package io.jenkins.cli.shaded.org.apache.sshd.server.session;

import io.jenkins.cli.shaded.org.apache.sshd.common.FactoryManager;
import io.jenkins.cli.shaded.org.apache.sshd.common.NamedResource;
import io.jenkins.cli.shaded.org.apache.sshd.common.RuntimeSshException;
import io.jenkins.cli.shaded.org.apache.sshd.common.ServiceFactory;
import io.jenkins.cli.shaded.org.apache.sshd.common.SshException;
import io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.KeyUtils;
import io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.OpenSshCertificate;
import io.jenkins.cli.shaded.org.apache.sshd.common.io.IoSession;
import io.jenkins.cli.shaded.org.apache.sshd.common.io.IoWriteFuture;
import io.jenkins.cli.shaded.org.apache.sshd.common.kex.KexFactoryManager;
import io.jenkins.cli.shaded.org.apache.sshd.common.kex.KexProposalOption;
import io.jenkins.cli.shaded.org.apache.sshd.common.kex.KexState;
import io.jenkins.cli.shaded.org.apache.sshd.common.kex.extension.KexExtensionHandler;
import io.jenkins.cli.shaded.org.apache.sshd.common.keyprovider.HostKeyCertificateProvider;
import io.jenkins.cli.shaded.org.apache.sshd.common.keyprovider.KeyPairProvider;
import io.jenkins.cli.shaded.org.apache.sshd.common.session.ConnectionService;
import io.jenkins.cli.shaded.org.apache.sshd.common.session.SessionContext;
import io.jenkins.cli.shaded.org.apache.sshd.common.session.SessionDisconnectHandler;
import io.jenkins.cli.shaded.org.apache.sshd.common.session.helpers.AbstractSession;
import io.jenkins.cli.shaded.org.apache.sshd.common.signature.SignatureFactory;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.GenericUtils;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.MapEntryUtils;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.ValidateUtils;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.buffer.Buffer;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.buffer.ByteArrayBuffer;
import io.jenkins.cli.shaded.org.apache.sshd.core.CoreModuleProperties;
import io.jenkins.cli.shaded.org.apache.sshd.server.ServerAuthenticationManager;
import io.jenkins.cli.shaded.org.apache.sshd.server.ServerFactoryManager;
import io.jenkins.cli.shaded.org.apache.sshd.server.auth.UserAuthFactory;
import io.jenkins.cli.shaded.org.apache.sshd.server.auth.WelcomeBannerPhase;
import io.jenkins.cli.shaded.org.apache.sshd.server.auth.gss.GSSAuthenticator;
import io.jenkins.cli.shaded.org.apache.sshd.server.auth.hostbased.HostBasedAuthenticator;
import io.jenkins.cli.shaded.org.apache.sshd.server.auth.keyboard.KeyboardInteractiveAuthenticator;
import io.jenkins.cli.shaded.org.apache.sshd.server.auth.password.PasswordAuthenticator;
import io.jenkins.cli.shaded.org.apache.sshd.server.auth.pubkey.PublickeyAuthenticator;
import java.io.IOException;
import java.net.SocketAddress;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:WEB-INF/lib/cli-2.342-rc32230.30cfece59da_2.jar:io/jenkins/cli/shaded/org/apache/sshd/server/session/AbstractServerSession.class */
public abstract class AbstractServerSession extends AbstractSession implements ServerSession {
    private ServerProxyAcceptor proxyAcceptor;
    private SocketAddress clientAddress;
    private PasswordAuthenticator passwordAuthenticator;
    private PublickeyAuthenticator publickeyAuthenticator;
    private KeyboardInteractiveAuthenticator interactiveAuthenticator;
    private GSSAuthenticator gssAuthenticator;
    private HostBasedAuthenticator hostBasedAuthenticator;
    private List<UserAuthFactory> userAuthFactories;
    private KeyPairProvider keyPairProvider;
    private HostKeyCertificateProvider hostKeyCertificateProvider;

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractServerSession(ServerFactoryManager serverFactoryManager, IoSession ioSession) {
        super(true, serverFactoryManager, ioSession);
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.session.helpers.SessionHelper, io.jenkins.cli.shaded.org.apache.sshd.common.FactoryManagerHolder
    public ServerFactoryManager getFactoryManager() {
        return (ServerFactoryManager) super.getFactoryManager();
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.server.session.ServerProxyAcceptorHolder
    public ServerProxyAcceptor getServerProxyAcceptor() {
        return (ServerProxyAcceptor) resolveEffectiveProvider(ServerProxyAcceptor.class, this.proxyAcceptor, getFactoryManager().getServerProxyAcceptor());
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.server.session.ServerProxyAcceptorHolder
    public void setServerProxyAcceptor(ServerProxyAcceptor serverProxyAcceptor) {
        this.proxyAcceptor = serverProxyAcceptor;
