package com.ibm.net.ssh;

import com.ibm.as400.access.Product;
import com.ibm.as400.resource.Presentation;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateFactory;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.DSAPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.logging.Logger;
import java.util.zip.Deflater;
import java.util.zip.Inflater;
import javax.crypto.Cipher;
import javax.crypto.KeyAgreement;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.interfaces.DHPrivateKey;
import javax.crypto.interfaces.DHPublicKey;
import javax.crypto.spec.DESedeKeySpec;
import javax.crypto.spec.DHParameterSpec;
import javax.crypto.spec.DHPublicKeySpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:lib/com.ibm.ws.prereq.rxa.2.3_1.0.83.jar:com/ibm/net/ssh/KeyExchange.class */
public abstract class KeyExchange {
    private static final String COPYRIGHT = "\n\nLicensed Materials - Property of IBM\n\n(C) Copyright IBM Corp. 2005, 2012 All Rights Reserved.\n\nUS Government Users Restricted Rights - Use, duplication or\ndisclosure restricted by GSA ADP Schedule Contract with\nIBM Corp.\n\n\n";
    static final String DH_GROUP_EXCHANGE_SHA1 = "diffie-hellman-group-exchange-sha1";
    static final String DH_GROUP_EXCHANGE_SHA256 = "diffie-hellman-group-exchange-sha256";
    static final String DH_GROUP1_SHA1 = "diffie-hellman-group1-sha1";
    static final String DH_GROUP14_SHA1 = "diffie-hellman-group14-sha1";
    static final String NO_COMPRESSION = "none";
    static final String ZLIB_COMPRESSION = "zlib";
    static final int COOKIE_SIZE = 16;
    private static final int JCE_MAX_BITS = 1024;
    private static final byte R_SIZE = 20;
    private static final byte S_SIZE = 20;
    private static final byte R_S_SIZE = 40;
    private static final byte R_S_DER_SIZE = 44;
    private static final byte SEQUENCE_TAG = 48;
    private static final byte INTEGER_TAG = 2;
    protected SecureSession sshSession;
    protected ByteArrayOutputStream byteOutputStream = new ByteArrayOutputStream();
    protected byte[] clientKexInitPayload;
    protected byte[] serverKexInitPayload;
    protected BigInteger clientE;
    protected BigInteger serverF;
    protected BigInteger primeP;
    private DHPrivateKey clientDHPrivateKey;
    protected byte[] sharedSecretK;
    protected byte[] exchangeHashH;
    private byte[] sendInitialIV;
    private byte[] recvInitialIV;
    private byte[] sendEncryptionKey;
    private byte[] recvEncryptionKey;
    private byte[] sendIntegrityKey;
    private byte[] recvIntegrityKey;
    private IvParameterSpec sendIvParameterSpec;
    private IvParameterSpec recvIvParameterSpec;
    private SecretKey encryptKey;
    private SecretKey decryptKey;
    private SecretKeySpec sendMacKey;
    private SecretKeySpec recvMacKey;
    private KeyFactory serverHostKeyFactory;
    private Signature signature;
    private CertificateFactory certificateFactory;
    private Cipher encryptCipher;
    private Cipher decryptCipher;
    private Mac sendMAC;
    private Mac recvMAC;
    private Deflater sendCompression;
    private Inflater recvCompression;
    protected MessageDigest shaDigest;
    int serverHostKeyIndex;
    int encryptionIndex;
    int decryptionIndex;
    int sendMACIndex;
    int recvMACIndex;
    String[] kexAlgorithmList;
    String[] serverHostKeyAlgorithmList;
    String[] encryptionAlgorithmClientToServerList;
    String[] encryptionAlgorithmServerToClientList;
    String[] macAlgorithmClientToServerList;
    String[] macAlgorithmServerToClientList;
    String[] compressionAlgorithmClientToServerList;
    String[] compressionAlgorithmServerToClientList;
    String[] languageClientToServerList;
    String[] languageServerToClientList;
    String kexAlgorithm;
    String serverHostKeyAlgorithm;
    String encryptionAlgorithmClientToServer;
    String encryptionAlgorithmServerToClient;
    String macAlgorithmClientToServer;
    String macAlgorithmServerToClient;
    String compressionAlgorithmClientToServer;
    String compressionAlgorithmServerToClient;
