package com.sshtools.commands;

import com.sshtools.agent.client.SshAgentClient;
import com.sshtools.agent.exceptions.AgentNotAvailableException;
import com.sshtools.client.ExternalKeyAuthenticator;
import com.sshtools.client.IdentityFileAuthenticator;
import com.sshtools.client.PasswordAuthenticator;
import com.sshtools.client.PrivateKeyFileAuthenticator;
import com.sshtools.client.SshClient;
import com.sshtools.client.SshClientContext;
import com.sshtools.common.logger.Log;
import com.sshtools.common.publickey.SshPrivateKeyFileFactory;
import com.sshtools.common.ssh.SecurityLevel;
import com.sshtools.common.ssh.SshException;
import com.sshtools.common.ssh.components.jce.JCEProvider;
import com.sshtools.common.util.Utils;
import com.sshtools.jaul.Phase;
import com.sshtools.sequins.Prompter;
import java.io.File;
import java.io.IOException;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import picocli.CommandLine;

@CommandLine.Command
/* loaded from: input_file:com/sshtools/commands/SshCommand.class */
public abstract class SshCommand extends AbstractJadaptiveCommand {

    @CommandLine.Option(names = {"-D", "--disable-agent"}, description = {"disable ssh-agent authentication"})
    boolean disableAgent;

    @CommandLine.Option(names = {"-I", "--ignore-identities"}, description = {"ignore default identities in .ssh folder"})
    boolean ignoreIdentities;

    @CommandLine.Option(names = {"-a", "--agent"}, paramLabel = "SOCKET", description = {"the path to the ssh-agent socket or named pipe"})
    String agentSocket;

    @CommandLine.Option(names = {"-i", "--identity"}, paramLabel = "FILE", description = {"the identity file you want to authenticate with"})
    File identityFile;

    @CommandLine.Option(names = {"-l", "--log"}, paramLabel = "LEVEL", description = {"Log to console (INFO,DEBUG)"})
    Optional<Log.Level> maverickConsoleLevel;

    @CommandLine.Option(names = {"-c", "--cipher"}, paramLabel = "CIPHER", description = {"Set the preferred cipher (C->S & S->C)"})
    Optional<String> cipher;

    @CommandLine.Option(names = {"-z", "--compression"}, paramLabel = "TYPE", description = {"Set the preferred compression (C->S & S->C)"})
    Optional<String> compression;

    @CommandLine.Option(names = {"-s", "--security-level"}, paramLabel = "LEVEL", description = {"Set the security level"})
    Optional<SecurityLevel> securityLevel;

    @CommandLine.Option(names = {"-k", "--kex"}, paramLabel = "KEX", description = {"Set the preferred key exchange"})
    Optional<String> kex;

    @CommandLine.Option(names = {"-m", "--mac"}, paramLabel = "MAC", description = {"Set the preferred MAC"})
    Optional<String> mac;

    @CommandLine.Option(names = {"-x", "--public-key-algo"}, paramLabel = "ALGO", description = {"Set the preferred public key algorithm"})
    Optional<String> publicKeyAlgortithm;
    long authenticationTimeout;
    private char[] cachedPassword;
    private char[] cachedPassphrase;
    protected SshClient ssh;

    static {
        JCEProvider.enableBouncyCastle(true);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SshCommand(Optional<Phase> optional) {
        super(optional);
        this.disableAgent = false;
        this.ignoreIdentities = false;
        this.authenticationTimeout = 120L;
    }

