package com.atlassian.bitbucket.internal.ssh.server;

import com.atlassian.bitbucket.server.ApplicationPropertiesService;
import com.atlassian.util.concurrent.ThreadFactories;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableList;
import java.util.Arrays;
import java.util.Objects;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import org.apache.commons.lang3.StringUtils;
import org.apache.sshd.common.FactoryManager;
import org.apache.sshd.common.PropertyResolver;
import org.apache.sshd.common.PropertyResolverUtils;
import org.apache.sshd.common.compression.BuiltinCompressions;
import org.apache.sshd.common.io.mina.MinaServiceFactoryFactory;
import org.apache.sshd.common.io.nio2.Nio2ServiceFactoryFactory;
import org.apache.sshd.common.util.security.SecurityUtils;
import org.apache.sshd.server.ServerBuilder;
import org.apache.sshd.server.ServerFactoryManager;
import org.apache.sshd.server.auth.pubkey.PublickeyAuthenticator;
import org.apache.sshd.server.command.CommandFactory;
import org.apache.sshd.server.global.KeepAliveHandler;
import org.apache.sshd.server.global.NoMoreSessionsHandler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/bitbucket-ssh-5.16.0.jar:com/atlassian/bitbucket/internal/ssh/server/SshServerFactory.class */
public class SshServerFactory {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) SshServerFactory.class);
    private static final long DEFAULT_IDLE_TIMEOUT = TimeUnit.HOURS.toSeconds(2);
    private static final int DEFAULT_MAX_PENDING_WRITES = 512;
    private static final int DEFAULT_SSH_SESSION_MAX = 250;
    private static final int MINIMUM_MAX_SESSIONS = 100;
    private static final String PROP_IDLE_TIMEOUT = "plugin.ssh.command.timeout.idle";
    private static final String PROP_MAX_PENDING_WRITES = "plugin.ssh.session.pending-writes.max";
    private static final String PROP_SSH_NIO_WORKERS = "plugin.ssh.nio.workers";
    private static final String PROP_SSH_SESSION_MAX = "plugin.ssh.session.max";
    private final PublickeyAuthenticator authenticator;
    private final CommandFactory commandFactory;
    private final NamedFactoryFilter factoryFilter;
    private final HostKeyPairProvider keyPairProvider;
    private final ApplicationPropertiesService propertiesService;

    public SshServerFactory(PublickeyAuthenticator publickeyAuthenticator, CommandFactory commandFactory, HostKeyPairProvider hostKeyPairProvider, ApplicationPropertiesService applicationPropertiesService, NamedFactoryFilter namedFactoryFilter) {
        Preconditions.checkState(SecurityUtils.isBouncyCastleRegistered(), "BouncyCastle is not registered as expected");
        this.authenticator = publickeyAuthenticator;
        this.commandFactory = commandFactory;
        this.factoryFilter = namedFactoryFilter;
        this.keyPairProvider = hostKeyPairProvider;
        this.propertiesService = applicationPropertiesService;
    }

    public org.apache.sshd.server.SshServer createServer(int i) {
        org.apache.sshd.server.SshServer build = new ServerBuilder().fileSystemFactory(new ForbiddingFileSystemFactory()).globalRequestHandlers(Arrays.asList(new KeepAliveHandler(), new NoMoreSessionsHandler())).build();
        PropertyResolverUtils.updateProperty(build, FactoryManager.IDLE_TIMEOUT, TimeUnit.SECONDS.toMillis(this.propertiesService.getPluginProperty(PROP_IDLE_TIMEOUT, DEFAULT_IDLE_TIMEOUT)));
        PropertyResolverUtils.updateProperty((PropertyResolver) build, ServerFactoryManager.MAX_CONCURRENT_SESSIONS, Math.max(this.propertiesService.getPluginProperty(PROP_SSH_SESSION_MAX, 250), 100));
        build.setChannelFactories(ImmutableList.of(new ScmHostingChannelSessionFactory()));
        build.setChannelStreamPacketWriterResolver(new DefaultChannelStreamPacketWriterResolver(this.propertiesService.getPluginProperty(PROP_MAX_PENDING_WRITES, 512)));
        build.setCipherFactories(this.factoryFilter.filter(build.getCipherFactories(), NamedFactoryType.CIPHER));
        build.setCommandFactory(this.commandFactory);
        build.setCompressionFactories(ImmutableList.of(BuiltinCompressions.none));
        build.setGSSAuthenticator(null);
        String lowerCase = StringUtils.lowerCase(this.propertiesService.getPluginProperty("plugin.ssh.nio.strategy", "sshd"));
        if (Objects.equals("sshd", lowerCase)) {
            log.info("Using built in SSHD NIO service factory");
            build.setIoServiceFactoryFactory(new Nio2ServiceFactoryFactory());
        } else {
            if (Objects.equals("mina", lowerCase)) {
                log.info("Using MINA NIO service factory");
            } else {
                log.warn("Expected 'mina' or 'sshd' but found {}. Using MINA NIO service factory", lowerCase);
            }
            build.setIoServiceFactoryFactory(new MinaServiceFactoryFactory());
        }
        build.setKeyExchangeFactories(this.factoryFilter.filter(build.getKeyExchangeFactories(), NamedFactoryType.KEY_EXCHANGE));
        build.setKeyPairProvider(this.keyPairProvider);
        build.setKeyboardInteractiveAuthenticator(null);
        build.setMacFactories(this.factoryFilter.filter(build.getMacFactories(), NamedFactoryType.MAC));
        build.setNioWorkers(this.propertiesService.getPluginProperty(PROP_SSH_NIO_WORKERS, ServerFactoryManager.DEFAULT_NIO_WORKERS));
        build.setPasswordAuthenticator(null);
        build.setPublickeyAuthenticator(this.authenticator);
        build.setScheduledExecutorService(createScheduledExecutor(), true);
        build.setShellFactory(null);
        build.setForwardingFilter(null);
        build.setPort(i);
        return build;
    }

    private ScheduledExecutorService createScheduledExecutor() {
        return Executors.newSingleThreadScheduledExecutor(ThreadFactories.namedThreadFactory("ssh-server", ThreadFactories.Type.DAEMON));
    }
}