    byte[] sessionIdentifier;
    PublicKey serverHostKey;
    Fingerprint fingerprint;
    static final String[] PREFERRED_KEX_ALGORITHMS = Configuration.getKexAlgorithms();
    static final String[] PREFERRED_SERVER_HOST_KEY_ALGORITHMS = Configuration.getServerHostKeyAlgorithms();
    static final String[] PREFERRED_ENCRYPTION_ALGORITHMS = Configuration.getEncryptionAlgorithms();
    static final String[] PREFERRED_MAC_ALGORITHMS = Configuration.getMacAlgorithms();
    static final String[] PREFERRED_COMPRESSION_ALGORITHMS = Configuration.getCompressionAlgorithms();
    private static final String X509V3_SIGN_RSA_HOST_KEY = "x509v3-sign-rsa";
    private static final String X509V3_SIGN_DSS_HOST_KEY = "x509v3-sign-dss";
    private static final String[][] SERVER_HOST_KEY_MAPPING = {new String[]{"ssh-rsa", "SHA1withRSA", "RSA", "K"}, new String[]{"rsa-sha2-256", "SHA256withRSA", "RSA", "K"}, new String[]{"rsa-sha2-512", "SHA512withRSA", "RSA", "K"}, new String[]{"ssh-dss", "SHA1withDSA", "DSA", "K"}, new String[]{X509V3_SIGN_RSA_HOST_KEY, "SHA1withRSA", "X.509", "C"}, new String[]{X509V3_SIGN_DSS_HOST_KEY, "SHA1withDSA", "X.509", "C"}, new String[]{"pgp-sign-rsa", "SHA1withRSA", "?", "C"}, new String[]{"pgp-sign-dss", "SHA1withDSA", "?", "C"}};
    private static final String[][] ENCRYPTION_MAPPING = {new String[]{"3des-cbc", "DESede/CBC/NoPadding", "DESede", "24"}, new String[]{"3des-ctr", "DESede/CTR/NoPadding", "DESede", "24"}, new String[]{"aes128-cbc", "AES/CBC/NoPadding", "AES", Presentation.ICON_COLOR_16x16}, new String[]{"aes128-ctr", "AES/CTR/NoPadding", "AES", Presentation.ICON_COLOR_16x16}, new String[]{"aes192-cbc", "AES/CBC/NoPadding", "AES", "24"}, new String[]{"aes192-ctr", "AES/CTR/NoPadding", "AES", "24"}, new String[]{"aes256-cbc", "AES/CBC/NoPadding", "AES", "32"}, new String[]{"aes256-ctr", "AES/CTR/NoPadding", "AES", "32"}, new String[]{"arcfour", "RC4", "RC4", Presentation.ICON_COLOR_16x16}, new String[]{"blowfish-cbc", "Blowfish/CBC/NoPadding", "Blowfish", Presentation.ICON_COLOR_16x16}, new String[]{"blowfish-ctr", "Blowfish/CTR/NoPadding", "Blowfish", Presentation.ICON_COLOR_16x16}, new String[]{"cast128-cbc", "?/CBC/NoPadding", "?", Presentation.ICON_COLOR_16x16}, new String[]{"cast128-ctr", "?/CTR/NoPadding", "?", Presentation.ICON_COLOR_16x16}, new String[]{"idea-cbc", "?/CBC/NoPadding", "?", "?"}, new String[]{"idea-ctr", "?/CTR/NoPadding", "?", "?"}, new String[]{"serpent128-cbc", "Serpent/CBC/NoPadding", "Serpent", Presentation.ICON_COLOR_16x16}, new String[]{"serpent128-ctr", "Serpent/CTR/NoPadding", "Serpent", Presentation.ICON_COLOR_16x16}, new String[]{"serpent192-cbc", "Serpent/CBC/NoPadding", "Serpent", "24"}, new String[]{"serpent192-ctr", "Serpent/CTR/NoPadding", "Serpent", "24"}, new String[]{"serpent256-cbc", "Serpent/CBC/NoPadding", "Serpent", "32"}, new String[]{"serpent256-ctr", "Serpent/CTR/NoPadding", "Serpent", "32"}, new String[]{"twofish128-cbc", "Twofish/CBC/NoPadding", "Twofish", Presentation.ICON_COLOR_16x16}, new String[]{"twofish128-ctr", "Twofish/CTR/NoPadding", "Twofish", Presentation.ICON_COLOR_16x16}, new String[]{"twofish192-cbc", "Twofish/CBC/NoPadding", "Twofish", "24"}, new String[]{"twofish192-ctr", "Twofish/CTR/NoPadding", "Twofish", "24"}, new String[]{"twofish-cbc", "Twofish/CBC/NoPadding", "Twofish", "32"}, new String[]{"twofish256-cbc", "Twofish/CBC/NoPadding", "Twofish", "32"}, new String[]{"twofish256-ctr", "Twofish/CTR/NoPadding", "Twofish", "32"}};
    private static final String[][] MAC_MAPPING = {new String[]{"hmac-sha1", "HmacSHA1", Product.LOAD_STATE_DEFINED_OBJECT_EXISTS}, new String[]{"hmac-sha1-96", "HmacSHA1", "12"}, new String[]{"hmac-md5", "HmacMD5", Presentation.ICON_COLOR_16x16}, new String[]{"hmac-md5-96", "HmacMD5", "12"}, new String[]{"hmac-ripemd160", "HMAC-RIPEMD160", Product.LOAD_STATE_DEFINED_OBJECT_EXISTS}, new String[]{"hmac-sha2-256", "HmacSHA256", "32"}, new String[]{"hmac-sha2-512", "HmacSHA512", Product.LOAD_STATE_RESTORED_DELETED}};
    protected static Logger logger = Logger.getLogger("com.ibm.net.ssh");

