package cn.schoolwow.ssh.handler;

import cn.schoolwow.ssh.domain.SSHMessageCode;
import cn.schoolwow.ssh.domain.exception.SSHException;
import cn.schoolwow.ssh.domain.stream.DistinguishedEncodingRule;
import cn.schoolwow.ssh.domain.stream.SSHString;
import cn.schoolwow.ssh.layer.SSHSession;
import cn.schoolwow.ssh.layer.transport.digest.SSHDigest;
import cn.schoolwow.ssh.layer.transport.encrypt.AESCipher;
import cn.schoolwow.ssh.layer.transport.publickey.RSAHostKey;
import cn.schoolwow.ssh.stream.SSHInputStreamImpl;
import cn.schoolwow.ssh.stream.SSHOutputStreamImpl;
import cn.schoolwow.ssh.util.SSHUtil;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.security.KeyFactory;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.RSAPrivateKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:cn/schoolwow/ssh/handler/AuthenticateHandler.class */
public class AuthenticateHandler implements Handler {
    private Logger logger = LoggerFactory.getLogger(AuthenticateHandler.class);

    @Override // cn.schoolwow.ssh.handler.Handler
    public Handler handle(SSHSession sSHSession) throws Exception {
        SSHOutputStreamImpl sSHOutputStreamImpl = new SSHOutputStreamImpl();
        sSHOutputStreamImpl.writeByte(SSHMessageCode.SSH_MSG_SERVICE_REQUEST.value);
        sSHOutputStreamImpl.writeSSHString(new SSHString("ssh-userauth"));
        sSHSession.writeSSHProtocolPayload(sSHOutputStreamImpl.toByteArray());
        SSHInputStreamImpl sSHInputStreamImpl = new SSHInputStreamImpl(sSHSession.readSSHProtocolPayload(SSHMessageCode.SSH_MSG_SERVICE_ACCEPT));
        sSHInputStreamImpl.skipBytes(1);
        SSHString readSSHString = sSHInputStreamImpl.readSSHString();
        if (!"ssh-userauth".equals(readSSHString.toString())) {
            throw new IllegalArgumentException("服务名称不匹配!期望名称:ssh-userauth,实际名称:" + readSSHString);
        }
        sSHOutputStreamImpl.reset();
        sSHOutputStreamImpl.writeByte(SSHMessageCode.SSH_MSG_USERAUTH_REQUEST.value);
        sSHOutputStreamImpl.writeSSHString(new SSHString(sSHSession.quickSSHConfig.username));
        sSHOutputStreamImpl.writeSSHString(new SSHString("ssh-connection"));
        sSHOutputStreamImpl.writeSSHString(new SSHString("none"));
        sSHSession.writeSSHProtocolPayload(sSHOutputStreamImpl.toByteArray());
        SSHInputStreamImpl sSHInputStreamImpl2 = new SSHInputStreamImpl(sSHSession.readSSHProtocolPayload(SSHMessageCode.SSH_MSG_USERAUTH_FAILURE));
        sSHInputStreamImpl2.skipBytes(1);
        this.logger.debug("[服务端支持认证类型]{}", sSHInputStreamImpl2.readNameList());
        if (null != sSHSession.quickSSHConfig.publickeyFilePath) {
            loginByPublicKey(sSHSession);
        } else {
            if (null == sSHSession.quickSSHConfig.password) {
                throw new IllegalArgumentException("请指定登录方式!");
            }
            loginByPassword(sSHSession);
        }
        handleAuth(sSHSession);
        return null;
    }

