package v9;

import aa.x0;
import ab.s;
import ab.u;
import ab.v;
import ab.w;
import hb.g;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.security.PublicKey;
import java.util.Collection;
import java.util.Objects;
import java.util.concurrent.TimeUnit;
import jb.f;
import kb.n0;
import kb.t;
import lb.e;

/* compiled from: DHGClient.java */
/* loaded from: classes.dex */
public class b extends v9.a {
    protected final ab.d X;
    protected ab.a Y;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* compiled from: DHGClient.java */
    /* loaded from: classes.dex */
    public static class a implements w {
        final /* synthetic */ ab.d J;

        a(ab.d dVar) {
            this.J = dVar;
        }

        @Override // ab.w
        public v B4(g gVar) {
            return new b(this.J, gVar);
        }

        @Override // aa.e0
        public String getName() {
            return this.J.getName();
        }

        public String toString() {
            return aa.v.class.getSimpleName() + "<" + v.class.getSimpleName() + ">[" + getName() + "]";
        }
    }

    protected b(ab.d dVar, g gVar) {
        super(gVar);
        Objects.requireNonNull(dVar, "No factory");
        this.X = dVar;
    }

    public static w v7(ab.d dVar) {
        return new a(dVar);
    }

    @Override // ab.v
    public boolean L1(int i10, lb.a aVar) {
        PublicKey publicKey;
        x9.a t72 = t7();
        if (this.J.e()) {
            this.J.z("next({})[{}] process command={}", this, t72, u.b(i10));
        }
        if (i10 != 31) {
            throw new x0(3, "Protocol error: expected packet SSH_MSG_KEXDH_REPLY, got " + u.b(i10));
        }
        byte[] u10 = aVar.u();
        byte[] p72 = p7(aVar);
        byte[] u11 = aVar.u();
        this.Y.i(p72);
        this.Q = this.Y.f();
        PublicKey K = new e(u10).K();
        if (K instanceof ia.w) {
            ia.w wVar = (ia.w) K;
            PublicKey H = wVar.H();
            try {
                w7(t72, wVar);
                publicKey = K;
            } catch (x0 e10) {
                if (ac.d.f616q.r5(t72).booleanValue()) {
                    throw e10;
                }
                publicKey = wVar.H();
                this.J.S("Ignoring invalid certificate {}", wVar.getId(), e10);
            }
            K = H;
        } else {
            publicKey = K;
        }
        String Q5 = t72.Q5(s.SERVERKEYS);
        if (t.q(Q5)) {
            throw new x0("Unsupported server key type: " + K.getAlgorithm() + "[" + K.getFormat() + "]");
        }
        e eVar = new e();
        eVar.c0(this.M);
        eVar.c0(this.L);
        eVar.c0(this.O);
        eVar.c0(this.N);
        eVar.c0(u10);
        eVar.j0(i7());
        eVar.j0(p72);
        eVar.j0(this.Q);
        this.P.update(eVar.g(), 0, eVar.available());
        this.R = this.P.e();
        f fVar = (f) n0.f(aa.u.a(t72.F0(), Q5), "No verifier located for algorithm=%s", Q5);
        fVar.v4(t72, K);
        fVar.Z2(t72, this.R);
        if (fVar.O1(t72, u11)) {
            t72.Ha(publicKey);
            return true;
        }
        throw new x0(3, "KeyExchange signature verification failed for key type=" + Q5);
    }

    @Override // bb.a, ab.v
    public void T(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) {
        super.T(bArr, bArr2, bArr3, bArr4);
        ab.a u72 = u7();
        this.Y = u72;
        pa.c e10 = u72.e();
        this.P = e10;
        e10.B3();
        byte[] o72 = o7(this.Y.d());
        g session = getSession();
        if (this.J.e()) {
            this.J.d("init({})[{}] Send SSH_MSG_KEXDH_INIT", this, session);
        }
        lb.a D1 = session.D1((byte) 30, o72.length + 32);
        D1.j0(o72);
        session.v(D1);
    }

    @Override // aa.e0
    public final String getName() {
        return this.X.getName();
    }

    protected ab.a u7() {
        return this.X.Y0(new Object[0]);
    }

    protected void w7(g gVar, ia.w wVar) {
        PublicKey P = wVar.P();
        String x10 = ia.u.x(P);
        String id2 = wVar.getId();
        String D = wVar.D();
        if (t.q(D) || !"ssh-rsa".equals(ia.u.o(D))) {
            throw new x0(3, "Found invalid signature alg " + D + " for key ID=" + id2);
        }
        if (this.J.e()) {
            this.J.z("verifyCertificate({})[id={}] Allowing to use variant {} instead of {}", gVar, id2, D, x10);
        }
        f fVar = (f) n0.g(aa.u.a(gVar.F0(), D), "No KeyExchange CA verifier located for algorithm=%s of key ID=%s", D, id2);
        fVar.v4(gVar, P);
        fVar.Z2(gVar, wVar.n());
        if (!fVar.O1(gVar, wVar.getSignature())) {
            throw new x0(3, "KeyExchange CA signature verification failed for key type=" + D + " of key ID=" + id2);
        }
        if (wVar.getType() != 2) {
            throw new x0(3, "KeyExchange signature verification failed, not a host key (2) " + wVar.getType() + " for key ID=" + id2);
        }
        long seconds = TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis());
        if (wVar.l() > seconds || seconds >= wVar.x()) {
            throw new x0(3, "KeyExchange signature verification failed, CA expired " + wVar.B() + " - " + wVar.N() + " for key ID=" + id2);
        }
        SocketAddress w22 = t7().w2();
        if (w22 instanceof vb.d) {
            w22 = ((vb.d) w22).I();
        }
        if (!(w22 instanceof InetSocketAddress)) {
            throw new x0(3, "KeyExchange signature verification failed, could not determine connect host for key ID=" + id2);
        }
        String hostString = ((InetSocketAddress) w22).getHostString();
        Collection<String> W = wVar.W();
        if (t.s(W) || !W.contains(hostString)) {
            throw new x0(3, "KeyExchange signature verification failed, invalid principal " + hostString + " for key ID=" + id2 + " - allowed=" + W);
        }
        if (t.s(wVar.v())) {
            return;
        }
        throw new x0(3, "KeyExchange signature verification failed, unrecognized critical options " + wVar.v() + " for key ID=" + id2);
    }
}
