package dmg.cells.services.login;

import dmg.cells.nucleus.CellAdapter;
import dmg.cells.nucleus.CellMessage;
import dmg.cells.nucleus.CellNucleus;
import dmg.cells.nucleus.CellPath;
import dmg.cells.nucleus.NoRouteToCellException;
import dmg.cells.services.StreamLoginCell;
import dmg.protocols.ssh.SshRsaKey;
import dmg.protocols.ssh.SshRsaKeyContainer;
import dmg.protocols.ssh.SshServerAuthentication;
import dmg.protocols.ssh.SshSharedKey;
import dmg.protocols.ssh.SshStreamEngine;
import dmg.util.StreamEngine;
import java.io.IOException;
import java.io.PrintWriter;
import java.lang.reflect.Constructor;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.util.Hashtable;
import java.util.Map;
import java.util.StringTokenizer;
import java.util.concurrent.ExecutionException;
import org.dcache.util.Args;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:dmg/cells/services/login/SshLoginManager.class */
public class SshLoginManager extends CellAdapter implements Runnable, SshServerAuthentication {
    private static final Logger _log = LoggerFactory.getLogger(SshLoginManager.class);
    private String _cellName;
    private CellNucleus _nucleus;
    private int _listenPort;
    private ServerSocket _serverSocket;
    private Thread _listenThread;
    private int _connectionRequestCounter;
    private int _connectionAcceptionCounter;
    private Hashtable<Thread, Socket> _connectionThreads;
    private SshRsaKey _hostKey;
    private SshRsaKey _serverKey;
    private SshRsaKeyContainer _userKeys;
    private SshRsaKeyContainer _hostKeys;
    private int _keyUpdateInterval;
    private int _loginCounter;
    private int _loginFailures;
    private Class<? extends StreamLoginCell> _loginClass;
    private Constructor<? extends StreamLoginCell> _loginConstructor;
    private Class<?>[] _loginConSignature0;
    private Class<?>[] _loginConSignature1;
    private Class<?>[] _loginPntSignature;
    private int _loginConType;

    public SshLoginManager(String str, String str2) throws Exception {
        super(str, str2, false);
        this._connectionThreads = new Hashtable<>();
        this._keyUpdateInterval = 30;
        this._loginClass = StreamLoginCell.class;
        this._loginConSignature0 = new Class[]{String.class, StreamEngine.class};
        this._loginConSignature1 = new Class[]{String.class, StreamEngine.class, Args.class};
        this._loginPntSignature = new Class[]{Integer.TYPE};
        this._loginConType = -1;
        this._cellName = str;
        try {
            Args args = getArgs();
            if (args.argc() < 1) {
                throw new IllegalArgumentException("USAGE : ... <listenPort> [<loginClass> [...]]");
            }
            this._listenPort = Integer.parseInt(args.argv(0));
            args.shift();
            if (args.argc() > 0) {
                this._loginClass = Class.forName(args.argv(0)).asSubclass(StreamLoginCell.class);
                _log.info("Using login class : " + this._loginClass.getName());
                args.shift();
            }
            try {
                this._loginConstructor = this._loginClass.getConstructor(this._loginConSignature1);
                this._loginConType = 1;
            } catch (NoSuchMethodException e) {
                this._loginConstructor = this._loginClass.getConstructor(this._loginConSignature0);
                this._loginConType = 0;
            }
            _log.info("Using constructor : " + this._loginConstructor);
            this._serverSocket = new ServerSocket(this._listenPort);
            this._nucleus = getNucleus();
            this._listenThread = new Thread(this, "listenThread");
            this._listenThread.start();
            start();
        } catch (Exception e2) {
            _log.warn("SshLoginManger >" + getCellName() + "< got exception : " + e2);
            start();
            kill();
            throw e2;
        }
    }

    @Override // dmg.cells.nucleus.CellAdapter
    public String toString() {
        return "p=" + this._listenPort + ";c=" + this._loginClass.getName();
    }

    @Override // dmg.cells.nucleus.CellAdapter
    public void getInfo(PrintWriter printWriter) {
        printWriter.println("  -- Ssh Login Manager");
        printWriter.println("  Listen Port    : " + this._listenPort);
        printWriter.println("  Login Class    : " + this._loginClass);
        printWriter.println("  Logins created : " + this._loginCounter);
        printWriter.println("  Logins failed  : " + this._loginFailures);
    }

