package com.sshtools.server;

import com.sshtools.common.auth.AuthenticationMechanismFactory;
import com.sshtools.common.auth.DefaultAuthenticationMechanismFactory;
import com.sshtools.common.logger.Log;
import com.sshtools.common.publickey.InvalidPassphraseException;
import com.sshtools.common.publickey.SshKeyPairGenerator;
import com.sshtools.common.publickey.SshKeyUtils;
import com.sshtools.common.publickey.SshPrivateKeyFile;
import com.sshtools.common.publickey.SshPrivateKeyFileFactory;
import com.sshtools.common.publickey.SshPublicKeyFile;
import com.sshtools.common.publickey.SshPublicKeyFileFactory;
import com.sshtools.common.ssh.SecurityLevel;
import com.sshtools.common.ssh.SshException;
import com.sshtools.common.ssh.components.ComponentFactory;
import com.sshtools.common.ssh.components.ComponentManager;
import com.sshtools.common.ssh.components.SshCertificate;
import com.sshtools.common.ssh.components.SshKeyPair;
import com.sshtools.common.ssh.components.jce.JCEComponentManager;
import com.sshtools.common.ssh.components.jce.Ssh2RsaPublicKey;
import com.sshtools.server.components.jce.Curve25519SHA256LibSshServer;
import com.sshtools.server.components.jce.Curve25519SHA256Server;
import com.sshtools.server.components.jce.DiffieHellmanEcdhNistp256;
import com.sshtools.server.components.jce.DiffieHellmanEcdhNistp384;
import com.sshtools.server.components.jce.DiffieHellmanEcdhNistp521;
import com.sshtools.server.components.jce.DiffieHellmanGroup14Sha1JCE;
import com.sshtools.server.components.jce.DiffieHellmanGroup14Sha256JCE;
import com.sshtools.server.components.jce.DiffieHellmanGroup15Sha512JCE;
import com.sshtools.server.components.jce.DiffieHellmanGroup16Sha512JCE;
import com.sshtools.server.components.jce.DiffieHellmanGroup17Sha512JCE;
import com.sshtools.server.components.jce.DiffieHellmanGroup18Sha512JCE;
import com.sshtools.server.components.jce.DiffieHellmanGroupExchangeSha256JCE;
import com.sshtools.server.components.jce.Rsa2048SHA2KeyExchange;
import com.sshtools.synergy.nio.ConnectRequestFuture;
import com.sshtools.synergy.nio.ProtocolEngine;
import com.sshtools.synergy.nio.SshEngine;
import com.sshtools.synergy.ssh.ChannelFactory;
import com.sshtools.synergy.ssh.ConnectionManager;
import com.sshtools.synergy.ssh.ForwardingManager;
import com.sshtools.synergy.ssh.GlobalRequestHandler;
import com.sshtools.synergy.ssh.SshContext;
import com.sshtools.synergy.ssh.components.SshKeyExchange;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.ConcurrentHashMap;

/* loaded from: input_file:com/sshtools/server/SshServerContext.class */
public class SshServerContext extends SshContext {
    Map<String, SshKeyPair> hostkeys;
    boolean ensureGracefulDisconnect;
    ForwardingManager<SshServerContext> forwardingManager;
    ConnectionManager<SshServerContext> connectionManager;
    static ForwardingManager<SshServerContext> globalForwardingManager = new ForwardingManager<>();
    static ConnectionManager<SshServerContext> globalConnectionManager = new ConnectionManager<>("server");
    Collection<ServerConnectionStateListener> stateListeners;
    ChannelFactory<SshServerContext> channelFactory;
    Map<String, GlobalRequestHandler<SshServerContext>> globalRequestHandlers;
    int maxDHGroupSize;
    private boolean forceServerPreferences;
    private static ComponentFactory<SshKeyExchange<SshServerContext>> verifiedKeyExchanges;

    public SshServerContext(SshEngine sshEngine) throws IOException, SshException {
        this(sshEngine, SecurityLevel.STRONG);
    }

    public SshServerContext(SshEngine sshEngine, ComponentManager componentManager) throws IOException, SshException {
        this(sshEngine, componentManager, SecurityLevel.STRONG);
    }

