package io.jenkins.cli.shaded.org.apache.sshd.server.kex;

import io.jenkins.cli.shaded.org.apache.sshd.common.Factory;
import io.jenkins.cli.shaded.org.apache.sshd.common.FactoryManager;
import io.jenkins.cli.shaded.org.apache.sshd.common.NamedFactory;
import io.jenkins.cli.shaded.org.apache.sshd.common.SshException;
import io.jenkins.cli.shaded.org.apache.sshd.common.kex.DHFactory;
import io.jenkins.cli.shaded.org.apache.sshd.common.kex.DHG;
import io.jenkins.cli.shaded.org.apache.sshd.common.kex.DHGroupData;
import io.jenkins.cli.shaded.org.apache.sshd.common.kex.KexProposalOption;
import io.jenkins.cli.shaded.org.apache.sshd.common.kex.KeyExchange;
import io.jenkins.cli.shaded.org.apache.sshd.common.kex.KeyExchangeFactory;
import io.jenkins.cli.shaded.org.apache.sshd.common.random.Random;
import io.jenkins.cli.shaded.org.apache.sshd.common.session.Session;
import io.jenkins.cli.shaded.org.apache.sshd.common.signature.Signature;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.GenericUtils;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.ValidateUtils;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.buffer.Buffer;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.buffer.BufferUtils;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.buffer.ByteArrayBuffer;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.security.SecurityUtils;
import io.jenkins.cli.shaded.org.apache.sshd.core.CoreModuleProperties;
import io.jenkins.cli.shaded.org.apache.sshd.server.kex.Moduli;
import io.jenkins.cli.shaded.org.apache.sshd.server.session.ServerSession;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.math.BigInteger;
import java.net.URL;
import java.security.KeyPair;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Objects;

/* loaded from: input_file:WEB-INF/lib/cli-2.413-rc33932.79c7a_f80c888.jar:io/jenkins/cli/shaded/org/apache/sshd/server/kex/DHGEXServer.class */
public class DHGEXServer extends AbstractDHServerKeyExchange {
    protected final DHFactory factory;
    protected DHG dh;
    protected int min;
    protected int prf;
    protected int max;
    protected byte expected;
    protected boolean oldRequest;

    protected DHGEXServer(DHFactory dHFactory, Session session) {
        super(session);
        this.factory = (DHFactory) Objects.requireNonNull(dHFactory, "No factory");
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.NamedResource
    public final String getName() {
        return this.factory.getName();
    }

    public static KeyExchangeFactory newFactory(final DHFactory dHFactory) {
        return new KeyExchangeFactory() { // from class: io.jenkins.cli.shaded.org.apache.sshd.server.kex.DHGEXServer.1
            @Override // io.jenkins.cli.shaded.org.apache.sshd.common.kex.KeyExchangeFactory
            public KeyExchange createKeyExchange(Session session) throws Exception {
                return new DHGEXServer(DHFactory.this, session);
            }

            @Override // io.jenkins.cli.shaded.org.apache.sshd.common.NamedResource
            public String getName() {
                return DHFactory.this.getName();
            }

