package com.maverick.sshd;

import com.maverick.nio.IdleStateListener;
import com.maverick.nio.ProtocolEngine;
import com.maverick.nio.SocketConnection;
import com.maverick.nio.WriteOperationRequest;
import com.maverick.ssh.AdaptiveConfiguration;
import com.maverick.ssh.ExecutorOperationSupport;
import com.maverick.ssh.SecurityLevel;
import com.maverick.ssh.SshException;
import com.maverick.ssh.components.ComponentManager;
import com.maverick.ssh.components.Digest;
import com.maverick.ssh.components.SshCipher;
import com.maverick.ssh.components.SshHmac;
import com.maverick.ssh.components.SshKeyPair;
import com.maverick.ssh.components.jce.ChaCha20Poly1305;
import com.maverick.ssh.components.jce.JCEComponentManager;
import com.maverick.ssh.compression.SshCompression;
import com.maverick.sshd.components.SshKeyExchangeServer;
import com.maverick.sshd.events.EventServiceImplementation;
import com.maverick.sshd.events.SSHDEvent;
import com.maverick.sshd.events.SSHDEventCodes;
import com.maverick.sshd.scp.StringUtil;
import com.maverick.util.Base64;
import com.maverick.util.BinaryLogger;
import com.maverick.util.ByteArrayReader;
import com.maverick.util.ByteArrayWriter;
import com.maverick.util.IOUtil;
import com.maverick.util.UnsignedInteger64;
import com.sshtools.publickey.SshPrivateKeyFileFactory;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.nio.ByteBuffer;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.StringTokenizer;
import java.util.Vector;
import java.util.concurrent.ConcurrentLinkedQueue;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/maverick/sshd/TransportProtocol.class */
public class TransportProtocol implements ProtocolEngine, IdleStateListener, AbstractServerTransport {
    private static final String STRICT_KEX_CLIENT = "kex-strict-c-v00@openssh.com";
    private static final String STRICT_KEX_SERVER = "kex-strict-s-v00@openssh.com";
    byte[] incomingSwap;
    String ident;
    byte[] localkex;
    byte[] remotekex;
    byte[] sessionIdentifier;
    Connection con;
    Service activeService;
    static final int SSH_MSG_DISCONNECT = 1;
    static final int SSH_MSG_IGNORE = 2;
    static final int SSH_MSG_UNIMPLEMENTED = 3;
    static final int SSH_MSG_DEBUG = 4;
    static final int SSH_MSG_SERVICE_REQUEST = 5;
    static final int SSH_MSG_SERVICE_ACCEPT = 6;
    static final int SSH_MSG_EXT_INFO = 7;
    static final int SSH_MSG_KEX_INIT = 20;
    static final int SSH_MSG_NEWKEYS = 21;
    byte[] payloadIncoming;
    byte[] packet;
    int numOutgoingBytesSinceKEX;
    int numOutgoingPacketsSinceKEX;
    int numIncomingBytesSinceKEX;
    int numIncomingPacketsSinceKEX;
    public static final int NEGOTIATING_PROTOCOL = 1;
    public static final int PERFORMING_KEYEXCHANGE = 2;
    public static final int CONNECTED = 3;
    public static final int DISCONNECTED = 4;
    volatile int currentState;
    SshKeyExchangeServer keyExchange;
    SshCipher encryption;
    SshCipher decryption;
    SshHmac outgoingMac;
    SshHmac incomingMac;
    SshCompression outgoingCompression;
    SshCompression incomingCompression;
    SshKeyPair hostKey;
    String cipherCS;
    String cipherSC;
    String macCS;
    String macSC;
    String compressionCS;
    String compressionSC;
    String hostKeyAlg;
    String keyExchangeAlg;
    private String localCompressionsSC;
    private String localCompressionsCS;
    private String localMacsCS;
    private String localMacsSC;
    private String localCiphersSC;
    private String localCiphersCS;
    private String localPublicKeys;
    private String localKeyExchanges;
    public static final int HOST_NOT_ALLOWED = 1;
    public static final int PROTOCOL_ERROR = 2;
    public static final int KEY_EXCHANGE_FAILED = 3;
    public static final int RESERVED = 4;
    public static final int MAC_ERROR = 5;
    public static final int COMPRESSION_ERROR = 6;
    public static final int SERVICE_NOT_AVAILABLE = 7;
    public static final int PROTOCOL_VERSION_NOT_SUPPORTED = 8;
    public static final int HOST_KEY_NOT_VERIFIABLE = 9;
    public static final int CONNECTION_LOST = 10;
    public static final int BY_APPLICATION = 11;
    public static final int TOO_MANY_CONNECTIONS = 12;
    public static final int AUTH_CANCELLED_BY_USER = 13;
    public static final int NO_MORE_AUTH_METHODS_AVAILABLE = 14;
    public static final int ILLEGAL_USER_NAME = 15;
    SshContext sshContext;
    SocketConnection socketConnection;
    Integer numberOfConnections;
    boolean idleEvents;
    BinaryLogger binaryInput;
    BinaryLogger binaryOutput;
    boolean outgoingCompressionEnabled;
    boolean incomingCompressionEnabled;
    byte[] initial;
    static Logger log = LoggerFactory.getLogger(TransportProtocol.class);
    public static String CHARSET_ENCODING = "UTF-8";
    private static int MESSAGE_QUEUE_LIMIT = 1000;
    public static Object lock = new Object();
    static Object signatureLock = new Object();
    boolean isKexStrict = false;
    boolean hasFirstNewKeys = false;
    SecureRandom rnd = JCEComponentManager.getSecureRandom();
    TransportMessageQueue incomingMessages = new TransportMessageQueue();
    TransportMessageQueue outgoingMessages = new TransportMessageQueue();
    TransportMessageQueue channelDataMessages = new TransportMessageQueue();
    String localIdentification = "SSH-2.0-";
    StringBuffer remoteIdentification = new StringBuffer();
    boolean receivedRemoteIdentification = false;
    boolean sentLocalIdentification = false;
    ConcurrentLinkedQueue<SshMessage> outgoingQueue = new ConcurrentLinkedQueue<>();
    ConcurrentLinkedQueue<SshMessage> kexQueue = new ConcurrentLinkedQueue<>();
    Vector<TransportProtocolListener> transportListeners = new Vector<>();
    boolean expectPacket = true;
    int expectedBytes = 0;
    int offsetIncoming = 0;
    long lastActivity = System.currentTimeMillis();
    Date disconnectStarted = null;
    boolean closed = false;
    boolean completedFirstKeyExchange = false;
    boolean hasExtensionCapability = false;
    boolean enableExtensionCapability = true;
    long outgoingSequence = 0;
    long incomingSequence = 0;
    long outgoingBytes = 0;
    long incomingBytes = 0;
    Object kexlock = new Object();
    boolean queuedKexInit = false;
    boolean sentKexInit = false;
    List<String> ignoreMacs = new ArrayList();
    List<String> ignoreCiphers = new ArrayList();
    List<String> ignoreCompressions = new ArrayList();
    List<String> ignorePublicKeys = new ArrayList();
    List<String> ignoreKeyExchanges = new ArrayList();
    long lastKeepAlive = 0;
    boolean countedConnection = false;
    boolean denyConnection = false;
    Date started = new Date();
    boolean disableIdleTimeout = false;
    int incomingCipherLength = 8;
    int incomingMacLength = 0;
    int msglen = 0;
    int padlen = 0;
    int remaining = 0;
    IgnoreMessage ignoreMessage = new IgnoreMessage();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/maverick/sshd/TransportProtocol$DisconnectMessage.class */
    public class DisconnectMessage implements SshMessage {
        int reason;
        String description;

        DisconnectMessage(int i, String str) {
            this.reason = i;
            this.description = str;
        }

        @Override // com.maverick.sshd.SshMessage
        public void writeMessageIntoBuffer(ByteBuffer byteBuffer) {
            byteBuffer.put((byte) 1);
            byteBuffer.putInt(this.reason);
            byteBuffer.putInt(this.description.length());
            byteBuffer.put(this.description.getBytes());
            byteBuffer.putInt(0);
        }

        @Override // com.maverick.sshd.SshMessage
        public void messageSent() {
            if (TransportProtocol.log.isDebugEnabled()) {
                TransportProtocol.log.debug("Sent SSH_MSG_DISCONNECT reason=" + this.reason + StringUtil.STR_SPACE + this.description);
            }
            TransportProtocol.this.socketConnection.closeConnection();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/maverick/sshd/TransportProtocol$IgnoreMessage.class */
    public class IgnoreMessage implements SshMessage {
        SecureRandom rnd = JCEComponentManager.getSecureRandom();
        byte[] tmp;

        IgnoreMessage() {
            this.tmp = new byte[TransportProtocol.this.m26getContext().getKeepAliveDataMaxLength()];
        }

        @Override // com.maverick.sshd.SshMessage
        public void writeMessageIntoBuffer(ByteBuffer byteBuffer) {
            byteBuffer.put((byte) 2);
            int random = (int) (Math.random() * (this.tmp.length + 1));
            this.rnd.nextBytes(this.tmp);
            byteBuffer.putInt(random);
            byteBuffer.put(this.tmp, 0, random);
        }

        @Override // com.maverick.sshd.SshMessage
        public void messageSent() {
            if (TransportProtocol.log.isDebugEnabled()) {
                TransportProtocol.log.debug("Sent SSH_MSG_IGNORE");
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/maverick/sshd/TransportProtocol$TransportMessageQueue.class */
    public class TransportMessageQueue extends ExecutorOperationSupport<SshContext> {
        TransportMessageQueue() {
        }

        /* renamed from: getContext, reason: merged with bridge method [inline-methods] */
        public SshContext m27getContext() {
            return TransportProtocol.this.sshContext;
        }

        protected String getName() {
            return String.format("Transport Protocol %s", TransportProtocol.this.getUUID());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/maverick/sshd/TransportProtocol$UnimplementedMessage.class */
    public class UnimplementedMessage implements SshMessage {
        long sequenceNo;

        UnimplementedMessage(long j) {
            this.sequenceNo = j;
        }

        @Override // com.maverick.sshd.SshMessage
        public void writeMessageIntoBuffer(ByteBuffer byteBuffer) {
            byteBuffer.put((byte) 3);
            byteBuffer.putInt((int) this.sequenceNo);
        }

