package org.apache.sshd.common.auth;

import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.PublicKey;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.concurrent.atomic.AtomicInteger;
import org.apache.sshd.client.SshClient;
import org.apache.sshd.client.auth.keyboard.UserInteraction;
import org.apache.sshd.client.auth.pubkey.PublicKeyAuthenticationReporter;
import org.apache.sshd.client.auth.pubkey.UserAuthPublicKeyFactory;
import org.apache.sshd.client.future.AuthFuture;
import org.apache.sshd.client.future.ConnectFuture;
import org.apache.sshd.client.session.ClientSession;
import org.apache.sshd.common.NamedResource;
import org.apache.sshd.common.SshException;
import org.apache.sshd.common.config.keys.FilePasswordProvider;
import org.apache.sshd.common.config.keys.KeyUtils;
import org.apache.sshd.common.keyprovider.KeyIdentityProvider;
import org.apache.sshd.common.keyprovider.KeyPairProvider;
import org.apache.sshd.common.session.SessionContext;
import org.apache.sshd.common.signature.BuiltinSignatures;
import org.apache.sshd.common.util.GenericUtils;
import org.apache.sshd.common.util.ValidateUtils;
import org.apache.sshd.common.util.buffer.Buffer;
import org.apache.sshd.common.util.io.resource.URLResource;
import org.apache.sshd.common.util.security.SecurityUtils;
import org.apache.sshd.server.auth.keyboard.KeyboardInteractiveAuthenticator;
import org.apache.sshd.server.auth.password.RejectAllPasswordAuthenticator;
import org.apache.sshd.server.auth.pubkey.RejectAllPublickeyAuthenticator;
import org.apache.sshd.server.auth.pubkey.UserAuthPublicKey;
import org.apache.sshd.server.session.ServerSession;
import org.apache.sshd.util.test.CommonTestSupportUtils;
import org.apache.sshd.util.test.CoreTestSupportUtils;
import org.junit.Assert;
import org.junit.FixMethodOrder;
import org.junit.Test;
import org.junit.runners.MethodSorters;

@FixMethodOrder(MethodSorters.NAME_ASCENDING)
/* loaded from: input_file:org/apache/sshd/common/auth/PublicKeyAuthenticationTest.class */
public class PublicKeyAuthenticationTest extends AuthenticationTestSupport {
    /* JADX WARN: Finally extract failed */
    @Test
    public void testPublicKeyAuthDifferentThanKex() throws Exception {
        KeyPairProvider wrap = KeyPairProvider.wrap(new KeyPair[]{CommonTestSupportUtils.generateKeyPair("RSA", 1024), CommonTestSupportUtils.generateKeyPair("DSA", 512), CommonTestSupportUtils.generateKeyPair("EC", 256)});
        this.sshd.setKeyPairProvider(wrap);
        this.sshd.setKeyboardInteractiveAuthenticator(KeyboardInteractiveAuthenticator.NONE);
        this.sshd.setPasswordAuthenticator(RejectAllPasswordAuthenticator.INSTANCE);
        KeyPair generateKeyPair = CommonTestSupportUtils.generateKeyPair("EC", 256);
        this.sshd.setPublickeyAuthenticator((str, publicKey, serverSession) -> {
            assertEquals("Mismatched client key types", KeyUtils.getKeyType(generateKeyPair), KeyUtils.getKeyType(publicKey));
            assertKeyEquals("Mismatched authentication public keys", generateKeyPair.getPublic(), publicKey);
            return true;
        });
        CoreTestSupportUtils.setupFullSignaturesSupport(this.sshd);
        SshClient sshClient = setupTestClient();
        try {
            BuiltinSignatures builtinSignatures = BuiltinSignatures.rsa;
            sshClient.setSignatureFactories(Collections.singletonList(builtinSignatures));
            sshClient.setServerKeyVerifier((clientSession, socketAddress, publicKey2) -> {
                String keyType = KeyUtils.getKeyType(publicKey2);
                assertEquals("Mismatched server key type", builtinSignatures.getName(), keyType);
                try {
                    assertKeyEquals("Mismatched server public keys", ((KeyPair) ValidateUtils.checkNotNull(wrap.loadKey((SessionContext) null, keyType), "No server key for type=%s", keyType)).getPublic(), publicKey2);
                    return true;
                } catch (IOException | GeneralSecurityException e) {
                    throw new RuntimeException("Unexpected " + e.getClass().getSimpleName() + ") keys loading exception: " + e.getMessage(), e);
                }
            });
            UserAuthPublicKeyFactory userAuthPublicKeyFactory = new UserAuthPublicKeyFactory();
            userAuthPublicKeyFactory.setSignatureFactories(Arrays.asList(BuiltinSignatures.nistp256, BuiltinSignatures.nistp384, BuiltinSignatures.nistp521));
            sshClient.setUserAuthFactories(Collections.singletonList(userAuthPublicKeyFactory));
            sshClient.start();
            try {
                ClientSession session = ((ConnectFuture) sshClient.connect(getCurrentTestName(), TEST_LOCALHOST, this.port).verify(CONNECT_TIMEOUT)).getSession();
                try {
                    session.addPublicKeyIdentity(generateKeyPair);
                    session.auth().verify(AUTH_TIMEOUT);
                    if (session != null) {
                        session.close();
                    }
                    sshClient.stop();
                    if (sshClient != null) {
                        sshClient.close();
                    }
                } catch (Throwable th) {
                    if (session != null) {
                        try {
                            session.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } catch (Throwable th3) {
                sshClient.stop();
                throw th3;
            }
        } catch (Throwable th4) {
            if (sshClient != null) {
                try {
                    sshClient.close();
                } catch (Throwable th5) {
                    th4.addSuppressed(th5);
                }
            }
            throw th4;
        }
    }