            public String toString() {
                return NamedFactory.class.getSimpleName() + "<" + KeyExchange.class.getSimpleName() + ">[" + getName() + "]";
            }
        };
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.kex.dh.AbstractDHKeyExchange, io.jenkins.cli.shaded.org.apache.sshd.common.kex.KeyExchange
    public void init(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) throws Exception {
        super.init(bArr, bArr2, bArr3, bArr4);
        this.expected = (byte) 34;
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.kex.KeyExchange
    public boolean next(int i, Buffer buffer) throws Exception {
        ServerSession serverSession = getServerSession();
        boolean isDebugEnabled = this.log.isDebugEnabled();
        if (isDebugEnabled) {
            this.log.debug("next({})[{}] process command={} (expected={})", this, serverSession, KeyExchange.getGroupKexOpcodeName(i), KeyExchange.getGroupKexOpcodeName(this.expected));
        }
        if (i == 30 && this.expected == 34) {
            this.oldRequest = true;
            this.min = CoreModuleProperties.PROP_DHGEX_SERVER_MIN_KEY.get(serverSession).orElse(Integer.valueOf(SecurityUtils.getMinDHGroupExchangeKeySize())).intValue();
            this.prf = buffer.getInt();
            this.max = CoreModuleProperties.PROP_DHGEX_SERVER_MAX_KEY.get(serverSession).orElse(Integer.valueOf(SecurityUtils.getMaxDHGroupExchangeKeySize())).intValue();
            if (this.max < this.min || this.prf < this.min || this.max < this.prf) {
                throw new SshException(3, "Protocol error: bad parameters " + this.min + " !< " + this.prf + " !< " + this.max);
            }
            this.dh = chooseDH(this.min, this.prf, this.max);
            setF(this.dh.getE());
            BigInteger p = this.dh.getP();
            validateFValue(p);
            this.hash = this.dh.getHash();
            this.hash.init();
            if (isDebugEnabled) {
                this.log.debug("next({})[{}] send (old request) SSH_MSG_KEX_DH_GEX_GROUP - min={}, prf={}, max={}", this, serverSession, Integer.valueOf(this.min), Integer.valueOf(this.prf), Integer.valueOf(this.max));
            }
            Buffer createBuffer = serverSession.createBuffer((byte) 31);
            createBuffer.putMPInt(p);
            createBuffer.putMPInt(this.dh.getG());
            serverSession.writePacket(createBuffer);
            this.expected = (byte) 32;
            return false;
        }
        if (i == 34 && this.expected == 34) {
            this.min = buffer.getInt();
            this.prf = buffer.getInt();
            this.max = buffer.getInt();
            if (this.prf < this.min || this.max < this.prf) {
                throw new SshException(3, "Protocol error: bad parameters " + this.min + " !< " + this.prf + " !< " + this.max);
            }
            this.dh = chooseDH(this.min, this.prf, this.max);
            setF(this.dh.getE());
            BigInteger p2 = this.dh.getP();
            validateFValue(p2);
            this.hash = this.dh.getHash();
            this.hash.init();
            if (isDebugEnabled) {
                this.log.debug("next({})[{}] Send SSH_MSG_KEX_DH_GEX_GROUP - min={}, prf={}, max={}", this, serverSession, Integer.valueOf(this.min), Integer.valueOf(this.prf), Integer.valueOf(this.max));
            }
            Buffer createBuffer2 = serverSession.createBuffer((byte) 31);
            createBuffer2.putMPInt(p2);
            createBuffer2.putMPInt(this.dh.getG());
            serverSession.writePacket(createBuffer2);
            this.expected = (byte) 32;
            return false;
        }
        if (i != this.expected) {
            throw new SshException(3, "Protocol error: expected packet " + KeyExchange.getGroupKexOpcodeName(this.expected) + ", got " + KeyExchange.getGroupKexOpcodeName(i));
        }
        if (i != 32) {
            return false;
        }
        byte[] updateE = updateE(buffer.getMPIntAsBytes());
        BigInteger p3 = this.dh.getP();
        validateEValue(p3);
        this.dh.setF(updateE);
        this.k = this.dh.getK();
        KeyPair keyPair = (KeyPair) Objects.requireNonNull(serverSession.getHostKey(), "No server key pair available");
        String negotiatedKexParameter = serverSession.getNegotiatedKexParameter(KexProposalOption.SERVERKEYS);
        Signature signature = (Signature) ValidateUtils.checkNotNull((Signature) NamedFactory.create(serverSession.getSignatureFactories(), negotiatedKexParameter), "Unknown negotiated server keys: %s", negotiatedKexParameter);
        signature.initSigner(serverSession, keyPair.getPrivate());
        ByteArrayBuffer byteArrayBuffer = new ByteArrayBuffer();
        byteArrayBuffer.putRawPublicKey(keyPair.getPublic());
        byte[] compactData = byteArrayBuffer.getCompactData();
        byteArrayBuffer.clear();
        byteArrayBuffer.putBytes(this.v_c);
        byteArrayBuffer.putBytes(this.v_s);
        byteArrayBuffer.putBytes(this.i_c);
        byteArrayBuffer.putBytes(this.i_s);
        byteArrayBuffer.putBytes(compactData);
        if (this.oldRequest) {
            byteArrayBuffer.putInt(this.prf);
        } else {
            byteArrayBuffer.putInt(this.min);
            byteArrayBuffer.putInt(this.prf);
            byteArrayBuffer.putInt(this.max);
        }
        byteArrayBuffer.putMPInt(p3);
        byteArrayBuffer.putMPInt(this.dh.getG());
        byteArrayBuffer.putMPInt(updateE);
        byte[] f = getF();
        byteArrayBuffer.putMPInt(f);
        byteArrayBuffer.putMPInt(this.k);
        this.hash.update(byteArrayBuffer.array(), 0, byteArrayBuffer.available());
        this.h = this.hash.digest();
        signature.update(serverSession, this.h);
        byteArrayBuffer.clear();
        byteArrayBuffer.putString(negotiatedKexParameter);
        byteArrayBuffer.putBytes(signature.sign(serverSession));
        byte[] compactData2 = byteArrayBuffer.getCompactData();
        if (this.log.isTraceEnabled()) {
            this.log.trace("next({})[{}][K_S]:  {}", this, serverSession, BufferUtils.toHex(compactData));
            this.log.trace("next({})[{}][f]:    {}", this, serverSession, BufferUtils.toHex(f));
            this.log.trace("next({})[{}][sigH]: {}", this, serverSession, BufferUtils.toHex(compactData2));
        }
        if (isDebugEnabled) {
            this.log.debug("next({})[{}] Send SSH_MSG_KEX_DH_GEX_REPLY - old={}, min={}, prf={}, max={}", this, serverSession, Boolean.valueOf(this.oldRequest), Integer.valueOf(this.min), Integer.valueOf(this.prf), Integer.valueOf(this.max));
        }
        Buffer prepareBuffer = serverSession.prepareBuffer((byte) 33, BufferUtils.clear(byteArrayBuffer));
        prepareBuffer.putBytes(compactData);
        prepareBuffer.putBytes(f);
        prepareBuffer.putBytes(compactData2);
        serverSession.writePacket(prepareBuffer);
        return true;
    }

