package com.atlassian.bitbucket.internal.ssh.server;

import com.atlassian.bitbucket.auth.AuthenticationException;
import com.atlassian.bitbucket.event.auth.AuthenticationFailureEvent;
import com.atlassian.bitbucket.internal.ssh.auth.PluginSshAuthenticationHandler;
import com.atlassian.bitbucket.scm.AuthenticationState;
import com.atlassian.bitbucket.server.ApplicationPropertiesService;
import com.atlassian.bitbucket.ssh.util.KeyUtils;
import com.atlassian.bitbucket.user.ApplicationUser;
import com.atlassian.event.api.EventPublisher;
import com.google.common.base.Throwables;
import java.net.SocketAddress;
import java.security.PublicKey;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Future;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import javax.annotation.Nonnull;
import org.apache.mina.util.NamePreservingRunnable;
import org.apache.sshd.server.auth.pubkey.PublickeyAuthenticator;
import org.apache.sshd.server.session.ServerSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/bitbucket/internal/ssh/server/DefaultPublicKeyAuthenticator.class */
public class DefaultPublicKeyAuthenticator implements PublickeyAuthenticator {
    public static final String AUTHENTICATION_METHOD = "ssh";
    private static final Logger log = LoggerFactory.getLogger(DefaultPublicKeyAuthenticator.class);
    private final EventPublisher eventPublisher;
    private final PluginSshAuthenticationHandler authenticationHandler;
    private final ExecutorService executorService;
    private final ApplicationPropertiesService propertiesService;

    public DefaultPublicKeyAuthenticator(EventPublisher eventPublisher, PluginSshAuthenticationHandler pluginSshAuthenticationHandler, ExecutorService executorService, ApplicationPropertiesService applicationPropertiesService) {
        this.eventPublisher = eventPublisher;
        this.authenticationHandler = pluginSshAuthenticationHandler;
        this.executorService = executorService;
        this.propertiesService = applicationPropertiesService;
    }

    @Override // org.apache.sshd.server.auth.pubkey.PublickeyAuthenticator
    public boolean authenticate(String str, PublicKey publicKey, ServerSession serverSession) {
        SocketAddress remoteAddress = serverSession.getIoSession().getRemoteAddress();
        SshCredentials sshCredentials = new SshCredentials(str, publicKey);
        Future submit = this.executorService.submit(() -> {
            Thread currentThread = Thread.currentThread();
            String name = currentThread.getName();
            currentThread.setName("ssh-auth");
            try {
                ApplicationUser authenticate = this.authenticationHandler.authenticate(new DefaultSshAuthenticationContext(sshCredentials));
                if (authenticate == null) {
                    return null;
                }
                SshAuthentication sshAuthentication = new SshAuthentication(authenticate, sshCredentials, SshKeyDetails.getFromMDC());
                currentThread.setName(name);
                return sshAuthentication;
            } finally {
                currentThread.setName(name);
            }
        });
        try {
            serverSession.setAttribute(SessionAttributes.ATTRIBUTE_AUTH, (SshAuthentication) submit.get(this.propertiesService.getPluginProperty("plugin.ssh.auth.timeout", 30), TimeUnit.SECONDS));
            return true;
        } catch (InterruptedException e) {
            log.info("Interrupted while authenticating SSH user ({}:{}) at {}", new Object[]{str, KeyUtils.calculateFingerprint(publicKey), remoteAddress});
            submit.cancel(true);
            return false;
        } catch (ExecutionException e2) {
            Throwable cause = e2.getCause();
            if (!(cause instanceof AuthenticationException)) {
                log.error("Error authenticating SSH user ({}:{}) at {}", new Object[]{str, KeyUtils.calculateFingerprint(publicKey), remoteAddress, cause});
                throw Throwables.propagate(cause);
            }
            Logger logger = log;
            Object[] objArr = new Object[4];
            objArr[0] = str;
            objArr[1] = KeyUtils.calculateFingerprint(publicKey);
            objArr[2] = remoteAddress;
            objArr[3] = log.isTraceEnabled() ? cause : null;
            logger.debug("SSH user ({}:{}) at {} could not be authenticated", objArr);
            handleAuthFailure(sshCredentials, (AuthenticationException) cause);
            return false;
        } catch (TimeoutException e3) {
            log.warn("Timed out while authenticating SSH user ({}:{}) at {}", new Object[]{str, KeyUtils.calculateFingerprint(publicKey), remoteAddress, e3});
            submit.cancel(true);
            return false;
        }
    }

    private void handleAuthFailure(@Nonnull SshCredentials sshCredentials, @Nonnull AuthenticationException authenticationException) {
        this.eventPublisher.publish(new AuthenticationFailureEvent(this, sshCredentials.getUsername(), AUTHENTICATION_METHOD, authenticationException));
        if (this.authenticationHandler.hasFailureHandlers()) {
            this.executorService.execute(new NamePreservingRunnable(() -> {
                this.authenticationHandler.onAuthenticationFailure(new DefaultSshAuthenticationFailureContext(sshCredentials, AuthenticationState.NOT_AUTHENTICATED, authenticationException));
            }, "ssh-scm-failure-handler"));
        }
    }
}