        @Override // com.maverick.sshd.SshMessage
        public void messageSent() {
            if (TransportProtocol.log.isDebugEnabled()) {
                TransportProtocol.log.debug("Sent SSH_MSG_UNIMPLEMENTED");
            }
        }
    }

    public TransportProtocol(SshContext sshContext) {
        this.sshContext = sshContext;
    }

    public SocketConnection getSocketConnection() {
        return this.socketConnection;
    }

    public void addEventListener(TransportProtocolListener transportProtocolListener) {
        if (transportProtocolListener != null) {
            this.transportListeners.add(transportProtocolListener);
        }
    }

    public SocketAddress getRemoteAddress() {
        return this.socketConnection.getRemoteAddress();
    }

    public void enableCompression() {
        if (this.outgoingCompression != null && this.outgoingCompression.isDelayed()) {
            if (log.isDebugEnabled()) {
                log.debug("Enabling Compression SC");
            }
            this.outgoingCompressionEnabled = true;
        }
        if (this.incomingCompression == null || !this.incomingCompression.isDelayed()) {
            return;
        }
        if (log.isDebugEnabled()) {
            log.debug("Enabling Compression CS");
        }
        this.incomingCompressionEnabled = true;
    }

    public int getRemotePort() {
        return this.socketConnection.getPort();
    }

    @Override // com.maverick.sshd.AbstractServerTransport
    /* renamed from: getContext, reason: merged with bridge method [inline-methods] */
    public SshContext m26getContext() {
        return this.sshContext;
    }

    public void onSocketConnect(SocketConnection socketConnection) {
        this.socketConnection = socketConnection;
        this.socketConnection.getIdleStates().register(this);
        this.con = ConnectionManager.getInstance().registerTransport(this);
        ConnectionManager.getInstance().beginConnectionOperation(this.con);
        try {
            boolean z = true;
            if (log.isInfoEnabled()) {
                log.info(String.format("Connection started from %s on interface %s", socketConnection.getRemoteAddress().toString(), socketConnection.getLocalAddress().toString()));
            }
            if (this.sshContext.getIPPolicy() != null) {
                z = this.sshContext.getIPPolicy().checkConnection(socketConnection.getRemoteAddress(), socketConnection.getLocalAddress());
                if (log.isDebugEnabled()) {
                    log.debug("IP policy has " + (z ? "authorized" : "denied") + " access to " + ((InetSocketAddress) socketConnection.getRemoteAddress()).getAddress());
                }
            }
            if (!z) {
                if (log.isDebugEnabled()) {
                    log.debug("Access denied based up remote client IP");
                }
                socketConnection.closeConnection();
                ConnectionManager.getInstance().endConnectionOperation();
                return;
            }
            synchronized (lock) {
                this.numberOfConnections = Integer.valueOf(this.sshContext.getConnections());
                if (this.sshContext.getMaximumConnections() > -1 && this.numberOfConnections.intValue() >= this.sshContext.getMaximumConnections()) {
                    this.denyConnection = true;
                    if (!this.sshContext.getAllowDeniedKEX()) {
                        fireTooManyConnectionsDisconnectEvent(this.numberOfConnections);
                        if (log.isInfoEnabled()) {
                            log.info("Denying connection.. too many users currently online");
                        }
                        socketConnection.closeConnection();
                        ConnectionManager.getInstance().endConnectionOperation();
                        return;
                    }
                    this.sessionIdentifier = new byte[0];
                }
                if (!this.denyConnection) {
                    this.countedConnection = true;
                    this.numberOfConnections = Integer.valueOf(this.sshContext.incrementConnections());
                    if (log.isInfoEnabled()) {
                        log.info("There " + (this.numberOfConnections.intValue() > 1 ? "are" : "is") + " now " + this.numberOfConnections.intValue() + " active connections");
                    }
                }
                ConnectionManager.getInstance().endConnectionOperation();
                addIncomingTask(new ConnectionAwareTask(this.con) { // from class: com.maverick.sshd.TransportProtocol.1
                    @Override // com.maverick.sshd.ConnectionAwareTask
                    protected void doTask() {
                        EventServiceImplementation.getInstance().fireEvent(new SSHDEvent((Object) this, SSHDEventCodes.EVENT_CONNECTED, true, TransportProtocol.this.getConnection().getUUID()).addAttribute("CONNECTION", this.con).addAttribute(SSHDEventCodes.ATTRIBUTE_OPERATION_STARTED, TransportProtocol.this.started).addAttribute(SSHDEventCodes.ATTRIBUTE_OPERATION_FINISHED, new Date()));
                    }
                });
                String softwareVersionComments = this.sshContext.getSoftwareVersionComments();
                if (softwareVersionComments.length() > 245) {
                    softwareVersionComments = softwareVersionComments.substring(0, 245);
                }
                this.localIdentification += softwareVersionComments + "\r\n";
                this.incomingSwap = new byte[this.sshContext.getMaximumPacketLength()];
                setTransportState(1);
                if (this.sentLocalIdentification) {
                    return;
                }
                postMessage(new SshMessage() { // from class: com.maverick.sshd.TransportProtocol.2
                    @Override // com.maverick.sshd.SshMessage
                    public void writeMessageIntoBuffer(ByteBuffer byteBuffer) {
                        try {
                            if (TransportProtocol.this.sshContext.isHttpRedirect()) {
                                byteBuffer.put(("HTTP/1.1 302 Moved Location\r\nLocation: " + TransportProtocol.this.sshContext.getHttpRedirectUrl() + "/\r\nConnection: close\r\nContent-Type: text/plain\r\nContent-Length: " + TransportProtocol.this.localIdentification.getBytes("UTF-8").length + "\r\n\r\n").getBytes("UTF-8"));
                            }
                            byteBuffer.put(TransportProtocol.this.localIdentification.getBytes("UTF-8"));
                        } catch (UnsupportedEncodingException e) {
                            throw new IllegalStateException("UTF-8 is not supported!!");
                        }
                    }

                    @Override // com.maverick.sshd.SshMessage
                    public void messageSent() {
                        if (TransportProtocol.log.isDebugEnabled()) {
                            TransportProtocol.log.debug("Sent local identification string " + TransportProtocol.this.localIdentification.trim());
                        }
                        TransportProtocol.this.sentLocalIdentification = true;
                        if (TransportProtocol.this.receivedRemoteIdentification) {
                            TransportProtocol.this.sendKeyExchangeInit();
                        }
                    }
                });
            }
        } catch (Throwable th) {
            ConnectionManager.getInstance().endConnectionOperation();
            throw th;
        }
    }

    public boolean onSocketRead(ByteBuffer byteBuffer) {
        ConnectionManager.getInstance().beginConnectionOperation(this.con);
        if (log.isTraceEnabled()) {
            log.debug("Processing APPLICATION READ data");
        }
        boolean z = false;
        try {
            try {
                switch (this.currentState) {
                    case 1:
                        negotiateProtocol(byteBuffer);
                        break;
                    case 2:
                    case 3:
                        z = processBinaryPackets(byteBuffer);
                        break;
                }
                ConnectionManager.getInstance().endConnectionOperation();
            } catch (Throwable th) {
                if (log.isInfoEnabled()) {
                    log.info(String.format("Socket read error from %s %s", this.socketConnection.getRemoteAddress().toString(), th.getMessage()));
                }
                if (log.isDebugEnabled()) {
                    log.debug("Read error", th);
                }
                this.socketConnection.closeConnection();
                ConnectionManager.getInstance().endConnectionOperation();
            }
            return z;
        } catch (Throwable th2) {
            ConnectionManager.getInstance().endConnectionOperation();
            throw th2;
        }
    }

    public boolean isConnected() {
        return this.currentState == 1 || this.currentState == 2 || this.currentState == 3;
    }

    void negotiateProtocol(ByteBuffer byteBuffer) throws IOException {
        if (this.receivedRemoteIdentification) {
            processBinaryPackets(byteBuffer);
            return;
        }
        while (byteBuffer.remaining() > 0) {
            char c = (char) byteBuffer.get();
            if (c != '\n') {
                this.remoteIdentification.append(c);
            } else {
                if (startBinaryProtocol()) {
                    this.idleEvents = AdaptiveConfiguration.getBoolean("idleEvents", false, new String[]{this.con.getRemoteAddress(), this.con.getIdent()});
                    if (AdaptiveConfiguration.getBoolean("binaryLogging", false, new String[]{this.con.getRemoteAddress(), this.con.getIdent()})) {
                        try {
                            this.binaryInput = new BinaryLogger(this.socketConnection.getUuid() + "-ssh.in");
                        } catch (FileNotFoundException e) {
                            log.error("Cannot create binary input file", e);
                        }
                        try {
                            this.binaryOutput = new BinaryLogger(this.socketConnection.getUuid() + "-ssh.out");
                        } catch (FileNotFoundException e2) {
                            log.error("Cannot create binary output file", e2);
                        }
                    }
                    MESSAGE_QUEUE_LIMIT = AdaptiveConfiguration.getInt("writeQueue.limit", 1000, new String[]{this.con.getRemoteAddress(), this.con.getIdent()});
                    if (this.sentLocalIdentification) {
                        sendKeyExchangeInit();
                        processBinaryPackets(byteBuffer);
                        return;
                    }
                    return;
                }
                this.remoteIdentification.setLength(0);
            }
        }
    }

    private void processProxyProtocol(String str) throws IOException {
        LoadBalancerPolicy loadBalancerPolicy = m26getContext().getLoadBalancerPolicy();
        if (!loadBalancerPolicy.isProxyProtocolEnabled()) {
            throw new IOException("Received PROXY protocol directive but the current policy does not support it");
        }
        if (loadBalancerPolicy.isRestrictedAccess()) {
            String hostAddress = ((InetSocketAddress) this.socketConnection.getRemoteAddress()).getAddress().getHostAddress();
            if (!loadBalancerPolicy.isSupportedIPAddress(hostAddress)) {
                throw new IOException(String.format("Received PROXY protocol string from unsupported IP address %s", hostAddress));
            }
            if (log.isDebugEnabled()) {
                log.debug("PROXY protocol directive enabled by remote IP adresss {}", hostAddress);
            }
        }
        try {
            if (log.isInfoEnabled()) {
                log.info(String.format("Parsing PROXY protocol string [%s]", str));
            }
            String[] split = str.split(StringUtil.STR_SPACE);
            if (split.length < 6) {
                if (log.isInfoEnabled()) {
                    log.info("Not enough parameters in PROXY statement");
                }
            } else {
                if (!"TCP4".equals(split[1]) && !"TCP6".equals(split[1])) {
                    if (log.isInfoEnabled()) {
                        log.info("Unsupported TCP element {} in PROXY statement", split[1]);
                        return;
                    }
                    return;
                }
                String trim = split[2].trim();
                String trim2 = split[3].trim();
                int parseInt = Integer.parseInt(split[4].trim());
                int parseInt2 = Integer.parseInt(split[5].trim());
                this.con.remoteAddress = InetSocketAddress.createUnresolved(trim, parseInt);
                this.con.localAddress = InetSocketAddress.createUnresolved(trim2, parseInt2);
                if (!loadBalancerPolicy.getIPPolicy().checkConnection(this.con.remoteAddress, this.con.localAddress)) {
                    throw new IOException(String.format("IP addresss is not allowed by Load Balancer IP Policy remoteAddress=%s localAddress=%s", this.con.remoteAddress.toString(), this.con.localAddress.toString()));
                }
            }
        } catch (Throwable th) {
            log.error("Failed to parse proxy protocol", th);
        }
    }

