package org.springframework.cloud.config.server.ssh;

import java.io.File;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.Proxy;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.PublicKey;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.sshd.common.config.keys.AuthorizedKeyEntry;
import org.apache.sshd.common.config.keys.KeyUtils;
import org.apache.sshd.common.config.keys.PublicKeyEntryResolver;
import org.apache.sshd.common.keyprovider.KeyIdentityProvider;
import org.apache.sshd.common.session.SessionContext;
import org.apache.sshd.common.util.net.SshdSocketAddress;
import org.eclipse.jgit.annotations.NonNull;
import org.eclipse.jgit.internal.transport.ssh.OpenSshConfigFile;
import org.eclipse.jgit.internal.transport.sshd.OpenSshServerKeyDatabase;
import org.eclipse.jgit.transport.CredentialsProvider;
import org.eclipse.jgit.transport.SshConfigStore;
import org.eclipse.jgit.transport.sshd.JGitKeyCache;
import org.eclipse.jgit.transport.sshd.ProxyData;
import org.eclipse.jgit.transport.sshd.ProxyDataFactory;
import org.eclipse.jgit.transport.sshd.ServerKeyDatabase;
import org.eclipse.jgit.transport.sshd.SshdSessionFactory;
import org.springframework.cloud.config.server.environment.JGitEnvironmentProperties;
import org.springframework.cloud.config.server.proxy.ProxyHostProperties;
import org.springframework.util.StringUtils;

/* loaded from: input_file:org/springframework/cloud/config/server/ssh/PropertyBasedSshSessionFactory.class */
public class PropertyBasedSshSessionFactory extends SshdSessionFactory {
    private static final String STRICT_HOST_KEY_CHECKING = "StrictHostKeyChecking";
    private static final String PREFERRED_AUTHENTICATIONS = "PreferredAuthentications";
    private static final String YES_OPTION = "yes";
    private static final String NO_OPTION = "no";
    private final Map<String, JGitEnvironmentProperties> sshKeysByHostname;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* loaded from: input_file:org/springframework/cloud/config/server/ssh/PropertyBasedSshSessionFactory$HttpProxyDataFactory.class */
    private static final class HttpProxyDataFactory implements ProxyDataFactory {
        private final Map<String, JGitEnvironmentProperties> sshKeysByHostname;

        private HttpProxyDataFactory(Map<String, JGitEnvironmentProperties> map) {
            this.sshKeysByHostname = map;
        }

        public ProxyData get(InetSocketAddress inetSocketAddress) {
            ProxyHostProperties proxyHostProperties = this.sshKeysByHostname.get(inetSocketAddress.getHostName()).getProxy().get(ProxyHostProperties.ProxyForScheme.HTTP);
            if (proxyHostProperties == null || !proxyHostProperties.connectionInformationProvided()) {
                return null;
            }
            return new ProxyData(new Proxy(Proxy.Type.HTTP, new InetSocketAddress(proxyHostProperties.getHost(), proxyHostProperties.getPort())), proxyHostProperties.getUsername(), proxyHostProperties.getPassword().toCharArray());
        }
    }

    /* loaded from: input_file:org/springframework/cloud/config/server/ssh/PropertyBasedSshSessionFactory$SingleKeyIdentityProvider.class */
    private static final class SingleKeyIdentityProvider implements KeyIdentityProvider, Iterable<KeyPair> {
        private final Map<String, JGitEnvironmentProperties> sshKeysByHostname;

        private SingleKeyIdentityProvider(Map<String, JGitEnvironmentProperties> map) {
            this.sshKeysByHostname = map;
        }

        @Override // java.lang.Iterable
        public Iterator<KeyPair> iterator() {
            throw new UnsupportedOperationException("Should not be called");
        }

        public Iterable<KeyPair> loadKeys(SessionContext sessionContext) throws IOException, GeneralSecurityException {
            JGitEnvironmentProperties jGitEnvironmentProperties = this.sshKeysByHostname.get(SshdSocketAddress.toSshdSocketAddress(sessionContext.getRemoteAddress()).getHostName());
            return jGitEnvironmentProperties == null ? Collections.emptyList() : KeyPairUtils.load(sessionContext, jGitEnvironmentProperties.getPrivateKey());
        }
    }

    public PropertyBasedSshSessionFactory(Map<String, JGitEnvironmentProperties> map) {
        super(new JGitKeyCache(), new HttpProxyDataFactory(map));
        this.sshKeysByHostname = map;
        if (!$assertionsDisabled && this.sshKeysByHostname.entrySet().size() <= 0) {
            throw new AssertionError();
        }
    }