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:lib/com.ibm.ws.prereq.rxa.2.3_1.0.83.jar:com/ibm/net/ssh/KeyExchange$DiffHellmanPrivateKey.class */
    public static class DiffHellmanPrivateKey implements DHPrivateKey {
        private DHParameterSpec parameterSpec;
        private BigInteger x;

        private DiffHellmanPrivateKey(BigInteger bigInteger, BigInteger bigInteger2, BigInteger bigInteger3) {
            this.parameterSpec = new DHParameterSpec(bigInteger2, bigInteger3);
            this.x = bigInteger;
        }

        @Override // javax.crypto.interfaces.DHPrivateKey
        public BigInteger getX() {
            return this.x;
        }

        @Override // javax.crypto.interfaces.DHKey
        public DHParameterSpec getParams() {
            return this.parameterSpec;
        }

        @Override // java.security.Key
        public String getAlgorithm() {
            return "DiffieHellman";
        }

        @Override // java.security.Key
        public String getFormat() {
            return null;
        }

        @Override // java.security.Key
        public byte[] getEncoded() {
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public KeyExchange(SecureSession secureSession, String str, byte[] bArr, byte[] bArr2) {
        this.sshSession = secureSession;
        this.kexAlgorithm = str;
        this.serverKexInitPayload = bArr;
        this.sessionIdentifier = bArr2;
        try {
            if (str.equals(DH_GROUP_EXCHANGE_SHA256)) {
                this.shaDigest = MessageDigest.getInstance("SHA-256");
            } else {
                this.shaDigest = MessageDigest.getInstance("SHA-1");
            }
        } catch (NoSuchAlgorithmException e) {
            logger.fine("No such message digest algorithm: " + e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void sendNewKeys() throws IOException {
        this.byteOutputStream.reset();
        this.byteOutputStream.write(21);
        this.sshSession.socketChannel.write(ByteBuffer.wrap(this.byteOutputStream.toByteArray()));
    }

