package net.lag.jaramiko;

import java.io.IOException;
import java.util.Arrays;
import java.util.List;
import net.lag.crai.Crai;
import net.lag.jaramiko.InteractiveQuery;

/* loaded from: input_file:net/lag/jaramiko/AuthHandler.class */
class AuthHandler implements MessageHandler {
    private static final int DISCONNECT_SERVICE_NOT_AVAILABLE = 7;
    private static final int DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE = 14;
    private BaseTransport mTransport;
    private Crai mCrai;
    private LogSink mLog;
    private BannerListener mBannerListener;
    private String mBanner;
    private ServerInterface mServer;
    private Event mAuthEvent;
    private boolean mAuthenticated = false;
    private int mFailCount = 0;
    private String mAuthMethod;
    private String mUsername;
    private String mPassword;
    private PKey mPrivateKey;
    private InteractiveHandler mInteractiveHandler;
    private String[] mSubmethods;

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthHandler(BaseTransport baseTransport, Crai crai, LogSink logSink) {
        this.mTransport = baseTransport;
        this.mCrai = crai;
        this.mLog = logSink;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void useServerMode(ServerInterface serverInterface, String str) {
        this.mServer = serverInterface;
        this.mBanner = str;
        this.mTransport.registerMessageHandler((byte) 5, this);
        this.mTransport.registerMessageHandler((byte) 50, this);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setBannerListener(BannerListener bannerListener) {
        this.mBannerListener = bannerListener;
    }

    public boolean isAuthenticated() {
        return this.mAuthenticated;
    }

    public String getUsername() {
        return this.mUsername;
    }

    public void authNone(String str, Event event) throws IOException {
        synchronized (this) {
            this.mAuthEvent = event;
            this.mAuthMethod = "none";
            this.mUsername = str;
            requestAuth();
        }
    }

    public void authPassword(String str, String str2, Event event) throws IOException {
        synchronized (this) {
            this.mAuthEvent = event;
            this.mAuthMethod = "password";
            this.mUsername = str;
            this.mPassword = str2;
            requestAuth();
        }
    }

    public void authPrivateKey(String str, PKey pKey, Event event) throws IOException {
        synchronized (this) {
            this.mAuthEvent = event;
            this.mAuthMethod = "publickey";
            this.mUsername = str;
            this.mPrivateKey = pKey;
            requestAuth();
        }
    }

    public void authInteractive(String str, InteractiveHandler interactiveHandler, Event event, String[] strArr) throws IOException {
        synchronized (this) {
            this.mAuthEvent = event;
            this.mAuthMethod = "keyboard-interactive";
            this.mUsername = str;
            this.mInteractiveHandler = interactiveHandler;
            this.mSubmethods = strArr;
            requestAuth();
        }
    }

    public void abort() {
        if (this.mAuthEvent != null) {
            this.mAuthEvent.set();
        }
    }

    @Override // net.lag.jaramiko.MessageHandler
    public boolean handleMessage(byte b, Message message) throws IOException {
        switch (b) {
            case 5:
                parseServiceRequest(message);
                return true;
            case 6:
                parseServiceAccept(message);
                return true;
            case 50:
                parseAuthRequest(message);
                return true;
            case 51:
                parseAuthFailure(message);
                return true;
            case 52:
                parseAuthSuccess(message);
                return true;
            case 53:
                parseBanner(message);
                return true;
            case 60:
                parseInfoRequest(message);
                return true;
            case 61:
                parseInfoResponse(message);
                return true;
            default:
                return true;
        }
    }

    private void requestAuth() throws IOException {
        Message message = new Message();
        message.putByte((byte) 5);
        message.putString("ssh-userauth");
        this.mTransport.registerMessageHandler((byte) 6, this);
        this.mTransport.registerMessageHandler((byte) 53, this);
        this.mTransport.sendMessage(message);
    }

    private byte[] getSessionBlob(PKey pKey, String str, String str2) {
        Message message = new Message();
        message.putByteString(this.mTransport.getSessionID());
        message.putByte((byte) 50);
        message.putString(str2);
        message.putString(str);
        message.putString("publickey");
        message.putBoolean(true);
        message.putString(pKey.getSSHName());
        message.putByteString(pKey.toByteArray());
        return message.toByteArray();
    }

