package cn.schoolwow.ssh.handler;

import cn.schoolwow.ssh.domain.SSHMessageCode;
import cn.schoolwow.ssh.domain.exception.SSHException;
import cn.schoolwow.ssh.domain.kex.KexResult;
import cn.schoolwow.ssh.domain.kex.SSHClientSupportAlgorithm;
import cn.schoolwow.ssh.domain.kex.SSHKexAlgorithmNegotitation;
import cn.schoolwow.ssh.layer.SSHSession;
import cn.schoolwow.ssh.layer.transport.SSHAlgorithm;
import cn.schoolwow.ssh.layer.transport.SSHAlgorithmImpl;
import cn.schoolwow.ssh.layer.transport.compress.Compress;
import cn.schoolwow.ssh.layer.transport.encrypt.SSHCipher;
import cn.schoolwow.ssh.layer.transport.kex.Kex;
import cn.schoolwow.ssh.layer.transport.mac.SSHMac;
import cn.schoolwow.ssh.layer.transport.publickey.SSHHostKey;
import cn.schoolwow.ssh.stream.SSHInputStreamImpl;
import cn.schoolwow.ssh.stream.SSHOutputStreamImpl;
import cn.schoolwow.ssh.util.SSHUtil;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:cn/schoolwow/ssh/handler/KexExchangeHandler.class */
public class KexExchangeHandler implements Handler {
    private Logger logger = LoggerFactory.getLogger(KexExchangeHandler.class);

    @Override // cn.schoolwow.ssh.handler.Handler
    public Handler handle(SSHSession sSHSession) throws Exception {
        sSHSession.socket.getOutputStream().write(("SSH-2.0-QuickSSH-1.0\r\n").getBytes(StandardCharsets.UTF_8));
        sSHSession.socket.getOutputStream().flush();
        this.logger.trace("[发送客户端版本号]{}", "SSH-2.0-QuickSSH-1.0");
        String readLine = sSHSession.sis.readLine();
        this.logger.trace("[获取服务端版本号]{}", readLine);
        byte[] clientKexInit = getClientKexInit(sSHSession.quickSSHConfig.sshClientSupportAlgorithm);
        sSHSession.writeSSHProtocolPayload(clientKexInit);
        byte[] readSSHProtocolPayload = sSHSession.readSSHProtocolPayload(SSHMessageCode.SSH_MSG_KEXINIT);
        matchAlgorithmNameList(readSSHProtocolPayload, sSHSession.sshKexAlgorithmNegotitation, sSHSession.quickSSHConfig.sshClientSupportAlgorithm);
        KexResult exchange = sSHSession.sshKexAlgorithmNegotitation.kex.exchange("SSH-2.0-QuickSSH-1.0", readLine, clientKexInit, readSSHProtocolPayload, sSHSession);
        byte[] digest = exchange.messageDigest.digest(exchange.concatenationOfH);
        if (!sSHSession.sshKexAlgorithmNegotitation.sshHostKey.verify(digest, exchange.signatureOfH, sSHSession.sshKexAlgorithmNegotitation.sshHostKey.parsePublicKey(exchange.hostKey))) {
            throw new IllegalArgumentException("签名校验失败!");
        }
        if (null == sSHSession.sessionId) {
            sSHSession.sessionId = digest;
        }
        sSHSession.writeSSHProtocolPayload(new byte[]{(byte) SSHMessageCode.SSH_MSG_NEWKEYS.value});
        sSHSession.readSSHProtocolPayload(SSHMessageCode.SSH_MSG_NEWKEYS);
        setAlgorithmKey(exchange.K, digest, exchange.messageDigest, sSHSession.sessionId, sSHSession.sshKexAlgorithmNegotitation);
        return new AuthenticateHandler();
    }

