package com.sshtools.server;

import com.sshtools.common.config.AdaptiveConfiguration;
import com.sshtools.common.events.Event;
import com.sshtools.common.events.EventServiceImplementation;
import com.sshtools.common.logger.Log;
import com.sshtools.common.permissions.IPPolicy;
import com.sshtools.common.policy.SignaturePolicy;
import com.sshtools.common.ssh.SshConnection;
import com.sshtools.common.ssh.SshException;
import com.sshtools.common.ssh.components.SshKeyPair;
import com.sshtools.common.sshd.AbstractServerTransport;
import com.sshtools.common.sshd.SshMessage;
import com.sshtools.common.util.ByteArrayReader;
import com.sshtools.common.util.ByteArrayWriter;
import com.sshtools.synergy.nio.ConnectRequestFuture;
import com.sshtools.synergy.nio.LicenseException;
import com.sshtools.synergy.nio.SocketConnection;
import com.sshtools.synergy.ssh.Service;
import com.sshtools.synergy.ssh.TransportProtocol;
import com.sshtools.synergy.ssh.components.SshKeyExchange;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.nio.ByteBuffer;
import java.util.Arrays;
import java.util.Iterator;

/* loaded from: input_file:com/sshtools/server/TransportProtocolServer.class */
public final class TransportProtocolServer extends TransportProtocol<SshServerContext> implements AbstractServerTransport<SshServerContext> {
    int disconnectReason;
    String disconnectText;
    boolean denyConnection;

    public TransportProtocolServer(SshServerContext sshServerContext, ConnectRequestFuture connectRequestFuture) throws LicenseException {
        super(sshServerContext, connectRequestFuture);
        this.denyConnection = false;
    }

    /* renamed from: getContext, reason: merged with bridge method [inline-methods] and merged with bridge method [inline-methods] and merged with bridge method [inline-methods] */
    public SshServerContext m9getContext() {
        return (SshServerContext) this.sshContext;
    }

    private void processProxyProtocol(String str) throws IOException {
        if (!((LoadBalancerPolicy) m9getContext().getPolicy(LoadBalancerPolicy.class)).isProxyProtocolEnabled()) {
            throw new IOException("Received PROXY protocol directive but the current policy does not support it");
        }
        if (((LoadBalancerPolicy) m9getContext().getPolicy(LoadBalancerPolicy.class)).isRestrictedAccess()) {
            String hostAddress = ((InetSocketAddress) this.socketConnection.getRemoteAddress()).getAddress().getHostAddress();
            if (!((LoadBalancerPolicy) m9getContext().getPolicy(LoadBalancerPolicy.class)).isSupportedIPAddress(hostAddress)) {
                throw new IOException(String.format("Received PROXY protocol string from unsupported IP address %s", hostAddress));
            }
            if (Log.isDebugEnabled()) {
                Log.debug("PROXY protocol directive enabled by remote IP adresss {}", new Object[]{hostAddress});
            }
        }
        if (Log.isInfoEnabled()) {
            Log.info(String.format("Parsing PROXY protocol string [%s]", str), new Object[0]);
        }
        String[] split = str.split(" ");
        if (split.length < 4) {
            if (Log.isInfoEnabled()) {
                Log.info("Not enough parameters in PROXY statement", new Object[0]);
            }
        } else if ("TCP4".equals(split[1]) || "TCP6".equals(split[1])) {
            String trim = split[2].trim();
            String trim2 = split[3].trim();
            int parseInt = Integer.parseInt(split[4].trim());
            int parseInt2 = Integer.parseInt(split[5].trim());
            if (Log.isInfoEnabled()) {
                Log.info("Changing remote address to proxy supplied {}:{}", new Object[]{trim, Integer.valueOf(parseInt)});
            }
            this.con.setRemoteAddress(InetSocketAddress.createUnresolved(trim, parseInt));
            this.con.setLocalAddress(InetSocketAddress.createUnresolved(trim2, parseInt2));
        }
    }

    protected void processNegotiationString(String str) throws IOException {
        if (str.startsWith("PROXY")) {
            processProxyProtocol(str);
        }
    }

