package com.sshtools.server.callback;

import com.sshtools.client.AuthenticationMessage;
import com.sshtools.client.SimpleClientAuthenticator;
import com.sshtools.client.TransportProtocolClient;
import com.sshtools.common.auth.MutualKeyAuthenticatonStore;
import com.sshtools.common.logger.Log;
import com.sshtools.common.ssh.ConnectionAwareTask;
import com.sshtools.common.ssh.SshConnection;
import com.sshtools.common.ssh.SshException;
import com.sshtools.common.ssh.components.SshPublicKey;
import com.sshtools.common.ssh.components.jce.JCEComponentManager;
import com.sshtools.common.sshd.SshMessage;
import com.sshtools.common.util.ByteArrayReader;
import com.sshtools.common.util.ByteArrayWriter;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.NoSuchAlgorithmException;
import java.util.Objects;

/* loaded from: input_file:com/sshtools/server/callback/MutualCallbackAuthenticator.class */
public class MutualCallbackAuthenticator extends SimpleClientAuthenticator {
    public static final int SSH_MSG_USERAUTH_SIGNED_CHALLENGE = 60;
    public static final String MUTUAL_KEY_AUTHENTICATION = "mutual-key-auth@sshtools.com";
    TransportProtocolClient transport;
    String username;
    byte[] ourChallenge;
    MutualKeyAuthenticatonStore authenticationStore;

    /* loaded from: input_file:com/sshtools/server/callback/MutualCallbackAuthenticator$InitialChallenge.class */
    class InitialChallenge extends ConnectionAwareTask {
        public InitialChallenge(SshConnection sshConnection) {
            super(sshConnection);
        }

        public void doTask() {
            try {
                final byte[] generateAuthenticationRequest = generateAuthenticationRequest();
                MutualCallbackAuthenticator.this.transport.postMessage(new AuthenticationMessage(MutualCallbackAuthenticator.this.username, "ssh-connection", MutualCallbackAuthenticator.MUTUAL_KEY_AUTHENTICATION) { // from class: com.sshtools.server.callback.MutualCallbackAuthenticator.InitialChallenge.1
                    public boolean writeMessageIntoBuffer(ByteBuffer byteBuffer) {
                        super.writeMessageIntoBuffer(byteBuffer);
                        byteBuffer.put(generateAuthenticationRequest);
                        return true;
                    }
                });
            } catch (Throwable th) {
                MutualCallbackAuthenticator.this.failure();
                MutualCallbackAuthenticator.this.transport.disconnect(11, "Internal error");
            }
        }

        byte[] generateAuthenticationRequest() throws IOException, SshException, NoSuchAlgorithmException {
            ByteArrayWriter byteArrayWriter = new ByteArrayWriter();
            Throwable th = null;
            try {
                MutualCallbackAuthenticator.this.ourChallenge = new byte[512];
                JCEComponentManager.getSecureRandom().nextBytes(MutualCallbackAuthenticator.this.ourChallenge);
                byteArrayWriter.writeBinaryString(MutualCallbackAuthenticator.this.ourChallenge);
                byte[] byteArray = byteArrayWriter.toByteArray();
                if (byteArrayWriter != null) {
                    if (0 != 0) {
                        try {
                            byteArrayWriter.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        byteArrayWriter.close();
                    }
                }
                return byteArray;
            } catch (Throwable th3) {
                if (byteArrayWriter != null) {
                    if (0 != 0) {
                        try {
                            byteArrayWriter.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        byteArrayWriter.close();
                    }
                }
                throw th3;
            }
        }
    }