    public void loginByPublicKey(SSHSession sSHSession) throws Exception {
        byte[] decode;
        this.logger.info("[SSH公钥方式登录]用户名:{},文件地址:{}", sSHSession.quickSSHConfig.username, sSHSession.quickSSHConfig.publickeyFilePath);
        String str = new String(Files.readAllBytes(sSHSession.quickSSHConfig.publickeyFilePath), StandardCharsets.UTF_8);
        if (!str.startsWith("-----BEGIN RSA PRIVATE KEY-----") && !str.endsWith("-----END RSA PRIVATE KEY-----")) {
            throw new SSHException("目前仅支持RSA私钥格式文件!");
        }
        if (str.contains("DEK-Info: AES-128-CBC,")) {
            int indexOf = str.indexOf("DEK-Info: AES-128-CBC,") + "DEK-Info: AES-128-CBC,".length();
            byte[] hexToByteArray = SSHUtil.hexToByteArray(str.substring(indexOf, indexOf + 32));
            String replace = str.substring(indexOf + 34, str.indexOf("-----END RSA PRIVATE KEY-----")).replace("\n", "");
            this.logger.trace("[私钥文件base64编码]{}", replace);
            byte[] decode2 = Base64.getDecoder().decode(replace);
            AESCipher aESCipher = new AESCipher();
            aESCipher.algorithmName = "aes128-cbc";
            byte[] bArr = new byte[sSHSession.quickSSHConfig.passphrase.length + 8];
            System.arraycopy(sSHSession.quickSSHConfig.passphrase, 0, bArr, 0, sSHSession.quickSSHConfig.passphrase.length);
            System.arraycopy(hexToByteArray, 0, bArr, sSHSession.quickSSHConfig.passphrase.length, 8);
            decode = aESCipher.getServerCipher(hexToByteArray, SSHDigest.MD5.getMessageDigest().digest(bArr)).doFinal(decode2);
        } else {
            decode = Base64.getDecoder().decode(str.substring("-----BEGIN RSA PRIVATE KEY-----".length() + 1, str.indexOf("-----END RSA PRIVATE KEY-----")));
        }
        SSHInputStreamImpl sSHInputStreamImpl = new SSHInputStreamImpl(new SSHInputStreamImpl(decode).readDER().content);
        this.logger.trace("[私钥文件版本号]{}", Integer.valueOf(new BigInteger(sSHInputStreamImpl.readDER().content).intValue()));
        DistinguishedEncodingRule readDER = sSHInputStreamImpl.readDER();
        this.logger.trace("[私钥文件modulus]{}", SSHUtil.byteArrayToHex(readDER.content));
        BigInteger bigInteger = new BigInteger(readDER.content);
        DistinguishedEncodingRule readDER2 = sSHInputStreamImpl.readDER();
        this.logger.trace("[私钥文件publicExponent]{}", SSHUtil.byteArrayToHex(readDER2.content));
        BigInteger bigInteger2 = new BigInteger(readDER2.content);
        DistinguishedEncodingRule readDER3 = sSHInputStreamImpl.readDER();
        this.logger.trace("[私钥文件privateExponent]{}", SSHUtil.byteArrayToHex(readDER3.content));
        BigInteger bigInteger3 = new BigInteger(readDER3.content);
        DistinguishedEncodingRule readDER4 = sSHInputStreamImpl.readDER();
        this.logger.trace("[私钥文件prime1]{}", SSHUtil.byteArrayToHex(readDER4.content));
        BigInteger bigInteger4 = new BigInteger(readDER4.content);
        DistinguishedEncodingRule readDER5 = sSHInputStreamImpl.readDER();
        this.logger.trace("[私钥文件prime2]{}", SSHUtil.byteArrayToHex(readDER5.content));
        BigInteger bigInteger5 = new BigInteger(readDER5.content);
        DistinguishedEncodingRule readDER6 = sSHInputStreamImpl.readDER();
        this.logger.trace("[私钥文件exponent1]{}", SSHUtil.byteArrayToHex(readDER6.content));
        BigInteger bigInteger6 = new BigInteger(readDER6.content);
        DistinguishedEncodingRule readDER7 = sSHInputStreamImpl.readDER();
        this.logger.trace("[私钥文件exponent2]{}", SSHUtil.byteArrayToHex(readDER7.content));
        BigInteger bigInteger7 = new BigInteger(readDER7.content);
        DistinguishedEncodingRule readDER8 = sSHInputStreamImpl.readDER();
        this.logger.trace("[私钥文件coefficient]{}", SSHUtil.byteArrayToHex(readDER8.content));
        new BigInteger(readDER8.content);
        if (!bigInteger6.equals(bigInteger3.mod(bigInteger4.subtract(BigInteger.ONE)))) {
            throw new SSHException("私钥文件校验失败!校验 exponent1 = d mod (p-1)失败!");
        }
        if (!bigInteger7.equals(bigInteger3.mod(bigInteger5.subtract(BigInteger.ONE)))) {
            throw new SSHException("私钥文件校验失败!校验 exponent2 = d mod (q-1)失败!");
        }
        SSHOutputStreamImpl sSHOutputStreamImpl = new SSHOutputStreamImpl();
        sSHOutputStreamImpl.writeByte(SSHMessageCode.SSH_MSG_USERAUTH_REQUEST.value);
        sSHOutputStreamImpl.writeSSHString(new SSHString(sSHSession.quickSSHConfig.username));
        sSHOutputStreamImpl.writeSSHString(new SSHString("ssh-connection"));
        sSHOutputStreamImpl.writeSSHString(new SSHString("publickey"));
        sSHOutputStreamImpl.writeBoolean(true);
        sSHOutputStreamImpl.writeSSHString(new SSHString("ssh-rsa"));
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        RSAPublicKey rSAPublicKey = (RSAPublicKey) keyFactory.generatePublic(new RSAPublicKeySpec(bigInteger, bigInteger2));
        RSAHostKey rSAHostKey = new RSAHostKey();
        byte[] formatPublicKey = rSAHostKey.formatPublicKey(rSAPublicKey);
        this.logger.trace("[RSA私钥文件公钥Base64编码]{}", Base64.getEncoder().encodeToString(formatPublicKey));
        sSHOutputStreamImpl.writeSSHString(new SSHString(formatPublicKey));
        byte[] byteArray = sSHOutputStreamImpl.toByteArray();
        sSHOutputStreamImpl.reset();
        sSHOutputStreamImpl.writeSSHString(new SSHString(sSHSession.sessionId));
        sSHOutputStreamImpl.write(byteArray);
        byte[] sign = rSAHostKey.sign(sSHOutputStreamImpl.toByteArray(), (RSAPrivateKey) keyFactory.generatePrivate(new RSAPrivateKeySpec(bigInteger, bigInteger3)));
        sSHOutputStreamImpl.reset();
        sSHOutputStreamImpl.write(byteArray);
        sSHOutputStreamImpl.writeSSHString(new SSHString(sign));
        sSHSession.writeSSHProtocolPayload(sSHOutputStreamImpl.toByteArray());
    }

