package ibis.smartsockets.util.ssh;

import com.google.common.net.HostAndPort;
import ibis.smartsockets.util.Forwarder;
import ibis.smartsockets.util.SmartSocketsException;
import java.io.IOException;
import java.io.InputStream;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.URI;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.StandardOpenOption;
import java.security.KeyPair;
import java.util.ArrayList;
import org.apache.sshd.agent.local.ProxyAgentFactory;
import org.apache.sshd.client.SshClient;
import org.apache.sshd.client.channel.ChannelDirectTcpip;
import org.apache.sshd.client.config.hosts.DefaultConfigFileHostEntryResolver;
import org.apache.sshd.client.future.ConnectFuture;
import org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier;
import org.apache.sshd.client.keyverifier.DefaultKnownHostsServerKeyVerifier;
import org.apache.sshd.client.keyverifier.RejectAllServerKeyVerifier;
import org.apache.sshd.client.session.ClientSession;
import org.apache.sshd.common.NamedResource;
import org.apache.sshd.common.config.keys.FilePasswordProvider;
import org.apache.sshd.common.session.SessionContext;
import org.apache.sshd.common.util.io.resource.PathResource;
import org.apache.sshd.common.util.net.SshdSocketAddress;
import org.apache.sshd.common.util.security.SecurityUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:ibis/smartsockets/util/ssh/SSHUtil.class */
public class SSHUtil {
    private static final Logger LOGGER = LoggerFactory.getLogger(SSHUtil.class);
    private static final String VIA_TAG = " via:";
    public static final int DEFAULT_SSH_PORT = 22;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:ibis/smartsockets/util/ssh/SSHUtil$PasswordProvider.class */
    public static class PasswordProvider implements FilePasswordProvider {
        private final char[] password;

        public PasswordProvider(char[] cArr) {
            this.password = (char[]) cArr.clone();
        }

        public String getPassword(SessionContext sessionContext, NamedResource namedResource, int i) throws IOException {
            return new String(this.password);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:ibis/smartsockets/util/ssh/SSHUtil$Tunnel.class */
    public static class Tunnel extends Thread {
        private final ServerSocket server;
        private final ChannelDirectTcpip channel;
        private final int bufferSize;
        private Socket socket;
        private Exception ex;

        Tunnel(ServerSocket serverSocket, ChannelDirectTcpip channelDirectTcpip, int i) {
            this.server = serverSocket;
            this.channel = channelDirectTcpip;
            this.bufferSize = i;
        }

        public synchronized Exception getException() {
            return this.ex;
        }

        public synchronized void close() {
            try {
                this.socket.close();
            } catch (Exception e) {
            }
        }

        private void closeServer() {
            try {
                this.server.close();
            } catch (Exception e) {
            }
        }

        @Override // java.lang.Thread, java.lang.Runnable
        public void run() {
            try {
                Socket accept = this.server.accept();
                accept.setTcpNoDelay(true);
                closeServer();
                synchronized (this) {
                    this.socket = accept;
                }
                new Forwarder(accept.getInputStream(), this.channel.getInvertedIn(), null, "LOCAL TO REMOTE");
                new Forwarder(this.channel.getInvertedOut(), accept.getOutputStream(), null, "REMOTE TO LOCAL");
            } catch (IOException e) {
                synchronized (this) {
                    this.ex = e;
                }
            }
        }
    }

    public static SshClient createSSHClient() {
        return createSSHClient(true, true, true, false, false);
    }

    public static SshClient createSSHClient(boolean z, boolean z2, boolean z3, boolean z4, boolean z5) {
        DefaultKnownHostsServerKeyVerifier defaultKnownHostsServerKeyVerifier;
        SshClient upDefaultClient = SshClient.setUpDefaultClient();
        if (z) {
            if (z3) {
                defaultKnownHostsServerKeyVerifier = new DefaultKnownHostsServerKeyVerifier(RejectAllServerKeyVerifier.INSTANCE, true);
            } else {
                defaultKnownHostsServerKeyVerifier = new DefaultKnownHostsServerKeyVerifier(AcceptAllServerKeyVerifier.INSTANCE, true);
                defaultKnownHostsServerKeyVerifier.setModifiedServerKeyAcceptor((clientSession, socketAddress, knownHostEntry, publicKey, publicKey2) -> {
                    return true;
                });
            }
            upDefaultClient.setServerKeyVerifier(defaultKnownHostsServerKeyVerifier);
        } else {
            upDefaultClient.setServerKeyVerifier(AcceptAllServerKeyVerifier.INSTANCE);
        }
        if (z2) {
            upDefaultClient.setHostConfigEntryResolver(DefaultConfigFileHostEntryResolver.INSTANCE);
        }
        if (z4) {
            upDefaultClient.setAgentFactory(new ProxyAgentFactory());
        }
        if (z5) {
            LOGGER.debug("(UNIMPLEMENTED) Enabling ssh-agent-forwarding");
        }
        upDefaultClient.start();
        return upDefaultClient;
    }

