package org.springframework.cloud.config.server.ssh;

import java.io.BufferedReader;
import java.io.File;
import java.io.IOException;
import java.io.InputStreamReader;
import java.lang.reflect.Field;
import java.net.InetSocketAddress;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.Base64;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.StreamSupport;
import org.apache.sshd.common.config.keys.impl.ECDSAPublicKeyEntryDecoder;
import org.apache.sshd.common.session.SessionContext;
import org.assertj.core.api.Assertions;
import org.eclipse.jgit.transport.CredentialsProvider;
import org.eclipse.jgit.transport.SshConfigStore;
import org.eclipse.jgit.transport.sshd.ProxyData;
import org.eclipse.jgit.transport.sshd.ProxyDataFactory;
import org.eclipse.jgit.transport.sshd.ServerKeyDatabase;
import org.eclipse.jgit.transport.sshd.SshdSessionFactory;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mockito;
import org.mockito.junit.MockitoJUnitRunner;
import org.springframework.cloud.config.server.environment.JGitEnvironmentProperties;
import org.springframework.cloud.config.server.proxy.ProxyHostProperties;
import org.springframework.core.io.ClassPathResource;

@RunWith(MockitoJUnitRunner.class)
/* loaded from: input_file:org/springframework/cloud/config/server/ssh/PropertyBasedSshSessionFactoryTest.class */
public class PropertyBasedSshSessionFactoryTest {
    private static final String HOST_KEY = "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMzCa0AcNbahUFjFYJHIilhJOhKFHuDOOuY+/HqV9kALftitwNYo6dQ+tC9IK5JVZCZfqKfDWVMxspcPDf9eMoE=";
    private static final String HOST_KEY_ALGORITHM = "ecdsa-sha2-nistp256";
    private static final String PRIVATE_KEY = getResourceAsString("/ssh/key");
    private PropertyBasedSshSessionFactory factory;

    public static String getResourceAsString(String str) {
        try {
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(new ClassPathResource(str).getInputStream()));
            try {
                StringBuilder sb = new StringBuilder();
                while (true) {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        String sb2 = sb.toString();
                        bufferedReader.close();
                        return sb2;
                    }
                    sb.append(readLine).append('\n');
                }
            } finally {
            }
        } catch (IOException e) {
            throw new IllegalStateException(e);
        }
    }

    @Test
    public void strictHostKeyCheckingIsOptional() {
        JGitEnvironmentProperties jGitEnvironmentProperties = new JGitEnvironmentProperties();
        jGitEnvironmentProperties.setUri("ssh://gitlab.example.local:3322/somerepo.git");
        jGitEnvironmentProperties.setPrivateKey(PRIVATE_KEY);
        setupSessionFactory(jGitEnvironmentProperties);
        Assertions.assertThat(getSshHostConfig("gitlab.example.local").getValue("StrictHostKeyChecking")).isEqualTo("no");
    }

    @Test
    public void strictHostKeyCheckingIsUsed() {
        JGitEnvironmentProperties jGitEnvironmentProperties = new JGitEnvironmentProperties();
        jGitEnvironmentProperties.setUri("ssh://gitlab.example.local:3322/somerepo.git");
        jGitEnvironmentProperties.setHostKey(HOST_KEY);
        jGitEnvironmentProperties.setPrivateKey(PRIVATE_KEY);
        setupSessionFactory(jGitEnvironmentProperties);
        Assertions.assertThat(getSshHostConfig("gitlab.example.local").getValue("StrictHostKeyChecking")).isEqualTo("yes");
    }

    @Test
    public void sshConfigIsUsedForRelevantHostOnly() {
        JGitEnvironmentProperties jGitEnvironmentProperties = new JGitEnvironmentProperties();
        jGitEnvironmentProperties.setUri("ssh://gitlab.example.local:3322/somerepo.git");
        jGitEnvironmentProperties.setHostKeyAlgorithm(HOST_KEY_ALGORITHM);
        jGitEnvironmentProperties.setHostKey(HOST_KEY);
        jGitEnvironmentProperties.setPrivateKey(PRIVATE_KEY);
        setupSessionFactory(jGitEnvironmentProperties);
        PublicKey publicKey = toPublicKey(HOST_KEY, HOST_KEY_ALGORITHM);
        Assertions.assertThat(getSshHostConfig("another.host").getValue("StrictHostKeyChecking")).isNull();
        Assertions.assertThat(isKnownKeyForHost(publicKey, "another.host")).isFalse();
    }

    @Test
    public void hostKeyAlgorithmIsSpecified() {
        JGitEnvironmentProperties jGitEnvironmentProperties = new JGitEnvironmentProperties();
        jGitEnvironmentProperties.setUri("ssh://gitlab.example.local:3322/somerepo.git");
        jGitEnvironmentProperties.setHostKeyAlgorithm(HOST_KEY_ALGORITHM);
        jGitEnvironmentProperties.setHostKey(HOST_KEY);
        jGitEnvironmentProperties.setPrivateKey(PRIVATE_KEY);
        setupSessionFactory(jGitEnvironmentProperties);
        PublicKey sshHostKey = getSshHostKey("gitlab.example.local");
        Assertions.assertThat(sshHostKey).isNotNull();
        Assertions.assertThat(sshHostKey.getAlgorithm()).isEqualTo(toPublicKey(HOST_KEY, HOST_KEY_ALGORITHM).getAlgorithm());
    }

