package software.amazon.documentdb.jdbc.sshtunnel;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.hash.Hashing;
import com.jcraft.jsch.HostKey;
import com.jcraft.jsch.JSch;
import com.jcraft.jsch.JSchException;
import com.jcraft.jsch.Session;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.sql.SQLException;
import java.util.Arrays;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.ScheduledFuture;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicLong;
import org.apache.commons.lang3.tuple.ImmutablePair;
import org.apache.commons.lang3.tuple.Pair;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.documentdb.jdbc.DocumentDbConnectionProperties;
import software.amazon.documentdb.jdbc.common.utilities.SqlError;
import software.amazon.documentdb.jdbc.common.utilities.SqlState;

/* loaded from: input_file:software/amazon/documentdb/jdbc/sshtunnel/DocumentDbSshTunnelServer.class */
public final class DocumentDbSshTunnelServer implements AutoCloseable {
    public static final String SSH_KNOWN_HOSTS_FILE = "~/.ssh/known_hosts";
    public static final String STRICT_HOST_KEY_CHECKING = "StrictHostKeyChecking";
    public static final String HASH_KNOWN_HOSTS = "HashKnownHosts";
    public static final String SERVER_HOST_KEY = "server_host_key";
    public static final String YES = "yes";
    public static final String NO = "no";
    public static final String LOCALHOST = "localhost";
    public static final int DEFAULT_DOCUMENTDB_PORT = 27017;
    public static final int DEFAULT_SSH_PORT = 22;
    private static final Logger LOGGER = LoggerFactory.getLogger(DocumentDbSshTunnelServer.class);
    public static final int DEFAULT_CLOSE_DELAY_MS = 30000;
    private final Object mutex;
    private final AtomicLong clientCount;
    private final String sshUser;
    private final String sshHostname;
    private final String sshPrivateKeyFile;
    private final String sshPrivateKeyPassphrase;
    private final boolean sshStrictHostKeyChecking;
    private final String sshKnownHostsFile;
    private final String remoteHostname;
    private final ScheduledExecutorService scheduler;
    private SshPortForwardingSession session;
    private ScheduledFuture<?> scheduledFuture;
    private long closeDelayMS;

    /* loaded from: input_file:software/amazon/documentdb/jdbc/sshtunnel/DocumentDbSshTunnelServer$DocumentDbSshTunnelServerBuilder.class */
    public static class DocumentDbSshTunnelServerBuilder {
        private final String sshUser;
        private final String sshHostname;
        private final String sshPrivateKeyFile;
        private final String sshRemoteHostname;
        private String sshPrivateKeyPassphrase = null;
        private boolean sshStrictHostKeyChecking = true;
        private String sshKnownHostsFile = null;
        private static final ConcurrentMap<String, DocumentDbSshTunnelServer> SSH_TUNNEL_MAP = new ConcurrentHashMap();

        DocumentDbSshTunnelServerBuilder(String str, String str2, String str3, String str4) {
            this.sshUser = str;
            this.sshHostname = str2;
            this.sshPrivateKeyFile = str3;
            this.sshRemoteHostname = str4;
        }

        public DocumentDbSshTunnelServerBuilder sshPrivateKeyPassphrase(String str) {
            this.sshPrivateKeyPassphrase = str;
            return this;
        }

        public DocumentDbSshTunnelServerBuilder sshStrictHostKeyChecking(boolean z) {
            this.sshStrictHostKeyChecking = z;
            return this;
        }

        public DocumentDbSshTunnelServerBuilder sshKnownHostsFile(String str) {
            this.sshKnownHostsFile = str;
            return this;
        }

        public DocumentDbSshTunnelServer build() {
            return SSH_TUNNEL_MAP.computeIfAbsent(DocumentDbSshTunnelServer.getHashString(this.sshUser, this.sshHostname, this.sshPrivateKeyFile, this.sshRemoteHostname), str -> {
                return new DocumentDbSshTunnelServer(this);
            });
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:software/amazon/documentdb/jdbc/sshtunnel/DocumentDbSshTunnelServer$SshPortForwardingSession.class */
    public static class SshPortForwardingSession {
        private final Session session;
        private final int localPort;

        public Session getSession() {
            return this.session;
        }

        public int getLocalPort() {
            return this.localPort;
        }

        public SshPortForwardingSession(Session session, int i) {
            this.session = session;
            this.localPort = i;
        }
    }

