package io.jenkins.cli.shaded.org.apache.sshd.server.session;

import io.jenkins.cli.shaded.org.apache.sshd.common.Factory;
import io.jenkins.cli.shaded.org.apache.sshd.common.NamedFactory;
import io.jenkins.cli.shaded.org.apache.sshd.common.NamedResource;
import io.jenkins.cli.shaded.org.apache.sshd.common.PropertyResolverUtils;
import io.jenkins.cli.shaded.org.apache.sshd.common.Service;
import io.jenkins.cli.shaded.org.apache.sshd.common.SshConstants;
import io.jenkins.cli.shaded.org.apache.sshd.common.SshException;
import io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.KeyRandomArt;
import io.jenkins.cli.shaded.org.apache.sshd.common.io.IoWriteFuture;
import io.jenkins.cli.shaded.org.apache.sshd.common.keyprovider.KeyIdentityProvider;
import io.jenkins.cli.shaded.org.apache.sshd.common.session.Session;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.GenericUtils;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.NumberUtils;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.ValidateUtils;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.buffer.Buffer;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.closeable.AbstractCloseable;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.io.IoUtils;
import io.jenkins.cli.shaded.org.apache.sshd.server.ServerAuthenticationManager;
import io.jenkins.cli.shaded.org.apache.sshd.server.ServerFactoryManager;
import io.jenkins.cli.shaded.org.apache.sshd.server.auth.UserAuth;
import io.jenkins.cli.shaded.org.apache.sshd.server.auth.WelcomeBannerPhase;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.nio.charset.Charset;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.stream.Collectors;

/* loaded from: input_file:WEB-INF/lib/cli-2.246-rc30228.5ede90249cc2.jar:io/jenkins/cli/shaded/org/apache/sshd/server/session/ServerUserAuthService.class */
public class ServerUserAuthService extends AbstractCloseable implements Service, ServerSessionHolder {
    private final ServerSession serverSession;
    private final AtomicBoolean welcomeSent = new AtomicBoolean(false);
    private final WelcomeBannerPhase welcomePhase;
    private List<NamedFactory<UserAuth>> userAuthFactories;
    private List<List<String>> authMethods;
    private String authUserName;
    private String authMethod;
    private String authService;
    private UserAuth currentAuth;
    private int maxAuthRequests;
    private int nbAuthRequests;

    public ServerUserAuthService(Session session) throws IOException {
        this.serverSession = (ServerSession) ValidateUtils.checkInstanceOf(session, ServerSession.class, "Server side service used on client side: %s", session);
        if (session.isAuthenticated()) {
            throw new SshException("Session already authenticated");
        }
        Enum r0 = PropertyResolverUtils.toEnum(WelcomeBannerPhase.class, PropertyResolverUtils.getObject(session, "welcome-banner-phase"), true, WelcomeBannerPhase.VALUES);
        this.welcomePhase = r0 == null ? ServerAuthenticationManager.DEFAULT_BANNER_PHASE : (WelcomeBannerPhase) r0;
        this.maxAuthRequests = session.getIntProperty("max-auth-requests", 20);
        List list = (List) ValidateUtils.checkNotNullAndNotEmpty(this.serverSession.getUserAuthFactories(), "No user auth factories for %s", session);
        this.userAuthFactories = new ArrayList(list);
        this.authMethods = new ArrayList();
        String string = session.getString("auth-methods");
        if (GenericUtils.isEmpty(string)) {
            Iterator it = list.iterator();
            while (it.hasNext()) {
                this.authMethods.add(new ArrayList(Collections.singletonList(((NamedFactory) it.next()).getName())));
            }
        } else {
            if (this.log.isDebugEnabled()) {
                this.log.debug("ServerUserAuthService({}) using configured methods={}", session, string);
            }
            for (String str : string.split("\\s")) {
                this.authMethods.add(new ArrayList(Arrays.asList(GenericUtils.split(str, ','))));
            }
        }
        Iterator<List<String>> it2 = this.authMethods.iterator();
        while (it2.hasNext()) {
            for (String str2 : it2.next()) {
                if (((NamedFactory) NamedResource.findByName(str2, String.CASE_INSENSITIVE_ORDER, this.userAuthFactories)) == null) {
                    throw new SshException("Configured method is not supported: " + str2);
                }
            }
        }
        if (this.log.isDebugEnabled()) {
            this.log.debug("ServerUserAuthService({}) authorized authentication methods: {}", session, NamedResource.getNames(this.userAuthFactories));
        }
    }