    private void sendServiceRequest() throws IOException {
        this.byteOutputStream.reset();
        this.byteOutputStream.write(5);
        SSHString.writeString(this.byteOutputStream, "ssh-userauth");
        this.sshSession.socketChannel.write(ByteBuffer.wrap(this.byteOutputStream.toByteArray()));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean handlePacket(int i, ByteBuffer byteBuffer) throws IOException {
        boolean z = true;
        switch (i) {
            case 20:
                handleKeyExchangeInit(byteBuffer);
                break;
            case 21:
                logger.fine("handlePacket: SSH_MSG_NEWKEYS");
                handleNewKeys();
                break;
            default:
                z = false;
                break;
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Code restructure failed: missing block: B:148:0x0630, code lost:
    
        r5.byteOutputStream.reset();
        r5.byteOutputStream.write(20);
        r0 = new byte[16];
        com.ibm.net.ssh.SSHConstants.SECURE_RANDOM.nextBytes(r0);
        r5.byteOutputStream.write(r0, 0, r0.length);
        com.ibm.net.ssh.SSHString.writeString(r5.byteOutputStream, r5.kexAlgorithm);
        com.ibm.net.ssh.SSHString.writeString(r5.byteOutputStream, r5.serverHostKeyAlgorithm);
        com.ibm.net.ssh.SSHString.writeString(r5.byteOutputStream, r5.encryptionAlgorithmClientToServer);
        com.ibm.net.ssh.SSHString.writeString(r5.byteOutputStream, r5.encryptionAlgorithmServerToClient);
        com.ibm.net.ssh.SSHString.writeString(r5.byteOutputStream, r5.macAlgorithmClientToServer);
        com.ibm.net.ssh.SSHString.writeString(r5.byteOutputStream, r5.macAlgorithmServerToClient);
        com.ibm.net.ssh.SSHString.writeString(r5.byteOutputStream, r5.compressionAlgorithmClientToServer);
        com.ibm.net.ssh.SSHString.writeString(r5.byteOutputStream, r5.compressionAlgorithmServerToClient);
        com.ibm.net.ssh.SSHString.writeString(r5.byteOutputStream, "");
        com.ibm.net.ssh.SSHString.writeString(r5.byteOutputStream, "");
        com.ibm.net.ssh.SSHBoolean.writeBoolean(r5.byteOutputStream, false);
        com.ibm.net.ssh.SSHUint32.writeInt(r5.byteOutputStream, 0);
        r5.clientKexInitPayload = r5.byteOutputStream.toByteArray();
        r5.sshSession.socketChannel.write(java.nio.ByteBuffer.wrap(r5.clientKexInitPayload));
     */
    /* JADX WARN: Code restructure failed: missing block: B:149:0x06f2, code lost:
    
        return;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void handleKeyExchangeInit(java.nio.ByteBuffer r6) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 1779
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.net.ssh.KeyExchange.handleKeyExchangeInit(java.nio.ByteBuffer):void");
    }

