package com.tigervnc.rfb;

import android.os.Bundle;
import android.os.Handler;
import android.os.Message;
import android.util.Log;
import androidx.core.view.ViewCompat;
import com.iiordanov.bVNC.RfbProto;
import com.iiordanov.pubkeygenerator.PubkeyDatabase;
import com.tigervnc.rdr.AESInStream;
import com.tigervnc.rdr.AESOutStream;
import com.tigervnc.rdr.InStream;
import com.tigervnc.rdr.OutStream;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;

/* loaded from: classes.dex */
public class CSecurityRSAAES {
    private static final int MaxKeyLength = 8192;
    private static final int MinKeyLength = 1024;
    private static final String TAG = "CSecurityRSAAES";
    private final RfbProto cc;
    private PrivateKey clientKey;
    private byte[] clientKeyE;
    private int clientKeyLength;
    private byte[] clientKeyN;
    private byte[] clientRandom;
    private final boolean isAllEncrypted;
    private final int keySize;
    private AESInStream rais;
    private AESOutStream raos;
    private final int secType;
    private PublicKey serverKey;
    private byte[] serverKeyE;
    private int serverKeyLength;
    private byte[] serverKeyN;
    private byte[] serverRandom;

    public CSecurityRSAAES(RfbProto rfbProto, int i, int i2, boolean z) {
        this.cc = rfbProto;
        this.secType = i;
        this.keySize = i2;
        this.isAllEncrypted = z;
    }

    private static byte[] bigIntToBytes(BigInteger bigInteger, int i) {
        byte[] byteArray = bigInteger.toByteArray();
        int min = Math.min(byteArray.length, i);
        byte[] bArr = new byte[i];
        System.arraycopy(byteArray, byteArray.length - min, bArr, i - min, min);
        return bArr;
    }

    private void readPublicKey() throws Exception, AuthFailureException {
        InStream inStream = this.cc.getInStream();
        this.serverKeyLength = inStream.readUnsignedInt();
        Log.d(TAG, "serverKeyLength: " + this.serverKeyLength);
        int i = this.serverKeyLength;
        if (i < 1024) {
            throw new AuthFailureException("server key is too short");
        }
        if (i > 8192) {
            throw new AuthFailureException("server key is too long");
        }
        int i2 = (i + 7) / 8;
        byte[] bArr = new byte[i2];
        this.serverKeyN = bArr;
        this.serverKeyE = new byte[i2];
        inStream.readBytes(ByteBuffer.wrap(bArr), i2);
        inStream.readBytes(ByteBuffer.wrap(this.serverKeyE), i2);
        try {
            this.serverKey = KeyFactory.getInstance(PubkeyDatabase.KEY_TYPE_RSA).generatePublic(new RSAPublicKeySpec(new BigInteger(1, this.serverKeyN), new BigInteger(1, this.serverKeyE)));
        } catch (NoSuchAlgorithmException unused) {
            throw new AuthFailureException("RSA algorithm is not supported");
        } catch (InvalidKeySpecException unused2) {
            throw new AuthFailureException("server key is invalid");
        }
    }

    private void readRandom() throws AuthFailureException, Exception {
        InStream inStream = this.cc.getInStream();
        int readUnsignedShort = inStream.readUnsignedShort();
        if (readUnsignedShort != this.clientKeyN.length) {
            throw new AuthFailureException("client key length doesn't match");
        }
        byte[] bArr = new byte[readUnsignedShort];
        inStream.readBytes(ByteBuffer.wrap(bArr), readUnsignedShort);
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(2, this.clientKey);
            byte[] doFinal = cipher.doFinal(bArr);
            this.serverRandom = doFinal;
            if (doFinal.length != this.keySize / 8) {
                throw new AuthFailureException("server random length doesn't match");
            }
        } catch (InvalidKeyException e) {
            e = e;
            System.out.println(e.getMessage());
            throw new AuthFailureException("failed to decrypt server random");
        } catch (NoSuchAlgorithmException | NoSuchPaddingException unused) {
            throw new AuthFailureException("RSA algorithm is not supported");
        } catch (BadPaddingException e2) {
            e = e2;
            System.out.println(e.getMessage());
            throw new AuthFailureException("failed to decrypt server random");
        } catch (IllegalBlockSizeException e3) {
            e = e3;
            System.out.println(e.getMessage());
            throw new AuthFailureException("failed to decrypt server random");
        }
    }

