package com.urbanvpn.ssh2.transport;

import com.google.firebase.crashlytics.g;
import com.urbanvpn.ssh2.ConnectionInfo;
import com.urbanvpn.ssh2.DHGexParameters;
import com.urbanvpn.ssh2.ExtendedServerHostKeyVerifier;
import com.urbanvpn.ssh2.ServerHostKeyVerifier;
import com.urbanvpn.ssh2.compression.CompressionFactory;
import com.urbanvpn.ssh2.compression.ICompressor;
import com.urbanvpn.ssh2.crypto.CryptoWishList;
import com.urbanvpn.ssh2.crypto.KeyMaterial;
import com.urbanvpn.ssh2.crypto.cipher.BlockCipher;
import com.urbanvpn.ssh2.crypto.cipher.BlockCipherFactory;
import com.urbanvpn.ssh2.crypto.digest.HMAC;
import com.urbanvpn.ssh2.crypto.digest.MACs;
import com.urbanvpn.ssh2.log.Logger;
import com.urbanvpn.ssh2.packets.PacketKexInit;
import com.urbanvpn.ssh2.packets.PacketNewKeys;
import com.urbanvpn.ssh2.signature.DSASHA1Verify;
import com.urbanvpn.ssh2.signature.ECDSASHA2Verify;
import com.urbanvpn.ssh2.signature.Ed25519Verify;
import com.urbanvpn.ssh2.signature.RSASHA1Verify;
import com.urbanvpn.ssh2.signature.RSASHA256Verify;
import com.urbanvpn.ssh2.signature.RSASHA512Verify;
import j.a.a.a.d;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;

/* loaded from: classes.dex */
public class KexManager {
    private static final Logger q = Logger.a(KexManager.class);
    private static final boolean r;
    private static final Set<String> s;
    private static final Set<String> t;
    private KexState a;

    /* renamed from: c, reason: collision with root package name */
    private KeyMaterial f4194c;

    /* renamed from: d, reason: collision with root package name */
    byte[] f4195d;

    /* renamed from: e, reason: collision with root package name */
    private ClientServerHello f4196e;

    /* renamed from: j, reason: collision with root package name */
    private final TransportManager f4201j;

    /* renamed from: k, reason: collision with root package name */
    private CryptoWishList f4202k;

    /* renamed from: m, reason: collision with root package name */
    private ServerHostKeyVerifier f4204m;

    /* renamed from: n, reason: collision with root package name */
    private final String f4205n;
    private final int o;
    private final SecureRandom p;
    private int b = 0;

    /* renamed from: f, reason: collision with root package name */
    private final Object f4197f = new Object();

    /* renamed from: g, reason: collision with root package name */
    private ConnectionInfo f4198g = null;

    /* renamed from: h, reason: collision with root package name */
    private boolean f4199h = false;

    /* renamed from: i, reason: collision with root package name */
    private boolean f4200i = false;

    /* renamed from: l, reason: collision with root package name */
    private DHGexParameters f4203l = new DHGexParameters();

    static {
        KeyFactory keyFactory;
        try {
            keyFactory = KeyFactory.getInstance("EC");
        } catch (NoSuchAlgorithmException unused) {
            keyFactory = null;
            q.a(10, "Disabling EC support due to lack of KeyFactory");
        }
        r = keyFactory != null;
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        s = linkedHashSet;
        linkedHashSet.add("ssh-ed25519");
        if (r) {
            s.add("ecdsa-sha2-nistp256");
            s.add("ecdsa-sha2-nistp384");
            s.add("ecdsa-sha2-nistp521");
        }
        s.add("ssh-rsa");
        s.add("ssh-dss");
        s.add("rsa-sha2-256");
        s.add("rsa-sha2-512");
        LinkedHashSet linkedHashSet2 = new LinkedHashSet();
        t = linkedHashSet2;
        linkedHashSet2.add("curve25519-sha256");
        t.add("curve25519-sha256@libssh.org");
        if (r) {
            t.add("ecdh-sha2-nistp256");
            t.add("ecdh-sha2-nistp384");
            t.add("ecdh-sha2-nistp521");
        }
        t.add("diffie-hellman-group18-sha512");
        t.add("diffie-hellman-group16-sha512");
        t.add("diffie-hellman-group-exchange-sha256");
        t.add("diffie-hellman-group14-sha256");
        t.add("diffie-hellman-group-exchange-sha1");
        t.add("diffie-hellman-group14-sha1");
        t.add("diffie-hellman-group1-sha1");
        t.add("ext-info-c");
    }