    private void handleNewKeys() throws IOException {
        if (ENCRYPTION_MAPPING[this.encryptionIndex][0].startsWith("3des-") || ENCRYPTION_MAPPING[this.decryptionIndex][0].startsWith("3des-")) {
            try {
                SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("DESede");
                if (ENCRYPTION_MAPPING[this.encryptionIndex][0].startsWith("3des-")) {
                    this.encryptKey = secretKeyFactory.generateSecret(new DESedeKeySpec(this.sendEncryptionKey));
                }
                if (ENCRYPTION_MAPPING[this.decryptionIndex][0].startsWith("3des-")) {
                    this.decryptKey = secretKeyFactory.generateSecret(new DESedeKeySpec(this.recvEncryptionKey));
                }
            } catch (InvalidKeyException e) {
                throw new DisconnectException(3, "Invalid triple des key");
            } catch (NoSuchAlgorithmException e2) {
                throw new DisconnectException(3, "No such algorithm for secret key factory");
            } catch (InvalidKeySpecException e3) {
                throw new DisconnectException(3, "Invalid key spec for secret key factory");
            }
        } else {
            this.encryptKey = new SecretKeySpec(this.sendEncryptionKey, ENCRYPTION_MAPPING[this.encryptionIndex][2]);
            this.decryptKey = new SecretKeySpec(this.recvEncryptionKey, ENCRYPTION_MAPPING[this.decryptionIndex][2]);
        }
        this.sendIvParameterSpec = new IvParameterSpec(this.sendInitialIV);
        this.recvIvParameterSpec = new IvParameterSpec(this.recvInitialIV);
        this.sendMacKey = new SecretKeySpec(this.sendIntegrityKey, MAC_MAPPING[this.sendMACIndex][1]);
        this.recvMacKey = new SecretKeySpec(this.recvIntegrityKey, MAC_MAPPING[this.recvMACIndex][1]);
        try {
            this.encryptCipher.init(1, this.encryptKey, this.sendIvParameterSpec);
            this.decryptCipher.init(2, this.decryptKey, this.recvIvParameterSpec);
            int parseInt = Integer.parseInt(MAC_MAPPING[this.sendMACIndex][2]);
            int parseInt2 = Integer.parseInt(MAC_MAPPING[this.recvMACIndex][2]);
            try {
                this.sendMAC.init(this.sendMacKey);
                this.recvMAC.init(this.recvMacKey);
                this.sshSession.socketChannel.setCiphers(this.encryptCipher, this.decryptCipher);
                this.sshSession.socketChannel.setMACs(this.sendMAC, parseInt, this.recvMAC, parseInt2);
                this.sshSession.socketChannel.setCompression(this.sendCompression, this.recvCompression);
                sendServiceRequest();
            } catch (InvalidKeyException e4) {
                throw new DisconnectException(3, "Invalid key for Mac");
            }
        } catch (InvalidAlgorithmParameterException e5) {
            throw new DisconnectException(3, "Invalid algorithm parm for cipher");
        } catch (InvalidKeyException e6) {
            throw new DisconnectException(3, "Invalid key for cipher");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String decideAlgorithm(String[] strArr, String[] strArr2) {
        for (String str : strArr) {
            for (int i = 0; i < strArr2.length; i++) {
                if (strArr2[i].equals(str)) {
                    return strArr2[i];
                }
            }
        }
        return null;
    }

    private static int getMappingIndex(String str, String[][] strArr) {
        if (str == null) {
            return -1;
        }
        for (int i = 0; i < strArr.length; i++) {
            if (str.equals(strArr[i][0])) {
                return i;
            }
        }
        return -1;
    }

    private static void removeAlgorithm(String[] strArr, String str) {
        for (int i = 0; i < strArr.length; i++) {
            if (strArr[i].equals(str)) {
                strArr[i] = "";
            }
        }
    }

    private Cipher getCipherInstance(String str) {
        Cipher cipher = null;
        try {
            cipher = Cipher.getInstance(str);
        } catch (NoSuchAlgorithmException e) {
            logger.fine("No such algorithm for cipher: " + e);
        } catch (NoSuchPaddingException e2) {
            logger.fine("No such padding for cipher: " + e2);
        }
        return cipher;
    }

