package de.rcenvironment.core.embedded.ssh.internal;

import de.rcenvironment.core.command.api.CommandExecutionService;
import de.rcenvironment.core.communication.uplink.relay.api.ServerSideUplinkSessionService;
import de.rcenvironment.core.configuration.CommandLineArguments;
import de.rcenvironment.core.configuration.ConfigurationException;
import de.rcenvironment.core.configuration.ConfigurationSegment;
import de.rcenvironment.core.configuration.ConfigurationService;
import de.rcenvironment.core.embedded.ssh.api.EmbeddedSshServerControl;
import de.rcenvironment.core.embedded.ssh.api.ScpContextManager;
import de.rcenvironment.core.embedded.ssh.internal.IncomingSessionTracker;
import de.rcenvironment.core.eventlog.api.EventLog;
import de.rcenvironment.core.eventlog.api.EventType;
import de.rcenvironment.core.toolkitbridge.transitional.ConcurrencyUtils;
import de.rcenvironment.core.utils.common.StringUtils;
import de.rcenvironment.core.utils.common.exception.OperationFailureException;
import de.rcenvironment.toolkit.modules.concurrency.api.AsyncTaskService;
import java.io.File;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.attribute.FileTime;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.sshd.common.PropertyResolverUtils;
import org.apache.sshd.common.channel.Channel;
import org.apache.sshd.common.channel.ChannelListener;
import org.apache.sshd.common.session.Session;
import org.apache.sshd.common.session.SessionListener;
import org.apache.sshd.common.util.security.SecurityUtils;
import org.apache.sshd.core.CoreModuleProperties;
import org.apache.sshd.server.SshServer;
import org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Reference;

@Component(immediate = true)
/* loaded from: input_file:de/rcenvironment/core/embedded/ssh/internal/EmbeddedSshServerImpl.class */
public class EmbeddedSshServerImpl implements EmbeddedSshServerControl {
    private static final int INCREASE_BY_ONE = 1;
    private static final int DECREASE_BY_ONE = -1;
    private static final int DYNAMIC_ACCOUNT_FILE_MODIFICATION_CHECK_INTERVAL_MSEC = 10000;
    private static final int AUTH_TIMEOUT_SECONDS = 30;
    private static final String HOST_KEY_STORAGE_FILE_NAME = "ssh_host_key.dat";
    private static final String EVENT_LOG_KEY_CONNECTION_TYPE = "type";
    private static final String EVENT_LOG_VALUE_CONNECTION_TYPE = "ssh/uplink";
    private static final int NUM_ALLOWED_AUTH_ATTEMPTS = 3;
    private ConfigurationService configurationService;
    private CommandExecutionService commandExecutionService;
    private SshConfiguration sshConfiguration;
    private File hostKeyStorageDirectory;
    private ScpContextManager scpContextManager;
    private ServerSideUplinkSessionService uplinkSessionService;
    private SshServer sshd;
    private boolean sshServerEnabled = false;
    private boolean sshServerRunning = false;
    private final Map<String, String> announcedVersionEntries = new HashMap();
    private final IncomingSessionTracker<Session> sessionTracker = new IncomingSessionTracker<>(EVENT_LOG_VALUE_CONNECTION_TYPE);
    private final Log logger = LogFactory.getLog(getClass());
    private Path dynamicAccountsFilePath;
    private AsyncTaskService asyncTaskService;
    private FileTime dynamicAccountsFileLastModified;

    @Activate
    public void activate() {
        this.asyncTaskService = ConcurrencyUtils.getAsyncTaskService();
        if (CommandLineArguments.isConfigurationShellRequested()) {
            return;
        }
        try {
            this.sshConfiguration = new SshConfiguration(this.configurationService.getConfigurationSegment("sshServer"));
        } catch (ConfigurationException | IOException e) {
            this.sshConfiguration = new SshConfiguration();
            this.logger.error(e.getMessage());
        }
        this.hostKeyStorageDirectory = this.configurationService.getConfigurablePath(ConfigurationService.ConfigurablePathId.PROFILE_INTERNAL_DATA);
        this.dynamicAccountsFilePath = this.configurationService.getConfigurablePath(ConfigurationService.ConfigurablePathId.PROFILE_CONFIGURATION_DATA).toPath().resolve("accounts.json");
        this.asyncTaskService.execute("Embedded SSH server startup", this::performStartup);
    }

