package com.atlassian.stash.internal.ssh.server;

import com.atlassian.event.api.EventPublisher;
import com.atlassian.stash.event.AuthenticationFailureEvent;
import com.atlassian.stash.internal.ssh.auth.PluginSshAuthenticationHandler;
import com.atlassian.stash.scm.AuthenticationState;
import com.atlassian.stash.server.ApplicationPropertiesService;
import com.atlassian.stash.ssh.utils.KeyUtils;
import com.atlassian.stash.user.AuthenticationException;
import com.atlassian.stash.user.StashUser;
import com.google.common.base.Throwables;
import java.net.SocketAddress;
import java.security.PublicKey;
import java.util.concurrent.Callable;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Future;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import javax.annotation.Nonnull;
import org.apache.mina.util.NamePreservingRunnable;
import org.apache.sshd.server.PublickeyAuthenticator;
import org.apache.sshd.server.session.ServerSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/classes/stash-bundled-plugins.zip:stash-ssh-3.10.2.jar:com/atlassian/stash/internal/ssh/server/DefaultPublicKeyAuthenticator.class */
public class DefaultPublicKeyAuthenticator implements PublickeyAuthenticator {
    public static final String AUTHENTICATION_METHOD = "ssh";
    private static final Logger log = LoggerFactory.getLogger((Class<?>) DefaultPublicKeyAuthenticator.class);
    private final EventPublisher eventPublisher;
    private final PluginSshAuthenticationHandler authenticationHandler;
    private final ExecutorService executorService;
    private final ApplicationPropertiesService propertiesService;

    public DefaultPublicKeyAuthenticator(EventPublisher eventPublisher, PluginSshAuthenticationHandler pluginSshAuthenticationHandler, ExecutorService executorService, ApplicationPropertiesService applicationPropertiesService) {
        this.eventPublisher = eventPublisher;
        this.authenticationHandler = pluginSshAuthenticationHandler;
        this.executorService = executorService;
        this.propertiesService = applicationPropertiesService;
    }

    @Override // org.apache.sshd.server.PublickeyAuthenticator
    public boolean authenticate(String str, PublicKey publicKey, ServerSession serverSession) {
        SocketAddress remoteAddress = serverSession.getIoSession().getRemoteAddress();
        final SshCredentials sshCredentials = new SshCredentials(str, publicKey);
        Future submit = this.executorService.submit(new Callable<StashUser>() { // from class: com.atlassian.stash.internal.ssh.server.DefaultPublicKeyAuthenticator.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public StashUser call() throws Exception {
                Thread currentThread = Thread.currentThread();
                String name = currentThread.getName();
                currentThread.setName("ssh-auth");
                try {
                    StashUser authenticate = DefaultPublicKeyAuthenticator.this.authenticationHandler.authenticate(new DefaultSshAuthenticationContext(sshCredentials));
                    currentThread.setName(name);
                    return authenticate;
                } catch (Throwable th) {
                    currentThread.setName(name);
                    throw th;
                }
            }
        });
        try {
            serverSession.setAttribute(SessionAttributes.ATTRIBUTE_AUTH_SUBJECT, new SshAuthenticationSubject(sshCredentials, (StashUser) submit.get(this.propertiesService.getPluginProperty("plugin.ssh.auth.timeout", 30), TimeUnit.SECONDS)));
            return true;
        } catch (InterruptedException e) {
            log.info("Interrupted while authenticating SSH user ({}:{}) at {}", str, KeyUtils.calculateFingerprint(publicKey), remoteAddress);
            submit.cancel(true);
            return false;
        } catch (ExecutionException e2) {
            Throwable cause = e2.getCause();
            if (!(cause instanceof AuthenticationException)) {
                log.error("Error authenticating SSH user ({}:{}) at {}", str, KeyUtils.calculateFingerprint(publicKey), remoteAddress, cause);
                throw Throwables.propagate(cause);
            }
            Logger logger = log;
            Object[] objArr = new Object[4];
            objArr[0] = str;
            objArr[1] = KeyUtils.calculateFingerprint(publicKey);
            objArr[2] = remoteAddress;
            objArr[3] = log.isTraceEnabled() ? cause : null;
            logger.debug("SSH user ({}:{}) at {} could not be authenticated", objArr);
            handleAuthFailure(sshCredentials, (AuthenticationException) cause);
            return false;
        } catch (TimeoutException e3) {
            log.warn("Timed out while authenticating SSH user ({}:{}) at {}", str, KeyUtils.calculateFingerprint(publicKey), remoteAddress, e3);
            submit.cancel(true);
            return false;
        }
    }

    private void handleAuthFailure(@Nonnull final SshCredentials sshCredentials, @Nonnull final AuthenticationException authenticationException) {
        this.eventPublisher.publish(new AuthenticationFailureEvent(this, sshCredentials.getUsername(), AUTHENTICATION_METHOD, authenticationException));
        if (this.authenticationHandler.hasFailureHandlers()) {
            this.executorService.execute(new NamePreservingRunnable(new Runnable() { // from class: com.atlassian.stash.internal.ssh.server.DefaultPublicKeyAuthenticator.2
                @Override // java.lang.Runnable
                public void run() {
                    DefaultPublicKeyAuthenticator.this.authenticationHandler.onAuthenticationFailure(new DefaultSshAuthenticationFailureContext(sshCredentials, AuthenticationState.NOT_AUTHENTICATED, authenticationException));
                }
            }, "ssh-scm-failure-handler"));
        }
    }
}