    public KexManager(TransportManager transportManager, ClientServerHello clientServerHello, CryptoWishList cryptoWishList, String str, int i2, ServerHostKeyVerifier serverHostKeyVerifier, SecureRandom secureRandom) {
        this.f4201j = transportManager;
        this.f4196e = clientServerHello;
        this.f4202k = cryptoWishList;
        this.f4205n = str;
        this.o = i2;
        this.f4204m = serverHostKeyVerifier;
        this.p = secureRandom;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private void a() {
        try {
            int a = MACs.a(this.a.f4217c.f4229f);
            this.f4194c = KeyMaterial.a(this.a.f4222h, this.a.f4220f, this.a.f4219e, this.f4195d, BlockCipherFactory.c(this.a.f4217c.f4227d), BlockCipherFactory.a(this.a.f4217c.f4227d), a, BlockCipherFactory.c(this.a.f4217c.f4228e), BlockCipherFactory.a(this.a.f4217c.f4228e), MACs.a(this.a.f4217c.f4230g));
        } catch (IllegalArgumentException e2) {
            throw new IOException("Could not establish key material: " + e2.getMessage());
        }
    }

    private void a(CryptoWishList cryptoWishList) {
        List<String> a;
        ServerHostKeyVerifier serverHostKeyVerifier = this.f4204m;
        if (!(serverHostKeyVerifier instanceof ExtendedServerHostKeyVerifier) || (a = ((ExtendedServerHostKeyVerifier) serverHostKeyVerifier).a(this.f4205n, this.o)) == null || a.size() <= 0) {
            return;
        }
        ArrayList arrayList = new ArrayList(a.size());
        for (String str : cryptoWishList.b) {
            for (String str2 : a) {
                if (str.equals(str2)) {
                    arrayList.add(str2);
                }
            }
        }
        if (arrayList.size() > 0) {
            cryptoWishList.b = (String[]) arrayList.toArray(new String[0]);
        }
    }

    private boolean a(KexParameters kexParameters, KexParameters kexParameters2) {
        if (kexParameters == null || kexParameters2 == null) {
            throw new IllegalArgumentException();
        }
        if (a(kexParameters.b, kexParameters2.b)) {
            return a(kexParameters.f4206c, kexParameters2.f4206c);
        }
        return false;
    }

    private boolean a(byte[] bArr, byte[] bArr2) {
        if (this.a.f4217c.f4226c.equals("ssh-ed25519")) {
            byte[] b = Ed25519Verify.b(bArr);
            d a = Ed25519Verify.a(bArr2);
            q.a(50, "Verifying ed25519 signature");
            return Ed25519Verify.a(this.a.f4220f, b, a);
        }
        if (this.a.f4217c.f4226c.startsWith("ecdsa-sha2-")) {
            byte[] b2 = ECDSASHA2Verify.b(bArr);
            ECPublicKey a2 = ECDSASHA2Verify.a(bArr2);
            q.a(50, "Verifying ecdsa signature");
            return ECDSASHA2Verify.a(this.a.f4220f, b2, a2);
        }
        if (this.a.f4217c.f4226c.equals("ssh-rsa")) {
            byte[] b3 = RSASHA1Verify.b(bArr);
            RSAPublicKey a3 = RSASHA1Verify.a(bArr2);
            q.a(50, "Verifying ssh-rsa signature");
            return RSASHA1Verify.a(this.a.f4220f, b3, a3);
        }
        if (this.a.f4217c.f4226c.equals("rsa-sha2-256")) {
            byte[] a4 = RSASHA256Verify.a(bArr);
            RSAPublicKey a5 = RSASHA1Verify.a(bArr2);
            q.a(50, "Verifying rsa-sha2-256 signature");
            return RSASHA256Verify.a(this.a.f4220f, a4, a5);
        }
        if (this.a.f4217c.f4226c.equals("rsa-sha2-512")) {
            byte[] a6 = RSASHA512Verify.a(bArr);
            RSAPublicKey a7 = RSASHA1Verify.a(bArr2);
            q.a(50, "Verifying rsa-sha2-512 signature");
            return RSASHA512Verify.a(this.a.f4220f, a6, a7);
        }
        if (this.a.f4217c.f4226c.equals("ssh-dss")) {
            byte[] b4 = DSASHA1Verify.b(bArr);
            DSAPublicKey a8 = DSASHA1Verify.a(bArr2);
            q.a(50, "Verifying ssh-dss signature");
            return DSASHA1Verify.a(this.a.f4220f, b4, a8);
        }
        throw new IOException("Unknown server host key algorithm '" + this.a.f4217c.f4226c + "'");
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    private boolean a(String[] strArr, String[] strArr2) {
        if (strArr == null || strArr2 == null) {
            throw new IllegalArgumentException();
        }
        if (strArr.length == 0 && strArr2.length == 0) {
            return true;
        }
        if (strArr.length == 0 || strArr2.length == 0) {
            return false;
        }
        return strArr[0].equals(strArr2[0]);
    }