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.server.session.ServerSession
    public SocketAddress getClientAddress() {
        return resolvePeerAddress(this.clientAddress);
    }

    public void setClientAddress(SocketAddress socketAddress) {
        this.clientAddress = socketAddress;
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.server.ServerAuthenticationManager
    public PasswordAuthenticator getPasswordAuthenticator() {
        return (PasswordAuthenticator) resolveEffectiveProvider(PasswordAuthenticator.class, this.passwordAuthenticator, getFactoryManager().getPasswordAuthenticator());
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.server.ServerAuthenticationManager
    public void setPasswordAuthenticator(PasswordAuthenticator passwordAuthenticator) {
        this.passwordAuthenticator = passwordAuthenticator;
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.server.ServerAuthenticationManager
    public PublickeyAuthenticator getPublickeyAuthenticator() {
        return (PublickeyAuthenticator) resolveEffectiveProvider(PublickeyAuthenticator.class, this.publickeyAuthenticator, getFactoryManager().getPublickeyAuthenticator());
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.server.ServerAuthenticationManager
    public void setPublickeyAuthenticator(PublickeyAuthenticator publickeyAuthenticator) {
        this.publickeyAuthenticator = publickeyAuthenticator;
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.server.ServerAuthenticationManager
    public KeyboardInteractiveAuthenticator getKeyboardInteractiveAuthenticator() {
        return (KeyboardInteractiveAuthenticator) resolveEffectiveProvider(KeyboardInteractiveAuthenticator.class, this.interactiveAuthenticator, getFactoryManager().getKeyboardInteractiveAuthenticator());
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.server.ServerAuthenticationManager
    public void setKeyboardInteractiveAuthenticator(KeyboardInteractiveAuthenticator keyboardInteractiveAuthenticator) {
        this.interactiveAuthenticator = keyboardInteractiveAuthenticator;
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.server.ServerAuthenticationManager
    public GSSAuthenticator getGSSAuthenticator() {
        return (GSSAuthenticator) resolveEffectiveProvider(GSSAuthenticator.class, this.gssAuthenticator, getFactoryManager().getGSSAuthenticator());
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.server.ServerAuthenticationManager
    public void setGSSAuthenticator(GSSAuthenticator gSSAuthenticator) {
        this.gssAuthenticator = gSSAuthenticator;
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.server.ServerAuthenticationManager
    public HostBasedAuthenticator getHostBasedAuthenticator() {
        return (HostBasedAuthenticator) resolveEffectiveProvider(HostBasedAuthenticator.class, this.hostBasedAuthenticator, getFactoryManager().getHostBasedAuthenticator());
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.server.ServerAuthenticationManager
    public void setHostBasedAuthenticator(HostBasedAuthenticator hostBasedAuthenticator) {
        this.hostBasedAuthenticator = hostBasedAuthenticator;
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.auth.UserAuthFactoriesManager
    public List<UserAuthFactory> getUserAuthFactories() {
        return (List) resolveEffectiveFactories(this.userAuthFactories, getFactoryManager().getUserAuthFactories());
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.auth.UserAuthFactoriesManager
    public void setUserAuthFactories(List<UserAuthFactory> list) {
        this.userAuthFactories = list;
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.keyprovider.KeyPairProviderHolder
    public KeyPairProvider getKeyPairProvider() {
        KexFactoryManager delegate = getDelegate();
        return (KeyPairProvider) resolveEffectiveProvider(KeyPairProvider.class, this.keyPairProvider, delegate == null ? null : ((ServerAuthenticationManager) delegate).getKeyPairProvider());
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.server.ServerAuthenticationManager
    public HostKeyCertificateProvider getHostKeyCertificateProvider() {
        return (HostKeyCertificateProvider) resolveEffectiveProvider(HostKeyCertificateProvider.class, this.hostKeyCertificateProvider, getFactoryManager().getHostKeyCertificateProvider());
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.server.ServerAuthenticationManager
    public void setHostKeyCertificateProvider(HostKeyCertificateProvider hostKeyCertificateProvider) {
        this.hostKeyCertificateProvider = hostKeyCertificateProvider;
