package ch.ethz.ssh2.transport;

import a1.g;
import ch.ethz.ssh2.ConnectionInfo;
import ch.ethz.ssh2.a;
import ch.ethz.ssh2.auth.ServerAuthenticationManager;
import ch.ethz.ssh2.crypto.KeyMaterial;
import ch.ethz.ssh2.crypto.cipher.BlockCipherFactory;
import ch.ethz.ssh2.crypto.dh.DhExchange;
import ch.ethz.ssh2.crypto.digest.MAC;
import ch.ethz.ssh2.packets.PacketKexDHInit;
import ch.ethz.ssh2.packets.PacketKexDHReply;
import ch.ethz.ssh2.packets.PacketKexInit;
import ch.ethz.ssh2.server.ServerConnectionState;
import ch.ethz.ssh2.signature.DSASHA1Verify;
import ch.ethz.ssh2.signature.RSASHA1Verify;
import java.io.IOException;

/* loaded from: classes.dex */
public class ServerKexManager extends KexManager {
    private boolean authenticationStarted;
    private final ServerConnectionState state;

    public ServerKexManager(ServerConnectionState serverConnectionState) {
        super(serverConnectionState.tm, serverConnectionState.csh, serverConnectionState.next_cryptoWishList, serverConnectionState.generator);
        this.authenticationStarted = false;
        this.state = serverConnectionState;
    }

