package x9;

import ba.x0;
import bb.s;
import bb.u;
import bb.v;
import bb.w;
import ib.g;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.security.PublicKey;
import java.util.Collection;
import java.util.Objects;
import java.util.concurrent.TimeUnit;
import kb.f;
import lb.m0;
import lb.t;
import mb.e;

/* compiled from: DHGClient.java */
/* loaded from: classes.dex */
public class b extends x9.a {
    protected final bb.d S;
    protected bb.a T;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: DHGClient.java */
    /* loaded from: classes.dex */
    public static class a implements w {
        final /* synthetic */ bb.d E;

        a(bb.d dVar) {
            this.E = dVar;
        }

        @Override // bb.w
        public v X3(g gVar) {
            return new b(this.E, gVar);
        }

        @Override // ba.e0
        public String getName() {
            return this.E.getName();
        }

        public String toString() {
            return ba.v.class.getSimpleName() + "<" + v.class.getSimpleName() + ">[" + getName() + "]";
        }
    }

    protected b(bb.d dVar, g gVar) {
        super(gVar);
        Objects.requireNonNull(dVar, "No factory");
        this.S = dVar;
    }

    public static w C6(bb.d dVar) {
        return new a(dVar);
    }

    protected bb.a B6() {
        return this.S.O0(new Object[0]);
    }

    @Override // bb.v
    public boolean C0(int i10, mb.a aVar) {
        PublicKey publicKey;
        z9.a A6 = A6();
        if (this.E.f()) {
            this.E.A("next({})[{}] process command={}", this, A6, u.b(i10));
        }
        if (i10 != 31) {
            throw new x0(3, "Protocol error: expected packet SSH_MSG_KEXDH_REPLY, got " + u.b(i10));
        }
        byte[] r10 = aVar.r();
        byte[] w62 = w6(aVar);
        byte[] r11 = aVar.r();
        this.T.i(w62);
        this.L = this.T.f();
        PublicKey E = new e(r10).E();
        if (E instanceof ja.w) {
            ja.w wVar = (ja.w) E;
            PublicKey I = wVar.I();
            try {
                D6(A6, wVar);
                publicKey = E;
            } catch (x0 e10) {
                if (ac.d.f182q.p4(A6).booleanValue()) {
                    throw e10;
                }
                publicKey = wVar.I();
                this.E.T("Ignoring invalid certificate {}", wVar.getId(), e10);
            }
            E = I;
        } else {
            publicKey = E;
        }
        String w10 = A6.w(s.SERVERKEYS);
        if (t.o(w10)) {
            throw new x0("Unsupported server key type: " + E.getAlgorithm() + "[" + E.getFormat() + "]");
        }
        e eVar = new e();
        eVar.W(this.H);
        eVar.W(this.G);
        eVar.W(this.J);
        eVar.W(this.I);
        eVar.W(r10);
        eVar.b0(p6());
        eVar.b0(w62);
        eVar.b0(this.L);
        this.K.update(eVar.e(), 0, eVar.available());
        this.M = this.K.d();
        f fVar = (f) m0.f(ba.u.a(A6.x0(), w10), "No verifier located for algorithm=%s", w10);
        fVar.Z0(A6, E);
        fVar.e3(A6, this.M);
        if (fVar.W1(A6, r11)) {
            A6.P9(publicKey);
            return true;
        }
        throw new x0(3, "KeyExchange signature verification failed for key type=" + w10);
    }

    protected void D6(g gVar, ja.w wVar) {
        PublicKey O = wVar.O();
        String x10 = ja.u.x(O);
        String id2 = wVar.getId();
        String F = wVar.F();
        if (t.o(F) || !"ssh-rsa".equals(ja.u.o(F))) {
            throw new x0(3, "Found invalid signature alg " + F + " for key ID=" + id2);
        }
        if (this.E.f()) {
            this.E.A("verifyCertificate({})[id={}] Allowing to use variant {} instead of {}", gVar, id2, F, x10);
        }
        f fVar = (f) m0.g(ba.u.a(gVar.x0(), F), "No KeyExchange CA verifier located for algorithm=%s of key ID=%s", F, id2);
        fVar.Z0(gVar, O);
        fVar.e3(gVar, wVar.l());
        if (!fVar.W1(gVar, wVar.getSignature())) {
            throw new x0(3, "KeyExchange CA signature verification failed for key type=" + F + " of key ID=" + id2);
        }
        if (wVar.getType() != 2) {
            throw new x0(3, "KeyExchange signature verification failed, not a host key (2) " + wVar.getType() + " for key ID=" + id2);
        }
        long seconds = TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis());
        if (wVar.i() > seconds || seconds >= wVar.y()) {
            throw new x0(3, "KeyExchange signature verification failed, CA expired " + wVar.B() + " - " + wVar.K() + " for key ID=" + id2);
        }
        SocketAddress e22 = A6().e2();
        if (e22 instanceof vb.d) {
            e22 = ((vb.d) e22).H();
        }
        if (!(e22 instanceof InetSocketAddress)) {
            throw new x0(3, "KeyExchange signature verification failed, could not determine connect host for key ID=" + id2);
        }
        String hostString = ((InetSocketAddress) e22).getHostString();
        Collection<String> V = wVar.V();
        if (t.q(V) || !V.contains(hostString)) {
            throw new x0(3, "KeyExchange signature verification failed, invalid principal " + hostString + " for key ID=" + id2 + " - allowed=" + V);
        }
        if (t.q(wVar.w())) {
            return;
        }
        throw new x0(3, "KeyExchange signature verification failed, unrecognized critical options " + wVar.w() + " for key ID=" + id2);
    }

    @Override // cb.a, bb.v
    public void M(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) {
        super.M(bArr, bArr2, bArr3, bArr4);
        bb.a B6 = B6();
        this.T = B6;
        qa.c e10 = B6.e();
        this.K = e10;
        e10.n3();
        byte[] v62 = v6(this.T.d());
        g session = getSession();
        if (this.E.f()) {
            this.E.e("init({})[{}] Send SSH_MSG_KEXDH_INIT", this, session);
        }
        mb.a q12 = session.q1((byte) 30, v62.length + 32);
        q12.b0(v62);
        session.k(q12);
    }

    @Override // ba.e0
    public final String getName() {
        return this.S.getName();
    }
}
