package com.gitblit.transport.ssh;

import com.gitblit.Constants;
import com.gitblit.IStoredSettings;
import com.gitblit.Keys;
import com.gitblit.manager.IGitblit;
import com.gitblit.transport.ssh.commands.SshCommandFactory;
import com.gitblit.utils.JnaUtils;
import com.gitblit.utils.StringUtils;
import com.gitblit.utils.WorkQueue;
import com.google.common.io.Files;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.net.InetSocketAddress;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.text.MessageFormat;
import java.util.List;
import java.util.concurrent.atomic.AtomicBoolean;
import org.apache.sshd.common.io.IoServiceFactoryFactory;
import org.apache.sshd.common.io.mina.MinaServiceFactoryFactory;
import org.apache.sshd.common.io.nio2.Nio2ServiceFactoryFactory;
import org.apache.sshd.common.util.SecurityUtils;
import org.apache.sshd.server.SshServer;
import org.apache.sshd.server.auth.pubkey.CachingPublicKeyAuthenticator;
import org.bouncycastle.openssl.PEMWriter;
import org.eclipse.jgit.internal.JGitText;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/gitblit/transport/ssh/SshDaemon.class */
public class SshDaemon {
    private final Logger log = LoggerFactory.getLogger(SshDaemon.class);
    private static final String AUTH_PUBLICKEY = "publickey";
    private static final String AUTH_PASSWORD = "password";
    private static final String AUTH_KBD_INTERACTIVE = "keyboard-interactive";
    private static final String AUTH_GSSAPI = "gssapi-with-mic";
    public static final int DEFAULT_PORT = 22;
    private final AtomicBoolean run;
    private final IGitblit gitblit;
    private final SshServer sshd;

    /* loaded from: input_file:com/gitblit/transport/ssh/SshDaemon$SshSessionBackend.class */
    public enum SshSessionBackend {
        MINA,
        NIO2
    }

    public SshDaemon(IGitblit iGitblit, WorkQueue workQueue) {
        this.gitblit = iGitblit;
        IStoredSettings settings = iGitblit.getSettings();
        SecurityUtils.setRegisterBouncyCastle(true);
        if (SecurityUtils.isBouncyCastleRegistered()) {
            this.log.debug("BouncyCastle is registered as a JCE provider");
        }
        File file = new File(iGitblit.getBaseFolder(), "ssh-rsa-hostkey.pem");
        File file2 = new File(iGitblit.getBaseFolder(), "ssh-dsa-hostkey.pem");
        generateKeyPair(file, "RSA", JnaUtils.S_ISUID);
        generateKeyPair(file2, "DSA", 0);
        FileKeyPairProvider fileKeyPairProvider = new FileKeyPairProvider();
        fileKeyPairProvider.setFiles(new String[]{file.getPath(), file2.getPath(), file2.getPath()});
        String string = settings.getString(Keys.git.sshBackend, SshSessionBackend.NIO2.name());
        System.setProperty(IoServiceFactoryFactory.class.getName(), SshSessionBackend.valueOf(string) == SshSessionBackend.MINA ? MinaServiceFactoryFactory.class.getName() : Nio2ServiceFactoryFactory.class.getName());
        int integer = settings.getInteger(Keys.git.sshPort, 0);
        String string2 = settings.getString(Keys.git.sshBindInterface, "");
        InetSocketAddress inetSocketAddress = StringUtils.isEmpty(string2) ? new InetSocketAddress(integer) : new InetSocketAddress(string2, integer);
        this.sshd = SshServer.setUpDefaultServer();
        this.sshd.setPort(inetSocketAddress.getPort());
        this.sshd.setHost(inetSocketAddress.getHostName());
        this.sshd.setKeyPairProvider(fileKeyPairProvider);
        List<String> strings = settings.getStrings(Keys.git.sshAuthenticationMethods);
        if (strings.isEmpty()) {
            strings.add(AUTH_PUBLICKEY);
            strings.add(AUTH_PASSWORD);
        }
        if (settings.getBoolean("git.sshWithKrb5", false) && !strings.contains(AUTH_GSSAPI)) {
            strings.add(AUTH_GSSAPI);
            this.log.warn("git.sshWithKrb5 is obsolete!");
            this.log.warn("Please add {} to {} in gitblit.properties!", AUTH_GSSAPI, Keys.git.sshAuthenticationMethods);
            settings.overrideSetting(Keys.git.sshAuthenticationMethods, settings.getString(Keys.git.sshAuthenticationMethods, "publickey password") + " " + AUTH_GSSAPI);
        }
        if (strings.contains(AUTH_PUBLICKEY)) {
            this.sshd.setPublickeyAuthenticator(new CachingPublicKeyAuthenticator(new SshKeyAuthenticator(iGitblit.getPublicKeyManager(), iGitblit)));
            this.log.info("SSH: adding public key authentication method.");
        }
        if (strings.contains(AUTH_PASSWORD) || strings.contains(AUTH_KBD_INTERACTIVE)) {
            this.sshd.setPasswordAuthenticator(new UsernamePasswordAuthenticator(iGitblit));
            this.log.info("SSH: adding password authentication method.");
        }
        if (strings.contains(AUTH_GSSAPI)) {
            this.sshd.setGSSAuthenticator(new SshKrbAuthenticator(settings, iGitblit));
            this.log.info("SSH: adding GSSAPI authentication method.");
        }
        this.sshd.setSessionFactory(new SshServerSessionFactory(this.sshd));
        this.sshd.setFileSystemFactory(new DisabledFilesystemFactory());
        this.sshd.setTcpipForwardingFilter(new NonForwardingFilter());
        this.sshd.setCommandFactory(new SshCommandFactory(iGitblit, workQueue));
        this.sshd.setShellFactory(new WelcomeShell(iGitblit));
        this.sshd.getProperties().put("server-identification", String.format("%s (%s-%s)", Constants.getGitBlitVersion().replace(' ', '_'), this.sshd.getVersion(), string));
        this.run = new AtomicBoolean(false);
    }