    protected boolean canConnect(SocketConnection socketConnection) {
        boolean checkConnection = ((IPPolicy) ((SshServerContext) this.sshContext).getPolicy(IPPolicy.class)).checkConnection(socketConnection.getRemoteAddress(), socketConnection.getLocalAddress());
        if (Log.isDebugEnabled()) {
            Log.debug("IP policy has " + (checkConnection ? "authorized" : "denied") + " access to " + ((InetSocketAddress) socketConnection.getRemoteAddress()).getAddress(), new Object[0]);
        }
        if (!checkConnection) {
            return false;
        }
        synchronized (lock) {
            Integer numberOfConnections = ((SshServerContext) this.sshContext).getConnectionManager().getNumberOfConnections();
            if (((SshServerContext) this.sshContext).getEngine().getContext().getMaximumConnections() > -1 && numberOfConnections.intValue() >= ((SshServerContext) this.sshContext).getEngine().getContext().getMaximumConnections()) {
                this.denyConnection = true;
                this.disconnectText = ((SshServerContext) this.sshContext).getEngine().getContext().getTooManyConnectionsText();
                this.disconnectReason = 12;
                if (!((SshServerContext) this.sshContext).isEnsureGracefulDisconnect()) {
                    fireTooManyConnectionsDisconnectEvent(numberOfConnections);
                    if (Log.isDebugEnabled()) {
                        Log.debug("Denying connection.. too many users currently online", new Object[0]);
                    }
                    socketConnection.closeConnection();
                    return false;
                }
                this.sessionIdentifier = new byte[0];
            }
            return true;
        }
    }

    protected void initializeKeyExchange(SshKeyExchange<SshServerContext> sshKeyExchange, boolean z, boolean z2) throws IOException, SshException {
        SshKeyPair hostKey = m9getContext().getHostKey(this.publicKey);
        this.hostKey = hostKey.getPublicKey();
        sshKeyExchange.init(this, this.remoteIdentification.toString().trim(), this.localIdentification.trim(), this.remotekex, this.localkex, hostKey.getPrivateKey(), hostKey.getPublicKey(), z, z2);
    }

    protected void onKeyExchangeInit() throws SshException {
        if (m9getContext().isForceServerPreferences()) {
            m9getContext().supportedKeyExchanges().removeAllBut(m9getContext().supportedKeyExchanges().selectStrongestComponent(getRemoteKeyExchanges()));
            m9getContext().supportedPublicKeys().removeAllBut(m9getContext().supportedPublicKeys().selectStrongestComponent(getRemotePublicKeys()));
            m9getContext().supportedCiphersCS().removeAllBut(m9getContext().supportedCiphersCS().selectStrongestComponent(getRemoteCiphersCS()));
            m9getContext().supportedCiphersCS().removeAllBut(m9getContext().supportedCiphersCS().selectStrongestComponent(getRemoteCiphersSC()));
            m9getContext().supportedMacsCS().removeAllBut(m9getContext().supportedMacsCS().selectStrongestComponent(getRemoteMacsCS()));
            m9getContext().supportedMacsSC().removeAllBut(m9getContext().supportedMacsSC().selectStrongestComponent(getRemoteMacsSC()));
        }
    }

    protected void onKeyExchangeComplete() {
        if (this.hasExtensionCapability && this.enableExtensionCapability) {
            sendExtensionInfo();
        }
    }

    private void sendExtensionInfo() {
        if (AdaptiveConfiguration.getBoolean("disableExtensionInfo", new String[]{this.con.getRemoteIPAddress(), AdaptiveConfiguration.getIdent(this.con.getRemoteIdentification())})) {
            return;
        }
        final ByteArrayWriter byteArrayWriter = new ByteArrayWriter();
        try {
            try {
                byteArrayWriter.writeInt(1);
                byteArrayWriter.writeString("server-sig-algs");
                String list = m9getContext().isSHA1SignaturesSupported() ? m9getContext().supportedSignatures().list("") : m9getContext().supportedSignatures().list("", new String[]{"ssh-rsa", "ssh-rsa-cert-v01@openssh.com", "x509v3-sign-rsa-sha1", "x509v3-sign-rsa", "x509v3-ssh-rsa"});
                byteArrayWriter.writeString(list);
                m9getContext().setPolicy(SignaturePolicy.class, new SignaturePolicy(Arrays.asList(list.split(","))));
                postMessage(new SshMessage() { // from class: com.sshtools.server.TransportProtocolServer.1
                    public boolean writeMessageIntoBuffer(ByteBuffer byteBuffer) {
                        byteBuffer.put((byte) 7);
                        byteBuffer.put(byteArrayWriter.toByteArray());
                        return true;
                    }

