package com.maverick.sshd;

import com.maverick.ssh.SshException;
import com.maverick.ssh.components.SshPublicKey;
import com.maverick.sshd.platform.AuthenticationProvider;
import com.maverick.util.ByteArrayReader;
import com.maverick.util.ByteArrayWriter;
import com.sshtools.publickey.SshPublicKeyFileFactory;
import java.io.IOException;
import java.net.SocketAddress;
import java.nio.ByteBuffer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/maverick/sshd/PublicKeyAuthentication.class */
public class PublicKeyAuthentication implements AuthenticationMechanism {
    static Logger log = LoggerFactory.getLogger(PublicKeyAuthentication.class);
    public static final int SSH_MSG_USERAUTH_PK_OK = 60;
    TransportProtocol transport;
    AuthenticationProtocol authentication;
    AuthenticationProvider provider;
    PublicKeyStore store;
    Connection con;
    PublicKeyAuthenticationProvider[] providers;
    public static final String AUTHENTICATION_METHOD = "publickey";

    public PublicKeyAuthentication() {
    }

    public PublicKeyAuthentication(TransportProtocol transportProtocol, AuthenticationProtocol authenticationProtocol, Connection connection, PublicKeyAuthenticationProvider[] publicKeyAuthenticationProviderArr) {
        this.transport = transportProtocol;
        this.authentication = authenticationProtocol;
        this.con = connection;
        this.providers = publicKeyAuthenticationProviderArr;
    }

    @Override // com.maverick.sshd.AuthenticationMechanism
    public void init(TransportProtocol transportProtocol, AuthenticationProtocol authenticationProtocol) throws IOException {
        this.transport = transportProtocol;
        this.authentication = authenticationProtocol;
        this.con = ConnectionManager.getInstance().getConnectionById(transportProtocol.getUUID());
        this.provider = transportProtocol.getSshContext().getAuthenticationProvider();
        this.store = transportProtocol.getSshContext().getPublicKeyStore();
    }

    @Override // com.maverick.sshd.AuthenticationMechanism
    public String getMethod() {
        return "publickey";
    }

    @Override // com.maverick.sshd.AuthenticationMechanism
    public boolean startRequest(String str, byte[] bArr) throws IOException {
        ByteArrayReader byteArrayReader = new ByteArrayReader(bArr);
        try {
            boolean z = byteArrayReader.read() != 0;
            final String readString = byteArrayReader.readString();
            if (!this.transport.m18getContext().supportedPublicKeys().contains(readString)) {
                this.authentication.failedAuthentication();
                if (log.isDebugEnabled()) {
                    log.debug("Unsupported public key algorithm");
                }
                return true;
            }
            final byte[] readBinaryString = byteArrayReader.readBinaryString();
            if (z) {
                byte[] readBinaryString2 = byteArrayReader.readBinaryString();
                SshPublicKey lookupAuthorizedKey = lookupAuthorizedKey(readString, readBinaryString, this.con, this.transport.getRemoteAddress());
                if (lookupAuthorizedKey != null) {
                    ByteArrayWriter byteArrayWriter = new ByteArrayWriter();
                    try {
                        try {
                            byteArrayWriter.writeBinaryString(this.transport.getSessionKey());
                            byteArrayWriter.write(50);
                            byteArrayWriter.writeString(str);
                            byteArrayWriter.writeString(ConnectionProtocol.SERVICE_NAME);
                            byteArrayWriter.writeString("publickey");
                            byteArrayWriter.write(1);
                            byteArrayWriter.writeString(readString);
                            byteArrayWriter.writeBinaryString(readBinaryString);
                            if (lookupAuthorizedKey.verifySignature(readBinaryString2, byteArrayWriter.toByteArray())) {
                                this.authentication.completedAuthentication();
                            } else {
                                this.authentication.failedAuthentication();
                            }
                        } finally {
                            byteArrayWriter.close();
                        }
                    } catch (SshException e) {
                        throw new IOException();
                    }
                } else {
                    this.authentication.failedAuthentication();
                }
            } else {
                Integer num = (Integer) this.authentication.getParameter("publickey.max.verify");
                Integer num2 = num == null ? new Integer(1) : new Integer(num.intValue() + 1);
                this.authentication.setParameter("publickey.max.verify", num2);
                if (num2.intValue() > this.transport.getSshContext().getMaximumPublicKeyVerificationAttempts()) {
                    this.transport.disconnect(14, "Too many publickey verification attempts were made.");
                    return true;
                }
                if (lookupAuthorizedKey(readString, readBinaryString, this.con, this.transport.getRemoteAddress()) != null) {
                    this.transport.postMessage(new SshMessage() { // from class: com.maverick.sshd.PublicKeyAuthentication.1
                        @Override // com.maverick.sshd.SshMessage
                        public boolean writeMessageIntoBuffer(ByteBuffer byteBuffer) {
                            byteBuffer.put((byte) 60);
                            byteBuffer.putInt(readString.length());
                            byteBuffer.put(readString.getBytes());
                            byteBuffer.putInt(readBinaryString.length);
                            byteBuffer.put(readBinaryString);
                            return true;
                        }

                        @Override // com.maverick.sshd.SshMessage
                        public void messageSent() {
                            if (PublicKeyAuthentication.log.isDebugEnabled()) {
                                PublicKeyAuthentication.log.debug("Sent SSH_MSG_USERAUTH_PK_OK");
                            }
                        }
                    });
                    this.authentication.discardAuthentication();
                } else {
                    this.authentication.failedAuthentication(false, !this.transport.m18getContext().isPublicKeyVerificationFailedAuth());
                }
            }
            return true;
        } finally {
            byteArrayReader.close();
        }
    }

    private SshPublicKey lookupAuthorizedKey(String str, byte[] bArr, Connection connection, SocketAddress socketAddress) {
        try {
            SshPublicKey decodeSSH2PublicKey = SshPublicKeyFileFactory.decodeSSH2PublicKey(str, bArr);
            if (connection.getProperty(decodeSSH2PublicKey.getFingerprint()) != null) {
                return decodeSSH2PublicKey;
            }
            if (this.providers != null) {
                for (PublicKeyAuthenticationProvider publicKeyAuthenticationProvider : this.providers) {
                    if (publicKeyAuthenticationProvider.isAuthorizedKey(decodeSSH2PublicKey, connection)) {
                        connection.setProperty(decodeSSH2PublicKey.getFingerprint(), decodeSSH2PublicKey);
                        return decodeSSH2PublicKey;
                    }
                }
            }
            if (this.store == null || !this.store.isAuthorizedKey(decodeSSH2PublicKey, ConnectionManager.getInstance().getConnectionById(this.transport.getUUID()))) {
                return null;
            }
            connection.setProperty(decodeSSH2PublicKey.getFingerprint(), decodeSSH2PublicKey);
            return decodeSSH2PublicKey;
        } catch (Exception e) {
            if (!log.isDebugEnabled()) {
                return null;
            }
            log.debug("Client provided unreadable key for authentication", e);
            return null;
        }
    }

    @Override // com.maverick.sshd.AuthenticationMechanism
    public boolean processMessage(byte[] bArr) throws IOException {
        return false;
    }
}
