package ch.ethz.ssh2.transport;

import ch.ethz.ssh2.ConnectionInfo;
import ch.ethz.ssh2.DHGexParameters;
import ch.ethz.ssh2.crypto.CryptoWishList;
import ch.ethz.ssh2.crypto.KeyMaterial;
import ch.ethz.ssh2.crypto.cipher.BlockCipherFactory;
import ch.ethz.ssh2.crypto.digest.MAC;
import ch.ethz.ssh2.log.Logger;
import ch.ethz.ssh2.packets.PacketKexInit;
import ch.ethz.ssh2.packets.PacketNewKeys;
import ch.ethz.ssh2.signature.DSAPrivateKey;
import ch.ethz.ssh2.signature.RSAPrivateKey;
import java.io.IOException;
import java.security.SecureRandom;

/* loaded from: input_file:ch/ethz/ssh2/transport/KexManager.class */
public abstract class KexManager implements MessageHandler {
    protected static final Logger log = Logger.getLogger(KexManager.class);
    KexState kxs;
    KeyMaterial km;
    byte[] sessionId;
    ClientServerHello csh;
    final TransportManager tm;
    CryptoWishList nextKEXcryptoWishList;
    DSAPrivateKey nextKEXdsakey;
    RSAPrivateKey nextKEXrsakey;
    final SecureRandom rnd;
    int kexCount = 0;
    final Object accessLock = new Object();
    ConnectionInfo lastConnInfo = null;
    boolean connectionClosed = false;
    boolean ignore_next_kex_packet = false;
    DHGexParameters nextKEXdhgexParameters = new DHGexParameters();

    public KexManager(TransportManager transportManager, ClientServerHello clientServerHello, CryptoWishList cryptoWishList, SecureRandom secureRandom) {
        this.tm = transportManager;
        this.csh = clientServerHello;
        this.nextKEXcryptoWishList = cryptoWishList;
        this.rnd = secureRandom;
    }

    public ConnectionInfo getOrWaitForConnectionInfo(int i) throws IOException {
        ConnectionInfo connectionInfo;
        boolean z = false;
        try {
            synchronized (this.accessLock) {
                while (true) {
                    if (this.lastConnInfo != null && this.lastConnInfo.keyExchangeCounter >= i) {
                        connectionInfo = this.lastConnInfo;
                    } else {
                        if (this.connectionClosed) {
                            throw ((IOException) new IOException("Key exchange was not finished, connection is closed.").initCause(this.tm.getReasonClosedCause()));
                        }
                        try {
                            this.accessLock.wait();
                        } catch (InterruptedException e) {
                            z = true;
                        }
                    }
                }
            }
            return connectionInfo;
        } finally {
            if (z) {
                Thread.currentThread().interrupt();
            }
        }
    }

    private String getFirstMatch(String[] strArr, String[] strArr2) throws NegotiateException {
        if (strArr == null || strArr2 == null) {
            throw new IllegalArgumentException();
        }
        if (strArr.length == 0) {
            return null;
        }
        for (int i = 0; i < strArr.length; i++) {
            for (String str : strArr2) {
                if (strArr[i].equals(str)) {
                    return strArr[i];
                }
            }
        }
        throw new NegotiateException();
    }

    private boolean compareFirstOfNameList(String[] strArr, String[] strArr2) {
        if (strArr == null || strArr2 == null) {
            throw new IllegalArgumentException();
        }
        if (strArr.length == 0 && strArr2.length == 0) {
            return true;
        }
        if (strArr.length == 0 || strArr2.length == 0) {
            return false;
        }
        return strArr[0].equals(strArr2[0]);
    }

    private boolean isGuessOK(KexParameters kexParameters, KexParameters kexParameters2) {
        if (kexParameters == null || kexParameters2 == null) {
            throw new IllegalArgumentException();
        }
        return compareFirstOfNameList(kexParameters.kex_algorithms, kexParameters2.kex_algorithms) && compareFirstOfNameList(kexParameters.server_host_key_algorithms, kexParameters2.server_host_key_algorithms);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public NegotiatedParameters mergeKexParameters(KexParameters kexParameters, KexParameters kexParameters2) {
        NegotiatedParameters negotiatedParameters = new NegotiatedParameters();
        try {
            negotiatedParameters.kex_algo = getFirstMatch(kexParameters.kex_algorithms, kexParameters2.kex_algorithms);
            log.info("kex_algo=" + negotiatedParameters.kex_algo);
            negotiatedParameters.server_host_key_algo = getFirstMatch(kexParameters.server_host_key_algorithms, kexParameters2.server_host_key_algorithms);
            log.info("server_host_key_algo=" + negotiatedParameters.server_host_key_algo);
            negotiatedParameters.enc_algo_client_to_server = getFirstMatch(kexParameters.encryption_algorithms_client_to_server, kexParameters2.encryption_algorithms_client_to_server);
            negotiatedParameters.enc_algo_server_to_client = getFirstMatch(kexParameters.encryption_algorithms_server_to_client, kexParameters2.encryption_algorithms_server_to_client);
            log.info("enc_algo_client_to_server=" + negotiatedParameters.enc_algo_client_to_server);
            log.info("enc_algo_server_to_client=" + negotiatedParameters.enc_algo_server_to_client);
            negotiatedParameters.mac_algo_client_to_server = getFirstMatch(kexParameters.mac_algorithms_client_to_server, kexParameters2.mac_algorithms_client_to_server);
            negotiatedParameters.mac_algo_server_to_client = getFirstMatch(kexParameters.mac_algorithms_server_to_client, kexParameters2.mac_algorithms_server_to_client);
            log.info("mac_algo_client_to_server=" + negotiatedParameters.mac_algo_client_to_server);
            log.info("mac_algo_server_to_client=" + negotiatedParameters.mac_algo_server_to_client);
            negotiatedParameters.comp_algo_client_to_server = getFirstMatch(kexParameters.compression_algorithms_client_to_server, kexParameters2.compression_algorithms_client_to_server);
            negotiatedParameters.comp_algo_server_to_client = getFirstMatch(kexParameters.compression_algorithms_server_to_client, kexParameters2.compression_algorithms_server_to_client);
            log.info("comp_algo_client_to_server=" + negotiatedParameters.comp_algo_client_to_server);
            log.info("comp_algo_server_to_client=" + negotiatedParameters.comp_algo_server_to_client);
            try {
                negotiatedParameters.lang_client_to_server = getFirstMatch(kexParameters.languages_client_to_server, kexParameters2.languages_client_to_server);
            } catch (NegotiateException e) {
                negotiatedParameters.lang_client_to_server = null;
            }
            try {
                negotiatedParameters.lang_server_to_client = getFirstMatch(kexParameters.languages_server_to_client, kexParameters2.languages_server_to_client);
            } catch (NegotiateException e2) {
                negotiatedParameters.lang_server_to_client = null;
            }
            if (isGuessOK(kexParameters, kexParameters2)) {
                negotiatedParameters.guessOK = true;
            }
            return negotiatedParameters;
        } catch (NegotiateException e3) {
            return null;
        }
    }

