package org.apache.sshd.server.session;

import b3.b;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.nio.charset.Charset;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicReference;
import java.util.function.Consumer;
import java.util.stream.Collectors;
import org.apache.sshd.client.config.keys.ClientIdentity;
import org.apache.sshd.common.NamedResource;
import org.apache.sshd.common.Service;
import org.apache.sshd.common.SshConstants;
import org.apache.sshd.common.SshException;
import org.apache.sshd.common.config.keys.KeyRandomArt;
import org.apache.sshd.common.io.IoWriteFuture;
import org.apache.sshd.common.session.Session;
import org.apache.sshd.common.session.SessionDisconnectHandler;
import org.apache.sshd.common.util.GenericUtils;
import org.apache.sshd.common.util.NumberUtils;
import org.apache.sshd.common.util.ValidateUtils;
import org.apache.sshd.common.util.buffer.Buffer;
import org.apache.sshd.common.util.buffer.BufferUtils;
import org.apache.sshd.common.util.closeable.AbstractCloseable;
import org.apache.sshd.common.util.io.IoUtils;
import org.apache.sshd.core.CoreModuleProperties;
import org.apache.sshd.server.ServerFactoryManager;
import org.apache.sshd.server.auth.AsyncAuthException;
import org.apache.sshd.server.auth.UserAuth;
import org.apache.sshd.server.auth.UserAuthFactory;
import org.apache.sshd.server.auth.WelcomeBannerPhase;
import org.apache.sshd.sftp.common.extensions.VersionsParser;
import org.assertj.core.presentation.StandardRepresentation;

/* loaded from: classes.dex */
public class ServerUserAuthService extends AbstractCloseable implements Service, ServerSessionHolder {
    private String authMethod;
    private List<List<String>> authMethods;
    private String authService;
    private String authUserName;
    private UserAuth currentAuth;
    private int maxAuthRequests;
    private int nbAuthRequests;
    private final ServerSession serverSession;
    private List<UserAuthFactory> userAuthFactories;
    private final WelcomeBannerPhase welcomePhase;
    private final AtomicBoolean welcomeSent = new AtomicBoolean(false);
    private final Map<String, Object> properties = new ConcurrentHashMap();

    public ServerUserAuthService(Session session) {
        boolean isDebugEnabled = this.log.isDebugEnabled();
        ServerSession serverSession = (ServerSession) ValidateUtils.checkInstanceOf(session, ServerSession.class, "Server side service used on client side: %s", session);
        this.serverSession = serverSession;
        if (session.isAuthenticated()) {
            throw new SshException("Session already authenticated");
        }
        this.welcomePhase = CoreModuleProperties.WELCOME_BANNER_PHASE.getRequired(this);
        this.maxAuthRequests = CoreModuleProperties.MAX_AUTH_REQUESTS.getRequired(this).intValue();
        List list = (List) ValidateUtils.checkNotNullAndNotEmpty(serverSession.getUserAuthFactories(), "No user auth factories for %s", session);
        this.userAuthFactories = new ArrayList(list);
        this.authMethods = new ArrayList();
        String orNull = CoreModuleProperties.AUTH_METHODS.getOrNull(this);
        if (GenericUtils.isEmpty(orNull)) {
            Iterator it = list.iterator();
            while (it.hasNext()) {
                this.authMethods.add(new ArrayList(Collections.singletonList(((UserAuthFactory) it.next()).getName())));
            }
        } else {
            if (isDebugEnabled) {
                this.log.debug("ServerUserAuthService({}) using configured methods={}", session, orNull);
            }
            for (String str : orNull.split("\\s")) {
                this.authMethods.add(new ArrayList(Arrays.asList(GenericUtils.split(str, VersionsParser.Versions.SEP))));
            }
        }
        Iterator<List<String>> it2 = this.authMethods.iterator();
        while (it2.hasNext()) {
            for (String str2 : it2.next()) {
                if (((UserAuthFactory) NamedResource.findByName(str2, String.CASE_INSENSITIVE_ORDER, this.userAuthFactories)) == null) {
                    throw new SshException(org.bouncycastle.jce.provider.a.l("Configured method is not supported: ", str2));
                }
            }
        }
        if (isDebugEnabled) {
            this.log.debug("ServerUserAuthService({}) authorized authentication methods: {}", session, NamedResource.getNames(this.userAuthFactories));
        }
        session.resetAuthTimeout();
    }