    public WelcomeBannerPhase getWelcomePhase() {
        return this.welcomePhase;
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.Service
    public void start() {
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.Service, io.jenkins.cli.shaded.org.apache.sshd.common.session.SessionHolder
    public ServerSession getSession() {
        return getServerSession();
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.server.session.ServerSessionHolder
    public ServerSession getServerSession() {
        return this.serverSession;
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.Service
    public void process(int i, Buffer buffer) throws Exception {
        Boolean bool = Boolean.FALSE;
        ServerSession serverSession = getServerSession();
        if (i == 50) {
            if (WelcomeBannerPhase.FIRST_REQUEST.equals(getWelcomePhase())) {
                sendWelcomeBanner(serverSession);
            }
            if (this.currentAuth != null) {
                try {
                    this.currentAuth.destroy();
                    this.currentAuth = null;
                } catch (Throwable th) {
                    this.currentAuth = null;
                    throw th;
                }
            }
            String string = buffer.getString();
            String string2 = buffer.getString();
            String string3 = buffer.getString();
            if (this.log.isDebugEnabled()) {
                this.log.debug("process({}) Received SSH_MSG_USERAUTH_REQUEST user={}, service={}, method={}", serverSession, string, string2, string3);
            }
            if (this.authUserName == null || this.authService == null) {
                this.authUserName = string;
                this.authService = string2;
            } else {
                if (!this.authUserName.equals(string) || !this.authService.equals(string2)) {
                    serverSession.disconnect(2, "Change of username or service is not allowed (" + this.authUserName + ", " + this.authService + ") -> (" + string + ", " + string2 + ")");
                    return;
                }
                this.nbAuthRequests++;
                if (this.nbAuthRequests > this.maxAuthRequests) {
                    serverSession.disconnect(2, "Too many authentication failures: " + this.nbAuthRequests);
                    return;
                }
            }
            this.authMethod = string3;
            if (this.log.isDebugEnabled()) {
                this.log.debug("process({}) Authenticating user '{}' with service '{}' and method '{}' (attempt {} / {})", serverSession, string, string2, string3, Integer.valueOf(this.nbAuthRequests), Integer.valueOf(this.maxAuthRequests));
            }
            Factory factory = (Factory) NamedResource.findByName(string3, String.CASE_INSENSITIVE_ORDER, this.userAuthFactories);
            if (factory != null) {
                this.currentAuth = (UserAuth) ValidateUtils.checkNotNull(factory.create(), "No authenticator created for method=%s", string3);
                try {
                    bool = this.currentAuth.auth(serverSession, string, string2, buffer);
                } catch (Exception e) {
                    if (this.log.isDebugEnabled()) {
                        this.log.debug("process({}) Failed ({}) to authenticate using factory method={}: {}", serverSession, e.getClass().getSimpleName(), string3, e.getMessage());
                    }
                    if (this.log.isTraceEnabled()) {
                        this.log.trace("process(" + serverSession + ") factory authentication=" + string3 + " failure details", (Throwable) e);
                    }
                }
            } else if (this.log.isDebugEnabled()) {
                this.log.debug("process({}) no authentication factory for method={}", serverSession, string3);
            }
        } else {
            if (WelcomeBannerPhase.FIRST_AUTHCMD.equals(getWelcomePhase())) {
                sendWelcomeBanner(serverSession);
            }
            if (this.currentAuth == null) {
                throw new IllegalStateException("No current authentication mechanism for cmd=" + SshConstants.getCommandMessageName(i));
            }
            if (this.log.isDebugEnabled()) {
                this.log.debug("process({}) Received authentication message={} for mechanism={}", serverSession, SshConstants.getCommandMessageName(i), this.currentAuth.getName());
            }
            buffer.rpos(buffer.rpos() - 1);
            try {
                bool = this.currentAuth.next(buffer);
            } catch (Exception e2) {
                if (this.log.isDebugEnabled()) {
                    this.log.debug("process({}) Failed ({}) to authenticate using current method={}: {}", serverSession, e2.getClass().getSimpleName(), this.currentAuth.getName(), e2.getMessage());
                }
                if (this.log.isTraceEnabled()) {
                    this.log.trace("process(" + serverSession + ") current authentication=" + this.currentAuth.getName() + " failure details", (Throwable) e2);
                }
            }
        }
        if (bool == null) {
            handleAuthenticationInProgress(i, buffer);
        } else if (bool.booleanValue()) {
            handleAuthenticationSuccess(i, buffer);
        } else {
            handleAuthenticationFailure(i, buffer);
        }
    }