    private NegotiatedParameters b(KexParameters kexParameters, KexParameters kexParameters2) {
        NegotiatedParameters negotiatedParameters = new NegotiatedParameters();
        try {
            negotiatedParameters.b = b(kexParameters.b, kexParameters2.b);
            q.a(20, "kex_algo=" + negotiatedParameters.b);
            negotiatedParameters.f4226c = b(kexParameters.f4206c, kexParameters2.f4206c);
            q.a(20, "server_host_key_algo=" + negotiatedParameters.f4226c);
            negotiatedParameters.f4227d = b(kexParameters.f4207d, kexParameters2.f4207d);
            negotiatedParameters.f4228e = b(kexParameters.f4208e, kexParameters2.f4208e);
            q.a(20, "enc_algo_client_to_server=" + negotiatedParameters.f4227d);
            q.a(20, "enc_algo_server_to_client=" + negotiatedParameters.f4228e);
            negotiatedParameters.f4229f = b(kexParameters.f4209f, kexParameters2.f4209f);
            negotiatedParameters.f4230g = b(kexParameters.f4210g, kexParameters2.f4210g);
            q.a(20, "mac_algo_client_to_server=" + negotiatedParameters.f4229f);
            q.a(20, "mac_algo_server_to_client=" + negotiatedParameters.f4230g);
            negotiatedParameters.f4231h = b(kexParameters.f4211h, kexParameters2.f4211h);
            negotiatedParameters.f4232i = b(kexParameters.f4212i, kexParameters2.f4212i);
            q.a(20, "comp_algo_client_to_server=" + negotiatedParameters.f4231h);
            q.a(20, "comp_algo_server_to_client=" + negotiatedParameters.f4232i);
            try {
                b(kexParameters.f4213j, kexParameters2.f4213j);
            } catch (NegotiateException unused) {
            }
            try {
                b(kexParameters.f4214k, kexParameters2.f4214k);
            } catch (NegotiateException unused2) {
            }
            if (a(kexParameters, kexParameters2)) {
                negotiatedParameters.a = true;
            }
            return negotiatedParameters;
        } catch (NegotiateException unused3) {
            return null;
        }
    }

    /* JADX WARN: Unreachable blocks removed: 2, instructions: 2 */
    private String b(String[] strArr, String[] strArr2) {
        if (strArr == null || strArr2 == null) {
            throw new IllegalArgumentException();
        }
        if (strArr.length == 0) {
            return null;
        }
        for (String str : strArr) {
            for (String str2 : strArr2) {
                if (str.equals(str2)) {
                    return str;
                }
            }
        }
        throw new NegotiateException();
    }

