package org.uberfire.java.nio.fs.jgit.daemon.ssh;

import java.io.File;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ExecutorService;
import org.apache.sshd.common.FactoryManager;
import org.apache.sshd.common.NamedFactory;
import org.apache.sshd.common.cipher.BuiltinCiphers;
import org.apache.sshd.common.mac.BuiltinMacs;
import org.apache.sshd.common.util.security.SecurityUtils;
import org.apache.sshd.server.ServerBuilder;
import org.apache.sshd.server.SshServer;
import org.apache.sshd.server.auth.pubkey.CachingPublicKeyAuthenticator;
import org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider;
import org.apache.sshd.server.scp.UnknownCommand;
import org.eclipse.jgit.transport.RemoteConfig;
import org.eclipse.jgit.transport.resolver.ReceivePackFactory;
import org.eclipse.jgit.transport.resolver.UploadPackFactory;
import org.kie.soup.commons.validation.PortablePreconditions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.uberfire.java.nio.fs.jgit.JGitFileSystemProvider;
import org.uberfire.java.nio.fs.jgit.daemon.common.PortUtil;
import org.uberfire.java.nio.security.FileSystemAuthenticator;
import org.uberfire.java.nio.security.FileSystemAuthorizer;
import org.uberfire.java.nio.security.FileSystemUser;
import org.uberfire.java.nio.security.SSHAuthenticator;

/* loaded from: input_file:WEB-INF/lib/uberfire-nio2-jgit-2.19.0-SNAPSHOT.jar:org/uberfire/java/nio/fs/jgit/daemon/ssh/GitSSHService.class */
public class GitSSHService {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) GitSSHService.class);
    private final List<BuiltinCiphers> managedCiphers = Collections.unmodifiableList(Arrays.asList(BuiltinCiphers.aes128ctr, BuiltinCiphers.aes192ctr, BuiltinCiphers.aes256ctr, BuiltinCiphers.arcfour256, BuiltinCiphers.arcfour128, BuiltinCiphers.aes192cbc, BuiltinCiphers.aes256cbc));
    private final List<BuiltinMacs> managedMACs = Collections.unmodifiableList(Arrays.asList(BuiltinMacs.hmacmd5, BuiltinMacs.hmacsha1, BuiltinMacs.hmacsha256, BuiltinMacs.hmacsha512, BuiltinMacs.hmacsha196, BuiltinMacs.hmacmd596));
    private SshServer sshd;
    private FileSystemAuthenticator fileSystemAuthenticator;
    private FileSystemAuthorizer fileSystemAuthorizer;
    private SSHAuthenticator sshAuthenticator;

    private SshServer buildSshServer(String str, String str2) {
        return ServerBuilder.builder().cipherFactories(NamedFactory.setUpBuiltinFactories(false, checkAndSetGitCiphers(str))).macFactories(NamedFactory.setUpBuiltinFactories(false, checkAndSetGitMacs(str2))).build();
    }

    public void setup(File file, InetSocketAddress inetSocketAddress, String str, String str2, ReceivePackFactory receivePackFactory, UploadPackFactory uploadPackFactory, JGitFileSystemProvider.RepositoryResolverImpl<BaseGitCommand> repositoryResolverImpl, ExecutorService executorService) {
        setup(file, inetSocketAddress, str, str2, receivePackFactory, uploadPackFactory, repositoryResolverImpl, executorService, null, null);
    }

    public void setup(File file, InetSocketAddress inetSocketAddress, String str, String str2, ReceivePackFactory receivePackFactory, UploadPackFactory uploadPackFactory, JGitFileSystemProvider.RepositoryResolverImpl<BaseGitCommand> repositoryResolverImpl, ExecutorService executorService, String str3, String str4) {
        PortablePreconditions.checkNotNull("certDir", file);
        PortablePreconditions.checkNotEmpty("sshIdleTimeout", str);
        PortablePreconditions.checkNotEmpty("algorithm", str2);
        PortablePreconditions.checkNotNull("receivePackFactory", receivePackFactory);
        PortablePreconditions.checkNotNull("uploadPackFactory", uploadPackFactory);
        PortablePreconditions.checkNotNull("repositoryResolver", repositoryResolverImpl);
        buildSSHServer(str3, str4);
        this.sshd.getProperties().put(FactoryManager.IDLE_TIMEOUT, str);
        if (inetSocketAddress != null) {
            this.sshd.setHost(inetSocketAddress.getHostName());
            this.sshd.setPort(PortUtil.validateOrGetNew(inetSocketAddress.getPort()));
            if (inetSocketAddress.getPort() != this.sshd.getPort()) {
                LOG.error("SSH for Git original port {} not available, new free port {} assigned.", Integer.valueOf(inetSocketAddress.getPort()), Integer.valueOf(this.sshd.getPort()));
            }
        }
        if (!file.exists()) {
            file.mkdirs();
        }
        SimpleGeneratorHostKeyProvider simpleGeneratorHostKeyProvider = new SimpleGeneratorHostKeyProvider(new File(file, "hostkey.ser"));
        try {
            SecurityUtils.getKeyPairGenerator(str2);
            simpleGeneratorHostKeyProvider.setAlgorithm(str2);
            this.sshd.setKeyPairProvider(simpleGeneratorHostKeyProvider);
            this.sshd.setCommandFactory(str5 -> {
                return str5.startsWith(RemoteConfig.DEFAULT_UPLOAD_PACK) ? new GitUploadCommand(str5, repositoryResolverImpl, getAuthorizationManager(), uploadPackFactory, executorService) : str5.startsWith(RemoteConfig.DEFAULT_RECEIVE_PACK) ? new GitReceiveCommand(str5, repositoryResolverImpl, getAuthorizationManager(), receivePackFactory, executorService) : new UnknownCommand(str5);
            });
            this.sshd.setPublickeyAuthenticator(new CachingPublicKeyAuthenticator((str6, publicKey, serverSession) -> {
                FileSystemUser authenticate = getSshAuthenticator().authenticate(str6, publicKey);
                if (authenticate == null) {
                    return false;
                }
                serverSession.setAttribute(BaseGitCommand.SUBJECT_KEY, authenticate);
                return true;
            }));
            this.sshd.setPasswordAuthenticator((str7, str8, serverSession2) -> {
                FileSystemUser authenticate = getUserPassAuthenticator().authenticate(str7, str8);
                if (authenticate == null) {
                    return false;
                }
                serverSession2.setAttribute(BaseGitCommand.SUBJECT_KEY, authenticate);
                return true;
            });
        } catch (Exception e) {
            throw new RuntimeException(String.format("Can't use '%s' algorithm for ssh key pair generator.", str2), e);
        }
    }