    boolean startBinaryProtocol() throws IOException {
        if (log.isInfoEnabled()) {
            log.info(String.format("Connection from %s identifies as %s", this.socketConnection.getRemoteAddress().toString(), this.remoteIdentification.toString().trim()));
        }
        String stringBuffer = this.remoteIdentification.toString();
        if (!stringBuffer.startsWith("SSH-")) {
            if (stringBuffer.startsWith("PROXY")) {
                processProxyProtocol(stringBuffer.toString().trim());
                return false;
            }
            if (!log.isDebugEnabled()) {
                return false;
            }
            log.debug("Got pre-identification string {}", this.remoteIdentification.toString());
            return false;
        }
        if (!stringBuffer.startsWith("SSH-2.0-") && !stringBuffer.startsWith("SSH-1.99-")) {
            if (log.isDebugEnabled()) {
                log.debug("Remote client reported an invalid protocol version!");
            }
            this.socketConnection.closeConnection();
            return false;
        }
        if (log.isDebugEnabled()) {
            log.debug("Remote client version OK");
        }
        this.ident = AdaptiveConfiguration.getIdent(this.remoteIdentification.toString());
        this.con.setIdent(this.ident);
        this.receivedRemoteIdentification = true;
        return true;
    }

    boolean processBinaryPackets(ByteBuffer byteBuffer) {
        boolean decodeOriginalPacketFormat;
        boolean z = false;
        while (isConnected() && (((this.expectPacket && byteBuffer.remaining() > this.incomingCipherLength) || (this.expectedBytes > 0 && byteBuffer.hasRemaining())) && !z)) {
            try {
                synchronized (this.kexlock) {
                    decodeOriginalPacketFormat = (this.decryption == null || !(this.decryption instanceof ChaCha20Poly1305)) ? (this.incomingMac == null || !this.incomingMac.isETM()) ? decodeOriginalPacketFormat(byteBuffer) : decodeETMPacketFormat(byteBuffer) : decodeChaCha20Poly1305Format(byteBuffer);
                }
                if (decodeOriginalPacketFormat) {
                    if (this.binaryInput != null) {
                        this.binaryInput.log(ByteArrayWriter.encodeInt(this.payloadIncoming.length));
                        this.binaryInput.log(this.payloadIncoming, 0, this.payloadIncoming.length);
                    }
                    try {
                        byte[] bArr = this.payloadIncoming;
                        long j = this.incomingSequence;
                        this.incomingSequence = j + 1;
                        processMessage(bArr, j);
                        if (this.incomingSequence >= 4294967296L) {
                            this.incomingSequence = 0L;
                        }
                        this.incomingBytes += this.payloadIncoming.length;
                        this.numIncomingBytesSinceKEX += this.payloadIncoming.length;
                        this.numIncomingPacketsSinceKEX++;
                        if (!m26getContext().isKeyExchangeDisabled() && (this.numIncomingBytesSinceKEX >= m26getContext().getKeyExchangeTransferLimit() || this.numIncomingPacketsSinceKEX >= m26getContext().getKeyExchangePacketLimit())) {
                            sendKeyExchangeInit();
                        }
                        this.expectPacket = true;
                        this.expectedBytes = 0;
                        this.offsetIncoming = 0;
                    } catch (WriteOperationRequest e) {
                        z = true;
                        if (this.incomingSequence >= 4294967296L) {
                            this.incomingSequence = 0L;
                        }
                        this.incomingBytes += this.payloadIncoming.length;
                        this.numIncomingBytesSinceKEX += this.payloadIncoming.length;
                        this.numIncomingPacketsSinceKEX++;
                        if (!m26getContext().isKeyExchangeDisabled() && (this.numIncomingBytesSinceKEX >= m26getContext().getKeyExchangeTransferLimit() || this.numIncomingPacketsSinceKEX >= m26getContext().getKeyExchangePacketLimit())) {
                            sendKeyExchangeInit();
                        }
                        this.expectPacket = true;
                        this.expectedBytes = 0;
                        this.offsetIncoming = 0;
                    } catch (Throwable th) {
                        if (this.incomingSequence >= 4294967296L) {
                            this.incomingSequence = 0L;
                        }
                        this.incomingBytes += this.payloadIncoming.length;
                        this.numIncomingBytesSinceKEX += this.payloadIncoming.length;
                        this.numIncomingPacketsSinceKEX++;
                        if (!m26getContext().isKeyExchangeDisabled() && (this.numIncomingBytesSinceKEX >= m26getContext().getKeyExchangeTransferLimit() || this.numIncomingPacketsSinceKEX >= m26getContext().getKeyExchangePacketLimit())) {
                            sendKeyExchangeInit();
                        }
                        this.expectPacket = true;
                        this.expectedBytes = 0;
                        this.offsetIncoming = 0;
                        throw th;
                    }
                }
            } catch (Throwable th2) {
                if (log.isInfoEnabled()) {
                    log.info(String.format("Buffer read error from %s %s", this.socketConnection.getRemoteAddress().toString(), th2.getMessage()));
                }
                if (log.isDebugEnabled()) {
                    log.error("Read error", th2);
                }
                if (isConnected()) {
                    disconnect(2, "Failed to read binary packet data!");
                }
                z = true;
            }
        }
        if (log.isTraceEnabled()) {
            log.debug("Transport protocol " + (this.expectPacket ? "is expecting another packet" : "still has " + this.expectedBytes + " bytes of data to complete packet with " + this.offsetIncoming + " bytes already received requiresWrite=" + z));
        }
        return z;
    }

    private boolean decodeChaCha20Poly1305Format(ByteBuffer byteBuffer) throws IOException {
        ChaCha20Poly1305 chaCha20Poly1305 = this.decryption;
        if (this.expectPacket) {
            byteBuffer.get(this.incomingSwap, 0, 4);
            this.msglen = (int) chaCha20Poly1305.readPacketLength(this.incomingSwap, new UnsignedInteger64(this.incomingSequence));
            if (this.msglen <= 0) {
                throw new IOException("Client sent invalid message length of " + this.msglen + "!");
            }
            if (this.msglen + 4 < 0 || this.msglen + 4 > this.sshContext.getMaximumPacketLength()) {
                disconnect(2, "Incoming packet length " + this.msglen + (this.msglen + 4 < 0 ? " is too small" : " exceeds maximum supported length of " + this.sshContext.getMaximumPacketLength()));
                throw new IOException("Disconnected");
            }
            this.remaining = this.msglen;
            this.expectedBytes = this.remaining + this.incomingMacLength;
            this.expectPacket = false;
            this.offsetIncoming += 4;
        }
        if (this.expectPacket || byteBuffer.remaining() <= 0) {
            return false;
        }
        int remaining = this.expectedBytes > byteBuffer.remaining() ? byteBuffer.remaining() : this.expectedBytes;
        byteBuffer.get(this.incomingSwap, this.offsetIncoming, remaining);
        this.expectedBytes -= remaining;
        this.offsetIncoming += remaining;
        if (this.expectedBytes != 0) {
            return false;
        }
        int i = this.msglen;
        this.decryption.transform(this.incomingSwap, 4, this.incomingSwap, 4, this.remaining + this.incomingMacLength);
        this.padlen = this.incomingSwap[4] & 255;
        this.payloadIncoming = new byte[(this.msglen - this.padlen) - 1];
        System.arraycopy(this.incomingSwap, 5, this.payloadIncoming, 0, (this.msglen - this.padlen) - 1);
        if (this.incomingCompression == null || !this.incomingCompressionEnabled) {
            return true;
        }
        this.payloadIncoming = this.incomingCompression.uncompress(this.payloadIncoming, 0, this.payloadIncoming.length);
        return true;
    }

    private boolean decodeETMPacketFormat(ByteBuffer byteBuffer) throws IOException {
        if (this.expectPacket) {
            byteBuffer.get(this.incomingSwap, this.offsetIncoming, 4);
            this.msglen = (int) ByteArrayReader.readInt(this.incomingSwap, 0);
            if (this.msglen <= 0) {
                throw new IOException("Client sent invalid message length of " + this.msglen + "!");
            }
            if (this.msglen + 4 < 0 || this.msglen + 4 > this.sshContext.getMaximumPacketLength()) {
                disconnect(2, "Incoming packet length " + this.msglen + (this.msglen + 4 < 0 ? " is too small" : " exceeds maximum supported length of " + this.sshContext.getMaximumPacketLength()));
                throw new IOException("Disconnected");
            }
            this.remaining = this.msglen;
            this.expectedBytes = this.remaining + this.incomingMacLength;
            this.expectPacket = false;
            this.offsetIncoming += 4;
        }
        if (this.expectPacket || byteBuffer.remaining() <= 0) {
            return false;
        }
        int remaining = this.expectedBytes > byteBuffer.remaining() ? byteBuffer.remaining() : this.expectedBytes;
        byteBuffer.get(this.incomingSwap, this.offsetIncoming, remaining);
        this.expectedBytes -= remaining;
        this.offsetIncoming += remaining;
        if (this.expectedBytes != 0) {
            return false;
        }
        int i = this.msglen;
        if (this.incomingMac != null && !this.incomingMac.verify(this.incomingSequence, this.incomingSwap, 0, i + 4, this.incomingSwap, i + 4)) {
            throw new IOException("Corrupt Mac on input");
        }
        if (this.decryption != null) {
            this.decryption.transform(this.incomingSwap, 4, this.incomingSwap, 4, this.remaining);
        }
        this.padlen = this.incomingSwap[4] & 255;
        this.payloadIncoming = new byte[(this.msglen - this.padlen) - 1];
        System.arraycopy(this.incomingSwap, 5, this.payloadIncoming, 0, (this.msglen - this.padlen) - 1);
        if (this.incomingCompression == null || !this.incomingCompressionEnabled) {
            return true;
        }
        this.payloadIncoming = this.incomingCompression.uncompress(this.payloadIncoming, 0, this.payloadIncoming.length);
        return true;
    }