    private void b() {
        g.a().a("Finishing KEX");
        if (this.f4195d == null) {
            this.f4195d = this.a.f4220f;
        }
        a();
        this.f4201j.b(new PacketNewKeys().a());
        try {
            g.a().a("Create cbc: " + this.a.f4217c.f4227d + ", " + this.f4194c.f4089c + ", " + this.f4194c.a);
            BlockCipher a = BlockCipherFactory.a(this.a.f4217c.f4227d, true, this.f4194c.f4089c, this.f4194c.a);
            g.a().a("Create mac: " + this.a.f4217c.f4229f + ", " + this.f4194c.f4091e);
            HMAC hmac = new HMAC(this.a.f4217c.f4229f, this.f4194c.f4091e);
            g.a().a("Create comp: " + this.a.f4217c.f4231h);
            ICompressor a2 = CompressionFactory.a(this.a.f4217c.f4231h);
            this.f4201j.b(a, hmac);
            this.f4201j.b(a2);
            this.f4201j.e();
        } catch (IllegalArgumentException e2) {
            g.a().a("Fatal error during MAC startup: " + e2.getMessage() + ", cause: " + e2.getCause());
            throw new IOException("Fatal error during MAC startup!");
        }
    }

    public static String[] c() {
        return (String[]) t.toArray(new String[0]);
    }

    public static String[] d() {
        return (String[]) s.toArray(new String[0]);
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public ConnectionInfo a(int i2) {
        ConnectionInfo connectionInfo;
        synchronized (this.f4197f) {
            while (true) {
                if (this.f4198g != null && this.f4198g.a >= i2) {
                    connectionInfo = this.f4198g;
                } else {
                    if (this.f4199h) {
                        throw new IOException("Key exchange was not finished, connection is closed.", this.f4201j.c());
                    }
                    try {
                        this.f4197f.wait();
                    } catch (InterruptedException unused) {
                    }
                }
            }
        }
        return connectionInfo;
    }

    public synchronized void a(CryptoWishList cryptoWishList, DHGexParameters dHGexParameters) {
        try {
            this.f4202k = cryptoWishList;
            a(cryptoWishList);
            this.f4203l = dHGexParameters;
            if (this.a == null) {
                KexState kexState = new KexState();
                this.a = kexState;
                kexState.f4225k = this.f4203l;
                PacketKexInit packetKexInit = new PacketKexInit(this.f4202k);
                this.a.a = packetKexInit;
                this.f4201j.b(packetKexInit.b());
            }
        } catch (Throwable th) {
            throw th;
        }
    }