    public SshServerContext(SshEngine sshEngine, ComponentManager componentManager, SecurityLevel securityLevel) throws IOException, SshException {
        super(sshEngine, componentManager, securityLevel);
        this.hostkeys = new ConcurrentHashMap(8, 0.9f, 1);
        this.ensureGracefulDisconnect = false;
        this.stateListeners = new ArrayList();
        this.channelFactory = new DefaultServerChannelFactory();
        this.globalRequestHandlers = Collections.synchronizedMap(new HashMap());
        this.maxDHGroupSize = 2048;
        this.forceServerPreferences = false;
        setAuthenicationMechanismFactory(new DefaultAuthenticationMechanismFactory());
    }

    public SshServerContext(SshEngine sshEngine, SecurityLevel securityLevel) throws IOException, SshException {
        this(sshEngine, ComponentManager.getDefaultInstance(), securityLevel);
    }

    @Override // com.sshtools.synergy.ssh.SshContext
    public ConnectionManager<SshServerContext> getConnectionManager() {
        return Objects.isNull(this.connectionManager) ? globalConnectionManager : this.connectionManager;
    }

    public void setConnectionManager(ConnectionManager<SshServerContext> connectionManager) {
        this.connectionManager = connectionManager;
    }

    @Override // com.sshtools.synergy.ssh.SshContext, com.sshtools.synergy.nio.ProtocolContext
    public ProtocolEngine createEngine(ConnectRequestFuture connectRequestFuture) throws IOException {
        return new TransportProtocolServer(this, connectRequestFuture);
    }

    public void addStateListener(ServerConnectionStateListener serverConnectionStateListener) {
        this.stateListeners.add(serverConnectionStateListener);
    }

    public Collection<ServerConnectionStateListener> getStateListeners() {
        return this.stateListeners;
    }

    public void addGlobalRequestHandler(GlobalRequestHandler<SshServerContext> globalRequestHandler) {
        for (int i = 0; i < globalRequestHandler.supportedRequests().length; i++) {
            this.globalRequestHandlers.put(globalRequestHandler.supportedRequests()[i], globalRequestHandler);
        }
    }

    @Override // com.sshtools.synergy.ssh.SshContext
    public GlobalRequestHandler<SshServerContext> getGlobalRequestHandler(String str) {
        return this.globalRequestHandlers.get(str);
    }

    @Override // com.sshtools.synergy.ssh.SshContext
    public String getPreferredPublicKey() {
        if (this.hostkeys.containsKey(this.prefPublicKey)) {
            return this.prefPublicKey;
        }
        if (this.hostkeys.entrySet().isEmpty()) {
            throw new RuntimeException("No host keys loaded!!");
        }
        return this.hostkeys.entrySet().iterator().next().getKey();
    }

    @Override // com.sshtools.synergy.ssh.SshContext
    public String getSupportedPublicKeys() {
        String str;
        str = "";
        str = this.hostkeys.keySet().contains(this.prefPublicKey) ? str + this.prefPublicKey : "";
        for (String str2 : this.hostkeys.keySet()) {
            if (!str2.equals(this.prefPublicKey)) {
                str = str + (str.length() == 0 ? "" : ",") + str2;
            }
        }
        return str;
    }

    public void setPreferredPublicKey(String str) throws IOException, SshException {
        if (!this.publicKeys.contains(str)) {
            throw new IOException(str + " is not supported");
        }
        this.prefPublicKey = str;
        setPublicKeyPreferredPosition(str, 0);
    }

    public SshKeyPair[] getHostKeys() {
        SshKeyPair[] sshKeyPairArr = new SshKeyPair[this.hostkeys.size()];
        this.hostkeys.values().toArray(sshKeyPairArr);
        return sshKeyPairArr;
    }

    public SshKeyPair getHostKey(String str) throws IOException {
        if (this.hostkeys.containsKey(str)) {
            return this.hostkeys.get(str);
        }
        throw new IOException("The server does not have a " + str + " key configured");
    }