    protected DHG chooseDH(int i, int i2, int i3) throws Exception {
        ServerSession serverSession = getServerSession();
        List<Moduli.DhGroup> selectModuliGroups = selectModuliGroups(serverSession, i, i2, i3, loadModuliGroups(serverSession));
        if (!GenericUtils.isEmpty((Collection<?>) selectModuliGroups)) {
            Moduli.DhGroup dhGroup = selectModuliGroups.get(((Random) Objects.requireNonNull((Random) ((Factory) Objects.requireNonNull(((FactoryManager) Objects.requireNonNull(serverSession.getFactoryManager(), "No factory manager")).getRandomFactory(), "No random factory")).create(), "No random generator")).random(selectModuliGroups.size()));
            if (this.log.isTraceEnabled()) {
                this.log.trace("chooseDH({})[{}][prf={}, min={}, max={}] selected {}", this, serverSession, Integer.valueOf(i2), Integer.valueOf(i), Integer.valueOf(i3), dhGroup);
            }
            return getDH(dhGroup.getP(), dhGroup.getG());
        }
        if (CoreModuleProperties.ALLOW_DHG1_KEX_FALLBACK.getRequired(serverSession).booleanValue()) {
            this.log.warn("chooseDH({})[{}][prf={}, min={}, max={}] No suitable primes found - defaulting to DHG1", this, serverSession, Integer.valueOf(i2), Integer.valueOf(i), Integer.valueOf(i3));
            return getDH(new BigInteger(DHGroupData.getP1()), new BigInteger(DHGroupData.getG()));
        }
        this.log.error("chooseDH({})[{}][prf={}, min={}, max={}] No suitable primes found - failing", this, serverSession, Integer.valueOf(i2), Integer.valueOf(i), Integer.valueOf(i3));
        throw new SshException(3, "No suitable primes found for DH group exchange");
    }

