package dmg.protocols.ssh;

import dmg.security.digest.Md5;
import dmg.util.StreamEngine;
import dmg.util.edb.JdbmSerializable;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.Reader;
import java.io.Writer;
import java.math.BigInteger;
import java.net.InetAddress;
import java.net.Socket;
import java.security.Principal;
import java.util.Date;
import java.util.Random;
import javax.security.auth.Subject;
import org.dcache.auth.Subjects;
import org.dcache.auth.UserNamePrincipal;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:dmg/protocols/ssh/SshStreamEngine.class */
public class SshStreamEngine extends SshCoreEngine implements StreamEngine {
    private static final Logger _log = LoggerFactory.getLogger(SshStreamEngine.class);
    private final Socket _socket;
    private SshServerAuthentication _serverAuth;
    private SshClientAuthentication _clientAuth;
    private Thread _listenerThread;
    private SshRsaKey _serverIdentity;
    private SshRsaKey _hostIdentity;
    private byte[] _sessionId;
    private final int _mode;
    private boolean _closing;
    private boolean _closed;
    private final Object _closeLock;
    private InetAddress _remoteAddress;
    private Subject _remoteUser;
    private String _terminal;
    private int _width;
    private int _height;
    public static final int SERVER_MODE = 1;
    public static final int CLIENT_MODE = 2;
    private boolean _isActive;
    private static final String __version = "SSH-1.5-3333\n";
    private static final int ST_ERROR = -1;
    private static final int ST_INIT = 0;
    private static final int ST_USER = 1;
    private static final int ST_AUTH = 2;
    private static final int ST_PREPARE = 3;
    private static final int ST_INTERACTIVE = 4;
    private static final int ST_SESSION_SEND = 5;
    private static final int ST_USER_SEND = 6;
    private static final int ST_TRY_RSA_AUTH = 7;
    private static final int ST_RSA_RESPONSE = 8;
    private static final int ST_EXEC_SEND = 9;
    private static final int ST_TRY_PASSWORD_AUTH = 10;
    private static final int ST_TRY_RHOSTS_RSA_AUTH = 11;

    public SshStreamEngine(Socket socket, SshServerAuthentication sshServerAuthentication) throws IOException, SshAuthenticationException {
        super(socket);
        this._closeLock = new Object();
        this._remoteUser = new Subject();
        this._isActive = true;
        this._socket = socket;
        this._serverAuth = sshServerAuthentication;
        this._mode = 1;
        this._remoteUser.setReadOnly();
        runServerProtocol();
    }

    public SshStreamEngine(Socket socket, SshClientAuthentication sshClientAuthentication) throws IOException, SshAuthenticationException {
        super(socket);
        this._closeLock = new Object();
        this._remoteUser = new Subject();
        this._isActive = true;
        this._socket = socket;
        this._clientAuth = sshClientAuthentication;
        this._mode = 2;
        this._remoteUser.setReadOnly();
        runClientProtocol();
    }

    public int getMode() {
        return this._mode;
    }

    @Override // dmg.util.StreamEngine
    public Socket getSocket() {
        return this._socket;
    }

    @Override // dmg.util.StreamEngine
    public InputStream getInputStream() {
        return new SshInputStream(this);
    }

    @Override // dmg.util.StreamEngine
    public OutputStream getOutputStream() {
        return new SshOutputStream(this);
    }

    public String getName() {
        return Subjects.getUserName(this._remoteUser);
    }

    @Override // dmg.util.StreamEngine
    public Subject getSubject() {
        return this._remoteUser;
    }

    @Override // dmg.util.StreamEngine
    public InetAddress getInetAddress() {
        return this._remoteAddress;
    }

    @Override // dmg.util.StreamEngine
    public InetAddress getLocalAddress() {
        return this._socket.getLocalAddress();
    }

    @Override // dmg.util.StreamEngine
    public String getTerminalType() {
        return this._terminal;
    }

