package com.sshtools.server.auth;

import com.maverick.util.ByteArrayReader;
import com.maverick.util.ByteArrayWriter;
import com.sshtools.common.Connection;
import com.sshtools.common.SshAttributes;
import com.sshtools.common.SshMessage;
import com.sshtools.common.SshTransport;
import com.sshtools.common.io.Buffer;
import com.sshtools.common.io.Session;
import com.sshtools.components.SshException;
import com.sshtools.components.SshPublicKey;
import com.sshtools.components.publickey.SshPublicKeyFileFactory;
import com.sshtools.server.AuthenticationMechanism;
import com.sshtools.server.AuthenticationProtocol;
import com.sshtools.server.ConnectionProtocol;
import com.sshtools.server.PublicKeyAuthenticationProvider;
import com.sshtools.server.SshServerContext;
import java.io.IOException;
import java.net.SocketAddress;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/sshtools/server/auth/PublicKeyAuthentication.class */
public class PublicKeyAuthentication implements AuthenticationMechanism {
    public static final int SSH_MSG_USERAUTH_PK_OK = 60;
    public static final String AUTHENTICATION_METHOD = "publickey";
    Session session;
    SshTransport transport;
    AuthenticationProtocol authentication;
    SshServerContext context;
    Connection<SshServerContext> con;
    PublicKeyAuthenticationProvider[] pkProviders;
    static Logger log = LoggerFactory.getLogger(PublicKeyAuthentication.class);

    public PublicKeyAuthentication(Session session, SshTransport sshTransport, AuthenticationProtocol authenticationProtocol, Connection<SshServerContext> connection, PublicKeyAuthenticationProvider[] publicKeyAuthenticationProviderArr) {
        this.transport = sshTransport;
        this.session = session;
        this.authentication = authenticationProtocol;
        this.con = connection;
        this.pkProviders = publicKeyAuthenticationProviderArr;
        this.context = (SshServerContext) SshAttributes.getContext(session);
    }

    @Override // com.sshtools.server.AuthenticationMechanism
    public String getName() {
        return "publickey";
    }

    @Override // com.sshtools.server.AuthenticationMechanism
    public boolean startRequest(String str, byte[] bArr) throws IOException {
        ByteArrayReader byteArrayReader = new ByteArrayReader(bArr);
        try {
            boolean z = byteArrayReader.read() != 0;
            final String readString = byteArrayReader.readString();
            if (!this.context.supportedPublicKeys().contains(readString)) {
                this.authentication.failedAuthentication();
                if (log.isDebugEnabled()) {
                    log.debug("Unsupported public key algorithm");
                }
                byteArrayReader.close();
                return true;
            }
            final byte[] readBinaryString = byteArrayReader.readBinaryString();
            if (z) {
                byte[] readBinaryString2 = byteArrayReader.readBinaryString();
                SshPublicKey lookupAuthorizedKey = lookupAuthorizedKey(readString, readBinaryString, str, this.session.getRemoteAddress());
                if (lookupAuthorizedKey != null) {
                    ByteArrayWriter byteArrayWriter = new ByteArrayWriter();
                    try {
                        try {
                            byteArrayWriter.writeBinaryString(this.con.getSessionId());
                            byteArrayWriter.write(50);
                            byteArrayWriter.writeString(str);
                            byteArrayWriter.writeString(ConnectionProtocol.SERVICE_NAME);
                            byteArrayWriter.writeString("publickey");
                            byteArrayWriter.write(1);
                            byteArrayWriter.writeString(readString);
                            byteArrayWriter.writeBinaryString(readBinaryString);
                            if (lookupAuthorizedKey.verifySignature(readBinaryString2, byteArrayWriter.toByteArray())) {
                                this.authentication.completedAuthentication();
                            } else {
                                this.authentication.failedAuthentication();
                            }
                            byteArrayWriter.close();
                        } catch (Throwable th) {
                            byteArrayWriter.close();
                            throw th;
                        }
                    } catch (SshException e) {
                        throw new IOException();
                    }
                } else {
                    this.authentication.failedAuthentication();
                }
            } else {
                Integer num = (Integer) this.authentication.getParameter("publickey.max.verify");
                Integer num2 = num == null ? new Integer(1) : new Integer(num.intValue() + 1);
                this.authentication.setParameter("publickey.max.verify", num2);
                if (num2.intValue() > this.context.getMaximumPublicKeyVerificationAttempts()) {
                    this.transport.disconnect(this.session, 14, "Too many publickey verification attempts were made.");
                    byteArrayReader.close();
                    return true;
                }
                if (lookupAuthorizedKey(readString, readBinaryString, str, this.session.getRemoteAddress()) != null) {
                    this.session.write(new SshMessage() { // from class: com.sshtools.server.auth.PublicKeyAuthentication.1
                        public boolean writeMessageIntoBuffer(Session session, Buffer buffer) {
                            buffer.put((byte) 60);
                            buffer.putInt(readString.length());
                            buffer.put(readString.getBytes());
                            buffer.putInt(readBinaryString.length);
                            buffer.put(readBinaryString);
                            return true;
                        }

                        public void messageSent() {
                            if (PublicKeyAuthentication.log.isDebugEnabled()) {
                                PublicKeyAuthentication.log.debug("Sent SSH_MSG_USERAUTH_PK_OK");
                            }
                        }

                        public int getId() {
                            return 60;
                        }
                    });
                    this.authentication.discardAuthentication();
                } else {
                    this.authentication.failedAuthentication(false, true);
                }
            }
            byteArrayReader.close();
            return true;
        } catch (Throwable th2) {
            byteArrayReader.close();
            throw th2;
        }
    }

    private SshPublicKey lookupAuthorizedKey(String str, byte[] bArr, String str2, SocketAddress socketAddress) {
        try {
            SshPublicKey decodeSSH2PublicKey = SshPublicKeyFileFactory.decodeSSH2PublicKey(str, bArr, this.context.getComponentManager());
            for (PublicKeyAuthenticationProvider publicKeyAuthenticationProvider : this.pkProviders) {
                if (publicKeyAuthenticationProvider.isAuthorizedKey(decodeSSH2PublicKey, ((SshServerContext) this.con.getContext()).getConnectionManager().getConnectionById(SshAttributes.getUUID(this.session)))) {
                    return decodeSSH2PublicKey;
                }
            }
            return null;
        } catch (IOException e) {
            if (!log.isDebugEnabled()) {
                return null;
            }
            log.debug("Client provided unreadable key for authentication");
            return null;
        }
    }

    @Override // com.sshtools.server.AuthenticationMechanism
    public boolean processMessage(byte[] bArr) throws IOException {
        return false;
    }

    @Override // com.sshtools.server.AuthenticationMechanism
    public boolean isPassword() {
        return false;
    }
}
