package mindbright.ssh;

import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.math.BigInteger;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.UnknownHostException;
import mindbright.security.KeyPair;
import mindbright.security.MessageDigest;
import mindbright.security.RSACipher;
import mindbright.security.RSAPrivateKey;
import mindbright.security.RSAPublicKey;
import mindbright.security.SecureRandom;

/* loaded from: input_file:mindbright/ssh/SSHServer.class */
public class SSHServer extends SSH implements Runnable {
    static KeyPair serverKey;
    static KeyPair hostKey;
    protected InetAddress localAddr;
    static String authKeysDir = "";
    static String hostKeyFile = SSHPropertyHandler.DEF_IDFILE;
    static int serverKeyBits = SSH.SERVER_KEY_LENGTH;
    protected String cliVersionStr;
    protected int cliVersionMajor;
    protected int cliVersionMinor;
    protected Thread myThread;
    protected Socket sshSocket;
    protected BufferedInputStream sshIn;
    protected BufferedOutputStream sshOut;
    protected SSHChannelController controller;

    public static void setHostKeyFile(String str) {
        hostKeyFile = str;
    }

    public static void setAuthKeysDir(String str) {
        authKeysDir = str;
    }

    public static void setServerKeyBits(int i) {
        serverKeyBits = i;
    }

    public InetAddress getLocalAddr() {
        return this.localAddr;
    }

    public void setLocalAddr(String str) throws UnknownHostException {
        this.localAddr = InetAddress.getByName(str);
    }

    public SSHServer(Socket socket, int i, int i2, int i3, KeyPair keyPair, KeyPair keyPair2) throws IOException {
        this.isAnSSHClient = false;
        this.sshSocket = socket;
        this.sshIn = new BufferedInputStream(socket.getInputStream(), SSHPduOutputStream.SSH_DEFAULT_PKT_LEN);
        this.sshOut = new BufferedOutputStream(socket.getOutputStream());
        this.protocolFlags = i;
        this.supportedCiphers = i2;
        this.supportedAuthTypes = i3;
        this.srvServerKey = keyPair;
        this.srvHostKey = keyPair2;
    }

    protected void start() {
        this.myThread = new Thread(SSH.getThreadGroup(), this);
        this.myThread.start();
    }

    @Override // java.lang.Runnable
    public void run() {
        try {
            System.out.println(new StringBuffer().append("connection from ").append(this.sshSocket.getInetAddress().getHostAddress()).append(" port ").append(this.sshSocket.getPort()).toString());
            negotiateVersion();
            sendServerData();
            receiveSessionKey();
            authenticateUser();
            this.controller = new SSHChannelController(this, this.sshIn, this.sshOut, this.sndCipher, this.rcvCipher, null, true);
            receiveOptions();
            this.controller.start();
            try {
                this.controller.waitForExit();
            } catch (InterruptedException e) {
                SSH.log(new StringBuffer().append("Error when shutting down SSHClient: ").append(e.getMessage()).toString());
                this.controller.killAll();
            }
        } catch (IOException e2) {
            SSH.log(new StringBuffer().append("error in MindTunnel: ").append(e2).toString());
            e2.printStackTrace();
        }
    }

    static RSAPrivateKey getPrivate(SSHRSAKeyFile sSHRSAKeyFile) {
        String str;
        RSAPrivateKey rSAPrivateKey = sSHRSAKeyFile.getPrivate("");
        while (true) {
            RSAPrivateKey rSAPrivateKey2 = rSAPrivateKey;
            if (rSAPrivateKey2 != null) {
                return rSAPrivateKey2;
            }
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(System.in));
            System.out.println("");
            System.out.print(new StringBuffer().append("key-file '").append(sSHRSAKeyFile.getComment()).append("' password: ").toString());
            try {
                str = bufferedReader.readLine();
            } catch (IOException e) {
                str = "";
            }
            rSAPrivateKey = sSHRSAKeyFile.getPrivate(str);
        }
    }

    public static void sshd(int i) throws IOException {
        SSHRSAKeyFile sSHRSAKeyFile = new SSHRSAKeyFile(hostKeyFile);
        hostKey = new KeyPair(sSHRSAKeyFile.getPublic(), getPrivate(sSHRSAKeyFile));
        ServerSocket serverSocket = new ServerSocket(i);
        if (Math.abs(serverKeyBits - ((RSAPublicKey) hostKey.getPublic()).bitLength()) < 24) {
            throw new IOException("Invalid server keys, difference in sizes must be at least 24 bits");
        }
        System.out.print(new StringBuffer().append("generating server-key of length ").append(serverKeyBits).append("...").toString());
        serverKey = SSH.generateRSAKeyPair(serverKeyBits, SSH.secureRandom());
        System.out.println("done");
        System.out.println(new StringBuffer().append("starting new MindTunnel on port ").append(i).append("...").toString());
        while (1 != 0) {
            SSHServer sSHServer = new SSHServer(serverSocket.accept(), 2, 255, 15, serverKey, hostKey);
            sSHServer.localAddr = InetAddress.getLocalHost();
            sSHServer.start();
        }
    }

