package com.atlassian.bitbucket.internal.ssh.server;

import com.atlassian.bitbucket.AuthorisationException;
import com.atlassian.bitbucket.Product;
import com.atlassian.bitbucket.auth.InactiveUserAuthenticationException;
import com.atlassian.bitbucket.event.auth.AuthenticationFailureEvent;
import com.atlassian.bitbucket.event.auth.AuthenticationSuccessEvent;
import com.atlassian.bitbucket.experimental.request.ExperimentalRequestContext;
import com.atlassian.bitbucket.i18n.I18nService;
import com.atlassian.bitbucket.internal.ssh.auth.PluginSshAuthenticationHandler;
import com.atlassian.bitbucket.internal.ssh.command.SshCommandProvider;
import com.atlassian.bitbucket.repository.NoSuchRepositoryException;
import com.atlassian.bitbucket.request.RequestCallback;
import com.atlassian.bitbucket.request.RequestContext;
import com.atlassian.bitbucket.request.RequestInfoProvider;
import com.atlassian.bitbucket.request.RequestManager;
import com.atlassian.bitbucket.scm.AuthenticationState;
import com.atlassian.bitbucket.ssh.command.SshCommand;
import com.atlassian.bitbucket.user.ApplicationUser;
import com.atlassian.bitbucket.user.SecurityService;
import com.atlassian.bitbucket.user.UserService;
import com.atlassian.bitbucket.util.Operation;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.johnson.event.Event;
import com.google.common.base.Preconditions;
import com.google.common.io.CountingInputStream;
import com.google.common.io.CountingOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.SocketTimeoutException;
import java.nio.charset.StandardCharsets;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.ExecutorService;
import java.util.zip.CRC32;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.io.input.CloseShieldInputStream;
import org.apache.commons.io.output.CloseShieldOutputStream;
import org.apache.commons.lang3.StringUtils;
import org.apache.mina.util.NamePreservingRunnable;
import org.apache.sshd.common.channel.WindowClosedException;
import org.apache.sshd.server.Command;
import org.apache.sshd.server.Environment;
import org.apache.sshd.server.ExitCallback;
import org.apache.sshd.server.SessionAware;
import org.apache.sshd.server.session.ServerSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/bitbucket/internal/ssh/server/SshCommandAdapter.class */
public class SshCommandAdapter implements Command, SessionAware, RequestInfoProvider {
    private static final Logger log = LoggerFactory.getLogger(SshCommandAdapter.class);
    private final String commandString;
    private final EventPublisher eventPublisher;
    private final ExecutorService executorService;
    private final I18nService i18nService;
    private final RequestManager requestManager;
    private final SecurityService securityService;
    private final SshCommandProvider sshCommandProvider;
    private final UserService userService;
    private final PluginSshAuthenticationHandler authenticationHandler;
    private ExitCallback exitCallback;
    private CountingInputStream inputStream;
    private CountingOutputStream outputStream;
    private volatile boolean canceled;
    private OutputStream errorStream;
    private String remoteAddress;
    private volatile SshCommand command;
    private String sessionId;
    private ServerSession session;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/atlassian/bitbucket/internal/ssh/server/SshCommandAdapter$SshCommandRunnable.class */
    public class SshCommandRunnable implements Runnable {
        private final SshAuthentication authentication;
        private final OperationRequestAdapter thisAsAnImpersonatingRequest = new OperationRequestAdapter();

        /* loaded from: input_file:com/atlassian/bitbucket/internal/ssh/server/SshCommandAdapter$SshCommandRunnable$OperationRequestAdapter.class */
        private class OperationRequestAdapter implements Operation<Void, IOException>, RequestCallback<Void, IOException> {
            private OperationRequestAdapter() {
            }

            /* renamed from: perform, reason: merged with bridge method [inline-methods] */
            public Void m51perform() throws IOException {
                return (Void) SshCommandAdapter.this.requestManager.doAsRequest(this, SshCommandAdapter.this);
            }

            @Nullable
            /* renamed from: withRequest, reason: merged with bridge method [inline-methods] */
            public Void m52withRequest(@Nonnull RequestContext requestContext) throws IOException {
                SshCommandRunnable.this.performAsRequest((ExperimentalRequestContext) requestContext);
                return null;
            }
        }

        SshCommandRunnable(SshAuthentication sshAuthentication) {
            this.authentication = (SshAuthentication) Preconditions.checkNotNull(sshAuthentication, "authentication");
        }