    private DocumentDbSshTunnelServer(DocumentDbSshTunnelServerBuilder documentDbSshTunnelServerBuilder) {
        this.mutex = new Object();
        this.clientCount = new AtomicLong(0L);
        this.scheduler = Executors.newScheduledThreadPool(1);
        this.session = null;
        this.scheduledFuture = null;
        this.closeDelayMS = 30000L;
        this.sshUser = documentDbSshTunnelServerBuilder.sshUser;
        this.sshHostname = documentDbSshTunnelServerBuilder.sshHostname;
        this.sshPrivateKeyFile = documentDbSshTunnelServerBuilder.sshPrivateKeyFile;
        this.remoteHostname = documentDbSshTunnelServerBuilder.sshRemoteHostname;
        this.sshPrivateKeyPassphrase = documentDbSshTunnelServerBuilder.sshPrivateKeyPassphrase;
        this.sshStrictHostKeyChecking = documentDbSshTunnelServerBuilder.sshStrictHostKeyChecking;
        this.sshKnownHostsFile = documentDbSshTunnelServerBuilder.sshKnownHostsFile;
        LOGGER.debug("sshUser='{}' sshHostname='{}' sshPrivateKeyFile='{}' remoteHostname'{} sshPrivateKeyPassphrase='{}' sshStrictHostKeyChecking='{}' sshKnownHostsFile='{}'", new Object[]{this.sshUser, this.sshHostname, this.sshPrivateKeyFile, this.remoteHostname, this.sshPrivateKeyPassphrase, Boolean.valueOf(this.sshStrictHostKeyChecking), this.sshKnownHostsFile});
    }

    static String getHashString(String str, String str2, String str3, String str4) {
        return Hashing.sha256().hashString(str + "-" + str2 + "-" + str3 + str4, StandardCharsets.UTF_8).toString();
    }

    public static SshPortForwardingSession createSshTunnel(DocumentDbConnectionProperties documentDbConnectionProperties) throws SQLException {
        validateSshPrivateKeyFile(documentDbConnectionProperties);
        LOGGER.debug("Internal SSH tunnel starting.");
        try {
            JSch jSch = new JSch();
            addIdentity(documentDbConnectionProperties, jSch);
            Session createSession = createSession(documentDbConnectionProperties, jSch);
            connectSession(documentDbConnectionProperties, jSch, createSession);
            SshPortForwardingSession portForwardingSession = getPortForwardingSession(documentDbConnectionProperties, createSession);
            LOGGER.debug("Internal SSH tunnel started on local port '{}'.", Integer.valueOf(portForwardingSession.getLocalPort()));
            LOGGER.debug("Internal SSH tunnel started.");
            return portForwardingSession;
        } catch (Exception e) {
            throw logException(e);
        }
    }

    private static SshPortForwardingSession getPortForwardingSession(DocumentDbConnectionProperties documentDbConnectionProperties, Session session) throws JSchException {
        Pair<String, Integer> hostAndPort = getHostAndPort(documentDbConnectionProperties.getHostname(), DEFAULT_DOCUMENTDB_PORT);
        return new SshPortForwardingSession(session, session.setPortForwardingL(LOCALHOST, 0, (String) hostAndPort.getLeft(), ((Integer) hostAndPort.getRight()).intValue()));
    }

    private static Pair<String, Integer> getHostAndPort(String str, int i) {
        String str2;
        int i2;
        int indexOf = str.indexOf(58);
        if (indexOf >= 0) {
            str2 = str.substring(0, indexOf);
            i2 = Integer.parseInt(str.substring(indexOf + 1));
        } else {
            str2 = str;
            i2 = i;
        }
        return new ImmutablePair(str2, Integer.valueOf(i2));
    }

    private static void connectSession(DocumentDbConnectionProperties documentDbConnectionProperties, JSch jSch, Session session) throws SQLException {
        setSecurityConfig(documentDbConnectionProperties, jSch, session);
        try {
            session.connect();
        } catch (JSchException e) {
            throw logException(e);
        }
    }

