package io.jenkins.cli.shaded.org.apache.sshd.client.auth.hostbased;

import io.jenkins.cli.shaded.org.apache.sshd.client.auth.AbstractUserAuth;
import io.jenkins.cli.shaded.org.apache.sshd.client.session.ClientSession;
import io.jenkins.cli.shaded.org.apache.sshd.common.NamedFactory;
import io.jenkins.cli.shaded.org.apache.sshd.common.SshConstants;
import io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.KeyUtils;
import io.jenkins.cli.shaded.org.apache.sshd.common.signature.Signature;
import io.jenkins.cli.shaded.org.apache.sshd.common.signature.SignatureFactoriesManager;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.GenericUtils;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.OsUtils;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.ValidateUtils;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.buffer.Buffer;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.buffer.BufferUtils;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.buffer.ByteArrayBuffer;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.net.SshdSocketAddress;
import java.security.KeyPair;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

/* loaded from: input_file:WEB-INF/lib/cli-2.359-rc32565.d700381b_8b_c4.jar:io/jenkins/cli/shaded/org/apache/sshd/client/auth/hostbased/UserAuthHostBased.class */
public class UserAuthHostBased extends AbstractUserAuth implements SignatureFactoriesManager {
    public static final String NAME = "hostbased";
    protected Iterator<? extends Map.Entry<KeyPair, ? extends Collection<X509Certificate>>> keys;
    protected Map.Entry<KeyPair, ? extends Collection<X509Certificate>> keyInfo;
    protected final HostKeyIdentityProvider clientHostKeys;
    private List<NamedFactory<Signature>> factories;
    private String clientUsername;
    private String clientHostname;

    public UserAuthHostBased(HostKeyIdentityProvider hostKeyIdentityProvider) {
        super("hostbased");
        this.clientHostKeys = hostKeyIdentityProvider;
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.client.auth.AbstractUserAuth, io.jenkins.cli.shaded.org.apache.sshd.client.auth.UserAuth
    public void init(ClientSession clientSession, String str) throws Exception {
        super.init(clientSession, str);
        this.keys = HostKeyIdentityProvider.iteratorOf(clientSession, this.clientHostKeys);
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.signature.SignatureFactoriesHolder
    public List<NamedFactory<Signature>> getSignatureFactories() {
        return this.factories;
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.common.signature.SignatureFactoriesManager
    public void setSignatureFactories(List<NamedFactory<Signature>> list) {
        this.factories = list;
    }

    public String getClientUsername() {
        return this.clientUsername;
    }

    public void setClientUsername(String str) {
        this.clientUsername = str;
    }

    public String getClientHostname() {
        return this.clientHostname;
    }

    public void setClientHostname(String str) {
        this.clientHostname = str;
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.client.auth.AbstractUserAuth
    protected boolean sendAuthDataRequest(ClientSession clientSession, String str) throws Exception {
        String name = getName();
        boolean isDebugEnabled = this.log.isDebugEnabled();
        String resolveClientUsername = resolveClientUsername(clientSession);
        String resolveClientHostname = resolveClientHostname(clientSession);
        HostBasedAuthenticationReporter hostBasedAuthenticationReporter = clientSession.getHostBasedAuthenticationReporter();
        this.keyInfo = (this.keys == null || !this.keys.hasNext()) ? null : this.keys.next();
        if (this.keyInfo == null) {
            if (isDebugEnabled) {
                this.log.debug("sendAuthDataRequest({})[{}][{}] no more keys to send", clientSession, str, name);
            }
            if (hostBasedAuthenticationReporter == null) {
                return false;
            }
            hostBasedAuthenticationReporter.signalAuthenticationExhausted(clientSession, str, resolveClientUsername, resolveClientHostname);
            return false;
        }
        KeyPair key = this.keyInfo.getKey();
        PublicKey publicKey = key.getPublic();
        String keyType = KeyUtils.getKeyType(publicKey);
        if (this.log.isTraceEnabled()) {
            this.log.trace("sendAuthDataRequest({})[{}][{}] current key details: type={}, fingerprint={}", clientSession, str, name, keyType, KeyUtils.getFingerPrint(publicKey));
        }
        Signature signature = (Signature) ValidateUtils.checkNotNull(NamedFactory.create(ValidateUtils.checkNotNullAndNotEmpty(SignatureFactoriesManager.resolveSignatureFactories(this, clientSession), "No signature factories for session=%s", clientSession), keyType), "No signer could be located for key type=%s", keyType);
        byte[] sessionId = clientSession.getSessionId();
        String username = clientSession.getUsername();
        if (isDebugEnabled) {
            this.log.debug("sendAuthDataRequest({})[{}][{}] client={}@{}", clientSession, str, name, resolveClientUsername, resolveClientHostname);
        }
        Buffer createBuffer = clientSession.createBuffer((byte) 50, sessionId.length + username.length() + str.length() + resolveClientUsername.length() + resolveClientHostname.length() + keyType.length() + 256 + 64);
        createBuffer.clear();
        createBuffer.putRawPublicKey(publicKey);
        Collection<X509Certificate> value = this.keyInfo.getValue();
        if (GenericUtils.size(value) > 0) {
            Iterator<X509Certificate> it = value.iterator();
            while (it.hasNext()) {
                createBuffer.putRawBytes(it.next().getEncoded());
            }
        }
        signature.initSigner(clientSession, key.getPrivate());
        byte[] compactData = createBuffer.getCompactData();
        Buffer prepareBuffer = clientSession.prepareBuffer((byte) 50, BufferUtils.clear(createBuffer));
        prepareBuffer.putString(username);
        prepareBuffer.putString(str);
        prepareBuffer.putString(name);
        prepareBuffer.putString(keyType);
        prepareBuffer.putBytes(compactData);
        prepareBuffer.putString(resolveClientHostname);
        prepareBuffer.putString(resolveClientUsername);
        byte[] appendSignature = appendSignature(clientSession, str, keyType, publicKey, compactData, resolveClientHostname, resolveClientUsername, signature, prepareBuffer);
        if (hostBasedAuthenticationReporter != null) {
            hostBasedAuthenticationReporter.signalAuthenticationAttempt(clientSession, str, key, resolveClientHostname, resolveClientUsername, appendSignature);
        }
        clientSession.writePacket(prepareBuffer);
        return true;
    }

