package com.dynfi.services.remoteAgent;

import com.dynfi.services.DeviceLatestService;
import com.dynfi.services.TunnelPorts;
import com.dynfi.storage.entities.Device;
import com.google.common.util.concurrent.AbstractExecutionThreadService;
import dev.morphia.Datastore;
import java.security.PublicKey;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.TreeSet;
import java.util.UUID;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;
import org.apache.sshd.common.keyprovider.KeyPairProvider;
import org.apache.sshd.common.keyprovider.MappedKeyPairProvider;
import org.apache.sshd.common.session.Session;
import org.apache.sshd.common.session.helpers.AbstractSession;
import org.apache.sshd.common.util.net.SshdSocketAddress;
import org.apache.sshd.server.SshServer;
import org.apache.sshd.server.auth.pubkey.PublickeyAuthenticator;
import org.apache.sshd.server.auth.pubkey.UserAuthPublicKeyFactory;
import org.apache.sshd.server.command.CommandFactory;
import org.apache.sshd.server.forward.ForwardingFilter;
import org.apache.sshd.server.forward.TcpForwardingFilter;
import org.apache.sshd.server.session.ServerSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
/* loaded from: input_file:com/dynfi/services/remoteAgent/ConnectionAgentServiceImpl.class */
public class ConnectionAgentServiceImpl extends AbstractExecutionThreadService implements ConnectionAgentService {
    public static final String CLIENT_PUBLICKEY = "CLIENT-PUBLICKEY";
    private static final String MAIN_TUNNEL_PORT = "MAIN-TUNNEL-PORT";
    private static final String DV_TUNNEL_PORT = "DV-TUNNEL-PORT";
    private static final String DEVICE_ID = "DEVICE-ID";
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) ConnectionAgentServiceImpl.class);
    private static final Set<String> ALLOWED_USERNAMES = new TreeSet(Arrays.asList("robot", "register", "attach"));
    private final CommandFactory commandFactory;
    private final ConnectionAgentReservedPortsService reservedPortsService;
    private final DeviceLatestService deviceLatestService;
    private final KeyService keyService;
    private final int port;
    private final Datastore datastore;
    private SshServer sshd;

    @Inject
    public ConnectionAgentServiceImpl(Datastore datastore, CommandFactory commandFactory, ConnectionAgentReservedPortsService connectionAgentReservedPortsService, DeviceLatestService deviceLatestService, KeyService keyService, @Named("connectionAgentPort") int i) {
        this.datastore = datastore;
        this.commandFactory = commandFactory;
        this.reservedPortsService = connectionAgentReservedPortsService;
        this.deviceLatestService = deviceLatestService;
        this.keyService = keyService;
        this.port = i;
    }

    private synchronized void startSshd() {
        if (this.port <= 0) {
            logger.debug("Not starting Connection Agent Service, because disabled.");
            return;
        }
        if (this.sshd == null) {
            try {
                this.sshd = SshServer.setUpDefaultServer();
                this.sshd.setPort(this.port);
                this.sshd.setPublickeyAuthenticator(getPublicKeyAuthenticator());
                this.sshd.setKeyPairProvider(getKeyPairProvider());
                this.sshd.setForwardingFilter(getForwardingFilter());
                this.sshd.setCommandFactory(this.commandFactory);
                this.sshd.setUserAuthFactories(Collections.singletonList(UserAuthPublicKeyFactory.INSTANCE));
                this.sshd.start();
                logger.info("Started ConnectionAgent service.");
            } catch (Exception e) {
                logger.error("Cannot start ConnectionAgent service!");
                logger.debug("Problem starting internal SSHD.", (Throwable) e);
            }
        }
    }

    private KeyPairProvider getKeyPairProvider() {
        return new MappedKeyPairProvider(this.keyService.getServerKeyPair());
    }

    private ForwardingFilter getForwardingFilter() {
        return new ForwardingFilter() { // from class: com.dynfi.services.remoteAgent.ConnectionAgentServiceImpl.1
            @Override // org.apache.sshd.server.forward.AgentForwardingFilter
            public boolean canForwardAgent(Session session, String str) {
                return false;
            }

            @Override // org.apache.sshd.server.forward.TcpForwardingFilter
            public boolean canListen(SshdSocketAddress sshdSocketAddress, Session session) {
                return sshdSocketAddress.getPort() == session.getIntProperty(ConnectionAgentServiceImpl.MAIN_TUNNEL_PORT, -1) || sshdSocketAddress.getPort() == session.getIntProperty(ConnectionAgentServiceImpl.DV_TUNNEL_PORT, -1);
            }

