriter.reset();
                                        byteArrayWriter.write(32);
                                        byteArrayWriter.writeBigInteger(this.e);
                                        if (log.isDebugEnabled()) {
                                            log.debug("Sending SSH_MSG_KEXDH_GEX_INIT");
                                        }
                                        this.transport.sendMessage(byteArrayWriter.toByteArray(), true);
                                        byte[] nextMessage2 = this.transport.nextMessage(0L);
                                        if (nextMessage2[0] != 33) {
                                            this.transport.disconnect(3, "Expected SSH_MSG_KEXDH_GEX_REPLY");
                                            throw new SshException("Key exchange failed: Expected SSH_MSG_KEXDH_GEX_REPLY [id=" + ((int) nextMessage2[0]) + "]", 5);
                                        }
                                        if (log.isDebugEnabled()) {
                                            log.debug("Received SSH_MSG_KEXDH_GEX_REPLY");
                                        }
                                        byteArrayReader = new ByteArrayReader(nextMessage2, 1, nextMessage2.length - 1);
                                        this.hostKey = byteArrayReader.readBinaryString();
                                        this.f = byteArrayReader.readBigInteger();
                                        this.signature = byteArrayReader.readBinaryString();
                                        if (log.isTraceEnabled()) {
                                            log.trace("P: " + this.p.toString(16));
                                            log.trace("G: " + this.g.toString(16));
                                            log.trace("F: " + this.f.toString(16));
                                            log.trace("E: " + this.e.toString(16));
                                        }
                                        if (log.isDebugEnabled()) {
                                            log.debug("Verifying server DH parameters");
                                        }
                                        if (!DiffieHellmanGroups.verifyParameters(this.f, this.p)) {
                                            throw new SshException(String.format("Key exchange detected invalid f value %s", this.f.toString(16)), 3);
                                        }
                                        if (log.isDebugEnabled()) {
                                            log.debug("Verified DH parameters. Performing DH calculations");
                                        }
                                        this.dhKeyAgreement.doPhase((DHPublicKey) this.dhKeyFactory.generatePublic(new DHPublicKeySpec(this.f, this.p, this.g)), true);
                                        byte[] generateSecret = this.dhKeyAgreement.generateSecret();
                                        if ((generateSecret[0] & 128) == 128) {
                                            byte[] bArr3 = new byte[generateSecret.length + 1];
                                            System.arraycopy(generateSecret, 0, bArr3, 1, generateSecret.length);
                                            generateSecret = bArr3;
                                        }
                                        this.secret = new BigInteger(generateSecret);
                                        if (log.isDebugEnabled()) {
                                            log.debug("Verifying calculated DH parameters");
                                        }
                                        if (!DiffieHellmanGroups.verifyParameters(this.secret, this.p)) {
                                            throw new SshException(String.format("Key exchange detected invalid k value %s", this.e.toString(16)), 3);
                                        }
                                        if (log.isDebugEnabled()) {
                                            log.debug("Calculating exchange hash");
                                        }
                                        calculateExchangeHash(z, maybeLog, maybeLog2, maybeLog3);
                                        if (log.isDebugEnabled()) {
                                            log.debug("Completed key exchange calculations");
                                        }
                                        try {
                                            return;
                                        } catch (IOException e) {
                                            return;
                                        }
                                    }
                                } catch (InvalidAlgorithmParameterException e2) {
                                    throw new SshException("Failed to generate DH value: " + e2.getMessage(), 16, e2);
                                }
                            } finally {
                                try {
                                    byteArrayReader.close();
                                } catch (IOException e3) {
                                }
                            }
                        }
                        this.transport.disconnect(3, "Failed to generate key exchange value");
                        throw new SshException("Key exchange failed to generate e value", 5);
                    } finally {
                        try {
                            byteArrayReader.close();
                        } catch (IOException e4) {
                        }
                    }
                } finally {
                    try {
                        byteArrayWriter.close();
                    } catch (IOException e5) {
                    }
                }
            } catch (IOException | InvalidKeyException | InvalidKeySpecException e6) {
                log.error("Key exchange failed", e6);
                throw new SshException("Failed to read SSH_MSG_KEXDH_REPLY", 5);
            }
        } catch (Exception e7) {
            throw new SshException(e7, 16);
        }
    }

    public String getProvider() {
        return this.dhKeyAgreement != null ? this.dhKeyAgreement.getProvider().getName() : "";
    }

    protected void calculateExchangeHash(boolean z, int i, int i2, int i3) throws SshException {
        Digest digest = (Digest) ComponentManager.getInstance().supportedDigests().getInstance(getHashAlgorithm());
        digest.putString(this.clientId);
        digest.putString(this.serverId);
        digest.putInt(this.clientKexInit.length);
        digest.putBytes(this.clientKexInit);
        digest.putInt(this.serverKexInit.length);
        digest.putBytes(this.serverKexInit);
        digest.putInt(this.hostKey.length);
        digest.putBytes(this.hostKey);
        if (z) {
            digest.putInt(i);
            digest.putInt(i2);
            digest.putInt(i3);
        } else {
            digest.putInt(i2);
        }
        digest.putBigInteger(this.p);
        digest.putBigInteger(this.g);
        digest.putBigInteger(this.e);
        digest.putBigInteger(this.f);
        digest.putBigInteger(this.secret);
        this.exchangeHash = digest.doFinal();
    }
}
