package com.sshtools.publickey;

import com.maverick.ssh.AdaptiveConfiguration;
import com.maverick.ssh.HostKeyVerification;
import com.maverick.ssh.SshException;
import com.maverick.ssh.components.ComponentManager;
import com.maverick.ssh.components.SshHmac;
import com.maverick.ssh.components.SshPublicKey;
import com.maverick.ssh.components.SshRsaPublicKey;
import com.maverick.ssh2.Ssh2Context;
import com.maverick.util.Base64;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.math.BigInteger;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.StringTokenizer;

/* loaded from: input_file:com/sshtools/publickey/AbstractKnownHostsKeyVerification.class */
public abstract class AbstractKnownHostsKeyVerification implements HostKeyVerification {
    private Hashtable<String, Hashtable<String, SshPublicKey>> allowedHosts;
    private Hashtable<String, Hashtable<String, SshPublicKey>> temporaryHosts;
    private String knownhosts;
    private boolean hostFileWriteable;
    private boolean hashHosts;
    private File knownhostsFile;
    private static final String HASH_MAGIC = "|1|";
    private static final String HASH_DELIM = "|";

    public AbstractKnownHostsKeyVerification() throws SshException {
        this(null);
    }

    public File getKnownHostsFile() {
        return this.knownhostsFile;
    }

    public AbstractKnownHostsKeyVerification(String str) throws SshException {
        this.allowedHosts = new Hashtable<>();
        this.temporaryHosts = new Hashtable<>();
        this.hashHosts = true;
        FileInputStream fileInputStream = null;
        if (str == null) {
            String str2 = "";
            try {
                str2 = System.getProperty("user.home");
            } catch (SecurityException e) {
            }
            this.knownhostsFile = new File(str2, ".ssh" + File.separator + "known_hosts");
            str = this.knownhostsFile.getAbsolutePath();
        } else {
            this.knownhostsFile = new File(str);
        }
        try {
            try {
                if (System.getSecurityManager() != null) {
                    System.getSecurityManager().checkRead(str);
                }
                if (this.knownhostsFile.exists()) {
                    fileInputStream = new FileInputStream(this.knownhostsFile);
                    BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(fileInputStream));
                    while (true) {
                        String readLine = bufferedReader.readLine();
                        if (readLine == null) {
                            break;
                        }
                        String trim = readLine.trim();
                        if (!trim.equals("")) {
                            StringTokenizer stringTokenizer = new StringTokenizer(trim, " ");
                            if (stringTokenizer.hasMoreTokens()) {
                                String str3 = (String) stringTokenizer.nextElement();
                                String str4 = null;
                                try {
                                } catch (NumberFormatException e2) {
                                    if (!stringTokenizer.hasMoreTokens()) {
                                        onInvalidHostEntry(trim);
                                    } else if (!str4.equalsIgnoreCase("@cert-authority") && !str4.equalsIgnoreCase("@revoked")) {
                                        try {
                                            putAllowedKey(str3, SshPublicKeyFileFactory.decodeSSH2PublicKey((String) null, Base64.decode((String) stringTokenizer.nextElement())), true);
                                        } catch (IOException e3) {
                                            onInvalidHostEntry(trim);
                                        } catch (OutOfMemoryError e4) {
                                            bufferedReader.close();
                                            throw new SshException("Error parsing known_hosts file, is your file corrupt? " + this.knownhostsFile.getAbsolutePath(), 17);
                                        }
                                    }
                                } catch (OutOfMemoryError e5) {
                                    bufferedReader.close();
                                    throw new SshException("Error parsing known_hosts file, is your file corrupt? " + this.knownhostsFile.getAbsolutePath(), 17);
                                }
                                if (stringTokenizer.hasMoreTokens()) {
                                    Integer.parseInt((String) stringTokenizer.nextElement());
                                    if (stringTokenizer.hasMoreTokens()) {
                                        String str5 = (String) stringTokenizer.nextElement();
                                        if (stringTokenizer.hasMoreTokens()) {
                                            String str6 = (String) stringTokenizer.nextElement();
                                            putAllowedKey(str3, ComponentManager.getInstance().createRsaPublicKey(new BigInteger(str6), new BigInteger(str5), 1), true);
                                        } else {
                                            onInvalidHostEntry(trim);
                                        }
                                    } else {
                                        onInvalidHostEntry(trim);
                                    }
                                } else {
                                    onInvalidHostEntry(trim);
                                }
                            } else {
                                onInvalidHostEntry(trim);
                            }
                        }
                    }
                    bufferedReader.close();
                    fileInputStream.close();
                    this.hostFileWriteable = this.knownhostsFile.canWrite();
                } else {
                    new File(this.knownhostsFile.getParent()).mkdirs();
                    FileOutputStream fileOutputStream = new FileOutputStream(this.knownhostsFile);
                    fileOutputStream.write(toString().getBytes());
                    fileOutputStream.close();
                    this.hostFileWriteable = true;
                }
                this.knownhosts = str;
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e6) {
                    }
                }
            } catch (Throwable th) {
                if (0 != 0) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e7) {
                    }
                }
                throw th;
            }
        } catch (IOException e8) {
            this.hostFileWriteable = false;
            if (0 != 0) {
                try {
                    fileInputStream.close();
                } catch (IOException e9) {
                }
            }
        }
    }

