package ch.ethz.ssh2.transport;

import ch.ethz.ssh2.ConnectionInfo;
import ch.ethz.ssh2.auth.ServerAuthenticationManager;
import ch.ethz.ssh2.crypto.cipher.BlockCipherFactory;
import ch.ethz.ssh2.crypto.dh.DhExchange;
import ch.ethz.ssh2.crypto.digest.MAC;
import ch.ethz.ssh2.packets.PacketKexDHInit;
import ch.ethz.ssh2.packets.PacketKexDHReply;
import ch.ethz.ssh2.packets.PacketKexInit;
import ch.ethz.ssh2.server.ServerConnectionState;
import ch.ethz.ssh2.signature.DSASHA1Verify;
import ch.ethz.ssh2.signature.RSASHA1Verify;
import java.io.IOException;

/* loaded from: classes.dex */
public class ServerKexManager extends KexManager {

    /* renamed from: a, reason: collision with root package name */
    private final ServerConnectionState f1868a;

    /* renamed from: b, reason: collision with root package name */
    private boolean f1869b;

    public ServerKexManager(ServerConnectionState serverConnectionState) {
        super(serverConnectionState.tm, serverConnectionState.csh, serverConnectionState.next_cryptoWishList, serverConnectionState.generator);
        this.f1869b = false;
        this.f1868a = serverConnectionState;
    }

    @Override // ch.ethz.ssh2.transport.MessageHandler
    public void handleMessage(byte[] bArr, int i) {
        if (bArr == null) {
            synchronized (this.j) {
                this.l = true;
                this.j.notifyAll();
            }
            return;
        }
        if (this.e == null && bArr[0] != 20) {
            throw new IOException("Unexpected KEX message (type " + ((int) bArr[0]) + ")");
        }
        if (this.m) {
            this.m = false;
            return;
        }
        if (bArr[0] == 20) {
            if (this.e != null && this.e.state != 0) {
                throw new IOException("Unexpected SSH_MSG_KEXINIT message during on-going kex exchange!");
            }
            if (this.e == null) {
                this.e = new KexState();
                this.e.local_dsa_key = this.q;
                this.e.local_rsa_key = this.r;
                this.e.dhgexParameters = this.p;
                PacketKexInit packetKexInit = new PacketKexInit(this.o, this.s);
                this.e.localKEX = packetKexInit;
                this.n.sendKexMessage(packetKexInit.getPayload());
            }
            this.e.remoteKEX = new PacketKexInit(bArr, 0, i);
            this.e.np = a(this.e.remoteKEX.getKexParameters(), this.e.localKEX.getKexParameters());
            if (this.e.np == null) {
                throw new IOException("Cannot negotiate, proposals do not match.");
            }
            if (this.e.remoteKEX.isFirst_kex_packet_follows() && !this.e.np.guessOK) {
                this.m = true;
            }
            if (!this.e.np.kex_algo.equals("diffie-hellman-group1-sha1") && !this.e.np.kex_algo.equals("diffie-hellman-group14-sha1")) {
                throw new IllegalStateException("Unkown KEX method!");
            }
            this.e.dhx = new DhExchange();
            if (this.e.np.kex_algo.equals("diffie-hellman-group1-sha1")) {
                this.e.dhx.serverInit(1, this.s);
            } else {
                this.e.dhx.serverInit(14, this.s);
            }
            this.e.state = 1;
            return;
        }
        if (bArr[0] == 21) {
            if (this.g == null) {
                throw new IOException("Peer sent SSH_MSG_NEWKEYS, but I have no key material ready!");
            }
            try {
                this.n.changeRecvCipher(BlockCipherFactory.createCipher(this.e.np.enc_algo_client_to_server, false, this.g.enc_key_client_to_server, this.g.initial_iv_client_to_server), new MAC(this.e.np.mac_algo_client_to_server, this.g.integrity_key_client_to_server));
                ConnectionInfo connectionInfo = new ConnectionInfo();
                this.f++;
                connectionInfo.keyExchangeAlgorithm = this.e.np.kex_algo;
                connectionInfo.keyExchangeCounter = this.f;
                connectionInfo.clientToServerCryptoAlgorithm = this.e.np.enc_algo_client_to_server;
                connectionInfo.serverToClientCryptoAlgorithm = this.e.np.enc_algo_server_to_client;
                connectionInfo.clientToServerMACAlgorithm = this.e.np.mac_algo_client_to_server;
                connectionInfo.serverToClientMACAlgorithm = this.e.np.mac_algo_server_to_client;
                connectionInfo.serverHostKeyAlgorithm = this.e.np.server_host_key_algo;
                connectionInfo.serverHostKey = this.e.remote_hostkey;
                synchronized (this.j) {
                    this.k = connectionInfo;
                    this.j.notifyAll();
                }
                this.e = null;
                return;
            } catch (IllegalArgumentException e) {
                throw new IOException("Fatal error during MAC startup!");
            }
        }
        if (this.e == null || this.e.state == 0) {
            throw new IOException("Unexpected Kex submessage!");
        }
        if ((!this.e.np.kex_algo.equals("diffie-hellman-group1-sha1") && !this.e.np.kex_algo.equals("diffie-hellman-group14-sha1")) || this.e.state != 1) {
            throw new IllegalStateException("Unkown KEX method! (" + this.e.np.kex_algo + ")");
        }
        this.e.dhx.setE(new PacketKexDHInit(bArr, 0, i).getE());
        byte[] bArr2 = (byte[]) null;
        if (this.e.np.server_host_key_algo.equals("ssh-rsa")) {
            bArr2 = RSASHA1Verify.encodeSSHRSAPublicKey(this.e.local_rsa_key.getPublicKey());
        }
        byte[] encodeSSHDSAPublicKey = this.e.np.server_host_key_algo.equals("ssh-dss") ? DSASHA1Verify.encodeSSHDSAPublicKey(this.e.local_dsa_key.getPublicKey()) : bArr2;
        try {
            this.e.H = this.e.dhx.calculateH(this.i.getClientString(), this.i.getServerString(), this.e.remoteKEX.getPayload(), this.e.localKEX.getPayload(), encodeSSHDSAPublicKey);
            this.e.K = this.e.dhx.getK();
            byte[] bArr3 = (byte[]) null;
            if (this.e.np.server_host_key_algo.equals("ssh-rsa")) {
                bArr3 = RSASHA1Verify.encodeSSHRSASignature(RSASHA1Verify.generateSignature(this.e.H, this.e.local_rsa_key));
            }
            if (this.e.np.server_host_key_algo.equals("ssh-dss")) {
                bArr3 = DSASHA1Verify.encodeSSHDSASignature(DSASHA1Verify.generateSignature(this.e.H, this.e.local_dsa_key, this.s));
            }
            this.n.sendKexMessage(new PacketKexDHReply(encodeSSHDSAPublicKey, this.e.dhx.getF(), bArr3).getPayload());
            a(false);
            this.e.state = -1;
            if (this.f1869b) {
                return;
            }
            this.f1869b = true;
            this.f1868a.am = new ServerAuthenticationManager(this.f1868a);
        } catch (IllegalArgumentException e2) {
            throw new IOException("KEX error.", e2);
        }
    }
}
