package org.apache.sshd.common.kex.extension;

import java.io.IOException;
import java.util.Map;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicReference;
import org.apache.sshd.client.SshClient;
import org.apache.sshd.client.session.ClientSession;
import org.apache.sshd.common.SshException;
import org.apache.sshd.common.future.CancelOption;
import org.apache.sshd.common.future.KeyExchangeFuture;
import org.apache.sshd.common.io.IoWriteFuture;
import org.apache.sshd.common.kex.KexProposalOption;
import org.apache.sshd.common.session.Session;
import org.apache.sshd.common.session.SessionListener;
import org.apache.sshd.common.util.GenericUtils;
import org.apache.sshd.server.SshServer;
import org.apache.sshd.util.test.BaseTestSupport;
import org.junit.After;
import org.junit.Before;
import org.junit.FixMethodOrder;
import org.junit.Test;
import org.junit.runners.MethodSorters;

@FixMethodOrder(MethodSorters.NAME_ASCENDING)
/* loaded from: input_file:org/apache/sshd/common/kex/extension/StrictKexTest.class */
public class StrictKexTest extends BaseTestSupport {
    private SshServer sshd;
    private SshClient client;

    @Before
    public void setUp() throws Exception {
        this.sshd = setupTestServer();
        this.client = setupTestClient();
    }

    @After
    public void tearDown() throws Exception {
        if (this.sshd != null) {
            this.sshd.stop(true);
        }
        if (this.client != null) {
            this.client.stop();
        }
    }

    @Test
    public void connectionClosedIfFirstPacketFromClientNotKexInit() throws Exception {
        testConnectionClosedIfFirstPacketFromPeerNotKexInit(true);
    }

    @Test
    public void connectionClosedIfFirstPacketFromServerNotKexInit() throws Exception {
        testConnectionClosedIfFirstPacketFromPeerNotKexInit(false);
    }

    private void testConnectionClosedIfFirstPacketFromPeerNotKexInit(boolean z) throws Exception {
        final AtomicReference atomicReference = new AtomicReference();
        SessionListener sessionListener = new SessionListener() { // from class: org.apache.sshd.common.kex.extension.StrictKexTest.1
            public void sessionNegotiationOptionsCreated(Session session, Map<KexProposalOption, String> map) {
                try {
                    atomicReference.set(session.sendDebugMessage(true, StrictKexTest.this.getCurrentTestName(), (String) null));
                } catch (Exception e) {
                    throw new RuntimeException(e);
                }
            }
        };
        if (z) {
            this.client.addSessionListener(sessionListener);
        } else {
            this.sshd.addSessionListener(sessionListener);
        }
        try {
            ClientSession obtainInitialTestClientSession = obtainInitialTestClientSession();
            try {
                fail("Unexpected session success");
                if (obtainInitialTestClientSession != null) {
                    obtainInitialTestClientSession.close();
                }
            } finally {
            }
        } catch (SshException e) {
            IoWriteFuture ioWriteFuture = (IoWriteFuture) atomicReference.get();
            assertNotNull("No SSH_MSG_DEBUG", ioWriteFuture);
            assertTrue("SSH_MSG_DEBUG should have been sent", ioWriteFuture.isWritten());
            if (e.getDisconnectCode() == 3) {
                assertTrue("Unexpected disconnect reason: " + e.getMessage(), e.getMessage().startsWith("Strict KEX negotiated but sequence number of first KEX_INIT received is not 1"));
            }
        }
    }

    @Test
    public void connectionClosedIfSpuriousPacketFromClientInKex() throws Exception {
        testConnectionClosedIfSupriousPacketInKex(true);
    }

    @Test
    public void connectionClosedIfSpuriousPacketFromServerInKex() throws Exception {
        testConnectionClosedIfSupriousPacketInKex(false);
    }

    private void testConnectionClosedIfSupriousPacketInKex(boolean z) throws Exception {
        final AtomicReference atomicReference = new AtomicReference();
        SessionListener sessionListener = new SessionListener() { // from class: org.apache.sshd.common.kex.extension.StrictKexTest.2
            public void sessionNegotiationEnd(Session session, Map<KexProposalOption, String> map, Map<KexProposalOption, String> map2, Map<KexProposalOption, String> map3, Throwable th) {
                try {
                    atomicReference.set(session.sendDebugMessage(true, StrictKexTest.this.getCurrentTestName(), (String) null));
                } catch (Exception e) {
                    throw new RuntimeException(e);
                }
            }
        };
        if (z) {
            this.client.addSessionListener(sessionListener);
        } else {
            this.sshd.addSessionListener(sessionListener);
        }
        try {
            ClientSession obtainInitialTestClientSession = obtainInitialTestClientSession();
            try {
                fail("Unexpected session success");
                if (obtainInitialTestClientSession != null) {
                    obtainInitialTestClientSession.close();
                }
            } finally {
            }
        } catch (SshException e) {
            IoWriteFuture ioWriteFuture = (IoWriteFuture) atomicReference.get();
            assertNotNull("No SSH_MSG_DEBUG", ioWriteFuture);
            assertTrue("SSH_MSG_DEBUG should have been sent", ioWriteFuture.isWritten());
            if (e.getDisconnectCode() == 3) {
                assertEquals("Unexpected disconnect reason", "SSH_MSG_DEBUG not allowed during initial key exchange in strict KEX", e.getMessage());
            }
        }
    }