    public void setHashHosts(boolean z) {
        this.hashHosts = z;
    }

    protected void onInvalidHostEntry(String str) throws SshException {
    }

    public boolean isHostFileWriteable() {
        return this.hostFileWriteable;
    }

    public abstract void onHostKeyMismatch(String str, SshPublicKey sshPublicKey, SshPublicKey sshPublicKey2) throws SshException;

    public abstract void onUnknownHost(String str, SshPublicKey sshPublicKey) throws SshException;

    public void allowHost(String str, SshPublicKey sshPublicKey, boolean z) throws SshException {
        if (!this.hashHosts || str.startsWith(HASH_MAGIC)) {
            putAllowedKey(str, sshPublicKey, z);
        } else {
            SshHmac sshHmac = (SshHmac) ComponentManager.getInstance().supportedHMacsCS().getInstance(Ssh2Context.HMAC_SHA1);
            byte[] bArr = new byte[sshHmac.getMacLength()];
            ComponentManager.getInstance().getRND().nextBytes(bArr);
            sshHmac.init(bArr);
            sshHmac.update(str.getBytes());
            putAllowedKey(HASH_MAGIC + Base64.encodeBytes(bArr, false) + HASH_DELIM + Base64.encodeBytes(sshHmac.doFinal(), false), sshPublicKey, z);
        }
        if (z) {
            try {
                saveHostFile();
            } catch (IOException e) {
                throw new SshException("knownhosts file could not be saved! " + e.getMessage(), 5);
            }
        }
    }

    public Hashtable<String, Hashtable<String, SshPublicKey>> allowedHosts() {
        return this.allowedHosts;
    }

    public synchronized void removeAllowedHost(String str) {
        if (this.allowedHosts.containsKey(str)) {
            this.allowedHosts.remove(str);
        }
    }

    @Override // com.maverick.ssh.HostKeyVerification
    public boolean verifyHost(String str, SshPublicKey sshPublicKey) throws SshException {
        return verifyHost(str, sshPublicKey, true);
    }

    private synchronized boolean verifyHost(String str, SshPublicKey sshPublicKey, boolean z) throws SshException {
        String str2 = null;
        String str3 = null;
        if (AdaptiveConfiguration.getBoolean("knownHosts.enableReverseDNS", true, new String[0])) {
            try {
                InetAddress byName = InetAddress.getByName(str);
                str2 = byName.getHostName();
                str3 = byName.getHostAddress();
            } catch (UnknownHostException e) {
            }
        }
        Enumeration<String> keys = this.allowedHosts.keys();
        while (keys.hasMoreElements()) {
            String nextElement = keys.nextElement();
            if (nextElement.startsWith(HASH_MAGIC)) {
                if (checkHash(nextElement, str)) {
                    return validateHost(nextElement, sshPublicKey);
                }
                if (str3 != null && checkHash(nextElement, str3)) {
                    return validateHost(nextElement, sshPublicKey);
                }
            } else if (nextElement.equals(str)) {
                return validateHost(nextElement, sshPublicKey);
            }
            StringTokenizer stringTokenizer = new StringTokenizer(nextElement, ",");
            while (stringTokenizer.hasMoreElements()) {
                String str4 = (String) stringTokenizer.nextElement();
                if (str.equals(str4) || ((str2 != null && str4.equals(str2)) || (str3 != null && str4.equals(str3)))) {
                    return validateHost(nextElement, sshPublicKey);
                }
            }
        }
        Enumeration<String> keys2 = this.temporaryHosts.keys();
        while (keys2.hasMoreElements()) {
            String nextElement2 = keys2.nextElement();
            if (nextElement2.startsWith(HASH_MAGIC)) {
                if (checkHash(nextElement2, str)) {
                    return validateHost(nextElement2, sshPublicKey);
                }
                if (str3 != null && checkHash(nextElement2, str3)) {
                    return validateHost(nextElement2, sshPublicKey);
                }
            } else if (nextElement2.equals(str)) {
                return validateHost(nextElement2, sshPublicKey);
            }
            StringTokenizer stringTokenizer2 = new StringTokenizer(nextElement2, ",");
            while (stringTokenizer2.hasMoreElements()) {
                String str5 = (String) stringTokenizer2.nextElement();
                if (str.equals(str5) || ((str2 != null && str5.equals(str2)) || (str3 != null && str5.equals(str3)))) {
                    return validateHost(nextElement2, sshPublicKey);
                }
            }
        }
        if (!z) {
            return false;
        }
        onUnknownHost(str, sshPublicKey);
        return verifyHost(str, sshPublicKey, false);
    }

