package com.sshtools.common.auth;

import com.sshtools.common.logger.Log;
import com.sshtools.common.policy.AuthenticationPolicy;
import com.sshtools.common.publickey.SshPublicKeyFileFactory;
import com.sshtools.common.ssh.ConnectionAwareTask;
import com.sshtools.common.ssh.Context;
import com.sshtools.common.ssh.ExecutorOperationSupport;
import com.sshtools.common.ssh.SshConnection;
import com.sshtools.common.ssh.SshException;
import com.sshtools.common.ssh.components.SshPublicKey;
import com.sshtools.common.sshd.AbstractServerTransport;
import com.sshtools.common.sshd.SshMessage;
import com.sshtools.common.util.ByteArrayReader;
import com.sshtools.common.util.ByteArrayWriter;
import com.sshtools.synergy.ssh.ConnectionProtocol;
import java.io.IOException;
import java.net.InetAddress;
import java.nio.ByteBuffer;

/* loaded from: input_file:com/sshtools/common/auth/PublicKeyAuthentication.class */
public class PublicKeyAuthentication<C extends Context> implements AuthenticationMechanism {
    public static final int SSH_MSG_USERAUTH_PK_OK = 60;
    AbstractServerTransport<C> transport;
    AbstractAuthenticationProtocol<C> authentication;
    SshConnection con;
    PublicKeyAuthenticationProvider[] providers;
    public static final String AUTHENTICATION_METHOD = "publickey";

    /* loaded from: input_file:com/sshtools/common/auth/PublicKeyAuthentication$PublicKeyAuthenticationTask.class */
    class PublicKeyAuthenticationTask extends ConnectionAwareTask {
        String username;
        byte[] msg;

        PublicKeyAuthenticationTask(SshConnection sshConnection, String str, byte[] bArr) {
            super(sshConnection);
            this.username = str;
            this.msg = bArr;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        /* JADX WARN: Finally extract failed */
        @Override // com.sshtools.common.ssh.ConnectionAwareTask
        public void doTask() {
            ByteArrayReader byteArrayReader = new ByteArrayReader(this.msg);
            try {
                try {
                    boolean z = byteArrayReader.read() != 0;
                    final String readString = byteArrayReader.readString();
                    if (!PublicKeyAuthentication.this.transport.mo630getContext().getComponentManager().supportedPublicKeys().contains(readString)) {
                        PublicKeyAuthentication.this.authentication.failedAuthentication();
                        if (Log.isDebugEnabled()) {
                            Log.debug("Unsupported public key algorithm", new Object[0]);
                        }
                        byteArrayReader.close();
                        return;
                    }
                    final byte[] readBinaryString = byteArrayReader.readBinaryString();
                    if (z) {
                        byte[] readBinaryString2 = byteArrayReader.readBinaryString();
                        SshPublicKey lookupAuthorizedKey = PublicKeyAuthentication.this.lookupAuthorizedKey(readString, readBinaryString, this.con, this.con.getRemoteAddress(), z);
                        if (lookupAuthorizedKey != null) {
                            ByteArrayWriter byteArrayWriter = new ByteArrayWriter();
                            try {
                                try {
                                    byteArrayWriter.writeBinaryString(PublicKeyAuthentication.this.transport.getSessionKey());
                                    byteArrayWriter.write(50);
                                    byteArrayWriter.writeString(this.username);
                                    byteArrayWriter.writeString(ConnectionProtocol.SERVICE_NAME);
                                    byteArrayWriter.writeString("publickey");
                                    byteArrayWriter.write(1);
                                    byteArrayWriter.writeString(readString);
                                    byteArrayWriter.writeBinaryString(readBinaryString);
                                    if (lookupAuthorizedKey.verifySignature(readBinaryString2, byteArrayWriter.toByteArray())) {
                                        PublicKeyAuthentication.this.authentication.completedAuthentication();
                                    } else {
                                        PublicKeyAuthentication.this.authentication.failedAuthentication();
                                    }
                                    byteArrayWriter.close();
                                } catch (Throwable th) {
                                    byteArrayWriter.close();
                                    throw th;
                                }
                            } catch (SshException e) {
                                Log.error("Received SSH exception", e, new Object[0]);
                                throw new IOException();
                            }
                        } else {
                            PublicKeyAuthentication.this.authentication.failedAuthentication();
                        }
                    } else {
                        Integer num = (Integer) this.con.getProperty("publickey.max.verify");
                        Integer num2 = num == null ? new Integer(1) : new Integer(num.intValue() + 1);
                        this.con.setProperty("publickey.max.verify", num2);
                        if (num2.intValue() > ((AuthenticationPolicy) PublicKeyAuthentication.this.transport.mo630getContext().getPolicy(AuthenticationPolicy.class)).getMaximumPublicKeyVerificationAttempts()) {
                            PublicKeyAuthentication.this.transport.disconnect(14, "Too many publickey verification attempts were made.");
                            byteArrayReader.close();
                            return;
                        } else if (PublicKeyAuthentication.this.lookupAuthorizedKey(readString, readBinaryString, this.con, this.con.getRemoteAddress(), z) != null) {
                            PublicKeyAuthentication.this.authentication.discardAuthentication();
                            PublicKeyAuthentication.this.transport.postMessage(new SshMessage() { // from class: com.sshtools.common.auth.PublicKeyAuthentication.PublicKeyAuthenticationTask.1
                                @Override // com.sshtools.common.sshd.SshMessage
                                public boolean writeMessageIntoBuffer(ByteBuffer byteBuffer) {
                                    byteBuffer.put((byte) 60);
                                    byteBuffer.putInt(readString.length());
                                    byteBuffer.put(readString.getBytes());
                                    byteBuffer.putInt(readBinaryString.length);
                                    byteBuffer.put(readBinaryString);
                                    return true;
                                }