    public String formatUrl(String str, String str2, String str3) {
        IStoredSettings settings = this.gitblit.getSettings();
        int integer = settings.getInteger(Keys.git.sshAdvertisedPort, this.sshd.getPort());
        String string = settings.getString(Keys.git.sshAdvertisedHost, "");
        if (string.isEmpty()) {
            string = str2;
        }
        return integer == 22 ? MessageFormat.format("ssh://{0}@{1}/{2}", str, string, str3) : MessageFormat.format("ssh://{0}@{1}:{2,number,0}/{3}", str, string, Integer.valueOf(integer), str3);
    }

    public synchronized void start() throws IOException {
        if (this.run.get()) {
            throw new IllegalStateException(JGitText.get().daemonAlreadyRunning);
        }
        this.sshd.start();
        this.run.set(true);
        this.log.info(MessageFormat.format("SSH Daemon ({0}) is listening on {1}:{2,number,0}", this.gitblit.getSettings().getString(Keys.git.sshBackend, SshSessionBackend.NIO2.name()), this.sshd.getHost(), Integer.valueOf(this.sshd.getPort())));
    }

    public boolean isRunning() {
        return this.run.get();
    }

    public synchronized void stop() {
        if (this.run.get()) {
            this.log.info("SSH Daemon stopping...");
            this.run.set(false);
            try {
                ((SshCommandFactory) this.sshd.getCommandFactory()).stop();
                this.sshd.stop();
            } catch (IOException e) {
                this.log.error("SSH Daemon stop interrupted", e);
            }
        }
    }

    private void generateKeyPair(File file, String str, int i) {
        if (file.exists()) {
            return;
        }
        try {
            KeyPairGenerator keyPairGenerator = SecurityUtils.getKeyPairGenerator(str);
            if (i != 0) {
                keyPairGenerator.initialize(i);
                this.log.info("Generating {}-{} SSH host keypair...", str, Integer.valueOf(i));
            } else {
                this.log.info("Generating {} SSH host keypair...", str);
            }
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            Files.touch(file);
            try {
                JnaUtils.setFilemode(file, 384);
            } catch (UnsatisfiedLinkError | UnsupportedOperationException e) {
            }
            PEMWriter pEMWriter = new PEMWriter(new OutputStreamWriter(new FileOutputStream(file)));
            pEMWriter.writeObject(generateKeyPair);
            pEMWriter.flush();
            pEMWriter.close();
        } catch (Exception e2) {
            this.log.warn(MessageFormat.format("Unable to generate {0} keypair", str), e2);
        }
    }
}
