package com.atlassian.stash.internal.ssh.server;

import com.atlassian.event.api.EventPublisher;
import com.atlassian.event.inject.AtlassianEventModule;
import com.atlassian.johnson.event.Event;
import com.atlassian.stash.Product;
import com.atlassian.stash.event.AuthenticationSuccessEvent;
import com.atlassian.stash.i18n.I18nService;
import com.atlassian.stash.internal.ssh.auth.PluginSshAuthenticationHandler;
import com.atlassian.stash.request.RequestCallback;
import com.atlassian.stash.request.RequestContext;
import com.atlassian.stash.request.RequestInfoProvider;
import com.atlassian.stash.request.RequestManager;
import com.atlassian.stash.scm.ScmRequestCheckService;
import com.atlassian.stash.scm.ssh.SshScmRequest;
import com.atlassian.stash.user.SecurityService;
import com.atlassian.stash.user.StashUser;
import com.google.common.base.Preconditions;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.ExecutorService;
import java.util.zip.CRC32;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.io.Charsets;
import org.apache.commons.io.input.CloseShieldInputStream;
import org.apache.commons.io.output.CloseShieldOutputStream;
import org.apache.mina.util.NamePreservingRunnable;
import org.apache.sshd.server.Command;
import org.apache.sshd.server.Environment;
import org.apache.sshd.server.ExitCallback;
import org.apache.sshd.server.SessionAware;
import org.apache.sshd.server.session.ServerSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/classes/stash-bundled-plugins.zip:stash-ssh-3.10.2.jar:com/atlassian/stash/internal/ssh/server/SshScmRequestCommandAdapter.class */
public class SshScmRequestCommandAdapter implements Command, SessionAware, RequestInfoProvider {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) SshScmRequestCommandAdapter.class);
    private final String commandString;
    private final EventPublisher eventPublisher;
    private final ExecutorService executorService;
    private final I18nService i18nService;
    private final RequestManager requestManager;
    private final ScmRequestCheckService scmRequestCheckService;
    private final SecurityService securityService;
    private final SshScmRequestProvider sshScmRequestProvider;
    private final PluginSshAuthenticationHandler authenticationHandler;
    private ExitCallback exitCallback;
    private InputStream inputStream;
    private OutputStream outputStream;
    private volatile boolean canceled;
    private OutputStream errorStream;
    private String remoteAddress;
    private volatile SshScmRequest request;
    private String sessionId;
    private ServerSession session;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/classes/stash-bundled-plugins.zip:stash-ssh-3.10.2.jar:com/atlassian/stash/internal/ssh/server/SshScmRequestCommandAdapter$ScmRequestRunnable.class */
    public class ScmRequestRunnable implements Runnable {
        private final SshAuthenticationSubject authenticationSubject;

        public ScmRequestRunnable(SshAuthenticationSubject sshAuthenticationSubject) {
            this.authenticationSubject = (SshAuthenticationSubject) Preconditions.checkNotNull(sshAuthenticationSubject, "authenticationSubject");
        }

