package io.jenkins.cli.shaded.org.apache.sshd.server.config.keys;

import io.jenkins.cli.shaded.org.apache.sshd.common.auth.UsernameHolder;
import io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.AuthorizedKeyEntry;
import io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.KeyUtils;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.OsUtils;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.ValidateUtils;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.io.IoUtils;
import io.jenkins.cli.shaded.org.apache.sshd.server.session.ServerSession;
import java.io.IOException;
import java.nio.file.FileSystemException;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.attribute.PosixFilePermission;
import java.security.GeneralSecurityException;
import java.util.AbstractMap;
import java.util.Collection;
import java.util.Collections;

/* loaded from: input_file:WEB-INF/lib/cli-2.339-rc32182.6c022d7b_2701.jar:io/jenkins/cli/shaded/org/apache/sshd/server/config/keys/DefaultAuthorizedKeysAuthenticator.class */
public class DefaultAuthorizedKeysAuthenticator extends AuthorizedKeysAuthenticator implements UsernameHolder {
    public static final DefaultAuthorizedKeysAuthenticator INSTANCE = new DefaultAuthorizedKeysAuthenticator(true);
    private final boolean strict;
    private final String user;

    public DefaultAuthorizedKeysAuthenticator(boolean z) {
        this(OsUtils.getCurrentUser(), z);
    }

    public DefaultAuthorizedKeysAuthenticator(String str, boolean z) {
        this(str, getDefaultAuthorizedKeysFile(), z, new LinkOption[0]);
    }

    public DefaultAuthorizedKeysAuthenticator(Path path, boolean z, LinkOption... linkOptionArr) {
        this(OsUtils.getCurrentUser(), path, z, linkOptionArr);
    }

    public DefaultAuthorizedKeysAuthenticator(String str, Path path, boolean z, LinkOption... linkOptionArr) {
        super(path, linkOptionArr);
        this.user = ValidateUtils.checkNotNullAndNotEmpty(str, "No username provided");
        this.strict = z;
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.auth.UsernameHolder
    public final String getUsername() {
        return this.user;
    }

    public final boolean isStrict() {
        return this.strict;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.jenkins.cli.shaded.org.apache.sshd.server.config.keys.AuthorizedKeysAuthenticator
    public boolean isValidUsername(String str, ServerSession serverSession) {
        if (super.isValidUsername(str, serverSession)) {
            return str.equals(getUsername());
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.jenkins.cli.shaded.org.apache.sshd.server.config.keys.AuthorizedKeysAuthenticator
    public Collection<AuthorizedKeyEntry> reloadAuthorizedKeys(Path path, String str, ServerSession serverSession) throws IOException, GeneralSecurityException {
        if (isStrict()) {
            if (this.log.isDebugEnabled()) {
                this.log.debug("reloadAuthorizedKeys({})[{}] check permissions of {}", str, serverSession, path);
            }
            AbstractMap.SimpleImmutableEntry<String, Object> validateStrictKeyFilePermissions = KeyUtils.validateStrictKeyFilePermissions(path, new LinkOption[0]);
            if (validateStrictKeyFilePermissions != null) {
                this.log.warn("reloadAuthorizedKeys({})[{}] invalid file={} permissions: {}", str, serverSession, path, validateStrictKeyFilePermissions.getKey());
                updateReloadAttributes();
                return Collections.emptyList();
            }
        }
        return super.reloadAuthorizedKeys(path, str, serverSession);
    }

    protected Path validateFilePath(Path path, Collection<PosixFilePermission> collection, Collection<PosixFilePermission> collection2) throws IOException {
        PosixFilePermission validateExcludedPermissions = IoUtils.validateExcludedPermissions(collection, collection2);
        if (validateExcludedPermissions == null) {
            return path;
        }
        String path2 = path.toString();
        throw new FileSystemException(path2, path2, "File not allowed to have " + validateExcludedPermissions + " permission: " + path2);
    }
}