    @Override // dmg.util.StreamEngine
    public int getTerminalWidth() {
        return this._width;
    }

    @Override // dmg.util.StreamEngine
    public int getTerminalHeight() {
        return this._height;
    }

    @Override // dmg.util.StreamEngine
    public Reader getReader() {
        return this._mode == 1 ? new SshInputStreamReader(getInputStream(), getOutputStream()) : new SshClientInputStreamReader(getInputStream(), getOutputStream());
    }

    @Override // dmg.util.StreamEngine
    public Writer getWriter() {
        return this._mode == 1 ? new SshOutputStreamWriter(getOutputStream()) : new SshClientOutputStreamWriter(getOutputStream());
    }

    private void runClientProtocol() throws IOException, SshAuthenticationException {
        _log.debug("Connected (client)");
        _log.debug("Received version: {}", readVersionString());
        _log.debug("Sending our version: {}", __version);
        writeString(__version);
        client_loop();
        _log.debug("Preparation Loop finished");
    }

    private void runServerProtocol() throws IOException, SshAuthenticationException {
        _log.debug("Connected (server)");
        this._remoteAddress = this._socket.getInetAddress();
        writeString(__version);
        _log.debug("Client has version: {}", readVersionString());
        this._serverIdentity = this._serverAuth.getServerRsaKey();
        this._hostIdentity = this._serverAuth.getHostRsaKey();
        if (this._serverIdentity == null || this._hostIdentity == null) {
            throw new SshAuthenticationException("Either server or host Identity not found");
        }
        SshSmsgPublicKey sshSmsgPublicKey = new SshSmsgPublicKey(this._serverIdentity, this._hostIdentity, 70, 28);
        this._sessionId = sshSmsgPublicKey.getSessionId();
        writePacket(sshSmsgPublicKey);
        server_loop();
        _log.debug("Preparation Loop finished");
    }

    public void close() throws IOException {
        close(0);
    }

    public void close(int i) throws IOException {
        _log.debug("close(closing={}; closed={})", Boolean.valueOf(this._closing), Boolean.valueOf(this._closed));
        if (this._mode != 1) {
            synchronized (this._closeLock) {
                if (!this._closed) {
                    throw new IOException("Client not allowed to close connection first");
                }
            }
            return;
        }
        synchronized (this._closeLock) {
            if (!this._closing && !this._closed) {
                this._closing = true;
                this._isActive = false;
                shutdown(i);
            }
        }
    }

    private void shutdown(int i) throws IOException {
        writePacket(new SshSmsgExitStatus(i));
        this._socket.shutdownOutput();
        waitForClientConfirmation();
        waitForClientClose();
        confirmed();
    }

    private void waitForClientConfirmation() throws IOException {
        SshPacket readPacket;
        SshPacket readPacket2 = readPacket();
        if (readPacket2 != null && readPacket2.getType() == 19) {
            readPacket2 = readPacket();
        }
        if (readPacket2 == null || readPacket2.getType() == 33) {
            return;
        }
        _log.warn("received unexpected message (type={}) after server send exit message; discarding any subsequent data.", Integer.valueOf(readPacket2.getType()));
        do {
            readPacket = readPacket();
            if (readPacket == null) {
                return;
            }
        } while (readPacket.getType() != 33);
    }

    private void waitForClientClose() throws IOException {
        SshPacket readPacket = readPacket();
        if (readPacket != null) {
            _log.warn("unexpected client packet (type={}) after server finished the session; discarding incoming data until client closes.", Integer.valueOf(readPacket.getType()));
            do {
            } while (readPacket() != null);
        }
    }

    public boolean isActive() {
        boolean z;
        synchronized (this._closeLock) {
            z = this._isActive;
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void confirmed() throws IOException {
        _log.debug("confirmed(closing={}; closed={})", Boolean.valueOf(this._closing), Boolean.valueOf(this._closed));
        if (this._mode != 1) {
            synchronized (this._closeLock) {
                if (!this._closed) {
                    this._closed = true;
                    this._socket.close();
                }
            }
            return;
        }
        synchronized (this._closeLock) {
            if (!this._closed && this._closing) {
                this._closed = true;
                this._closing = false;
                this._socket.close();
            }
        }
    }