    public static String validateHost(String str, String str2) throws InvalidLocationException {
        if (str2 == null || str2.isEmpty()) {
            throw new InvalidLocationException(str, "Failed to parse host: " + str2);
        }
        return str2;
    }

    public static String getHost(String str, String str2) throws InvalidLocationException {
        try {
            return validateHost(str, HostAndPort.fromString(str2).getHostText().trim());
        } catch (Exception e) {
            throw new InvalidLocationException(str, "Failed to parse location: " + str2);
        }
    }

    public static int getPort(String str, String str2) throws InvalidLocationException {
        try {
            return HostAndPort.fromString(str2).getPortOrDefault(22);
        } catch (Exception e) {
            throw new InvalidLocationException(str, "Failed to parse location: " + str2);
        }
    }

    public static UserCredential extractCredential(SshdSocketAddress sshdSocketAddress, Credential credential) {
        if (!(credential instanceof CredentialMap)) {
            return (UserCredential) credential;
        }
        CredentialMap credentialMap = (CredentialMap) credential;
        String sshdSocketAddress2 = sshdSocketAddress.toString();
        return credentialMap.containsCredential(sshdSocketAddress2) ? credentialMap.get(sshdSocketAddress2) : credentialMap.get(sshdSocketAddress.getHostName());
    }

    public static UserCredential[] extractCredentials(String str, SshdSocketAddress[] sshdSocketAddressArr, Credential credential) throws CredentialNotFoundException {
        UserCredential[] userCredentialArr = new UserCredential[sshdSocketAddressArr.length];
        for (int i = 0; i < sshdSocketAddressArr.length; i++) {
            userCredentialArr[i] = extractCredential(sshdSocketAddressArr[i], credential);
            if (userCredentialArr[i] == null) {
                throw new CredentialNotFoundException(str, "No credential provided for location: " + sshdSocketAddressArr[i]);
            }
        }
        return userCredentialArr;
    }

    public static SshdSocketAddress[] extractLocations(String str, String str2) throws InvalidLocationException {
        if (str2 == null) {
            throw new IllegalArgumentException("Location may nor be null");
        }
        ArrayList arrayList = new ArrayList();
        String str3 = str2;
        int lastIndexOf = str3.lastIndexOf(VIA_TAG);
        while (true) {
            int i = lastIndexOf;
            if (i == -1) {
                if (str3.isEmpty()) {
                    throw new InvalidLocationException(str, "Could not parse location: " + str2);
                }
                arrayList.add(extractSocketAddress(str, str3.trim()));
                return (SshdSocketAddress[]) arrayList.toArray(new SshdSocketAddress[arrayList.size()]);
            }
            if (i == 0) {
                throw new InvalidLocationException(str, "Could not parse location: " + str2);
            }
            arrayList.add(extractSocketAddress(str, str3.substring(i + VIA_TAG.length()).trim()));
            str3 = str3.substring(0, i);
            lastIndexOf = str3.lastIndexOf(VIA_TAG);
        }
    }

    private static SshdSocketAddress extractSocketAddress(String str, String str2) throws InvalidLocationException {
        try {
            URI uri = new URI("sftp://" + str2);
            String host = uri.getHost();
            int port = uri.getPort();
            if (port == -1) {
                port = 22;
            }
            return new SshdSocketAddress(host, port);
        } catch (Exception e) {
            throw new InvalidLocationException(str, "Failed to parse location: " + str2, e);
        }
    }