    private boolean decodeOriginalPacketFormat(ByteBuffer byteBuffer) throws IOException {
        if (this.expectPacket) {
            byteBuffer.get(this.incomingSwap, this.offsetIncoming, this.incomingCipherLength);
            if (this.decryption != null && !this.decryption.isMAC()) {
                this.decryption.transform(this.incomingSwap, this.offsetIncoming, this.incomingSwap, this.offsetIncoming, this.incomingCipherLength);
            }
            this.msglen = (int) ByteArrayReader.readInt(this.incomingSwap, this.offsetIncoming);
            if (this.msglen <= 0) {
                throw new IOException("Client sent invalid message length of " + this.msglen + "!");
            }
            if (this.msglen + 4 < 0 || this.msglen + 4 > this.sshContext.getMaximumPacketLength()) {
                disconnect(2, "Incoming packet length " + this.msglen + (this.msglen + 4 < 0 ? " is too small" : " exceeds maximum supported length of " + this.sshContext.getMaximumPacketLength()));
                throw new IOException("Disconnected");
            }
            this.padlen = this.incomingSwap[4] & 255;
            this.remaining = this.msglen - (this.incomingCipherLength - 4);
            this.expectedBytes = this.remaining + this.incomingMacLength;
            this.expectPacket = false;
            this.offsetIncoming += this.incomingCipherLength;
        }
        if (this.expectPacket || byteBuffer.remaining() <= 0) {
            return false;
        }
        int remaining = this.expectedBytes > byteBuffer.remaining() ? byteBuffer.remaining() : this.expectedBytes;
        byteBuffer.get(this.incomingSwap, this.offsetIncoming, remaining);
        this.expectedBytes -= remaining;
        this.offsetIncoming += remaining;
        if (this.expectedBytes != 0) {
            return false;
        }
        int i = this.msglen + 4;
        if (this.decryption != null) {
            if (this.decryption.isMAC()) {
                this.decryption.transform(this.incomingSwap, 0, this.incomingSwap, 0, this.msglen + 4 + this.decryption.getMacLength());
                this.padlen = this.incomingSwap[4] & 255;
            } else {
                this.decryption.transform(this.incomingSwap, this.incomingCipherLength, this.incomingSwap, this.incomingCipherLength, this.remaining);
            }
        }
        if (this.incomingMac != null && !this.incomingMac.verify(this.incomingSequence, this.incomingSwap, 0, i, this.incomingSwap, i)) {
            throw new IOException("Corrupt Mac on input");
        }
        this.payloadIncoming = new byte[(this.msglen - this.padlen) - 1];
        System.arraycopy(this.incomingSwap, 5, this.payloadIncoming, 0, (this.msglen - this.padlen) - 1);
        if (this.incomingCompression == null || !this.incomingCompressionEnabled) {
            return true;
        }
        this.payloadIncoming = this.incomingCompression.uncompress(this.payloadIncoming, 0, this.payloadIncoming.length);
        return true;
    }

    public boolean wantsToWrite() {
        synchronized (this.kexlock) {
            if (this.currentState == 2 && this.completedFirstKeyExchange) {
                return this.kexQueue.size() > 0;
            }
            return this.outgoingQueue.size() > 0 || this.kexQueue.size() > 0;
        }
    }

    public int getQueueSizes() {
        return this.outgoingQueue.size() + this.kexQueue.size();
    }

    private String getStateName() {
        switch (this.currentState) {
            case 1:
                return "NEGOTIATING_PROTOCOL";
            case 2:
                return "PERFORMING_KEYEXCHANGE";
            case 3:
                return "CONNECTED";
            case 4:
                return "DISCONNECTED";
            default:
                return "UNKNOWN";
        }
    }

    public boolean idle() {
        long currentTimeMillis = (System.currentTimeMillis() - this.lastActivity) / 1000;
        if (log.isInfoEnabled() && this.idleEvents) {
            log.info(String.format("Connection from %s has been idle for %d seconds in state %s with queue size %d", this.socketConnection.getRemoteAddress().toString(), Long.valueOf(currentTimeMillis), getStateName(), Integer.valueOf(this.outgoingQueue.size())));
        }
        if (this.currentState == 4) {
            return true;
        }
        if (this.currentState != 4 && m26getContext().getKeepAliveInterval() > 0 && currentTimeMillis > m26getContext().getKeepAliveInterval()) {
            long keepAliveInterval = m26getContext().getKeepAliveInterval() + 1;
            if (this.lastKeepAlive > 0) {
                keepAliveInterval = (System.currentTimeMillis() - this.lastKeepAlive) / 1000;
            }
            if (this.currentState != 1 && keepAliveInterval > m26getContext().getKeepAliveInterval()) {
                postMessage(this.ignoreMessage);
                this.lastKeepAlive = System.currentTimeMillis();
            }
        }
        if (this.activeService != null) {
            this.activeService.idle();
        }
        if (this.currentState == 1 && currentTimeMillis > m26getContext().getIdleAuthenticationTimeoutSeconds()) {
            this.socketConnection.closeConnection();
            return true;
        }
        if (this.disableIdleTimeout || this.activeService == null || this.activeService.getIdleTimeoutSeconds() <= 0 || currentTimeMillis <= this.activeService.getIdleTimeoutSeconds()) {
            return false;
        }
        disconnect(11, this.sshContext.getMessagePolicy().getIdleDisconnectMessage());
        return true;
    }

    private void resetIdleState() {
        this.lastActivity = System.currentTimeMillis();
        if (getConnection().getIdleConnectionTimeoutSeconds() <= 0 || this.socketConnection == null) {
            return;
        }
        this.socketConnection.getIdleStates().reset(this);
    }

    public void disableIdleTimeout() {
        if (log.isDebugEnabled()) {
            log.debug("Disabling idle connection timeout");
        }
        this.disableIdleTimeout = true;
    }

    public void enableIdleTimeout() {
        if (log.isDebugEnabled()) {
            log.debug("Enabling idle connection timeout");
        }
        resetIdleState();
        this.disableIdleTimeout = false;
    }

    /*  JADX ERROR: NullPointerException in pass: AttachTryCatchVisitor
        java.lang.NullPointerException: Cannot invoke "String.charAt(int)" because "obj" is null
        	at jadx.core.utils.Utils.cleanObjectName(Utils.java:38)
        	at jadx.core.dex.instructions.args.ArgType.object(ArgType.java:86)
        	at jadx.core.dex.info.ClassInfo.fromName(ClassInfo.java:42)
        	at jadx.core.dex.visitors.AttachTryCatchVisitor.convertToHandlers(AttachTryCatchVisitor.java:113)
        	at jadx.core.dex.visitors.AttachTryCatchVisitor.initTryCatches(AttachTryCatchVisitor.java:54)
        	at jadx.core.dex.visitors.AttachTryCatchVisitor.visit(AttachTryCatchVisitor.java:42)
        */
    public com.maverick.nio.SocketWriteCallback onSocketWrite(java.nio.ByteBuffer r8) {
        /*
            Method dump skipped, instructions count: 525
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.maverick.sshd.TransportProtocol.onSocketWrite(java.nio.ByteBuffer):com.maverick.nio.SocketWriteCallback");
    }

    private void encodeChaCha20Poly1305FormatPacket(ByteBuffer byteBuffer) throws IOException {
        ChaCha20Poly1305 chaCha20Poly1305 = this.encryption;
        byte[] bArr = new byte[byteBuffer.remaining()];
        byteBuffer.get(bArr);
        byteBuffer.clear();
        if (this.outgoingCompression != null && this.outgoingCompressionEnabled) {
            bArr = this.outgoingCompression.compress(bArr, 0, bArr.length);
        }
        int length = 4 + ((8 - (((bArr.length + 1) + 4) % 8)) % 8);
        byteBuffer.put(chaCha20Poly1305.writePacketLength(bArr.length + 1 + length, new UnsignedInteger64(this.outgoingSequence)));
        byteBuffer.put((byte) length);
        byteBuffer.put(bArr, 0, bArr.length);
        this.outgoingBytes += bArr.length;
        byte[] bArr2 = new byte[length];
        this.rnd.nextBytes(bArr2);
        byteBuffer.put(bArr2);
        byteBuffer.flip();
        byte[] bArr3 = new byte[byteBuffer.remaining() + this.encryption.getMacLength()];
        byteBuffer.get(bArr3, 0, byteBuffer.remaining());
        chaCha20Poly1305.transform(bArr3, 4, bArr3, 4, bArr3.length - 4);
        byteBuffer.clear();
        byteBuffer.put(bArr3);
    }

    private void encodeETMFormatPacket(ByteBuffer byteBuffer) throws IOException {
        byte[] bArr = new byte[byteBuffer.remaining()];
        byteBuffer.get(bArr);
        byteBuffer.clear();
        int i = 8;
        if (this.encryption != null) {
            i = this.encryption.getBlockSize();
        }
        if (this.outgoingCompression != null && this.outgoingCompressionEnabled) {
            bArr = this.outgoingCompression.compress(bArr, 0, bArr.length);
        }
        int length = 4 + ((i - (((bArr.length + 1) + 4) % i)) % i);
        byteBuffer.putInt(bArr.length + 1 + length);
        byteBuffer.put((byte) length);
        byteBuffer.put(bArr, 0, bArr.length);
        this.outgoingBytes += bArr.length;
        byte[] bArr2 = new byte[length];
        this.rnd.nextBytes(bArr2);
        byteBuffer.put(bArr2);
        byteBuffer.flip();
        byte[] bArr3 = (this.encryption == null || !this.encryption.isMAC()) ? new byte[byteBuffer.remaining()] : new byte[byteBuffer.remaining() + this.encryption.getMacLength()];
        byteBuffer.get(bArr3);
        byte[] bArr4 = null;
        if (this.encryption != null) {
            this.encryption.transform(bArr3, 4, bArr3, 4, bArr3.length - 4);
        }
        if (this.outgoingMac != null) {
            bArr4 = new byte[this.outgoingMac.getMacLength()];
            this.outgoingMac.generate(this.outgoingSequence, bArr3, 0, bArr3.length, bArr4, 0);
        }
        byteBuffer.clear();
        byteBuffer.put(bArr3);
        if (bArr4 == null || bArr4.length <= 0) {
            return;
        }
        byteBuffer.put(bArr4);
    }

