package com.sshtools.server;

import com.sshtools.common.auth.RequiredAuthenticationStrategy;
import com.sshtools.common.events.Event;
import com.sshtools.common.events.EventServiceImplementation;
import com.sshtools.common.logger.Log;
import com.sshtools.common.ssh.Connection;
import com.sshtools.common.ssh.ExecutorOperationSupport;
import com.sshtools.common.ssh.Service;
import com.sshtools.common.ssh.SshContext;
import com.sshtools.common.ssh.SshMessage;
import com.sshtools.common.ssh.UnsupportedChannelException;
import com.sshtools.common.util.ByteArrayReader;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.util.ArrayList;
import java.util.Date;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;

/* loaded from: input_file:com/sshtools/server/AuthenticationProtocolServer.class */
public class AuthenticationProtocolServer extends ExecutorOperationSupport<SshContext> implements Service {
    public static final int SSH_MSG_USERAUTH_REQUEST = 50;
    public static final int SSH_MSG_USERAUTH_FAILURE = 51;
    public static final int SSH_MSG_USERAUTH_SUCCESS = 52;
    public static final int SSH_MSG_USERAUTH_BANNER = 53;
    TransportProtocolServer transport;
    boolean authInProgress;
    int failed;
    AuthenticationMechanism currentAuthentication;
    String currentMethod;
    String username;
    String service;
    ArrayList<String> completedAuthentications;
    Map<String, Object> authenticationParameters;
    Date started;
    String[] requiredAuthentications;
    boolean authenticated;
    static final String SERVICE_NAME = "ssh-userauth";

    public AuthenticationProtocolServer(TransportProtocolServer transportProtocolServer) {
        super("authentication-protocol");
        this.authInProgress = false;
        this.failed = 0;
        this.completedAuthentications = new ArrayList<>();
        this.authenticationParameters = new ConcurrentHashMap(8, 0.9f, 1);
        this.started = new Date();
        this.requiredAuthentications = null;
        this.authenticated = false;
        this.transport = transportProtocolServer;
    }

    /* renamed from: getContext, reason: merged with bridge method [inline-methods] */
    public SshServerContext m0getContext() {
        return this.transport.m9getContext();
    }

    public synchronized void stop() {
        if (this.transport != null) {
            if (Log.isDebugEnabled()) {
                Log.debug("Cleaning up authentication protocol references", new Object[0]);
            }
            this.transport.getConnection().getAuthenticatedFuture().authenticated(this.authenticated);
        }
        this.transport = null;
    }

    public void start() {
        if (((SshServerContext) this.transport.getSshContext()).getBannerMessage() == null || ((SshServerContext) this.transport.getSshContext()).getBannerMessage().length() <= 0) {
            return;
        }
        this.transport.postMessage(new SshMessage() { // from class: com.sshtools.server.AuthenticationProtocolServer.1
            public boolean writeMessageIntoBuffer(ByteBuffer byteBuffer) {
                byteBuffer.put((byte) 53);
                byte[] bytes = ((SshServerContext) AuthenticationProtocolServer.this.transport.getSshContext()).getBannerMessage().getBytes();
                byteBuffer.putInt(bytes.length);
                byteBuffer.put(bytes);
                byteBuffer.putInt(0);
                return true;
            }

            public void messageSent(Long l) {
                if (Log.isDebugEnabled()) {
                    Log.debug("Sent SSH_MSG_USERAUTH_BANNER", new Object[0]);
                }
            }
        });
    }

    public boolean processMessage(byte[] bArr) throws IOException {
        if (this.authInProgress) {
            return this.currentAuthentication.processMessage(bArr);
        }
        switch (bArr[0]) {
            case SSH_MSG_USERAUTH_REQUEST /* 50 */:
                processRequest(bArr);
                return true;
            default:
                return false;
        }
    }

    public Object getParameter(String str) {
        return this.authenticationParameters.get(str);
    }

    public void setParameter(String str, Object obj) {
        this.authenticationParameters.put(str, obj);
    }