    private void readSubtype() throws AuthFailureException, Exception {
        int readUnsignedByte = this.rais.readUnsignedByte();
        if (readUnsignedByte != 1 && readUnsignedByte != 2) {
            throw new AuthFailureException("unknown RSA-AES subtype");
        }
    }

    private void setCipher() throws AuthFailureException, Exception {
        InStream inStream = this.cc.getInStream();
        OutStream outStream = this.cc.getOutStream();
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(this.keySize == 128 ? "SHA-1" : "SHA-256");
            messageDigest.update(this.clientRandom);
            messageDigest.update(this.serverRandom);
            this.rais = new AESInStream(inStream, Arrays.copyOfRange(messageDigest.digest(), 0, this.keySize / 8));
            messageDigest.reset();
            messageDigest.update(this.serverRandom);
            messageDigest.update(this.clientRandom);
            AESOutStream aESOutStream = new AESOutStream(outStream, Arrays.copyOfRange(messageDigest.digest(), 0, this.keySize / 8));
            this.raos = aESOutStream;
            if (this.isAllEncrypted) {
                this.cc.setStreams(this.rais, aESOutStream);
            }
        } catch (NoSuchAlgorithmException unused) {
            throw new AuthFailureException("hash algorithm is not supported");
        }
    }

    private void verifyServer() throws AuthFailureException {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
            int i = this.serverKeyLength;
            messageDigest.update(new byte[]{(byte) (((-16777216) & i) >> 24), (byte) ((16711680 & i) >> 16), (byte) ((65280 & i) >> 8), (byte) (i & 255)});
            messageDigest.update(this.serverKeyN);
            messageDigest.update(this.serverKeyE);
            byte[] digest = messageDigest.digest();
            String format = String.format("%02x-%02x-%02x-%02x-%02x-%02x-%02x-%02x\n", Byte.valueOf(digest[0]), Byte.valueOf(digest[1]), Byte.valueOf(digest[2]), Byte.valueOf(digest[3]), Byte.valueOf(digest[4]), Byte.valueOf(digest[5]), Byte.valueOf(digest[6]), Byte.valueOf(digest[7]));
            Log.d(TAG, "verifyServer: " + format);
            Handler handler = this.cc.getHandler();
            Bundle bundle = new Bundle();
            bundle.putString("issuer", "");
            bundle.putString("subject", "");
            bundle.putString("fingerprint", format);
            bundle.putBoolean("save", true);
            handler.sendMessage(Message.obtain(handler, 3, bundle));
            synchronized (this.cc) {
                while (!this.cc.isCertificateAccepted()) {
                    try {
                        this.cc.wait();
                    } catch (InterruptedException e) {
                        e.printStackTrace();
                    }
                }
            }
        } catch (NoSuchAlgorithmException unused) {
            throw new AuthFailureException("SHA-1 algorithm is not supported");
        }
    }

    private void writeCredentials(String str, String str2) throws AuthFailureException, IOException {
        Charset charset;
        Charset charset2;
        if (str.length() > 255) {
            throw new AuthFailureException("username is too long");
        }
        charset = StandardCharsets.UTF_8;
        byte[] bytes = str.getBytes(charset);
        this.raos.writeU8(bytes.length);
        if (bytes.length != 0) {
            this.raos.writeBytes(bytes, 0, bytes.length);
        }
        if (str2.length() > 255) {
            throw new AuthFailureException("password is too long");
        }
        charset2 = StandardCharsets.UTF_8;
        byte[] bytes2 = str2.getBytes(charset2);
        this.raos.writeU8(bytes2.length);
        if (bytes2.length != 0) {
            this.raos.writeBytes(bytes2, 0, bytes2.length);
        }
        this.raos.flush();
    }

    private void writeHash() throws AuthFailureException, IOException {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(this.keySize == 128 ? "SHA-1" : "SHA-256");
            int i = this.serverKeyLength;
            byte[] bArr = {(byte) ((i & ViewCompat.MEASURED_STATE_MASK) >> 24), (byte) ((i & 16711680) >> 16), (byte) ((i & 65280) >> 8), (byte) (i & 255)};
            int i2 = this.clientKeyLength;
            messageDigest.update(new byte[]{(byte) (((-16777216) & i2) >> 24), (byte) ((16711680 & i2) >> 16), (byte) ((65280 & i2) >> 8), (byte) (i2 & 255)});
            messageDigest.update(this.clientKeyN);
            messageDigest.update(this.clientKeyE);
            messageDigest.update(bArr);
            messageDigest.update(this.serverKeyN);
            messageDigest.update(this.serverKeyE);
            byte[] digest = messageDigest.digest();
            this.raos.writeBytes(digest, 0, digest.length);
            this.raos.flush();
        } catch (NoSuchAlgorithmException unused) {
            throw new AuthFailureException("hash algorithm is not supported");
        }
    }