    public void loginByPassword(SSHSession sSHSession) throws IOException {
        this.logger.info("[SSH密码方式登录]用户名:{},密码:{}", sSHSession.quickSSHConfig.username, sSHSession.quickSSHConfig.password);
        SSHOutputStreamImpl sSHOutputStreamImpl = new SSHOutputStreamImpl();
        sSHOutputStreamImpl.writeByte(SSHMessageCode.SSH_MSG_USERAUTH_REQUEST.value);
        sSHOutputStreamImpl.writeSSHString(new SSHString(sSHSession.quickSSHConfig.username));
        sSHOutputStreamImpl.writeSSHString(new SSHString("ssh-connection"));
        sSHOutputStreamImpl.writeSSHString(new SSHString("password"));
        sSHOutputStreamImpl.writeBoolean(false);
        sSHOutputStreamImpl.writeSSHString(new SSHString(sSHSession.quickSSHConfig.password));
        sSHSession.writeSSHProtocolPayload(sSHOutputStreamImpl.toByteArray());
    }

    private void handleAuth(SSHSession sSHSession) throws Exception {
        byte[] readSSHProtocolPayload = sSHSession.readSSHProtocolPayload(SSHMessageCode.SSH_MSG_USERAUTH_PASSWD_CHANGEREQ, SSHMessageCode.SSH_MSG_USERAUTH_SUCCESS, SSHMessageCode.SSH_MSG_USERAUTH_FAILURE);
        switch (SSHMessageCode.getSSHMessageCode(readSSHProtocolPayload[0])) {
            case SSH_MSG_USERAUTH_PASSWD_CHANGEREQ:
                throw new UnsupportedOperationException("密码过期！服务端要求设置新密码！该操作目前不支持！");
            case SSH_MSG_USERAUTH_SUCCESS:
                this.logger.debug("[密码认证成功]");
                return;
            case SSH_MSG_USERAUTH_FAILURE:
                if (readSSHProtocolPayload[readSSHProtocolPayload.length - 1] > 0) {
                    this.logger.info("[密码认证失败]密码已经改变，但是需要进一步认证");
                } else {
                    this.logger.info("[密码认证失败]密码没有改变");
                }
                throw new SSHException("登录认证失败!");
            default:
                return;
        }
    }
}