    protected List<Moduli.DhGroup> selectModuliGroups(ServerSession serverSession, int i, int i2, int i3, List<Moduli.DhGroup> list) throws Exception {
        int maxDHGroupExchangeKeySize = SecurityUtils.getMaxDHGroupExchangeKeySize();
        int minDHGroupExchangeKeySize = SecurityUtils.getMinDHGroupExchangeKeySize();
        int max = Math.max(i, minDHGroupExchangeKeySize);
        int min = Math.min(Math.max(i2, minDHGroupExchangeKeySize), maxDHGroupExchangeKeySize);
        int min2 = Math.min(i3, maxDHGroupExchangeKeySize);
        ArrayList arrayList = new ArrayList();
        int i4 = 0;
        boolean isTraceEnabled = this.log.isTraceEnabled();
        for (Moduli.DhGroup dhGroup : list) {
            int size = dhGroup.getSize();
            if (size >= max && size <= min2) {
                if ((size > min && size < i4) || (size > i4 && i4 < min)) {
                    i4 = size;
                    if (isTraceEnabled) {
                        this.log.trace("selectModuliGroups({})[{}][prf={}, min={}, max={}] new best size={} from group={}", this, serverSession, Integer.valueOf(min), Integer.valueOf(max), Integer.valueOf(min2), Integer.valueOf(i4), dhGroup);
                    }
                    arrayList.clear();
                }
                if (size == i4) {
                    if (isTraceEnabled) {
                        this.log.trace("selectModuliGroups({})[{}][prf={}, min={}, max={}] selected {}", this, serverSession, Integer.valueOf(min), Integer.valueOf(max), Integer.valueOf(min2), dhGroup);
                    }
                    arrayList.add(dhGroup);
                }
            } else if (isTraceEnabled) {
                this.log.trace("selectModuliGroups({})[{}] - skip group={} - size not in range [{}-{}]", this, serverSession, dhGroup, Integer.valueOf(max), Integer.valueOf(min2));
            }
        }
        return arrayList;
    }

    protected List<Moduli.DhGroup> loadModuliGroups(ServerSession serverSession) throws IOException {
        String orNull = CoreModuleProperties.MODULI_URL.getOrNull(serverSession);
        List<Moduli.DhGroup> list = null;
        if (!GenericUtils.isEmpty(orNull)) {
            try {
                list = Moduli.parseModuli(new URL(orNull));
            } catch (IOException e) {
                this.log.warn("loadModuliGroups({})[{}] Error ({}) loading external moduli from {}: {}", this, serverSession, e.getClass().getSimpleName(), orNull, e.getMessage());
            }
        }
        if (list == null) {
            try {
                URL resource = getClass().getResource(Moduli.INTERNAL_MODULI_RESPATH);
                if (resource == null) {
                    throw new FileNotFoundException("Missing internal moduli file");
                }
                orNull = resource.toExternalForm();
                list = Moduli.loadInternalModuli(resource);
            } catch (IOException e2) {
                this.log.warn("loadModuliGroups({})[{}] Error ({}) loading internal moduli from {}: {}", this, serverSession, e2.getClass().getSimpleName(), Moduli.INTERNAL_MODULI_RESPATH, e2.getMessage());
                throw e2;
            }
        }
        if (this.log.isDebugEnabled()) {
            this.log.debug("loadModuliGroups({})[{}] Loaded {} moduli groups from {}", this, serverSession, Integer.valueOf(GenericUtils.size(list)), orNull);
        }
        return list;
    }

    protected DHG getDH(BigInteger bigInteger, BigInteger bigInteger2) throws Exception {
        return (DHG) this.factory.create(bigInteger, bigInteger2);
    }
}