    public synchronized void initiateKEX(CryptoWishList cryptoWishList, DHGexParameters dHGexParameters, DSAPrivateKey dSAPrivateKey, RSAPrivateKey rSAPrivateKey) throws IOException {
        this.nextKEXcryptoWishList = cryptoWishList;
        this.nextKEXdhgexParameters = dHGexParameters;
        this.nextKEXdsakey = dSAPrivateKey;
        this.nextKEXrsakey = rSAPrivateKey;
        if (this.kxs == null) {
            this.kxs = new KexState();
            this.kxs.local_dsa_key = dSAPrivateKey;
            this.kxs.local_rsa_key = rSAPrivateKey;
            this.kxs.dhgexParameters = this.nextKEXdhgexParameters;
            this.kxs.localKEX = new PacketKexInit(this.nextKEXcryptoWishList, this.rnd);
            this.tm.sendKexMessage(this.kxs.localKEX.getPayload());
        }
    }

    private boolean establishKeyMaterial() {
        try {
            int keyLen = MAC.getKeyLen(this.kxs.np.mac_algo_client_to_server);
            int keySize = BlockCipherFactory.getKeySize(this.kxs.np.enc_algo_client_to_server);
            int blockSize = BlockCipherFactory.getBlockSize(this.kxs.np.enc_algo_client_to_server);
            int keyLen2 = MAC.getKeyLen(this.kxs.np.mac_algo_server_to_client);
            this.km = KeyMaterial.create("SHA1", this.kxs.H, this.kxs.K, this.sessionId, keySize, blockSize, keyLen, BlockCipherFactory.getKeySize(this.kxs.np.enc_algo_server_to_client), BlockCipherFactory.getBlockSize(this.kxs.np.enc_algo_server_to_client), keyLen2);
            return true;
        } catch (IllegalArgumentException e) {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void finishKex(boolean z) throws IOException {
        if (this.sessionId == null) {
            this.sessionId = this.kxs.H;
        }
        establishKeyMaterial();
        this.tm.sendKexMessage(new PacketNewKeys().getPayload());
        try {
            this.tm.changeSendCipher(BlockCipherFactory.createCipher(z ? this.kxs.np.enc_algo_client_to_server : this.kxs.np.enc_algo_server_to_client, true, z ? this.km.enc_key_client_to_server : this.km.enc_key_server_to_client, z ? this.km.initial_iv_client_to_server : this.km.initial_iv_server_to_client), new MAC(z ? this.kxs.np.mac_algo_client_to_server : this.kxs.np.mac_algo_server_to_client, z ? this.km.integrity_key_client_to_server : this.km.integrity_key_server_to_client));
            this.tm.kexFinished();
        } catch (IllegalArgumentException e) {
            throw new IOException("Fatal error during MAC startup!");
        }
    }

    public static final String[] getDefaultServerHostkeyAlgorithmList() {
        return new String[]{"ssh-rsa", "ssh-dss"};
    }

    public static final void checkServerHostkeyAlgorithmsList(String[] strArr) {
        for (int i = 0; i < strArr.length; i++) {
            if (!"ssh-rsa".equals(strArr[i]) && !"ssh-dss".equals(strArr[i])) {
                throw new IllegalArgumentException("Unknown server host key algorithm '" + strArr[i] + "'");
            }
        }
    }

    public static final String[] getDefaultClientKexAlgorithmList() {
        return new String[]{"diffie-hellman-group-exchange-sha1", "diffie-hellman-group14-sha1", "diffie-hellman-group1-sha1"};
    }

    public static final String[] getDefaultServerKexAlgorithmList() {
        return new String[]{"diffie-hellman-group14-sha1", "diffie-hellman-group1-sha1"};
    }

    public static final void checkKexAlgorithmList(String[] strArr) {
        for (int i = 0; i < strArr.length; i++) {
            if (!"diffie-hellman-group-exchange-sha1".equals(strArr[i]) && !"diffie-hellman-group14-sha1".equals(strArr[i]) && !"diffie-hellman-group1-sha1".equals(strArr[i])) {
                throw new IllegalArgumentException("Unknown kex algorithm '" + strArr[i] + "'");
            }
        }
    }
}