    public static /* synthetic */ String lambda$handleAuthenticationSuccess$2(List list) {
        return (String) list.get(0);
    }

    public /* synthetic */ void lambda$handleUserAuthRequestMessage$1(Buffer buffer, Boolean bool) {
        asyncAuth(50, buffer, bool.booleanValue());
    }

    public /* synthetic */ void lambda$process$0(int i6, Buffer buffer, Boolean bool) {
        asyncAuth(i6, buffer, bool.booleanValue());
    }

    public synchronized void asyncAuth(int i6, Buffer buffer, boolean z2) {
        try {
            try {
                if (z2) {
                    handleAuthenticationSuccess(i6, buffer);
                } else {
                    handleAuthenticationFailure(i6, buffer);
                }
            } catch (Exception e6) {
                warn("asyncAuth({}) Error ({}) performing async authentication via cmd={}: {}", getServerSession(), e6.getClass().getSimpleName(), Integer.valueOf(i6), e6.getMessage(), e6);
            }
        } catch (Throwable th) {
            throw th;
        }
    }

    public ServerFactoryManager getFactoryManager() {
        return this.serverSession.getFactoryManager();
    }

    @Override // org.apache.sshd.common.PropertyResolver
    public Map<String, Object> getProperties() {
        return this.properties;
    }

    @Override // org.apache.sshd.server.session.ServerSessionHolder
    public ServerSession getServerSession() {
        return this.serverSession;
    }

    @Override // org.apache.sshd.common.session.SessionHolder
    public Session getSession() {
        return getServerSession();
    }

    public WelcomeBannerPhase getWelcomePhase() {
        return this.welcomePhase;
    }

    public void handleAuthenticationFailure(int i6, Buffer buffer) {
        ServerSession serverSession = getServerSession();
        boolean isDebugEnabled = this.log.isDebugEnabled();
        if (WelcomeBannerPhase.FIRST_FAILURE.equals(getWelcomePhase())) {
            sendWelcomeBanner(serverSession);
        }
        UserAuth userAuth = this.currentAuth;
        String username = userAuth == null ? null : userAuth.getUsername();
        if (isDebugEnabled) {
            this.log.debug("handleAuthenticationFailure({}@{}) {}", username, serverSession, SshConstants.getCommandMessageName(i6));
        }
        StringBuilder sb = new StringBuilder((this.authMethods.size() + 1) * 8);
        for (List<String> list : this.authMethods) {
            if (GenericUtils.size(list) > 0) {
                String str = list.get(0);
                if (!"none".equals(str)) {
                    if (sb.length() > 0) {
                        sb.append(VersionsParser.Versions.SEP);
                    }
                    sb.append(str);
                }
            }
        }
        String sb2 = sb.toString();
        if (isDebugEnabled) {
            this.log.debug("handleAuthenticationFailure({}@{}) remaining methods: {}", username, serverSession, sb2);
        }
        Buffer createBuffer = serverSession.createBuffer(SshConstants.SSH_MSG_USERAUTH_FAILURE, sb2.length() + 8);
        createBuffer.putString(sb2);
        createBuffer.putBoolean(false);
        serverSession.writePacket(createBuffer);
        UserAuth userAuth2 = this.currentAuth;
        if (userAuth2 != null) {
            try {
                userAuth2.destroy();
            } finally {
                this.currentAuth = null;
            }
        }
    }

