package cn.schoolwow.ssh.flow.algorithm.kex;

import cn.schoolwow.quickflow.domain.FlowContext;
import cn.schoolwow.ssh.domain.SSHMessageCode;
import cn.schoolwow.ssh.domain.exception.SSHException;
import cn.schoolwow.ssh.domain.host.SSHSessionConfig;
import cn.schoolwow.ssh.domain.stream.SSHString;
import cn.schoolwow.ssh.flow.algorithm.kex.template.KexTemplateFlow;
import cn.schoolwow.ssh.stream.SSHOutputStreamImpl;
import cn.schoolwow.ssh.util.SSHDigest;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECFieldFp;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.EllipticCurve;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.List;
import javax.crypto.KeyAgreement;

/* loaded from: input_file:cn/schoolwow/ssh/flow/algorithm/kex/EllipticCurveDiffieHellmanKexFlow.class */
public class EllipticCurveDiffieHellmanKexFlow implements KexFlow {
    @Override // cn.schoolwow.ssh.flow.algorithm.AlgorithmBusinessFlow
    public List<String> algorithmNameList() {
        return Arrays.asList("ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521");
    }

    @Override // cn.schoolwow.ssh.flow.algorithm.kex.KexFlow
    public void exchange(FlowContext flowContext) throws Exception {
        String str = ((SSHSessionConfig) flowContext.checkData("sshSessionConfig")).algorithmNameNegotiator.kexName;
        int parseInt = Integer.parseInt(str.substring(str.length() - 3));
        MessageDigest messageDigest = SSHDigest.getDigest("SHA" + parseInt).getMessageDigest();
        flowContext.putCurrentFlowData("size", Integer.valueOf(parseInt));
        flowContext.startFlow(new KexTemplateFlow()).putTemporaryData("algorithmNameList", algorithmNameList()).putTemporaryData("kexInit", SSHMessageCode.SSH_MSG_KEX_ECDH_INIT).putTemporaryData("kexReply", SSHMessageCode.SSH_MSG_KEX_ECDH_REPLY).putTemporaryData("messageDigest", messageDigest).putTemporaryData("publicKeyType", "SSHString").putFunctionFlow("setClientPublicKey", () -> {
            setClientPublicKey(flowContext);
        }).putFunctionFlow("setShareSecret", () -> {
            setShareSecret(flowContext);
        }).putFunctionFlow("setConcatenationOfH", () -> {
            setConcatenationOfH(flowContext);
        }).execute();
    }

    /* JADX WARN: Removed duplicated region for block: B:17:0x0150  */
    /* JADX WARN: Removed duplicated region for block: B:20:0x015a  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void setClientPublicKey(cn.schoolwow.quickflow.domain.FlowContext r7) throws java.security.InvalidAlgorithmParameterException, java.security.NoSuchAlgorithmException {
        /*
            Method dump skipped, instructions count: 380
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: cn.schoolwow.ssh.flow.algorithm.kex.EllipticCurveDiffieHellmanKexFlow.setClientPublicKey(cn.schoolwow.quickflow.domain.FlowContext):void");
    }