    public void applyMockConfigurationAndStart(SshConfiguration sshConfiguration, Path path, File file, ServerSideUplinkSessionService serverSideUplinkSessionService) {
        this.sshConfiguration = sshConfiguration;
        this.dynamicAccountsFilePath = path;
        this.hostKeyStorageDirectory = file;
        this.uplinkSessionService = serverSideUplinkSessionService;
        performStartup();
    }

    public boolean isRunning() {
        return this.sshServerRunning;
    }

    @Deactivate
    public void deactivate() {
        performShutdown();
    }

    @Override // de.rcenvironment.core.embedded.ssh.api.EmbeddedSshServerControl
    public synchronized void setAnnouncedVersionOrProperty(String str, String str2) {
        this.announcedVersionEntries.put(str, str2);
        if (this.sshServerEnabled) {
            updateServerBannerWithAnnouncementData(this.sshd);
        }
    }

    private synchronized void performStartup() {
        this.sshServerEnabled = getActivationSettingFromConfig(this.sshConfiguration);
        if (!this.sshServerEnabled) {
            this.logger.debug("Not running an SSH server as there is either no SSH configuration at all, or the \"enabled\" property is not \"true\", or the configuration data (including account settings) has errors");
            return;
        }
        if (SecurityUtils.isBouncyCastleRegistered()) {
            this.logger.debug("Apache SSHD uses Bouncy Castle cryptographie implementations.");
        } else {
            this.logger.error("Apache SSHD does not use Bouncy Castle cryptographie implementations, check build setup.");
        }
        this.sshd = createSSHServerAndApplySettings();
        SshAuthenticationManager sshAuthenticationManager = new SshAuthenticationManager(this.sshConfiguration, this.sessionTracker, NUM_ALLOWED_AUTH_ATTEMPTS);
        if (this.dynamicAccountsFilePath == null || !Files.exists(this.dynamicAccountsFilePath, new LinkOption[0])) {
            this.logger.debug("No custom account file found, using data from main configuration file");
        } else {
            try {
                this.dynamicAccountsFileLastModified = Files.getLastModifiedTime(this.dynamicAccountsFilePath, new LinkOption[0]);
                applyDynamicSshAccounts(attemptToLoadDynamicAccountData());
            } catch (IOException e) {
                this.logger.error("Error loading account file " + this.dynamicAccountsFilePath + ": " + e.toString());
            }
            initiateMonitoringOfDynamicAccountsFile(this.dynamicAccountsFileLastModified);
        }
        writeStatusToEventLog(EventType.ACCOUNTS_INITIALIZED);
        this.sshd.setPasswordAuthenticator(sshAuthenticationManager);
        this.sshd.setPublickeyAuthenticator(sshAuthenticationManager);
        this.sshd.setShellFactory(new CustomSshCommandFactory(sshAuthenticationManager, this.scpContextManager, this.commandExecutionService, this.uplinkSessionService, this.sshConfiguration));
        this.sshd.setCommandFactory(new CustomSshCommandFactory(sshAuthenticationManager, this.scpContextManager, this.commandExecutionService, this.uplinkSessionService, this.sshConfiguration));
        registerConnectionLifecycleListeners(this.sshd);
        try {
            this.sshd.start();
            logServerStartedEvent();
            this.sshServerRunning = true;
        } catch (IOException e2) {
            this.logger.error(StringUtils.format("Failed to start embedded SSH server on port %s (attempted to bind to IP address %s): %s", new Object[]{Integer.valueOf(this.sshConfiguration.getPort()), this.sshConfiguration.getHost(), e2.toString()}));
        }
    }

    private void initiateMonitoringOfDynamicAccountsFile(FileTime fileTime) {
        this.asyncTaskService.scheduleAtFixedInterval("Check dynamic accounts file for modification", this::reloadDynamicAccountsFileIfModified, 10000L);
    }

    private synchronized void reloadDynamicAccountsFileIfModified() {
        try {
            FileTime lastModifiedTime = Files.getLastModifiedTime(this.dynamicAccountsFilePath, new LinkOption[0]);
            if (lastModifiedTime.equals(this.dynamicAccountsFileLastModified)) {
                return;
            }
            Map<String, ConfigurationSegment> attemptToLoadDynamicAccountData = attemptToLoadDynamicAccountData();
            if (checkForPotentialConcurrentModification(lastModifiedTime)) {
                return;
            }
            this.logger.debug("Detected modification of " + this.dynamicAccountsFilePath + ", reloading SSH account data");
            applyDynamicSshAccounts(attemptToLoadDynamicAccountData);
            writeStatusToEventLog(EventType.ACCOUNTS_UPDATED);
            this.dynamicAccountsFileLastModified = lastModifiedTime;
        } catch (IOException e) {
            this.logger.error("Error checking or reloading account file " + this.dynamicAccountsFilePath + ": " + e.toString());
        }
    }