            @Override // org.apache.sshd.server.forward.TcpForwardingFilter
            public boolean canConnect(TcpForwardingFilter.Type type, SshdSocketAddress sshdSocketAddress, Session session) {
                return false;
            }

            @Override // org.apache.sshd.server.forward.X11ForwardingFilter
            public boolean canForwardX11(Session session, String str) {
                return false;
            }
        };
    }

    private PublickeyAuthenticator getPublicKeyAuthenticator() {
        return (str, publicKey, serverSession) -> {
            if (!ALLOWED_USERNAMES.contains(str)) {
                return false;
            }
            Device deviceByKey = ConnectionAgentService.getDeviceByKey(publicKey, this.datastore);
            cleanAntilockoutIfNeeded(deviceByKey);
            putAllowedPortNumbersInSessionIfAuthorizedOrReserved(publicKey, serverSession, deviceByKey);
            if (!"register".equals(str) && !"attach".equals(str)) {
                return true;
            }
            serverSession.getProperties().put(CLIENT_PUBLICKEY, publicKey);
            return true;
        };
    }

    private void cleanAntilockoutIfNeeded(Device device) {
        if (device != null) {
            this.deviceLatestService.deleteAntiLockout(device.getId());
        }
    }

    private void putAllowedPortNumbersInSessionIfAuthorizedOrReserved(PublicKey publicKey, ServerSession serverSession, Device device) {
        TunnelPorts orElse;
        if (device != null) {
            orElse = new TunnelPorts(device.getRemoteConfig().getMainTunnelPort(), device.getRemoteConfig().getDvTunnelPort());
            serverSession.getProperties().put(DEVICE_ID, device.getId());
        } else {
            orElse = this.reservedPortsService.tunnelPortsAllowedForPublicKey(publicKey).orElse(null);
        }
        if (orElse != null) {
            serverSession.getProperties().put(MAIN_TUNNEL_PORT, Integer.valueOf(orElse.getMain()));
            serverSession.getProperties().put(DV_TUNNEL_PORT, Integer.valueOf(orElse.getDv()));
        }
    }

    @Override // com.dynfi.services.remoteAgent.ConnectionAgentService
    public boolean isStarted() {
        return this.sshd != null && this.sshd.isStarted();
    }

    @Override // com.dynfi.services.remoteAgent.ConnectionAgentService
    public String getServerPublicKeyString() {
        return this.keyService.getServerPublicKeyString();
    }

    @Override // com.dynfi.services.remoteAgent.ConnectionAgentService
    public int getServerPort() {
        return this.port;
    }

    @Override // com.dynfi.services.remoteAgent.ConnectionAgentService
    public void killSessionsWithTunnelPorts(Set<Integer> set) {
        if (this.sshd != null) {
            for (AbstractSession abstractSession : this.sshd.getActiveSessions()) {
                if (set.contains(Integer.valueOf(abstractSession.getIntProperty(MAIN_TUNNEL_PORT, -1))) || set.contains(Integer.valueOf(abstractSession.getIntProperty(DV_TUNNEL_PORT, -1)))) {
                    abstractSession.close(true);
                    return;
                }
            }
        }
    }

    @Override // com.dynfi.services.remoteAgent.ConnectionAgentService
    public void killSessionForDevice(UUID uuid) {
        if (this.sshd != null) {
            for (AbstractSession abstractSession : this.sshd.getActiveSessions()) {
                if (uuid.equals(abstractSession.getProperties().get(DEVICE_ID))) {
                    logger.info("Forcing termination of connection agent session for device [{}].", uuid);
                    abstractSession.close(true);
                    return;
                }
            }
        }
    }

    @Override // com.dynfi.services.remoteAgent.ConnectionAgentService
    public Set<UUID> getDevicesWithActiveSessions() {
        HashSet hashSet = new HashSet();
        Iterator<AbstractSession> it = this.sshd.getActiveSessions().iterator();
        while (it.hasNext()) {
            Object obj = it.next().getProperties().get(DEVICE_ID);
            if (obj != null) {
                hashSet.add((UUID) obj);
            }
        }
        return hashSet;
    }

    @Override // com.google.common.util.concurrent.AbstractExecutionThreadService
    protected void run() {
        startSshd();
    }
}
