package org.apache.sshd.server.auth.pubkey;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import javax.naming.NamingException;
import org.apache.sshd.common.config.keys.AuthorizedKeyEntry;
import org.apache.sshd.common.config.keys.KeyUtils;
import org.apache.sshd.common.config.keys.PublicKeyEntryResolver;
import org.apache.sshd.common.util.GenericUtils;
import org.apache.sshd.common.util.ValidateUtils;
import org.apache.sshd.server.auth.LdapAuthenticator;
import org.apache.sshd.server.session.ServerSession;

/* loaded from: input_file:org/apache/sshd/server/auth/pubkey/LdapPublickeyAuthenticator.class */
public class LdapPublickeyAuthenticator extends LdapAuthenticator implements PublickeyAuthenticator {
    public static final String DEFAULT_SEARCH_FILTER_PATTERN = "uid={0}";
    public static final String DEFAULT_PUBKEY_ATTR_NAME = "sshPublicKey";
    private String keyAttributeName = DEFAULT_PUBKEY_ATTR_NAME;

    public LdapPublickeyAuthenticator() {
        setSearchFilterPattern(DEFAULT_SEARCH_FILTER_PATTERN);
        setRetrievedAttributes(DEFAULT_PUBKEY_ATTR_NAME);
        setAccumulateMultiValues(true);
    }

    public String getKeyAttributeName() {
        return this.keyAttributeName;
    }

    public void setKeyAttributeName(String str) {
        this.keyAttributeName = ValidateUtils.checkNotNullAndNotEmpty(str, "No attribute name");
    }

    public boolean authenticate(String str, PublicKey publicKey, ServerSession serverSession) {
        try {
            return authenticate(str, publicKey, serverSession, resolveAttributes(str, null, serverSession));
        } catch (NamingException | IOException | RuntimeException | GeneralSecurityException e) {
            this.log.warn("authenticate({}@{}) failed ({}) to query: {}", new Object[]{str, serverSession, e.getClass().getSimpleName(), e.getMessage()});
            if (!this.log.isDebugEnabled()) {
                return false;
            }
            this.log.debug("authenticate(" + str + "@" + serverSession + ") query failure details", e);
            return false;
        }
    }

    protected boolean authenticate(String str, PublicKey publicKey, ServerSession serverSession, Map<String, ?> map) throws GeneralSecurityException, IOException {
        return authenticate(str, publicKey, serverSession, map, recoverPublicKeys(str, publicKey, serverSession, map, map.get(getKeyAttributeName())));
    }

    protected boolean authenticate(String str, PublicKey publicKey, ServerSession serverSession, Map<String, ?> map, Collection<? extends PublicKey> collection) {
        if (GenericUtils.isEmpty(collection)) {
            if (!this.log.isDebugEnabled()) {
                return false;
            }
            this.log.debug("authenticate({}@{}) no registered keys", str, serverSession);
            return false;
        }
        if (this.log.isDebugEnabled()) {
            this.log.debug("authenticate({}@{}) check {} registered keys", new Object[]{str, serverSession, Integer.valueOf(collection.size())});
        }
        for (PublicKey publicKey2 : collection) {
            if (this.log.isTraceEnabled()) {
                this.log.trace("authenticate({}@{}) expected={}-{}, actual={}-{}", new Object[]{str, serverSession, KeyUtils.getKeyType(publicKey), KeyUtils.getFingerPrint(publicKey), KeyUtils.getKeyType(publicKey2), KeyUtils.getFingerPrint(publicKey2)});
            }
            if (KeyUtils.compareKeys(publicKey, publicKey2)) {
                return true;
            }
        }
        if (!this.log.isDebugEnabled()) {
            return false;
        }
        this.log.debug("authenticate({}@{}) no matching keys", str, serverSession);
        return false;
    }

    protected List<PublicKey> recoverPublicKeys(String str, PublicKey publicKey, ServerSession serverSession, Map<String, ?> map, Object obj) throws GeneralSecurityException, IOException {
        if (!(obj instanceof Collection)) {
            PublicKey parsePublicKeyValue = parsePublicKeyValue(str, publicKey, serverSession, map, obj);
            return parsePublicKeyValue == null ? Collections.emptyList() : Collections.singletonList(parsePublicKeyValue);
        }
        Collection collection = (Collection) obj;
        ArrayList arrayList = new ArrayList(collection.size());
        Iterator it = collection.iterator();
        while (it.hasNext()) {
            PublicKey parsePublicKeyValue2 = parsePublicKeyValue(str, publicKey, serverSession, map, it.next());
            if (parsePublicKeyValue2 != null) {
                arrayList.add(parsePublicKeyValue2);
            }
        }
        return arrayList;
    }

    protected PublicKey parsePublicKeyValue(String str, PublicKey publicKey, ServerSession serverSession, Map<String, ?> map, Object obj) throws GeneralSecurityException, IOException {
        if (obj == null) {
            return null;
        }
        PublicKey resolvePublicKey = ((AuthorizedKeyEntry) Objects.requireNonNull(AuthorizedKeyEntry.parseAuthorizedKeyEntry(Objects.toString(obj, null)), "No key extracted")).resolvePublicKey(PublicKeyEntryResolver.FAILING);
        if (this.log.isTraceEnabled()) {
            this.log.trace("parsePublicKeyValue({}@{}) {}-{}", new Object[]{str, serverSession, KeyUtils.getKeyType(resolvePublicKey), KeyUtils.getFingerPrint(resolvePublicKey)});
        }
        return resolvePublicKey;
    }
}