    /* JADX WARN: Finally extract failed */
    @Test
    public void testUserAuthPkOkWrongKey() throws Exception {
        this.sshd.setUserAuthFactories(Collections.singletonList(new org.apache.sshd.server.auth.pubkey.UserAuthPublicKeyFactory() { // from class: org.apache.sshd.common.auth.PublicKeyAuthenticationTest.1
            public UserAuthPublicKey createUserAuth(ServerSession serverSession) throws IOException {
                return new UserAuthPublicKey() { // from class: org.apache.sshd.common.auth.PublicKeyAuthenticationTest.1.1
                    protected void sendPublicKeyResponse(ServerSession serverSession2, String str, String str2, PublicKey publicKey, byte[] bArr, int i, int i2, Buffer buffer) throws Exception {
                        PublicKey publicKey2 = CommonTestSupportUtils.generateKeyPair("RSA", 1024).getPublic();
                        Buffer createBuffer = serverSession2.createBuffer((byte) 60, i2 + str2.length() + 64);
                        createBuffer.putString(str2);
                        createBuffer.putPublicKey(publicKey2);
                        serverSession2.writePacket(createBuffer);
                    }
                };
            }
        }));
        SshClient sshClient = setupTestClient();
        try {
            KeyPair generateKeyPair = CommonTestSupportUtils.generateKeyPair("EC", 256);
            sshClient.start();
            try {
                ClientSession session = ((ConnectFuture) sshClient.connect(getCurrentTestName(), TEST_LOCALHOST, this.port).verify(CONNECT_TIMEOUT)).getSession();
                try {
                    session.addPublicKeyIdentity(generateKeyPair);
                    assertObjectInstanceOf("Unexpected failure cause", InvalidKeySpecException.class, assertThrows(SshException.class, () -> {
                        session.auth().verify(AUTH_TIMEOUT);
                    }).getCause());
                    if (session != null) {
                        session.close();
                    }
                    sshClient.stop();
                    if (sshClient != null) {
                        sshClient.close();
                    }
                } catch (Throwable th) {
                    if (session != null) {
                        try {
                            session.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } catch (Throwable th3) {
                sshClient.stop();
                throw th3;
            }
        } catch (Throwable th4) {
            if (sshClient != null) {
                try {
                    sshClient.close();
                } catch (Throwable th5) {
                    th4.addSuppressed(th5);
                }
            }
            throw th4;
        }
    }

    /* JADX WARN: Finally extract failed */
    @Test
    public void testUserAuthPkOkWrongAlgorithm() throws Exception {
        this.sshd.setUserAuthFactories(Collections.singletonList(new org.apache.sshd.server.auth.pubkey.UserAuthPublicKeyFactory() { // from class: org.apache.sshd.common.auth.PublicKeyAuthenticationTest.2
            public UserAuthPublicKey createUserAuth(ServerSession serverSession) throws IOException {
                return new UserAuthPublicKey() { // from class: org.apache.sshd.common.auth.PublicKeyAuthenticationTest.2.1
                    protected void sendPublicKeyResponse(ServerSession serverSession2, String str, String str2, PublicKey publicKey, byte[] bArr, int i, int i2, Buffer buffer) throws Exception {
                        super.sendPublicKeyResponse(serverSession2, str, "ssh-dss", publicKey, bArr, i, i2, buffer);
                    }
                };
            }
        }));
        SshClient sshClient = setupTestClient();
        try {
            KeyPair generateKeyPair = CommonTestSupportUtils.generateKeyPair("EC", 256);
            sshClient.start();
            try {
                ClientSession session = ((ConnectFuture) sshClient.connect(getCurrentTestName(), TEST_LOCALHOST, this.port).verify(CONNECT_TIMEOUT)).getSession();
                try {
                    session.addPublicKeyIdentity(generateKeyPair);
                    assertTrue("Successful authentication expected", ((AuthFuture) session.auth().verify(AUTH_TIMEOUT)).isSuccess());
                    if (session != null) {
                        session.close();
                    }
                    sshClient.stop();
                    if (sshClient != null) {
                        sshClient.close();
                    }
                } catch (Throwable th) {
                    if (session != null) {
                        try {
                            session.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } catch (Throwable th3) {
                sshClient.stop();
                throw th3;
            }
        } catch (Throwable th4) {
            if (sshClient != null) {
                try {
                    sshClient.close();
                } catch (Throwable th5) {
                    th4.addSuppressed(th5);
                }
            }
            throw th4;
        }
    }

