package com.atlassian.bamboo.plugins.ssh;

import com.atlassian.bamboo.security.TrustedKey;
import com.atlassian.bamboo.security.TrustedKeyDTO;
import com.atlassian.bamboo.security.TrustedKeyHelper;
import com.atlassian.bamboo.spring.ComponentAccessor;
import com.google.common.annotations.VisibleForTesting;
import java.io.IOException;
import java.net.SocketAddress;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.util.Collections;
import java.util.Objects;
import org.apache.log4j.Logger;
import org.apache.sshd.client.keyverifier.ServerKeyVerifier;
import org.apache.sshd.client.session.ClientSession;
import org.apache.sshd.common.config.keys.KeyUtils;
import org.apache.sshd.common.config.keys.PublicKeyEntry;
import org.apache.sshd.common.config.keys.PublicKeyEntryResolver;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:com/atlassian/bamboo/plugins/ssh/BambooTrustedKeyServerKeyVerifier.class */
public class BambooTrustedKeyServerKeyVerifier implements ServerKeyVerifier {
    public static BambooTrustedKeyServerKeyVerifier INSTANCE = new BambooTrustedKeyServerKeyVerifier();
    private static final Logger log = Logger.getLogger(BambooTrustedKeyServerKeyVerifier.class);
    private boolean testMode;

    @VisibleForTesting
    public void setTestMode() {
        this.testMode = true;
    }

    private BambooTrustedKeyServerKeyVerifier() {
    }

    @VisibleForTesting
    @Nullable
    PublicKey parsePublicKey(ClientSession clientSession, @NotNull TrustedKey trustedKey) {
        try {
            return PublicKeyEntry.parsePublicKeyEntry(trustedKey.getKey()).resolvePublicKey(clientSession, Collections.emptyMap(), (PublicKeyEntryResolver) null);
        } catch (IOException | IllegalArgumentException | GeneralSecurityException e) {
            log.warn("Could not parse trusted key: " + String.valueOf(trustedKey), e);
            return null;
        }
    }

    @NotNull
    private TrustedKey trustedKeyFromPublicKey(@NotNull SocketAddress socketAddress, @NotNull PublicKey publicKey) {
        return new TrustedKeyDTO(socketAddress.toString(), PublicKeyEntry.toString(publicKey));
    }

    public boolean verifyServerKey(ClientSession clientSession, SocketAddress socketAddress, PublicKey publicKey) {
        if (this.testMode) {
            return true;
        }
        TrustedKeyHelper trustedKeyHelper = (TrustedKeyHelper) ComponentAccessor.TRUSTED_KEY_HELPER.get();
        if (!trustedKeyHelper.isCustomAcceptedSshHostKeysEnabled()) {
            log.debug(String.format("Server at %s presented unverified %s key: %s", socketAddress, publicKey.getAlgorithm(), KeyUtils.getFingerPrint(publicKey)));
            return true;
        }
        boolean anyMatch = trustedKeyHelper.getTrustedKeys().stream().filter((v0) -> {
            return v0.isApproved();
        }).map(trustedKey -> {
            return parsePublicKey(clientSession, trustedKey);
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).anyMatch(publicKey2 -> {
            return publicKey2.equals(publicKey);
        });
        if (anyMatch) {
            clientSession.getMetadataMap().remove(SshProxyCommand.BAMBOO_UNTRUSTED_KEY);
        } else {
            log.info(String.format("Server at [%s] presented an untrusted [%s] key: [%s]", socketAddress, publicKey.getAlgorithm(), KeyUtils.getFingerPrint(publicKey)));
            clientSession.getMetadataMap().put(SshProxyCommand.BAMBOO_UNTRUSTED_KEY, trustedKeyFromPublicKey(socketAddress, publicKey));
        }
        return anyMatch;
    }
}