    private Mac getMACInstance(String str) {
        Mac mac = null;
        try {
            mac = Mac.getInstance(str);
        } catch (NoSuchAlgorithmException e) {
            logger.fine("No such algorithm for Mac: " + e);
        }
        return mac;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public BigInteger generateE(BigInteger bigInteger) throws IOException {
        BigInteger bigInteger2;
        BigInteger modPow;
        if (this.primeP.bitLength() <= 1024) {
            DHParameterSpec dHParameterSpec = new DHParameterSpec(this.primeP, bigInteger);
            try {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DiffieHellman");
                keyPairGenerator.initialize(dHParameterSpec);
                KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
                DHPublicKey dHPublicKey = (DHPublicKey) generateKeyPair.getPublic();
                this.clientDHPrivateKey = (DHPrivateKey) generateKeyPair.getPrivate();
                modPow = dHPublicKey.getY();
            } catch (InvalidAlgorithmParameterException e) {
                throw new DisconnectException(3, "Invalid key pair algorithm parm: " + e);
            } catch (NoSuchAlgorithmException e2) {
                throw new DisconnectException(3, "No such key pair algorithm: " + e2);
            }
        } else {
            BigInteger divide = this.primeP.subtract(BigInteger.ONE).divide(BigInteger.valueOf(2L));
            while (true) {
                bigInteger2 = new BigInteger(this.primeP.bitLength(), SSHConstants.SECURE_RANDOM);
                if (bigInteger2.compareTo(BigInteger.ONE) > 0 && bigInteger2.compareTo(divide) < 0) {
                    break;
                }
            }
            this.clientDHPrivateKey = new DiffHellmanPrivateKey(bigInteger2, this.primeP, bigInteger);
            modPow = bigInteger.modPow(bigInteger2, this.primeP);
        }
        return modPow;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean verifyValueRange(BigInteger bigInteger) {
        if (bigInteger == null) {
            logger.fine("verifyValueRange: value = null");
            return false;
        }
        if (this.primeP != null) {
            return bigInteger.compareTo(BigInteger.ZERO) == 1 && bigInteger.compareTo(this.primeP) == -1;
        }
        logger.fine("verifyValueRange: primeP = null");
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] computeSharedSecret(BigInteger bigInteger) {
        byte[] bArr = null;
        try {
            DHPublicKey dHPublicKey = (DHPublicKey) KeyFactory.getInstance("DiffieHellman").generatePublic(new DHPublicKeySpec(this.serverF, this.primeP, bigInteger));
            KeyAgreement keyAgreement = KeyAgreement.getInstance("DiffieHellman");
            keyAgreement.init(this.clientDHPrivateKey);
            keyAgreement.doPhase(dHPublicKey, true);
            bArr = keyAgreement.generateSecret();
        } catch (InvalidKeyException e) {
            logger.fine("InvalidKeyException creating keyfactory: " + e);
        } catch (NoSuchAlgorithmException e2) {
            logger.fine("NoSuchAlgorithmException creating keyfactory: " + e2);
        } catch (InvalidKeySpecException e3) {
            logger.fine("InvalidKeySpecException creating keyfactory: " + e3);
        }
        return bArr;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean verifySignature(byte[] bArr, byte[] bArr2) throws IOException {
        byte[] readStringAsBytes;
        boolean z = false;
        int i = 0;
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        String readString = SSHString.readString(byteArrayInputStream);
        if (readString.indexOf("rsa") != -1) {
            try {
                BigInteger readBigInteger = SSHMpint.readBigInteger(byteArrayInputStream);
                BigInteger readBigInteger2 = SSHMpint.readBigInteger(byteArrayInputStream);
                this.serverHostKey = (RSAPublicKey) this.serverHostKeyFactory.generatePublic(new RSAPublicKeySpec(readBigInteger2, readBigInteger));
                i = ((readBigInteger2.bitLength() + 1) / 8) * 8;
            } catch (InvalidKeySpecException e) {
                logger.fine("InvalidKeySpecException generating RSA key: " + e);
            }
        } else if (readString.indexOf("dss") != -1) {
            try {
                BigInteger readBigInteger3 = SSHMpint.readBigInteger(byteArrayInputStream);
                this.serverHostKey = (DSAPublicKey) this.serverHostKeyFactory.generatePublic(new DSAPublicKeySpec(SSHMpint.readBigInteger(byteArrayInputStream), readBigInteger3, SSHMpint.readBigInteger(byteArrayInputStream), SSHMpint.readBigInteger(byteArrayInputStream)));
                i = ((readBigInteger3.bitLength() + 1) / 8) * 8;
            } catch (InvalidKeySpecException e2) {
                logger.fine("InvalidKeySpecException generating DSA key: " + e2);
            }
        } else {
            logger.fine("Invalid server host key format");
        }
        this.fingerprint = Fingerprint.computeFingerprint(i, bArr);
        try {
            if (SERVER_HOST_KEY_MAPPING[this.serverHostKeyIndex][3].equals("K")) {
                this.signature.initVerify(this.serverHostKey);
            }
            this.signature.update(this.exchangeHashH, 0, this.exchangeHashH.length);
            if (this.serverHostKeyAlgorithm.equals("ssh-dss") && bArr2.length == 40) {
                logger.fine("verifySignature: Signature is missing format name and data length!");
                readStringAsBytes = bArr2;
            } else {
                ByteArrayInputStream byteArrayInputStream2 = new ByteArrayInputStream(bArr2);
                if (!SSHString.readString(byteArrayInputStream2).equals(this.serverHostKeyAlgorithm)) {
                    throw new DisconnectException(9, "verifySignature: Non-matching signature formats!");
                }
                readStringAsBytes = SSHString.readStringAsBytes(byteArrayInputStream2);
            }
            if (this.serverHostKeyAlgorithm.equals("ssh-rsa")) {
                z = this.signature.verify(readStringAsBytes);
            } else if (this.serverHostKeyAlgorithm.equals("ssh-dss")) {
                if (readStringAsBytes.length == 40) {
                    this.byteOutputStream.reset();
                    this.byteOutputStream.write(48);
                    this.byteOutputStream.write(44);
                    this.byteOutputStream.write(2);
                    this.byteOutputStream.write(20);
                    this.byteOutputStream.write(readStringAsBytes, 0, 20);
                    this.byteOutputStream.write(2);
                    this.byteOutputStream.write(20);
                    this.byteOutputStream.write(readStringAsBytes, 20, 20);
                    z = this.signature.verify(this.byteOutputStream.toByteArray());
                } else {
                    logger.fine("Signature length wrong!");
                }
            }
        } catch (InvalidKeyException e3) {
            logger.fine("InvalidKeyException during signature: " + e3);
        } catch (SignatureException e4) {
            logger.fine("SignatureException during signature: " + e4);
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void computeKeys() throws IOException {
        this.sendInitialIV = keyDerivation('A', this.encryptCipher.getBlockSize());
        this.recvInitialIV = keyDerivation('B', this.decryptCipher.getBlockSize());
        this.sendEncryptionKey = keyDerivation('C', Integer.parseInt(ENCRYPTION_MAPPING[this.encryptionIndex][3]));
        this.recvEncryptionKey = keyDerivation('D', Integer.parseInt(ENCRYPTION_MAPPING[this.decryptionIndex][3]));
        this.sendIntegrityKey = keyDerivation('E', this.sendMAC.getMacLength());
        this.recvIntegrityKey = keyDerivation('F', this.recvMAC.getMacLength());
    }