    private void client_loop() throws IOException, SshAuthenticationException {
        int i = 0;
        byte[] bArr = null;
        SshRsaKey sshRsaKey = null;
        while (true) {
            SshPacket readPacket = readPacket();
            if (readPacket != null) {
                _log.debug("Packet arrived: " + readPacket.getType());
                switch (readPacket.getType()) {
                    case 1:
                        _log.debug("SSH_MSG_DISCONNECT: not implemented");
                        return;
                    case 2:
                        _log.debug("SSH_SMSG_PUBLIC_KEY received");
                        SshSmsgPublicKey sshSmsgPublicKey = new SshSmsgPublicKey(readPacket);
                        if (!this._clientAuth.isHostKey(this._socket.getInetAddress(), sshSmsgPublicKey.getHostKey())) {
                            throw new SshAuthenticationException("Unknown Host key");
                        }
                        bArr = sshSmsgPublicKey.getSessionId();
                        byte[] bArr2 = new byte[32];
                        new Random(new Date().getTime()).nextBytes(bArr2);
                        byte[] bArr3 = new byte[32];
                        System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
                        for (int i2 = 0; i2 < 16; i2++) {
                            int i3 = i2;
                            bArr3[i3] = (byte) (bArr3[i3] ^ bArr[i2]);
                        }
                        byte[] encrypt = sshSmsgPublicKey.getHostKey().encrypt(sshSmsgPublicKey.getServerKey().encrypt(bArr3));
                        _log.debug("Sending SshCmsgSessionKey");
                        writePacket(new SshCmsgSessionKey(1, sshSmsgPublicKey.getCookie(), encrypt, 0));
                        byte[] bArr4 = new byte[16];
                        System.arraycopy(bArr2, 0, bArr4, 0, 16);
                        setEncryption(1, bArr4);
                        i = 5;
                        break;
                    case 7:
                        if (i != 7 && i != 11) {
                            throw new SshProtocolException("PANIC : SSH_SMSG_AUTH_RSA_CHALLENGE in state " + i);
                        }
                        byte[] decrypt = sshRsaKey.decrypt(new SshSmsgAuthRsaChallenge(readPacket).getMpInt());
                        _log.debug("SSH_SMSG_AUTH_RSA_CHALLENGE received");
                        try {
                            Md5 md5 = new Md5();
                            md5.update(decrypt);
                            md5.update(bArr);
                            decrypt = md5.digest();
                        } catch (Exception e) {
                            _log.warn("Ignored exception: {}", e.toString());
                        }
                        writePacket(new SshCmsgAuthRsaResponse(decrypt));
                        i = 8;
                        break;
                    case SshPacket.SSH_SMSG_SUCCESS /* 14 */:
                        switch (i) {
                            case 5:
                                _log.debug("SSH_SMSG_SUCCESS on ST_SESSION_SEND");
                                writePacket(new SshCmsgUser(this._clientAuth.getUser()));
                                i = 6;
                                break;
                            case 8:
                                _log.debug("SSH_SMSG_SUCCESS on ST_RSA_RESPONSE");
                                writePacket(new SshCmsgExecShell());
                                return;
                            case 10:
                                _log.debug("SSH_SMSG_SUCCESS on ST_TRY_PASSWORD_AUTH");
                                writePacket(new SshCmsgExecShell());
                                return;
                            default:
                                throw new SshProtocolException("PANIC : SSH_SMSG_SUCCESS in state " + i);
                        }
                    case SshPacket.SSH_SMSG_FAILURE /* 15 */:
                        switch (i) {
                            case 6:
                            case 7:
                            case 8:
                            case 10:
                            case 11:
                                _log.debug("SSH_SMSG_FAILURE on {}", Integer.valueOf(i));
                                SshAuthMethod authMethod = this._clientAuth.getAuthMethod();
                                if (authMethod == null) {