    @Override // dmg.cells.nucleus.CellAdapter
    public void cleanUp() {
        _log.info("cleanUp requested by nucleus, closing listen socket");
        if (this._serverSocket != null) {
            try {
                this._serverSocket.close();
            } catch (IOException e) {
            }
        }
        _log.info("Bye Bye");
    }

    private void acceptConnections() {
        while (true) {
            Socket socket = null;
            try {
                socket = this._serverSocket.accept();
                this._connectionRequestCounter++;
                _log.info("Connection request from " + socket.getInetAddress());
                Thread thread = new Thread(this);
                this._connectionThreads.put(thread, socket);
                thread.start();
            } catch (IOException e) {
                _log.warn("Got an IO Exception ( closing server ) : " + e);
                return;
            } catch (Exception e2) {
                _log.warn("Got an Exception in getting keys ( closing connection ) : " + e2);
                if (socket != null) {
                    try {
                        socket.close();
                    } catch (IOException e3) {
                    }
                }
            }
        }
    }

    public void acceptConnection(Socket socket) {
        Thread currentThread = Thread.currentThread();
        try {
            _log.info("acceptThread (" + currentThread + "): creating protocol engine");
            SshStreamEngine sshStreamEngine = new SshStreamEngine(socket, this);
            String name = sshStreamEngine.getName();
            _log.info("acceptThread (" + currentThread + "): connection created for user " + name);
            try {
                this._loginConstructor.newInstance(this._loginConType == 0 ? new Object[]{getCellName() + "-" + name + "*", sshStreamEngine} : new Object[]{getCellName() + "-" + name + "*", sshStreamEngine, new Args(getArgs())});
                this._loginCounter++;
            } catch (Exception e) {
                _log.warn("Can't create new instance of " + this._loginClass.getName() + " " + e);
                sshStreamEngine.close();
                this._loginFailures++;
            }
        } catch (Exception e2) {
            _log.warn("Exception in secure protocol : " + e2);
            this._loginFailures++;
        }
    }

    @Override // java.lang.Runnable
    public void run() {
        if (Thread.currentThread() == this._listenThread) {
            acceptConnections();
            return;
        }
        Socket remove = this._connectionThreads.remove(Thread.currentThread());
        if (remove != null) {
            acceptConnection(remove);
        }
    }

    private SshRsaKey getIdentity(String str) {
        Map map = (Map) this._nucleus.getDomainContext().get("Ssh");
        if (map == null) {
            _log.warn("Auth (" + str + ") : Ssh Context unavailable");
            return null;
        }
        SshRsaKey sshRsaKey = (SshRsaKey) map.get(str);
        _log.info("Auth : Request for " + str + (sshRsaKey == null ? " Failed" : " o.k."));
        return sshRsaKey;
    }

    @Override // dmg.protocols.ssh.SshServerAuthentication
    public SshRsaKey getHostRsaKey() {
        return getIdentity("hostIdentity");
    }

    @Override // dmg.protocols.ssh.SshServerAuthentication
    public SshRsaKey getServerRsaKey() {
        return getIdentity("serverIdentity");
    }

    @Override // dmg.protocols.ssh.SshServerAuthentication
    public SshSharedKey getSharedKey(InetAddress inetAddress, String str) {
        _log.info("Auth : Request for Shared Key denied");
        return null;
    }

    @Override // dmg.protocols.ssh.SshServerAuthentication
    public boolean authUser(InetAddress inetAddress, String str) {
        _log.info("Auth : User Request for user " + str + " host " + inetAddress + " denied");
        return false;
    }

    @Override // dmg.protocols.ssh.SshServerAuthentication
    public boolean authRhosts(InetAddress inetAddress, String str) {
        _log.info("Auth : Rhost Request for user " + str + " host " + inetAddress + " denied");
        return false;
    }