                                @Override // com.sshtools.common.sshd.SshMessage
                                public void messageSent(Long l) {
                                    if (Log.isDebugEnabled()) {
                                        Log.debug("Sent SSH_MSG_USERAUTH_PK_OK", new Object[0]);
                                    }
                                }
                            });
                        } else {
                            PublicKeyAuthentication.this.authentication.failedAuthentication(false, !((AuthenticationPolicy) PublicKeyAuthentication.this.transport.mo630getContext().getPolicy(AuthenticationPolicy.class)).isPublicKeyVerificationFailedAuth());
                        }
                    }
                    byteArrayReader.close();
                } catch (IOException e2) {
                    if (Log.isDebugEnabled()) {
                        Log.error("Failed to authenticate public key", e2, new Object[0]);
                    }
                    PublicKeyAuthentication.this.transport.disconnect(2, e2.getMessage());
                    byteArrayReader.close();
                }
            } catch (Throwable th2) {
                byteArrayReader.close();
                throw th2;
            }
        }
    }

    public PublicKeyAuthentication(AbstractServerTransport<C> abstractServerTransport, AbstractAuthenticationProtocol<C> abstractAuthenticationProtocol, SshConnection sshConnection, PublicKeyAuthenticationProvider[] publicKeyAuthenticationProviderArr) {
        this.transport = abstractServerTransport;
        this.authentication = abstractAuthenticationProtocol;
        this.con = sshConnection;
        this.providers = publicKeyAuthenticationProviderArr;
    }

    @Override // com.sshtools.common.auth.AuthenticationMechanism
    public String getMethod() {
        return "publickey";
    }

    @Override // com.sshtools.common.auth.AuthenticationMechanism
    public boolean startRequest(String str, byte[] bArr) throws IOException {
        this.transport.addTask(ExecutorOperationSupport.EVENTS, new PublicKeyAuthenticationTask(this.con, str, bArr));
        return true;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public SshPublicKey lookupAuthorizedKey(String str, byte[] bArr, SshConnection sshConnection, InetAddress inetAddress, boolean z) {
        try {
            SshPublicKey decodeSSH2PublicKey = SshPublicKeyFileFactory.decodeSSH2PublicKey(str, bArr);
            if (sshConnection.getProperty(decodeSSH2PublicKey.getFingerprint()) != null) {
                return decodeSSH2PublicKey;
            }
            if (this.providers == null) {
                return null;
            }
            for (PublicKeyAuthenticationProvider publicKeyAuthenticationProvider : this.providers) {
                if (publicKeyAuthenticationProvider.checkKey(decodeSSH2PublicKey, sshConnection)) {
                    sshConnection.setProperty(decodeSSH2PublicKey.getFingerprint(), decodeSSH2PublicKey);
                    return decodeSSH2PublicKey;
                }
            }
            return null;
        } catch (SshException e) {
            if (!Log.isDebugEnabled()) {
                return null;
            }
            Log.debug("Client provided unreadable key for authentication", e, new Object[0]);
            return null;
        } catch (IOException e2) {
            if (Log.isDebugEnabled()) {
                Log.error("Failed to lookup authorized key", e2, new Object[0]);
            }
            this.transport.disconnect(11, e2.getMessage());
            return null;
        }
    }

    @Override // com.sshtools.common.auth.AuthenticationMechanism
    public boolean processMessage(byte[] bArr) throws IOException {
        return false;
    }
}
