package org.vngx.jsch.kex;

import java.util.concurrent.atomic.AtomicBoolean;
import org.vngx.jsch.Buffer;
import org.vngx.jsch.JSch;
import org.vngx.jsch.Packet;
import org.vngx.jsch.Session;
import org.vngx.jsch.UserInfo;
import org.vngx.jsch.Util;
import org.vngx.jsch.algorithm.AlgorithmManager;
import org.vngx.jsch.algorithm.Algorithms;
import org.vngx.jsch.algorithm.Random;
import org.vngx.jsch.config.SSHConfigConstants;
import org.vngx.jsch.constants.MessageConstants;
import org.vngx.jsch.constants.SSHConstants;
import org.vngx.jsch.constants.TransportLayerProtocol;
import org.vngx.jsch.exception.JSchException;
import org.vngx.jsch.util.HostKey;
import org.vngx.jsch.util.HostKeyRepository;
import org.vngx.jsch.util.Logger;

/* loaded from: classes.dex */
public final class KeyExchange {
    static final int KEX_COOKIE_LENGTH = 16;
    byte[] I_C;
    byte[] I_S;
    HostKey _hostKey;
    KexAlgorithm _kexAlg;
    KexProposal _proposal;
    final Session _session;
    final Buffer _buffer = new Buffer();
    final AtomicBoolean _inKeyExchange = new AtomicBoolean(false);

    public KeyExchange(Session session) {
        if (session == null) {
            throw new IllegalArgumentException("Session cannot be null");
        }
        this._session = session;
    }

    private void checkHost(KexAlgorithm kexAlgorithm) throws JSchException {
        HostKeyRepository.Check check;
        UserInfo userInfo = this._session.getUserInfo();
        String host = this._session.getHost();
        if (this._session.getHostKeyAlias() != null) {
            host = this._session.getHostKeyAlias();
        } else if (this._session.getPort() != 22) {
            host = "[" + host + "]:" + this._session.getPort();
        }
        HostKeyRepository hostKeyRepository = JSch.getInstance().getHostKeyRepository();
        synchronized (hostKeyRepository) {
            check = hostKeyRepository.check(host, kexAlgorithm.K_S);
        }
        boolean z = false;
        String string = this._session.getConfig().getString(SSHConfigConstants.STRICT_HOST_KEY_CHECKING);
        if (("ask".equals(string) || "yes".equals(string)) && check == HostKeyRepository.Check.CHANGED) {
            String knownHostsRepositoryID = hostKeyRepository.getKnownHostsRepositoryID() != null ? hostKeyRepository.getKnownHostsRepositoryID() : SSHConstants.KNOWN_HOSTS;
            if (userInfo != null) {
                if (!"ask".equals(string)) {
                    userInfo.showMessage(String.format(MessageConstants.INVALID_SERVER_HOST, kexAlgorithm._hostKeyType.DISPLAY_NAME, Util.getFingerPrint(kexAlgorithm.K_S), knownHostsRepositoryID));
                    throw new JSchException("HostKey has changed (StrictHostKeyChecking:yes): " + host);
                }
                if (!userInfo.promptYesNo(String.format(MessageConstants.PROMPT_REPLACE_KEY, kexAlgorithm._hostKeyType.DISPLAY_NAME, Util.getFingerPrint(kexAlgorithm.K_S), knownHostsRepositoryID))) {
                    throw new JSchException("HostKey has changed (StrictHostKeyChecking:ask): " + host);
                }
            }
            synchronized (hostKeyRepository) {
                hostKeyRepository.remove(host, kexAlgorithm._hostKeyType, null);
                z = true;
            }
        }
        if (("ask".equals(string) || "yes".equals(string)) && check != HostKeyRepository.Check.OK && !z) {
            if ("yes".equals(string)) {
                throw new JSchException("HostKey does not match known hosts (StrictHostKeyChecking:yes): " + host);
            }
            if (userInfo == null) {
                if (check != HostKeyRepository.Check.NOT_INCLUDED) {
                    throw new JSchException("HostKey has been changed (StrictHostKeyChecking:ask): " + host);
                }
                throw new JSchException("UnknownHostKey: " + host + ". " + kexAlgorithm._hostKeyType + " key fingerprint is " + Util.getFingerPrint(kexAlgorithm.K_S));
            }
            if (!userInfo.promptYesNo(String.format(MessageConstants.PROMPT_UNKNOWN_KEY, host, kexAlgorithm._hostKeyType.DISPLAY_NAME, Util.getFingerPrint(kexAlgorithm.K_S)))) {
                throw new JSchException("HostKey does not match known hosts (StrictHostKeyChecking:ask): " + host);
            }
            z = true;
        }
        if ("no".equals(string) && check == HostKeyRepository.Check.NOT_INCLUDED) {
            z = true;
        }
        if (check == HostKeyRepository.Check.OK && JSch.getLogger().isEnabled(Logger.Level.INFO)) {
            JSch.getLogger().log(Logger.Level.INFO, "Host '" + host + "' is known and matches the " + kexAlgorithm._hostKeyType + " host key");
        }
        if (z && JSch.getLogger().isEnabled(Logger.Level.WARN)) {
            JSch.getLogger().log(Logger.Level.WARN, "Permanently added '" + host + "' (" + kexAlgorithm._hostKeyType + ") to the list of known hosts.");
        }
        this._hostKey = HostKey.createHostKey(host, kexAlgorithm.K_S, this._session.getConfig().getBoolean(SSHConfigConstants.HASH_KNOWN_HOSTS));
        if (z) {
            synchronized (hostKeyRepository) {
                hostKeyRepository.add(this._hostKey, userInfo);
            }
        }
    }

