package ch.ethz.ssh2.transport;

import ch.ethz.ssh2.ConnectionInfo;
import ch.ethz.ssh2.auth.ServerAuthenticationManager;
import ch.ethz.ssh2.crypto.KeyMaterial;
import ch.ethz.ssh2.crypto.cipher.BlockCipherFactory;
import ch.ethz.ssh2.crypto.dh.DhExchange;
import ch.ethz.ssh2.crypto.digest.MAC;
import ch.ethz.ssh2.packets.PacketKexDHInit;
import ch.ethz.ssh2.packets.PacketKexDHReply;
import ch.ethz.ssh2.packets.PacketKexInit;
import ch.ethz.ssh2.packets.TypesWriter;
import ch.ethz.ssh2.signature.DSAPrivateKey;
import ch.ethz.ssh2.signature.DSAPublicKey;
import ch.ethz.ssh2.signature.DSASHA1Verify;
import ch.ethz.ssh2.signature.RSAPrivateKey;
import ch.ethz.ssh2.signature.RSAPublicKey;
import ch.ethz.ssh2.signature.RSASHA1Verify;
import e.a.a.a.a;
import java.io.IOException;
import java.math.BigInteger;

/* loaded from: classes.dex */
public class ServerKexManager extends KexManager {
    public boolean q;