    private void setAlgorithmKey(BigInteger bigInteger, byte[] bArr, MessageDigest messageDigest, byte[] bArr2, SSHKexAlgorithmNegotitation sSHKexAlgorithmNegotitation) throws Exception {
        int keySize = sSHKexAlgorithmNegotitation.sshCipher.getKeySize();
        this.logger.debug("[加解密密钥预期长度]算法名称:{}, 预期长度:{}, 摘要算法长度:{}", new Object[]{((SSHAlgorithmImpl) sSHKexAlgorithmNegotitation.sshCipher).algorithmName, Integer.valueOf(keySize), Integer.valueOf(messageDigest.getDigestLength())});
        byte[] calculateKey = calculateKey(keySize, bigInteger, bArr, messageDigest, bArr2, 'A');
        byte[] calculateKey2 = calculateKey(keySize, bigInteger, bArr, messageDigest, bArr2, 'B');
        byte[] calculateKey3 = calculateKey(keySize, bigInteger, bArr, messageDigest, bArr2, 'C');
        byte[] calculateKey4 = calculateKey(keySize, bigInteger, bArr, messageDigest, bArr2, 'D');
        sSHKexAlgorithmNegotitation.c2sCipher = sSHKexAlgorithmNegotitation.sshCipher.getClientCipher(calculateKey, calculateKey3);
        sSHKexAlgorithmNegotitation.s2cCipher = sSHKexAlgorithmNegotitation.sshCipher.getServerCipher(calculateKey2, calculateKey4);
        int keySize2 = sSHKexAlgorithmNegotitation.sshMac.getKeySize();
        this.logger.debug("[消息认证码算法长度]算法名称:{}, 预期长度:{}, 摘要算法长度:{}", new Object[]{((SSHAlgorithmImpl) sSHKexAlgorithmNegotitation.sshMac).algorithmName, Integer.valueOf(keySize2), Integer.valueOf(messageDigest.getDigestLength())});
        byte[] calculateKey5 = calculateKey(keySize2, bigInteger, bArr, messageDigest, bArr2, 'E');
        byte[] calculateKey6 = calculateKey(keySize2, bigInteger, bArr, messageDigest, bArr2, 'F');
        sSHKexAlgorithmNegotitation.c2sMac = sSHKexAlgorithmNegotitation.sshMac.getMac(calculateKey5);
        sSHKexAlgorithmNegotitation.s2cMac = sSHKexAlgorithmNegotitation.sshMac.getMac(calculateKey6);
        this.logger.debug("[生成算法密钥]客户端向量:{},客户端密钥:{},服务端向量:{},服务端密钥:{},客户端消息认证密钥:{},服务端消息认证密钥:{}", new Object[]{SSHUtil.byteArrayToHex(calculateKey) + "[" + calculateKey.length + "]", SSHUtil.byteArrayToHex(calculateKey3) + "[" + calculateKey3.length + "]", SSHUtil.byteArrayToHex(calculateKey2) + "[" + calculateKey2.length + "]", SSHUtil.byteArrayToHex(calculateKey4) + "[" + calculateKey4.length + "]", SSHUtil.byteArrayToHex(calculateKey5) + "[" + calculateKey5.length + "]", SSHUtil.byteArrayToHex(calculateKey6) + "[" + calculateKey6.length + "]"});
    }

    private byte[] calculateKey(int i, BigInteger bigInteger, byte[] bArr, MessageDigest messageDigest, byte[] bArr2, char c) throws Exception {
        SSHOutputStreamImpl sSHOutputStreamImpl = new SSHOutputStreamImpl();
        sSHOutputStreamImpl.writeMPInt(bigInteger);
        sSHOutputStreamImpl.write(bArr);
        sSHOutputStreamImpl.write(c);
        sSHOutputStreamImpl.write(bArr2);
        byte[] digest = messageDigest.digest(sSHOutputStreamImpl.toByteArray());
        if (digest.length < i) {
            byte[] bArr3 = new byte[digest.length];
            System.arraycopy(digest, 0, bArr3, 0, digest.length);
            for (int i2 = 10; digest.length < i && i2 >= 0; i2--) {
                sSHOutputStreamImpl.reset();
                sSHOutputStreamImpl.writeMPInt(bigInteger);
                sSHOutputStreamImpl.write(bArr);
                sSHOutputStreamImpl.write(bArr3);
                bArr3 = messageDigest.digest(sSHOutputStreamImpl.toByteArray());
                sSHOutputStreamImpl.reset();
                sSHOutputStreamImpl.write(digest);
                sSHOutputStreamImpl.write(bArr3);
                digest = sSHOutputStreamImpl.toByteArray();
                this.logger.trace("[密钥长度不够]重复计算密钥.期望最小长度:{},当前长度:{}", Integer.valueOf(i), Integer.valueOf(digest.length));
            }
        }
        if (digest.length > i) {
            byte[] bArr4 = new byte[i];
            System.arraycopy(digest, 0, bArr4, 0, i);
            digest = bArr4;
        }
        return digest;
    }