    /* JADX WARN: Finally extract failed */
    @Test
    public void testSessionContextPropagatedToKeyFilePasswordProvider() throws Exception {
        SshClient sshClient = setupTestClient();
        try {
            sshClient.start();
            try {
                final ClientSession session = ((ConnectFuture) sshClient.connect(getCurrentTestName(), TEST_LOCALHOST, this.port).verify(CONNECT_TIMEOUT)).getSession();
                try {
                    final String str = "super-secret-passphrase-ec256-key";
                    final FilePasswordProvider filePasswordProvider = new FilePasswordProvider() { // from class: org.apache.sshd.common.auth.PublicKeyAuthenticationTest.3
                        public String getPassword(SessionContext sessionContext, NamedResource namedResource, int i) throws IOException {
                            Assert.assertSame("Mismatched session context", session, sessionContext);
                            Assert.assertEquals("Mismatched retry index", 0L, i);
                            String name = namedResource.getName();
                            int lastIndexOf = name.lastIndexOf(47);
                            if (lastIndexOf >= 0) {
                                name = name.substring(lastIndexOf + 1);
                            }
                            Assert.assertEquals("Mismatched location", str, name);
                            Assert.assertNull("Password already requested", (Boolean) sessionContext.getAttribute(AuthenticationTestSupport.PASSWORD_ATTR));
                            sessionContext.setAttribute(AuthenticationTestSupport.PASSWORD_ATTR, Boolean.TRUE);
                            return "super secret passphrase";
                        }
                    };
                    session.setKeyIdentityProvider(new KeyIdentityProvider() { // from class: org.apache.sshd.common.auth.PublicKeyAuthenticationTest.4
                        public Iterable<KeyPair> loadKeys(SessionContext sessionContext) throws IOException, GeneralSecurityException {
                            Assert.assertSame("Mismatched session context", session, sessionContext);
                            URL resource = getClass().getResource(str);
                            Assert.assertNotNull("Missing key file " + str, resource);
                            URLResource uRLResource = new URLResource(resource);
                            InputStream openInputStream = uRLResource.openInputStream();
                            try {
                                Iterable loadKeyPairIdentities = SecurityUtils.loadKeyPairIdentities(sessionContext, uRLResource, openInputStream, filePasswordProvider);
                                if (openInputStream != null) {
                                    openInputStream.close();
                                }
                                KeyPair keyPair = (KeyPair) GenericUtils.head(loadKeyPairIdentities);
                                Assert.assertNotNull("No identity loaded from " + uRLResource, keyPair);
                                return Collections.singletonList(keyPair);
                            } catch (Throwable th) {
                                if (openInputStream != null) {
                                    try {
                                        openInputStream.close();
                                    } catch (Throwable th2) {
                                        th.addSuppressed(th2);
                                    }
                                }
                                throw th;
                            }
                        }
                    });
                    session.auth().verify(AUTH_TIMEOUT);
                    Boolean bool = (Boolean) session.getAttribute(PASSWORD_ATTR);
                    assertNotNull("Password provider not invoked", bool);
                    assertTrue("Password not requested", bool.booleanValue());
                    if (session != null) {
                        session.close();
                    }
                    sshClient.stop();
                    if (sshClient != null) {
                        sshClient.close();
                    }
                } catch (Throwable th) {
                    if (session != null) {
                        try {
                            session.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } catch (Throwable th3) {
                sshClient.stop();
                throw th3;
            }
        } catch (Throwable th4) {
            if (sshClient != null) {
                try {
                    sshClient.close();
                } catch (Throwable th5) {
                    th4.addSuppressed(th5);
                }
            }
            throw th4;
        }
    }