    protected byte[] appendSignature(ClientSession clientSession, String str, String str2, PublicKey publicKey, byte[] bArr, String str3, String str4, Signature signature, Buffer buffer) throws Exception {
        byte[] sessionId = clientSession.getSessionId();
        String username = clientSession.getUsername();
        String name = getName();
        ByteArrayBuffer byteArrayBuffer = new ByteArrayBuffer(sessionId.length + username.length() + str.length() + name.length() + str2.length() + bArr.length + str3.length() + str4.length() + 256 + 64, false);
        byteArrayBuffer.putBytes(sessionId);
        byteArrayBuffer.putByte((byte) 50);
        byteArrayBuffer.putString(username);
        byteArrayBuffer.putString(str);
        byteArrayBuffer.putString(name);
        byteArrayBuffer.putString(str2);
        byteArrayBuffer.putBytes(bArr);
        byteArrayBuffer.putString(str3);
        byteArrayBuffer.putString(str4);
        signature.update(clientSession, byteArrayBuffer.array(), byteArrayBuffer.rpos(), byteArrayBuffer.available());
        byte[] sign = signature.sign(clientSession);
        if (this.log.isTraceEnabled()) {
            this.log.trace("appendSignature({})[{}][{}] type={}, fingerprint={}, client={}@{}: signature={}", clientSession, str, name, str2, KeyUtils.getFingerPrint(publicKey), str4, str3, BufferUtils.toHex(sign));
        }
        byteArrayBuffer.clear();
        byteArrayBuffer.putString(str2);
        byteArrayBuffer.putBytes(sign);
        buffer.putBytes(byteArrayBuffer.array(), byteArrayBuffer.rpos(), byteArrayBuffer.available());
        return sign;
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.client.auth.AbstractUserAuth
    protected boolean processAuthDataRequest(ClientSession clientSession, String str, Buffer buffer) throws Exception {
        throw new IllegalStateException("processAuthDataRequest(" + clientSession + ")[" + str + "] received unknown packet: cmd=" + SshConstants.getCommandMessageName(buffer.getUByte()));
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.client.auth.UserAuth
    public void signalAuthMethodSuccess(ClientSession clientSession, String str, Buffer buffer) throws Exception {
        HostBasedAuthenticationReporter hostBasedAuthenticationReporter = clientSession.getHostBasedAuthenticationReporter();
        if (hostBasedAuthenticationReporter != null) {
            hostBasedAuthenticationReporter.signalAuthenticationSuccess(clientSession, str, this.keyInfo == null ? null : this.keyInfo.getKey(), resolveClientHostname(clientSession), resolveClientUsername(clientSession));
        }
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.client.auth.UserAuth
    public void signalAuthMethodFailure(ClientSession clientSession, String str, boolean z, List<String> list, Buffer buffer) throws Exception {
        HostBasedAuthenticationReporter hostBasedAuthenticationReporter = clientSession.getHostBasedAuthenticationReporter();
        if (hostBasedAuthenticationReporter != null) {
            hostBasedAuthenticationReporter.signalAuthenticationFailure(clientSession, str, this.keyInfo == null ? null : this.keyInfo.getKey(), resolveClientHostname(clientSession), resolveClientUsername(clientSession), z, list);
        }
    }

    protected String resolveClientUsername(ClientSession clientSession) {
        String clientUsername = getClientUsername();
        return GenericUtils.isEmpty(clientUsername) ? OsUtils.getCurrentUser() : clientUsername;
    }

    protected String resolveClientHostname(ClientSession clientSession) {
        String clientHostname = getClientHostname();
        if (GenericUtils.isEmpty(clientHostname)) {
            clientHostname = SshdSocketAddress.toAddressString(SshdSocketAddress.getFirstExternalNetwork4Address());
        }
        return GenericUtils.isEmpty(clientHostname) ? "127.0.0.1" : clientHostname;
    }
}
