package com.atlassian.bitbucket.internal.mirroring.mirror.auth.ssh;

import com.atlassian.bitbucket.auth.AuthenticationException;
import com.atlassian.bitbucket.auth.SshAuthenticationContext;
import com.atlassian.bitbucket.auth.SshAuthenticationHandler;
import com.atlassian.bitbucket.i18n.I18nService;
import com.atlassian.bitbucket.internal.mirroring.mirror.InternalUpstreamServer;
import com.atlassian.bitbucket.internal.mirroring.mirror.InternalUpstreamService;
import com.atlassian.bitbucket.internal.mirroring.mirror.auth.CloudAuthenticator;
import com.atlassian.bitbucket.internal.mirroring.mirror.auth.DelegatedAuthenticationHandlerBase;
import com.atlassian.bitbucket.internal.mirroring.mirror.auth.DelegatedAuthenticationSystemException;
import com.atlassian.bitbucket.internal.mirroring.mirror.auth.ServerAuthenticator;
import com.atlassian.bitbucket.internal.mirroring.mirror.auth.UpstreamAuthenticatorFactory;
import com.atlassian.bitbucket.internal.mirroring.ssh.encoding.PublicKeyEncodingHelper;
import com.atlassian.bitbucket.mirroring.mirror.UpstreamServer;
import com.atlassian.bitbucket.user.ApplicationUser;
import com.atlassian.bitbucket.user.SecurityService;
import com.atlassian.sal.api.transaction.TransactionTemplate;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/bitbucket-mirroring-mirror-5.16.0.jar:com/atlassian/bitbucket/internal/mirroring/mirror/auth/ssh/DelegatedSshAuthenticationHandler.class */
public class DelegatedSshAuthenticationHandler extends DelegatedAuthenticationHandlerBase implements SshAuthenticationHandler {
    private final PublicKeyEncodingHelper publicKeyEncodingHelper;

    public DelegatedSshAuthenticationHandler(UpstreamAuthenticatorFactory upstreamAuthenticatorFactory, I18nService i18nService, PublicKeyEncodingHelper publicKeyEncodingHelper, SecurityService securityService, TransactionTemplate transactionTemplate, InternalUpstreamService internalUpstreamService) {
        super(upstreamAuthenticatorFactory, i18nService, securityService, transactionTemplate, internalUpstreamService);
        this.publicKeyEncodingHelper = publicKeyEncodingHelper;
    }

    @Override // com.atlassian.bitbucket.auth.SshAuthenticationHandler
    @Nullable
    public ApplicationUser authenticate(@Nonnull SshAuthenticationContext sshAuthenticationContext) {
        if (!this.upstreamService.isMirror()) {
            this.log.trace("Not delegating SSH authentication because this is not configured to be a mirror");
            return null;
        }
        InternalUpstreamServer internalUpstreamServer = this.upstreamService.get();
        if (internalUpstreamServer == null) {
            this.log.info("Not delegating SSH authentication because this mirror is not installed on an upstream server");
            return null;
        }
        switch (internalUpstreamServer.getType()) {
            case BITBUCKET_CLOUD:
                return authenticateCloud(internalUpstreamServer, sshAuthenticationContext);
            case BITBUCKET_SERVER:
                return authenticateServer(internalUpstreamServer, sshAuthenticationContext);
            default:
                this.log.info("Delegation failed due to unknown upstream type.");
                return null;
        }
    }

    private ApplicationUser authenticateCloud(UpstreamServer upstreamServer, SshAuthenticationContext sshAuthenticationContext) {
        CloudAuthenticator createForCloud = this.authenticatorFactory.createForCloud(upstreamServer);
        if (!createForCloud.isAvailable(upstreamServer)) {
            return null;
        }
        this.log.debug("Delegating SSH authentication for username {} with {} public key", sshAuthenticationContext.getUsername(), sshAuthenticationContext.getPublicKey().getAlgorithm());
        try {
            if (!createForCloud.isRegisteredSshKey(sshAuthenticationContext.getPublicKey())) {
                return null;
            }
            return new CloudAuthenticatedSshUser(sshAuthenticationContext.getPublicKey(), this.publicKeyEncodingHelper.encodeAsOpenSsh(sshAuthenticationContext.getPublicKey()));
        } catch (Exception e) {
            throw new DelegatedAuthenticationSystemException(this.i18nService.createKeyedMessage("bitbucket.mirroring.authentication.delegation.failure.unexpected", new Object[0]), e);
        }
    }

    private ApplicationUser authenticateServer(UpstreamServer upstreamServer, SshAuthenticationContext sshAuthenticationContext) {
        ServerAuthenticator createForServer = this.authenticatorFactory.createForServer(upstreamServer);
        if (!createForServer.isAvailable(upstreamServer)) {
            return null;
        }
        try {
            return localiseResourcePermissions(createForServer.authenticateUser(sshAuthenticationContext.getUsername(), sshAuthenticationContext.getPublicKey()));
        } catch (AuthenticationException e) {
            throw e;
        } catch (Exception e2) {
            throw new DelegatedAuthenticationSystemException(this.i18nService.createKeyedMessage("bitbucket.mirroring.authentication.delegation.failure.unexpected", new Object[0]), e2);
        }
    }
}