    public void addHostKey(SshKeyPair sshKeyPair) throws IOException {
        if (sshKeyPair instanceof SshCertificate) {
            SshKeyPair sshKeyPair2 = new SshKeyPair();
            sshKeyPair2.setPrivateKey(sshKeyPair.getPrivateKey());
            sshKeyPair2.setPublicKey(((SshCertificate) sshKeyPair).getCertificate());
            if (this.hostkeys.containsKey(sshKeyPair2.getPublicKey().getAlgorithm())) {
                Log.warn("The server already has a " + sshKeyPair.getPublicKey().getAlgorithm() + " certificate configured.", new Object[0]);
            }
            this.hostkeys.put(sshKeyPair2.getPublicKey().getAlgorithm(), sshKeyPair2);
            return;
        }
        if (this.hostkeys.containsKey(sshKeyPair.getPublicKey().getAlgorithm())) {
            Log.warn("The server already has a " + sshKeyPair.getPublicKey().getAlgorithm() + " key configured.", new Object[0]);
        }
        this.hostkeys.put(sshKeyPair.getPublicKey().getAlgorithm(), sshKeyPair);
        if ((sshKeyPair.getPublicKey() instanceof Ssh2RsaPublicKey) && sshKeyPair.getPublicKey().getAlgorithm().equals("ssh-rsa") && supportedPublicKeys().contains(SshContext.PUBLIC_KEY_RSA_SHA256) && !this.hostkeys.containsKey(SshContext.PUBLIC_KEY_RSA_SHA256)) {
            this.hostkeys.put(SshContext.PUBLIC_KEY_RSA_SHA256, SshKeyUtils.makeRSAWithSHA256Signature(sshKeyPair));
        }
        if ((sshKeyPair.getPublicKey() instanceof Ssh2RsaPublicKey) && sshKeyPair.getPublicKey().getAlgorithm().equals("ssh-rsa") && supportedPublicKeys().contains(SshContext.PUBLIC_KEY_RSA_SHA512) && !this.hostkeys.containsKey(SshContext.PUBLIC_KEY_RSA_SHA512)) {
            this.hostkeys.put(SshContext.PUBLIC_KEY_RSA_SHA512, SshKeyUtils.makeRSAWithSHA512Signature(sshKeyPair));
        }
    }

    public void addHostKeys(Collection<SshKeyPair> collection) throws IOException {
        Iterator<SshKeyPair> it = collection.iterator();
        while (it.hasNext()) {
            addHostKey(it.next());
        }
    }

    public void generateTemporaryHostKey(String str, int i) throws IOException, SshException {
        addHostKey(generateKey(str, i));
    }

    @Override // com.sshtools.synergy.ssh.SshContext
    public ChannelFactory<SshServerContext> getChannelFactory() {
        return this.channelFactory;
    }

    public void setChannelFactory(ChannelFactory<SshServerContext> channelFactory) {
        this.channelFactory = channelFactory;
    }

    @Override // com.sshtools.synergy.ssh.SshContext
    public ForwardingManager<SshServerContext> getForwardingManager() {
        return this.forwardingManager == null ? globalForwardingManager : this.forwardingManager;
    }

    public void setForwardingManager(ForwardingManager<SshServerContext> forwardingManager) {
        this.forwardingManager = forwardingManager;
    }

    public boolean hasPublicKey(String str) {
        return this.hostkeys.containsKey(str);
    }

    public SshKeyPair loadOrGenerateHostKey(File file, String str, int i) throws IOException, InvalidPassphraseException, SshException {
        return loadOrGenerateHostKey(file, str, i, 1, "");
    }

    public SshKeyPair loadOrGenerateHostKey(File file, String str, int i, String str2) throws IOException, InvalidPassphraseException, SshException {
        return loadOrGenerateHostKey(file, str, i, 1, str2);
    }

    public void loadHostKey(InputStream inputStream) throws IOException, InvalidPassphraseException, SshException {
        loadHostKey(inputStream, "");
    }

    public SshKeyPair loadOrGenerateHostKey(File file, String str, int i, int i2, String str2) throws IOException, InvalidPassphraseException, SshException {
        SshKeyPair generateKeyFiles = !file.exists() ? generateKeyFiles(file, str, i, i2) : loadKey(file, str2);
        addHostKey(generateKeyFiles);
        return generateKeyFiles;
    }

    public void loadHostKey(InputStream inputStream, String str) throws IOException, InvalidPassphraseException, SshException {
        addHostKey(loadKey(inputStream, str));
    }

