package org.apache.sshd.client.session;

import java.io.IOException;
import java.io.PipedInputStream;
import java.io.PipedOutputStream;
import java.net.SocketAddress;
import java.nio.charset.StandardCharsets;
import java.security.PublicKey;
import java.util.concurrent.TimeUnit;
import org.apache.sshd.client.SshClient;
import org.apache.sshd.client.channel.ChannelShell;
import org.apache.sshd.client.future.ConnectFuture;
import org.apache.sshd.client.keyverifier.ServerKeyVerifier;
import org.apache.sshd.common.channel.StreamingChannel;
import org.apache.sshd.common.config.keys.KeyUtils;
import org.apache.sshd.common.future.CancelOption;
import org.apache.sshd.common.session.SessionHeartbeatController;
import org.apache.sshd.util.test.BaseTestSupport;
import org.apache.sshd.util.test.ContainerTestCase;
import org.hamcrest.Description;
import org.hamcrest.MatcherAssert;
import org.hamcrest.TypeSafeDiagnosingMatcher;
import org.junit.Rule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.testcontainers.containers.GenericContainer;
import org.testcontainers.containers.output.Slf4jLogConsumer;
import org.testcontainers.containers.wait.strategy.Wait;
import org.testcontainers.images.builder.ImageFromDockerfile;

@Category({ContainerTestCase.class})
/* loaded from: input_file:org/apache/sshd/client/session/SessionReKeyHostKeyExchangeTest.class */
public class SessionReKeyHostKeyExchangeTest extends BaseTestSupport {
    private static final Logger LOG = LoggerFactory.getLogger(SessionReKeyHostKeyExchangeTest.class);

    @Rule
    public GenericContainer<?> sshdContainer = new GenericContainer(new ImageFromDockerfile().withDockerfileFromBuilder(dockerfileBuilder -> {
        dockerfileBuilder.from("centos:7.9.2009").run("yum install -y openssh-server").run("/usr/sbin/sshd-keygen").run("adduser bob").run("echo \"123qweASD\" | passwd bob --stdin").run("echo RekeyLimit default 1 >> /etc/ssh/sshd_config").entryPoint(new String[]{"/usr/sbin/sshd", "-D", "-ddd"}).build();
    })).waitingFor(Wait.forLogMessage(".*Server listening on :: port 22.*\\n", 1)).withExposedPorts(new Integer[]{22}).withLogConsumer(new Slf4jLogConsumer(LOG));

    /* loaded from: input_file:org/apache/sshd/client/session/SessionReKeyHostKeyExchangeTest$AcceptFirstAlgorithmHostKeyVerifier.class */
    private static class AcceptFirstAlgorithmHostKeyVerifier implements ServerKeyVerifier {
        volatile int errors;
        volatile int verifications;
        private PublicKey hostKey;

        AcceptFirstAlgorithmHostKeyVerifier() {
        }

        public boolean verifyServerKey(ClientSession clientSession, SocketAddress socketAddress, PublicKey publicKey) {
            if (this.hostKey == null) {
                this.hostKey = publicKey;
                SessionReKeyHostKeyExchangeTest.LOG.info("**** Accepting initial connection with host key algorithm {}", publicKey.getAlgorithm());
                this.verifications++;
                return true;
            }
            boolean compareKeys = KeyUtils.compareKeys(this.hostKey, publicKey);
            if (compareKeys) {
                SessionReKeyHostKeyExchangeTest.LOG.info("Accepting subsequent hostkey, same as in initial connection");
            } else {
                SessionReKeyHostKeyExchangeTest.LOG.error("**** Rejecting subsequent host key of type {}, inital host key was {}", publicKey.getAlgorithm(), this.hostKey.getAlgorithm());
                this.errors++;
            }
            this.verifications++;
            return compareKeys;
        }
    }

    /* loaded from: input_file:org/apache/sshd/client/session/SessionReKeyHostKeyExchangeTest$AtLeastMatcher.class */
    private static final class AtLeastMatcher extends TypeSafeDiagnosingMatcher<Integer> {
        private final int atLeast;

        private AtLeastMatcher(int i) {
            this.atLeast = i;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        public boolean matchesSafely(Integer num, Description description) {
            description.appendValue(num);
            return this.atLeast <= num.intValue();
        }

        public void describeTo(Description description) {
            description.appendText("a number greater than ").appendValue(Integer.valueOf(this.atLeast));
        }

        public static AtLeastMatcher greaterThan(int i) {
            return new AtLeastMatcher(i);
        }
    }

    @Test
    public void testRekeyUsesSameHostKeyAlgorithm() throws Exception {
        LOG.info("*************************************************************************************");
        SshClient upDefaultClient = SshClient.setUpDefaultClient();
        AcceptFirstAlgorithmHostKeyVerifier acceptFirstAlgorithmHostKeyVerifier = new AcceptFirstAlgorithmHostKeyVerifier();
        upDefaultClient.setServerKeyVerifier(acceptFirstAlgorithmHostKeyVerifier);
        try {
            upDefaultClient.start();
            ClientSession session = ((ConnectFuture) upDefaultClient.connect("bob", this.sshdContainer.getHost(), this.sshdContainer.getMappedPort(22).intValue()).verify(CONNECT_TIMEOUT, new CancelOption[0])).getSession();
            try {
                session.addPasswordIdentity("123qweASD");
                assertTrue("Could not authenticate", session.auth().await(AUTH_TIMEOUT, new CancelOption[0]));
                session.setSessionHeartbeat(SessionHeartbeatController.HeartbeatType.IGNORE, TimeUnit.MILLISECONDS, 1L);
                try {
                    ChannelShell createShellChannel = session.createShellChannel();
                    try {
                        createShellChannel.setOut(System.out);
                        createShellChannel.setErr(System.err);
                        createShellChannel.setStreaming(StreamingChannel.Streaming.Sync);
                        PipedOutputStream pipedOutputStream = new PipedOutputStream();
                        createShellChannel.setIn(new PipedInputStream(pipedOutputStream));
                        assertTrue("Could not open session", createShellChannel.open().await(DEFAULT_TIMEOUT, new CancelOption[0]));
                        for (int i = 0; i < 20; i++) {
                            Thread.sleep(1000L);
                            LOG.info("writing some data...");
                            pipedOutputStream.write("\n\n".getBytes(StandardCharsets.UTF_8));
                        }
                        createShellChannel.close(true);
                        if (createShellChannel != null) {
                            createShellChannel.close();
                        }
                        Thread.sleep(5000L);
                        assertTrue("Session should still be open", session.isOpen());
                        if (session != null) {
                            session.close();
                        }
                        MatcherAssert.assertThat("Not enough re-key attempts", Integer.valueOf(acceptFirstAlgorithmHostKeyVerifier.verifications), AtLeastMatcher.greaterThan(10));
                        upDefaultClient.stop();
                    } catch (Throwable th) {
                        if (createShellChannel != null) {
                            try {
                                createShellChannel.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        }
                        throw th;
                    }
                } catch (IOException e) {
                    assertEquals("Expected no host key changes in KEX", 0L, acceptFirstAlgorithmHostKeyVerifier.errors);
                    throw new AssertionError("Exception in test", e);
                }
            } finally {
            }
        } catch (Throwable th3) {
            upDefaultClient.stop();
            throw th3;
        }
    }
}