    private byte[] keyDerivation(char c, int i) throws IOException {
        byte[] bArr = new byte[i];
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        SSHMpint.writeBigInteger(byteArrayOutputStream, new BigInteger(1, this.sharedSecretK));
        byteArrayOutputStream.write(this.exchangeHashH, 0, this.exchangeHashH.length);
        byteArrayOutputStream.write((byte) c);
        byteArrayOutputStream.write(this.sessionIdentifier, 0, this.sessionIdentifier.length);
        this.shaDigest.reset();
        this.shaDigest.update(byteArrayOutputStream.toByteArray());
        byte[] digest = this.shaDigest.digest();
        int length = digest.length;
        if (length < i) {
            System.arraycopy(digest, 0, bArr, 0, digest.length);
        } else {
            System.arraycopy(digest, 0, bArr, 0, i);
        }
        while (length < i) {
            byteArrayOutputStream.reset();
            SSHMpint.writeBigInteger(byteArrayOutputStream, new BigInteger(1, this.sharedSecretK));
            byteArrayOutputStream.write(this.exchangeHashH, 0, this.exchangeHashH.length);
            byteArrayOutputStream.write(bArr, 0, length);
            this.shaDigest.reset();
            this.shaDigest.update(byteArrayOutputStream.toByteArray());
            byte[] digest2 = this.shaDigest.digest();
            length += digest2.length;
            if (length < i) {
                System.arraycopy(digest2, 0, bArr, length - digest2.length, digest2.length);
            } else {
                System.arraycopy(digest2, 0, bArr, length - digest2.length, (i - length) + digest2.length);
            }
        }
        return bArr;
    }
}