                                    throw new SshAuthenticationException("No more methods from Client");
                                }
                                if (!(authMethod instanceof SshAuthRsa)) {
                                    if (!(authMethod instanceof SshAuthRhostsRsa)) {
                                        if (!(authMethod instanceof SshAuthPassword)) {
                                            throw new SshProtocolException("Illegal class from Client");
                                        }
                                        writePacket(new SshCmsgAuthPassword(authMethod.getUser()));
                                        _log.debug("Sending ST_TRY_PASSWORD_AUTH");
                                        i = 10;
                                        break;
                                    } else {
                                        sshRsaKey = authMethod.getKey();
                                        writePacket(new SshCmsgAuthRhostsRsa(authMethod.getUser(), sshRsaKey));
                                        i = 11;
                                        _log.debug("Sending ST_TRY_RSA_RHOSTS_AUTH");
                                        break;
                                    }
                                } else {
                                    sshRsaKey = authMethod.getKey();
                                    writePacket(new SshCmsgAuthRsa(sshRsaKey.getModulusBytes(), 0, sshRsaKey.getModulusBits()));
                                    i = 7;
                                    _log.debug("Sending ST_TRY_RSA_AUTH");
                                    break;
                                }
                            case 9:
                            default:
                                throw new SshProtocolException("PANIC : SSH_SMSG_FAILURE in state " + i);
                        }
                    case SshPacket.SSH_MSG_DEBUG /* 36 */:
                        _log.debug("SSH_MSG_DEBUG: {}", new SshMsgDebug(readPacket).getMessage());
                        break;
                    default:
                        _log.warn("Unknown denied: " + readPacket.getType());
                        break;
                }
            } else {
                return;
            }
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void server_loop() throws IOException {
        SshSmsgFailure sshSmsgFailure = new SshSmsgFailure();
        SshSmsgSuccess sshSmsgSuccess = new SshSmsgSuccess();
        byte[] bArr = null;
        boolean z = false;
        while (true) {
            SshPacket readPacket = readPacket();
            if (readPacket != null) {
                switch (readPacket.getType()) {
                    case 1:
                        _log.debug("SSH_MSG_DISCONNECT");
                        return;
                    case 2:
                    case 5:
                    case 7:
                    case SshPacket.SSH_SMSG_SUCCESS /* 14 */:
                    case SshPacket.SSH_SMSG_FAILURE /* 15 */:
                    case 17:
                    case 18:
                    case 19:
                    case 20:
                    case JdbmSerializable.AV_ELEMENT_LIST /* 21 */:
                    case JdbmSerializable.DIRECTORY /* 22 */:
                    case JdbmSerializable.FILE_HEADER /* 23 */:
                    case 24:
                    case 25:
                    case 26:
                    case 27:
                    case 28:
                    case 29:
                    case 31:
                    case 32:
                    default:
                        _log.warn("Unknown denied : {}", Integer.valueOf(readPacket.getType()));
                        if (z != 4) {
                            writePacket(sshSmsgFailure);
                            break;
                        } else {
                            break;
                        }
                    case 3:
                        _log.debug("SSH_CMSG_SESSION_KEY");
                        if (z) {
                            throw new SshProtocolException("SSH_CMSG_SESSION_KEY in not INIT state");
                        }
                        SshCmsgSessionKey sshCmsgSessionKey = new SshCmsgSessionKey(this._serverIdentity, this._hostIdentity, readPacket);
                        byte[] sessionKey = sshCmsgSessionKey.getSessionKey();
                        for (int i = 0; i < 16; i++) {
                            int i2 = i;