    /* JADX WARN: Finally extract failed */
    @Test
    public void testPublicKeyAuthenticationReporter() throws Exception {
        final KeyPair generateKeyPair = CommonTestSupportUtils.generateKeyPair("EC", 256);
        final KeyPair generateKeyPair2 = CommonTestSupportUtils.generateKeyPair("EC", 256);
        ArrayList arrayList = new ArrayList();
        this.sshd.setPublickeyAuthenticator((str, publicKey, serverSession) -> {
            arrayList.add(publicKey);
            return KeyUtils.compareKeys(generateKeyPair.getPublic(), publicKey);
        });
        this.sshd.setPasswordAuthenticator(RejectAllPasswordAuthenticator.INSTANCE);
        this.sshd.setKeyboardInteractiveAuthenticator(KeyboardInteractiveAuthenticator.NONE);
        final ArrayList arrayList2 = new ArrayList();
        final ArrayList arrayList3 = new ArrayList();
        PublicKeyAuthenticationReporter publicKeyAuthenticationReporter = new PublicKeyAuthenticationReporter() { // from class: org.apache.sshd.common.auth.PublicKeyAuthenticationTest.5
            public void signalAuthenticationAttempt(ClientSession clientSession, String str2, KeyPair keyPair, String str3) throws Exception {
                arrayList2.add(keyPair.getPublic());
            }

            public void signalSignatureAttempt(ClientSession clientSession, String str2, KeyPair keyPair, String str3, byte[] bArr) throws Exception {
                arrayList3.add(keyPair.getPublic());
            }

            public void signalAuthenticationSuccess(ClientSession clientSession, String str2, KeyPair keyPair) throws Exception {
                Assert.assertTrue("Mismatched success identity", KeyUtils.compareKeys(generateKeyPair.getPublic(), keyPair.getPublic()));
            }

            public void signalAuthenticationFailure(ClientSession clientSession, String str2, KeyPair keyPair, boolean z, List<String> list) throws Exception {
                Assert.assertTrue("Mismatched failed identity", KeyUtils.compareKeys(generateKeyPair2.getPublic(), keyPair.getPublic()));
            }
        };
        SshClient sshClient = setupTestClient();
        try {
            sshClient.setUserAuthFactories(Collections.singletonList(new UserAuthPublicKeyFactory()));
            sshClient.start();
            try {
                ClientSession session = ((ConnectFuture) sshClient.connect(getCurrentTestName(), TEST_LOCALHOST, this.port).verify(CONNECT_TIMEOUT)).getSession();
                try {
                    session.addPublicKeyIdentity(generateKeyPair2);
                    session.addPublicKeyIdentity(generateKeyPair);
                    session.setPublicKeyAuthenticationReporter(publicKeyAuthenticationReporter);
                    session.auth().verify(AUTH_TIMEOUT);
                    if (session != null) {
                        session.close();
                    }
                    sshClient.stop();
                    if (sshClient != null) {
                        sshClient.close();
                    }
                    List asList = Arrays.asList(generateKeyPair2.getPublic(), generateKeyPair.getPublic());
                    int size = arrayList.size();
                    assertKeyListEquals("Attempted", asList, size > 0 ? arrayList.subList(0, size - 1) : arrayList);
                    assertKeyListEquals("Reported", asList, arrayList2);
                    assertKeyListEquals("Signed", Collections.singletonList(generateKeyPair.getPublic()), arrayList3);
                } catch (Throwable th) {
                    if (session != null) {
                        try {
                            session.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } catch (Throwable th3) {
                sshClient.stop();
                throw th3;
            }
        } catch (Throwable th4) {
            if (sshClient != null) {
                try {
                    sshClient.close();
                } catch (Throwable th5) {
                    th4.addSuppressed(th5);
                }
            }
            throw th4;
        }
    }

    /* JADX WARN: Finally extract failed */
    @Test
    public void testAuthenticationAttemptsExhausted() throws Exception {
        this.sshd.setPasswordAuthenticator(RejectAllPasswordAuthenticator.INSTANCE);
        this.sshd.setPublickeyAuthenticator(RejectAllPublickeyAuthenticator.INSTANCE);
        this.sshd.setKeyboardInteractiveAuthenticator(KeyboardInteractiveAuthenticator.NONE);
        final AtomicInteger atomicInteger = new AtomicInteger();
        PublicKeyAuthenticationReporter publicKeyAuthenticationReporter = new PublicKeyAuthenticationReporter() { // from class: org.apache.sshd.common.auth.PublicKeyAuthenticationTest.6
            public void signalAuthenticationExhausted(ClientSession clientSession, String str) throws Exception {
                atomicInteger.incrementAndGet();
            }
        };
        final KeyPair generateKeyPair = CommonTestSupportUtils.generateKeyPair("EC", 256);
        final AtomicInteger atomicInteger2 = new AtomicInteger();
        UserInteraction userInteraction = new UserInteraction() { // from class: org.apache.sshd.common.auth.PublicKeyAuthenticationTest.7
            public String[] interactive(ClientSession clientSession, String str, String str2, String str3, String[] strArr, boolean[] zArr) {
                throw new UnsupportedOperationException("Unexpected interactive invocation");
            }