    private void matchAlgorithmNameList(byte[] bArr, SSHKexAlgorithmNegotitation sSHKexAlgorithmNegotitation, SSHClientSupportAlgorithm sSHClientSupportAlgorithm) throws IOException {
        SSHInputStreamImpl sSHInputStreamImpl = new SSHInputStreamImpl(bArr);
        sSHInputStreamImpl.skipBytes(17);
        List<String> readNameList = sSHInputStreamImpl.readNameList();
        this.logger.trace("[服务端支持密钥算法]{}", readNameList);
        sSHKexAlgorithmNegotitation.kex = (Kex) matchAlgorithm(sSHClientSupportAlgorithm.kexList, readNameList, "密钥协商算法交换失败！");
        List<String> readNameList2 = sSHInputStreamImpl.readNameList();
        this.logger.trace("[服务端支持HostKey算法]{}", readNameList);
        sSHKexAlgorithmNegotitation.sshHostKey = (SSHHostKey) matchAlgorithm(sSHClientSupportAlgorithm.hostKeyList, readNameList2, "HostKey算法交换失败！");
        List<String> readNameList3 = sSHInputStreamImpl.readNameList();
        sSHInputStreamImpl.readNameList();
        this.logger.trace("[服务端支持加密算法]{}", readNameList3);
        sSHKexAlgorithmNegotitation.sshCipher = (SSHCipher) matchAlgorithm(sSHClientSupportAlgorithm.cipherList, readNameList3, "加密算法协商失败！");
        List<String> readNameList4 = sSHInputStreamImpl.readNameList();
        sSHInputStreamImpl.readNameList();
        this.logger.trace("[服务端支持消息认证算法]{}", readNameList4);
        sSHKexAlgorithmNegotitation.sshMac = (SSHMac) matchAlgorithm(sSHClientSupportAlgorithm.macList, readNameList4, "消息摘要算法协商失败！");
        List<String> readNameList5 = sSHInputStreamImpl.readNameList();
        sSHInputStreamImpl.readNameList();
        this.logger.trace("服务端支持压缩算法]{}", readNameList5);
        sSHKexAlgorithmNegotitation.compress = (Compress) matchAlgorithm(sSHClientSupportAlgorithm.compressList, readNameList5, "压缩算法协商失败！");
        this.logger.debug("[匹配协商算法]密钥交换算法:{},HostKey算法:{},加密算法:{},消息摘要算法:{},压缩算法:{}", new Object[]{((SSHAlgorithmImpl) sSHKexAlgorithmNegotitation.kex).algorithmName, ((SSHAlgorithmImpl) sSHKexAlgorithmNegotitation.sshHostKey).algorithmName, ((SSHAlgorithmImpl) sSHKexAlgorithmNegotitation.sshCipher).algorithmName, ((SSHAlgorithmImpl) sSHKexAlgorithmNegotitation.sshMac).algorithmName, ((SSHAlgorithmImpl) sSHKexAlgorithmNegotitation.compress).algorithmName});
    }

    private SSHAlgorithm matchAlgorithm(List<? extends SSHAlgorithm> list, List<String> list2, String str) {
        for (SSHAlgorithm sSHAlgorithm : list) {
            Iterator<String> it = list2.iterator();
            while (it.hasNext()) {
                if (sSHAlgorithm.matchAlgorithm(it.next())) {
                    return sSHAlgorithm;
                }
            }
        }
        throw new SSHException(str);
    }

    private byte[] getClientKexInit(SSHClientSupportAlgorithm sSHClientSupportAlgorithm) throws IOException {
        SSHOutputStreamImpl sSHOutputStreamImpl = new SSHOutputStreamImpl();
        sSHOutputStreamImpl.writeByte(SSHMessageCode.SSH_MSG_KEXINIT.value);
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        sSHOutputStreamImpl.write(bArr);
        List<String> mergeAlgorithmNameList = mergeAlgorithmNameList(sSHClientSupportAlgorithm.kexList);
        sSHOutputStreamImpl.writeNameList(mergeAlgorithmNameList);
        this.logger.trace("[客户端支持密钥算法]{}", mergeAlgorithmNameList);
        sSHOutputStreamImpl.writeNameList(mergeAlgorithmNameList(sSHClientSupportAlgorithm.hostKeyList));
        this.logger.trace("[客户端支持HostKey算法]{}", mergeAlgorithmNameList);
        List<String> mergeAlgorithmNameList2 = mergeAlgorithmNameList(sSHClientSupportAlgorithm.cipherList);
        sSHOutputStreamImpl.writeNameList(mergeAlgorithmNameList2);
        sSHOutputStreamImpl.writeNameList(mergeAlgorithmNameList2);
        this.logger.trace("[客户端支持加密算法]{}", mergeAlgorithmNameList2);
        List<String> mergeAlgorithmNameList3 = mergeAlgorithmNameList(sSHClientSupportAlgorithm.macList);
        sSHOutputStreamImpl.writeNameList(mergeAlgorithmNameList3);
        sSHOutputStreamImpl.writeNameList(mergeAlgorithmNameList3);
        this.logger.trace("[客户端支持消息认证算法]{}", mergeAlgorithmNameList3);
        List<String> mergeAlgorithmNameList4 = mergeAlgorithmNameList(sSHClientSupportAlgorithm.compressList);
        sSHOutputStreamImpl.writeNameList(mergeAlgorithmNameList4);
        sSHOutputStreamImpl.writeNameList(mergeAlgorithmNameList4);
        this.logger.trace("[客户端支持压缩算法]{}", mergeAlgorithmNameList3);
        sSHOutputStreamImpl.writeInt(0);
        sSHOutputStreamImpl.writeInt(0);
        sSHOutputStreamImpl.writeBoolean(false);
        sSHOutputStreamImpl.writeInt(0);
        return sSHOutputStreamImpl.toByteArray();
    }

    private List<String> mergeAlgorithmNameList(List<? extends SSHAlgorithm> list) {
        ArrayList arrayList = new ArrayList();
        Iterator<? extends SSHAlgorithm> it = list.iterator();
        while (it.hasNext()) {
            arrayList.addAll(Arrays.asList(it.next().algorithmNameList()));
        }
        return arrayList;
    }
}