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.keyprovider.KeyPairProviderHolder
    public void setKeyPairProvider(KeyPairProvider keyPairProvider) {
        this.keyPairProvider = keyPairProvider;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public IoWriteFuture sendServerIdentification(List<String> list) throws Exception {
        this.serverVersion = resolveIdentificationString(CoreModuleProperties.SERVER_IDENTIFICATION.getName());
        signalSendIdentification(this.serverVersion, list);
        return sendIdentification(this.serverVersion, list);
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.session.helpers.AbstractSession
    protected void checkKeys() {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.session.helpers.AbstractSession
    public boolean handleServiceRequest(String str, Buffer buffer) throws Exception {
        if (!super.handleServiceRequest(str, buffer)) {
            return false;
        }
        if (!"ssh-userauth".equals(str) || !(this.currentService instanceof ServerUserAuthService)) {
            return true;
        }
        ServerUserAuthService serverUserAuthService = (ServerUserAuthService) this.currentService;
        if (!WelcomeBannerPhase.IMMEDIATE.equals(serverUserAuthService.getWelcomePhase())) {
            return true;
        }
        serverUserAuthService.sendWelcomeBanner(this);
        return true;
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.session.Session
    public void startService(String str, Buffer buffer) throws Exception {
        this.currentService = ServiceFactory.create(getFactoryManager().getServiceFactories(), ValidateUtils.checkNotNullAndNotEmpty(str, "No service name specified"), this);
        if (this.currentService == null) {
            try {
                SessionDisconnectHandler sessionDisconnectHandler = getSessionDisconnectHandler();
                if (sessionDisconnectHandler != null && sessionDisconnectHandler.handleUnsupportedServiceDisconnectReason(this, 5, str, buffer)) {
                    if (this.log.isDebugEnabled()) {
                        this.log.debug("startService({}) ignore unknown service={} by handler", this, str);
                        return;
                    }
                    return;
                }
            } catch (IOException | RuntimeException e) {
                warn("startService({})[{}] failed ({}) to invoke disconnect handler: {}", this, str, e.getClass().getSimpleName(), e.getMessage(), e);
            }
            throw new SshException(7, "Unknown service: " + str);
        }
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.server.session.ServerSession
    public IoWriteFuture signalAuthenticationSuccess(String str, String str2, Buffer buffer) throws Exception {
        IoWriteFuture writeBuffer;
        KexState kexState = this.kexState.get();
        if (!KexState.DONE.equals(kexState)) {
            throw new SshException(2, "Authentication success signalled though KEX state=" + kexState);
        }
        KexExtensionHandler kexExtensionHandler = getKexExtensionHandler();
        if (kexExtensionHandler != null && kexExtensionHandler.isKexExtensionsAvailable(this, KexExtensionHandler.AvailabilityPhase.AUTHOK)) {
            kexExtensionHandler.sendKexExtensions(this, KexExtensionHandler.KexPhase.AUTHOK);
        }
        Buffer createBuffer = createBuffer((byte) 52, 8);
        IoSession ioSession = getIoSession();
        synchronized (this.encodeLock) {
            Buffer resolveOutputPacket = resolveOutputPacket(createBuffer);
            setUsername(str);
            setAuthenticated();
            startService(str2, buffer);
            writeBuffer = ioSession.writeBuffer(resolveOutputPacket);
        }
        resetIdleTimeout();
        this.log.info("Session {}@{} authenticated", str, ioSession.getRemoteAddress());
        return writeBuffer;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.session.helpers.AbstractSession
    public void handleServiceAccept(String str, Buffer buffer) throws Exception {
        super.handleServiceAccept(str, buffer);
        try {
            SessionDisconnectHandler sessionDisconnectHandler = getSessionDisconnectHandler();
            if (sessionDisconnectHandler != null && sessionDisconnectHandler.handleUnsupportedServiceDisconnectReason(this, 6, str, buffer)) {
                if (this.log.isDebugEnabled()) {
                    this.log.debug("handleServiceAccept({}) ignore unknown service={} by handler", this, str);
                    return;
                }
                return;
            }