    private static void addIdentity(DocumentDbConnectionProperties documentDbConnectionProperties, JSch jSch) throws JSchException {
        String path = DocumentDbConnectionProperties.getPath(documentDbConnectionProperties.getSshPrivateKeyFile(), DocumentDbConnectionProperties.getDocumentDbSearchPaths()).toString();
        LOGGER.debug("SSH private key file resolved to '{}'.", path);
        jSch.addIdentity(path, !DocumentDbConnectionProperties.isNullOrWhitespace(documentDbConnectionProperties.getSshPrivateKeyPassphrase()) ? documentDbConnectionProperties.getSshPrivateKeyPassphrase() : null);
    }

    private static Session createSession(DocumentDbConnectionProperties documentDbConnectionProperties, JSch jSch) throws SQLException {
        String sshUser = documentDbConnectionProperties.getSshUser();
        Pair<String, Integer> hostAndPort = getHostAndPort(documentDbConnectionProperties.getSshHostname(), 22);
        setKnownHostsFile(documentDbConnectionProperties, jSch);
        try {
            return jSch.getSession(sshUser, (String) hostAndPort.getLeft(), ((Integer) hostAndPort.getRight()).intValue());
        } catch (JSchException e) {
            throw logException(e);
        }
    }

    private static void setSecurityConfig(DocumentDbConnectionProperties documentDbConnectionProperties, JSch jSch, Session session) {
        if (documentDbConnectionProperties.getSshStrictHostKeyChecking()) {
            setHostKeyType(documentDbConnectionProperties, jSch, session);
        } else {
            session.setConfig(STRICT_HOST_KEY_CHECKING, NO);
        }
    }

    private static void setHostKeyType(DocumentDbConnectionProperties documentDbConnectionProperties, JSch jSch, Session session) {
        HostKey[] hostKey = jSch.getHostKeyRepository().getHostKey();
        Pair<String, Integer> hostAndPort = getHostAndPort(documentDbConnectionProperties.getSshHostname(), 22);
        HostKey hostKey2 = (HostKey) Arrays.stream(hostKey).filter(hostKey3 -> {
            return hostKey3.getHost().equals(hostAndPort.getLeft());
        }).findFirst().orElse(null);
        String type = hostKey2 != null ? hostKey2.getType() : null;
        if (type != null) {
            session.setConfig(SERVER_HOST_KEY, session.getConfig(SERVER_HOST_KEY) + "," + type);
        }
        session.setConfig(HASH_KNOWN_HOSTS, YES);
    }

    private static void setKnownHostsFile(DocumentDbConnectionProperties documentDbConnectionProperties, JSch jSch) throws SQLException {
        if (documentDbConnectionProperties.getSshStrictHostKeyChecking()) {
            try {
                jSch.setKnownHosts(getSshKnownHostsFilename(documentDbConnectionProperties));
            } catch (JSchException e) {
                throw logException(e);
            }
        }
    }

    private static <T extends Exception> SQLException logException(T t) {
        LOGGER.error(t.getMessage(), t);
        return t instanceof SQLException ? (SQLException) t : new SQLException(t.getMessage(), t);
    }

    public int getServiceListeningPort() {
        if (this.session != null) {
            return this.session.getLocalPort();
        }
        return 0;
    }

    @Override // java.lang.AutoCloseable
    public void close() {
        synchronized (this.mutex) {
            if (this.session != null) {
                LOGGER.debug("Internal SSH Tunnel is stopping.");
                this.session.getSession().disconnect();
                this.session = null;
                LOGGER.debug("Internal SSH Tunnel is stopped.");
            }
        }
    }

    public void addClient() throws SQLException {
        synchronized (this.mutex) {
            cancelScheduledFutureClose();
            this.clientCount.incrementAndGet();
            if (this.session == null || this.session.getLocalPort() == 0) {
                validateLocalSshFilesExists();
                this.session = createSshTunnel(getConnectionProperties());
            }
        }
    }

    public void removeClient() throws SQLException {
        synchronized (this.mutex) {
            if (this.clientCount.get() <= 0 || this.clientCount.decrementAndGet() > 0) {
                return;
            }
            closeSession();
        }
    }

    private void closeSession() throws SQLException {
        cancelScheduledFutureClose();
        long closeDelayMS = getCloseDelayMS();
        if (closeDelayMS <= 0) {
            close();
        } else {
            LOGGER.debug("Close timer is being scheduled.");
            this.scheduledFuture = this.scheduler.schedule(getCloseTimerTask(), closeDelayMS, TimeUnit.MILLISECONDS);
        }
    }

