package de.rcenvironment.core.embedded.ssh.internal;

import com.fasterxml.jackson.annotation.JsonIgnore;
import de.rcenvironment.core.embedded.ssh.api.SshAccount;
import java.io.ByteArrayInputStream;
import java.io.DataInput;
import java.io.DataInputStream;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Security;
import java.security.spec.InvalidKeySpecException;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.bouncycastle.jcajce.spec.OpenSSHPublicKeySpec;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:de/rcenvironment/core/embedded/ssh/internal/SshAccountImpl.class */
public class SshAccountImpl implements SshAccount {
    private static final String BC_PROVIDER_ID = "BC";
    private String loginName;
    private String password;
    private String passwordHash;
    private String publicKey;

    @JsonIgnore
    private PublicKey publicKeyObj;
    private String role;
    private boolean enabled;

    public SshAccountImpl() {
        this.role = "";
        this.enabled = true;
    }

    public SshAccountImpl(String str, String str2, String str3, String str4, String str5) {
        this.role = "";
        this.enabled = true;
        this.loginName = str;
        this.password = str2;
        this.passwordHash = str3;
        this.publicKey = str4;
        this.role = str5;
        parsePublicKey();
    }

    public boolean validate(List<SshAccountRole> list, Log log) {
        boolean z = true;
        boolean z2 = true;
        if (this.loginName == null || this.loginName.isEmpty()) {
            log.warn("Found a user without username");
            z = false;
        }
        if (z && this.password != null) {
            log.warn("SSH user \"" + this.loginName + "\" has an insecure clear-text password. Refer to the RCE User Guide on how to change it to a secure format.");
        }
        if ((this.password == null || this.password.isEmpty()) && ((this.passwordHash == null || this.passwordHash.isEmpty()) && (this.publicKey == null || this.publicKey.isEmpty()))) {
            log.warn("User \"" + this.loginName + "\" does not have a password, password hash, or public key");
            z = false;
        }
        if (this.password != null && this.passwordHash != null) {
            log.warn("User \"" + this.loginName + "\" has both a clear-text and a hashed password at the same time");
            z = false;
        }
        if (this.publicKey != null && !this.publicKey.isEmpty() && this.publicKeyObj == null) {
            log.warn("SSH User \"" + this.loginName + "\" has an invalid public key (only RSA keys are valid)");
            z = false;
        }
        if (this.role == null) {
            log.warn("Changed role for user \"" + this.loginName + "\" from null to empty string");
            this.role = "";
        }
        Iterator<SshAccountRole> it = list.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (this.role.equals(it.next().getRoleName())) {
                z2 = false;
                break;
            }
        }
        if (z2) {
            log.warn("Non-existing role \"" + this.role + "\" configured for user \"" + this.loginName + "\". Default permissions (\"help\", \"exit\", \"version\") will be used.");
        }
        return z;
    }

    @Override // de.rcenvironment.core.embedded.ssh.api.SshAccount
    public String getLoginName() {
        return this.loginName;
    }

    public void setLoginName(String str) {
        this.loginName = str;
    }

    @Override // de.rcenvironment.core.embedded.ssh.api.SshAccount
    public String getPassword() {
        return this.password;
    }

    @Override // de.rcenvironment.core.embedded.ssh.api.SshAccount
    public String getPasswordHash() {
        return this.passwordHash;
    }

    public void setPassword(String str) {
        this.password = str;
    }

    @Override // de.rcenvironment.core.embedded.ssh.api.SshAccount
    public String getPublicKey() {
        return this.publicKey;
    }

    public void setPublicKey(String str) {
        this.publicKey = str;
        parsePublicKey();
    }

    @Override // de.rcenvironment.core.embedded.ssh.api.SshAccount
    @JsonIgnore
    public PublicKey getPublicKeyObj() {
        return this.publicKeyObj;
    }

    @Override // de.rcenvironment.core.embedded.ssh.api.SshAccount
    public String getRole() {
        return this.role;
    }

    public void setRole(String str) {
        this.role = str;
    }

    @Override // de.rcenvironment.core.embedded.ssh.api.SshAccount
    public boolean isEnabled() {
        return this.enabled;
    }

    public void setEnabled(boolean z) {
        this.enabled = z;
    }

    private void parsePublicKey() {
        Log log = LogFactory.getLog(getClass());
        if (this.publicKey == null || this.publicKey.isEmpty()) {
            return;
        }
        try {
            byte[] decodeBase64 = Base64.decodeBase64(this.publicKey.split(" ")[1]);
            String str = new String(readElement(new DataInputStream(new ByteArrayInputStream(decodeBase64))));
            if (Security.getProvider(BC_PROVIDER_ID) == null) {
                Security.addProvider(new BouncyCastleProvider());
                log.debug("Installed BouncyCastle provider");
            }
            if (!str.equals("ssh-rsa")) {
                this.publicKeyObj = null;
            } else {
                this.publicKeyObj = KeyFactory.getInstance("RSA", BC_PROVIDER_ID).generatePublic(new OpenSSHPublicKeySpec(decodeBase64));
            }
        } catch (IOException | ArrayIndexOutOfBoundsException | NoSuchAlgorithmException | InvalidKeySpecException unused) {
            this.publicKeyObj = null;
        } catch (NoSuchProviderException e) {
            log.error("Could not retrieve Bouncy Castle provider for key factory", e);
        }
    }

    private static byte[] readElement(DataInput dataInput) throws IOException {
        byte[] bArr = new byte[dataInput.readInt()];
        dataInput.readFully(bArr);
        return bArr;
    }
}