    private void encodeOriginalFormatPacket(ByteBuffer byteBuffer) throws IOException {
        byte[] bArr = new byte[byteBuffer.remaining()];
        byteBuffer.get(bArr);
        byteBuffer.clear();
        int i = 8;
        if (this.encryption != null) {
            i = this.encryption.getBlockSize();
        }
        if (this.outgoingCompression != null && this.outgoingCompressionEnabled) {
            bArr = this.outgoingCompression.compress(bArr, 0, bArr.length);
        }
        int length = (this.encryption == null || !this.encryption.isMAC()) ? 4 + ((i - (((bArr.length + 5) + 4) % i)) % i) : 4 + ((i - (((bArr.length + 1) + 4) % i)) % i);
        int length2 = bArr.length + 1 + length;
        byteBuffer.putInt(length2);
        byteBuffer.put((byte) length);
        byteBuffer.put(bArr, 0, bArr.length);
        this.outgoingBytes += bArr.length;
        byte[] bArr2 = new byte[length];
        this.rnd.nextBytes(bArr2);
        byteBuffer.put(bArr2);
        byteBuffer.flip();
        byte[] bArr3 = (this.encryption == null || !this.encryption.isMAC()) ? new byte[byteBuffer.remaining()] : new byte[byteBuffer.remaining() + this.encryption.getMacLength()];
        byteBuffer.get(bArr3, 0, byteBuffer.remaining());
        byte[] bArr4 = null;
        if (this.outgoingMac != null) {
            bArr4 = new byte[this.outgoingMac.getMacLength()];
            this.outgoingMac.generate(this.outgoingSequence, bArr3, 0, bArr3.length, bArr4, 0);
        }
        if (this.encryption != null) {
            if (this.encryption.isMAC()) {
                this.encryption.transform(bArr3, 0, bArr3, 0, length2 + 4);
            } else {
                this.encryption.transform(bArr3);
            }
        }
        byteBuffer.clear();
        byteBuffer.put(bArr3);
        if (bArr4 == null || bArr4.length <= 0) {
            return;
        }
        byteBuffer.put(bArr4);
    }

    public int getState() {
        return this.currentState;
    }

    public SocketAddress getLocalAddress() {
        return this.socketConnection.getLocalAddress();
    }

    public int getLocalPort() {
        return this.socketConnection.getLocalPort();
    }

    public String getRemoteIdentification() {
        return this.remoteIdentification.toString();
    }

    public String getUUID() {
        return this.socketConnection.getUuid();
    }

    @Override // com.maverick.sshd.AbstractServerTransport
    public void disconnect(int i, String str) {
        if (str == null) {
            str = "Failure";
        }
        this.disconnectStarted = new Date();
        if (log.isInfoEnabled()) {
            log.info(String.format("Disconnecting remote client %s reason=%s", this.socketConnection.getRemoteAddress().toString(), str));
        }
        postMessage(new DisconnectMessage(i, str));
    }

    public void forceDisconnect() {
        this.socketConnection.closeConnection();
    }

    public void onSocketClose() {
        synchronized (this) {
            if (!this.closed) {
                this.closed = true;
                if (log.isInfoEnabled() && this.socketConnection != null) {
                    log.info(String.format("Connection closed from %s", this.socketConnection.getRemoteAddress().toString()));
                }
                if (this.disconnectStarted == null) {
                    this.disconnectStarted = new Date();
                }
                if (log.isDebugEnabled()) {
                    log.debug("Performing internal disconnect");
                }
                setTransportState(4);
                if (this.socketConnection != null) {
                    this.socketConnection.getIdleStates().remove(this);
                }
                if (this.binaryInput != null) {
                    this.binaryInput.close();
                }
                if (this.binaryOutput != null) {
                    this.binaryOutput.close();
                }
                synchronized (lock) {
                    if (!this.denyConnection && this.countedConnection) {
                        Integer valueOf = Integer.valueOf(this.sshContext.decrementConnections());
                        if (log.isInfoEnabled()) {
                            log.info("There " + (valueOf.intValue() != 1 ? "are" : "is") + " now " + valueOf + " active " + (valueOf.intValue() == 1 ? "connection" : "connections"));
                        }
                    }
                }
                if (log.isDebugEnabled()) {
                    log.debug("Submitting transport cleanup to executor service");
                }
                this.outgoingMessages.cleanupOperations(new Runnable[]{new Runnable() { // from class: com.maverick.sshd.TransportProtocol.4
                    @Override // java.lang.Runnable
                    public void run() {
                        if (TransportProtocol.this.activeService != null) {
                            if (TransportProtocol.log.isDebugEnabled()) {
                                TransportProtocol.log.debug("Stopping the active service");
                            }
                            TransportProtocol.this.activeService.stop();
                        }
                        EventServiceImplementation.getInstance().fireEvent(new SSHDEvent((Object) this, SSHDEventCodes.EVENT_DISCONNECTED, true, TransportProtocol.this.getConnection().getUUID()).addAttribute("CONNECTION", TransportProtocol.this.con).addAttribute(SSHDEventCodes.ATTRIBUTE_OPERATION_STARTED, TransportProtocol.this.disconnectStarted).addAttribute(SSHDEventCodes.ATTRIBUTE_OPERATION_FINISHED, new Date()));
                        Iterator<TransportProtocolListener> it = TransportProtocol.this.transportListeners.iterator();
                        while (it.hasNext()) {
                            it.next().onDisconnect(TransportProtocol.this);
                        }
                        ConnectionManager.getInstance().unregisterTransport(TransportProtocol.this);
                        TransportProtocol.this.incomingSwap = null;
                        synchronized (TransportProtocol.this.outgoingQueue) {
                            TransportProtocol.this.outgoingQueue.clear();
                        }
                        synchronized (TransportProtocol.this.kexQueue) {
                            TransportProtocol.this.kexQueue.clear();
                        }
                    }
                }});
            }
        }
    }

    public SecureRandom getRND() {
        return this.rnd;
    }

    void setTransportState(int i) {
        this.currentState = i;
    }

    void performKeyExchange(byte[] bArr) throws IOException, WriteOperationRequest {
        ByteArrayReader byteArrayReader = null;
        try {
            try {
                this.currentState = 2;
                sendKeyExchangeInit();
                this.remotekex = bArr;
                ByteArrayReader byteArrayReader2 = new ByteArrayReader(this.remotekex, 0, this.remotekex.length);
                byteArrayReader2.skip(17L);
                String checkValidString = checkValidString("key exchange", byteArrayReader2.readString());
                String checkValidString2 = checkValidString("public key", byteArrayReader2.readString());
                String checkValidString3 = checkValidString("client->server cipher", byteArrayReader2.readString());
                String checkValidString4 = checkValidString("server->client cipher", byteArrayReader2.readString());
                String readString = byteArrayReader2.readString();
                String readString2 = byteArrayReader2.readString();
                String readString3 = byteArrayReader2.readString();
                String readString4 = byteArrayReader2.readString();
                byteArrayReader2.readString();
                byteArrayReader2.readString();
                boolean z = byteArrayReader2.read() != 0;
                EventServiceImplementation.getInstance().fireEvent(new SSHDEvent((Object) this, SSHDEventCodes.EVENT_KEY_EXCHANGE_INIT, true, getConnection().getUUID()).addAttribute("CONNECTION", this.con).addAttribute(SSHDEventCodes.ATTRIBUTE_REMOTE_KEY_EXCHANGES, checkValidString).addAttribute(SSHDEventCodes.ATTRIBUTE_LOCAL_KEY_EXCHANGES, this.localKeyExchanges).addAttribute(SSHDEventCodes.ATTRIBUTE_REMOTE_PUBLICKEYS, checkValidString2).addAttribute(SSHDEventCodes.ATTRIBUTE_LOCAL_PUBLICKEYS, this.localPublicKeys).addAttribute(SSHDEventCodes.ATTRIBUTE_REMOTE_CIPHERS_CS, checkValidString3).addAttribute(SSHDEventCodes.ATTRIBUTE_LOCAL_CIPHERS_CS, this.localCiphersCS).addAttribute(SSHDEventCodes.ATTRIBUTE_REMOTE_CIPHERS_SC, checkValidString4).addAttribute(SSHDEventCodes.ATTRIBUTE_LOCAL_CIPHERS_SC, this.localCiphersSC).addAttribute(SSHDEventCodes.ATTRIBUTE_REMOTE_CS_MACS, readString).addAttribute(SSHDEventCodes.ATTRIBUTE_LOCAL_CS_MACS, this.localMacsCS).addAttribute(SSHDEventCodes.ATTRIBUTE_REMOTE_SC_MACS, readString2).addAttribute(SSHDEventCodes.ATTRIBUTE_LOCAL_SC_MACS, this.localMacsSC).addAttribute(SSHDEventCodes.ATTRIBUTE_REMOTE_CS_COMPRESSIONS, readString3).addAttribute(SSHDEventCodes.ATTRIBUTE_LOCAL_CS_COMPRESSIONS, this.localCompressionsCS).addAttribute(SSHDEventCodes.ATTRIBUTE_REMOTE_SC_COMPRESSIONS, readString4).addAttribute(SSHDEventCodes.ATTRIBUTE_LOCAL_SC_COMPRESSIONS, this.localCompressionsSC));
                this.keyExchangeAlg = selectNegotiatedComponent("key exchange", checkValidString, this.localKeyExchanges);
                this.hasExtensionCapability = checkValidString.contains("ext-info-c");
                if (!this.completedFirstKeyExchange) {
                    this.isKexStrict = checkValidString.contains(STRICT_KEX_CLIENT);
                }
                this.keyExchange = (SshKeyExchangeServer) this.sshContext.supportedKeyExchanges().getInstance(this.keyExchangeAlg);
                this.hostKeyAlg = selectNegotiatedComponent("public key", checkValidString2, this.localPublicKeys);
                this.hostKey = this.sshContext.getHostKey(this.hostKeyAlg);
                this.keyExchange.init(this, this.remoteIdentification.toString().trim(), this.localIdentification.trim(), this.remotekex, this.localkex, this.hostKey.getPrivateKey(), this.hostKey.getPublicKey(), z, checkValidString.startsWith(this.sshContext.getPreferredKeyExchange()) && checkValidString2.startsWith(this.sshContext.getPreferredPublicKey()));
                this.cipherCS = selectNegotiatedComponent("cipher", checkValidString("client->server cipher list", checkValidString3), this.localCiphersCS);
                this.cipherSC = selectNegotiatedComponent("cipher", checkValidString("server->client cipher list", checkValidString4), this.localCiphersSC);
                this.macCS = selectNegotiatedComponent("mac", checkValidString("client->server hmac list", readString), this.localMacsCS);
                this.macSC = selectNegotiatedComponent("mac", checkValidString("server->client hmac list", readString2), this.localMacsSC);
                this.compressionCS = selectNegotiatedComponent("compression", checkValidString("client->server compression list", readString3), this.localCompressionsCS);
                this.compressionSC = selectNegotiatedComponent("compression", checkValidString("server->client compression list", readString4), this.localCompressionsSC);
                if (this.denyConnection) {
                    fireTooManyConnectionsDisconnectEvent(this.numberOfConnections);
                    disconnect(12, this.sshContext.getTooManyConnectionsText());
                    throw new WriteOperationRequest();
                }
                if (log.isDebugEnabled()) {
                    log.debug("Negotiated client->server cipher: " + this.cipherCS);
                }
                if (log.isDebugEnabled()) {
                    log.debug("Negotiated server->client cipher: " + this.cipherSC);
                }
                if (log.isDebugEnabled()) {
                    log.debug("Negotiated client->server hmac: " + this.macCS);
                }
                if (log.isDebugEnabled()) {
                    log.debug("Negotiated client->server hmac: " + this.macSC);
                }
                if (log.isDebugEnabled()) {
                    log.debug("Negotiated client->server compression: " + this.compressionCS);
                }
                if (log.isDebugEnabled()) {
                    log.debug("Negotiated server->client compression: " + this.compressionSC);
                }
                if (log.isDebugEnabled()) {
                    log.debug("Negotiated key exchange: " + this.keyExchange.getAlgorithm());
                }
                if (log.isDebugEnabled()) {
                    log.debug("Negotiated public key: " + this.hostKeyAlg);
                }
                if (byteArrayReader2 != null) {
                    try {
                        byteArrayReader2.close();
                    } catch (IOException e) {
                    }
                }
            } catch (Throwable th) {
                if (0 != 0) {
                    try {
                        byteArrayReader.close();
                    } catch (IOException e2) {
                    }
                }
                throw th;
            }
        } catch (IOException | SshException e3) {
            EventServiceImplementation.getInstance().fireEvent(new SSHDEvent(this, SSHDEventCodes.EVENT_KEY_EXCHANGE_COMPLETE, e3, getConnection().getUUID()).addAttribute("CONNECTION", this.con).addAttribute(SSHDEventCodes.ATTRIBUTE_USING_PUBLICKEY, this.hostKeyAlg).addAttribute(SSHDEventCodes.ATTRIBUTE_USING_KEY_EXCHANGE, this.keyExchangeAlg).addAttribute(SSHDEventCodes.ATTRIBUTE_USING_CS_CIPHER, this.cipherCS).addAttribute(SSHDEventCodes.ATTRIBUTE_USING_SC_CIPHER, this.cipherSC).addAttribute(SSHDEventCodes.ATTRIBUTE_USING_CS_MAC, this.macCS).addAttribute(SSHDEventCodes.ATTRIBUTE_USING_SC_MAC, this.macSC).addAttribute(SSHDEventCodes.ATTRIBUTE_USING_CS_COMPRESSION, this.compressionCS).addAttribute(SSHDEventCodes.ATTRIBUTE_USING_SC_COMPRESSION, this.compressionSC));
            EventServiceImplementation.getInstance().fireEvent(new SSHDEvent((Object) this, SSHDEventCodes.EVENT_KEY_EXCHANGE_FAILURE, true, getConnection().getUUID()).addAttribute("CONNECTION", this.con));
            if (!(e3 instanceof IOException)) {
                throw new IOException("Unexpected protocol termination: " + e3.getMessage());
            }
            throw e3;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void fireTooManyConnectionsDisconnectEvent(Integer num) {
        EventServiceImplementation.getInstance().fireEvent(new SSHDEvent((Object) this, SSHDEventCodes.EVENT_REACHED_CONNECTION_LIMIT, false, getConnection().getUUID()).addAttribute("CONNECTION", this.con).addAttribute(SSHDEventCodes.ATTRIBUTE_NUMBER_OF_CONNECTIONS, String.valueOf(num.intValue())));
    }

