package de.rcenvironment.core.embedded.ssh.internal;

import de.rcenvironment.core.configuration.ConfigurationException;
import de.rcenvironment.core.configuration.ConfigurationSegment;
import de.rcenvironment.core.configuration.ConfigurationService;
import de.rcenvironment.core.configuration.WritableConfigurationSegment;
import de.rcenvironment.core.embedded.ssh.api.SshAccount;
import de.rcenvironment.core.embedded.ssh.api.SshAccountConfigurationService;
import de.rcenvironment.core.utils.common.StringUtils;
import java.io.IOException;
import java.util.SortedMap;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.mindrot.jbcrypt.BCrypt;

/* loaded from: input_file:de/rcenvironment/core/embedded/ssh/internal/SshAccountConfigurationServiceImpl.class */
public class SshAccountConfigurationServiceImpl implements SshAccountConfigurationService {
    private static final String CONFIGURATION_PATH_SEPARATOR = "/";
    private static final String MAIN_SSH_CONFIGURATION_PATH = "sshServer";
    private static final String SSH_ACCOUNTS_SUB_CONFIGURATION_PATH = "accounts";
    private static final String ACCOUNT_ROLES_RA_SUB_CONFIGURATION_PATH = "roles/remote access";
    private static final String FIELD_NAME_PASSWORD = "password";
    private static final String FIELD_NAME_ENABLED = "enabled";
    private static final String FIELD_NAME_PW_HASH = "passwordHash";
    private static final String FIELD_NAME_ROLE = "role";
    private static final String DEFAULT_RA_ROLE_COMMAND_PATTERN = "ra .+";
    private static final String EXPECTED_RA_ROLE_ALLOWED_COMMAND_PATTERN_REGEXP = "help|exit|(ra .+)";
    private static final String VALID_ACCOUNT_NAME_REGEXP = "^[a-zA-Z][a-zA-Z0-9_\\-]*$";
    private static final String VALID_ACCOUNT_NAME_VIOLATION_MESSAGE = "The login name must begin with a letter, followed by letters, digits, or the characters \"_\" and \"-\".";
    private static final int MAX_LOGIN_NAME_LENGTH = 20;
    private static final String LOGIN_NAME_TOO_LONG_MESSAGE = "The login name must not be longer than 20 characters";
    private ConfigurationService configurationService;
    private SshConfiguration sshConfiguration;
    private SshAuthenticationManager sshAuthenticationManager;
    private final Log log = LogFactory.getLog(getClass());

    @Override // de.rcenvironment.core.embedded.ssh.api.SshAccountConfigurationService
    public String verifyExpectedStateForConfigurationEditing() {
        if (!this.configurationService.isUsingIntendedProfileDirectory()) {
            return "This configuration mode does not seem to run in the intended profile directory  - is the profile being used by another RCE instance?\n\nIntended profile location: " + this.configurationService.getOriginalProfileDirectory().getAbsolutePath();
        }
        if (this.configurationService.isUsingDefaultConfigurationValues()) {
            return "The current configuration file is either invalid, or there was an error creating it. Please check the file for errors. If the file does not exist, make sure you have write access to the containing directory.\n\nIntended configuration file location: " + this.configurationService.getProfileConfigurationFile().getAbsolutePath();
        }
        ConfigurationSegment loadSshConfigurationSegment = loadSshConfigurationSegment();
        try {
            readAsParsedConfigurationData(loadSshConfigurationSegment);
            return !loadSshConfigurationSegment.isPresentInCurrentConfiguration() ? null : null;
        } catch (ConfigurationException e) {
            return "Error reading SSH account data: " + e.getMessage();
        }
    }

    @Override // de.rcenvironment.core.embedded.ssh.api.SshAccountConfigurationService
    public SortedMap<String, SshAccount> getStaticAccountsByLoginName() throws ConfigurationException {
        return this.sshAuthenticationManager.getStaticAccountsByLoginName();
    }

    @Override // de.rcenvironment.core.embedded.ssh.api.SshAccountConfigurationService
    public SshAccount getAccount(String str) {
        return this.sshAuthenticationManager.getAccountByLoginName(str, true);
    }

    @Override // de.rcenvironment.core.embedded.ssh.api.SshAccountConfigurationService
    public void createAccount(String str, String str2) throws ConfigurationException {
        if (StringUtils.isNullorEmpty(str)) {
            throw new ConfigurationException("The login name must not be empty!");
        }
        if (getAccount(str) != null) {
            throw new ConfigurationException("An account with this login name already exists.");
        }
        validateLoginName(str);
        if (StringUtils.isNullorEmpty(str2)) {
            throw new ConfigurationException("The password must not be empty!");
        }
        String generatePasswordHash = generatePasswordHash(str2);
        try {
            WritableConfigurationSegment createElement = getWritableConfigurationSegmentForAccountsList().createElement(str);
            createElement.setString(FIELD_NAME_PW_HASH, generatePasswordHash);
            createElement.setString(FIELD_NAME_ROLE, SshConstants.ROLE_NAME_REMOTE_ACCESS_USER);
            createElement.setBoolean(FIELD_NAME_ENABLED, true);
            writeConfigurationChanges();
            this.log.debug(StringUtils.format("Created SSH account '%s' (using password hash authentication)", new Object[]{str}));
        } catch (ConfigurationException e) {
            this.log.error("Failed to add SSH account", e);
            throw new ConfigurationException("Failed to add the new account; most likely, there is already an account with that login name");
        }
    }