        @Override // java.lang.Runnable
        public void run() {
            try {
                SshCommandAdapter.this.securityService.impersonating(this.authentication.getUser(), "Authenticated using SSH key").call(this.thisAsAnImpersonatingRequest);
            } catch (IOException e) {
                if (SshCommandAdapter.this.canceled) {
                    SshCommandAdapter.log.debug("Exception encountered handling canceled SSH command '" + SshCommandAdapter.this.commandString + "'", e);
                } else {
                    SshCommandAdapter.log.warn("Exception encountered handling SSH command '{}'", SshCommandAdapter.this.commandString, e);
                }
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void performAsRequest(@Nonnull ExperimentalRequestContext experimentalRequestContext) throws IOException {
            ApplicationUser user = this.authentication.getUser();
            SshKeyDetails keyDetails = this.authentication.getKeyDetails();
            experimentalRequestContext.setAuthenticatedUser(user);
            experimentalRequestContext.addLabel("ssh:user:id:" + user.getId());
            if (!StringUtils.isEmpty(keyDetails.getId())) {
                experimentalRequestContext.addLabel("ssh:id:" + keyDetails.getId());
            }
            if (!StringUtils.isEmpty(keyDetails.getLabel())) {
                experimentalRequestContext.addLabel("ssh:label:" + keyDetails.getLabel());
            }
            if (!verifyAuthentication(user)) {
                SshCommandAdapter.log.info("{} was successfully authenticated via public key, but is no longer active in the underlyinguser directory. The request has been blocked", this.authentication.getCredentials().getUsername());
                SshCommandAdapter.this.exitCallback.onExit(1);
                return;
            }
            handleAuthSuccess();
            try {
                try {
                    try {
                        try {
                            try {
                                SshCommandAdapter.this.command = SshCommandAdapter.this.sshCommandProvider.getSshCommand(SshCommandAdapter.this.commandString, new CloseShieldInputStream(SshCommandAdapter.this.inputStream), new CloseShieldOutputStream(SshCommandAdapter.this.outputStream), new CloseShieldOutputStream(SshCommandAdapter.this.errorStream)).orElse(null);
                                if (SshCommandAdapter.this.command != null) {
                                    int run = SshCommandAdapter.this.command.run();
                                    SshCommandAdapter.this.exitCallback.onExit(run);
                                    experimentalRequestContext.setResponseCode(run);
                                    experimentalRequestContext.setBytesRead(SshCommandAdapter.this.inputStream.getCount());
                                    experimentalRequestContext.setBytesWritten(SshCommandAdapter.this.outputStream.getCount());
                                    return;
                                }
                                try {
                                    SshCommandAdapter.this.handleNoCommand();
                                } catch (IOException e) {
                                    SshCommandAdapter.log.warn("Exception encountered while handling unrecognised SSH command '{}'", SshCommandAdapter.this.commandString, e);
                                }
                                SshCommandAdapter.this.exitCallback.onExit(1);
                                experimentalRequestContext.setResponseCode(1);
                                experimentalRequestContext.setBytesRead(SshCommandAdapter.this.inputStream.getCount());
                                experimentalRequestContext.setBytesWritten(SshCommandAdapter.this.outputStream.getCount());
                            } catch (NoSuchRepositoryException | AuthorisationException e2) {
                                SshCommandAdapter.this.writeErrorAndExit(SshCommandAdapter.this.i18nService.getMessage("bitbucket.scm.no.such.repository", new Object[0]) + "\n" + SshCommandAdapter.this.i18nService.getMessage("bitbucket.scm.no.such.repository.detail", new Object[0]));
                                SshCommandAdapter.this.exitCallback.onExit(1);
                                experimentalRequestContext.setResponseCode(1);
                                experimentalRequestContext.setBytesRead(SshCommandAdapter.this.inputStream.getCount());
                                experimentalRequestContext.setBytesWritten(SshCommandAdapter.this.outputStream.getCount());
                            }
                        } catch (Exception e3) {
                            Logger logger = SshCommandAdapter.log;
                            Object[] objArr = new Object[3];
                            objArr[0] = SshCommandAdapter.this.commandString;
                            objArr[1] = e3.getMessage();
                            objArr[2] = SshCommandAdapter.log.isDebugEnabled() ? e3 : null;
                            logger.warn("Error encountered while handling SSH command '{}': {}", objArr);
                            SshCommandAdapter.this.writeErrorAndExit(SshCommandAdapter.this.i18nService.getMessage("bitbucket.ssh.command.failed", new Object[0]));
                            SshCommandAdapter.this.exitCallback.onExit(1);
                            experimentalRequestContext.setResponseCode(1);
                            experimentalRequestContext.setBytesRead(SshCommandAdapter.this.inputStream.getCount());
                            experimentalRequestContext.setBytesWritten(SshCommandAdapter.this.outputStream.getCount());
                        }
                    } catch (WindowClosedException e4) {
                        SshCommandAdapter.log.debug("Client closed connection for SSH command '{}'", SshCommandAdapter.this.commandString);
                        SshCommandAdapter.this.exitCallback.onExit(1);
                        experimentalRequestContext.setResponseCode(1);
                        experimentalRequestContext.setBytesRead(SshCommandAdapter.this.inputStream.getCount());
                        experimentalRequestContext.setBytesWritten(SshCommandAdapter.this.outputStream.getCount());
                    }
                } catch (SocketTimeoutException e5) {
                    SshCommandAdapter.log.info("SSH command '{}' timed out communicating with the remote client", SshCommandAdapter.this.commandString);
                    SshCommandAdapter.this.exitCallback.onExit(1);
                    experimentalRequestContext.setResponseCode(1);
                    experimentalRequestContext.setBytesRead(SshCommandAdapter.this.inputStream.getCount());
                    experimentalRequestContext.setBytesWritten(SshCommandAdapter.this.outputStream.getCount());
                }
            } catch (Throwable th) {
                SshCommandAdapter.this.exitCallback.onExit(1);
                experimentalRequestContext.setResponseCode(1);
                experimentalRequestContext.setBytesRead(SshCommandAdapter.this.inputStream.getCount());
                experimentalRequestContext.setBytesWritten(SshCommandAdapter.this.outputStream.getCount());
                throw th;
            }
        }