    private boolean checkHash(String str, String str2) throws SshException {
        SshHmac sshHmac = (SshHmac) ComponentManager.getInstance().supportedHMacsCS().getInstance(Ssh2Context.HMAC_SHA1);
        String substring = str.substring(HASH_MAGIC.length());
        String substring2 = substring.substring(0, substring.indexOf(HASH_DELIM));
        byte[] decode = Base64.decode(substring.substring(substring.indexOf(HASH_DELIM) + 1));
        sshHmac.init(Base64.decode(substring2));
        sshHmac.update(str2.getBytes());
        return Arrays.equals(decode, sshHmac.doFinal());
    }

    private boolean validateHost(String str, SshPublicKey sshPublicKey) throws SshException {
        SshPublicKey allowedKey = getAllowedKey(str, sshPublicKey.getAlgorithm());
        if (allowedKey != null && sshPublicKey.equals(allowedKey)) {
            return true;
        }
        if (allowedKey == null) {
            onUnknownHost(str, sshPublicKey);
        } else {
            onHostKeyMismatch(str, allowedKey, sshPublicKey);
        }
        return checkKey(str, sshPublicKey);
    }

    private boolean checkKey(String str, SshPublicKey sshPublicKey) {
        SshPublicKey allowedKey = getAllowedKey(str, sshPublicKey.getAlgorithm());
        return allowedKey != null && allowedKey.equals(sshPublicKey);
    }

    private synchronized SshPublicKey getAllowedKey(String str, String str2) {
        try {
            for (String str3 : this.temporaryHosts.keySet()) {
                if (str3.startsWith(HASH_DELIM) && checkHash(str3, str)) {
                    return this.temporaryHosts.get(str3).get(str2);
                }
            }
        } catch (SshException e) {
        }
        if (this.temporaryHosts.containsKey(str)) {
            return this.temporaryHosts.get(str).get(str2);
        }
        try {
            for (String str4 : this.allowedHosts.keySet()) {
                if (str4.startsWith(HASH_DELIM) && checkHash(str4, str)) {
                    return this.allowedHosts.get(str4).get(str2);
                }
            }
        } catch (SshException e2) {
        }
        if (this.allowedHosts.containsKey(str)) {
            return this.allowedHosts.get(str).get(str2);
        }
        return null;
    }

    private synchronized void putAllowedKey(String str, SshPublicKey sshPublicKey, boolean z) {
        if (z) {
            if (!this.allowedHosts.containsKey(str)) {
                this.allowedHosts.put(str, new Hashtable<>());
            }
            this.allowedHosts.get(str).put(sshPublicKey.getAlgorithm(), sshPublicKey);
        } else {
            if (!this.temporaryHosts.containsKey(str)) {
                this.temporaryHosts.put(str, new Hashtable<>());
            }
            this.temporaryHosts.get(str).put(sshPublicKey.getAlgorithm(), sshPublicKey);
        }
    }

    public synchronized void saveHostFile() throws IOException {
        if (!this.hostFileWriteable) {
            throw new IOException("Host file is not writeable.");
        }
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(new File(this.knownhosts));
            fileOutputStream.write(toString().getBytes());
            fileOutputStream.close();
        } catch (IOException e) {
            throw new IOException("Could not write to " + this.knownhosts);
        }
    }

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer("");
        String property = System.getProperty("line.separator");
        Enumeration<String> keys = this.allowedHosts.keys();
        while (keys.hasMoreElements()) {
            String nextElement = keys.nextElement();
            Hashtable<String, SshPublicKey> hashtable = this.allowedHosts.get(nextElement);
            Enumeration<String> keys2 = hashtable.keys();
            while (keys2.hasMoreElements()) {
                SshRsaPublicKey sshRsaPublicKey = (SshPublicKey) hashtable.get(keys2.nextElement());
                if ((sshRsaPublicKey instanceof SshRsaPublicKey) && sshRsaPublicKey.getVersion() == 1) {
                    SshRsaPublicKey sshRsaPublicKey2 = sshRsaPublicKey;
                    stringBuffer.append(nextElement + " " + String.valueOf(sshRsaPublicKey2.getModulus().bitLength()) + " " + sshRsaPublicKey2.getPublicExponent() + " " + sshRsaPublicKey2.getModulus() + property);
                } else {
                    try {
                        stringBuffer.append(nextElement + " " + sshRsaPublicKey.getAlgorithm() + " " + Base64.encodeBytes(sshRsaPublicKey.getEncoded(), true) + property);
                    } catch (SshException e) {
                    }
                }
            }
        }
        return stringBuffer.toString();
    }
}