        @Override // java.lang.Runnable
        public void run() {
            try {
                SshScmRequestCommandAdapter.this.requestManager.doAsRequest(new RequestCallback<Void, IOException>() { // from class: com.atlassian.stash.internal.ssh.server.SshScmRequestCommandAdapter.ScmRequestRunnable.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // com.atlassian.stash.request.RequestCallback
                    @Nullable
                    public Void withRequest(@Nonnull RequestContext requestContext) throws IOException {
                        ScmRequestRunnable.this.performAsRequest(requestContext);
                        return null;
                    }
                }, SshScmRequestCommandAdapter.this);
            } catch (IOException e) {
                if (SshScmRequestCommandAdapter.this.canceled) {
                    SshScmRequestCommandAdapter.log.debug("Exception encountered handling canceled SSH command '" + SshScmRequestCommandAdapter.this.commandString + "'", (Throwable) e);
                } else {
                    SshScmRequestCommandAdapter.log.warn("Exception encountered handling SSH command '{}'", SshScmRequestCommandAdapter.this.commandString, e);
                }
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void performAsRequest(@Nonnull RequestContext requestContext) throws IOException {
            requestContext.addLabel("ssh:user:id:" + this.authenticationSubject.getUser().getId());
            SshScmRequestCommandAdapter.this.securityService.impersonating(this.authenticationSubject.getUser(), "Authenticated using SSH key").applyToRequest();
            handleAuthSuccess();
            DefaultingExitCodeCallback defaultingExitCodeCallback = new DefaultingExitCodeCallback();
            SshScmRequestCommandAdapter.this.request = SshScmRequestCommandAdapter.this.sshScmRequestProvider.getSshScmRequest(SshScmRequestCommandAdapter.this.commandString, new CloseShieldInputStream(SshScmRequestCommandAdapter.this.inputStream), new CloseShieldOutputStream(SshScmRequestCommandAdapter.this.outputStream), new CloseShieldOutputStream(SshScmRequestCommandAdapter.this.errorStream), defaultingExitCodeCallback);
            if (SshScmRequestCommandAdapter.this.request == null) {
                try {
                    SshScmRequestCommandAdapter.this.handleNoRequest();
                    return;
                } catch (IOException e) {
                    SshScmRequestCommandAdapter.log.warn("Exception encountered while handling unrecognised SSH command '{}'", SshScmRequestCommandAdapter.this.commandString, e);
                    return;
                }
            }
            try {
                if (SshScmRequestCommandAdapter.this.scmRequestCheckService.checkActionAllowed(SshScmRequestCommandAdapter.this.request)) {
                    SshScmRequestCommandAdapter.log.trace("{}: Request has passed checking and will be processed", SshScmRequestCommandAdapter.this.commandString);
                    SshScmRequestCommandAdapter.this.request.handleRequest();
                } else {
                    SshScmRequestCommandAdapter.log.debug("{}: Request has failed a check and will not be processed", SshScmRequestCommandAdapter.this.commandString);
                }
            } finally {
                SshScmRequestCommandAdapter.this.exitCallback.onExit(defaultingExitCodeCallback.getExitCode());
            }
        }

        private void handleAuthSuccess() {
            StashUser user = this.authenticationSubject.getUser();
            SshScmRequestCommandAdapter.this.eventPublisher.publish(new AuthenticationSuccessEvent(this, user.getName(), DefaultPublicKeyAuthenticator.AUTHENTICATION_METHOD, "sshKey {\"user.id\":" + user.getId() + "\"name\":\"" + user.getDisplayName() + "\"}"));
            SshScmRequestCommandAdapter.this.authenticationHandler.onAuthenticationSuccess(new DefaultSshAuthenticationSuccessContext(this.authenticationSubject, SshScmRequestCommandAdapter.this.commandString));
        }
    }

    public SshScmRequestCommandAdapter(PluginSshAuthenticationHandler pluginSshAuthenticationHandler, String str, EventPublisher eventPublisher, ExecutorService executorService, I18nService i18nService, RequestManager requestManager, ScmRequestCheckService scmRequestCheckService, SecurityService securityService, SshScmRequestProvider sshScmRequestProvider) {
        this.authenticationHandler = (PluginSshAuthenticationHandler) Preconditions.checkNotNull(pluginSshAuthenticationHandler, "authenticationHandler");
        this.commandString = (String) Preconditions.checkNotNull(str, "commandString");
        this.eventPublisher = (EventPublisher) Preconditions.checkNotNull(eventPublisher, AtlassianEventModule.EVENT_PUBLISHER);
        this.executorService = (ExecutorService) Preconditions.checkNotNull(executorService, "executorService");
        this.i18nService = (I18nService) Preconditions.checkNotNull(i18nService, "i18nService");
        this.requestManager = (RequestManager) Preconditions.checkNotNull(requestManager, "requestManager");
        this.scmRequestCheckService = (ScmRequestCheckService) Preconditions.checkNotNull(scmRequestCheckService, "scmRequestCheckService");
        this.securityService = (SecurityService) Preconditions.checkNotNull(securityService, "securityService");
        this.sshScmRequestProvider = (SshScmRequestProvider) Preconditions.checkNotNull(sshScmRequestProvider, "sshScmRequestProvider");
    }

    @Override // org.apache.sshd.server.Command
    public void destroy() {
        SshScmRequest sshScmRequest = this.request;
        if (sshScmRequest != null) {
            this.canceled = true;
            sshScmRequest.cancel();
        }
    }