        private boolean verifyAuthentication(ApplicationUser applicationUser) {
            if (SshCommandAdapter.this.userService.isUserActive(applicationUser)) {
                return true;
            }
            InactiveUserAuthenticationException inactiveUserAuthenticationException = new InactiveUserAuthenticationException(SshCommandAdapter.this.i18nService.createKeyedMessage("bitbucket.auth.crowd.sso.inactive.account", new Object[0]));
            SshCommandAdapter.this.eventPublisher.publish(new AuthenticationFailureEvent(this, this.authentication.getCredentials().getUsername(), DefaultPublicKeyAuthenticator.AUTHENTICATION_METHOD, inactiveUserAuthenticationException));
            SshCommandAdapter.this.authenticationHandler.onAuthenticationFailure(new DefaultSshAuthenticationFailureContext(this.authentication.getCredentials(), AuthenticationState.NOT_AUTHENTICATED, inactiveUserAuthenticationException));
            return false;
        }

        private void handleAuthSuccess() {
            ApplicationUser user = this.authentication.getUser();
            SshKeyDetails keyDetails = this.authentication.getKeyDetails();
            SshCommandAdapter.this.eventPublisher.publish(new AuthenticationSuccessEvent(this, user.getName(), DefaultPublicKeyAuthenticator.AUTHENTICATION_METHOD, "sshKey {" + (!StringUtils.isEmpty(keyDetails.getId()) ? "\"id\":\"" + keyDetails.getId() + "\", " : "") + (!StringUtils.isEmpty(keyDetails.getLabel()) ? "\"label\":\"" + keyDetails.getLabel() + "\", " : "") + "\"user.id\":" + user.getId() + "\", \"name\":\"" + user.getDisplayName() + "\"}"));
            SshCommandAdapter.this.authenticationHandler.onAuthenticationSuccess(new DefaultSshAuthenticationSuccessContext(this.authentication, SshCommandAdapter.this.commandString));
        }
    }

    public SshCommandAdapter(PluginSshAuthenticationHandler pluginSshAuthenticationHandler, String str, EventPublisher eventPublisher, ExecutorService executorService, I18nService i18nService, RequestManager requestManager, SecurityService securityService, SshCommandProvider sshCommandProvider, UserService userService) {
        this.authenticationHandler = (PluginSshAuthenticationHandler) Preconditions.checkNotNull(pluginSshAuthenticationHandler, "authenticationHandler");
        this.commandString = (String) Preconditions.checkNotNull(str, "commandString");
        this.eventPublisher = (EventPublisher) Preconditions.checkNotNull(eventPublisher, "eventPublisher");
        this.executorService = (ExecutorService) Preconditions.checkNotNull(executorService, "executorService");
        this.i18nService = (I18nService) Preconditions.checkNotNull(i18nService, "i18nService");
        this.requestManager = (RequestManager) Preconditions.checkNotNull(requestManager, "requestManager");
        this.securityService = (SecurityService) Preconditions.checkNotNull(securityService, "securityService");
        this.sshCommandProvider = (SshCommandProvider) Preconditions.checkNotNull(sshCommandProvider, "sshCommandProvider");
        this.userService = (UserService) Preconditions.checkNotNull(userService, "userService");
    }