        } catch (IOException | RuntimeException e) {
            warn("handleServiceAccept({}) failed ({}) to invoke disconnect handler of unknown service={}: {}", this, e.getClass().getSimpleName(), str, e.getMessage(), e);
        }
        disconnect(2, "Unsupported packet: SSH_MSG_SERVICE_ACCEPT for " + str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.session.helpers.AbstractSession
    public byte[] sendKexInit(Map<KexProposalOption, String> map) throws Exception {
        mergeProposals(this.serverProposal, map);
        return super.sendKexInit(map);
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.session.helpers.AbstractSession
    protected void setKexSeed(byte... bArr) {
        setServerKexData(bArr);
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.session.helpers.AbstractSession
    protected String resolveAvailableSignaturesProposal(FactoryManager factoryManager) throws IOException, GeneralSecurityException {
        ValidateUtils.checkTrue(factoryManager == getFactoryManager(), "Mismatched signatures proposed factory manager");
        KeyPairProvider keyPairProvider = getKeyPairProvider();
        Collection collection = null;
        if (keyPairProvider != null) {
            try {
                collection = (Collection) GenericUtils.stream(keyPairProvider.getKeyTypes(this)).collect(Collectors.toSet());
                HostKeyCertificateProvider hostKeyCertificateProvider = getHostKeyCertificateProvider();
                if (hostKeyCertificateProvider != null) {
                    for (OpenSshCertificate openSshCertificate : hostKeyCertificateProvider.loadCertificates(this)) {
                        if (OpenSshCertificate.Type.HOST.equals(openSshCertificate.getType())) {
                            String rawKeyType = openSshCertificate.getRawKeyType();
                            if (collection.contains(rawKeyType)) {
                                collection.add(openSshCertificate.getKeyType());
                            } else {
                                this.log.info("resolveAvailableSignaturesProposal({}) No private key of type={} available in provided certificate", this, rawKeyType);
                            }
                        } else {
                            this.log.error("resolveAvailableSignaturesProposal({}) certificate {} is not a host certificate", this, KeyUtils.getFingerPrint(openSshCertificate));
                        }
                    }
                }
            } catch (Error e) {
                warn("resolveAvailableSignaturesProposal({}) failed ({}) to get key types: {}", this, e.getClass().getSimpleName(), e.getMessage(), e);
                throw new RuntimeSshException(e);
            }
        }
        List<String> nameList = NamedResource.getNameList(getSignatureFactories());
        if (collection == null || GenericUtils.isEmpty((Collection<?>) nameList)) {
            return resolveEmptySignaturesProposal(nameList, collection);
        }
        List<String> resolveSignatureFactoryNamesProposal = SignatureFactory.resolveSignatureFactoryNamesProposal(collection, nameList);
        return GenericUtils.isEmpty((Collection<?>) resolveSignatureFactoryNamesProposal) ? resolveEmptySignaturesProposal(nameList, collection) : GenericUtils.join((Iterable<?>) resolveSignatureFactoryNamesProposal, ',');
    }

    protected String resolveEmptySignaturesProposal(Iterable<String> iterable, Iterable<String> iterable2) {
        if (!this.log.isDebugEnabled()) {
            return null;
        }
        this.log.debug("resolveEmptySignaturesProposal({})[{}] none of the keys appears in supported list: {}", this, iterable2, iterable);
        return null;
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.session.helpers.AbstractSession
    protected boolean readIdentification(Buffer buffer) throws Exception {
        SshException sshException;
        ServerProxyAcceptor serverProxyAcceptor = getServerProxyAcceptor();
        int rpos = buffer.rpos();
        boolean isDebugEnabled = this.log.isDebugEnabled();
        if (serverProxyAcceptor != null) {
            try {
                if (!serverProxyAcceptor.acceptServerProxyMetadata(this, buffer)) {
                    buffer.rpos(rpos);
                    return false;
                }
            } catch (Throwable th) {
                warn("readIdentification({}) failed ({}) to accept proxy metadata: {}", this, th.getClass().getSimpleName(), th.getMessage(), th);
                if (th instanceof IOException) {
                    throw ((IOException) th);
                }
                throw new SshException(th);