    @Test
    public void privateKeyIsUsed() {
        JGitEnvironmentProperties jGitEnvironmentProperties = new JGitEnvironmentProperties();
        jGitEnvironmentProperties.setUri("git@gitlab.example.local:someorg/somerepo.git");
        jGitEnvironmentProperties.setPrivateKey(PRIVATE_KEY);
        setupSessionFactory(jGitEnvironmentProperties);
        PrivateKey sshPrivateKey = getSshPrivateKey("gitlab.example.local");
        Assertions.assertThat(sshPrivateKey).isNotNull();
        Assertions.assertThat(sshPrivateKey).isEqualTo(toPrivateKey(PRIVATE_KEY, null));
    }

    @Test
    public void privateKeyWithPassphraseIsUsed() {
        String resourceAsString = getResourceAsString("/ssh/key-with-passphrase");
        JGitEnvironmentProperties jGitEnvironmentProperties = new JGitEnvironmentProperties();
        jGitEnvironmentProperties.setUri("git@gitlab.example.local:someorg/somerepo.git");
        jGitEnvironmentProperties.setPrivateKey(resourceAsString);
        jGitEnvironmentProperties.setPassphrase("secret");
        setupSessionFactory(jGitEnvironmentProperties);
        PrivateKey sshPrivateKey = getSshPrivateKey("gitlab.example.local");
        Assertions.assertThat(sshPrivateKey).isNotNull();
        Assertions.assertThat(sshPrivateKey).isEqualTo(toPrivateKey(resourceAsString, "secret"));
    }

    @Test
    public void hostKeyIsUsed() {
        JGitEnvironmentProperties jGitEnvironmentProperties = new JGitEnvironmentProperties();
        jGitEnvironmentProperties.setUri("git@gitlab.example.local:someorg/somerepo.git");
        jGitEnvironmentProperties.setHostKeyAlgorithm(HOST_KEY_ALGORITHM);
        jGitEnvironmentProperties.setHostKey(HOST_KEY);
        jGitEnvironmentProperties.setPrivateKey(PRIVATE_KEY);
        setupSessionFactory(jGitEnvironmentProperties);
        PublicKey publicKey = toPublicKey(HOST_KEY, HOST_KEY_ALGORITHM);
        PublicKey sshHostKey = getSshHostKey("gitlab.example.local");
        Assertions.assertThat(sshHostKey).isNotNull();
        Assertions.assertThat(sshHostKey).isEqualTo(publicKey);
        Assertions.assertThat(isKnownKeyForHost(publicKey, "gitlab.example.local")).isTrue();
    }

    @Test
    public void preferredAuthenticationsIsSpecified() {
        JGitEnvironmentProperties jGitEnvironmentProperties = new JGitEnvironmentProperties();
        jGitEnvironmentProperties.setUri("ssh://gitlab.example.local:3322/somerepo.git");
        jGitEnvironmentProperties.setPrivateKey(PRIVATE_KEY);
        jGitEnvironmentProperties.setPreferredAuthentications("password,keyboard-interactive");
        setupSessionFactory(jGitEnvironmentProperties);
        SshConfigStore.HostConfig sshHostConfig = getSshHostConfig("gitlab.example.local");
        Assertions.assertThat(sshHostConfig.getValue("PreferredAuthentications")).isEqualTo("password,keyboard-interactive");
        Assertions.assertThat(sshHostConfig.getValue("StrictHostKeyChecking")).isEqualTo("no");
    }

    @Test
    public void customKnownHostsFileIsUsed() throws IOException {
        JGitEnvironmentProperties jGitEnvironmentProperties = new JGitEnvironmentProperties();
        jGitEnvironmentProperties.setUri("git@gitlab.example.local:someorg/somerepo.git");
        jGitEnvironmentProperties.setPrivateKey(PRIVATE_KEY);
        jGitEnvironmentProperties.setKnownHostsFile(new ClassPathResource("/ssh/known_hosts").getFile().getPath());
        setupSessionFactory(jGitEnvironmentProperties);
        PublicKey publicKey = toPublicKey(HOST_KEY, HOST_KEY_ALGORITHM);
        PublicKey sshHostKey = getSshHostKey("gitlab.example.local");
        Assertions.assertThat(sshHostKey).isNotNull();
        Assertions.assertThat(sshHostKey).isEqualTo(publicKey);
        Assertions.assertThat(isKnownKeyForHost(publicKey, "gitlab.example.local")).isTrue();
    }