    void processExtensionInfo(byte[] bArr) throws IOException {
        ByteArrayReader byteArrayReader = new ByteArrayReader(bArr);
        try {
            try {
                byteArrayReader.skip(1L);
                int readInt = (int) byteArrayReader.readInt();
                if (log.isDebugEnabled()) {
                    log.debug("Client supports {} extensions", Integer.valueOf(readInt));
                }
                for (int i = 0; i < readInt; i++) {
                    String readString = byteArrayReader.readString();
                    String readString2 = byteArrayReader.readString();
                    if (log.isDebugEnabled()) {
                        log.debug("{}={}", readString, readString2);
                    }
                }
            } catch (Throwable th) {
                log.error("Failed to process SSH_MSG_EXT_INFO so I'll ignore it", th);
                byteArrayReader.close();
            }
        } finally {
            byteArrayReader.close();
        }
    }

    void startService(byte[] bArr) throws IOException {
        ByteArrayReader byteArrayReader = new ByteArrayReader(bArr);
        try {
            byteArrayReader.skip(1L);
            final String readString = byteArrayReader.readString();
            if (readString.equals("ssh-userauth")) {
                this.activeService = new AuthenticationProtocol();
                this.activeService.init(this);
                postMessage(new SshMessage() { // from class: com.maverick.sshd.TransportProtocol.5
                    @Override // com.maverick.sshd.SshMessage
                    public void writeMessageIntoBuffer(ByteBuffer byteBuffer) {
                        byteBuffer.put((byte) 6);
                        byteBuffer.putInt(readString.length());
                        byteBuffer.put(readString.getBytes());
                    }

                    @Override // com.maverick.sshd.SshMessage
                    public void messageSent() {
                        if (TransportProtocol.log.isDebugEnabled()) {
                            TransportProtocol.log.debug("Sent SSH_MSG_SERVICE_ACCEPT");
                        }
                        TransportProtocol.this.activeService.start();
                    }
                });
            } else {
                disconnect(7, readString + " is not a valid service.");
            }
        } finally {
            byteArrayReader.close();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void startService(Service service) {
        try {
            this.activeService.stop();
            this.activeService = service;
            service.init(this);
            service.start();
        } catch (IOException e) {
            if (log.isDebugEnabled()) {
                log.debug("Failed to start the service", e);
            }
            disconnect(7, "Failed to start the service");
        }
    }

    void processMessage(byte[] bArr, long j) throws SshException, IOException, WriteOperationRequest {
        ByteArrayReader byteArrayReader;
        if (bArr.length < 1) {
            if (log.isDebugEnabled()) {
                log.debug("Invalid transport protocol message");
            }
            throw new IOException("Invalid transport protocol message");
        }
        switch (bArr[0]) {
            case 1:
                if (log.isDebugEnabled()) {
                    log.debug("Processing SSH_MSG_DISCONNECT");
                }
                byteArrayReader = new ByteArrayReader(bArr);
                try {
                    byteArrayReader.skip(5L);
                    if (log.isInfoEnabled()) {
                        log.info(String.format("Remote client disconnected from %s reason=%s", this.socketConnection.getRemoteAddress().toString(), byteArrayReader.readString()));
                    }
                    this.socketConnection.closeConnection();
                    byteArrayReader.close();
                    return;
                } finally {
                }
            case 2:
                checkStrictKex();
                if (log.isDebugEnabled()) {
                    log.debug("Processing SSH_MSG_IGNORE");
                    return;
                }
                return;
            case 3:
            default:
                resetIdleState();
                switch (bArr[0]) {
                    case 3:
                        checkStrictKex();
                        byteArrayReader = new ByteArrayReader(bArr);
                        try {
                            byteArrayReader.skip(1L);
                            if (log.isDebugEnabled()) {
                                log.debug("Processing SSH_MSG_UNIMPLEMENTED for sequence " + byteArrayReader.readInt());
                            }
                            byteArrayReader.close();
                            return;
                        } finally {
                        }
                    case 5:
                        if (log.isDebugEnabled()) {
                            log.debug("Processing SSH_MSG_SERVICE_REQUEST");
                        }
                        startService(bArr);
                        return;
                    case 7:
                        checkStrictKex();
                        if (log.isDebugEnabled()) {
                            log.debug("Processing SSH_MSG_EXT_INFO");
                        }
                        processExtensionInfo(bArr);
                        return;
                    case 20:
                        if (log.isDebugEnabled()) {
                            log.debug("Processing SSH_MSG_KEX_INIT");
                        }
                        performKeyExchange(bArr);
                        return;
                    case 21:
                        if (log.isDebugEnabled()) {
                            log.debug("Processing SSH_MSG_NEWKEYS");
                        }
                        this.hasFirstNewKeys = true;
                        synchronized (this.keyExchange) {
                            this.keyExchange.setReceivedNewKeys(true);
                            generateNewKeysCS();
                        }
                        return;
                    default:
                        if (this.currentState == 2 && this.keyExchange.processMessage(bArr)) {
                            return;
                        }
                        if (this.activeService == null || !this.activeService.processMessage(bArr)) {
                            if (log.isDebugEnabled()) {
                                log.debug("Unimplemented Message " + String.valueOf((int) bArr[0]) + " received");
                            }
                            postMessage(new UnimplementedMessage(j));
                            return;
                        }
                        return;
                }
            case 4:
                checkStrictKex();
                if (log.isDebugEnabled()) {
                    log.debug("Processing SSH_MSG_DEBUG");
                    return;
                }
                return;
        }
    }

    private void checkStrictKex() {
        if (!this.isKexStrict || this.hasFirstNewKeys) {
            return;
        }
        disconnect(2, "Strict KEX mode encountered a message that is not permitted at this time");
    }

    private void fireKeyExchangeComplete() {
        if (this.hasExtensionCapability && this.enableExtensionCapability) {
            sendExtensionInfo();
        }
        EventServiceImplementation.getInstance().fireEvent(new SSHDEvent((Object) this, SSHDEventCodes.EVENT_KEY_EXCHANGE_COMPLETE, true, getConnection().getUUID()).addAttribute("CONNECTION", this.con).addAttribute(SSHDEventCodes.ATTRIBUTE_USING_PUBLICKEY, this.hostKeyAlg).addAttribute(SSHDEventCodes.ATTRIBUTE_USING_KEY_EXCHANGE, this.keyExchangeAlg).addAttribute(SSHDEventCodes.ATTRIBUTE_USING_CS_CIPHER, this.cipherCS).addAttribute(SSHDEventCodes.ATTRIBUTE_USING_SC_CIPHER, this.cipherSC).addAttribute(SSHDEventCodes.ATTRIBUTE_USING_CS_MAC, this.macCS).addAttribute(SSHDEventCodes.ATTRIBUTE_USING_SC_MAC, this.macSC).addAttribute(SSHDEventCodes.ATTRIBUTE_USING_CS_COMPRESSION, this.compressionCS).addAttribute(SSHDEventCodes.ATTRIBUTE_USING_SC_COMPRESSION, this.compressionSC));
        synchronized (this.outgoingQueue) {
            this.outgoingQueue.notifyAll();
        }
    }