    /* loaded from: input_file:com/sshtools/server/callback/MutualCallbackAuthenticator$ProcessChallengeResponse.class */
    class ProcessChallengeResponse extends ConnectionAwareTask {
        ByteArrayReader msg;

        public ProcessChallengeResponse(SshConnection sshConnection, ByteArrayReader byteArrayReader) {
            super(sshConnection);
            this.msg = byteArrayReader;
        }

        protected void doTask() throws Throwable {
            byte[] readBinaryString = this.msg.readBinaryString();
            byte[] readBinaryString2 = this.msg.readBinaryString();
            ByteArrayWriter byteArrayWriter = new ByteArrayWriter();
            Throwable th = null;
            try {
                byteArrayWriter.writeBinaryString(MutualCallbackAuthenticator.this.ourChallenge);
                byteArrayWriter.writeString(MutualCallbackAuthenticator.this.username);
                byteArrayWriter.writeBinaryString(MutualCallbackAuthenticator.this.transport.getSessionKey());
                SshPublicKey publicKey = MutualCallbackAuthenticator.this.authenticationStore.getPublicKey(this.con);
                if (Objects.isNull(publicKey)) {
                    MutualCallbackAuthenticator.this.failure();
                    MutualCallbackAuthenticator.this.transport.disconnect(13, "There was no public key configured for the user");
                    if (byteArrayWriter != null) {
                        if (0 == 0) {
                            byteArrayWriter.close();
                            return;
                        }
                        try {
                            byteArrayWriter.close();
                            return;
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                            return;
                        }
                    }
                    return;
                }
                if (!publicKey.verifySignature(readBinaryString, byteArrayWriter.toByteArray())) {
                    MutualCallbackAuthenticator.this.failure();
                    MutualCallbackAuthenticator.this.transport.disconnect(13, "Failed to verify remote public key signature");
                    if (byteArrayWriter != null) {
                        if (0 == 0) {
                            byteArrayWriter.close();
                            return;
                        }
                        try {
                            byteArrayWriter.close();
                            return;
                        } catch (Throwable th3) {
                            th.addSuppressed(th3);
                            return;
                        }
                    }
                    return;
                }
                byteArrayWriter.reset();
                byteArrayWriter.writeBinaryString(readBinaryString2);
                byteArrayWriter.writeString(MutualCallbackAuthenticator.this.username);
                byteArrayWriter.writeBinaryString(MutualCallbackAuthenticator.this.transport.getSessionKey());
                final byte[] sign = MutualCallbackAuthenticator.this.authenticationStore.getPrivateKey(this.con).getPrivateKey().sign(byteArrayWriter.toByteArray());
                MutualCallbackAuthenticator.this.transport.postMessage(new SshMessage() { // from class: com.sshtools.server.callback.MutualCallbackAuthenticator.ProcessChallengeResponse.1
                    public boolean writeMessageIntoBuffer(ByteBuffer byteBuffer) {
                        byteBuffer.put((byte) 60);
                        byteBuffer.putInt(sign.length);
                        byteBuffer.put(sign);
                        return true;
                    }

                    public void messageSent(Long l) {
                        if (Log.isDebugEnabled()) {
                            Log.debug("Sent SSH_MSG_USERAUTH_SIGNED_CHALLENGE", new Object[0]);
                        }
                    }
                });
                if (byteArrayWriter != null) {
                    if (0 == 0) {
                        byteArrayWriter.close();
                        return;
                    }
                    try {
                        byteArrayWriter.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                }
            } catch (Throwable th5) {
                if (byteArrayWriter != null) {
                    if (0 != 0) {
                        try {
                            byteArrayWriter.close();
                        } catch (Throwable th6) {
                            th.addSuppressed(th6);
                        }
                    } else {
                        byteArrayWriter.close();
                    }
                }
                throw th5;
            }
        }
    }

    public MutualCallbackAuthenticator(MutualKeyAuthenticatonStore mutualKeyAuthenticatonStore) {
        this.authenticationStore = mutualKeyAuthenticatonStore;
    }

    public String getName() {
        return MUTUAL_KEY_AUTHENTICATION;
    }

    public void authenticate(TransportProtocolClient transportProtocolClient, String str) throws IOException, SshException {
        this.transport = transportProtocolClient;
        this.username = str;
        transportProtocolClient.addOutgoingTask(new InitialChallenge(transportProtocolClient.getConnection()));
    }

    public boolean processMessage(ByteArrayReader byteArrayReader) throws IOException {
        if (byteArrayReader.read() != 60) {
            return false;
        }
        this.transport.addOutgoingTask(new ProcessChallengeResponse(this.transport.getConnection(), byteArrayReader));
        return true;
    }
}