            }
        }
        List<String> doReadIdentification = doReadIdentification(buffer, true);
        int size = GenericUtils.size(doReadIdentification);
        this.clientVersion = size <= 0 ? null : doReadIdentification.remove(size - 1);
        if (GenericUtils.isEmpty(this.clientVersion)) {
            buffer.rpos(rpos);
            return false;
        }
        if (isDebugEnabled) {
            this.log.debug("readIdentification({}) client version string: {}", this, this.clientVersion);
        }
        if (SessionContext.isValidVersionPrefix(this.clientVersion)) {
            sshException = size > 1 ? new SshException(2, "Unexpected extra " + (size - 1) + " lines from client=" + this.clientVersion) : null;
        } else {
            sshException = new SshException(8, "Unsupported protocol version: " + this.clientVersion);
        }
        if (sshException != null) {
            getIoSession().writeBuffer(new ByteArrayBuffer((sshException.getMessage() + StringUtils.LF).getBytes(StandardCharsets.UTF_8))).addListener(ioWriteFuture -> {
                close(true);
            });
            throw sshException;
        }
        signalPeerIdentificationReceived(this.clientVersion, doReadIdentification);
        this.kexState.set(KexState.INIT);
        sendKexInit();
        return true;
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.session.helpers.AbstractSession
    protected void receiveKexInit(Map<KexProposalOption, String> map, byte[] bArr) throws IOException {
        mergeProposals(this.clientProposal, map);
        setClientKexData(bArr);
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.server.session.ServerSession
    public KeyPair getHostKey() {
        OpenSshCertificate loadCertificate;
        String negotiatedKexParameter = getNegotiatedKexParameter(KexProposalOption.SERVERKEYS);
        String canonicalKeyType = KeyUtils.getCanonicalKeyType(negotiatedKexParameter);
        if (GenericUtils.isEmpty(canonicalKeyType)) {
            return null;
        }
        KeyPairProvider keyPairProvider = (KeyPairProvider) Objects.requireNonNull(getKeyPairProvider(), "No host keys provider");
        try {
            HostKeyCertificateProvider hostKeyCertificateProvider = getHostKeyCertificateProvider();
            if (hostKeyCertificateProvider == null || (loadCertificate = hostKeyCertificateProvider.loadCertificate(this, canonicalKeyType)) == null) {
                return keyPairProvider.loadKey(this, canonicalKeyType);
            }
            String rawKeyType = loadCertificate.getRawKeyType();
            if (this.log.isDebugEnabled()) {
                this.log.debug("getHostKey({}) using certified key {}/{} with ID={}", this, canonicalKeyType, rawKeyType, loadCertificate.getId());
            }
            KeyPair loadKey = keyPairProvider.loadKey(this, rawKeyType);
            ValidateUtils.checkNotNull(loadKey, "No certified private key of type=%s available", rawKeyType);
            return new KeyPair(loadCertificate, loadKey.getPrivate());
        } catch (IOException | Error | GeneralSecurityException e) {
            warn("getHostKey({}) failed ({}) to load key of type={}[{}]: {}", this, e.getClass().getSimpleName(), negotiatedKexParameter, canonicalKeyType, e.getMessage(), e);
            throw new RuntimeSshException(e);
        }
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.server.session.ServerSession
    public int getActiveSessionCountForUser(String str) {
        if (GenericUtils.isEmpty(str)) {
            return 0;
        }
        Map<Long, IoSession> managedSessions = getIoSession().getService().getManagedSessions();
        if (MapEntryUtils.isEmpty(managedSessions)) {
            return 0;
        }
        int i = 0;
        Iterator<IoSession> it = managedSessions.values().iterator();
        while (it.hasNext()) {
            ServerSession serverSession = (ServerSession) getSession(it.next(), true);
            if (serverSession != null) {
                String username = serverSession.getUsername();
                if (!GenericUtils.isEmpty(username) && Objects.equals(username, str)) {
                    i++;
                }
            }
        }
        return i;
    }

    public long getId() {
        return getIoSession().getId();
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.session.helpers.SessionHelper
    protected ConnectionService getConnectionService() {
        if (this.currentService instanceof ConnectionService) {
            return (ConnectionService) this.currentService;
        }
        return null;
    }
}
