package org.uberfire.java.nio.fs.jgit.daemon.ssh;

import java.io.File;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.security.InvalidKeyException;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Map;
import java.util.concurrent.ExecutorService;
import org.apache.sshd.SshServer;
import org.apache.sshd.common.Cipher;
import org.apache.sshd.common.NamedFactory;
import org.apache.sshd.common.cipher.AES128CTR;
import org.apache.sshd.common.cipher.AES192CBC;
import org.apache.sshd.common.cipher.AES256CBC;
import org.apache.sshd.common.cipher.AES256CTR;
import org.apache.sshd.common.cipher.ARCFOUR128;
import org.apache.sshd.common.cipher.ARCFOUR256;
import org.apache.sshd.common.compression.CompressionNone;
import org.apache.sshd.common.file.nativefs.NativeFileSystemFactory;
import org.apache.sshd.common.forward.DefaultTcpipForwarderFactory;
import org.apache.sshd.common.forward.TcpipServerChannel;
import org.apache.sshd.common.mac.HMACMD5;
import org.apache.sshd.common.mac.HMACMD596;
import org.apache.sshd.common.mac.HMACSHA1;
import org.apache.sshd.common.mac.HMACSHA196;
import org.apache.sshd.common.mac.HMACSHA256;
import org.apache.sshd.common.mac.HMACSHA512;
import org.apache.sshd.common.random.BouncyCastleRandom;
import org.apache.sshd.common.random.JceRandom;
import org.apache.sshd.common.random.SingletonRandomFactory;
import org.apache.sshd.common.signature.SignatureDSA;
import org.apache.sshd.common.signature.SignatureECDSA;
import org.apache.sshd.common.signature.SignatureRSA;
import org.apache.sshd.common.util.SecurityUtils;
import org.apache.sshd.server.Command;
import org.apache.sshd.server.CommandFactory;
import org.apache.sshd.server.PasswordAuthenticator;
import org.apache.sshd.server.channel.ChannelSession;
import org.apache.sshd.server.command.UnknownCommand;
import org.apache.sshd.server.global.CancelTcpipForwardHandler;
import org.apache.sshd.server.global.KeepAliveHandler;
import org.apache.sshd.server.global.NoMoreSessionsHandler;
import org.apache.sshd.server.global.TcpipForwardHandler;
import org.apache.sshd.server.kex.DHG1;
import org.apache.sshd.server.kex.DHG14;
import org.apache.sshd.server.kex.DHGEX;
import org.apache.sshd.server.kex.DHGEX256;
import org.apache.sshd.server.kex.ECDHP256;
import org.apache.sshd.server.kex.ECDHP384;
import org.apache.sshd.server.kex.ECDHP521;
import org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider;
import org.apache.sshd.server.session.ServerSession;
import org.eclipse.jgit.transport.resolver.ReceivePackFactory;
import org.uberfire.commons.validation.PortablePreconditions;
import org.uberfire.java.nio.fs.jgit.JGitFileSystemProvider;
import org.uberfire.java.nio.security.FileSystemAuthenticator;
import org.uberfire.java.nio.security.FileSystemAuthorizer;
import org.uberfire.java.nio.security.FileSystemUser;

/* loaded from: input_file:org/uberfire/java/nio/fs/jgit/daemon/ssh/GitSSHService.class */
public class GitSSHService {
    private final SshServer sshd = buildSshServer();
    private FileSystemAuthenticator fileSystemAuthenticator;
    private FileSystemAuthorizer fileSystemAuthorizer;
    private ExecutorService executorService;

    public static SshServer buildSshServer() {
        SshServer sshServer = new SshServer();
        if (SecurityUtils.isBouncyCastleRegistered()) {
            sshServer.setKeyExchangeFactories(Arrays.asList(new DHGEX256.Factory(), new DHGEX.Factory(), new ECDHP256.Factory(), new ECDHP384.Factory(), new ECDHP521.Factory(), new DHG14.Factory(), new DHG1.Factory()));
            sshServer.setSignatureFactories(Arrays.asList(new SignatureECDSA.NISTP256Factory(), new SignatureECDSA.NISTP384Factory(), new SignatureECDSA.NISTP521Factory(), new SignatureDSA.Factory(), new SignatureRSA.Factory()));
            sshServer.setRandomFactory(new SingletonRandomFactory(new BouncyCastleRandom.Factory()));
        } else if (SecurityUtils.hasEcc()) {
            sshServer.setKeyExchangeFactories(Arrays.asList(new DHGEX256.Factory(), new DHGEX.Factory(), new ECDHP256.Factory(), new ECDHP384.Factory(), new ECDHP521.Factory(), new DHG1.Factory()));
            sshServer.setSignatureFactories(Arrays.asList(new SignatureECDSA.NISTP256Factory(), new SignatureECDSA.NISTP384Factory(), new SignatureECDSA.NISTP521Factory(), new SignatureDSA.Factory(), new SignatureRSA.Factory()));
            sshServer.setRandomFactory(new SingletonRandomFactory(new JceRandom.Factory()));
        } else {
            sshServer.setKeyExchangeFactories(Arrays.asList(new DHGEX256.Factory(), new DHGEX.Factory(), new DHG1.Factory()));
            sshServer.setSignatureFactories(Arrays.asList(new SignatureDSA.Factory(), new SignatureRSA.Factory()));
            sshServer.setRandomFactory(new SingletonRandomFactory(new JceRandom.Factory()));
        }
        setUpDefaultCiphers(sshServer);
        sshServer.setCompressionFactories(Arrays.asList(new CompressionNone.Factory()));
        sshServer.setMacFactories(Arrays.asList(new HMACSHA256.Factory(), new HMACSHA512.Factory(), new HMACSHA1.Factory(), new HMACMD5.Factory(), new HMACSHA196.Factory(), new HMACMD596.Factory()));
        sshServer.setChannelFactories(Arrays.asList(new ChannelSession.Factory(), new TcpipServerChannel.DirectTcpipFactory()));
        sshServer.setFileSystemFactory(new NativeFileSystemFactory());
        sshServer.setTcpipForwarderFactory(new DefaultTcpipForwarderFactory());
        sshServer.setGlobalRequestHandlers(Arrays.asList(new KeepAliveHandler(), new NoMoreSessionsHandler(), new TcpipForwardHandler(), new CancelTcpipForwardHandler()));
        return sshServer;
    }