    @Override // com.maverick.sshd.AbstractServerTransport
    public void sendNewKeys() {
        if (AdaptiveConfiguration.getBoolean("verboseSignatures", false, new String[]{this.con.getRemoteAddress(), this.con.getIdent()})) {
            String property = AdaptiveConfiguration.getProperty("verboseSignatures.filename", "signatures.dat", new String[]{this.con.getRemoteAddress(), this.con.getIdent()});
            try {
                ByteArrayWriter byteArrayWriter = new ByteArrayWriter();
                byteArrayWriter.writeString(System.getProperty("java.version") + StringUtil.STR_SPACE + System.getProperty("java.vendor"));
                if (this.hostKey.getPrivateKey().getJCEPrivateKey() != null) {
                    byteArrayWriter.writeString(this.hostKey.getPrivateKey().getJCEPrivateKey().getClass().getCanonicalName());
                } else {
                    byteArrayWriter.writeString("");
                }
                byteArrayWriter.writeString(this.hostKey.getPublicKey().getSigningAlgorithm());
                byteArrayWriter.writeBinaryString(this.keyExchange.getExchangeHash());
                ByteArrayWriter byteArrayWriter2 = new ByteArrayWriter();
                byteArrayWriter2.writeString(this.hostKey.getPublicKey().getSigningAlgorithm());
                byteArrayWriter2.writeBinaryString(this.keyExchange.getSignature());
                byteArrayWriter.writeBinaryString(byteArrayWriter2.toByteArray());
                byteArrayWriter.writeString(Base64.encodeBytes(SshPrivateKeyFileFactory.create(this.hostKey, "maverick-secret-only-used-in-debug", "Private key for debugging purposes only", 0).getFormattedKey(), false));
                synchronized (signatureLock) {
                    FileOutputStream fileOutputStream = new FileOutputStream(new File(property), true);
                    try {
                        byte[] byteArray = byteArrayWriter.toByteArray();
                        fileOutputStream.write(ByteArrayWriter.encodeInt(byteArray.length));
                        fileOutputStream.write(byteArray);
                        fileOutputStream.flush();
                        IOUtil.closeStream(fileOutputStream);
                    } catch (Throwable th) {
                        IOUtil.closeStream(fileOutputStream);
                        throw th;
                    }
                }
            } catch (Throwable th2) {
                log.error("Verbose signature logging failed", th2);
            }
        }
        postMessage(new SshMessage() { // from class: com.maverick.sshd.TransportProtocol.6
            @Override // com.maverick.sshd.SshMessage
            public void writeMessageIntoBuffer(ByteBuffer byteBuffer) {
                byteBuffer.put((byte) 21);
            }

            @Override // com.maverick.sshd.SshMessage
            public void messageSent() {
                synchronized (TransportProtocol.this.keyExchange) {
                    if (TransportProtocol.log.isDebugEnabled()) {
                        TransportProtocol.log.debug("Sent SSH_MSG_NEWKEYS");
                    }
                    TransportProtocol.this.keyExchange.setSentNewKeys(true);
                    TransportProtocol.this.generateNewKeysSC();
                }
            }
        }, true);
    }

    private void sendExtensionInfo() {
        if (AdaptiveConfiguration.getBoolean("disableExtensionInfo", false, new String[]{this.con.getRemoteAddress(), this.con.getIdent()})) {
            return;
        }
        final ByteArrayWriter byteArrayWriter = new ByteArrayWriter();
        try {
            try {
                byteArrayWriter.writeInt(1);
                byteArrayWriter.writeString("server-sig-algs");
                if (m26getContext().isSHA1SignaturesSupported()) {
                    byteArrayWriter.writeString(m26getContext().supportedPublicKeys().list(""));
                } else {
                    byteArrayWriter.writeString(m26getContext().supportedPublicKeys().list("", new String[]{SshContext.PUBLIC_KEY_SSHRSA}));
                }
                postMessage(new SshMessage() { // from class: com.maverick.sshd.TransportProtocol.7
                    @Override // com.maverick.sshd.SshMessage
                    public void writeMessageIntoBuffer(ByteBuffer byteBuffer) {
                        byteBuffer.put((byte) 7);
                        byteBuffer.put(byteArrayWriter.toByteArray());
                    }

                    @Override // com.maverick.sshd.SshMessage
                    public void messageSent() {
                        if (TransportProtocol.log.isDebugEnabled()) {
                            TransportProtocol.log.debug("Sent SSH_MSG_EXT_INFO");
                        }
                    }
                });
            } catch (IOException e) {
                throw new IllegalStateException(e.getMessage(), e);
            }
        } finally {
            try {
                byteArrayWriter.close();
            } catch (IOException e2) {
            }
        }
    }

    public SshContext getSshContext() {
        return this.sshContext;
    }

    String selectNegotiatedComponent(String str, String str2, String str3) throws IOException {
        Vector vector = new Vector();
        while (true) {
            int indexOf = str3.indexOf(",");
            if (indexOf <= -1) {
                break;
            }
            vector.addElement(str3.substring(0, indexOf).trim());
            str3 = str3.substring(indexOf + 1).trim();
        }
        vector.addElement(str3);
        while (true) {
            int indexOf2 = str2.indexOf(",");
            if (indexOf2 <= -1) {
                if (vector.contains(str2)) {
                    return str2;
                }
                EventServiceImplementation.getInstance().fireEvent(new SSHDEvent((Object) this, SSHDEventCodes.EVENT_FAILED_TO_NEGOTIATE_TRANSPORT_COMPONENT, true, getConnection().getUUID()).addAttribute("CONNECTION", this.con).addAttribute(SSHDEventCodes.ATTRIBUTE_LOCAL_COMPONENT_LIST, str3).addAttribute(SSHDEventCodes.ATTRIBUTE_REMOTE_COMPONENT_LIST, str2));
                throw new IOException(String.format("Failed to negotiate a %s component", str));
            }
            String trim = str2.substring(0, indexOf2).trim();
            if (vector.contains(trim)) {
                return trim;
            }
            str2 = str2.substring(indexOf2 + 1).trim();
        }
    }

    void generateNewKeysSC() {
        synchronized (this.kexlock) {
            try {
                if (this.sessionIdentifier == null) {
                    this.sessionIdentifier = this.keyExchange.getExchangeHash();
                }
                this.encryption = (SshCipher) this.sshContext.supportedCiphersSC().getInstance(this.cipherSC);
                this.encryption.init(0, makeSshKey('B', this.encryption.getBlockSize()), makeSshKey('D', this.encryption.getKeyLength()));
                if (!this.encryption.isMAC()) {
                    this.outgoingMac = (SshHmac) this.sshContext.supportedMacsSC().getInstance(this.macSC);
                    this.outgoingMac.init(makeSshKey('F', this.outgoingMac.getMacSize()));
                }
                this.outgoingCompression = null;
                if (!this.compressionSC.equals("none")) {
                    this.outgoingCompression = (SshCompression) this.sshContext.supportedCompressionsSC().getInstance(this.compressionSC);
                    this.outgoingCompression.init(1, getSshContext().getCompressionLevel());
                    if (!this.outgoingCompressionEnabled && this.outgoingCompression != null) {
                        this.outgoingCompressionEnabled = !this.outgoingCompression.isDelayed();
                    }
                }
                if (this.isKexStrict) {
                    if (log.isDebugEnabled()) {
                        log.debug("Resetting OUTGOING sequence from {} to zero for strict transport protocol requirements", Long.valueOf(this.outgoingSequence));
                    }
                    this.outgoingSequence = 0L;
                }
                if (this.keyExchange.hasReceivedNewKeys()) {
                    setTransportState(3);
                    fireKeyExchangeComplete();
                    this.localkex = null;
                    this.remotekex = null;
                    this.completedFirstKeyExchange = true;
                }
            } catch (Throwable th) {
                if (log.isDebugEnabled()) {
                    log.debug("Failed to create transport component", th);
                }
                disconnect(2, "Failed to create a transport component! " + th.getMessage());
            }
        }
    }

    void generateNewKeysCS() {
        synchronized (this.kexlock) {
            try {
                if (this.sessionIdentifier == null) {
                    this.sessionIdentifier = this.keyExchange.getExchangeHash();
                }
                this.decryption = (SshCipher) this.sshContext.supportedCiphersCS().getInstance(this.cipherCS);
                this.decryption.init(1, makeSshKey('A', this.decryption.getBlockSize()), makeSshKey('C', this.decryption.getKeyLength()));
                if (this.decryption.isMAC()) {
                    this.incomingMacLength = this.decryption.getMacLength();
                } else {
                    this.incomingMac = (SshHmac) this.sshContext.supportedMacsCS().getInstance(this.macCS);
                    this.incomingMac.init(makeSshKey('E', this.incomingMac.getMacSize()));
                    this.incomingMacLength = this.incomingMac.getMacLength();
                }
                this.incomingCompression = null;
                if (!this.compressionCS.equals("none")) {
                    this.incomingCompression = (SshCompression) this.sshContext.supportedCompressionsCS().getInstance(this.compressionCS);
                    this.incomingCompression.init(0, getSshContext().getCompressionLevel());
                }
                this.incomingCipherLength = this.decryption.getBlockSize();
                if (!this.incomingCompressionEnabled && this.incomingCompression != null) {
                    this.incomingCompressionEnabled = !this.incomingCompression.isDelayed();
                }
                if (this.isKexStrict) {
                    if (log.isDebugEnabled()) {
                        log.debug("Resetting INCOMING sequence from {} to zero for strict transport protocol requirements", Long.valueOf(this.incomingSequence));
                    }
                    this.incomingSequence = 0L;
                }
                if (this.keyExchange.hasSentNewKeys()) {
                    setTransportState(3);
                    fireKeyExchangeComplete();
                    this.localkex = null;
                    this.remotekex = null;
                    this.completedFirstKeyExchange = true;
                }
            } catch (Throwable th) {
                if (log.isDebugEnabled()) {
                    log.debug("Failed to create transport component", th);
                }
                disconnect(2, "Failed to create a transport component! " + th.getMessage());
            }
        }
    }

