package cn.schoolwow.ssh.flow.algorithm.kex.template;

import cn.schoolwow.quickflow.domain.FlowContext;
import cn.schoolwow.quickflow.flow.BusinessFlow;
import cn.schoolwow.ssh.domain.SSHMessageCode;
import cn.schoolwow.ssh.domain.exception.SSHException;
import cn.schoolwow.ssh.domain.host.SSHSessionConfig;
import cn.schoolwow.ssh.domain.stream.SSHString;
import cn.schoolwow.ssh.flow.session.ReadSSHProtocolPayloadFlow;
import cn.schoolwow.ssh.flow.session.WriteSSHProtocolPayloadFlow;
import cn.schoolwow.ssh.stream.SSHInputStreamImpl;
import cn.schoolwow.ssh.stream.SSHOutputStreamImpl;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.spec.InvalidKeySpecException;
import java.util.List;

/* loaded from: input_file:cn/schoolwow/ssh/flow/algorithm/kex/template/KexTemplateFlow.class */
public class KexTemplateFlow implements BusinessFlow {
    public void executeBusinessFlow(FlowContext flowContext) throws Exception {
        checkParameter(flowContext);
        matchAlgorithmName(flowContext);
        sendClientPublicKey(flowContext);
        receiveServerReply(flowContext);
        setShareSecretAndConcatenationOfH(flowContext);
        verifySignature(flowContext);
    }

    public String name() {
        return "SSH密钥交换";
    }

    private void checkParameter(FlowContext flowContext) {
        flowContext.checkData("algorithmNameList");
        flowContext.checkData("kexInit");
        flowContext.checkData("kexReply");
        flowContext.checkData("publicKeyType");
        flowContext.checkData("messageDigest");
        flowContext.checkData("setClientPublicKey");
        flowContext.checkData("setShareSecret");
        flowContext.checkData("setConcatenationOfH");
    }

    private void matchAlgorithmName(FlowContext flowContext) {
        SSHSessionConfig sSHSessionConfig = (SSHSessionConfig) flowContext.checkData("sshSessionConfig");
        List list = (List) flowContext.checkData("algorithmNameList");
        if (!list.contains(sSHSessionConfig.algorithmNameNegotiator.kexName)) {
            throw new IllegalArgumentException("算法不匹配!预期算法[" + sSHSessionConfig.algorithmNameNegotiator.kexName + "],实际支持算法[" + list + "]");
        }
    }

    private void sendClientPublicKey(FlowContext flowContext) throws IOException {
        flowContext.executeFunctionFlowList(new String[]{"setClientPublicKey"});
        SSHMessageCode sSHMessageCode = (SSHMessageCode) flowContext.checkData("kexInit");
        String str = (String) flowContext.checkData("publicKeyType");
        SSHOutputStreamImpl sSHOutputStreamImpl = new SSHOutputStreamImpl();
        sSHOutputStreamImpl.writeByte(sSHMessageCode.value);
        boolean z = -1;
        switch (str.hashCode()) {
            case 892108825:
                if (str.equals("SSHString")) {
                    z = true;
                    break;
                }
                break;
            case 1854396478:
                if (str.equals("BigInteger")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                sSHOutputStreamImpl.writeMPInt((BigInteger) flowContext.checkData("clientPublicKey"));
                break;
            case true:
                sSHOutputStreamImpl.writeSSHString((SSHString) flowContext.checkData("clientPublicKey"));
                break;
            default:
                throw new IllegalArgumentException("不支持密钥类型设置!类型:" + str);
        }
        flowContext.startFlow(new WriteSSHProtocolPayloadFlow()).putTemporaryData("payload", sSHOutputStreamImpl.toByteArray()).execute();
    }

    private void receiveServerReply(FlowContext flowContext) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException {
        SSHMessageCode sSHMessageCode = (SSHMessageCode) flowContext.checkData("kexReply");
        String str = (String) flowContext.checkData("publicKeyType");
        SSHInputStreamImpl sSHInputStreamImpl = new SSHInputStreamImpl((byte[]) flowContext.startFlow(new ReadSSHProtocolPayloadFlow()).putTemporaryData("sshMessageCodes", new SSHMessageCode[]{sSHMessageCode}).execute().checkData("payload"));
        sSHInputStreamImpl.skipBytes(1);
        SSHString readSSHString = sSHInputStreamImpl.readSSHString();
        boolean z = -1;
        switch (str.hashCode()) {
            case 892108825:
                if (str.equals("SSHString")) {
                    z = true;
                    break;
                }
                break;
            case 1854396478:
                if (str.equals("BigInteger")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                flowContext.putTemporaryData("serverPublicKey", sSHInputStreamImpl.readMPInt());
                break;
            case true:
                flowContext.putTemporaryData("serverPublicKey", sSHInputStreamImpl.readSSHString());
                break;
            default:
                throw new IllegalArgumentException("不支持密钥类型设置!类型:" + str);
        }
        SSHString readSSHString2 = sSHInputStreamImpl.readSSHString();
        flowContext.putTemporaryData("hostKey", readSSHString);
        flowContext.putTemporaryData("signatureOfH", readSSHString2);
    }

    private void setShareSecretAndConcatenationOfH(FlowContext flowContext) {
        flowContext.executeFunctionFlowList(new String[]{"setShareSecret", "setConcatenationOfH"});
        SSHSessionConfig sSHSessionConfig = (SSHSessionConfig) flowContext.checkData("sshSessionConfig");
        if (sSHSessionConfig.kexHolder.shareSecret.bitLength() <= 0) {
            throw new SSHException("共享密钥K值bitLength长度为0");
        }
        if (null == sSHSessionConfig.kexHolder.concatenationOfH) {
            throw new SSHException("concatenationOfH的值不能为空");
        }
    }

    private void verifySignature(FlowContext flowContext) throws Exception {
        SSHSessionConfig sSHSessionConfig = (SSHSessionConfig) flowContext.checkData("sshSessionConfig");
        byte[] digest = ((MessageDigest) flowContext.checkData("messageDigest")).digest(sSHSessionConfig.kexHolder.concatenationOfH);
        sSHSessionConfig.kexHolder.H = digest;
        sSHSessionConfig.algorithmNegotiator.hostKeyFlow.parsePublicKey(flowContext);
        PublicKey publicKey = (PublicKey) flowContext.checkData("publicKey");
        sSHSessionConfig.algorithmNegotiator.hostKeyFlow.verify(flowContext);
        byte[] bArr = (byte[]) flowContext.checkData("signatureBytes");
        Signature signature = sSHSessionConfig.algorithmNegotiator.hostKeyFlow.getSignature(sSHSessionConfig);
        signature.initVerify(publicKey);
        signature.update(digest);
        if (!signature.verify(bArr)) {
            throw new SSHException("校验签名失败!密钥交换算法:" + sSHSessionConfig.algorithmNameNegotiator.kexName + ",hostkey算法:" + sSHSessionConfig.algorithmNameNegotiator.hostKeyName);
        }
    }
}