                            sessionKey[i2] = (byte) (sessionKey[i2] ^ this._sessionId[i]);
                        }
                        if (!setEncryption(sshCmsgSessionKey.getCipher(), sessionKey)) {
                            writePacket(sshSmsgFailure);
                            throw new SshProtocolException("Cipher : can't use " + sshCmsgSessionKey.getCipher());
                        }
                        writePacket(sshSmsgSuccess);
                        z = true;
                        break;
                    case 4:
                        _log.debug("SSH_CMSG_USER: arrived");
                        if (!z) {
                            throw new SshProtocolException("SSH_CMSG_USER in not USER state");
                        }
                        SshCmsgUser sshCmsgUser = new SshCmsgUser(readPacket);
                        _log.debug("SSH_CMSG_USER: User = {}", sshCmsgUser.getUser());
                        Principal userNamePrincipal = new UserNamePrincipal(sshCmsgUser.getUser());
                        this._remoteUser = new Subject();
                        this._remoteUser.getPrincipals().add(userNamePrincipal);
                        if (this._serverAuth.authUser(this._remoteAddress, getName())) {
                            z = 3;
                            writePacket(sshSmsgSuccess);
                            break;
                        } else {
                            z = 2;
                            writePacket(sshSmsgFailure);
                            break;
                        }
                    case 6:
                        _log.debug("SSH_CMSG_AUTH_RSA");
                        SshRsaKey authRsa = this._serverAuth.authRsa(this._remoteAddress, getName(), new SshCmsgAuthRsa(readPacket).getKey());
                        if (authRsa == null) {
                            _log.warn("SSH_CMSG_AUTH_RSA: Key not found");
                            writePacket(sshSmsgFailure);
                            break;
                        } else {
                            _log.debug("SSH_CMSG_AUTH_RSA: Key found");
                            bArr = new byte[32];
                            new Random(System.currentTimeMillis()).nextBytes(bArr);
                            BigInteger encryptBigInteger = authRsa.encryptBigInteger(bArr, 0, bArr.length);
                            writePacket(new SshSmsgAuthRsaChallenge(encryptBigInteger.toByteArray(), 0, encryptBigInteger.bitLength()));
                            break;
                        }
                    case 8:
                        _log.debug("SSH_CMSG_AUTH_RSA_RESPONSE");
                        SshCmsgAuthRsaResponse sshCmsgAuthRsaResponse = new SshCmsgAuthRsaResponse(readPacket);
                        if (bArr == null) {
                            throw new SshProtocolException("SSH_CMSG_AUTH_RSA_RESPONSE challenge not found");
                        }
                        byte[] response = sshCmsgAuthRsaResponse.getResponse();
                        if (response.length != 16) {
                            _log.warn("SSH_CMSG_AUTH_RSA_RESPONSE: response != 16 ({} bytes)", Integer.valueOf(response.length));
                            writePacket(sshSmsgFailure);
                            break;
                        } else {
                            Md5 md5 = new Md5();
                            md5.update(bArr);
                            md5.update(this._sessionId);
                            byte[] digest = md5.digest();
                            int i3 = 0;
                            while (i3 < digest.length && digest[i3] == response[i3]) {
                                i3++;
                            }
                            if (i3 == 16) {
                                _log.debug("SSH_CMSG_AUTH_RSA_RESPONSE: O.K.");
                                writePacket(sshSmsgSuccess);
                                z = 3;
                                break;
                            } else {
                                _log.debug("SSH_CMSG_AUTH_RSA_RESPONSE: failed");
                                writePacket(sshSmsgFailure);
                                break;
                            }
                        }
                    case 9:
                        _log.debug("SSH_CMSG_AUTH_PASSWORD: arrived");
                        if (z != 2) {
                            throw new SshProtocolException("SSH_CMSG_AUTH_PASSWORD in not ST_AUTH state");