    @Override // ch.ethz.ssh2.transport.MessageHandler
    public void handleMessage(byte[] bArr, int i3) {
        if (bArr == null) {
            synchronized (this.accessLock) {
                this.connectionClosed = true;
                this.accessLock.notifyAll();
            }
            return;
        }
        KexState kexState = this.kxs;
        if (kexState == null && bArr[0] != 20) {
            throw new IOException(a.i(g.k("Unexpected KEX message (type "), bArr[0], ")"));
        }
        if (this.ignore_next_kex_packet) {
            this.ignore_next_kex_packet = false;
            return;
        }
        byte b3 = bArr[0];
        if (b3 == 20) {
            if (kexState != null && kexState.state != 0) {
                throw new IOException("Unexpected SSH_MSG_KEXINIT message during on-going kex exchange!");
            }
            if (kexState == null) {
                KexState kexState2 = new KexState();
                this.kxs = kexState2;
                kexState2.local_dsa_key = this.nextKEXdsakey;
                kexState2.local_rsa_key = this.nextKEXrsakey;
                kexState2.dhgexParameters = this.nextKEXdhgexParameters;
                PacketKexInit packetKexInit = new PacketKexInit(this.nextKEXcryptoWishList, this.rnd);
                this.kxs.localKEX = packetKexInit;
                this.tm.sendKexMessage(packetKexInit.getPayload());
            }
            PacketKexInit packetKexInit2 = new PacketKexInit(bArr, 0, i3);
            KexState kexState3 = this.kxs;
            kexState3.remoteKEX = packetKexInit2;
            kexState3.np = mergeKexParameters(packetKexInit2.getKexParameters(), this.kxs.localKEX.getKexParameters());
            KexState kexState4 = this.kxs;
            if (kexState4.np == null) {
                throw new IOException("Cannot negotiate, proposals do not match.");
            }
            if (kexState4.remoteKEX.isFirst_kex_packet_follows() && !this.kxs.np.guessOK) {
                this.ignore_next_kex_packet = true;
            }
            if (!this.kxs.np.kex_algo.equals("diffie-hellman-group1-sha1") && !this.kxs.np.kex_algo.equals("diffie-hellman-group14-sha1")) {
                throw new IllegalStateException("Unkown KEX method!");
            }
            this.kxs.dhx = new DhExchange("SHA1");
            if (this.kxs.np.kex_algo.equals("diffie-hellman-group1-sha1")) {
                this.kxs.dhx.serverInit(1, this.rnd);
            } else {
                this.kxs.dhx.serverInit(14, this.rnd);
            }
            this.kxs.state = 1;
            return;
        }
        byte[] bArr2 = null;
        if (b3 == 21) {
            KeyMaterial keyMaterial = this.km;
            if (keyMaterial == null) {
                throw new IOException("Peer sent SSH_MSG_NEWKEYS, but I have no key material ready!");
            }
            try {
                this.tm.changeRecvCipher(BlockCipherFactory.createCipher(kexState.np.enc_algo_client_to_server, false, keyMaterial.enc_key_client_to_server, keyMaterial.initial_iv_client_to_server), new MAC(this.kxs.np.mac_algo_client_to_server, this.km.integrity_key_client_to_server));
                ConnectionInfo connectionInfo = new ConnectionInfo();
                int i4 = this.kexCount + 1;
                this.kexCount = i4;
                KexState kexState5 = this.kxs;
                NegotiatedParameters negotiatedParameters = kexState5.np;
                connectionInfo.keyExchangeAlgorithm = negotiatedParameters.kex_algo;
                connectionInfo.keyExchangeCounter = i4;
                connectionInfo.clientToServerCryptoAlgorithm = negotiatedParameters.enc_algo_client_to_server;
                connectionInfo.serverToClientCryptoAlgorithm = negotiatedParameters.enc_algo_server_to_client;
                connectionInfo.clientToServerMACAlgorithm = negotiatedParameters.mac_algo_client_to_server;
                connectionInfo.serverToClientMACAlgorithm = negotiatedParameters.mac_algo_server_to_client;
                connectionInfo.serverHostKeyAlgorithm = negotiatedParameters.server_host_key_algo;
                connectionInfo.serverHostKey = kexState5.remote_hostkey;
                synchronized (this.accessLock) {
                    this.lastConnInfo = connectionInfo;
                    this.accessLock.notifyAll();
                }
                this.kxs = null;
                return;
            } catch (IllegalArgumentException unused) {
                throw new IOException("Fatal error during MAC startup!");
            }
        }
        if (kexState == null || kexState.state == 0) {
            throw new IOException("Unexpected Kex submessage!");
        }
        if ((!kexState.np.kex_algo.equals("diffie-hellman-group1-sha1") && !this.kxs.np.kex_algo.equals("diffie-hellman-group14-sha1")) || this.kxs.state != 1) {
            throw new IllegalStateException(g.h(g.k("Unkown KEX method! ("), this.kxs.np.kex_algo, ")"));
        }
        this.kxs.dhx.setE(new PacketKexDHInit(bArr, 0, i3).getE());
        byte[] encodeSSHRSAPublicKey = this.kxs.np.server_host_key_algo.equals("ssh-rsa") ? RSASHA1Verify.encodeSSHRSAPublicKey(this.kxs.local_rsa_key.getPublicKey()) : null;
        if (this.kxs.np.server_host_key_algo.equals("ssh-dss")) {
            encodeSSHRSAPublicKey = DSASHA1Verify.encodeSSHDSAPublicKey(this.kxs.local_dsa_key.getPublicKey());
        }
        try {
            KexState kexState6 = this.kxs;
            kexState6.H = kexState6.dhx.calculateH(this.csh.getClientString(), this.csh.getServerString(), this.kxs.remoteKEX.getPayload(), this.kxs.localKEX.getPayload(), encodeSSHRSAPublicKey);
            KexState kexState7 = this.kxs;
            kexState7.K = kexState7.dhx.getK();
            if (this.kxs.np.server_host_key_algo.equals("ssh-rsa")) {
                KexState kexState8 = this.kxs;
                bArr2 = RSASHA1Verify.encodeSSHRSASignature(RSASHA1Verify.generateSignature(kexState8.H, kexState8.local_rsa_key));
            }
            if (this.kxs.np.server_host_key_algo.equals("ssh-dss")) {
                KexState kexState9 = this.kxs;
                bArr2 = DSASHA1Verify.encodeSSHDSASignature(DSASHA1Verify.generateSignature(kexState9.H, kexState9.local_dsa_key, this.rnd));
            }
            this.tm.sendKexMessage(new PacketKexDHReply(encodeSSHRSAPublicKey, this.kxs.dhx.getF(), bArr2).getPayload());
            finishKex(false);
            this.kxs.state = -1;
            if (this.authenticationStarted) {
                return;
            }
            this.authenticationStarted = true;
            ServerConnectionState serverConnectionState = this.state;
            serverConnectionState.am = new ServerAuthenticationManager(serverConnectionState);
        } catch (IllegalArgumentException e3) {
            throw new IOException("KEX error.", e3);
        }
    }
}