    public void handleAuthenticationInProgress(int i6, Buffer buffer) {
        UserAuth userAuth = this.currentAuth;
        String username = userAuth == null ? null : userAuth.getUsername();
        if (this.log.isDebugEnabled()) {
            this.log.debug("handleAuthenticationInProgress({}@{}) {}", username, getServerSession(), SshConstants.getCommandMessageName(i6));
        }
    }

    public void handleAuthenticationSuccess(int i6, Buffer buffer) {
        int activeSessionCountForUser;
        UserAuth userAuth = this.currentAuth;
        Objects.requireNonNull(userAuth, "No current auth");
        String username = userAuth.getUsername();
        ServerSession serverSession = getServerSession();
        boolean isDebugEnabled = this.log.isDebugEnabled();
        if (isDebugEnabled) {
            this.log.debug("handleAuthenticationSuccess({}@{}) {}", username, serverSession, SshConstants.getCommandMessageName(i6));
        }
        boolean z2 = false;
        for (List<String> list : this.authMethods) {
            if (GenericUtils.size(list) > 0 && list.get(0).equals(this.authMethod)) {
                list.remove(0);
                z2 |= list.isEmpty();
            }
        }
        if (z2) {
            Integer orNull = CoreModuleProperties.MAX_CONCURRENT_SESSIONS.getOrNull(serverSession);
            if (orNull != null && (activeSessionCountForUser = serverSession.getActiveSessionCountForUser(username)) >= orNull.intValue()) {
                try {
                    SessionDisconnectHandler sessionDisconnectHandler = serverSession.getSessionDisconnectHandler();
                    if (sessionDisconnectHandler != null) {
                        if (sessionDisconnectHandler.handleSessionsCountDisconnectReason(serverSession, this, username, activeSessionCountForUser, orNull.intValue())) {
                            if (isDebugEnabled) {
                                this.log.debug("handleAuthenticationSuccess({}@{}) ignore {}/{} sessions count due to handler intervention", username, serverSession, Integer.valueOf(activeSessionCountForUser), orNull);
                            }
                        }
                    }
                } catch (IOException | RuntimeException e6) {
                    warn("handleAuthenticationSuccess({}@{}) failed ({}) to invoke disconnect handler due to {}/{} sessions count: {}", username, serverSession, e6.getClass().getSimpleName(), Integer.valueOf(activeSessionCountForUser), orNull, e6.getMessage(), e6);
                }
                serverSession.disconnect(12, "Too many concurrent connections (" + activeSessionCountForUser + ") - max. allowed: " + orNull);
                return;
            }
            if (WelcomeBannerPhase.POST_SUCCESS.equals(getWelcomePhase())) {
                sendWelcomeBanner(serverSession);
            }
            serverSession.signalAuthenticationSuccess(username, this.authService, buffer);
        } else {
            String str = (String) this.authMethods.stream().filter(new b(14)).map(new org.apache.sshd.common.keyprovider.b(15)).collect(Collectors.joining(StandardRepresentation.ELEMENT_SEPARATOR));
            if (isDebugEnabled) {
                this.log.debug("handleAuthenticationSuccess({}@{}) remaining methods={}", username, serverSession, str);
            }
            Buffer createBuffer = serverSession.createBuffer(SshConstants.SSH_MSG_USERAUTH_FAILURE, str.length() + 8);
            createBuffer.putString(str);
            createBuffer.putBoolean(true);
            serverSession.writePacket(createBuffer);
        }
        try {
            this.currentAuth.destroy();
        } finally {
            this.currentAuth = null;
        }
    }