    private void generateAlgorithms() {
        if (!m26getContext().isSHA1SignaturesSupported()) {
            this.ignorePublicKeys.add(SshContext.PUBLIC_KEY_SSHRSA);
            this.ignorePublicKeys.add("ssh-rsa-cert-v01@openssh.com");
        }
        if (!this.sshContext.isEnableETM()) {
            this.ignoreMacs.add(SshContext.HMAC_MD5_ETM);
            this.ignoreMacs.add(SshContext.HMAC_RIPEMD160_ETM);
            this.ignoreMacs.add(SshContext.HMAC_SHA1_ETM);
            this.ignoreMacs.add(SshContext.HMAC_SHA256_ETM);
            this.ignoreMacs.add(SshContext.HMAC_SHA512_ETM);
        }
        if (m26getContext().getSecurityLevel().ordinal() < SecurityLevel.PARANOID.ordinal() && !this.sshContext.isNonStandardAlgorithmsEnabled()) {
            for (String str : this.sshContext.supportedMacsCS().names()) {
                if (str.contains("@")) {
                    this.ignoreMacs.add(str);
                }
            }
            for (String str2 : this.sshContext.supportedCiphersCS().names()) {
                if (str2.contains("@")) {
                    this.ignoreCiphers.add(str2);
                }
            }
            for (String str3 : this.sshContext.supportedCompressionsCS().names()) {
                if (str3.contains("@")) {
                    this.ignoreCompressions.add(str3);
                }
            }
            for (String str4 : this.sshContext.supportedPublicKeys().names()) {
                if (str4.contains("@")) {
                    this.ignorePublicKeys.add(str4);
                }
            }
            for (String str5 : this.sshContext.supportedKeyExchanges().names()) {
                if (str5.contains("@")) {
                    this.ignoreKeyExchanges.add(str5);
                }
            }
        }
        this.localKeyExchanges = AdaptiveConfiguration.createAlgorithmList(this.sshContext.supportedKeyExchanges(), "Kex", checkManagedSecurity(this.sshContext.getPreferredKeyExchange()), this.ident, this.con.getRemoteAddress(), (String[]) this.ignoreKeyExchanges.toArray(new String[0]));
        this.localPublicKeys = AdaptiveConfiguration.createAlgorithmList(this.sshContext.getSupportedPublicKeys(), "Publickeys", this.ident, this.con.getRemoteAddress(), (String[]) this.ignorePublicKeys.toArray(new String[0]));
        this.localCiphersCS = AdaptiveConfiguration.createAlgorithmList(this.sshContext.supportedCiphersCS(), "Ciphers", checkManagedSecurity(this.sshContext.getPreferredCipherCS()), this.ident, this.con.getRemoteAddress(), (String[]) this.ignoreCiphers.toArray(new String[0]));
        this.localCiphersSC = AdaptiveConfiguration.createAlgorithmList(this.sshContext.supportedCiphersSC(), "Ciphers", checkManagedSecurity(this.sshContext.getPreferredCipherSC()), this.ident, this.con.getRemoteAddress(), (String[]) this.ignoreCiphers.toArray(new String[0]));
        this.localMacsCS = AdaptiveConfiguration.createAlgorithmList(this.sshContext.supportedMacsCS(), "Macs", checkManagedSecurity(this.sshContext.getPreferredMacCS()), this.ident, this.con.getRemoteAddress(), (String[]) this.ignoreMacs.toArray(new String[0]));
        this.localMacsSC = AdaptiveConfiguration.createAlgorithmList(this.sshContext.supportedMacsSC(), "Macs", checkManagedSecurity(this.sshContext.getPreferredMacSC()), this.ident, this.con.getRemoteAddress(), (String[]) this.ignoreMacs.toArray(new String[0]));
        this.localCompressionsCS = AdaptiveConfiguration.createAlgorithmList(this.sshContext.supportedCompressionsCS(), "Compressions", checkManagedSecurity(this.sshContext.getPreferredCompressionCS()), this.ident, this.con.getRemoteAddress(), (String[]) this.ignoreCompressions.toArray(new String[0]));
        this.localCompressionsSC = AdaptiveConfiguration.createAlgorithmList(this.sshContext.supportedCompressionsSC(), "Compressions", checkManagedSecurity(this.sshContext.getPreferredMacSC()), this.ident, this.con.getRemoteAddress(), (String[]) this.ignoreCompressions.toArray(new String[0]));
    }

    private String checkManagedSecurity(String str) {
        return str;
    }

    void sendKeyExchangeInit() {
        try {
            synchronized (this.kexlock) {
                this.numIncomingBytesSinceKEX = 0;
                this.numIncomingPacketsSinceKEX = 0;
                this.numOutgoingBytesSinceKEX = 0;
                this.numOutgoingPacketsSinceKEX = 0;
                setTransportState(2);
                if (this.localkex == null) {
                    ByteArrayWriter byteArrayWriter = new ByteArrayWriter();
                    try {
                        byte[] bArr = new byte[16];
                        this.rnd.nextBytes(bArr);
                        byteArrayWriter.write(20);
                        byteArrayWriter.write(bArr);
                        generateAlgorithms();
                        if (this.enableExtensionCapability) {
                            this.localKeyExchanges += ",ext-info-s";
                        }
                        if (!this.completedFirstKeyExchange) {
                            this.localKeyExchanges += ",kex-strict-s-v00@openssh.com";
                        }
                        byteArrayWriter.writeString(this.localKeyExchanges);
                        byteArrayWriter.writeString(this.localPublicKeys);
                        byteArrayWriter.writeString(this.localCiphersCS);
                        byteArrayWriter.writeString(this.localCiphersSC);
                        byteArrayWriter.writeString(this.localMacsCS);
                        byteArrayWriter.writeString(this.localMacsSC);
                        byteArrayWriter.writeString(this.localCompressionsCS);
                        byteArrayWriter.writeString(this.localCompressionsSC);
                        byteArrayWriter.writeInt(0);
                        byteArrayWriter.writeInt(0);
                        byteArrayWriter.write(0);
                        byteArrayWriter.writeInt(0);
                        this.localkex = byteArrayWriter.toByteArray();
                        this.kexQueue.clear();
                        postMessage(new SshMessage() { // from class: com.maverick.sshd.TransportProtocol.8
                            @Override // com.maverick.sshd.SshMessage
                            public void writeMessageIntoBuffer(ByteBuffer byteBuffer) {
                                byteBuffer.put(TransportProtocol.this.localkex);
                            }

                            @Override // com.maverick.sshd.SshMessage
                            public void messageSent() {
                                if (TransportProtocol.log.isDebugEnabled()) {
                                    TransportProtocol.log.debug("Sent SSH_MSG_KEX_INIT");
                                }
                            }
                        }, true);
                        byteArrayWriter.close();
                    } catch (Throwable th) {
                        byteArrayWriter.close();
                        throw th;
                    }
                }
            }
        } catch (IOException e) {
            disconnect(2, "Failed to create SSH_MSG_KEX_INIT");
        }
    }

    public String getCipherCS() {
        return this.cipherCS;
    }

    public String getCipherSC() {
        return this.cipherSC;
    }

    public String getMacCS() {
        return this.macCS;
    }

    public String getMacSC() {
        return this.macSC;
    }

    public String getCompressionCS() {
        return this.compressionCS;
    }

    public String getCompressionSC() {
        return this.compressionSC;
    }

    public String getKeyExchange() {
        return this.keyExchangeAlg;
    }

    private String checkValidString(String str, String str2) throws IOException {
        if (str2.trim().equals("")) {
            throw new IOException("Client sent invalid " + str + " value '" + str2 + "'");
        }
        if (new StringTokenizer(str2, ",").hasMoreElements()) {
            return str2;
        }
        throw new IOException("Client sent invalid " + str + " value '" + str2 + "'");
    }

    public void addOutgoingTask(ConnectionAwareTask connectionAwareTask) {
        this.outgoingMessages.addTask(connectionAwareTask);
    }

    public void addIncomingTask(ConnectionAwareTask connectionAwareTask) {
        this.incomingMessages.addTask(connectionAwareTask);
    }

    public void postMessage(SshMessage sshMessage) {
        if (!sshMessage.equals(this.ignoreMessage) && !(sshMessage instanceof DisconnectMessage)) {
            resetIdleState();
        }
        postMessage(sshMessage, false);
    }

    @Override // com.maverick.sshd.AbstractServerTransport
    public void postMessage(final SshMessage sshMessage, final boolean z) {
        if (z || !this.completedFirstKeyExchange) {
            doPostMessage(sshMessage, z);
        } else {
            this.outgoingMessages.addTask(new Runnable() { // from class: com.maverick.sshd.TransportProtocol.9
                @Override // java.lang.Runnable
                public void run() {
                    TransportProtocol.this.doPostMessage(sshMessage, z);
                }
            });
        }
    }

    public void doPostMessage(SshMessage sshMessage, boolean z) {
        if (log.isTraceEnabled()) {
            log.debug("Posting message " + sshMessage.getClass().getName() + " to queue");
        }
        ConcurrentLinkedQueue<SshMessage> concurrentLinkedQueue = (z && this.completedFirstKeyExchange) ? this.kexQueue : this.outgoingQueue;
        while (concurrentLinkedQueue.size() > MESSAGE_QUEUE_LIMIT) {
            synchronized (concurrentLinkedQueue) {
                if (getSocketConnection().isSelectorThread()) {
                    log.error("Outgoing write queue limit exceeded size={} limit={}", Integer.valueOf(concurrentLinkedQueue.size()), Integer.valueOf(MESSAGE_QUEUE_LIMIT));
                    forceDisconnect();
                    throw new IllegalStateException("Disconnected due to write queue threshold");
                }
                try {
                    concurrentLinkedQueue.wait(1000L);
                } catch (InterruptedException e) {
                }
            }
        }
        concurrentLinkedQueue.offer(sshMessage);
        this.socketConnection.setWriteState(true);
    }

    public byte[] makeSshKey(char c, int i) throws SshException, IOException {
        ByteArrayWriter byteArrayWriter = new ByteArrayWriter();
        try {
            Digest digest = (Digest) ComponentManager.getInstance().supportedDigests().getInstance(this.keyExchange.getHashAlgorithm());
            digest.putBigInteger(this.keyExchange.getSecret());
            digest.putBytes(this.keyExchange.getExchangeHash());
            digest.putByte((byte) c);
            digest.putBytes(this.sessionIdentifier);
            byteArrayWriter.write(digest.doFinal());
            while (byteArrayWriter.size() < i) {
                digest.reset();
                digest.putBigInteger(this.keyExchange.getSecret());
                digest.putBytes(this.keyExchange.getExchangeHash());
                digest.putBytes(byteArrayWriter.toByteArray());
                byteArrayWriter.write(digest.doFinal());
            }
            byte[] byteArray = byteArrayWriter.toByteArray();
            byteArrayWriter.close();
            return byteArray;
        } catch (Throwable th) {
            byteArrayWriter.close();
            throw th;
        }
    }

    public byte[] getSessionKey() {
        return this.sessionIdentifier;
    }

    public Connection getConnection() {
        return this.con;
    }

    public String getKeyExchangeInUse() {
        return this.keyExchangeAlg;
    }

    public String getHostKeyInUse() {
        return this.hostKeyAlg;
    }

    public void addChannelTask(ConnectionAwareTask connectionAwareTask) {
        this.channelDataMessages.addTask(connectionAwareTask);
    }
}