    private static void setUpDefaultCiphers(SshServer sshServer) {
        LinkedList linkedList = new LinkedList();
        linkedList.add(new AES128CTR.Factory());
        linkedList.add(new AES256CTR.Factory());
        linkedList.add(new ARCFOUR128.Factory());
        linkedList.add(new ARCFOUR256.Factory());
        linkedList.add(new AES192CBC.Factory());
        linkedList.add(new AES256CBC.Factory());
        Iterator it = linkedList.iterator();
        while (it.hasNext()) {
            try {
                Cipher cipher = (Cipher) ((NamedFactory) it.next()).create();
                cipher.init(Cipher.Mode.Encrypt, new byte[cipher.getBlockSize()], new byte[cipher.getIVSize()]);
            } catch (InvalidKeyException e) {
                it.remove();
            } catch (Exception e2) {
                it.remove();
            }
        }
        sshServer.setCipherFactories(linkedList);
    }

    public void setup(File file, InetSocketAddress inetSocketAddress, String str, String str2, final ReceivePackFactory receivePackFactory, final JGitFileSystemProvider.RepositoryResolverImpl<BaseGitCommand> repositoryResolverImpl, final ExecutorService executorService) {
        PortablePreconditions.checkNotNull("certDir", file);
        PortablePreconditions.checkNotEmpty("sshIdleTimeout", str);
        PortablePreconditions.checkNotEmpty("algorithm", str2);
        PortablePreconditions.checkNotNull("receivePackFactory", receivePackFactory);
        PortablePreconditions.checkNotNull("repositoryResolver", repositoryResolverImpl);
        PortablePreconditions.checkNotNull("executorService", executorService);
        this.executorService = executorService;
        this.sshd.getProperties().put("idle-timeout", str);
        if (inetSocketAddress != null) {
            this.sshd.setHost(inetSocketAddress.getHostName());
            this.sshd.setPort(inetSocketAddress.getPort());
        }
        if (!file.exists()) {
            file.mkdirs();
        }
        SimpleGeneratorHostKeyProvider simpleGeneratorHostKeyProvider = new SimpleGeneratorHostKeyProvider(new File(file, "hostkey.ser").getAbsolutePath());
        try {
            SecurityUtils.getKeyPairGenerator(str2);
            simpleGeneratorHostKeyProvider.setAlgorithm(str2);
            this.sshd.setKeyPairProvider(simpleGeneratorHostKeyProvider);
            this.sshd.setCommandFactory(new CommandFactory() { // from class: org.uberfire.java.nio.fs.jgit.daemon.ssh.GitSSHService.1
                public Command createCommand(String str3) {
                    return str3.startsWith("git-upload-pack") ? new GitUploadCommand(str3, repositoryResolverImpl, GitSSHService.this.getAuthorizationManager(), executorService) : str3.startsWith("git-receive-pack") ? new GitReceiveCommand(str3, repositoryResolverImpl, GitSSHService.this.getAuthorizationManager(), receivePackFactory, executorService) : new UnknownCommand(str3);
                }
            });
            this.sshd.setPasswordAuthenticator(new PasswordAuthenticator() { // from class: org.uberfire.java.nio.fs.jgit.daemon.ssh.GitSSHService.2
                public boolean authenticate(String str3, String str4, ServerSession serverSession) {
                    FileSystemUser authenticate = GitSSHService.this.getUserPassAuthenticator().authenticate(str3, str4);
                    if (authenticate == null) {
                        return false;
                    }
                    serverSession.setAttribute(BaseGitCommand.SUBJECT_KEY, authenticate);
                    return true;
                }
            });
        } catch (Exception e) {
            throw new RuntimeException(String.format("Can't use '%s' algorithm for ssh key pair generator.", str2), e);
        }
    }

    public void stop() {
        try {
            this.sshd.stop(true);
        } catch (InterruptedException e) {
        }
    }

    public void start() {
        try {
            this.sshd.start();
        } catch (IOException e) {
            throw new RuntimeException("Couldn't start SSH daemon at " + this.sshd.getHost() + ":" + this.sshd.getPort(), e);
        }
    }

    public boolean isRunning() {
        return (this.sshd.isClosed() || this.sshd.isClosing()) ? false : true;
    }

    SshServer getSshServer() {
        return this.sshd;
    }

    public Map<String, String> getProperties() {
        return Collections.unmodifiableMap(this.sshd.getProperties());
    }

    public FileSystemAuthenticator getUserPassAuthenticator() {
        return this.fileSystemAuthenticator;
    }

    public void setUserPassAuthenticator(FileSystemAuthenticator fileSystemAuthenticator) {
        this.fileSystemAuthenticator = fileSystemAuthenticator;
    }

    public FileSystemAuthorizer getAuthorizationManager() {
        return this.fileSystemAuthorizer;
    }

    public void setAuthorizationManager(FileSystemAuthorizer fileSystemAuthorizer) {
        this.fileSystemAuthorizer = fileSystemAuthorizer;
    }
}