    private boolean checkForPotentialConcurrentModification(FileTime fileTime) throws IOException {
        try {
            Thread.sleep(500L);
            if (fileTime.equals(Files.getLastModifiedTime(this.dynamicAccountsFilePath, new LinkOption[0]))) {
                return false;
            }
            this.logger.debug("It seems as if " + this.dynamicAccountsFilePath + " has been modified while it was being reloaded; postponing the reload");
            return true;
        } catch (InterruptedException unused) {
            this.logger.error("Interrupted; most likely, the application is shutting down");
            return true;
        }
    }

    private void applyDynamicSshAccounts(Map<String, ConfigurationSegment> map) {
        if (map.isEmpty()) {
            this.logger.debug("Read account configuration file " + this.dynamicAccountsFilePath + ", but it contained no SSH accounts; using SSH accounts from the main configuration file (if any)");
        } else {
            this.logger.debug("Read " + map.size() + " SSH account(s) from " + this.dynamicAccountsFilePath);
        }
        this.sshConfiguration.applyDynamicSshAccountData(map);
    }

    private Map<String, ConfigurationSegment> attemptToLoadDynamicAccountData() throws IOException {
        return this.configurationService.loadCustomConfigurationFile(this.dynamicAccountsFilePath).listElements("ssh");
    }

    private SshServer createSSHServerAndApplySettings() {
        SshServer upDefaultServer = SshServer.setUpDefaultServer();
        updateServerBannerWithAnnouncementData(upDefaultServer);
        Path path = new File(this.hostKeyStorageDirectory, HOST_KEY_STORAGE_FILE_NAME).getAbsoluteFile().toPath();
        this.logger.debug("Using SSH server key storage " + path);
        upDefaultServer.setKeyPairProvider(new SimpleGeneratorHostKeyProvider(path));
        upDefaultServer.setHost(this.sshConfiguration.getHost());
        upDefaultServer.setPort(this.sshConfiguration.getPort());
        this.logger.debug("Configuring SSH session idle timeout of " + this.sshConfiguration.getIdleTimeoutSeconds() + " seconds");
        PropertyResolverUtils.updateProperty(upDefaultServer, CoreModuleProperties.IDLE_TIMEOUT.getName(), TimeUnit.SECONDS.toMillis(this.sshConfiguration.getIdleTimeoutSeconds().intValue()));
        PropertyResolverUtils.updateProperty(upDefaultServer, CoreModuleProperties.AUTH_TIMEOUT.getName(), TimeUnit.SECONDS.toMillis(30L));
        return upDefaultServer;
    }

    private synchronized void performShutdown() {
        this.sshServerEnabled = false;
        this.sshServerRunning = false;
        if (this.sshd != null) {
            try {
                this.sshd.stop(true);
                logServerShutDownEvent();
            } catch (IOException e) {
                this.logger.error("Exception during shutdown of embedded SSH server", e);
            }
        }
        this.sessionTracker.logLeftoverSessions();
    }

    private void updateServerBannerWithAnnouncementData(SshServer sshServer) {
        StringBuilder sb = new StringBuilder();
        sb.append("RCE");
        for (Map.Entry<String, String> entry : this.announcedVersionEntries.entrySet()) {
            sb.append(" ");
            sb.append(entry.getKey());
            sb.append("/");
            sb.append(entry.getValue());
        }
        PropertyResolverUtils.updateProperty(sshServer, CoreModuleProperties.SERVER_IDENTIFICATION.getName(), sb.toString());
    }

    private void registerConnectionLifecycleListeners(SshServer sshServer) {
        sshServer.addSessionListener(new SessionListener() { // from class: de.rcenvironment.core.embedded.ssh.internal.EmbeddedSshServerImpl.1
            public void sessionEstablished(Session session) {
                IncomingSessionTracker.SessionHandle registerSessionStart = EmbeddedSshServerImpl.this.sessionTracker.registerSessionStart(session);
                InetSocketAddress inetSocketAddress = (InetSocketAddress) session.getRemoteAddress();
                registerSessionStart.addLogData("remote_ip", inetSocketAddress.getAddress().getHostAddress()).addLogData("remote_port", inetSocketAddress.getPort()).addLogData("server_port", EmbeddedSshServerImpl.this.sshConfiguration.getPort());
            }