    private static ClientSession connectAndAuthenticate(String str, SshClient sshClient, String str2, int i, UserCredential userCredential, long j) throws SmartSocketsException {
        if (str2 == null) {
            throw new IllegalArgumentException("Target host may not be null");
        }
        String username = userCredential.getUsername();
        if (username == null) {
            throw new InvalidCredentialException(str, "Failed to retrieve username from credential");
        }
        try {
            ClientSession session = ((ConnectFuture) sshClient.connect(username, str2, i).verify(j)).getSession();
            if (!(userCredential instanceof DefaultCredential)) {
                if (userCredential instanceof CertificateCredential) {
                    CertificateCredential certificateCredential = (CertificateCredential) userCredential;
                    Path normalize = Paths.get(certificateCredential.getCertificateFile(), new String[0]).toAbsolutePath().normalize();
                    if (!normalize.toFile().exists()) {
                        throw new CertificateNotFoundException(str, "Certificate not found: " + normalize);
                    }
                    try {
                        InputStream newInputStream = Files.newInputStream(normalize, StandardOpenOption.READ);
                        try {
                            char[] password = certificateCredential.getPassword();
                            KeyPair keyPair = password.length == 0 ? (KeyPair) SecurityUtils.loadKeyPairIdentities(session, new PathResource(normalize), newInputStream, (FilePasswordProvider) null).iterator().next() : (KeyPair) SecurityUtils.loadKeyPairIdentities(session, new PathResource(normalize), newInputStream, new PasswordProvider(password)).iterator().next();
                            if (newInputStream != null) {
                                newInputStream.close();
                            }
                            session.addPublicKeyIdentity(keyPair);
                        } finally {
                        }
                    } catch (Exception e) {
                        throw new SmartSocketsException(str, "Failed to load certificate: " + normalize, e);
                    }
                } else {
                    if (!(userCredential instanceof PasswordCredential)) {
                        throw new InvalidCredentialException(str, "Unsupported credential type: " + userCredential.getClass().getName());
                    }
                    session.addPasswordIdentity(new String(((PasswordCredential) userCredential).getPassword()));
                }
            }
            try {
                session.auth().verify(j);
                return session;
            } catch (IOException e2) {
                throw new SmartSocketsException(str, "Connection authentication failed", e2);
            }
        } catch (IOException e3) {
            throw new SmartSocketsException(str, "Connection setup to " + str2 + ":" + i + " failed!", e3);
        }
    }

    public static SSHConnection connect(String str, SshClient sshClient, String str2, Credential credential, int i, long j) throws SmartSocketsException {
        if (credential == null) {
            throw new IllegalArgumentException("Credential may not be null");
        }
        if (j <= 0) {
            throw new IllegalArgumentException("Invalid timeout: " + j);
        }
        if (str2 == null) {
            throw new IllegalArgumentException("Location may not be null");
        }
        SshdSocketAddress[] extractLocations = extractLocations(str, str2);
        UserCredential[] extractCredentials = extractCredentials(str, extractLocations, credential);
        SSHConnection sSHConnection = new SSHConnection(extractLocations.length - 1);
        ClientSession connectAndAuthenticate = connectAndAuthenticate(str, sshClient, extractLocations[0].getHostName(), extractLocations[0].getPort(), extractCredentials[0], j);
        for (int i2 = 1; i2 < extractLocations.length; i2++) {
            try {
                ChannelDirectTcpip createDirectTcpipChannel = connectAndAuthenticate.createDirectTcpipChannel((SshdSocketAddress) null, extractLocations[i2]);
                createDirectTcpipChannel.open().await(j);
                ServerSocket serverSocket = new ServerSocket(0);
                int localPort = serverSocket.getLocalPort();
                Tunnel tunnel = new Tunnel(serverSocket, createDirectTcpipChannel, i);
                tunnel.start();
                sSHConnection.addHop(i2 - 1, connectAndAuthenticate, tunnel);
                connectAndAuthenticate = connectAndAuthenticate(str, sshClient, "localhost", localPort, extractCredentials[i2], j);
            } catch (SmartSocketsException e) {
                sSHConnection.close();
                throw e;
            } catch (IOException e2) {
                sSHConnection.close();
                try {
                    connectAndAuthenticate.close();
                } catch (IOException e3) {
                }
                throw new SmartSocketsException(str, "Failed to set up SSH forwarding", e2);
            }
        }
        sSHConnection.setSession(connectAndAuthenticate);
        return sSHConnection;
    }
}