    public boolean handleUserAuthRequestMessage(ServerSession serverSession, Buffer buffer, AtomicReference<Boolean> atomicReference) {
        int i6;
        boolean isDebugEnabled = this.log.isDebugEnabled();
        if (serverSession.isAuthenticated()) {
            String string = buffer.getString();
            String string2 = buffer.getString();
            String string3 = buffer.getString();
            if (isDebugEnabled) {
                this.log.debug("handleUserAuthRequestMessage({}) ignore user={}, service={}, method={} auth. request since session already authenticated", serverSession, string, string2, string3);
            }
            return false;
        }
        if (WelcomeBannerPhase.FIRST_REQUEST.equals(getWelcomePhase())) {
            sendWelcomeBanner(serverSession);
        }
        UserAuth userAuth = this.currentAuth;
        if (userAuth != null) {
            try {
                userAuth.destroy();
            } finally {
                this.currentAuth = null;
            }
        }
        String string4 = buffer.getString();
        String string5 = buffer.getString();
        String string6 = buffer.getString();
        if (isDebugEnabled) {
            this.log.debug("handleUserAuthRequestMessage({}) Received SSH_MSG_USERAUTH_REQUEST user={}, service={}, method={}", serverSession, string4, string5, string6);
        }
        String str = this.authUserName;
        if (str == null || this.authService == null) {
            this.authUserName = string4;
            this.authService = string5;
        } else {
            if (!str.equals(string4) || !this.authService.equals(string5)) {
                try {
                    SessionDisconnectHandler sessionDisconnectHandler = serverSession.getSessionDisconnectHandler();
                    if (sessionDisconnectHandler != null) {
                        if (sessionDisconnectHandler.handleAuthParamsDisconnectReason(serverSession, this, this.authUserName, string4, this.authService, string5)) {
                            if (!isDebugEnabled) {
                                return false;
                            }
                            this.log.debug("handleUserAuthRequestMessage({}) ignore mismatched authentication parameters: user={}/{}, service={}/{}", serverSession, this.authUserName, string4, this.authService, string5);
                            return false;
                        }
                    }
                } catch (IOException | RuntimeException e6) {
                    warn("handleUserAuthRequestMessage({}) failed ({}) to invoke disconnect handler due to user={}/{}, service={}/{} mismatched parameters: {}", serverSession, e6.getClass().getSimpleName(), this.authUserName, string4, this.authService, string5, e6.getMessage(), e6);
                }
                serverSession.disconnect(2, "Change of username or service is not allowed (" + this.authUserName + ", " + this.authService + ") -> (" + string4 + ", " + string5 + ")");
                return false;
            }
            int i7 = this.nbAuthRequests + 1;
            this.nbAuthRequests = i7;
            if (i7 > this.maxAuthRequests) {
                try {
                    SessionDisconnectHandler sessionDisconnectHandler2 = serverSession.getSessionDisconnectHandler();
                    if (sessionDisconnectHandler2 != null) {
                        i6 = 2;
                        try {
                            if (sessionDisconnectHandler2.handleAuthCountDisconnectReason(serverSession, this, string5, string6, string4, this.nbAuthRequests, this.maxAuthRequests)) {
                                if (isDebugEnabled) {
                                    this.log.debug("handleUserAuthRequestMessage({}) ignore mismatched authentication counts: user={}/{}, service={}/{}: {}/{}", serverSession, this.authUserName, string4, this.authService, string5, Integer.valueOf(this.nbAuthRequests), Integer.valueOf(this.maxAuthRequests));
                                }
                            }
                        } catch (IOException e7) {
                            e = e7;
                            warn("handleUserAuthRequestMessage({}) failed ({}) to invoke disconnect handler due to user={}/{}, service={}/{} - {}/{} auth requests: {}", serverSession, e.getClass().getSimpleName(), this.authUserName, string4, this.authService, string5, Integer.valueOf(this.nbAuthRequests), Integer.valueOf(this.maxAuthRequests), e.getMessage(), e);
                            serverSession.disconnect(i6, "Too many authentication failures: " + this.nbAuthRequests);
                            return false;
                        } catch (RuntimeException e8) {
                            e = e8;
                            warn("handleUserAuthRequestMessage({}) failed ({}) to invoke disconnect handler due to user={}/{}, service={}/{} - {}/{} auth requests: {}", serverSession, e.getClass().getSimpleName(), this.authUserName, string4, this.authService, string5, Integer.valueOf(this.nbAuthRequests), Integer.valueOf(this.maxAuthRequests), e.getMessage(), e);
                            serverSession.disconnect(i6, "Too many authentication failures: " + this.nbAuthRequests);
                            return false;
                        }
                    } else {
                        i6 = 2;
                    }
                } catch (IOException | RuntimeException e9) {
                    e = e9;
                    i6 = 2;
                }
                serverSession.disconnect(i6, "Too many authentication failures: " + this.nbAuthRequests);
                return false;
            }
        }
        this.authMethod = string6;
        if (isDebugEnabled) {
            this.log.debug("handleUserAuthRequestMessage({}) Authenticating user '{}' with service '{}' and method '{}' (attempt {} / {})", serverSession, string4, string5, string6, Integer.valueOf(this.nbAuthRequests), Integer.valueOf(this.maxAuthRequests));
        }
        UserAuthFactory userAuthFactory = (UserAuthFactory) NamedResource.findByName(string6, String.CASE_INSENSITIVE_ORDER, this.userAuthFactories);
        if (userAuthFactory == null) {
            if (!isDebugEnabled) {
                return true;
            }
            this.log.debug("handleUserAuthRequestMessage({}) no authentication factory for method={}", serverSession, string6);
            return true;
        }
        UserAuth userAuth2 = (UserAuth) ValidateUtils.checkNotNull(userAuthFactory.createUserAuth(serverSession), "No authenticator created for method=%s", string6);
        this.currentAuth = userAuth2;
        try {
            atomicReference.set(userAuth2.auth(serverSession, string4, string5, buffer));
        } catch (AsyncAuthException e10) {
            e10.addListener(new org.apache.sshd.client.auth.pubkey.a(this, buffer, 1));
            return false;
        } catch (Exception e11) {
            warn("handleUserAuthRequestMessage({}) Failed ({}) to authenticate using factory method={}: {}", serverSession, e11.getClass().getSimpleName(), string6, e11.getMessage(), e11);
        }
        return true;
    }