    private void parseServiceAccept(Message message) throws IOException {
        String string = message.getString();
        if (!string.equals("ssh-userauth")) {
            this.mLog.debug(new StringBuffer().append("Service request '").append(string).append("' accepted (?)").toString());
            return;
        }
        this.mLog.debug("Userauth is OK");
        Message message2 = new Message();
        message2.putByte((byte) 50);
        message2.putString(this.mUsername);
        message2.putString("ssh-connection");
        message2.putString(this.mAuthMethod);
        if (this.mAuthMethod.equals("password")) {
            message2.putBoolean(false);
            message2.putString(this.mPassword);
        } else if (this.mAuthMethod.equals("publickey")) {
            message2.putBoolean(true);
            message2.putString(this.mPrivateKey.getSSHName());
            message2.putByteString(this.mPrivateKey.toByteArray());
            message2.putByteString(this.mPrivateKey.signSSHData(this.mCrai, getSessionBlob(this.mPrivateKey, "ssh-connection", this.mUsername)).toByteArray());
        } else if (this.mAuthMethod.equals("keyboard-interactive")) {
            message2.putString("");
            if (this.mSubmethods == null) {
                message2.putString("");
            } else {
                message2.putList(Arrays.asList(this.mSubmethods));
            }
            this.mTransport.registerMessageHandler((byte) 60, this);
        } else if (!this.mAuthMethod.equals("none")) {
            throw new SSHException(new StringBuffer().append("Unknown auth method '").append(this.mAuthMethod).append("'").toString());
        }
        this.mTransport.registerMessageHandler((byte) 52, this);
        this.mTransport.registerMessageHandler((byte) 51, this);
        this.mTransport.sendMessage(message2);
    }

    private void parseBanner(Message message) throws IOException {
        String string = message.getString();
        message.getString();
        this.mLog.notice(new StringBuffer().append("Auth banner: ").append(string).toString());
        if (this.mBannerListener != null) {
            this.mBannerListener.authenticationBannerEvent(string);
        }
    }

    private void parseAuthFailure(Message message) {
        List list = message.getList();
        String[] strArr = (String[]) list.toArray(new String[list.size()]);
        if (message.getBoolean()) {
            this.mLog.notice("Authentication continues...");
            this.mLog.debug(new StringBuffer().append("Methods: ").append(Util.join(strArr, ", ")).toString());
            this.mTransport.saveException(new PartialAuthentication(strArr));
        } else if (list.contains(this.mAuthMethod)) {
            this.mLog.notice("Authentication failed.");
        } else {
            this.mLog.notice("Authentication type not permitted.");
            this.mLog.debug(new StringBuffer().append("Allowed methods: ").append(Util.join(strArr, ", ")).toString());
            this.mTransport.saveException(new BadAuthenticationType(strArr));
        }
        this.mAuthenticated = false;
        this.mUsername = null;
        this.mAuthEvent.set();
    }

    private void parseAuthSuccess(Message message) {
        this.mLog.notice("Authentication successful!");
        this.mAuthenticated = true;
        this.mTransport.authTrigger();
        this.mAuthEvent.set();
    }

    private void parseInfoRequest(Message message) throws IOException {
        if (!this.mAuthMethod.equals("keyboard-interactive")) {
            throw new SSHException("Illegal info request from the server");
        }
        InteractiveQuery interactiveQuery = new InteractiveQuery();
        interactiveQuery.title = message.getString();
        interactiveQuery.instructions = message.getString();
        message.getString();
        int i = message.getInt();
        interactiveQuery.prompts = new InteractiveQuery.Prompt[i];
        for (int i2 = 0; i2 < i; i2++) {
            interactiveQuery.prompts[i2] = new InteractiveQuery.Prompt();
            interactiveQuery.prompts[i2].text = message.getString();
            interactiveQuery.prompts[i2].echoResponse = message.getBoolean();
        }
        String[] handleInteractiveRequest = this.mInteractiveHandler.handleInteractiveRequest(interactiveQuery);
        Message message2 = new Message();
        message2.putByte((byte) 61);
        message2.putInt(handleInteractiveRequest.length);
        for (String str : handleInteractiveRequest) {
            message2.putString(str);
        }
        this.mTransport.sendMessage(message2);
    }

    private void disconnectServiceNotAvailable() throws IOException {
        Message message = new Message();
        message.putByte((byte) 1);
        message.putInt(7);
        message.putString("Service not available");
        message.putString("en");
        this.mTransport.sendMessage(message);
        this.mTransport.close();
    }

    private void disconnectNoMoreAuth() throws IOException {
        Message message = new Message();
        message.putByte((byte) 1);
        message.putInt(14);
        message.putString("No more auth methods available");
        message.putString("en");
        this.mTransport.sendMessage(message);
        this.mTransport.close();
    }

    private void sendAuthResult(String str, String str2, int i) throws IOException {
        Message message = new Message();
        if (i == 0) {
            this.mLog.notice(new StringBuffer().append("Auth granted (").append(str2).append(")").toString());
            message.putByte((byte) 52);
            this.mAuthenticated = true;
        } else {
            this.mLog.notice(new StringBuffer().append("Auth rejected (").append(str2).append(")").toString());
            message.putByte((byte) 51);
            message.putString(this.mServer.getAllowedAuths(str));
            if (i == 1) {
                message.putBoolean(true);
            } else {
                message.putBoolean(false);
                this.mFailCount++;
            }
        }
        this.mTransport.sendMessage(message);
        if (this.mFailCount >= 10) {
            disconnectNoMoreAuth();
        }
        if (i == 0) {
            this.mTransport.authTrigger();
        }
    }