    protected void handleAuthenticationInProgress(int i, Buffer buffer) throws Exception {
        String username = this.currentAuth == null ? null : this.currentAuth.getUsername();
        if (this.log.isDebugEnabled()) {
            this.log.debug("handleAuthenticationInProgress({}@{}) {}", username, getServerSession(), SshConstants.getCommandMessageName(i));
        }
    }

    protected void handleAuthenticationSuccess(int i, Buffer buffer) throws Exception {
        int activeSessionCountForUser;
        String username = ((UserAuth) Objects.requireNonNull(this.currentAuth, "No current auth")).getUsername();
        ServerSession serverSession = getServerSession();
        if (this.log.isDebugEnabled()) {
            this.log.debug("handleAuthenticationSuccess({}@{}) {}", username, serverSession, SshConstants.getCommandMessageName(i));
        }
        boolean z = false;
        for (List<String> list : this.authMethods) {
            if (GenericUtils.size(list) > 0 && list.get(0).equals(this.authMethod)) {
                list.remove(0);
                z |= list.isEmpty();
            }
        }
        if (z) {
            Integer integer = serverSession.getInteger("max-concurrent-sessions");
            if (integer != null && (activeSessionCountForUser = serverSession.getActiveSessionCountForUser(username)) >= integer.intValue()) {
                serverSession.disconnect(12, "Too many concurrent connections (" + activeSessionCountForUser + ") - max. allowed: " + integer);
                return;
            }
            if (WelcomeBannerPhase.POST_SUCCESS.equals(getWelcomePhase())) {
                sendWelcomeBanner(serverSession);
            }
            serverSession.writePacket(serverSession.createBuffer((byte) 52, 8));
            serverSession.setUsername(username);
            serverSession.setAuthenticated();
            serverSession.startService(this.authService);
            serverSession.resetIdleTimeout();
            this.log.info("Session {}@{} authenticated", username, serverSession.getIoSession().getRemoteAddress());
        } else {
            String str = (String) this.authMethods.stream().filter((v0) -> {
                return GenericUtils.isNotEmpty(v0);
            }).map(list2 -> {
                return (String) list2.get(0);
            }).collect(Collectors.joining(","));
            if (this.log.isDebugEnabled()) {
                this.log.debug("handleAuthenticationSuccess({}@{}) remaining methods={}", username, serverSession, str);
            }
            Buffer createBuffer = serverSession.createBuffer((byte) 51, str.length() + 8);
            createBuffer.putString(str);
            createBuffer.putBoolean(true);
            serverSession.writePacket(createBuffer);
        }
        try {
            this.currentAuth.destroy();
            this.currentAuth = null;
        } catch (Throwable th) {
            this.currentAuth = null;
            throw th;
        }
    }

    protected void handleAuthenticationFailure(int i, Buffer buffer) throws Exception {
        ServerSession serverSession = getServerSession();
        if (WelcomeBannerPhase.FIRST_FAILURE.equals(getWelcomePhase())) {
            sendWelcomeBanner(serverSession);
        }
        String username = this.currentAuth == null ? null : this.currentAuth.getUsername();
        if (this.log.isDebugEnabled()) {
            this.log.debug("handleAuthenticationFailure({}@{}) {}", username, serverSession, SshConstants.getCommandMessageName(i));
        }
        StringBuilder sb = new StringBuilder((this.authMethods.size() + 1) * 8);
        for (List<String> list : this.authMethods) {
            if (GenericUtils.size(list) > 0) {
                String str = list.get(0);
                if (!"none".equals(str)) {
                    if (sb.length() > 0) {
                        sb.append(",");
                    }
                    sb.append(str);
                }
            }
        }
        String sb2 = sb.toString();
        if (this.log.isDebugEnabled()) {
            this.log.debug("handleAuthenticationFailure({}@{}) remaining methods: {}", username, serverSession, sb2);
        }
        Buffer createBuffer = serverSession.createBuffer((byte) 51, sb2.length() + 8);
        createBuffer.putString(sb2);
        createBuffer.putBoolean(false);
        serverSession.writePacket(createBuffer);
        if (this.currentAuth != null) {
            try {
                this.currentAuth.destroy();
                this.currentAuth = null;
            } catch (Throwable th) {
                this.currentAuth = null;
                throw th;
            }
        }
    }