    public SshKeyPair loadKey(File file, String str) throws IOException, InvalidPassphraseException {
        return loadKey(new FileInputStream(file), str);
    }

    public SshKeyPair loadKey(InputStream inputStream, String str) throws IOException, InvalidPassphraseException {
        SshKeyPair keyPair = SshPrivateKeyFileFactory.parse(inputStream).toKeyPair(str);
        inputStream.close();
        return keyPair;
    }

    public static SshKeyPair generateKeyFiles(File file, String str, int i, int i2) throws IOException, SshException {
        SshKeyPair generateKey = generateKey(str, i);
        SshPrivateKeyFile create = SshPrivateKeyFileFactory.create(generateKey, "");
        FileOutputStream fileOutputStream = new FileOutputStream(file);
        fileOutputStream.write(create.getFormattedKey());
        fileOutputStream.close();
        SshPublicKeyFile create2 = SshPublicKeyFileFactory.create(generateKey.getPublicKey(), str + " host key", i2);
        FileOutputStream fileOutputStream2 = new FileOutputStream(file.getAbsolutePath() + ".pub");
        fileOutputStream2.write(create2.getFormattedKey());
        fileOutputStream2.close();
        return generateKey;
    }

    public static SshKeyPair generateKey(String str, int i) throws IOException, SshException {
        return SshKeyPairGenerator.generateKeyPair(str, i);
    }

    public void loadSshCertificate(File file, String str, File file2) throws IOException, InvalidPassphraseException {
        SshKeyPair loadKey = loadKey(file, str);
        loadKey.setPublicKey(SshPublicKeyFileFactory.parse(new FileInputStream(file2)).toPublicKey());
        addHostKey(loadKey);
    }

    public void loadSshCertificate(SshCertificate sshCertificate) throws IOException, InvalidPassphraseException {
        addHostKey(sshCertificate);
    }

    public void setAuthenicationMechanismFactory(AuthenticationMechanismFactory<SshServerContext> authenticationMechanismFactory) {
        setPolicy(AuthenticationMechanismFactory.class, authenticationMechanismFactory);
    }

    public AuthenticationMechanismFactory<SshServerContext> getAuthenticationMechanismFactory() {
        return (AuthenticationMechanismFactory) getPolicy(AuthenticationMechanismFactory.class, new DefaultAuthenticationMechanismFactory());
    }

    public boolean isEnsureGracefulDisconnect() {
        return this.ensureGracefulDisconnect;
    }

    public void setEnsureGracefulDisconnect(boolean z) {
        this.ensureGracefulDisconnect = z;
    }