    private void writePublicKey() throws AuthFailureException, IOException {
        OutStream outStream = this.cc.getOutStream();
        this.clientKeyLength = this.serverKeyLength;
        Log.d(TAG, "clientKeyLength: " + this.serverKeyLength);
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(PubkeyDatabase.KEY_TYPE_RSA);
            keyPairGenerator.initialize(this.clientKeyLength);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            this.clientKey = generateKeyPair.getPrivate();
            RSAPublicKey rSAPublicKey = (RSAPublicKey) generateKeyPair.getPublic();
            BigInteger modulus = rSAPublicKey.getModulus();
            BigInteger publicExponent = rSAPublicKey.getPublicExponent();
            this.clientKeyN = bigIntToBytes(modulus, (this.clientKeyLength + 7) / 8);
            this.clientKeyE = bigIntToBytes(publicExponent, (this.clientKeyLength + 7) / 8);
            if (this.clientKeyN == null) {
                throw new AuthFailureException("failed to generate RSA keys");
            }
            outStream.writeU32(this.clientKeyLength);
            byte[] bArr = this.clientKeyN;
            outStream.writeBytes(bArr, 0, bArr.length);
            byte[] bArr2 = this.clientKeyE;
            outStream.writeBytes(bArr2, 0, bArr2.length);
            outStream.flush();
        } catch (NoSuchAlgorithmException unused) {
            throw new AuthFailureException("RSA algorithm is not supported");
        }
    }

    private void writeRandom() throws AuthFailureException, IOException {
        OutStream outStream = this.cc.getOutStream();
        SecureRandom secureRandom = new SecureRandom();
        byte[] bArr = new byte[this.keySize / 8];
        this.clientRandom = bArr;
        secureRandom.nextBytes(bArr);
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(1, this.serverKey);
            byte[] doFinal = cipher.doFinal(this.clientRandom);
            outStream.writeU16(doFinal.length);
            outStream.writeBytes(doFinal, 0, doFinal.length);
            outStream.flush();
        } catch (InvalidKeyException | BadPaddingException | IllegalBlockSizeException unused) {
            throw new AuthFailureException("failed to encrypt random");
        } catch (NoSuchAlgorithmException | NoSuchPaddingException unused2) {
            throw new AuthFailureException("RSA algorithm is not supported");
        }
    }

    public int getType() {
        return this.secType;
    }

    public void processMsg(String str, String str2) throws AuthFailureException, Exception {
        readPublicKey();
        verifyServer();
        writePublicKey();
        writeRandom();
        readRandom();
        setCipher();
        writeHash();
        readHash();
        readSubtype();
        writeCredentials(str, str2);
    }

    void readHash() throws AuthFailureException, Exception {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(this.keySize == 128 ? "SHA-1" : "SHA-256");
            int i = this.serverKeyLength;
            byte[] bArr = {(byte) ((i & ViewCompat.MEASURED_STATE_MASK) >> 24), (byte) ((i & 16711680) >> 16), (byte) ((i & 65280) >> 8), (byte) (i & 255)};
            int i2 = this.clientKeyLength;
            messageDigest.update(bArr);
            messageDigest.update(this.serverKeyN);
            messageDigest.update(this.serverKeyE);
            messageDigest.update(new byte[]{(byte) (((-16777216) & i2) >> 24), (byte) ((16711680 & i2) >> 16), (byte) ((65280 & i2) >> 8), (byte) (i2 & 255)});
            messageDigest.update(this.clientKeyN);
            messageDigest.update(this.clientKeyE);
            byte[] digest = messageDigest.digest();
            ByteBuffer allocate = ByteBuffer.allocate(digest.length);
            this.rais.readBytes(allocate, digest.length);
            if (!Arrays.equals(allocate.array(), digest)) {
                throw new AuthFailureException("hash doesn't match");
            }
        } catch (NoSuchAlgorithmException unused) {
            throw new AuthFailureException("hash algorithm is not supported");
        }
    }
}