    void negotiateVersion() throws IOException {
        this.sshOut.write(new StringBuffer().append(SSH.getVersionId(false)).append("\n").toString().getBytes());
        this.sshOut.flush();
        byte[] bArr = new byte[256];
        this.cliVersionStr = new String(bArr, 0, this.sshIn.read(bArr));
        try {
            int indexOf = this.cliVersionStr.indexOf(45);
            int indexOf2 = this.cliVersionStr.indexOf(46);
            this.cliVersionMajor = Integer.parseInt(this.cliVersionStr.substring(indexOf + 1, indexOf2));
            int indexOf3 = this.cliVersionStr.indexOf(45, indexOf2);
            if (indexOf3 == -1) {
                this.cliVersionMinor = Integer.parseInt(this.cliVersionStr.substring(indexOf2 + 1));
            } else {
                this.cliVersionMinor = Integer.parseInt(this.cliVersionStr.substring(indexOf2 + 1, indexOf3));
            }
            if (this.cliVersionMajor > 1) {
                throw new IOException("MindTunnel do not support SSHv2 yet, can only serve SSHv1 client");
            }
            if (this.cliVersionMajor < 1 || this.cliVersionMinor < 5) {
                throw new IOException(new StringBuffer().append("Client's protocol version (").append(this.cliVersionMajor).append("-").append(this.cliVersionMinor).append(") is too old, please upgrade").toString());
            }
            this.cliVersionStr = this.cliVersionStr.trim();
        } catch (Throwable th) {
            throw new IOException(new StringBuffer().append("Client version string invalid: ").append(this.cliVersionStr).toString());
        }
    }

    void sendServerData() throws IOException {
        SSHPduOutputStream sSHPduOutputStream = new SSHPduOutputStream(2, null);
        SecureRandom secureRandom = SSH.secureRandom();
        this.srvCookie = new byte[8];
        secureRandom.nextBytes(this.srvCookie);
        generateSessionId();
        sSHPduOutputStream.write(this.srvCookie);
        RSAPublicKey rSAPublicKey = (RSAPublicKey) this.srvServerKey.getPublic();
        sSHPduOutputStream.writeInt(rSAPublicKey.bitLength());
        sSHPduOutputStream.writeBigInteger(rSAPublicKey.getE());
        sSHPduOutputStream.writeBigInteger(rSAPublicKey.getN());
        RSAPublicKey rSAPublicKey2 = (RSAPublicKey) this.srvHostKey.getPublic();
        sSHPduOutputStream.writeInt(rSAPublicKey2.bitLength());
        sSHPduOutputStream.writeBigInteger(rSAPublicKey2.getE());
        sSHPduOutputStream.writeBigInteger(rSAPublicKey2.getN());
        sSHPduOutputStream.writeInt(this.protocolFlags);
        sSHPduOutputStream.writeInt(this.supportedCiphers);
        sSHPduOutputStream.writeInt(this.supportedAuthTypes);
        sSHPduOutputStream.writeTo(this.sshOut);
    }

    void receiveSessionKey() throws IOException {
        RSACipher rSACipher;
        RSACipher rSACipher2;
        SSHPduInputStream sSHPduInputStream = new SSHPduInputStream(3, null);
        sSHPduInputStream.readFrom(this.sshIn);
        this.cipherType = sSHPduInputStream.readByte();
        if (!isCipherSupported(this.cipherType)) {
        }
        SSH.log(new StringBuffer().append("cipher: ").append(SSH.getCipherName(this.cipherType)).toString());
        sSHPduInputStream.read(new byte[this.srvCookie.length]);
        BigInteger readBigInteger = sSHPduInputStream.readBigInteger();
        sSHPduInputStream.readInt();
        if (((RSAPrivateKey) serverKey.getPrivate()).bitLength() > ((RSAPrivateKey) hostKey.getPrivate()).bitLength()) {
            rSACipher2 = new RSACipher(serverKey);
            rSACipher = new RSACipher(hostKey);
        } else {
            rSACipher = new RSACipher(serverKey);
            rSACipher2 = new RSACipher(hostKey);
        }
        this.sessionKey = RSACipher.stripPad(rSACipher.doPrivate(RSACipher.stripPad(rSACipher2.doPrivate(readBigInteger)))).toByteArray();
        if (this.sessionKey.length > 32) {
            byte[] bArr = new byte[32];
            System.arraycopy(this.sessionKey, 1, bArr, 0, 32);
            this.sessionKey = bArr;
        }
        for (int i = 0; i < this.sessionId.length; i++) {
            byte[] bArr2 = this.sessionKey;
            int i2 = i;
            bArr2[i2] = (byte) (bArr2[i2] ^ this.sessionId[i]);
        }
        initServerCipher();
        sendResult(14);
    }