    public String loadWelcomeBanner(ServerSession serverSession, URL url, Charset charset) {
        InputStream openStream = url.openStream();
        try {
            byte[] byteArray = IoUtils.toByteArray(openStream);
            String str = NumberUtils.isEmpty(byteArray) ? ClientIdentity.ID_FILE_SUFFIX : new String(byteArray, charset);
            if (openStream != null) {
                openStream.close();
            }
            return str;
        } catch (Throwable th) {
            if (openStream != null) {
                try {
                    openStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Override // org.apache.sshd.common.Service
    public synchronized void process(final int i6, final Buffer buffer) {
        try {
            Boolean bool = Boolean.FALSE;
            ServerSession serverSession = getServerSession();
            boolean isDebugEnabled = this.log.isDebugEnabled();
            if (i6 == 50) {
                AtomicReference<Boolean> atomicReference = new AtomicReference<>(bool);
                if (!handleUserAuthRequestMessage(serverSession, buffer, atomicReference)) {
                    return;
                } else {
                    bool = atomicReference.get();
                }
            } else {
                if (WelcomeBannerPhase.FIRST_AUTHCMD.equals(getWelcomePhase())) {
                    sendWelcomeBanner(serverSession);
                }
                if (this.currentAuth == null) {
                    throw new IllegalStateException("No current authentication mechanism for cmd=" + SshConstants.getCommandMessageName(i6));
                }
                if (isDebugEnabled) {
                    this.log.debug("process({}) Received authentication message={} for mechanism={}", serverSession, SshConstants.getCommandMessageName(i6), this.currentAuth.getName());
                }
                buffer.rpos(buffer.rpos() - 1);
                try {
                    bool = this.currentAuth.next(buffer);
                } catch (AsyncAuthException e6) {
                    e6.addListener(new Consumer() { // from class: org.apache.sshd.server.session.a
                        @Override // java.util.function.Consumer
                        public final void accept(Object obj) {
                            ServerUserAuthService.this.lambda$process$0(i6, buffer, (Boolean) obj);
                        }
                    });
                    return;
                } catch (Exception e7) {
                    warn("process({}) Failed ({}) to authenticate using current method={}: {}", serverSession, e7.getClass().getSimpleName(), this.currentAuth.getName(), e7.getMessage(), e7);
                }
            }
            if (bool == null) {
                handleAuthenticationInProgress(i6, buffer);
            } else if (bool.booleanValue()) {
                handleAuthenticationSuccess(i6, buffer);
            } else {
                handleAuthenticationFailure(i6, buffer);
            }
        } catch (Throwable th) {
            throw th;
        }
    }

