package org.apache.sshd.common.kex.extension;

import java.io.PipedInputStream;
import java.io.PipedOutputStream;
import java.nio.charset.StandardCharsets;
import org.apache.sshd.client.ClientFactoryManager;
import org.apache.sshd.client.SshClient;
import org.apache.sshd.client.channel.ChannelShell;
import org.apache.sshd.client.future.ConnectFuture;
import org.apache.sshd.client.session.ClientSession;
import org.apache.sshd.client.session.ClientSessionImpl;
import org.apache.sshd.client.session.SessionFactory;
import org.apache.sshd.common.channel.StreamingChannel;
import org.apache.sshd.common.future.CancelOption;
import org.apache.sshd.common.future.KeyExchangeFuture;
import org.apache.sshd.common.io.IoSession;
import org.apache.sshd.util.test.BaseTestSupport;
import org.apache.sshd.util.test.CommonTestSupportUtils;
import org.apache.sshd.util.test.ContainerTestCase;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.testcontainers.containers.GenericContainer;
import org.testcontainers.containers.output.Slf4jLogConsumer;
import org.testcontainers.containers.wait.strategy.Wait;
import org.testcontainers.images.builder.ImageFromDockerfile;
import org.testcontainers.images.builder.dockerfile.DockerfileBuilder;
import org.testcontainers.utility.MountableFile;

@Category({ContainerTestCase.class})
/* loaded from: input_file:org/apache/sshd/common/kex/extension/StrictKexInteroperabilityTest.class */
public class StrictKexInteroperabilityTest extends BaseTestSupport {
    private static final Logger LOG = LoggerFactory.getLogger(StrictKexInteroperabilityTest.class);
    private static final String TEST_RESOURCES = "org/apache/sshd/common/kex/extensions/client";
    private SshClient client;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/sshd/common/kex/extension/StrictKexInteroperabilityTest$TestSession.class */
    public static class TestSession extends ClientSessionImpl {
        TestSession(ClientFactoryManager clientFactoryManager, IoSession ioSession) throws Exception {
            super(clientFactoryManager, ioSession);
        }

        boolean usesStrictKex() {
            return this.strictKex;
        }
    }

    /* loaded from: input_file:org/apache/sshd/common/kex/extension/StrictKexInteroperabilityTest$TestSessionFactory.class */
    private static class TestSessionFactory extends SessionFactory {
        TestSessionFactory(ClientFactoryManager clientFactoryManager) {
            super(clientFactoryManager);
        }

        /* JADX INFO: Access modifiers changed from: protected */
        /* renamed from: doCreateSession, reason: merged with bridge method [inline-methods] */
        public ClientSessionImpl m25doCreateSession(IoSession ioSession) throws Exception {
            return new TestSession(getClient(), ioSession);
        }
    }

    @Before
    public void setUp() throws Exception {
        this.client = setupTestClient();
        this.client.setSessionFactory(new TestSessionFactory(this.client));
    }

    @After
    public void tearDown() throws Exception {
        if (this.client != null) {
            this.client.stop();
        }
    }

    private DockerfileBuilder strictKexImage(DockerfileBuilder dockerfileBuilder, boolean z) {
        return !z ? dockerfileBuilder.from("centos:7.9.2009").run("yum install -y openssh-server").run("/usr/sbin/sshd-keygen").run("adduser bob") : dockerfileBuilder.from("alpine:20231219").run("apk --update add openssh-server").run("ssh-keygen -A").run("adduser -D bob").run("echo 'bob:passwordBob' | chpasswd");
    }

    @Test
    public void testStrictKexOff() throws Exception {
        testStrictKex(false);
    }

    @Test
    public void testStrictKexOn() throws Exception {
        testStrictKex(true);
    }

    private void testStrictKex(boolean z) throws Exception {
        GenericContainer withLogConsumer = new GenericContainer(new ImageFromDockerfile().withDockerfileFromBuilder(dockerfileBuilder -> {
            strictKexImage(dockerfileBuilder, z).run("mkdir -p /home/bob/.ssh").entryPoint("/entrypoint.sh").build();
        })).withCopyFileToContainer(MountableFile.forClasspathResource("org/apache/sshd/common/kex/extensions/client/bob_key.pub"), "/home/bob/.ssh/authorized_keys").withCopyFileToContainer(MountableFile.forClasspathResource("org/apache/sshd/common/kex/extensions/client/entrypoint.sh", 511), "/entrypoint.sh").waitingFor(Wait.forLogMessage(".*Server listening on :: port 22.*\\n", 1)).withExposedPorts(new Integer[]{22}).withLogConsumer(new Slf4jLogConsumer(LOG));
        withLogConsumer.start();
        try {
            this.client.setKeyIdentityProvider(CommonTestSupportUtils.createTestKeyPairProvider("org/apache/sshd/common/kex/extensions/client/bob_key"));
            this.client.start();
            TestSession testSession = (ClientSession) ((ConnectFuture) this.client.connect("bob", withLogConsumer.getHost(), withLogConsumer.getMappedPort(22).intValue()).verify(CONNECT_TIMEOUT, new CancelOption[0])).getSession();
            try {
                testSession.auth().verify(AUTH_TIMEOUT, new CancelOption[0]);
                assertTrue("Should authenticate", testSession.isAuthenticated());
                assertTrue("Unexpected session type " + testSession.getClass().getName(), testSession instanceof TestSession);
                assertEquals("Unexpected strict KEX usage", z, testSession.usesStrictKex());
                ChannelShell createShellChannel = testSession.createShellChannel();
                try {
                    createShellChannel.setOut(System.out);
                    createShellChannel.setErr(System.err);
                    createShellChannel.setStreaming(StreamingChannel.Streaming.Sync);
                    PipedOutputStream pipedOutputStream = new PipedOutputStream();
                    createShellChannel.setIn(new PipedInputStream(pipedOutputStream));
                    assertTrue("Could not open session", createShellChannel.open().await(DEFAULT_TIMEOUT, new CancelOption[0]));
                    LOG.info("writing some data...");
                    pipedOutputStream.write("\n\n".getBytes(StandardCharsets.UTF_8));
                    assertTrue("Channel should be open", createShellChannel.isOpen());
                    assertTrue(((KeyExchangeFuture) testSession.reExchangeKeys().verify(CONNECT_TIMEOUT, new CancelOption[0])).isDone());
                    assertTrue("Channel should be open", createShellChannel.isOpen());
                    LOG.info("writing some data...");
                    pipedOutputStream.write("\n\n".getBytes(StandardCharsets.UTF_8));
                    assertTrue("Channel should be open", createShellChannel.isOpen());
                    createShellChannel.close(true);
                    if (createShellChannel != null) {
                        createShellChannel.close();
                    }
                    if (testSession != null) {
                        testSession.close();
                    }
                } catch (Throwable th) {
                    if (createShellChannel != null) {
                        try {
                            createShellChannel.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } finally {
            }
        } finally {
            withLogConsumer.stop();
        }
    }
}
