package net.schmizz.sshj.transport.kex;

import com.hierynomus.sshj.userauth.certificate.Certificate;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.util.Arrays;
import net.schmizz.sshj.common.Buffer;
import net.schmizz.sshj.common.DisconnectReason;
import net.schmizz.sshj.common.IOUtils;
import net.schmizz.sshj.common.KeyType;
import net.schmizz.sshj.common.Message;
import net.schmizz.sshj.common.SSHException;
import net.schmizz.sshj.common.SSHPacket;
import net.schmizz.sshj.common.SSHRuntimeException;
import net.schmizz.sshj.common.SecurityUtils;
import net.schmizz.sshj.signature.AbstractSignature;
import net.schmizz.sshj.transport.TransportImpl;
import net.schmizz.sshj.transport.digest.BaseDigest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes4.dex */
public abstract class AbstractDHG extends AbstractDH {
    public final Logger log;

    public AbstractDHG(DHBase dHBase, BaseDigest baseDigest) {
        super(dHBase, baseDigest);
        this.log = LoggerFactory.getLogger(getClass());
    }

    @Override // net.schmizz.sshj.transport.kex.KeyExchangeBase
    public final void init(TransportImpl transportImpl, String str, String str2, byte[] bArr, byte[] bArr2) {
        this.trans = transportImpl;
        this.V_S = str;
        this.V_C = str2;
        this.I_S = Arrays.copyOf(bArr, bArr.length);
        this.I_C = Arrays.copyOf(bArr2, bArr2.length);
        BaseDigest baseDigest = this.digest;
        baseDigest.getClass();
        try {
            baseDigest.md = SecurityUtils.getMessageDigest(baseDigest.algorithm);
            DHBase dHBase = this.dh;
            initDH(dHBase);
            this.log.debug("Sending SSH_MSG_KEXDH_INIT");
            SSHPacket sSHPacket = new SSHPacket(Message.KEXDH_INIT);
            byte[] bArr3 = dHBase.e;
            sSHPacket.putBytes(0, bArr3.length, bArr3);
            transportImpl.write(sSHPacket);
        } catch (GeneralSecurityException e) {
            throw new SSHRuntimeException(e.getMessage(), e);
        }
    }

    public abstract void initDH(DHBase dHBase);

    @Override // net.schmizz.sshj.transport.kex.KeyExchangeBase
    public final boolean next(Message message, SSHPacket sSHPacket) {
        String str;
        String str2;
        Message message2 = Message.KEXDH_31;
        DisconnectReason disconnectReason = DisconnectReason.KEY_EXCHANGE_FAILED;
        if (message != message2) {
            throw new SSHException(disconnectReason, "Unexpected packet: " + message, null);
        }
        Logger logger = this.log;
        logger.debug("Received SSH_MSG_KEXDH_REPLY");
        try {
            byte[] readBytes = sSHPacket.readBytes();
            byte[] readBytes2 = sSHPacket.readBytes();
            byte[] readBytes3 = sSHPacket.readBytes();
            this.hostKey = new Buffer(readBytes, true).readPublicKey();
            DHBase dHBase = this.dh;
            dHBase.computeK(readBytes2);
            Buffer.PlainBuffer initializedBuffer = initializedBuffer();
            initializedBuffer.putBytes(0, readBytes.length, readBytes);
            byte[] bArr = dHBase.e;
            initializedBuffer.putBytes(0, bArr.length, bArr);
            initializedBuffer.putBytes(0, readBytes2.length, readBytes2);
            initializedBuffer.putMPInt(dHBase.K);
            byte[] bArr2 = initializedBuffer.data;
            int i2 = initializedBuffer.rpos;
            int available = initializedBuffer.available();
            BaseDigest baseDigest = this.digest;
            baseDigest.update(bArr2, i2, available);
            this.H = baseDigest.md.digest();
            AbstractSignature abstractSignature = (AbstractSignature) ((TransportImpl) this.trans).hostKeyAlgorithm.signature.create();
            PublicKey publicKey = this.hostKey;
            if (publicKey instanceof Certificate) {
                abstractSignature.initVerify(((Certificate) publicKey).publicKey);
            } else {
                abstractSignature.initVerify(publicKey);
            }
            byte[] bArr3 = this.H;
            abstractSignature.update(bArr3, bArr3.length);
            if (!abstractSignature.verify(readBytes3)) {
                throw new SSHException(disconnectReason, "KeyExchange signature verification failed", null);
            }
            if (this.hostKey instanceof Certificate) {
                ((TransportImpl) this.trans).config.getClass();
                Certificate certificate = (Certificate) this.hostKey;
                try {
                    str = new Buffer(certificate.signature, true).readString(IOUtils.UTF8);
                } catch (Buffer.BufferException unused) {
                    str = null;
                }
                try {
                    str2 = new Buffer(certificate.signatureKey, true).readString(IOUtils.UTF8);
                } catch (Buffer.BufferException unused2) {
                    str2 = null;
                }
                logger.debug("Verifying signature of the key with type {} (signature type {}, CA key type {})", Long.valueOf(certificate.type), str, str2);
                try {
                    String verifyHostCertificate = KeyType.CertUtils.verifyHostCertificate(readBytes, certificate, ((TransportImpl) this.trans).getRemoteHost());
                    if (verifyHostCertificate != null) {
                        throw new SSHException(disconnectReason, "KeyExchange certificate check failed: ".concat(verifyHostCertificate), null);
                    }
                } catch (Buffer.BufferException | SSHRuntimeException e) {
                    throw new SSHException(disconnectReason, "KeyExchange certificate check failed", e);
                }
            }
            return true;
        } catch (Buffer.BufferException e2) {
            throw new SSHException(e2);
        }
    }
}