    @Test
    public void proxySettingsIsUsed() {
        JGitEnvironmentProperties jGitEnvironmentProperties = new JGitEnvironmentProperties();
        jGitEnvironmentProperties.setUri("ssh://gitlab.example.local:3322/somerepo.git");
        jGitEnvironmentProperties.setPrivateKey(PRIVATE_KEY);
        HashMap hashMap = new HashMap();
        ProxyHostProperties proxyHostProperties = new ProxyHostProperties();
        proxyHostProperties.setHost("host.domain");
        proxyHostProperties.setPort(8080);
        proxyHostProperties.setUsername("user");
        proxyHostProperties.setPassword("password");
        hashMap.put(ProxyHostProperties.ProxyForScheme.HTTP, proxyHostProperties);
        jGitEnvironmentProperties.setProxy(hashMap);
        setupSessionFactory(jGitEnvironmentProperties);
        ProxyData sshProxyData = getSshProxyData("gitlab.example.local");
        Assertions.assertThat(sshProxyData.getUser()).isEqualTo("user");
        Assertions.assertThat(new String(sshProxyData.getPassword())).isEqualTo("password");
        Assertions.assertThat(sshProxyData.getProxy().type().toString()).isEqualTo("HTTP");
        Assertions.assertThat(sshProxyData.getProxy().address().toString()).containsPattern("host\\.domain.*:8080");
    }

    @Test
    public void defaultSshConfigIsSet() {
        setupSessionFactory(new JGitEnvironmentProperties());
        SshConfigStore.HostConfig defaultSshHostConfig = getDefaultSshHostConfig("host.name", 123, "user.name");
        Assertions.assertThat(defaultSshHostConfig.getValue("HostName")).isEqualTo("host.name");
        Assertions.assertThat(defaultSshHostConfig.getValue("Port")).isEqualTo("123");
        Assertions.assertThat(defaultSshHostConfig.getValue("User")).isEqualTo("user.name");
    }

    @Test
    public void sshConfigFileIsNotUsed() {
        setupSessionFactory(new JGitEnvironmentProperties());
        Assertions.assertThat(this.factory.getSshConfig(new File("."))).isNull();
    }

    private ProxyData getSshProxyData(String str) {
        try {
            Field declaredField = SshdSessionFactory.class.getDeclaredField("proxies");
            declaredField.setAccessible(true);
            ProxyDataFactory proxyDataFactory = (ProxyDataFactory) declaredField.get(this.factory);
            declaredField.setAccessible(false);
            return proxyDataFactory.get(new InetSocketAddress(str, 22));
        } catch (IllegalAccessException | NoSuchFieldException e) {
            throw new RuntimeException(e);
        }
    }

    private PublicKey toPublicKey(String str, String str2) {
        try {
            return new ECDSAPublicKeyEntryDecoder().decodePublicKey((SessionContext) null, str2, Base64.getDecoder().decode(str), Collections.emptyMap());
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private PrivateKey toPrivateKey(String str, String str2) {
        try {
            Collection load = KeyPairUtils.load((SessionContext) null, str, str2);
            if (load.isEmpty()) {
                return null;
            }
            return ((KeyPair) load.iterator().next()).getPrivate();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private PrivateKey getSshPrivateKey(String str) {
        SessionContext sessionContext = (SessionContext) Mockito.mock(SessionContext.class);
        Mockito.when(sessionContext.getRemoteAddress()).thenReturn(new InetSocketAddress(str, 22));
        try {
            List list = (List) StreamSupport.stream(this.factory.getDefaultKeys(new File(".")).loadKeys(sessionContext).spliterator(), false).collect(Collectors.toList());
            if (list.isEmpty()) {
                return null;
            }
            return ((KeyPair) list.get(0)).getPrivate();
        } catch (IOException | GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    private PublicKey getSshHostKey(String str) {
        List lookup = this.factory.getServerKeyDatabase((File) null, (File) null).lookup("address", new InetSocketAddress(str, 22), (ServerKeyDatabase.Configuration) Mockito.mock(ServerKeyDatabase.Configuration.class));
        if (lookup.isEmpty()) {
            return null;
        }
        return (PublicKey) lookup.get(0);
    }

    private boolean isKnownKeyForHost(PublicKey publicKey, String str) {
        return this.factory.getServerKeyDatabase((File) null, (File) null).accept("address", new InetSocketAddress(str, 22), publicKey, (ServerKeyDatabase.Configuration) Mockito.mock(ServerKeyDatabase.Configuration.class), (CredentialsProvider) null);
    }

    private SshConfigStore.HostConfig getSshHostConfig(String str) {
        return this.factory.createSshConfigStore(new File("dummy"), new File("dummy"), "localUserName").lookup(str, 22, "userName");
    }

    private SshConfigStore.HostConfig getDefaultSshHostConfig(String str, int i, String str2) {
        return this.factory.createSshConfigStore(new File("dummy"), new File("dummy"), "localUserName").lookupDefault(str, i, str2);
    }

    private void setupSessionFactory(JGitEnvironmentProperties jGitEnvironmentProperties) {
        HashMap hashMap = new HashMap();
        hashMap.put(SshUriPropertyProcessor.getHostname(jGitEnvironmentProperties.getUri()), jGitEnvironmentProperties);
        this.factory = new PropertyBasedSshSessionFactory(hashMap);
    }
}
