package com.maverick.sshd.components.jce.server;

import com.maverick.ssh.SecurityLevel;
import com.maverick.ssh.SshException;
import com.maverick.ssh.SshIOException;
import com.maverick.ssh.components.ComponentManager;
import com.maverick.ssh.components.DiffieHellmanGroups;
import com.maverick.ssh.components.Digest;
import com.maverick.ssh.components.SshPrivateKey;
import com.maverick.ssh.components.SshPublicKey;
import com.maverick.ssh.components.jce.AbstractKeyExchange;
import com.maverick.ssh.components.jce.JCEProvider;
import com.maverick.sshd.AbstractServerTransport;
import com.maverick.sshd.SshMessage;
import com.maverick.sshd.components.SshKeyExchangeServer;
import com.maverick.util.ByteArrayReader;
import com.maverick.util.ByteArrayWriter;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import javax.crypto.KeyAgreement;
import javax.crypto.interfaces.DHPublicKey;
import javax.crypto.spec.DHParameterSpec;
import javax.crypto.spec.DHPublicKeySpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/maverick/sshd/components/jce/server/DiffieHellmanGroup.class */
public class DiffieHellmanGroup extends SshKeyExchangeServer implements AbstractKeyExchange {
    static final int SSH_MSG_KEXDH_INIT = 30;
    static final int SSH_MSG_KEXDH_REPLY = 31;
    BigInteger e;
    BigInteger f;
    KeyPairGenerator dhKeyPairGen;
    KeyAgreement dhKeyAgreement;
    KeyFactory dhKeyFactory;
    KeyPair dhKeyPair;
    final BigInteger group;
    final String algorithmName;
    static Logger log = LoggerFactory.getLogger(DiffieHellmanGroup.class);
    static final BigInteger ONE = BigInteger.valueOf(1);
    static final BigInteger TWO = BigInteger.valueOf(2);
    static final BigInteger g = TWO;

    /* JADX INFO: Access modifiers changed from: protected */
    public DiffieHellmanGroup(String str, String str2, BigInteger bigInteger, SecurityLevel securityLevel, int i) {
        super(str2, securityLevel, i);
        this.e = null;
        this.f = null;
        this.algorithmName = str;
        this.group = bigInteger;
    }

    @Override // com.maverick.sshd.components.SshKeyExchangeServer
    public String getAlgorithm() {
        return this.algorithmName;
    }

    public void test() {
        try {
            ComponentManager.getInstance().supportedDigests().getInstance(getHashAlgorithm());
            initCrypto();
        } catch (Throwable th) {
            throw new IllegalStateException(th.getMessage(), th);
        }
    }

    void initCrypto() throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException {
        this.dhKeyFactory = JCEProvider.getDHKeyFactory();
        this.dhKeyPairGen = JCEProvider.getDHKeyGenerator();
        this.dhKeyAgreement = JCEProvider.getDHKeyAgreement();
        this.dhKeyPairGen.initialize(new DHParameterSpec(this.group, g));
        this.dhKeyPair = this.dhKeyPairGen.generateKeyPair();
        this.dhKeyAgreement.init(this.dhKeyPair.getPrivate());
    }

    @Override // com.maverick.sshd.components.SshKeyExchangeServer
    public void init(AbstractServerTransport abstractServerTransport, String str, String str2, byte[] bArr, byte[] bArr2, SshPrivateKey sshPrivateKey, SshPublicKey sshPublicKey, boolean z, boolean z2) throws IOException {
        this.clientId = str;
        this.serverId = str2;
        this.clientKexInit = bArr;
        this.serverKexInit = bArr2;
        this.prvkey = sshPrivateKey;
        this.pubkey = sshPublicKey;
        this.firstPacketFollows = z;
        this.useFirstPacket = z2;
        this.transport = abstractServerTransport;
        int i = 3;
        while (i != 0) {
            try {
                initCrypto();
                i--;
                this.f = ((DHPublicKey) this.dhKeyPair.getPublic()).getY();
                if (DiffieHellmanGroups.verifyParameters(this.f, this.group)) {
                    return;
                }
            } catch (Exception e) {
                throw new IOException("JCE does not support " + getAlgorithm() + " key exchange");
            }
        }
        abstractServerTransport.disconnect(3, "Failed to generate key exchange value");
        throw new SshIOException(new SshException("Key exchange failed to generate f value", 5));
    }

    public String getProvider() {
        return this.dhKeyAgreement != null ? this.dhKeyAgreement.getProvider().getName() : "";
    }

