package com.ibm.net.ssh;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.ByteBuffer;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/ibm/net/ssh/DHGroupKeyExchange.class */
public final class DHGroupKeyExchange extends KeyExchange {
    private static final String COPYRIGHT = "\n\nLicensed Materials - Property of IBM\n\n(C) Copyright IBM Corp. 2005, 2010 All Rights Reserved.\n\nUS Government Users Restricted Rights - Use, duplication or\ndisclosure restricted by GSA ADP Schedule Contract with\nIBM Corp.\n\n\n";
    private static final int MIN_BITS = 1024;
    private static final int PREFERRED_BITS = 2048;
    private static final int MAX_BITS = 8192;
    private BigInteger generatorG;

    /* JADX INFO: Access modifiers changed from: package-private */
    public DHGroupKeyExchange(SecureSession secureSession, byte[] bArr) {
        super(secureSession, "diffie-hellman-group-exchange-sha1", bArr);
    }

    @Override // com.ibm.net.ssh.KeyExchange
    boolean handlePacket(int i, ByteBuffer byteBuffer) throws IOException {
        boolean z = true;
        switch (i) {
            case 20:
                handleKeyExchangeInit(byteBuffer);
                break;
            case 31:
                logger.fine("handlePacket: SSH_MSG_KEX_DH_GEX_GROUP");
                handleKeyExchangeDHGEXGroup(byteBuffer);
                break;
            case 33:
                logger.fine("handlePacket: SSH_MSG_KEX_DH_GEX_REPLY");
                handleKeyExchangeDHGEXReply(byteBuffer);
                break;
            default:
                z = super.handlePacket(i, byteBuffer);
                break;
        }
        return z;
    }

    @Override // com.ibm.net.ssh.KeyExchange
    protected void handleKeyExchangeInit(ByteBuffer byteBuffer) throws IOException {
        super.handleKeyExchangeInit(byteBuffer);
        this.byteOutputStream.reset();
        if ((this.sshSession.protocolErrorFlags & 2) != 0) {
            this.byteOutputStream.write(30);
            SSHUint32.writeInt(this.byteOutputStream, 2048);
        } else {
            this.byteOutputStream.write(34);
            SSHUint32.writeInt(this.byteOutputStream, 1024);
            SSHUint32.writeInt(this.byteOutputStream, 2048);
            SSHUint32.writeInt(this.byteOutputStream, 8192);
        }
        this.sshSession.socketChannel.write(ByteBuffer.wrap(this.byteOutputStream.toByteArray()));
    }

    private void handleKeyExchangeDHGEXGroup(ByteBuffer byteBuffer) throws IOException {
        BigInteger readBigInteger = SSHMpint.readBigInteger(byteBuffer);
        if (readBigInteger.bitLength() < 1024 || readBigInteger.bitLength() > 8192) {
            throw new DisconnectException(3, new StringBuffer().append("Safe prime p is not within our selected bit range: p bit length = ").append(readBigInteger.bitLength()).toString());
        }
        this.primeP = readBigInteger;
        this.generatorG = SSHMpint.readBigInteger(byteBuffer);
        this.byteOutputStream.reset();
        this.byteOutputStream.write(32);
        this.clientE = generateE(this.generatorG);
        if (!verifyValueRange(this.clientE)) {
            throw new DisconnectException(3, "Client's e value out of range!");
        }
        SSHMpint.writeBigInteger(this.byteOutputStream, this.clientE);
        this.sshSession.socketChannel.write(ByteBuffer.wrap(this.byteOutputStream.toByteArray()));
    }

    private void handleKeyExchangeDHGEXReply(ByteBuffer byteBuffer) throws IOException {
        byte[] readStringAsBytes = SSHString.readStringAsBytes(byteBuffer);
        this.serverF = SSHMpint.readBigInteger(byteBuffer);
        byte[] readStringAsBytes2 = SSHString.readStringAsBytes(byteBuffer);
        if (!verifyValueRange(this.serverF)) {
            throw new DisconnectException(3, "Server's f value out of range!");
        }
        this.sharedSecretK = computeSharedSecret(this.generatorG);
        if (!verifyValueRange(new BigInteger(1, this.sharedSecretK))) {
            throw new DisconnectException(3, "Shared secret k value out of range!");
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        SSHString.writeString(byteArrayOutputStream, this.sshSession.clientVersion);
        SSHString.writeString(byteArrayOutputStream, this.sshSession.serverVersion);
        SSHString.writeString(byteArrayOutputStream, this.clientKexInitPayload);
        SSHString.writeString(byteArrayOutputStream, this.serverKexInitPayload);
        SSHString.writeString(byteArrayOutputStream, readStringAsBytes);
        if ((this.sshSession.protocolErrorFlags & 2) != 0) {
            SSHUint32.writeInt(byteArrayOutputStream, 2048);
        } else {
            SSHUint32.writeInt(byteArrayOutputStream, 1024);
            SSHUint32.writeInt(byteArrayOutputStream, 2048);
            SSHUint32.writeInt(byteArrayOutputStream, 8192);
        }
        SSHMpint.writeBigInteger(byteArrayOutputStream, this.primeP);
        SSHMpint.writeBigInteger(byteArrayOutputStream, this.generatorG);
        SSHMpint.writeBigInteger(byteArrayOutputStream, this.clientE);
        SSHMpint.writeBigInteger(byteArrayOutputStream, this.serverF);
        SSHMpint.writeBigInteger(byteArrayOutputStream, new BigInteger(1, this.sharedSecretK));
        this.sha1Digest.reset();
        this.sha1Digest.update(byteArrayOutputStream.toByteArray());
        this.exchangeHashH = this.sha1Digest.digest();
        if (this.sessionIdentifier == null) {
            this.sessionIdentifier = new byte[this.exchangeHashH.length];
            System.arraycopy(this.exchangeHashH, 0, this.sessionIdentifier, 0, this.exchangeHashH.length);
        }
        if (verifySignature(readStringAsBytes, readStringAsBytes2)) {
            logger.fine("handleKeyExchangeDHGEXReply: Server signature verifed");
        } else {
            logger.fine("handleKeyExchangeDHGEXReply: Server signature wrong!");
        }
        computeKeys();
        sendNewKeys();
    }
}