    /* JADX WARN: Type inference failed for: r0v18, types: [java.lang.Object[], java.io.Serializable] */
    @Override // dmg.protocols.ssh.SshServerAuthentication
    public boolean authPassword(InetAddress inetAddress, String str, String str2) {
        _log.info("Auth : Password Request for user " + str + " host " + inetAddress);
        Map map = (Map) this._nucleus.getDomainContext().get("Ssh");
        if (map == null) {
            _log.warn("Auth authPassword : Ssh Context unavailable for request from User " + str + " Host " + inetAddress);
            return false;
        }
        Object obj = map.get("userPasswords");
        if (obj == null) {
            _log.warn("Auth authPassword : userPasswords not available");
            return false;
        }
        if (obj instanceof Hashtable) {
            String str3 = (String) ((Hashtable) obj).get(str);
            if (str3 == null) {
                _log.warn("Auth authPassword : user " + str + " not found ");
                return false;
            }
            if (str2.equals(str3)) {
                return true;
            }
            _log.warn("Auth authPassword : user " + str + " password mismatch ");
            return false;
        }
        if (!(obj instanceof String)) {
            return false;
        }
        CellPath cellPath = new CellPath((String) obj);
        _log.info("Auth passwd : using : " + cellPath);
        try {
            CellMessage sendAndWait = getNucleus().sendAndWait(new CellMessage(cellPath, new Object[]{"request", "unknown", "check-password", str, str2}), 4000L);
            if (sendAndWait == null) {
                _log.warn("request for user >" + str + "< timed out");
                return false;
            }
            Object messageObject = sendAndWait.getMessageObject();
            if (messageObject == null) {
                _log.warn("Request response is null");
                return false;
            }
            if (!(messageObject instanceof Object[])) {
                _log.warn("Response not Object[] : " + messageObject.getClass());
                return false;
            }
            Object[] objArr = (Object[]) messageObject;
            if (objArr.length < 6) {
                _log.warn("Response length < 6");
                return false;
            }
            if ((objArr[0] instanceof String) && objArr[0].equals("response") && (objArr[5] instanceof Boolean)) {
                _log.info("Response for >" + str + "< : " + objArr[5]);
                return ((Boolean) objArr[5]).booleanValue();
            }
            _log.warn("Not a response");
            return false;
        } catch (NoRouteToCellException | InterruptedException e) {
            _log.warn("Problem for user >" + str + "< : " + e);
            return false;
        } catch (ExecutionException e2) {
            _log.warn("Problem for user >" + str + "< : " + e2.getCause());
            return false;
        }
    }

    private SshRsaKey getPublicKey(String str, SshRsaKey sshRsaKey, InetAddress inetAddress, String str2) {
        Map map = (Map) this._nucleus.getDomainContext().get("Ssh");
        _log.info("Serching Key in " + str);
        _log.info("" + sshRsaKey);
        if (map == null) {
            _log.warn("Auth (" + str + ") : Ssh Context unavailable for request from User " + str2 + " Host " + inetAddress);
            return null;
        }
        SshRsaKeyContainer sshRsaKeyContainer = (SshRsaKeyContainer) map.get(str);
        if (sshRsaKeyContainer == null) {
            _log.warn("Auth (" + str + ") : Ssh " + str + " unavailable for request from User " + str2 + " Host " + inetAddress);
            return null;
        }
        SshRsaKey findByModulus = sshRsaKeyContainer.findByModulus(sshRsaKey);
        if (findByModulus != null) {
            return findByModulus;
        }
        _log.warn("Auth (" + str + ") : Ssh key not found from User " + str2 + " Host " + inetAddress);
        return null;
    }

    @Override // dmg.protocols.ssh.SshServerAuthentication
    public SshRsaKey authRsa(InetAddress inetAddress, String str, SshRsaKey sshRsaKey) {
        SshRsaKey publicKey = getPublicKey("knownUsers", sshRsaKey, inetAddress, str);
        if (publicKey == null) {
            return null;
        }
        String nextToken = new StringTokenizer(publicKey.getComment(), "@").nextToken();
        if (nextToken.equals(str)) {
            _log.info("Auth (knownUsers) : Ssh key (" + publicKey.getComment() + ") found for user " + str + " Host " + inetAddress);
            return publicKey;
        }
        _log.info("Auth (knownUsers) : Ssh key mismatch " + nextToken + " <> " + str);
        return null;
    }

    @Override // dmg.protocols.ssh.SshServerAuthentication
    public SshRsaKey authRhostsRsa(InetAddress inetAddress, String str, String str2, SshRsaKey sshRsaKey) {
        _log.info("Auth (authRhostsRsa) : host=" + inetAddress + " user=" + str + " reqUser=" + str2);
        if (str.equals(str2)) {
            return getPublicKey("knownHosts", sshRsaKey, inetAddress, str);
        }
        _log.info("Auth : user mismatch , proxy user not allowed");
        return null;
    }
}
