package sshd.shell.springboot.server;

import java.io.IOException;
import java.nio.file.Paths;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Objects;
import java.util.Optional;
import java.util.UUID;
import javax.annotation.PostConstruct;
import javax.annotation.PreDestroy;
import org.apache.sshd.server.SshServer;
import org.apache.sshd.server.auth.password.PasswordAuthenticator;
import org.apache.sshd.server.auth.pubkey.RejectAllPublickeyAuthenticator;
import org.apache.sshd.server.command.CommandFactory;
import org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider;
import org.apache.sshd.server.scp.ScpCommandFactory;
import org.apache.sshd.server.subsystem.sftp.SftpSubsystemFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.Banner;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.env.Environment;
import org.springframework.security.authentication.AuthenticationProvider;
import sshd.shell.springboot.autoconfiguration.Constants;
import sshd.shell.springboot.autoconfiguration.SshdShellProperties;
import sshd.shell.springboot.console.TerminalProcessor;

@Configuration
@ConditionalOnProperty(name = {"sshd.shell.enabled"}, havingValue = "true")
/* loaded from: input_file:BOOT-INF/lib/sshd-shell-spring-boot-starter-4.1.jar:sshd/shell/springboot/server/SshdServerConfiguration.class */
class SshdServerConfiguration {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) SshdServerConfiguration.class);

    @Value("${sshd.system.command.roles}")
    private String systemCommandRoles;

    @Autowired
    private SshdShellProperties properties;

    @Autowired
    private ApplicationContext appContext;

    @Autowired
    private Environment environment;

    @Autowired
    private TerminalProcessor terminalProcessor;

    @Autowired
    @Qualifier(Constants.SHELL_BANNER)
    private Banner shellBanner;

    SshdServerConfiguration() {
    }

    @Bean
    SshServer sshServer() {
        SshdShellProperties.Shell shell = this.properties.getShell();
        if (Objects.isNull(shell.getPassword())) {
            shell.setPassword(UUID.randomUUID().toString());
            log.info("********** User password not set. Use following password to login: {} **********", shell.getPassword());
        }
        return buildServer(shell);
    }

    private SshServer buildServer(SshdShellProperties.Shell shell) {
        SshServer upDefaultServer = SshServer.setUpDefaultServer();
        upDefaultServer.setHost(shell.getHost());
        upDefaultServer.setPort(shell.getPort());
        configureAuthenticationPolicies(upDefaultServer, shell);
        configureServer(upDefaultServer);
        return upDefaultServer;
    }

    private void configureAuthenticationPolicies(SshServer sshServer, SshdShellProperties.Shell shell) {
        sshServer.setKeyPairProvider(new SimpleGeneratorHostKeyProvider(Paths.get(shell.getHostKeyFile(), new String[0])));
        sshServer.setPublickeyAuthenticator(Objects.isNull(shell.getPublicKeyFile()) ? RejectAllPublickeyAuthenticator.INSTANCE : new SshdAuthorizedKeysAuthenticator(Paths.get(shell.getPublicKeyFile(), new String[0])));
        sshServer.setPasswordAuthenticator(passwordAuthenticator(shell));
    }

    private PasswordAuthenticator passwordAuthenticator(SshdShellProperties.Shell shell) {
        SshdShellProperties.Shell.Auth auth = shell.getAuth();
        switch (auth.getAuthType()) {
            case SIMPLE:
                return new SimpleSshdPasswordAuthenticator(shell, new HashSet(Arrays.asList(this.systemCommandRoles)));
            case AUTH_PROVIDER:
                return authProviderAuthenticator(auth);
            default:
                throw new IllegalArgumentException("Invalid/Unsupported auth type");
        }
    }

    private PasswordAuthenticator authProviderAuthenticator(SshdShellProperties.Shell.Auth auth) throws IllegalArgumentException {
        try {
            return new AuthProviderSshdPasswordAuthenticator(Objects.isNull(auth.getAuthProviderBeanName()) ? (AuthenticationProvider) this.appContext.getBean(AuthenticationProvider.class) : (AuthenticationProvider) this.appContext.getBean(auth.getAuthProviderBeanName(), AuthenticationProvider.class));
        } catch (BeansException e) {
            throw new IllegalArgumentException("Expected a default or valid AuthenticationProvider bean", e);
        }
    }

    private void configureServer(SshServer sshServer) {
        if (this.properties.getFiletransfer().isEnabled()) {
            configureServerForSshAndFileTransfer(sshServer);
        } else {
            configureServerForSshOnly(sshServer);
        }
        configureShellFactory(sshServer);
    }

    private void configureServerForSshAndFileTransfer(SshServer sshServer) {
        sshServer.setCommandFactory(sshAndScpCommandFactory());
        sshServer.setFileSystemFactory(new SshdNativeFileSystemFactory(this.properties.getFilesystem().getBase().getDir()));
        sshServer.setSubsystemFactories(Collections.singletonList(new SftpSubsystemFactory.Builder().build()));
    }

    private CommandFactory sshAndScpCommandFactory() {
        ScpCommandFactory scpCommandFactory = new ScpCommandFactory();
        scpCommandFactory.setDelegateCommandFactory(sshCommandFactory(this.properties.getFilesystem().getBase().getDir()));
        return scpCommandFactory;
    }

    private CommandFactory sshCommandFactory(String str) {
        return (channelSession, str2) -> {
            return sshSessionInstance(Optional.ofNullable(str));
        };
    }

    private SshSessionInstance sshSessionInstance(Optional<String> optional) {
        return new SshSessionInstance(this.terminalProcessor, optional, (cls, printStream) -> {
            this.shellBanner.printBanner(this.environment, cls, printStream);
        });
    }

    private void configureServerForSshOnly(SshServer sshServer) {
        sshServer.setCommandFactory(sshCommandFactory(null));
    }

    private void configureShellFactory(SshServer sshServer) {
        Optional of = this.properties.getFiletransfer().isEnabled() ? Optional.of(this.properties.getFilesystem().getBase().getDir()) : Optional.empty();
        sshServer.setShellFactory(channelSession -> {
            return sshSessionInstance(of);
        });
    }

    @PostConstruct
    void startServer() throws IOException {
        SshServer sshServer = sshServer();
        sshServer.start();
        this.properties.getShell().setPort(sshServer.getPort());
        log.info("SSH server started on port {}", Integer.valueOf(this.properties.getShell().getPort()));
    }

    @PreDestroy
    void stopServer() throws IOException {
        sshServer().stop();
        log.info("SSH server stopped");
    }
}