    private Runnable getCloseTimerTask() {
        return () -> {
            try {
                close();
            } catch (Exception e) {
                LOGGER.warn(e.getMessage(), e);
            }
        };
    }

    private void cancelScheduledFutureClose() throws SQLException {
        synchronized (this.mutex) {
            if (this.scheduledFuture != null) {
                LOGGER.debug("Close timer is being cancelled.");
                while (!this.scheduledFuture.isDone()) {
                    this.scheduledFuture.cancel(false);
                    try {
                        TimeUnit.MILLISECONDS.sleep(10L);
                    } catch (InterruptedException e) {
                        throw new SQLException(e.getMessage(), e);
                    }
                }
            }
            this.scheduledFuture = null;
        }
    }

    @VisibleForTesting
    long getCloseDelayMS() {
        return this.closeDelayMS;
    }

    @VisibleForTesting
    void setCloseDelayMS(long j) {
        this.closeDelayMS = j > 0 ? j : 0L;
    }

    @VisibleForTesting
    long getClientCount() {
        long j;
        synchronized (this.mutex) {
            j = this.clientCount.get();
        }
        return j;
    }

    public boolean isAlive() {
        return this.session != null;
    }

    public static DocumentDbSshTunnelServerBuilder builder(String str, String str2, String str3, String str4) {
        return new DocumentDbSshTunnelServerBuilder(str, str2, str3, str4);
    }

    private DocumentDbConnectionProperties getConnectionProperties() {
        DocumentDbConnectionProperties documentDbConnectionProperties = new DocumentDbConnectionProperties();
        documentDbConnectionProperties.setHostname(this.remoteHostname);
        documentDbConnectionProperties.setSshUser(this.sshUser);
        documentDbConnectionProperties.setSshHostname(this.sshHostname);
        documentDbConnectionProperties.setSshPrivateKeyFile(this.sshPrivateKeyFile);
        documentDbConnectionProperties.setSshStrictHostKeyChecking(String.valueOf(this.sshStrictHostKeyChecking));
        if (this.sshPrivateKeyPassphrase != null) {
            documentDbConnectionProperties.setSshPrivateKeyPassphrase(this.sshPrivateKeyPassphrase);
        }
        if (this.sshKnownHostsFile != null) {
            documentDbConnectionProperties.setSshKnownHostsFile(this.sshKnownHostsFile);
        }
        return documentDbConnectionProperties;
    }

    private void validateLocalSshFilesExists() throws SQLException {
        DocumentDbConnectionProperties connectionProperties = getConnectionProperties();
        validateSshPrivateKeyFile(connectionProperties);
        getSshKnownHostsFilename(connectionProperties);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void validateSshPrivateKeyFile(DocumentDbConnectionProperties documentDbConnectionProperties) throws SQLException {
        if (!documentDbConnectionProperties.isSshPrivateKeyFileExists()) {
            throw SqlError.createSQLException(LOGGER, SqlState.CONNECTION_EXCEPTION, SqlError.SSH_PRIVATE_KEY_FILE_NOT_FOUND, documentDbConnectionProperties.getSshPrivateKeyFile());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getSshKnownHostsFilename(DocumentDbConnectionProperties documentDbConnectionProperties) throws SQLException {
        String path;
        if (DocumentDbConnectionProperties.isNullOrWhitespace(documentDbConnectionProperties.getSshKnownHostsFile())) {
            path = DocumentDbConnectionProperties.getPath(SSH_KNOWN_HOSTS_FILE, new String[0]).toString();
        } else {
            Path path2 = DocumentDbConnectionProperties.getPath(documentDbConnectionProperties.getSshKnownHostsFile(), new String[0]);
            validateSshKnownHostsFile(documentDbConnectionProperties, path2);
            path = path2.toString();
        }
        return path;
    }

    private static void validateSshKnownHostsFile(DocumentDbConnectionProperties documentDbConnectionProperties, Path path) throws SQLException {
        if (!Files.exists(path, new LinkOption[0])) {
            throw SqlError.createSQLException(LOGGER, SqlState.INVALID_PARAMETER_VALUE, SqlError.KNOWN_HOSTS_FILE_NOT_FOUND, documentDbConnectionProperties.getSshKnownHostsFile());
        }
    }
}