    private void receiveKexInit(Buffer buffer) throws KexException {
        int i = buffer.getInt();
        if (i != buffer.getLength()) {
            buffer.getByte();
            this.I_S = new byte[buffer.getIndex() - 5];
        } else {
            this.I_S = new byte[(i - 1) - buffer.getByte()];
        }
        buffer.getBytes(this.I_S);
        if (!this._inKeyExchange.get()) {
            sendKexInit();
        }
        this._proposal = KexProposal.createProposal(this.I_S, this.I_C);
        if (JSch.getLogger().isEnabled(Logger.Level.DEBUG)) {
            JSch.getLogger().log(Logger.Level.DEBUG, this._proposal.toString());
        }
        if (!this._session.isAuthenticated() && ("none".equals(this._proposal.getCipherAlgCtoS()) || "none".equals(this._proposal.getCipherAlgStoC()))) {
            throw new KexException("Cipher 'none' cannot be used before authentication has succeeded");
        }
        try {
            JSch.getLogger().log(Logger.Level.INFO, "Kex method: " + this._proposal.getKexAlg());
            this._kexAlg = (KexAlgorithm) AlgorithmManager.getManager().createAlgorithm(this._proposal.getKexAlg(), this._session);
            this._kexAlg.init(this._session, this.I_C, this.I_S);
            do {
                try {
                    if (!this._kexAlg.next(this._session.read(this._buffer))) {
                        throw new KexException("Kex failure, host key could not be verified");
                    }
                } catch (KexException e) {
                    throw e;
                } catch (Exception e2) {
                    throw new KexException("Failed to run KexAlgorithm", e2);
                }
            } while (this._kexAlg.getState() != 0);
        } catch (Exception e3) {
            throw new KexException("Failed to load KexAlgorithm '" + this._proposal.getKexAlg() + "'", e3);
        }
    }

    public KexAlgorithm getKexAlgorithm() {
        return this._kexAlg;
    }

    public KexProposal getKexProposal() {
        return this._proposal;
    }

    public boolean inKex() {
        return this._inKeyExchange.get();
    }

    public void kexCompleted() {
        this._inKeyExchange.set(false);
    }

    public void rekey(Buffer buffer) throws Exception {
        receiveKexInit(buffer);
    }

    public byte[] runFirstKex() throws Exception {
        sendKexInit();
        if (this._session.read(this._buffer).getCommand() != 20) {
            throw new KexException("Invalid kex protocol, expected SSH_MSG_KEXINIT(20): " + ((int) this._buffer.getCommand()));
        }
        JSch.getLogger().log(Logger.Level.INFO, "SSH_MSG_KEXINIT received");
        receiveKexInit(this._buffer);
        checkHost(this._kexAlg);
        sendNewKeys();
        if (this._session.read(this._buffer).getCommand() != 21) {
            throw new KexException("Invalid kex protocol, expected SSH_MSG_NEWKEYS(21): " + ((int) this._buffer.getCommand()));
        }
        JSch.getLogger().log(Logger.Level.INFO, "SSH_MSG_NEWKEYS received");
        return Util.copyOf(this._kexAlg.getH(), this._kexAlg.getH().length);
    }

    public void sendKexInit() throws KexException {
        if (this._inKeyExchange.getAndSet(true)) {
            return;
        }
        Buffer buffer = new Buffer();
        Packet packet = new Packet(buffer);
        try {
            try {
                Random random = (Random) AlgorithmManager.getManager().createAlgorithm(Algorithms.RANDOM, this._session);
                packet.reset();
                buffer.putByte((byte) 20);
                random.fill(buffer.getArray(), buffer.getIndex(), 16);
                buffer.skip(16);
                buffer.putString(this._session.getConfig().getString(SSHConfigConstants.KEX_ALGORITHMS));
                buffer.putString(this._session.getConfig().getString(SSHConfigConstants.KEX_SERVER_HOST_KEY));
                buffer.putString(this._session.getConfig().getCiphersC2S());
                buffer.putString(this._session.getConfig().getCiphersS2C());
                buffer.putString(this._session.getConfig().getString(SSHConfigConstants.KEX_MAC_C2S));
                buffer.putString(this._session.getConfig().getString(SSHConfigConstants.KEX_MAC_S2C));
                buffer.putString(this._session.getConfig().getString(SSHConfigConstants.KEX_COMPRESSION_C2S));
                buffer.putString(this._session.getConfig().getString(SSHConfigConstants.KEX_COMPRESSION_S2C));
                buffer.putString(this._session.getConfig().getString(SSHConfigConstants.KEX_LANG_C2S));
                buffer.putString(this._session.getConfig().getString(SSHConfigConstants.KEX_LANG_S2C));
                buffer.putByte((byte) 0);
                buffer.putInt(0);
                this.I_C = new byte[buffer.getIndex() - 5];
                System.arraycopy(buffer.getArray(), 5, this.I_C, 0, this.I_C.length);
                this._session.write(packet);
                JSch.getLogger().log(Logger.Level.INFO, "SSH_MSG_KEXINIT sent");
            } catch (Exception e) {
                throw new KexException("Failed to send SSH_MSG_KEXINIT", e);
            }
        } finally {
            buffer.clear();
        }
    }

    public void sendNewKeys() throws KexException {
        try {
            Buffer buffer = new Buffer(500);
            Packet packet = new Packet(buffer);
            packet.reset();
            buffer.putByte(TransportLayerProtocol.SSH_MSG_NEWKEYS);
            this._session.write(packet);
            JSch.getLogger().log(Logger.Level.INFO, "SSH_MSG_NEWKEYS sent");
        } catch (Exception e) {
            throw new KexException("Failed to send SSH_MSG_NEWKEYS request", e);
        }
    }
}
