package com.sshtools.server.components.jce;

import com.sshtools.common.logger.Log;
import com.sshtools.common.ssh.SecurityLevel;
import com.sshtools.common.ssh.SshException;
import com.sshtools.common.ssh.SshIOException;
import com.sshtools.common.ssh.components.ComponentManager;
import com.sshtools.common.ssh.components.Digest;
import com.sshtools.common.ssh.components.SshKeyExchangeLegacy;
import com.sshtools.common.ssh.components.SshPrivateKey;
import com.sshtools.common.ssh.components.SshPublicKey;
import com.sshtools.common.ssh.components.jce.Curve25519;
import com.sshtools.common.ssh.components.jce.JCEComponentManager;
import com.sshtools.common.sshd.SshMessage;
import com.sshtools.common.util.ByteArrayReader;
import com.sshtools.common.util.ByteArrayWriter;
import com.sshtools.server.SshServerContext;
import com.sshtools.server.components.SshKeyExchangeServer;
import com.sshtools.synergy.ssh.SshTransport;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;

/* loaded from: input_file:com/sshtools/server/components/jce/Curve25519SHA256LibSshServer.class */
public class Curve25519SHA256LibSshServer extends SshKeyExchangeServer implements SshKeyExchangeLegacy {
    public static final int SSH_MSG_KEX_ECDH_INIT = 30;
    public static final int SSH_MSG_KEX_ECDH_REPLY = 31;
    public static final String CURVE25519_SHA2_AT_LIBSSH_ORG = "curve25519-sha256@libssh.org";
    public final String name;
    byte[] f;
    byte[] privateKey;
    byte[] e;
    String clientId;
    String serverId;
    byte[] clientKexInit;
    byte[] serverKexInit;

    public Curve25519SHA256LibSshServer() {
        this(CURVE25519_SHA2_AT_LIBSSH_ORG);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Curve25519SHA256LibSshServer(String str) {
        super("SHA-256", SecurityLevel.PARANOID, 5000);
        this.name = str;
    }

    @Override // com.sshtools.server.components.SshKeyExchangeServer
    public String getAlgorithm() {
        return this.name;
    }

    public String getProvider() {
        return "";
    }

    protected void calculateExchangeHash() throws SshException {
        Digest digest = (Digest) ComponentManager.getInstance().supportedDigests().getInstance(getHashAlgorithm());
        digest.putString(this.clientId);
        digest.putString(this.serverId);
        digest.putInt(this.clientKexInit.length);
        digest.putBytes(this.clientKexInit);
        digest.putInt(this.serverKexInit.length);
        digest.putBytes(this.serverKexInit);
        digest.putInt(this.hostKey.length);
        digest.putBytes(this.hostKey);
        digest.putInt(this.e.length);
        digest.putBytes(this.e);
        digest.putInt(this.f.length);
        digest.putBytes(this.f);
        digest.putBigInteger(this.secret);
        this.exchangeHash = digest.doFinal();
    }

    public void init(SshTransport<SshServerContext> sshTransport, String str, String str2, byte[] bArr, byte[] bArr2, SshPrivateKey sshPrivateKey, SshPublicKey sshPublicKey, boolean z, boolean z2) throws IOException, SshException {
        try {
            this.transport = sshTransport;
            this.clientId = str;
            this.serverId = str2;
            this.clientKexInit = bArr;
            this.serverKexInit = bArr2;
            this.hostKey = sshPublicKey.getEncoded();
            this.prvkey = sshPrivateKey;
            this.pubkey = sshPublicKey;
            this.firstPacketFollows = z;
            this.useFirstPacket = z2;
        } catch (SshException e) {
            throw new SshIOException(e);
        }
    }

    private void initCrypto() throws InvalidKeyException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, SshException {
        this.f = new byte[32];
        this.privateKey = new byte[32];
        JCEComponentManager.getSecureRandom().nextBytes(this.privateKey);
        Curve25519.keygen(this.f, (byte[]) null, this.privateKey);
    }

    public void test() {
        try {
            initCrypto();
        } catch (Throwable th) {
            throw new IllegalStateException(th.getMessage(), th);
        }
    }

    @Override // com.sshtools.server.components.SshKeyExchangeServer
    public boolean processMessage(byte[] bArr) throws SshException, IOException {
        if (bArr[0] != 30) {
            return false;
        }
        if (this.firstPacketFollows && !this.useFirstPacket) {
            if (Log.isDebugEnabled()) {
                Log.debug("Client attempted to guess the kex in use but we determined it was wrong so we're waiting for another SSH_MSG_KEX_ECDH_INIT", new Object[0]);
            }
            this.firstPacketFollows = false;
            return true;
        }
        ByteArrayReader byteArrayReader = new ByteArrayReader(bArr, 1, bArr.length - 1);
        try {
            try {
                initCrypto();
                this.e = byteArrayReader.readBinaryString();
                byte[] bArr2 = new byte[32];
                Curve25519.curve(bArr2, this.privateKey, this.e);
                this.secret = new BigInteger(1, bArr2);
                byteArrayReader.close();
                calculateExchangeHash();
                this.signature = this.prvkey.sign(this.exchangeHash, this.pubkey.getSigningAlgorithm());
                this.transport.postMessage(new SshMessage() { // from class: com.sshtools.server.components.jce.Curve25519SHA256LibSshServer.1
                    public boolean writeMessageIntoBuffer(ByteBuffer byteBuffer) {
                        ByteArrayWriter byteArrayWriter = new ByteArrayWriter();
                        try {
                            try {
                                byteBuffer.put((byte) 31);
                                byteBuffer.putInt(Curve25519SHA256LibSshServer.this.hostKey.length);
                                byteBuffer.put(Curve25519SHA256LibSshServer.this.hostKey);
                                byte[] bArr3 = Curve25519SHA256LibSshServer.this.f;
                                byteBuffer.putInt(bArr3.length);
                                byteBuffer.put(bArr3);
                                byteArrayWriter.writeString(Curve25519SHA256LibSshServer.this.pubkey.getSigningAlgorithm());
                                byteArrayWriter.writeBinaryString(Curve25519SHA256LibSshServer.this.signature);
                                byte[] byteArray = byteArrayWriter.toByteArray();
                                byteBuffer.putInt(byteArray.length);
                                byteBuffer.put(byteArray);
                                try {
                                    return true;
                                } catch (IOException e) {
                                    return true;
                                }
                            } catch (IOException e2) {
                                Curve25519SHA256LibSshServer.this.transport.disconnect(3, "Could not read host key");
                                try {
                                    byteArrayWriter.close();
                                    return true;
                                } catch (IOException e3) {
                                    return true;
                                }
                            }
                        } finally {
                            try {
                                byteArrayWriter.close();
                            } catch (IOException e4) {
                            }
                        }
                    }

                    public void messageSent(Long l) {
                        if (Log.isDebugEnabled()) {
                            Log.debug("Sent SSH_MSG_KEX_ECDH_REPLY", new Object[0]);
                        }
                    }
                }, true);
                this.transport.sendNewKeys();
                return true;
            } catch (Exception e) {
                throw new SshException(9, e);
            }
        } catch (Throwable th) {
            byteArrayReader.close();
            throw th;
        }
    }
}