    void processRequest(byte[] bArr) throws IOException {
        ByteArrayReader byteArrayReader = new ByteArrayReader(bArr);
        try {
            byteArrayReader.skip(1L);
            this.username = byteArrayReader.readString();
            this.service = byteArrayReader.readString();
            Connection<SshServerContext> connection = this.transport.getConnection();
            connection.setUsername(this.username);
            if (this.requiredAuthentications == null || ((SshServerContext) this.transport.getSshContext()).getRequiredAuthenticationStrategy() == RequiredAuthenticationStrategy.ONCE_PER_AUTHENTICATION_ATTEMPT) {
                if (((SshServerContext) this.transport.getSshContext()).getAuthenticationMechanismFactory() == null) {
                    throw new IllegalStateException("No AuthenticationMechansimFactory is configured!");
                }
                this.requiredAuthentications = ((SshServerContext) this.transport.getSshContext()).getAuthenticationMechanismFactory().getRequiredMechanisms(connection);
            }
            this.currentMethod = byteArrayReader.readString();
            if (Log.isDebugEnabled()) {
                Log.debug("Client is attempting " + this.currentMethod + " authentication", new Object[0]);
            }
            byte[] bArr2 = null;
            if (byteArrayReader.available() > 0) {
                bArr2 = new byte[byteArrayReader.available()];
                byteArrayReader.read(bArr2);
            }
            if (1 != 0 && this.transport.m9getContext().getAuthenticationMechanismFactory().isSupportedMechanism(this.currentMethod) && this.service.equals("ssh-connection")) {
                try {
                    this.currentAuthentication = this.transport.m9getContext().getAuthenticationMechanismFactory().createInstance(this.currentMethod, this.transport, this, connection);
                    this.authInProgress = true;
                    this.currentAuthentication.startRequest(this.username, bArr2);
                    byteArrayReader.close();
                    return;
                } catch (UnsupportedChannelException e) {
                    if (!this.currentMethod.equals(AuthenticationMechanismFactory.NONE) && Log.isErrorEnabled()) {
                        Log.error("Failed to initialize " + this.currentMethod + " authentication mechanism", e, new Object[0]);
                    }
                }
            }
            failedAuthentication();
            byteArrayReader.close();
        } catch (Throwable th) {
            byteArrayReader.close();
            throw th;
        }
    }

    public synchronized void completedAuthentication() {
        if (this.transport == null || !this.transport.isConnected()) {
            if (Log.isDebugEnabled()) {
                Log.debug("Transport is no longer connected!", new Object[0]);
                return;
            }
            return;
        }
        if ((this.currentAuthentication instanceof KeyboardInteractiveAuthentication) && ((KeyboardInteractiveAuthentication) this.currentAuthentication).selectedProvider.getName().equals("password")) {
            this.completedAuthentications.add("password");
        }
        this.completedAuthentications.add(this.currentAuthentication.getMethod());
        boolean z = true;
        for (int i = 0; i < this.requiredAuthentications.length; i++) {
            z &= this.completedAuthentications.contains(this.requiredAuthentications[i]);
        }
        if (!z) {
            failedAuthentication(true, true);
            return;
        }
        this.authenticated = true;
        this.transport.postMessage(new SshMessage() { // from class: com.sshtools.server.AuthenticationProtocolServer.2
            public boolean writeMessageIntoBuffer(ByteBuffer byteBuffer) {
                byteBuffer.put((byte) 52);
                return true;
            }

            public void messageSent(Long l) {
                if (Log.isDebugEnabled()) {
                    Log.debug("Sent SSH_MSG_USERAUTH_SUCCESS method=" + AuthenticationProtocolServer.this.currentMethod + " completed=" + AuthenticationProtocolServer.this.createList((String[]) AuthenticationProtocolServer.this.completedAuthentications.toArray(new String[0])) + " required=" + AuthenticationProtocolServer.this.createList(AuthenticationProtocolServer.this.requiredAuthentications), new Object[0]);
                }
                EventServiceImplementation.getInstance().fireEvent(new Event(this, -16777200, true).addAttribute("CONNECTION", AuthenticationProtocolServer.this.transport.getConnection()).addAttribute("USERNAME", AuthenticationProtocolServer.this.username).addAttribute("AUTHENTICATION_METHOD", AuthenticationProtocolServer.this.currentMethod).addAttribute("OP_STARTED", AuthenticationProtocolServer.this.started).addAttribute("OP_FINISHED", new Date()));
                EventServiceImplementation.getInstance().fireEvent(new Event(this, -16777198, true).addAttribute("CONNECTION", AuthenticationProtocolServer.this.transport.getConnection()).addAttribute("AUTHENTICATION_METHODS", AuthenticationProtocolServer.this.completedAuthentications));
                AuthenticationProtocolServer.this.transport.startService((Service) new ConnectionProtocolServer(AuthenticationProtocolServer.this.transport, AuthenticationProtocolServer.this.username));
            }
        });
        this.authInProgress = false;
    }