    private void buildSSHServer(String str, String str2) {
        this.sshd = buildSshServer(str, str2);
    }

    private List<BuiltinCiphers> checkAndSetGitCiphers(String str) {
        if (str == null || str.isEmpty()) {
            return this.managedCiphers;
        }
        ArrayList arrayList = new ArrayList();
        Iterator it = Arrays.asList(str.split(",")).iterator();
        while (it.hasNext()) {
            BuiltinCiphers fromFactoryName = BuiltinCiphers.fromFactoryName(((String) it.next()).trim().toLowerCase());
            if (fromFactoryName == null || !this.managedCiphers.contains(fromFactoryName)) {
                LOG.warn("Cipher {} not handled in git ssh configuration. ", fromFactoryName);
            } else {
                arrayList.add(fromFactoryName);
                LOG.info("Added Cipher {} to the git ssh configuration. ", fromFactoryName);
            }
        }
        return arrayList;
    }

    private List<BuiltinMacs> checkAndSetGitMacs(String str) {
        if (str == null || str.isEmpty()) {
            return this.managedMACs;
        }
        ArrayList arrayList = new ArrayList();
        Iterator it = Arrays.asList(str.split(",")).iterator();
        while (it.hasNext()) {
            BuiltinMacs fromFactoryName = BuiltinMacs.fromFactoryName(((String) it.next()).trim().toLowerCase());
            if (fromFactoryName == null || !this.managedMACs.contains(fromFactoryName)) {
                LOG.warn("MAC {} not handled in git ssh configuration. ", fromFactoryName);
            } else {
                arrayList.add(fromFactoryName);
                LOG.info("Added MAC {} to the git ssh configuration. ", fromFactoryName);
            }
        }
        return arrayList;
    }

    public void stop() {
        try {
            this.sshd.stop(true);
        } catch (IOException e) {
        }
    }

    public void start() {
        try {
            this.sshd.start();
        } catch (IOException e) {
            throw new RuntimeException("Couldn't start SSH daemon at " + this.sshd.getHost() + ":" + this.sshd.getPort(), e);
        }
    }

    public boolean isRunning() {
        return (this.sshd.isClosed() || this.sshd.isClosing()) ? false : true;
    }

    SshServer getSshServer() {
        return this.sshd;
    }

    public Map<String, Object> getProperties() {
        return Collections.unmodifiableMap(this.sshd.getProperties());
    }

    public FileSystemAuthenticator getUserPassAuthenticator() {
        return this.fileSystemAuthenticator;
    }

    public void setUserPassAuthenticator(FileSystemAuthenticator fileSystemAuthenticator) {
        this.fileSystemAuthenticator = fileSystemAuthenticator;
    }

    public FileSystemAuthorizer getAuthorizationManager() {
        return this.fileSystemAuthorizer;
    }

    public void setAuthorizationManager(FileSystemAuthorizer fileSystemAuthorizer) {
        this.fileSystemAuthorizer = fileSystemAuthorizer;
    }

    public SSHAuthenticator getSshAuthenticator() {
        return this.sshAuthenticator;
    }

    public void setSshAuthenticator(SSHAuthenticator sSHAuthenticator) {
        this.sshAuthenticator = sSHAuthenticator;
    }

    public List<BuiltinCiphers> getManagedCiphers() {
        return this.managedCiphers;
    }

    public List<BuiltinMacs> getManagedMACs() {
        return this.managedMACs;
    }
}