    @Override // org.apache.sshd.server.CommandLifecycle
    public void destroy() {
        SshCommand sshCommand = this.command;
        if (sshCommand != null) {
            this.canceled = true;
            sshCommand.cancel();
        }
    }

    @Nonnull
    public String getAction() {
        return "SSH - " + this.commandString;
    }

    @Nullable
    public String getDetails() {
        return null;
    }

    @Nonnull
    public String getProtocol() {
        return DefaultPublicKeyAuthenticator.AUTHENTICATION_METHOD;
    }

    @Nonnull
    public Object getRawRequest() {
        return this;
    }

    @Nonnull
    public Object getRawResponse() {
        return this;
    }

    public String getRemoteAddress() {
        InetSocketAddress inetSocketAddress;
        InetAddress address;
        if (this.remoteAddress == null && this.session.getIoSession() != null && (inetSocketAddress = (InetSocketAddress) this.session.getIoSession().getRemoteAddress()) != null && (address = inetSocketAddress.getAddress()) != null) {
            this.remoteAddress = address.getHostAddress();
        }
        return this.remoteAddress;
    }

    public String getSessionId() {
        if (this.sessionId == null) {
            CRC32 crc32 = new CRC32();
            crc32.update(DigestUtils.sha1(this.session.getSessionId()));
            this.sessionId = Long.toString(crc32.getValue(), 36);
        }
        return this.sessionId;
    }

    public boolean hasSessionId() {
        return true;
    }

    public boolean isSecure() {
        return true;
    }

    @Override // org.apache.sshd.server.CommandLifecycle
    public void start(Environment environment) throws IOException {
        List<Event> list = (List) this.session.getAttribute(SessionAttributes.ATTRIBUTE_JOHNSON_EVENTS);
        if (list != null) {
            handleJohnsoned(list);
            return;
        }
        SshAuthentication sshAuthentication = (SshAuthentication) this.session.getAttribute(SessionAttributes.ATTRIBUTE_AUTH);
        if (sshAuthentication == null) {
            handleNoAuthentication();
        } else {
            this.executorService.execute(new NamePreservingRunnable(new SshCommandRunnable(sshAuthentication), "ssh-scm-request-handler"));
        }
    }

    @Override // org.apache.sshd.server.Command
    public void setErrorStream(OutputStream outputStream) {
        this.errorStream = outputStream;
    }

    @Override // org.apache.sshd.server.Command
    public void setExitCallback(ExitCallback exitCallback) {
        this.exitCallback = exitCallback;
    }

    @Override // org.apache.sshd.server.Command
    public void setInputStream(InputStream inputStream) {
        this.inputStream = new CountingInputStream(inputStream);
    }

    @Override // org.apache.sshd.server.Command
    public void setOutputStream(OutputStream outputStream) {
        this.outputStream = new CountingOutputStream(outputStream);
    }

    @Override // org.apache.sshd.server.SessionAware
    public void setSession(ServerSession serverSession) {
        this.session = serverSession;
    }

    private void handleJohnsoned(List<Event> list) throws IOException {
        this.errorStream.write((Product.NAME + " is currently unavailable:\n").getBytes(StandardCharsets.UTF_8));
        Iterator<Event> it = list.iterator();
        while (it.hasNext()) {
            this.errorStream.write(("- " + it.next().getDesc() + '\n').getBytes(StandardCharsets.UTF_8));
        }
        this.errorStream.flush();
        this.exitCallback.onExit(1);
    }

    private void handleNoAuthentication() {
        log.error("No user or SSH key access entries set in SSH ServerSession! Terminating SSH command.");
        this.exitCallback.onExit(1);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void handleNoCommand() throws IOException {
        log.warn("{}: Command is not supported; no handler is available", this.commandString);
        writeErrorAndExit(this.i18nService.getMessage("bitbucket.plugin.ssh.no.request.handler", new Object[]{Product.NAME, this.commandString}));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void writeErrorAndExit(String str) throws IOException {
        try {
            this.errorStream.write(str.getBytes());
            this.errorStream.write(10);
            this.errorStream.flush();
        } catch (SocketTimeoutException e) {
            log.debug("Timed out writing error message to remote client while disconnecting for command '{}'", this.commandString);
        } catch (WindowClosedException e2) {
            log.debug("Failed to write error message to remote client for command '{}'. Client has disconnected", this.commandString);
        } catch (Exception e3) {
            log.info("Failed to write error message to remote client", e3);
        } finally {
            this.exitCallback.onExit(1);
        }
    }
}