    public void discardAuthentication() {
        this.authInProgress = false;
    }

    public synchronized void failedAuthentication() {
        failedAuthentication(false, false);
    }

    public synchronized void failedAuthentication(boolean z, boolean z2) {
        if (this.transport == null || !this.transport.isConnected()) {
            if (Log.isDebugEnabled()) {
                Log.debug("Transport is no longer connected!", new Object[0]);
                return;
            }
            return;
        }
        String[] supportedMechanisms = this.transport.m9getContext().getAuthenticationMechanismFactory().getSupportedMechanisms();
        if (Boolean.getBoolean("maverick.oldMethodsToContinue")) {
            failedAuthentication(z, z2, supportedMechanisms);
            return;
        }
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < supportedMechanisms.length; i++) {
            if (!this.completedAuthentications.contains(supportedMechanisms[i])) {
                arrayList.add(supportedMechanisms[i]);
            }
        }
        failedAuthentication(z, z2, (String[]) arrayList.toArray(new String[0]));
    }

    private synchronized void failedAuthentication(final boolean z, boolean z2, final String[] strArr) {
        String[] supportedMechanisms = (strArr == null || strArr.length == 0) ? this.transport.m9getContext().getAuthenticationMechanismFactory().getSupportedMechanisms() : strArr;
        fireFailureEvent(z, z2, strArr);
        if (!this.currentMethod.equals(AuthenticationMechanismFactory.NONE) && !z) {
            if (!z2) {
                this.failed++;
            }
            if (this.failed >= ((SshServerContext) this.transport.getSshContext()).getMaxAuthentications()) {
                this.transport.disconnect(11, "Too many bad authentication attempts!");
                return;
            }
        }
        final String[] strArr2 = supportedMechanisms;
        this.transport.postMessage(new SshMessage() { // from class: com.sshtools.server.AuthenticationProtocolServer.3
            public boolean writeMessageIntoBuffer(ByteBuffer byteBuffer) {
                byteBuffer.put((byte) 51);
                String createList = AuthenticationProtocolServer.this.createList(strArr2);
                byteBuffer.putInt(createList.length());
                byteBuffer.put(createList.getBytes());
                byteBuffer.put((byte) (z ? 1 : 0));
                return true;
            }

            public void messageSent(Long l) {
                if (Log.isDebugEnabled()) {
                    Log.debug("Sent SSH_MSG_USERAUTH_FAILURE method=" + AuthenticationProtocolServer.this.currentMethod + " availableMethods=" + AuthenticationProtocolServer.this.createList(strArr) + " partial=" + z + " required=" + AuthenticationProtocolServer.this.createList(AuthenticationProtocolServer.this.requiredAuthentications), new Object[0]);
                }
            }
        });
        this.authInProgress = false;
    }

    private void fireFailureEvent(boolean z, boolean z2, String[] strArr) {
        if (this.currentMethod.equals(AuthenticationMechanismFactory.NONE)) {
            return;
        }
        if (z) {
            EventServiceImplementation.getInstance().fireEvent(new Event(this, -16777200, true).addAttribute("CONNECTION", this.transport.getConnection()).addAttribute("USERNAME", this.username).addAttribute("AUTHENTICATION_METHODS", createList(strArr)).addAttribute("AUTHENTICATION_METHOD", this.currentMethod));
        } else {
            if (z2) {
                return;
            }
            EventServiceImplementation.getInstance().fireEvent(new Event(this, -16777199, true).addAttribute("CONNECTION", this.transport.getConnection()).addAttribute("USERNAME", this.username).addAttribute("AUTHENTICATION_METHODS", createList(strArr)).addAttribute("AUTHENTICATION_METHOD", this.currentMethod));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String createList(String[] strArr) {
        String str = "";
        int i = 0;
        while (i < strArr.length) {
            str = str + (i > 0 ? "," : "") + strArr[i];
            i++;
        }
        return str;
    }

    public int getIdleTimeoutSeconds() {
        return this.transport.m9getContext().getIdleAuthenticationTimeoutSeconds();
    }

    public boolean idle() {
        this.transport.disconnect(11, "Idle unauthenticated connection");
        return true;
    }

    public String getName() {
        return SERVICE_NAME;
    }
}