    private void parseServiceRequest(Message message) throws IOException {
        String string = message.getString();
        if (!string.equals("ssh-userauth")) {
            disconnectServiceNotAvailable();
            return;
        }
        Message message2 = new Message();
        message2.putByte((byte) 6);
        message2.putString(string);
        this.mTransport.sendMessage(message2);
        if (this.mBanner != null) {
            Message message3 = new Message();
            message3.putByte((byte) 53);
            message3.putString(this.mBanner);
            message3.putString("");
            this.mTransport.sendMessage(message3);
        }
    }

    private void parseInfoResponse(Message message) throws IOException {
        if (!this.mAuthMethod.equals("keyboard-interactive")) {
            throw new SSHException("Illegal info response from the client");
        }
        int i = message.getInt();
        String[] strArr = new String[i];
        for (int i2 = 0; i2 < i; i2++) {
            strArr[i2] = message.getString();
        }
        int checkAuthInteractiveResponse = this.mServer.checkAuthInteractiveResponse(strArr);
        if (checkAuthInteractiveResponse == 99) {
            InteractiveQuery checkAuthInteractive = this.mServer.checkAuthInteractive(this.mUsername, this.mSubmethods);
            if (checkAuthInteractive != null) {
                interactiveQuery(checkAuthInteractive);
                return;
            }
            checkAuthInteractiveResponse = 2;
        }
        sendAuthResult(this.mUsername, "keyboard-interactive", checkAuthInteractiveResponse);
    }

    private void interactiveQuery(InteractiveQuery interactiveQuery) throws IOException {
        Message message = new Message();
        message.putByte((byte) 60);
        message.putString(interactiveQuery.title);
        message.putString(interactiveQuery.instructions);
        message.putString("");
        message.putInt(interactiveQuery.prompts.length);
        for (int i = 0; i < interactiveQuery.prompts.length; i++) {
            message.putString(interactiveQuery.prompts[i].text);
            message.putBoolean(interactiveQuery.prompts[i].echoResponse);
        }
        this.mTransport.sendMessage(message);
        this.mTransport.registerMessageHandler((byte) 61, this);
    }

    private void parseAuthRequest(Message message) throws IOException {
        int checkAuthNone;
        if (this.mAuthenticated) {
            return;
        }
        String string = message.getString();
        String string2 = message.getString();
        String string3 = message.getString();
        this.mLog.debug(new StringBuffer().append("Auth request (type=").append(string3).append(") service=").append(string2).append(", username=").append(string).toString());
        if (!string2.equals("ssh-connection")) {
            disconnectServiceNotAvailable();
            return;
        }
        if (this.mUsername != null && !this.mUsername.equals(string)) {
            this.mLog.warning("Auth rejected because the client attempted to change username in mid-flight");
            disconnectNoMoreAuth();
            return;
        }
        this.mUsername = string;
        if (string3.equals("none")) {
            checkAuthNone = this.mServer.checkAuthNone(string);
        } else if (string3.equals("password")) {
            boolean z = message.getBoolean();
            String string4 = message.getString();
            if (z) {
                this.mLog.debug("Auth request to change passwords (rejected)");
                message.getString();
                checkAuthNone = 2;
            } else {
                checkAuthNone = this.mServer.checkAuthPassword(string, string4);
            }
        } else if (string3.equals("publickey")) {
            boolean z2 = message.getBoolean();
            String string5 = message.getString();
            byte[] byteString = message.getByteString();
            try {
                PKey createFromMessage = PKey.createFromMessage(new Message(byteString));
                checkAuthNone = this.mServer.checkAuthPublicKey(string, createFromMessage);
                if (checkAuthNone != 2) {
                    if (!z2) {
                        Message message2 = new Message();
                        message2.putByte((byte) 60);
                        message2.putString(string5);
                        message2.putByteString(byteString);
                        this.mTransport.sendMessage(message2);
                        return;
                    }
                    if (!createFromMessage.verifySSHSignature(this.mCrai, getSessionBlob(createFromMessage, string2, string), new Message(message.getByteString()))) {
                        this.mLog.notice("Auth rejected: invalid signature");
                        checkAuthNone = 2;
                    }
                }
            } catch (SSHException e) {
                this.mLog.notice(new StringBuffer().append("Auth rejected: public key: ").append(e).toString());
                disconnectNoMoreAuth();
                return;
            }
        } else if (string3.equals("keyboard-interactive")) {
            message.getString();
            List list = message.getList();
            String[] strArr = (String[]) list.toArray(new String[list.size()]);
            InteractiveQuery checkAuthInteractive = this.mServer.checkAuthInteractive(string, strArr);
            if (checkAuthInteractive != null) {
                this.mAuthMethod = string3;
                this.mUsername = string;
                this.mSubmethods = strArr;
                interactiveQuery(checkAuthInteractive);
                return;
            }
            checkAuthNone = 2;
        } else {
            checkAuthNone = this.mServer.checkAuthNone(string);
        }
        sendAuthResult(string, string3, checkAuthNone);
    }
}