    protected SshConfigStore createSshConfigStore(File file, File file2, String str) {
        return new SshConfigStore() { // from class: org.springframework.cloud.config.server.ssh.PropertyBasedSshSessionFactory.1
            public SshConfigStore.HostConfig lookup(@NonNull String str2, int i, String str3) {
                return updateIfNeeded(new OpenSshConfigFile.HostEntry(), str2);
            }

            private OpenSshConfigFile.HostEntry updateIfNeeded(OpenSshConfigFile.HostEntry hostEntry, String str2) {
                JGitEnvironmentProperties jGitEnvironmentProperties = (JGitEnvironmentProperties) PropertyBasedSshSessionFactory.this.sshKeysByHostname.get(str2);
                if (jGitEnvironmentProperties == null) {
                    return hostEntry;
                }
                if (jGitEnvironmentProperties.getHostKey() == null || !jGitEnvironmentProperties.isStrictHostKeyChecking()) {
                    hostEntry.setValue(PropertyBasedSshSessionFactory.STRICT_HOST_KEY_CHECKING, PropertyBasedSshSessionFactory.NO_OPTION);
                } else {
                    hostEntry.setValue(PropertyBasedSshSessionFactory.STRICT_HOST_KEY_CHECKING, PropertyBasedSshSessionFactory.YES_OPTION);
                }
                String preferredAuthentications = jGitEnvironmentProperties.getPreferredAuthentications();
                if (preferredAuthentications != null) {
                    hostEntry.setValue(PropertyBasedSshSessionFactory.PREFERRED_AUTHENTICATIONS, preferredAuthentications);
                }
                return hostEntry;
            }
        };
    }

    protected File getSshConfig(File file) {
        return null;
    }

    protected ServerKeyDatabase getServerKeyDatabase(File file, File file2) {
        return new ServerKeyDatabase() { // from class: org.springframework.cloud.config.server.ssh.PropertyBasedSshSessionFactory.2
            public List<PublicKey> lookup(String str, InetSocketAddress inetSocketAddress, ServerKeyDatabase.Configuration configuration) {
                JGitEnvironmentProperties jGitEnvironmentProperties = (JGitEnvironmentProperties) PropertyBasedSshSessionFactory.this.sshKeysByHostname.get(inetSocketAddress.getHostName());
                if (jGitEnvironmentProperties == null) {
                    return Collections.emptyList();
                }
                List<PublicKey> lookup = new OpenSshServerKeyDatabase(false, getKnownHostFiles(jGitEnvironmentProperties)).lookup(str, inetSocketAddress, configuration);
                PublicKey hostKey = getHostKey(jGitEnvironmentProperties);
                if (hostKey != null) {
                    lookup.add(hostKey);
                }
                return lookup;
            }

            public boolean accept(String str, InetSocketAddress inetSocketAddress, PublicKey publicKey, ServerKeyDatabase.Configuration configuration, CredentialsProvider credentialsProvider) {
                return isNotStrictHostKeyChecking(inetSocketAddress.getHostName()) || KeyUtils.findMatchingKey(publicKey, lookup(str, inetSocketAddress, configuration)) != null;
            }

            private boolean isNotStrictHostKeyChecking(String str) {
                JGitEnvironmentProperties jGitEnvironmentProperties = (JGitEnvironmentProperties) PropertyBasedSshSessionFactory.this.sshKeysByHostname.get(str);
                return (jGitEnvironmentProperties == null || jGitEnvironmentProperties.isStrictHostKeyChecking()) ? false : true;
            }

            private PublicKey getHostKey(JGitEnvironmentProperties jGitEnvironmentProperties) {
                String hostKey = jGitEnvironmentProperties.getHostKey();
                String hostKeyAlgorithm = jGitEnvironmentProperties.getHostKeyAlgorithm();
                if (!StringUtils.hasText(hostKey) || !StringUtils.hasText(hostKeyAlgorithm)) {
                    return null;
                }
                try {
                    return AuthorizedKeyEntry.parseAuthorizedKeyEntry(hostKeyAlgorithm + " " + hostKey).resolvePublicKey((SessionContext) null, (PublicKeyEntryResolver) null);
                } catch (IOException | GeneralSecurityException e) {
                    throw new RuntimeException(e);
                }
            }

            private List<Path> getKnownHostFiles(JGitEnvironmentProperties jGitEnvironmentProperties) {
                return jGitEnvironmentProperties.getKnownHostsFile() == null ? Collections.emptyList() : Collections.singletonList(Paths.get(jGitEnvironmentProperties.getKnownHostsFile(), new String[0]));
            }
        };
    }

    protected Iterable<KeyPair> getDefaultKeys(File file) {
        return new SingleKeyIdentityProvider(this.sshKeysByHostname);
    }

    static {
        $assertionsDisabled = !PropertyBasedSshSessionFactory.class.desiredAssertionStatus();
    }
}