    @Override // com.maverick.sshd.components.SshKeyExchangeServer
    public boolean processMessage(byte[] bArr) throws SshException, IOException {
        switch (bArr[0]) {
            case 30:
                if (log.isDebugEnabled()) {
                    log.debug("Processing SSH_MSG_KEXDH_INIT");
                }
                if (this.firstPacketFollows && !this.useFirstPacket) {
                    if (log.isDebugEnabled()) {
                        log.debug("Client attempted to guess the kex in use but we determined it was wrong so we're waiting for another SSH_MSG_KEXDH_INIT");
                    }
                    this.firstPacketFollows = false;
                    return true;
                }
                ByteArrayReader byteArrayReader = new ByteArrayReader(bArr);
                byteArrayReader.skip(1L);
                this.e = byteArrayReader.readBigInteger();
                if (!DiffieHellmanGroups.verifyParameters(this.e, this.group)) {
                    throw new SshException(String.format("Key exchange detected invalid e value %s", this.e.toString(16)), 3);
                }
                try {
                    this.dhKeyAgreement.doPhase((DHPublicKey) this.dhKeyFactory.generatePublic(new DHPublicKeySpec(this.e, this.group, g)), true);
                    byte[] generateSecret = this.dhKeyAgreement.generateSecret();
                    if ((generateSecret[0] & 128) == 128) {
                        byte[] bArr2 = new byte[generateSecret.length + 1];
                        System.arraycopy(generateSecret, 0, bArr2, 1, generateSecret.length);
                        generateSecret = bArr2;
                    }
                    this.secret = new BigInteger(generateSecret);
                    if (!DiffieHellmanGroups.verifyParameters(this.secret, this.group)) {
                        throw new SshException(String.format("Key exchange detected invalid k value %s", this.e.toString(16)), 3);
                    }
                    this.hostKey = this.pubkey.getEncoded();
                    calculateExchangeHash();
                    this.signature = this.prvkey.sign(this.exchangeHash, this.pubkey.getSigningAlgorithm());
                    if (log.isDebugEnabled()) {
                        log.debug("Verifying signature output to mitigate passive SSH key compromise vulnerability");
                    }
                    if (!this.pubkey.verifySignature(this.signature, this.exchangeHash)) {
                        throw new SshException(57349, "Detected invalid signautre from private key!");
                    }
                    this.transport.postMessage(new SshMessage() { // from class: com.maverick.sshd.components.jce.server.DiffieHellmanGroup.1
                        @Override // com.maverick.sshd.SshMessage
                        public void writeMessageIntoBuffer(ByteBuffer byteBuffer) {
                            ByteArrayWriter byteArrayWriter = new ByteArrayWriter();
                            try {
                                try {
                                    byteBuffer.put((byte) 31);
                                    byteBuffer.putInt(DiffieHellmanGroup.this.hostKey.length);
                                    byteBuffer.put(DiffieHellmanGroup.this.hostKey);
                                    byte[] byteArray = DiffieHellmanGroup.this.f.toByteArray();
                                    byteBuffer.putInt(byteArray.length);
                                    byteBuffer.put(byteArray);
                                    byteArrayWriter.writeString(DiffieHellmanGroup.this.pubkey.getSigningAlgorithm());
                                    byteArrayWriter.writeBinaryString(DiffieHellmanGroup.this.signature);
                                    byte[] byteArray2 = byteArrayWriter.toByteArray();
                                    byteBuffer.putInt(byteArray2.length);
                                    byteBuffer.put(byteArray2);
                                    try {
                                        byteArrayWriter.close();
                                    } catch (IOException e) {
                                    }
                                } catch (IOException e2) {
                                    DiffieHellmanGroup.this.transport.disconnect(3, "Could not read host key");
                                    try {
                                        byteArrayWriter.close();
                                    } catch (IOException e3) {
                                    }
                                }
                            } catch (Throwable th) {
                                try {
                                    byteArrayWriter.close();
                                } catch (IOException e4) {
                                }
                                throw th;
                            }
                        }

                        @Override // com.maverick.sshd.SshMessage
                        public void messageSent() {
                            if (DiffieHellmanGroup.log.isDebugEnabled()) {
                                DiffieHellmanGroup.log.debug("Sent SSH_MSG_KEXDH_REPLY");
                            }
                        }
                    }, true);
                    this.transport.sendNewKeys();
                    return true;
                } catch (Exception e) {
                    throw new SshException(e);
                }
            default:
                return false;
        }
    }

    protected void calculateExchangeHash() throws SshException {
        Digest digest = (Digest) ComponentManager.getInstance().supportedDigests().getInstance(getHashAlgorithm());
        digest.putString(this.clientId);
        digest.putString(this.serverId);
        digest.putInt(this.clientKexInit.length);
        digest.putBytes(this.clientKexInit);
        digest.putInt(this.serverKexInit.length);
        digest.putBytes(this.serverKexInit);
        digest.putInt(this.hostKey.length);
        digest.putBytes(this.hostKey);
        digest.putBigInteger(this.e);
        digest.putBigInteger(this.f);
        digest.putBigInteger(this.secret);
        this.exchangeHash = digest.doFinal();
    }
}