    public IoWriteFuture sendWelcomeBanner(ServerSession serverSession) throws IOException {
        if (this.welcomeSent.getAndSet(true)) {
            if (!this.log.isDebugEnabled()) {
                return null;
            }
            this.log.debug("sendWelcomeBanner({}) already sent", serverSession);
            return null;
        }
        String resolveWelcomeBanner = resolveWelcomeBanner(serverSession);
        if (GenericUtils.isEmpty(resolveWelcomeBanner)) {
            return null;
        }
        String stringProperty = PropertyResolverUtils.getStringProperty(serverSession, "welcome-banner-language", "en");
        Buffer createBuffer = serverSession.createBuffer((byte) 53, resolveWelcomeBanner.length() + GenericUtils.length(stringProperty) + 64);
        createBuffer.putString(resolveWelcomeBanner);
        createBuffer.putString(stringProperty);
        if (this.log.isDebugEnabled()) {
            this.log.debug("sendWelcomeBanner({}) send banner (length={}, lang={})", serverSession, Integer.valueOf(resolveWelcomeBanner.length()), stringProperty);
        }
        return serverSession.writePacket(createBuffer);
    }

    protected String resolveWelcomeBanner(ServerSession serverSession) throws IOException {
        Object object = serverSession.getObject("welcome-banner");
        if (object == null) {
            return null;
        }
        if (object instanceof CharSequence) {
            String obj = object.toString();
            if (GenericUtils.isEmpty(obj)) {
                return null;
            }
            if ("#auto-welcome-banner".equalsIgnoreCase(obj)) {
                try {
                    return KeyRandomArt.combine(' ', (KeyIdentityProvider) serverSession.getKeyPairProvider());
                } catch (Exception e) {
                    if (e instanceof IOException) {
                        throw ((IOException) e);
                    }
                    throw new IOException(e);
                }
            }
            if (!obj.contains("://")) {
                return obj;
            }
            try {
                object = new URI(obj);
                if (obj.startsWith("file:/")) {
                    object = Paths.get((URI) object);
                }
            } catch (URISyntaxException e2) {
                this.log.error("resolveWelcomeBanner({}) bad path URI {}: {}", serverSession, obj, e2.getMessage());
                throw new MalformedURLException(e2.getClass().getSimpleName() + " - bad URI (" + obj + "): " + e2.getMessage());
            }
        }
        if (object instanceof File) {
            object = ((File) object).toPath();
        }
        if (object instanceof Path) {
            Path path = (Path) object;
            if (!Files.exists(path, new LinkOption[0]) || Files.size(path) <= 0) {
                if (!this.log.isDebugEnabled()) {
                    return null;
                }
                this.log.debug("resolveWelcomeBanner({}) file is empty/does not exist", serverSession, path);
                return null;
            }
            object = path.toUri();
        }
        if (object instanceof URI) {
            object = ((URI) object).toURL();
        }
        return object instanceof URL ? loadWelcomeBanner(serverSession, (URL) object, PropertyResolverUtils.getCharset(serverSession, "welcome-banner-charset", Charset.defaultCharset())) : object.toString();
    }

    protected String loadWelcomeBanner(ServerSession serverSession, URL url, Charset charset) throws IOException {
        InputStream openStream = url.openStream();
        Throwable th = null;
        try {
            try {
                byte[] byteArray = IoUtils.toByteArray(openStream);
                String str = NumberUtils.isEmpty(byteArray) ? "" : new String(byteArray, charset);
                if (openStream != null) {
                    if (0 != 0) {
                        try {
                            openStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        openStream.close();
                    }
                }
                return str;
            } finally {
            }
        } catch (Throwable th3) {
            if (openStream != null) {
                if (th != null) {
                    try {
                        openStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    openStream.close();
                }
            }
            throw th3;
        }
    }

    public ServerFactoryManager getFactoryManager() {
        return this.serverSession.getFactoryManager();
    }
}