    @Override // com.sshtools.commands.AbstractJadaptiveCommand
    protected final Integer onCall() throws Exception {
        initCommand();
        int runCommand = runCommand();
        afterCommand();
        return Integer.valueOf(runCommand);
    }

    public void initCommand() throws Exception {
        if (this.ssh == null) {
            this.maverickConsoleLevel.ifPresent(level -> {
                Log.enableConsole(Log.Level.DEBUG);
            });
            beforeCommand();
            getTerminal().messageln("Connecting to {0}@{1}:{2,number,#}", new Object[]{getUsername(), getHost(), Integer.valueOf(getPort())});
            this.ssh = connect();
        }
    }

    protected abstract int runCommand();

    protected void beforeCommand() {
    }

    protected void afterCommand() throws IOException, SshException {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public abstract String getCommandName();

    public SshClient connect() throws IOException, SshException {
        return connect(false, this.disableAgent, this.ignoreIdentities, this.identityFile, true);
    }

    public SshClient connect(boolean z, boolean z2) throws IOException, SshException {
        return connect(z, this.disableAgent, this.ignoreIdentities, this.identityFile, z2);
    }

    /* JADX WARN: Finally extract failed */
    public SshClient connect(boolean z, boolean z2, boolean z3, File file, boolean z4) throws IOException, SshException {
        SshClientContext sshClientContext = new SshClientContext(this.securityLevel.orElse(SecurityLevel.STRONG));
        if (this.securityLevel.isPresent()) {
            if (!this.cipher.isEmpty()) {
                sshClientContext.setPreferredCipherCS(this.cipher.get());
                sshClientContext.setPreferredCipherSC(this.cipher.get());
            }
        } else if (this.cipher.isEmpty()) {
            sshClientContext.setPreferredCipherCS("aes256-ctr");
            sshClientContext.setPreferredCipherSC("aes256-ctr");
        } else {
            sshClientContext.setPreferredCipherCS(this.cipher.get());
            sshClientContext.setPreferredCipherSC(this.cipher.get());
        }
        sshClientContext.setPreferredCompressionCS(this.compression.orElse("none"));
        sshClientContext.setPreferredCompressionSC(this.compression.orElse("none"));
        if (this.kex.isPresent()) {
            sshClientContext.setPreferredKeyExchange(this.kex.get());
        }
        if (this.mac.isPresent()) {
            sshClientContext.setPreferredMacCS(this.mac.get());
            sshClientContext.setPreferredMacSC(this.mac.get());
        }
        if (this.publicKeyAlgortithm.isPresent()) {
            sshClientContext.setPreferredPublicKey(this.publicKeyAlgortithm.get());
        }
        SshClient sshClient = new SshClient(getHost(), Integer.valueOf(getPort()), getUsername(), sshClientContext);
        if (!z2) {
            try {
                boolean z5 = !Utils.isBlank(this.agentSocket);
                if (!z5) {
                    this.agentSocket = SshAgentClient.getEnvironmentSocket();
                }
                Throwable th = null;
                try {
                    try {
                        SshAgentClient connectOpenSSHAgent = SshAgentClient.connectOpenSSHAgent(getCommandName(), this.agentSocket);
                        try {
                            if (sshClient.authenticate(new ExternalKeyAuthenticator(connectOpenSSHAgent), TimeUnit.SECONDS.toMillis(this.authenticationTimeout)) && z4) {
                                getTerminal().messageln("Authenticated by sshagent", new Object[0]);
                            }
                            if (connectOpenSSHAgent != null) {
                                connectOpenSSHAgent.close();
                            }
                        } catch (Throwable th2) {
                            if (connectOpenSSHAgent != null) {
                                connectOpenSSHAgent.close();
                            }
                            throw th2;
                        }
                    } catch (AgentNotAvailableException | IOException e) {
                        if (z5 && z4) {
                            getTerminal().error(isVerboseExceptions(), "Failed to connect to ssh-agent", e, new Object[0]);
                        }
                    }
                } catch (Throwable th3) {
                    if (0 == 0) {
                        th = th3;
                    } else if (null != th3) {
                        th.addSuppressed(th3);
                    }
                    throw th;
                }
            } catch (AgentNotAvailableException e2) {
                if (z4) {
                    getTerminal().errorln("No agent is available", new Object[0]);
