package de.rcenvironment.core.embedded.ssh.internal;

import de.rcenvironment.core.authentication.AuthenticationException;
import de.rcenvironment.core.embedded.ssh.api.ScpContext;
import de.rcenvironment.core.embedded.ssh.api.ScpContextManager;
import de.rcenvironment.core.utils.common.StringUtils;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.file.FileSystem;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.sshd.common.file.FileSystemAware;
import org.apache.sshd.server.Environment;
import org.apache.sshd.server.ExitCallback;
import org.apache.sshd.server.SessionAware;
import org.apache.sshd.server.channel.ChannelSession;
import org.apache.sshd.server.command.Command;
import org.apache.sshd.server.scp.ScpCommand;
import org.apache.sshd.server.scp.ScpCommandFactory;
import org.apache.sshd.server.session.ServerSession;

/* loaded from: input_file:de/rcenvironment/core/embedded/ssh/internal/ScpCommandWrapper.class */
public class ScpCommandWrapper implements Command, FileSystemAware, SessionAware {
    private static final int NOT_FOUND_INDEX = -1;
    private static final String FORWARD_SLASH = "/";
    private static final String BACKSLASH = "\\";
    private static final Pattern SCP_COMMAND_PATTERN = Pattern.compile("(scp (?:-[rtdf]+ +)+)'?(/ra/[^\\s']+)'?\\s*");
    private String command;
    private InputStream in;
    private OutputStream err;
    private OutputStream out;
    private ExitCallback callback;
    private FileSystem fileSystem;
    private ScpContextManager scpContextManager;
    private ServerSession session;
    private final Log logger = LogFactory.getLog(getClass());
    private ScpCommandFactory scpCommandFactory = new ScpCommandFactory();

    public ScpCommandWrapper(String str, ScpContextManager scpContextManager) {
        this.command = str;
        this.scpContextManager = scpContextManager;
    }

    public void start(ChannelSession channelSession, Environment environment) throws IOException {
        String str = (String) environment.getEnv().get("USER");
        try {
            String scpPathOfCommand = getScpPathOfCommand();
            ScpContext matchingScpContext = this.scpContextManager.getMatchingScpContext(str, scpPathOfCommand);
            if (matchingScpContext == null) {
                throw new AuthenticationException(StringUtils.format("No permission to access SCP path \"%s\"", new Object[]{scpPathOfCommand}));
            }
            try {
                delegateToScp(channelSession, environment, matchingScpContext);
            } catch (IOException e) {
                this.logger.warn("Exception in SCP command wrapper", e);
                throw e;
            }
        } catch (AuthenticationException e2) {
            this.logger.warn("Denied SCP access for user " + str + ": " + e2.toString());
            this.out.write(2);
            this.out.write(("ERROR: " + e2.getMessage()).getBytes());
            this.out.write(10);
            this.out.flush();
            this.callback.onExit(0);
        }
    }

    public void destroy(ChannelSession channelSession) {
        try {
            if (this.out != null) {
                this.out.close();
            }
        } catch (IOException e) {
            this.logger.debug(e);
        }
    }

    private void delegateToScp(ChannelSession channelSession, Environment environment, ScpContext scpContext) throws IOException {
        ScpCommand createCommand = this.scpCommandFactory.createCommand(channelSession, rewriteCommand(this.command, scpContext));
        createCommand.setErrorStream(this.err);
        createCommand.setExitCallback(this.callback);
        createCommand.setInputStream(this.in);
        createCommand.setOutputStream(this.out);
        createCommand.setSession(this.session);
        createCommand.setFileSystem(this.fileSystem);
        createCommand.start(channelSession, environment);
    }

    private String rewriteCommand(String str, ScpContext scpContext) {
        Matcher matcher = SCP_COMMAND_PATTERN.matcher(str);
        if (!matcher.matches()) {
            throw new IllegalStateException("Unexpected/malformed command for Remote Access SCP (case 2): " + str);
        }
        String group = matcher.group(1);
        String group2 = matcher.group(2);
        if (!group2.startsWith(scpContext.getVirtualScpRootPath())) {
            throw new IllegalStateException("Virtual SCP path '" + group2 + "' does not start with expected root path '" + scpContext.getVirtualScpRootPath() + "'");
        }
        String substring = group2.substring(scpContext.getVirtualScpRootPath().length());
        if (substring.startsWith(FORWARD_SLASH) || substring.startsWith(BACKSLASH)) {
            substring = substring.substring(1);
        }
        String replace = new File(scpContext.getLocalRootPath(), substring).getAbsolutePath().replace(BACKSLASH, FORWARD_SLASH);
        if (!replace.startsWith(FORWARD_SLASH)) {
            replace = FORWARD_SLASH + replace;
        }
        if (group2.endsWith(FORWARD_SLASH) && !replace.endsWith(FORWARD_SLASH)) {
            replace = String.valueOf(replace) + FORWARD_SLASH;
        }
        this.logger.debug(StringUtils.format("Mapped logical SCP path to '%s'; original command: %s", new Object[]{replace, str}));
        new File(replace).getParentFile().mkdirs();
        return String.valueOf(group) + replace;
    }

    private String getScpPathOfCommand() throws AuthenticationException {
        Matcher matcher = SCP_COMMAND_PATTERN.matcher(this.command);
        if (!matcher.matches()) {
            throw new AuthenticationException("Unexpected/malformed command for Remote Access SCP (case 1): " + this.command);
        }
        String trim = matcher.group(2).trim();
        if (trim.contains("..") || trim.contains("..")) {
            throw new AuthenticationException("Parent folder traversal (\"..\") is disallowed");
        }
        this.logger.debug("Extracted SCP path " + trim + " from command " + this.command);
        return trim;
    }

    public void setInputStream(InputStream inputStream) {
        this.in = inputStream;
    }

    public void setOutputStream(OutputStream outputStream) {
        this.out = outputStream;
    }

    public void setErrorStream(OutputStream outputStream) {
        this.err = outputStream;
    }

    public void setExitCallback(ExitCallback exitCallback) {
        this.callback = exitCallback;
    }

    public void setFileSystem(FileSystem fileSystem) {
        this.fileSystem = fileSystem;
    }

    public void setSession(ServerSession serverSession) {
        this.session = serverSession;
    }
}