    private void setShareSecret(FlowContext flowContext) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException {
        SSHSessionConfig sSHSessionConfig = (SSHSessionConfig) flowContext.checkData("sshSessionConfig");
        SSHString sSHString = (SSHString) flowContext.checkData("serverPublicKey");
        ECPublicKey eCPublicKey = (ECPublicKey) flowContext.checkData("ecPublicKey");
        ECPrivateKey eCPrivateKey = (ECPrivateKey) flowContext.checkData("ecPrivateKey");
        byte[] bArr = sSHString.value;
        int i = 0;
        while (bArr[i] != 4) {
            i++;
        }
        int i2 = i + 1;
        byte[] bArr2 = new byte[(bArr.length - i2) / 2];
        byte[] bArr3 = new byte[bArr2.length];
        System.arraycopy(bArr, i2, bArr2, 0, bArr2.length);
        System.arraycopy(bArr, i2 + bArr2.length, bArr3, 0, bArr3.length);
        BigInteger bigInteger = new BigInteger(1, bArr2);
        BigInteger bigInteger2 = new BigInteger(1, bArr3);
        ECPoint eCPoint = new ECPoint(bigInteger, bigInteger2);
        if (ECPoint.POINT_INFINITY.equals(eCPoint)) {
            throw new SSHException("EDCH算法服务端公钥校验失败!Q != O");
        }
        ECParameterSpec params = eCPublicKey.getParams();
        EllipticCurve curve = params.getCurve();
        BigInteger p = ((ECFieldFp) curve.getField()).getP();
        BigInteger subtract = p.subtract(BigInteger.ONE);
        if (bigInteger.compareTo(subtract) > 0 || bigInteger2.compareTo(subtract) > 0) {
            throw new SSHException("EDCH算法服务端公钥校验失败!xQ和yQ不在[0,p-1]的区间内");
        }
        if (!bigInteger2.modPow(BigInteger.valueOf(2L), p).equals(bigInteger.multiply(curve.getA()).add(curve.getB()).add(bigInteger.modPow(BigInteger.valueOf(3L), p)).mod(p))) {
            throw new SSHException("EDCH算法服务端公钥校验失败!公式不匹配!y^2 = x^3 + x*a + b (mod p)");
        }
        PublicKey generatePublic = KeyFactory.getInstance("EC").generatePublic(new ECPublicKeySpec(eCPoint, params));
        KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH");
        keyAgreement.init(eCPrivateKey);
        keyAgreement.doPhase(generatePublic, true);
        sSHSessionConfig.kexHolder.shareSecret = new BigInteger(keyAgreement.generateSecret());
    }

    private void setConcatenationOfH(FlowContext flowContext) throws Exception {
        SSHSessionConfig sSHSessionConfig = (SSHSessionConfig) flowContext.checkData("sshSessionConfig");
        SSHString sSHString = (SSHString) flowContext.checkData("hostKey");
        SSHString sSHString2 = (SSHString) flowContext.checkData("clientPublicKey");
        SSHString sSHString3 = (SSHString) flowContext.checkData("serverPublicKey");
        int intValue = ((Integer) flowContext.checkData("size")).intValue();
        SSHOutputStreamImpl sSHOutputStreamImpl = new SSHOutputStreamImpl();
        sSHOutputStreamImpl.writeSSHString(sSHSessionConfig.kexHolder.V_C);
        sSHOutputStreamImpl.writeSSHString(sSHSessionConfig.kexHolder.V_S);
        sSHOutputStreamImpl.writeSSHString(sSHSessionConfig.kexHolder.I_C);
        sSHOutputStreamImpl.writeSSHString(sSHSessionConfig.kexHolder.I_S);
        sSHOutputStreamImpl.writeSSHString(sSHString);
        sSHOutputStreamImpl.writeSSHString(sSHString2);
        sSHOutputStreamImpl.writeSSHString(sSHString3);
        sSHOutputStreamImpl.writeMPInt(sSHSessionConfig.kexHolder.shareSecret);
        sSHSessionConfig.kexHolder.concatenationOfH = sSHOutputStreamImpl.toByteArray();
        byte[] digest = SSHDigest.getDigest("SHA" + intValue).getMessageDigest().digest(sSHOutputStreamImpl.toByteArray());
        sSHSessionConfig.algorithmNegotiator.hostKeyFlow.parsePublicKey(flowContext);
        PublicKey publicKey = (PublicKey) flowContext.checkData("publicKey");
        sSHSessionConfig.algorithmNegotiator.hostKeyFlow.verify(flowContext);
        byte[] bArr = (byte[]) flowContext.checkData("signatureBytes");
        Signature signature = sSHSessionConfig.algorithmNegotiator.hostKeyFlow.getSignature(sSHSessionConfig);
        signature.initVerify(publicKey);
        signature.update(digest);
        if (!signature.verify(bArr)) {
            throw new SSHException("校验签名失败!密钥交换算法:" + sSHSessionConfig.algorithmNameNegotiator.kexName + ",hostkey算法:" + sSHSessionConfig.algorithmNameNegotiator.hostKeyName);
        }
    }
}
