package io.jenkins.cli.shaded.org.apache.sshd.server.config.keys;

import io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.AuthorizedKeyEntry;
import io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.PublicKeyEntry;
import io.jenkins.cli.shaded.org.apache.sshd.common.config.keys.PublicKeyEntryResolver;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.GenericUtils;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.io.IoUtils;
import io.jenkins.cli.shaded.org.apache.sshd.common.util.io.ModifiableFileWatcher;
import io.jenkins.cli.shaded.org.apache.sshd.server.auth.pubkey.PublickeyAuthenticator;
import io.jenkins.cli.shaded.org.apache.sshd.server.auth.pubkey.RejectAllPublickeyAuthenticator;
import io.jenkins.cli.shaded.org.apache.sshd.server.session.ServerSession;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.concurrent.atomic.AtomicReference;

/* loaded from: input_file:WEB-INF/lib/cli-2.382-rc33191.4f9cfedd861d.jar:io/jenkins/cli/shaded/org/apache/sshd/server/config/keys/AuthorizedKeysAuthenticator.class */
public class AuthorizedKeysAuthenticator extends ModifiableFileWatcher implements PublickeyAuthenticator {
    public static final String STD_AUTHORIZED_KEYS_FILENAME = "authorized_keys";
    private final AtomicReference<PublickeyAuthenticator> delegateHolder;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/cli-2.382-rc33191.4f9cfedd861d.jar:io/jenkins/cli/shaded/org/apache/sshd/server/config/keys/AuthorizedKeysAuthenticator$LazyDefaultAuthorizedKeysFileHolder.class */
    public static final class LazyDefaultAuthorizedKeysFileHolder {
        private static final Path KEYS_FILE = PublicKeyEntry.getDefaultKeysFolderPath().resolve("authorized_keys");

        private LazyDefaultAuthorizedKeysFileHolder() {
            throw new UnsupportedOperationException("No instance allowed");
        }
    }

    public AuthorizedKeysAuthenticator(Path path) {
        this(path, IoUtils.getLinkOptions(false));
    }

    public AuthorizedKeysAuthenticator(Path path, LinkOption... linkOptionArr) {
        super(path, linkOptionArr);
        this.delegateHolder = new AtomicReference<>(RejectAllPublickeyAuthenticator.INSTANCE);
    }

    @Override // io.jenkins.cli.shaded.org.apache.sshd.server.auth.pubkey.PublickeyAuthenticator
    public boolean authenticate(String str, PublicKey publicKey, ServerSession serverSession) {
        boolean isDebugEnabled = this.log.isDebugEnabled();
        if (!isValidUsername(str, serverSession)) {
            if (!isDebugEnabled) {
                return false;
            }
            this.log.debug("authenticate({})[{}][{}] invalid user name - file = {}", str, serverSession, publicKey.getAlgorithm(), getPath());
            return false;
        }
        try {
            boolean authenticate = ((PublickeyAuthenticator) Objects.requireNonNull(resolvePublickeyAuthenticator(str, serverSession), "No delegate")).authenticate(str, publicKey, serverSession);
            if (isDebugEnabled) {
                this.log.debug("authenticate({})[{}][{}] invalid user name - accepted={} from file = {}", str, serverSession, publicKey.getAlgorithm(), Boolean.valueOf(authenticate), getPath());
            }
            return authenticate;
        } catch (Throwable th) {
            debug("authenticate({})[{}] failed ({}) to authenticate {} key from {}: {}", str, serverSession, th.getClass().getSimpleName(), publicKey.getAlgorithm(), getPath(), th.getMessage(), th);
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isValidUsername(String str, ServerSession serverSession) {
        return GenericUtils.isNotEmpty(str);
    }

    protected PublickeyAuthenticator resolvePublickeyAuthenticator(String str, ServerSession serverSession) throws IOException, GeneralSecurityException {
        if (checkReloadRequired()) {
            this.delegateHolder.set(RejectAllPublickeyAuthenticator.INSTANCE);
            Path path = getPath();
            if (exists()) {
                Collection<AuthorizedKeyEntry> reloadAuthorizedKeys = reloadAuthorizedKeys(path, str, serverSession);
                if (GenericUtils.size(reloadAuthorizedKeys) > 0) {
                    this.delegateHolder.set(createDelegateAuthenticator(str, serverSession, path, reloadAuthorizedKeys, getFallbackPublicKeyEntryResolver()));
                }
            } else {
                this.log.info("resolvePublickeyAuthenticator({})[{}] no authorized keys file at {}", str, serverSession, path);
            }
        }
        return this.delegateHolder.get();
    }

    protected PublickeyAuthenticator createDelegateAuthenticator(String str, ServerSession serverSession, Path path, Collection<AuthorizedKeyEntry> collection, PublicKeyEntryResolver publicKeyEntryResolver) throws IOException, GeneralSecurityException {
        return PublickeyAuthenticator.fromAuthorizedEntries(path, serverSession, collection, publicKeyEntryResolver);
    }

    protected PublicKeyEntryResolver getFallbackPublicKeyEntryResolver() {
        return PublicKeyEntryResolver.IGNORING;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Collection<AuthorizedKeyEntry> reloadAuthorizedKeys(Path path, String str, ServerSession serverSession) throws IOException, GeneralSecurityException {
        List<AuthorizedKeyEntry> readAuthorizedKeys = AuthorizedKeyEntry.readAuthorizedKeys(path, new OpenOption[0]);
        this.log.info("reloadAuthorizedKeys({})[{}] loaded {} keys from {}", str, serverSession, Integer.valueOf(GenericUtils.size(readAuthorizedKeys)), path);
        updateReloadAttributes();
        return readAuthorizedKeys;
    }

    public static Path getDefaultAuthorizedKeysFile() {
        return LazyDefaultAuthorizedKeysFileHolder.KEYS_FILE;
    }

    public static List<AuthorizedKeyEntry> readDefaultAuthorizedKeys(OpenOption... openOptionArr) throws IOException {
        Path defaultAuthorizedKeysFile = getDefaultAuthorizedKeysFile();
        return Files.exists(defaultAuthorizedKeysFile, IoUtils.EMPTY_LINK_OPTIONS) ? AuthorizedKeyEntry.readAuthorizedKeys(defaultAuthorizedKeysFile, new OpenOption[0]) : Collections.emptyList();
    }
}