                        }
                        if (this._serverAuth.authPassword(this._remoteAddress, getName(), new SshCmsgAuthPassword(readPacket).getPassword())) {
                            writePacket(sshSmsgSuccess);
                            z = 3;
                            break;
                        } else {
                            writePacket(sshSmsgFailure);
                            break;
                        }
                    case 10:
                        if (z != 3) {
                            throw new SshProtocolException("SSH_CMSG_REQUEST_PTY in not ST_PREPARE state");
                        }
                        SshCmsgRequestPty sshCmsgRequestPty = new SshCmsgRequestPty(readPacket);
                        this._terminal = sshCmsgRequestPty.getTerminal();
                        this._height = sshCmsgRequestPty.getHeight();
                        this._width = sshCmsgRequestPty.getWidth();
                        writePacket(sshSmsgSuccess);
                        _log.debug("SSH_CMSG_REQUEST_PTY: o.k.");
                        break;
                    case 11:
                        SshCmsgWindowSize sshCmsgWindowSize = new SshCmsgWindowSize(readPacket);
                        this._height = sshCmsgWindowSize.getHeight();
                        this._width = sshCmsgWindowSize.getWidth();
                        writePacket(sshSmsgSuccess);
                        _log.debug("SSH_CMSG_WINDOW_SIZE: o.k.");
                        break;
                    case SshPacket.SSH_CMSG_EXEC_SHELL /* 12 */:
                        if (z != 3) {
                            throw new SshProtocolException("SSH_CMSG_EXEC_SHELL in not ST_PREPARE state");
                        }
                        _log.debug("SSH_CMSG_EXEC_SHELL: o.k.");
                        return;
                    case 13:
                        if (z != 3) {
                            throw new SshProtocolException("SSH_CMSG_EXEC_CMD in not ST_PREPARE state");
                        }
                        _log.debug("SSH_CMSG_EXEC_CMD: {}", new SshCmsgExecCmd(readPacket));
                        return;
                    case 16:
                        throw new SshProtocolException("SSH_CMSG_STDIN_DATA while preparing (FATAL)");
                    case SshPacket.SSH_CMSG_KEX_DH_GEX_REQUEST_OLD /* 30 */:
                        writePacket(sshSmsgFailure);
                        break;
                    case SshPacket.SSH_CMSG_EXIT_CONFORMATION /* 33 */:
                        _log.debug("SSH_CMSG_EXIT_CONFORMATION: o.k.");
                        break;
                    case SshPacket.SSH_CMSG_X11_REQUEST_FORWARDING /* 34 */:
                        if (z != 3) {
                            throw new SshProtocolException("SSH_CMSG_X11_REQUEST_FORWARDING in not ST_PREPARE state");
                        }
                        writePacket(sshSmsgSuccess);
                        _log.debug("SSH_CMSG_REQUEST_FORWARDING: o.k.");
                        break;
                    case SshPacket.SSH_CMSG_AUTH_RHOSTS_RSA /* 35 */:
                        _log.debug("SSH_CMSG_AUTH_RHOSTS_RSA");
                        SshCmsgAuthRhostsRsa sshCmsgAuthRhostsRsa = new SshCmsgAuthRhostsRsa(readPacket);
                        SshRsaKey authRhostsRsa = this._serverAuth.authRhostsRsa(this._remoteAddress, getName(), sshCmsgAuthRhostsRsa.getUserName(), sshCmsgAuthRhostsRsa.getKey());
                        if (authRhostsRsa == null) {
                            _log.warn("SSH_CMSG_AUTH_RSA: Key not found");
                            writePacket(sshSmsgFailure);
                            break;
                        } else {
                            _log.debug("SSH_CMSG_AUTH_RSA: Key found {}", authRhostsRsa);
                            bArr = new byte[32];
                            new Random(System.currentTimeMillis()).nextBytes(bArr);
                            writePacket(new SshSmsgAuthRsaChallenge(authRhostsRsa.encrypt(bArr, 0, bArr.length), 0, authRhostsRsa.getKeySize()));
                            break;
                        }
                    case SshPacket.SSH_MSG_DEBUG /* 36 */:
                        _log.debug("SSH_MSG_DEBUG: {}", new SshMsgDebug(readPacket).getMessage());
                        break;
                }
            } else {
                return;
            }
        }
    }
}