    /* JADX WARN: Finally extract failed */
    /* JADX WARN: Removed duplicated region for block: B:64:0x028e A[Catch: all -> 0x06e1, TryCatch #1 {all -> 0x06e1, blocks: (B:6:0x0006, B:7:0x000a, B:20:0x001c, B:21:0x001e, B:23:0x0029, B:26:0x0056, B:28:0x005a, B:32:0x005f, B:34:0x0065, B:36:0x006b, B:39:0x0073, B:40:0x007b, B:41:0x007c, B:43:0x0080, B:44:0x00a8, B:46:0x00d8, B:48:0x00e4, B:50:0x00f0, B:51:0x00f2, B:53:0x0106, B:56:0x0230, B:58:0x023b, B:61:0x024e, B:62:0x027b, B:64:0x028e, B:65:0x02a1, B:69:0x0299, B:70:0x0264, B:71:0x011b, B:73:0x012f, B:75:0x0142, B:77:0x0152, B:79:0x0166, B:81:0x0176, B:83:0x0187, B:85:0x019a, B:87:0x01ab, B:89:0x01be, B:92:0x01de, B:96:0x01d3, B:97:0x01dc, B:101:0x02aa, B:102:0x02b4, B:103:0x02b5, B:105:0x02bd, B:109:0x02c2, B:110:0x02fa, B:111:0x0361, B:116:0x036f, B:124:0x0378, B:127:0x037b, B:128:0x0399, B:129:0x039b, B:130:0x03a2, B:131:0x03a4, B:133:0x03a9, B:135:0x03af, B:137:0x03c3, B:140:0x03d7, B:142:0x03e9, B:144:0x03fb, B:146:0x040b, B:148:0x041e, B:150:0x0431, B:152:0x0444, B:154:0x0455, B:156:0x0468, B:158:0x047b, B:161:0x0566, B:162:0x058e, B:163:0x048c, B:165:0x0495, B:169:0x04aa, B:173:0x04c9, B:174:0x04d1, B:177:0x04d4, B:178:0x04dd, B:179:0x04df, B:181:0x04eb, B:182:0x0523, B:184:0x0536, B:189:0x0550, B:190:0x0559, B:193:0x055b, B:194:0x0564, B:195:0x0590, B:197:0x059a, B:202:0x05e3, B:204:0x05ec, B:208:0x0602, B:211:0x0624, B:212:0x062d, B:215:0x0630, B:216:0x0638, B:217:0x063a, B:219:0x0646, B:220:0x0688, B:222:0x069a, B:226:0x06b5, B:227:0x06be, B:230:0x06c1, B:231:0x06ca, B:232:0x06cb, B:233:0x06d5, B:234:0x06d7, B:235:0x06e0, B:236:0x0030, B:237:0x0054, B:113:0x0362, B:114:0x036c, B:9:0x000b, B:10:0x0014), top: B:3:0x0003, inners: #0, #2, #3, #4, #5, #6, #7 }] */
    /* JADX WARN: Removed duplicated region for block: B:69:0x0299 A[Catch: all -> 0x06e1, TryCatch #1 {all -> 0x06e1, blocks: (B:6:0x0006, B:7:0x000a, B:20:0x001c, B:21:0x001e, B:23:0x0029, B:26:0x0056, B:28:0x005a, B:32:0x005f, B:34:0x0065, B:36:0x006b, B:39:0x0073, B:40:0x007b, B:41:0x007c, B:43:0x0080, B:44:0x00a8, B:46:0x00d8, B:48:0x00e4, B:50:0x00f0, B:51:0x00f2, B:53:0x0106, B:56:0x0230, B:58:0x023b, B:61:0x024e, B:62:0x027b, B:64:0x028e, B:65:0x02a1, B:69:0x0299, B:70:0x0264, B:71:0x011b, B:73:0x012f, B:75:0x0142, B:77:0x0152, B:79:0x0166, B:81:0x0176, B:83:0x0187, B:85:0x019a, B:87:0x01ab, B:89:0x01be, B:92:0x01de, B:96:0x01d3, B:97:0x01dc, B:101:0x02aa, B:102:0x02b4, B:103:0x02b5, B:105:0x02bd, B:109:0x02c2, B:110:0x02fa, B:111:0x0361, B:116:0x036f, B:124:0x0378, B:127:0x037b, B:128:0x0399, B:129:0x039b, B:130:0x03a2, B:131:0x03a4, B:133:0x03a9, B:135:0x03af, B:137:0x03c3, B:140:0x03d7, B:142:0x03e9, B:144:0x03fb, B:146:0x040b, B:148:0x041e, B:150:0x0431, B:152:0x0444, B:154:0x0455, B:156:0x0468, B:158:0x047b, B:161:0x0566, B:162:0x058e, B:163:0x048c, B:165:0x0495, B:169:0x04aa, B:173:0x04c9, B:174:0x04d1, B:177:0x04d4, B:178:0x04dd, B:179:0x04df, B:181:0x04eb, B:182:0x0523, B:184:0x0536, B:189:0x0550, B:190:0x0559, B:193:0x055b, B:194:0x0564, B:195:0x0590, B:197:0x059a, B:202:0x05e3, B:204:0x05ec, B:208:0x0602, B:211:0x0624, B:212:0x062d, B:215:0x0630, B:216:0x0638, B:217:0x063a, B:219:0x0646, B:220:0x0688, B:222:0x069a, B:226:0x06b5, B:227:0x06be, B:230:0x06c1, B:231:0x06ca, B:232:0x06cb, B:233:0x06d5, B:234:0x06d7, B:235:0x06e0, B:236:0x0030, B:237:0x0054, B:113:0x0362, B:114:0x036c, B:9:0x000b, B:10:0x0014), top: B:3:0x0003, inners: #0, #2, #3, #4, #5, #6, #7 }] */
    /* JADX WARN: Unreachable blocks removed: 12, instructions: 12 */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public synchronized void a(byte[] r14, int r15) {
        /*
            Method dump skipped, instructions count: 1765
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.urbanvpn.ssh2.transport.KexManager.a(byte[], int):void");
    }
}