    @Override // com.atlassian.stash.request.RequestMetadata
    @Nonnull
    public String getAction() {
        return "SSH - " + this.commandString;
    }

    @Override // com.atlassian.stash.request.RequestMetadata
    @Nullable
    public String getDetails() {
        return null;
    }

    @Override // com.atlassian.stash.request.RequestMetadata
    @Nonnull
    public String getProtocol() {
        return DefaultPublicKeyAuthenticator.AUTHENTICATION_METHOD;
    }

    @Override // com.atlassian.stash.request.RequestInfoProvider
    @Nonnull
    public Object getRawRequest() {
        return this;
    }

    @Override // com.atlassian.stash.request.RequestInfoProvider
    @Nonnull
    public Object getRawResponse() {
        return this;
    }

    @Override // com.atlassian.stash.request.RequestMetadata
    public String getRemoteAddress() {
        InetSocketAddress inetSocketAddress;
        InetAddress address;
        if (this.remoteAddress == null && this.session.getIoSession() != null && (inetSocketAddress = (InetSocketAddress) this.session.getIoSession().getRemoteAddress()) != null && (address = inetSocketAddress.getAddress()) != null) {
            this.remoteAddress = address.getHostAddress();
        }
        return this.remoteAddress;
    }

    @Override // com.atlassian.stash.request.RequestMetadata
    public String getSessionId() {
        if (this.sessionId == null) {
            CRC32 crc32 = new CRC32();
            crc32.update(DigestUtils.sha1(this.session.getSessionId()));
            this.sessionId = Long.toString(crc32.getValue(), 36);
        }
        return this.sessionId;
    }

    @Override // com.atlassian.stash.request.RequestMetadata
    public boolean hasSessionId() {
        return true;
    }

    @Override // com.atlassian.stash.request.RequestMetadata
    public boolean isSecure() {
        return true;
    }

    @Override // org.apache.sshd.server.Command
    public void start(Environment environment) throws IOException {
        List<Event> list = (List) this.session.getAttribute(SessionAttributes.ATTRIBUTE_JOHNSON_EVENTS);
        if (list != null) {
            handleJohnsoned(list);
            return;
        }
        SshAuthenticationSubject sshAuthenticationSubject = (SshAuthenticationSubject) this.session.getAttribute(SessionAttributes.ATTRIBUTE_AUTH_SUBJECT);
        if (sshAuthenticationSubject == null) {
            handleNoAuthSubject();
        } else {
            this.executorService.execute(new NamePreservingRunnable(new ScmRequestRunnable(sshAuthenticationSubject), "ssh-scm-request-handler"));
        }
    }

    @Override // org.apache.sshd.server.Command
    public void setErrorStream(OutputStream outputStream) {
        this.errorStream = outputStream;
    }

    @Override // org.apache.sshd.server.Command
    public void setExitCallback(ExitCallback exitCallback) {
        this.exitCallback = exitCallback;
    }

    @Override // org.apache.sshd.server.Command
    public void setInputStream(InputStream inputStream) {
        this.inputStream = inputStream;
    }

    @Override // org.apache.sshd.server.Command
    public void setOutputStream(OutputStream outputStream) {
        this.outputStream = outputStream;
    }

    @Override // org.apache.sshd.server.SessionAware
    public void setSession(ServerSession serverSession) {
        this.session = serverSession;
    }

    private void handleJohnsoned(List<Event> list) throws IOException {
        this.errorStream.write((Product.NAME + " is currently unavailable:\n").getBytes(Charsets.UTF_8));
        Iterator<Event> it = list.iterator();
        while (it.hasNext()) {
            this.errorStream.write(("- " + it.next().getDesc() + '\n').getBytes(Charsets.UTF_8));
        }
        this.errorStream.flush();
        this.exitCallback.onExit(1);
    }

    private void handleNoAuthSubject() {
        log.error("No user or SSH key access entries set in SSH ServerSession! Terminating SSH command.");
        this.exitCallback.onExit(1);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void handleNoRequest() throws IOException {
        log.warn("{}: Request is not supported; no handler is available", this.commandString);
        this.errorStream.write(this.i18nService.getMessage("stash.plugin.ssh.no.request.handler", Product.NAME, this.commandString).getBytes());
        this.errorStream.write(10);
        this.errorStream.flush();
        this.exitCallback.onExit(1);
    }
}