    public String resolveWelcomeBanner(ServerSession serverSession) {
        Object orNull = CoreModuleProperties.WELCOME_BANNER.getOrNull(this);
        if (orNull == null) {
            return null;
        }
        if (orNull instanceof CharSequence) {
            String obj = orNull.toString();
            if (GenericUtils.isEmpty(obj)) {
                return null;
            }
            if (CoreModuleProperties.AUTO_WELCOME_BANNER_VALUE.equalsIgnoreCase(obj)) {
                try {
                    return KeyRandomArt.combine(serverSession, BufferUtils.DEFAULT_HEX_SEPARATOR, serverSession.getKeyPairProvider());
                } catch (IOException e6) {
                    throw e6;
                } catch (Exception e7) {
                    throw new IOException(e7);
                }
            }
            if (!obj.contains("://")) {
                return obj;
            }
            try {
                URI uri = new URI(obj);
                orNull = obj.startsWith("file:/") ? Paths.get(uri) : uri;
            } catch (URISyntaxException e8) {
                this.log.error("resolveWelcomeBanner({}) bad path URI {}: {}", serverSession, obj, e8.getMessage());
                throw new MalformedURLException(e8.getClass().getSimpleName() + " - bad URI (" + obj + "): " + e8.getMessage());
            }
        }
        if (orNull instanceof File) {
            orNull = ((File) orNull).toPath();
        }
        if (orNull instanceof Path) {
            Path path = (Path) orNull;
            if (!Files.exists(path, new LinkOption[0]) || Files.size(path) <= 0) {
                if (this.log.isDebugEnabled()) {
                    this.log.debug("resolveWelcomeBanner({}) file is empty/does not exist {}", serverSession, path);
                }
                return null;
            }
            orNull = path.toUri();
        }
        if (orNull instanceof URI) {
            orNull = ((URI) orNull).toURL();
        }
        if (orNull instanceof URL) {
            return loadWelcomeBanner(serverSession, (URL) orNull, CoreModuleProperties.WELCOME_BANNER_CHARSET.getRequired(this));
        }
        return orNull.toString();
    }

    public IoWriteFuture sendWelcomeBanner(ServerSession serverSession) {
        if (this.welcomeSent.getAndSet(true)) {
            if (this.log.isDebugEnabled()) {
                this.log.debug("sendWelcomeBanner({}) already sent", serverSession);
            }
            return null;
        }
        String resolveWelcomeBanner = resolveWelcomeBanner(serverSession);
        if (GenericUtils.isEmpty(resolveWelcomeBanner)) {
            return null;
        }
        String required = CoreModuleProperties.WELCOME_BANNER_LANGUAGE.getRequired(this);
        Buffer createBuffer = serverSession.createBuffer(SshConstants.SSH_MSG_USERAUTH_BANNER, GenericUtils.length(required) + resolveWelcomeBanner.length() + 64);
        createBuffer.putString(resolveWelcomeBanner);
        createBuffer.putString(required);
        if (this.log.isDebugEnabled()) {
            this.log.debug("sendWelcomeBanner({}) send banner (length={}, lang={})", serverSession, Integer.valueOf(resolveWelcomeBanner.length()), required);
        }
        return serverSession.writePacket(createBuffer);
    }

    @Override // org.apache.sshd.common.Service
    public void start() {
    }
}