                }
            }
        }
        if (!z3 && !sshClient.isAuthenticated()) {
            StringBuffer stringBuffer = new StringBuffer();
            if (sshClient.authenticate(new IdentityFileAuthenticator(str -> {
                if (z4) {
                    getTerminal().messageln("Found acceptable key {0}", new Object[]{str});
                }
                if (this.cachedPassphrase != null) {
                    return new String(this.cachedPassphrase);
                }
                String readPassword = readPassword("Passphrase");
                stringBuffer.setLength(0);
                stringBuffer.append(readPassword);
                return readPassword;
            }), TimeUnit.SECONDS.toMillis(this.authenticationTimeout))) {
                this.cachedPassphrase = stringBuffer.toString().toCharArray();
            }
        }
        if (!sshClient.isAuthenticated() && Objects.nonNull(file)) {
            if (file.exists()) {
                String str2 = SshPrivateKeyFileFactory.parse(file).isPassphraseProtected() ? this.cachedPassphrase != null ? new String(this.cachedPassphrase) : readPassword("Passphrase") : null;
                if (sshClient.authenticate(new PrivateKeyFileAuthenticator(file, str2), TimeUnit.SECONDS.toMillis(this.authenticationTimeout))) {
                    if (str2 != null) {
                        this.cachedPassphrase = str2.toCharArray();
                    }
                } else if (z4) {
                    getTerminal().errorln("The identity file provided could not authenticate", new Object[0]);
                }
            } else if (z4) {
                getTerminal().errorln("The identity file provided does not exist", new Object[0]);
            }
        }
        if (!z && !sshClient.isAuthenticated()) {
            if (sshClient.getAuthenticationMethods().contains("password") || sshClient.getAuthenticationMethods().contains("keyboard-interactive")) {
                for (int i = 0; i < 3; i++) {
                    while (true) {
                        if (sshClient.isConnected() && !sshClient.isAuthenticated()) {
                            StringBuffer stringBuffer2 = new StringBuffer();
                            if (sshClient.authenticate(PasswordAuthenticator.of(() -> {
                                if (this.cachedPassword != null) {
                                    return new String(this.cachedPassword);
                                }
                                String readPassword = readPassword("Password");
                                stringBuffer2.setLength(0);
                                stringBuffer2.append(readPassword);
                                return readPassword;
                            }), TimeUnit.SECONDS.toMillis(this.authenticationTimeout))) {
                                if (this.cachedPassword == null) {
                                    this.cachedPassword = stringBuffer2.toString().toCharArray();
                                }
                            }
                        }
                    }
                }
            } else if (z4) {
                getTerminal().messageln("Password authentication is not supported", new Object[0]);
            }
        }
        if (!sshClient.isConnected()) {
            throw new IOException("The connection could not be established!");
        }
        if (!sshClient.isAuthenticated()) {
            throw new IOException("The connection could not be authenticated!");
        }
        onConnected(sshClient);
        return sshClient;
    }

    protected void onConnected(SshClient sshClient) {
    }

    protected String readPassword(String str) {
        return readPassword(str, true);
    }

    protected String readPassword(String str, boolean z) {
        if (z) {
            String property = System.getProperty("maverick.command.password");
            if (Utils.isNotBlank(property)) {
                return property;
            }
        }
        return new String(getTerminal().password(Prompter.PromptContextBuilder.builder().withUse(getUsername()).build(), str, new Object[0]));
    }

    public String getCachedPasswordOrPrompt(String str) {
        if (this.cachedPassword != null) {
            return new String(this.cachedPassword);
        }
        String readPassword = readPassword(str);
        this.cachedPassword = readPassword.toCharArray();
        return readPassword;
    }

    public abstract String getHost();

    public int getPort() {
        return 22;
    }

    public String getUsername() {
        return System.getProperty("user.name");
    }

    protected boolean isRoot() {
        return getUsername().equals("root");
    }
}