    @Test
    public void reKeyAllowsDebugInKexFromClient() throws Exception {
        testReKeyAllowsDebugInKex(true);
    }

    @Test
    public void reKeyAllowsDebugInKexFromServer() throws Exception {
        testReKeyAllowsDebugInKex(false);
    }

    private void testReKeyAllowsDebugInKex(boolean z) throws Exception {
        final AtomicBoolean atomicBoolean = new AtomicBoolean();
        final AtomicReference atomicReference = new AtomicReference();
        SessionListener sessionListener = new SessionListener() { // from class: org.apache.sshd.common.kex.extension.StrictKexTest.3
            public void sessionNegotiationEnd(Session session, Map<KexProposalOption, String> map, Map<KexProposalOption, String> map2, Map<KexProposalOption, String> map3, Throwable th) {
                if (atomicBoolean.get()) {
                    try {
                        atomicReference.set(session.sendDebugMessage(true, StrictKexTest.this.getCurrentTestName(), (String) null));
                    } catch (Exception e) {
                        throw new RuntimeException(e);
                    }
                }
            }
        };
        if (z) {
            this.client.addSessionListener(sessionListener);
        } else {
            this.sshd.addSessionListener(sessionListener);
        }
        ClientSession obtainInitialTestClientSession = obtainInitialTestClientSession();
        try {
            assertTrue("Session should be stablished", obtainInitialTestClientSession.isOpen());
            atomicBoolean.set(true);
            assertTrue("KEX not done", ((KeyExchangeFuture) obtainInitialTestClientSession.reExchangeKeys().verify(CONNECT_TIMEOUT, new CancelOption[0])).isDone());
            IoWriteFuture ioWriteFuture = (IoWriteFuture) atomicReference.get();
            assertNotNull("No SSH_MSG_DEBUG", ioWriteFuture);
            assertTrue("SSH_MSG_DEBUG should have been sent", ioWriteFuture.isWritten());
            assertTrue(obtainInitialTestClientSession.isOpen());
            if (obtainInitialTestClientSession != null) {
                obtainInitialTestClientSession.close();
            }
        } catch (Throwable th) {
            if (obtainInitialTestClientSession != null) {
                try {
                    obtainInitialTestClientSession.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void strictKexWorksWithServerFlagInClientProposal() throws Exception {
        testStrictKexWorksWithWrongFlag(true);
    }

    @Test
    public void strictKexWorksWithClientFlagInServerProposal() throws Exception {
        testStrictKexWorksWithWrongFlag(false);
    }

    private void testStrictKexWorksWithWrongFlag(final boolean z) throws Exception {
        SessionListener sessionListener = new SessionListener() { // from class: org.apache.sshd.common.kex.extension.StrictKexTest.4
            public void sessionNegotiationOptionsCreated(Session session, Map<KexProposalOption, String> map) {
                String str = map.get(KexProposalOption.ALGORITHMS);
                String str2 = z ? "kex-strict-s-v00@openssh.com" : "kex-strict-c-v00@openssh.com";
                map.put(KexProposalOption.ALGORITHMS, GenericUtils.isEmpty(str) ? str2 : str + ',' + str2);
            }
        };
        if (z) {
            this.client.addSessionListener(sessionListener);
        } else {
            this.sshd.addSessionListener(sessionListener);
        }
        ClientSession obtainInitialTestClientSession = obtainInitialTestClientSession();
        try {
            assertTrue("Session should be stablished", obtainInitialTestClientSession.isOpen());
            if (obtainInitialTestClientSession != null) {
                obtainInitialTestClientSession.close();
            }
        } catch (Throwable th) {
            if (obtainInitialTestClientSession != null) {
                try {
                    obtainInitialTestClientSession.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private ClientSession obtainInitialTestClientSession() throws IOException {
        this.sshd.start();
        int port = this.sshd.getPort();
        this.client.start();
        return createAuthenticatedClientSession(this.client, port);
    }
}