    @Override // de.rcenvironment.core.embedded.ssh.api.SshAccountConfigurationService
    public void updatePasswordHash(String str, String str2) throws ConfigurationException {
        WritableConfigurationSegment writableSegmentForAccount = getWritableSegmentForAccount(str);
        writableSegmentForAccount.setString(FIELD_NAME_PW_HASH, generatePasswordHash(str2));
        if (writableSegmentForAccount.getString(FIELD_NAME_PASSWORD) != null) {
            writableSegmentForAccount.setString(FIELD_NAME_PASSWORD, (String) null);
        }
        writeConfigurationChanges();
        this.log.debug(StringUtils.format("Updated password hash for SSH account '%s'", new Object[]{str}));
    }

    @Override // de.rcenvironment.core.embedded.ssh.api.SshAccountConfigurationService
    public void updateRole(String str, String str2) throws ConfigurationException {
        getWritableSegmentForAccount(str).setString(FIELD_NAME_ROLE, str2);
        writeConfigurationChanges();
        this.log.debug(StringUtils.format("Set role for SSH account '%s' to '%s'", new Object[]{str, str2}));
    }

    @Override // de.rcenvironment.core.embedded.ssh.api.SshAccountConfigurationService
    public void setAccountEnabled(String str, boolean z) throws ConfigurationException {
        getWritableSegmentForAccount(str).setBoolean(FIELD_NAME_ENABLED, z);
        writeConfigurationChanges();
        this.log.debug(StringUtils.format("Set SSH account '%s' to enabled=%s", new Object[]{str, Boolean.valueOf(z)}));
    }

    @Override // de.rcenvironment.core.embedded.ssh.api.SshAccountConfigurationService
    public void deleteAccount(String str) throws ConfigurationException {
        if (!getWritableConfigurationSegmentForAccountsList().deleteElement(str)) {
            throw new ConfigurationException("Internal consistency error: Requested account deletion, but no matching configuration node was found");
        }
        writeConfigurationChanges();
        this.log.debug(StringUtils.format("SSH account '%s' deleted", new Object[]{str}));
    }

    @Override // de.rcenvironment.core.embedded.ssh.api.SshAccountConfigurationService
    public String generatePasswordHash(String str) {
        return BCrypt.hashpw(str, BCrypt.gensalt(10));
    }

    protected void bindConfigurationService(ConfigurationService configurationService) {
        this.configurationService = configurationService;
    }

    protected ConfigurationSegment loadSshConfigurationSegment() {
        return this.configurationService.getConfigurationSegment(MAIN_SSH_CONFIGURATION_PATH);
    }

    private void readAsParsedConfigurationData(ConfigurationSegment configurationSegment) throws ConfigurationException {
        try {
            this.sshConfiguration = new SshConfiguration(configurationSegment);
            this.sshAuthenticationManager = new SshAuthenticationManager(this.sshConfiguration, null, 0);
        } catch (ConfigurationException | IOException e) {
            throw new ConfigurationException("Error reading SSH configuration data: " + e.getMessage());
        }
    }

    private void reloadConfiguration() throws ConfigurationException {
        readAsParsedConfigurationData(loadSshConfigurationSegment());
    }

    private WritableConfigurationSegment getWritableConfigurationSegmentAndWrapErrors(String str) throws ConfigurationException {
        try {
            return this.configurationService.getOrCreateWritableConfigurationSegment(str);
        } catch (ConfigurationException e) {
            throw new ConfigurationException("Failed to access configuration data: " + e.getMessage());
        }
    }

    private WritableConfigurationSegment getWritableConfigurationSegmentForAccountsList() throws ConfigurationException {
        return getWritableConfigurationSegmentAndWrapErrors("sshServer/accounts");
    }

    private WritableConfigurationSegment getWritableSegmentForAccount(String str) throws ConfigurationException {
        return getWritableConfigurationSegmentAndWrapErrors("sshServer/accounts/" + str);
    }

    private void writeConfigurationChanges() throws ConfigurationException {
        try {
            try {
                this.configurationService.writeConfigurationChanges();
            } catch (IOException e) {
                throw new ConfigurationException("There was an error writing the configuration changes to the profile folder: " + e.getMessage());
            }
        } finally {
            reloadConfiguration();
        }
    }

    private void validateLoginName(String str) throws ConfigurationException {
        if (!str.matches(VALID_ACCOUNT_NAME_REGEXP)) {
            throw new ConfigurationException(VALID_ACCOUNT_NAME_VIOLATION_MESSAGE);
        }
        if (str.length() > 20) {
            throw new ConfigurationException(LOGIN_NAME_TOO_LONG_MESSAGE);
        }
    }
}
