package org.apache.knox.gateway.webshell;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.base.CharMatcher;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.atomic.AtomicInteger;
import org.apache.knox.gateway.GatewayCommandLine;
import org.apache.knox.gateway.audit.api.AuditServiceFactory;
import org.apache.knox.gateway.audit.api.Auditor;
import org.apache.knox.gateway.config.GatewayConfig;
import org.apache.knox.gateway.services.security.token.UnknownTokenException;
import org.apache.knox.gateway.websockets.JWTValidator;
import org.apache.knox.gateway.websockets.ProxyWebSocketAdapter;
import org.eclipse.jetty.websocket.api.Session;

/* loaded from: input_file:org/apache/knox/gateway/webshell/WebshellWebSocketAdapter.class */
public class WebshellWebSocketAdapter extends ProxyWebSocketAdapter {
    private Session session;
    private final ConnectionInfo connectionInfo;
    private final JWTValidator jwtValidator;
    private final StringBuilder auditBuffer;
    private final ObjectMapper objectMapper;
    private static final Auditor auditor = AuditServiceFactory.getAuditService().getAuditor("audit", GatewayCommandLine.COMMAND_NAME, GatewayCommandLine.COMMAND_NAME);

    public WebshellWebSocketAdapter(ExecutorService executorService, GatewayConfig gatewayConfig, JWTValidator jWTValidator, AtomicInteger atomicInteger) {
        super(null, executorService, null, gatewayConfig);
        this.jwtValidator = jWTValidator;
        this.auditBuffer = new StringBuilder();
        if (jWTValidator.getUsername() == null) {
            throw new RuntimeException("Needs user name in JWT to use WebShell");
        }
        this.connectionInfo = new ConnectionInfo(jWTValidator.getUsername(), gatewayConfig.getGatewayPIDDir(), atomicInteger);
        this.objectMapper = new ObjectMapper();
    }

    @Override // org.apache.knox.gateway.websockets.ProxyWebSocketAdapter
    public void onWebSocketConnect(Session session) {
        this.session = session;
        this.connectionInfo.connect();
        this.pool.execute(this::blockingReadFromHost);
    }

    private void blockingReadFromHost() {
        byte[] bArr = new byte[this.config.getWebShellReadBufferSize()];
        while (true) {
            try {
                try {
                    int read = this.connectionInfo.getInputStream().read(bArr);
                    if (read == -1) {
                        return;
                    } else {
                        transToClient(new String(bArr, 0, read, StandardCharsets.UTF_8));
                    }
                } catch (IOException e) {
                    LOG.onError(e.toString());
                    cleanup();
                    return;
                }
            } finally {
                cleanup();
            }
        }
    }

    @Override // org.apache.knox.gateway.websockets.ProxyWebSocketAdapter
    public void onWebSocketText(String str) {
        try {
            if (!this.jwtValidator.tokenIsStillValid()) {
                throw new RuntimeException("Token expired");
            }
            transToHost(((WebshellData) this.objectMapper.readValue(str, WebshellData.class)).getUserInput());
        } catch (JsonProcessingException | UnknownTokenException | RuntimeException e) {
            LOG.onError(e.toString());
            cleanup();
        }
    }

    private void transToHost(String str) {
        try {
            this.connectionInfo.getOutputStream().write(str.getBytes(StandardCharsets.UTF_8));
            this.connectionInfo.getOutputStream().flush();
            if (this.config.isWebShellAuditLoggingEnabled()) {
                audit(str);
            }
        } catch (IOException e) {
            LOG.onError("Error sending message to host");
            cleanup();
        }
    }

    private void transToClient(String str) {
        try {
            this.session.getRemote().sendString(str);
        } catch (IOException e) {
            LOG.onError("Error sending message to client");
            cleanup();
        }
    }

    @Override // org.apache.knox.gateway.websockets.ProxyWebSocketAdapter
    public void onWebSocketBinary(byte[] bArr, int i, int i2) {
        throw new UnsupportedOperationException("Websocket for binary messages is not supported at this time.");
    }

    @Override // org.apache.knox.gateway.websockets.ProxyWebSocketAdapter
    public void onWebSocketClose(int i, String str) {
        LOG.debugLog("Closing websocket connection");
        cleanup();
    }

    @Override // org.apache.knox.gateway.websockets.ProxyWebSocketAdapter
    public void onWebSocketError(Throwable th) {
        LOG.onError(th.toString());
        cleanup();
    }

    private String cleanText(String str) {
        return CharMatcher.ascii().retainFrom(CharMatcher.invisible().removeFrom(CharMatcher.javaIsoControl().removeFrom(str.replaceAll("[\\^\\[OA|\\^\\[OB]", ""))));
    }

    private void audit(String str) {
        this.auditBuffer.append(str);
        if (str.contains("\r") || str.contains("\n")) {
            String[] split = this.auditBuffer.toString().trim().split("\\s+");
            if (split.length > 0) {
                auditor.audit("webshell", this.connectionInfo.getUsername() + ':' + this.connectionInfo.getPid(), "process", "success", cleanText(split[0]));
                this.auditBuffer.setLength(0);
            }
        }
    }

    private void cleanup() {
        if (this.session != null && this.session.isOpen()) {
            this.session.close();
            this.session = null;
        }
        this.connectionInfo.disconnect();
    }
}