    @Override // ch.ethz.ssh2.transport.MessageHandler
    public void a(byte[] bArr, int i) {
        byte[] bArr2;
        byte[] bArr3;
        if (bArr == null) {
            synchronized (this.g) {
                this.i = true;
                this.g.notifyAll();
            }
            return;
        }
        KexState kexState = this.f1496b;
        if (kexState == null && bArr[0] != 20) {
            StringBuilder i2 = a.i("Unexpected KEX message (type ");
            i2.append((int) bArr[0]);
            i2.append(")");
            throw new IOException(i2.toString());
        }
        if (this.j) {
            this.j = false;
            return;
        }
        if (bArr[0] == 20) {
            if (kexState != null && kexState.f1510d != 0) {
                throw new IOException("Unexpected SSH_MSG_KEXINIT message during on-going kex exchange!");
            }
            if (kexState == null) {
                KexState kexState2 = new KexState();
                this.f1496b = kexState2;
                kexState2.k = this.n;
                kexState2.l = this.o;
                kexState2.j = this.m;
                PacketKexInit packetKexInit = new PacketKexInit(this.l, this.p);
                this.f1496b.f1507a = packetKexInit;
                this.k.i(packetKexInit.a());
            }
            PacketKexInit packetKexInit2 = new PacketKexInit(bArr, 0, i);
            KexState kexState3 = this.f1496b;
            kexState3.f1508b = packetKexInit2;
            kexState3.f1509c = e(packetKexInit2.f1434b, kexState3.f1507a.f1434b);
            KexState kexState4 = this.f1496b;
            NegotiatedParameters negotiatedParameters = kexState4.f1509c;
            if (negotiatedParameters == null) {
                throw new IOException("Cannot negotiate, proposals do not match.");
            }
            if (kexState4.f1508b.f1434b.l && !negotiatedParameters.f1513a) {
                this.j = true;
            }
            if (!negotiatedParameters.f1514b.equals("diffie-hellman-group1-sha1") && !this.f1496b.f1509c.f1514b.equals("diffie-hellman-group14-sha1")) {
                throw new IllegalStateException("Unkown KEX method!");
            }
            this.f1496b.h = new DhExchange("SHA1");
            if (this.f1496b.f1509c.f1514b.equals("diffie-hellman-group1-sha1")) {
                this.f1496b.h.b(1, this.p);
            } else {
                this.f1496b.h.b(14, this.p);
            }
            this.f1496b.f1510d = 1;
            return;
        }
        if (bArr[0] == 21) {
            KeyMaterial keyMaterial = this.f1498d;
            if (keyMaterial == null) {
                throw new IOException("Peer sent SSH_MSG_NEWKEYS, but I have no key material ready!");
            }
            try {
                this.k.a(BlockCipherFactory.a(kexState.f1509c.f1516d, false, keyMaterial.f1310c, keyMaterial.f1308a), new MAC(this.f1496b.f1509c.f1518f, this.f1498d.f1312e));
                ConnectionInfo connectionInfo = new ConnectionInfo();
                int i3 = this.f1497c + 1;
                this.f1497c = i3;
                KexState kexState5 = this.f1496b;
                NegotiatedParameters negotiatedParameters2 = kexState5.f1509c;
                String str = negotiatedParameters2.f1514b;
                connectionInfo.f1253c = i3;
                connectionInfo.f1251a = negotiatedParameters2.f1515c;
                connectionInfo.f1252b = kexState5.g;
                synchronized (this.g) {
                    this.h = connectionInfo;
                    this.g.notifyAll();
                }
                this.f1496b = null;
                return;
            } catch (IllegalArgumentException unused) {
                throw new IOException("Fatal error during MAC startup!");
            }
        }
        if (kexState == null || kexState.f1510d == 0) {
            throw new IOException("Unexpected Kex submessage!");
        }
        if ((!kexState.f1509c.f1514b.equals("diffie-hellman-group1-sha1") && !this.f1496b.f1509c.f1514b.equals("diffie-hellman-group14-sha1")) || this.f1496b.f1510d != 1) {
            throw new IllegalStateException(a.g(a.i("Unkown KEX method! ("), this.f1496b.f1509c.f1514b, ")"));
        }
        PacketKexDHInit packetKexDHInit = new PacketKexDHInit(bArr, 0, i);
        DhExchange dhExchange = this.f1496b.h;
        BigInteger bigInteger = packetKexDHInit.f1413b;
        if (dhExchange.j == null) {
            throw new IllegalStateException("DhDsaExchange not initialized!");
        }
        if (BigInteger.ZERO.compareTo(bigInteger) >= 0 || dhExchange.g.compareTo(bigInteger) <= 0) {
            throw new IllegalArgumentException("Invalid e specified!");
        }
        dhExchange.h = bigInteger;
        dhExchange.l = bigInteger.modPow(dhExchange.k, dhExchange.g);
        if (this.f1496b.f1509c.f1515c.equals("ssh-rsa")) {
            RSAPrivateKey rSAPrivateKey = this.f1496b.l;
            bArr2 = RSASHA1Verify.a(new RSAPublicKey(rSAPrivateKey.f1487b, rSAPrivateKey.f1488c));
        } else {
            bArr2 = null;
        }
        if (this.f1496b.f1509c.f1515c.equals("ssh-dss")) {
            DSAPrivateKey dSAPrivateKey = this.f1496b.k;
            bArr2 = DSASHA1Verify.a(new DSAPublicKey(dSAPrivateKey.f1474a, dSAPrivateKey.f1475b, dSAPrivateKey.f1476c, dSAPrivateKey.f1478e));
        }
        try {
            KexState kexState6 = this.f1496b;
            kexState6.f1512f = kexState6.h.a(this.f1500f.a(), this.f1500f.b(), this.f1496b.f1508b.a(), this.f1496b.f1507a.a(), bArr2);
            KexState kexState7 = this.f1496b;
            BigInteger bigInteger2 = kexState7.h.l;
            if (bigInteger2 == null) {
                throw new IllegalStateException("Shared secret not yet known, need f first!");
            }
            kexState7.f1511e = bigInteger2;
            if (kexState7.f1509c.f1515c.equals("ssh-rsa")) {
                KexState kexState8 = this.f1496b;
                bArr3 = RSASHA1Verify.b(RSASHA1Verify.c(kexState8.f1512f, kexState8.l));
            } else {
                bArr3 = null;
            }
            if (this.f1496b.f1509c.f1515c.equals("ssh-dss")) {
                KexState kexState9 = this.f1496b;
                bArr3 = DSASHA1Verify.b(DSASHA1Verify.c(kexState9.f1512f, kexState9.k, this.p));
            }
            BigInteger bigInteger3 = this.f1496b.h.j;
            if (bigInteger3 == null) {
                throw new IllegalStateException("DhDsaExchange not initialized!");
            }
            PacketKexDHReply packetKexDHReply = new PacketKexDHReply(bArr2, bigInteger3, bArr3);
            TransportManager transportManager = this.k;
            if (packetKexDHReply.f1414a == null) {
                TypesWriter b2 = a.b(31);
                byte[] bArr4 = packetKexDHReply.f1415b;
                int length = bArr4.length;
                b2.i(length);
                b2.e(bArr4, 0, length);
                b2.f(packetKexDHReply.f1416c);
                byte[] bArr5 = packetKexDHReply.f1417d;
                int length2 = bArr5.length;
                b2.i(length2);
                b2.e(bArr5, 0, length2);
                packetKexDHReply.f1414a = b2.a();
            }
            transportManager.i(packetKexDHReply.f1414a);
            c(false);
            this.f1496b.f1510d = -1;
            if (this.q) {
                return;
            }
            this.q = true;
            new ServerAuthenticationManager(null);
            throw null;
        } catch (IllegalArgumentException e2) {
            throw new IOException("KEX error.", e2);
        }
    }
}