    @Override // com.sshtools.synergy.ssh.SshContext
    protected synchronized void configureKeyExchanges() {
        if (Objects.nonNull(verifiedKeyExchanges)) {
            this.keyExchanges = (ComponentFactory) verifiedKeyExchanges.clone();
            return;
        }
        if (Log.isInfoEnabled()) {
            Log.info("Initializing server key exchanges", new Object[0]);
        }
        verifiedKeyExchanges = new ComponentFactory<>(this.componentManager);
        JCEComponentManager.getDefaultInstance().loadExternalComponents("/kex-server.properties", this.keyExchanges);
        if (testServerKeyExchangeAlgorithm("curve25519-sha256", Curve25519SHA256Server.class)) {
            verifiedKeyExchanges.add("curve25519-sha256", Curve25519SHA256Server.class);
        }
        if (testServerKeyExchangeAlgorithm("curve25519-sha256@libssh.org", Curve25519SHA256LibSshServer.class)) {
            verifiedKeyExchanges.add("curve25519-sha256@libssh.org", Curve25519SHA256LibSshServer.class);
        }
        if (testServerKeyExchangeAlgorithm("diffie-hellman-group-exchange-sha256", DiffieHellmanGroupExchangeSha256JCE.class)) {
            verifiedKeyExchanges.add("diffie-hellman-group-exchange-sha256", DiffieHellmanGroupExchangeSha256JCE.class);
        }
        if (testServerKeyExchangeAlgorithm("diffie-hellman-group14-sha256", DiffieHellmanGroup14Sha256JCE.class)) {
            verifiedKeyExchanges.add("diffie-hellman-group14-sha256", DiffieHellmanGroup14Sha256JCE.class);
        }
        if (testServerKeyExchangeAlgorithm("diffie-hellman-group15-sha512", DiffieHellmanGroup15Sha512JCE.class)) {
            verifiedKeyExchanges.add("diffie-hellman-group15-sha512", DiffieHellmanGroup15Sha512JCE.class);
        }
        if (testServerKeyExchangeAlgorithm("diffie-hellman-group16-sha512", DiffieHellmanGroup16Sha512JCE.class)) {
            verifiedKeyExchanges.add("diffie-hellman-group16-sha512", DiffieHellmanGroup16Sha512JCE.class);
        }
        if (testServerKeyExchangeAlgorithm("diffie-hellman-group17-sha512", DiffieHellmanGroup17Sha512JCE.class)) {
            verifiedKeyExchanges.add("diffie-hellman-group17-sha512", DiffieHellmanGroup17Sha512JCE.class);
        }
        if (testServerKeyExchangeAlgorithm("diffie-hellman-group18-sha512", DiffieHellmanGroup18Sha512JCE.class)) {
            verifiedKeyExchanges.add("diffie-hellman-group18-sha512", DiffieHellmanGroup18Sha512JCE.class);
        }
        if (testServerKeyExchangeAlgorithm("diffie-hellman-group14-sha1", DiffieHellmanGroup14Sha1JCE.class)) {
            verifiedKeyExchanges.add("diffie-hellman-group14-sha1", DiffieHellmanGroup14Sha1JCE.class);
        }
        if (testServerKeyExchangeAlgorithm("ecdh-sha2-nistp521", DiffieHellmanEcdhNistp521.class)) {
            verifiedKeyExchanges.add("ecdh-sha2-nistp521", DiffieHellmanEcdhNistp521.class);
        }
        if (testServerKeyExchangeAlgorithm("ecdh-sha2-nistp384", DiffieHellmanEcdhNistp384.class)) {
            verifiedKeyExchanges.add("ecdh-sha2-nistp384", DiffieHellmanEcdhNistp384.class);
        }
        if (testServerKeyExchangeAlgorithm("ecdh-sha2-nistp256", DiffieHellmanEcdhNistp256.class)) {
            verifiedKeyExchanges.add("ecdh-sha2-nistp256", DiffieHellmanEcdhNistp256.class);
        }
        if (testServerKeyExchangeAlgorithm("rsa2048-sha256", Rsa2048SHA2KeyExchange.class)) {
            verifiedKeyExchanges.add("rsa2048-sha256", Rsa2048SHA2KeyExchange.class);
        }
        this.keyExchanges = (ComponentFactory) verifiedKeyExchanges.clone();
    }

    private boolean testServerKeyExchangeAlgorithm(String str, Class<? extends SshKeyExchange<? extends SshContext>> cls) {
        SshKeyExchange<? extends SshContext> sshKeyExchange = null;
        try {
            sshKeyExchange = cls.newInstance();
        } catch (Exception e) {
            if (!Log.isDebugEnabled()) {
                return false;
            }
            Log.debug("   " + str + " (server) will not be supported: " + e.getMessage(), new Object[0]);
            return false;
        } catch (Throwable th) {
        }
        if (!JCEComponentManager.getDefaultInstance().supportedDigests().contains(sshKeyExchange.getHashAlgorithm())) {
            throw new Exception("Hash algorithm " + sshKeyExchange.getHashAlgorithm() + " is not supported");
        }
        sshKeyExchange.test();
        if (!Log.isDebugEnabled()) {
            return true;
        }
        Log.debug("   " + str + " (server) will be supported using JCE Provider " + sshKeyExchange.getProvider(), new Object[0]);
        return true;
    }

    public void setMaxDHGroupExchangeSize(int i) {
        this.maxDHGroupSize = i;
    }

    @Override // com.sshtools.synergy.ssh.SshContext
    public int getMaxDHGroupExchangeKeySize() {
        return this.maxDHGroupSize;
    }

    public boolean isForceServerPreferences() {
        return this.forceServerPreferences;
    }

    public void setForceServerPreferences(boolean z) {
        this.forceServerPreferences = z;
    }
}