            public void sessionCreated(Session session) {
                EmbeddedSshServerImpl.this.updateSessionLivenessAndRegisterAsClosedIfZero(session, "sessionCreated()", EmbeddedSshServerImpl.INCREASE_BY_ONE);
            }

            public void sessionClosed(Session session) {
                EmbeddedSshServerImpl.this.updateSessionLivenessAndRegisterAsClosedIfZero(session, "sessionClosed()", -1);
            }
        });
        sshServer.addChannelListener(new ChannelListener() { // from class: de.rcenvironment.core.embedded.ssh.internal.EmbeddedSshServerImpl.2
            public void channelStateChanged(Channel channel, String str) {
                if ("SSH_MSG_CHANNEL_EOF".equals(str)) {
                    try {
                        EmbeddedSshServerImpl.this.sessionTracker.forSession(channel.getSession()).registerDataStreamEOF();
                    } catch (OperationFailureException e) {
                        EmbeddedSshServerImpl.this.logger.warn("Failed to register stream EOF: " + e.getMessage());
                    }
                }
            }

            public void channelInitialized(Channel channel) {
                EmbeddedSshServerImpl.this.updateSessionLivenessAndRegisterAsClosedIfZero(channel.getSession(), "channelInitialized()", EmbeddedSshServerImpl.INCREASE_BY_ONE);
            }

            public void channelClosed(Channel channel, Throwable th) {
                EmbeddedSshServerImpl.this.updateSessionLivenessAndRegisterAsClosedIfZero(channel.getSession(), "channelClosed()", -1);
            }
        });
    }

    private void logServerStartedEvent() {
        EventLog.append(EventLog.newEntry(EventType.SERVERPORT_OPENED).set(EVENT_LOG_KEY_CONNECTION_TYPE, EVENT_LOG_VALUE_CONNECTION_TYPE).set("bind_ip", this.sshConfiguration.getHost()).set("port", this.sshConfiguration.getPort()));
        this.logger.info(StringUtils.format("SSH server started on port %s (bound to IP %s)", new Object[]{Integer.valueOf(this.sshConfiguration.getPort()), this.sshConfiguration.getHost()}));
    }

    private void logServerShutDownEvent() {
        EventLog.append(EventLog.newEntry(EventType.SERVERPORT_CLOSED).set(EVENT_LOG_KEY_CONNECTION_TYPE, EVENT_LOG_VALUE_CONNECTION_TYPE).set("bind_ip", this.sshConfiguration.getHost()).set("port", this.sshConfiguration.getPort()));
        this.logger.debug("Embedded SSH server shut down");
    }

    private boolean getActivationSettingFromConfig(SshConfiguration sshConfiguration) {
        boolean z = false;
        if (sshConfiguration != null && sshConfiguration.isEnabled()) {
            z = sshConfiguration.validateConfiguration(this.logger);
        }
        return z;
    }

    @Reference
    protected void bindScpContextManager(ScpContextManager scpContextManager) {
        this.scpContextManager = scpContextManager;
    }

    @Reference
    protected void bindConfigurationService(ConfigurationService configurationService) {
        this.configurationService = configurationService;
    }

    @Reference
    protected void bindCommandExecutionService(CommandExecutionService commandExecutionService) {
        this.commandExecutionService = commandExecutionService;
    }

    @Reference
    protected void bindServerSideUplinkSessionService(ServerSideUplinkSessionService serverSideUplinkSessionService) {
        this.uplinkSessionService = serverSideUplinkSessionService;
    }

    private void updateSessionLivenessAndRegisterAsClosedIfZero(Session session, String str, int i) {
        try {
            if (this.sessionTracker.forSession(session).modifyCustomCounter(i) == 0) {
                this.sessionTracker.registerSessionClosed(session, false);
            }
        } catch (OperationFailureException e) {
            this.logger.warn("SSH session " + session + ": Failed to register " + str + " event: " + e.getMessage());
        }
    }

    private void writeStatusToEventLog(EventType eventType) {
        EventLog.append(EventLog.newEntry(eventType).set(EVENT_LOG_KEY_CONNECTION_TYPE, "ssh").set("number_of_accounts", this.sshConfiguration.getCurrentNumberOfAccouts()).set("origin", this.sshConfiguration.getAccountDataOriginInfo()));
    }
}