    void authenticateUser() throws IOException {
        boolean z = false;
        SSHPduInputStream sSHPduInputStream = new SSHPduInputStream(4, this.rcvCipher);
        sSHPduInputStream.readFrom(this.sshIn);
        String readString = sSHPduInputStream.readString();
        SSH.log(new StringBuffer().append("authenticating: ").append(readString).toString());
        sendResult(15);
        while (!z) {
            SSHPduInputStream sSHPduInputStream2 = new SSHPduInputStream(-1, this.rcvCipher);
            sSHPduInputStream2.readFrom(this.sshIn);
            switch (sSHPduInputStream2.type) {
                case 6:
                    if (!doRSAAuth(readString, sSHPduInputStream2.readBigInteger())) {
                        SSH.log(new StringBuffer().append("rsa-authentication for ").append(readString).append(" failed").toString());
                        sendResult(15);
                        break;
                    } else {
                        SSH.log(new StringBuffer().append("rsa-authentication for ").append(readString).append(" succeeded").toString());
                        sendResult(14);
                        z = true;
                        break;
                    }
                case 9:
                    SSH.log(new StringBuffer().append("trying passwd-auth for: ").append(readString).toString());
                    sendResult(15);
                    break;
                default:
                    sendResult(15);
                    break;
            }
        }
    }

    boolean doRSAAuth(String str, BigInteger bigInteger) throws IOException {
        boolean z = false;
        RSAPublicKey rSAPublicKey = SSHRSAPublicKeyFile.loadFromFile(new StringBuffer().append(authKeysDir).append(str).toString(), false).getPublic(bigInteger, str);
        if (rSAPublicKey == null) {
            return false;
        }
        RSACipher rSACipher = new RSACipher(new KeyPair(rSAPublicKey, null));
        byte[] bArr = new byte[32];
        SSH.secureRandom().nextBytes(bArr);
        byte[] bArr2 = new byte[bArr.length + 1];
        System.arraycopy(bArr, 0, bArr2, 1, bArr.length);
        BigInteger doPublic = rSACipher.doPublic(RSACipher.doPad(new BigInteger(bArr2), rSAPublicKey.bitLength(), SSH.secureRandom()));
        SSHPduOutputStream sSHPduOutputStream = new SSHPduOutputStream(7, this.sndCipher);
        sSHPduOutputStream.writeBigInteger(doPublic);
        sSHPduOutputStream.writeTo(this.sshOut);
        SSHPduInputStream sSHPduInputStream = new SSHPduInputStream(8, this.rcvCipher);
        sSHPduInputStream.readFrom(this.sshIn);
        byte[] bArr3 = new byte[16];
        sSHPduInputStream.read(bArr3, 0, 16);
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("MD5");
            messageDigest.update(bArr, 0, 32);
            messageDigest.update(this.sessionId);
            byte[] digest = messageDigest.digest();
            int i = 0;
            while (i < digest.length && bArr3[i] == digest[i]) {
                i++;
            }
            if (i == digest.length) {
                z = true;
            }
            return z;
        } catch (Exception e) {
            System.out.println("!!! MD5 Not supported...");
            throw new IOException(e.getMessage());
        }
    }

    void receiveOptions() throws IOException {
        boolean z = false;
        while (!z) {
            SSHPduInputStream sSHPduInputStream = new SSHPduInputStream(-1, this.rcvCipher);
            sSHPduInputStream.readFrom(this.sshIn);
            switch (sSHPduInputStream.type) {
                case 10:
                    SSH.log("pty requested");
                    sendResult(15);
                    break;
                case 12:
                    SSH.log("exec-shell");
                    z = true;
                    break;
                case 13:
                    SSH.log(new StringBuffer().append("cmd: ").append(sSHPduInputStream.readString()).toString());
                    z = true;
                    break;
                case 28:
                    int readInt = sSHPduInputStream.readInt();
                    String readString = sSHPduInputStream.readString();
                    int readInt2 = sSHPduInputStream.readInt();
                    SSH.log(new StringBuffer().append("port-fwd requested: ").append(readInt).append(":").append(readString).append(":").append(readInt2).toString());
                    this.controller.newListenChannel(this.localAddr.getHostAddress(), readInt, readString, readInt2, "general");
                    sendResult(14);
                    break;
                case 34:
                    SSH.log("x11-tunnel requested");
                    sendResult(15);
                    break;
                case 37:
                    SSH.log("compression requested");
                    break;
                case 38:
                    SSH.log("mtu requested");
                    break;
                default:
                    SSH.log("receiveOptions got unknown msg");
                    break;
            }
        }
    }

    void sendResult(int i) throws IOException {
        new SSHPduOutputStream(i, this.sndCipher).writeTo(this.sshOut);
    }
}
