package biz.aQute.shell.sshd.provider;

import aQute.lib.strings.Strings;
import biz.aQute.authentication.api.Authenticator;
import biz.aQute.authorization.api.Authority;
import biz.aQute.authorization.api.AuthorityAdmin;
import biz.aQute.shell.sshd.config.SshdConfig;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.PublicKey;
import java.util.Collections;
import java.util.HashMap;
import java.util.IdentityHashMap;
import java.util.Map;
import org.apache.felix.service.command.CommandProcessor;
import org.apache.sshd.server.Environment;
import org.apache.sshd.server.ExitCallback;
import org.apache.sshd.server.channel.ChannelSession;
import org.apache.sshd.server.session.ServerSession;
import org.osgi.framework.BundleContext;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferenceCardinality;
import org.osgi.service.component.annotations.ReferencePolicyOption;
import org.osgi.service.metatype.annotations.Designate;

@Designate(ocd = SshdConfig.class, factory = true)
@Component(configurationPid = {SshdConfig.PID})
/* loaded from: input_file:biz/aQute/shell/sshd/provider/GogoSshdSecure.class */
public class GogoSshdSecure extends AbstractGogoSshd {
    final Authenticator authenticator;
    final Authority authority;
    final AuthorityAdmin admin;
    final Map<ServerSession, String> users;
    final String permission;

    @Activate
    public GogoSshdSecure(BundleContext bundleContext, @Reference CommandProcessor commandProcessor, @Reference(cardinality = ReferenceCardinality.OPTIONAL, policyOption = ReferencePolicyOption.GREEDY) Authenticator authenticator, @Reference(cardinality = ReferenceCardinality.OPTIONAL, policyOption = ReferencePolicyOption.GREEDY) Authority authority, @Reference(cardinality = ReferenceCardinality.OPTIONAL, policyOption = ReferencePolicyOption.GREEDY) AuthorityAdmin authorityAdmin, SshdConfig sshdConfig) throws IOException {
        super(bundleContext, commandProcessor, sshdConfig.hostkey(), sshdConfig.address(), sshdConfig.port());
        this.users = Collections.synchronizedMap(new IdentityHashMap());
        this.authenticator = authenticator;
        this.authority = authority;
        this.admin = authorityAdmin;
        this.permission = sshdConfig.permission();
        if (sshdConfig.passwords()) {
            this.sshd.setPasswordAuthenticator(this::authenticate);
        }
        this.sshd.setPublickeyAuthenticator(this::authenticate);
        open();
    }

    @Override // biz.aQute.shell.sshd.provider.AbstractGogoSshd
    protected CommandSessionHandler getCommandSessionHandler(BundleContext bundleContext, ChannelSession channelSession, Environment environment, InputStream inputStream, OutputStream outputStream, OutputStream outputStream2, CommandProcessor commandProcessor, ExitCallback exitCallback) throws Exception {
        final String str = this.users.get(channelSession.getServerSession());
        return new CommandSessionHandler(bundleContext, channelSession.getSession2().getUsername(), environment.getEnv(), inputStream, outputStream, outputStream2, this.processor, exitCallback) { // from class: biz.aQute.shell.sshd.provider.GogoSshdSecure.1
            static final /* synthetic */ boolean $assertionsDisabled;

            @Override // biz.aQute.shell.sshd.provider.CommandSessionHandler, java.lang.Runnable
            public void run() {
                try {
                    GogoSshdSecure.this.admin.call(str, () -> {
                        super.run();
                        return null;
                    });
                } catch (Exception e) {
                    AbstractGogoSshd.logger.warn("gogo command failed {}", e, e);
                }
            }

            /* JADX INFO: Access modifiers changed from: protected */
            @Override // biz.aQute.shell.sshd.provider.CommandSessionHandler
            public Object execute(String str2) throws Exception {
                if (!$assertionsDisabled && Thread.currentThread() != this.thread) {
                    throw new AssertionError();
                }
                GogoSshdSecure.this.authority.checkPermission(GogoSshdSecure.this.permission, new String[]{Strings.split("\\s+", str2).remove(0)});
                return super.execute(str2);
            }

            static {
                $assertionsDisabled = !GogoSshdSecure.class.desiredAssertionStatus();
            }
        };
    }

    private boolean authenticate(String str, String str2, ServerSession serverSession) {
        HashMap hashMap = new HashMap();
        hashMap.put("user.source.userid", str);
        hashMap.put("user.source.password", str2);
        String authenticate = this.authenticator.authenticate(hashMap, new String[]{"basic.source"});
        if (authenticate == null) {
            return false;
        }
        this.users.put(serverSession, authenticate);
        return true;
    }

    private boolean authenticate(String str, PublicKey publicKey, ServerSession serverSession) {
        HashMap hashMap = new HashMap();
        hashMap.put("user.source.userid", str);
        hashMap.put("user.source.password", publicKey);
        String authenticate = this.authenticator.authenticate(hashMap, new String[]{"basic.source"});
        if (authenticate == null) {
            return false;
        }
        this.users.put(serverSession, authenticate);
        return true;
    }
}