                    public void messageSent(Long l) {
                        if (Log.isDebugEnabled()) {
                            Log.debug("Sent SSH_MSG_EXT_INFO", new Object[0]);
                        }
                    }
                });
            } catch (IOException e) {
                throw new IllegalStateException(e.getMessage(), e);
            }
        } finally {
            try {
                byteArrayWriter.close();
            } catch (IOException e2) {
            }
        }
    }

    protected void keyExchangeInitialized() {
        if (this.denyConnection) {
            fireTooManyConnectionsDisconnectEvent(((SshServerContext) this.sshContext).getConnectionManager().getNumberOfConnections());
            disconnect(this.disconnectReason, this.disconnectText);
        }
    }

    protected boolean canSendKeyExchangeInit() {
        return !m9getContext().isForceServerPreferences();
    }

    protected void onNewKeysReceived() {
        generateNewKeysServerIn();
    }

    protected boolean processTransportMessage(int i, byte[] bArr) throws IOException {
        switch (bArr[0]) {
            case 5:
                if (Log.isDebugEnabled()) {
                    Log.debug("Processing SSH_MSG_SERVICE_REQUEST", new Object[0]);
                }
                startService(bArr);
                return true;
            default:
                return false;
        }
    }

    void startService(byte[] bArr) throws IOException {
        ByteArrayReader byteArrayReader = new ByteArrayReader(bArr);
        try {
            byteArrayReader.skip(1L);
            String readString = byteArrayReader.readString();
            if (readString.equals("ssh-userauth")) {
                this.activeService = new AuthenticationProtocolServer(this);
                final byte[] bytes = getBytes(readString, CHARSET_ENCODING);
                postMessage(new SshMessage() { // from class: com.sshtools.server.TransportProtocolServer.2
                    public boolean writeMessageIntoBuffer(ByteBuffer byteBuffer) {
                        byteBuffer.put((byte) 6);
                        byteBuffer.putInt(bytes.length);
                        byteBuffer.put(bytes);
                        return true;
                    }

                    public void messageSent(Long l) throws SshException {
                        if (Log.isDebugEnabled()) {
                            Log.debug("Sent SSH_MSG_SERVICE_ACCEPT", new Object[0]);
                        }
                        TransportProtocolServer.this.activeService.start();
                    }
                });
            } else {
                disconnect(7, readString + " is not a valid service.");
            }
        } finally {
            byteArrayReader.close();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void startService(Service service) throws SshException {
        this.activeService.stop();
        this.activeService = service;
        service.start();
    }

    protected void onNewKeysSent() {
        generateNewKeysServerOut();
    }

    protected void disconnected() {
        Iterator<ServerConnectionStateListener> it = m9getContext().getStateListeners().iterator();
        while (it.hasNext()) {
            it.next().disconnected(m9getContext().getConnectionManager().getConnectionById(getUUID()));
        }
    }

    protected void onConnected() {
        this.con = m9getContext().getConnectionManager().registerTransport(this, m9getContext());
        getConnectFuture().connected(this, this.con);
    }

    protected void onDisconnected() {
        m9getContext().getConnectionManager().unregisterTransport(this);
    }

    private void fireTooManyConnectionsDisconnectEvent(Integer num) {
        EventServiceImplementation.getInstance().fireEvent(new Event(this, -16777056, false).addAttribute("CONNECTION", this.con).addAttribute("NUMBER_OF_CONNECTIONS", String.valueOf(num.intValue())));
    }

    public String getName() {
        return "transport-server";
    }

    public void startService(com.sshtools.common.sshd.Service<SshServerContext> service) {
    }

    protected String getExtensionNegotiationString() {
        return "ext-info-s";
    }

    protected boolean isServerMode() {
        return true;
    }

    public /* bridge */ /* synthetic */ SshConnection getConnection() {
        return super.getConnection();
    }
}