            public String getUpdatedPassword(ClientSession clientSession, String str, String str2) {
                throw new UnsupportedOperationException("Unexpected updated password request");
            }

            public KeyPair resolveAuthPublicKeyIdentityAttempt(ClientSession clientSession) throws Exception {
                return atomicInteger2.incrementAndGet() <= 3 ? generateKeyPair : super.resolveAuthPublicKeyIdentityAttempt(clientSession);
            }
        };
        SshClient sshClient = setupTestClient();
        try {
            sshClient.setUserAuthFactories(Collections.singletonList(new UserAuthPublicKeyFactory()));
            sshClient.start();
            try {
                ClientSession session = ((ConnectFuture) sshClient.connect(getCurrentTestName(), TEST_LOCALHOST, this.port).verify(CONNECT_TIMEOUT)).getSession();
                try {
                    session.setPublicKeyAuthenticationReporter(publicKeyAuthenticationReporter);
                    session.setUserInteraction(userInteraction);
                    for (int i = 1; i <= 5; i++) {
                        session.addPublicKeyIdentity(generateKeyPair);
                    }
                    assertAuthenticationResult("Authenticating", session.auth(), false);
                    if (session != null) {
                        session.close();
                    }
                    sshClient.stop();
                    if (sshClient != null) {
                        sshClient.close();
                    }
                    assertEquals("Mismatched invocation count", 1L, atomicInteger.getAndSet(0));
                    assertEquals("Mismatched retries count", 4L, atomicInteger2.getAndSet(0));
                } catch (Throwable th) {
                    if (session != null) {
                        try {
                            session.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } catch (Throwable th3) {
                sshClient.stop();
                throw th3;
            }
        } catch (Throwable th4) {
            if (sshClient != null) {
                try {
                    sshClient.close();
                } catch (Throwable th5) {
                    th4.addSuppressed(th5);
                }
            }
            throw th4;
        }
    }

    /* JADX WARN: Finally extract failed */
    @Test
    public void testRsaAuthenticationOldServer() throws Exception {
        KeyPair generateKeyPair = CommonTestSupportUtils.generateKeyPair("RSA", 2048);
        List signatureFactoriesNames = this.sshd.getSignatureFactoriesNames();
        boolean z = false;
        Iterator it = signatureFactoriesNames.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            if (str.equalsIgnoreCase("ssh-rsa")) {
                z = true;
            } else if (str.toLowerCase(Locale.ROOT).contains("rsa")) {
                it.remove();
            }
        }
        if (!z) {
            signatureFactoriesNames.add("ssh-rsa");
        }
        this.sshd.setSignatureFactoriesNames(signatureFactoriesNames);
        this.sshd.setPublickeyAuthenticator((str2, publicKey, serverSession) -> {
            return KeyUtils.compareKeys(generateKeyPair.getPublic(), publicKey);
        });
        SshClient sshClient = setupTestClient();
        try {
            sshClient.setUserAuthFactories(Collections.singletonList(new UserAuthPublicKeyFactory()));
            sshClient.start();
            try {
                ClientSession session = ((ConnectFuture) sshClient.connect(getCurrentTestName(), TEST_LOCALHOST, this.port).verify(CONNECT_TIMEOUT)).getSession();
                try {
                    session.addPublicKeyIdentity(generateKeyPair);
                    assertTrue("Successful authentication expected", ((AuthFuture) session.auth().verify(AUTH_TIMEOUT)).isSuccess());
                    if (session != null) {
                        session.close();
                    }
                    sshClient.stop();
                    if (sshClient != null) {
                        sshClient.close();
                    }
                } catch (Throwable th) {
                    if (session != null) {
                        try {
                            session.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } catch (Throwable th3) {
                sshClient.stop();
                throw th3;
            }
        } catch (Throwable th4) {
            if (sshClient != null) {
                try {
                    sshClient.close();
                } catch (Throwable th5) {
                    th4.addSuppressed(th5);
                }
            }
            throw th4;
        }
    }
}
