package net.schmizz.sshj.transport.verification;

import java.io.BufferedOutputStream;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileOutputStream;
import java.io.FileReader;
import java.io.IOException;
import java.math.BigInteger;
import java.security.PublicKey;
import java.security.spec.RSAPublicKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import net.schmizz.sshj.common.Base64;
import net.schmizz.sshj.common.Buffer;
import net.schmizz.sshj.common.IOUtils;
import net.schmizz.sshj.common.KeyType;
import net.schmizz.sshj.common.SSHException;
import net.schmizz.sshj.common.SecurityUtils;
import net.schmizz.sshj.transport.mac.HMACSHA1;
import net.schmizz.sshj.transport.mac.MAC;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/sshj-0.7.0.jar:net/schmizz/sshj/transport/verification/OpenSSHKnownHosts.class */
public class OpenSSHKnownHosts implements HostKeyVerifier {
    protected final File khFile;
    private static final Logger LOG = LoggerFactory.getLogger(OpenSSHKnownHosts.class);
    private static final String LS = System.getProperty("line.separator");
    protected final Logger log = LoggerFactory.getLogger(getClass());
    protected final List<HostEntry> entries = new ArrayList();

    /* loaded from: input_file:WEB-INF/lib/sshj-0.7.0.jar:net/schmizz/sshj/transport/verification/OpenSSHKnownHosts$AbstractEntry.class */
    public static abstract class AbstractEntry implements HostEntry {
        protected final Marker marker;
        protected final KeyType type;
        protected final PublicKey key;

        public AbstractEntry(Marker marker, KeyType keyType, PublicKey publicKey) {
            this.marker = marker;
            this.type = keyType;
            this.key = publicKey;
        }

        @Override // net.schmizz.sshj.transport.verification.OpenSSHKnownHosts.HostEntry
        public boolean verify(PublicKey publicKey) throws IOException {
            return publicKey.equals(this.key) && this.marker != Marker.REVOKED;
        }

        @Override // net.schmizz.sshj.transport.verification.OpenSSHKnownHosts.HostEntry
        public String getLine() {
            StringBuilder sb = new StringBuilder();
            if (this.marker != null) {
                sb.append(this.marker.getMarkerString()).append(" ");
            }
            sb.append(getHostPart());
            sb.append(" ").append(this.type.toString());
            sb.append(" ").append(getKeyString());
            return sb.toString();
        }

        private String getKeyString() {
            Buffer.PlainBuffer putPublicKey = new Buffer.PlainBuffer().putPublicKey(this.key);
            return Base64.encodeBytes(putPublicKey.array(), putPublicKey.rpos(), putPublicKey.available());
        }

        protected abstract String getHostPart();
    }

    /* loaded from: input_file:WEB-INF/lib/sshj-0.7.0.jar:net/schmizz/sshj/transport/verification/OpenSSHKnownHosts$CommentEntry.class */
    public static class CommentEntry implements HostEntry {
        private final String comment;

        public CommentEntry(String str) {
            this.comment = str;
        }

        @Override // net.schmizz.sshj.transport.verification.OpenSSHKnownHosts.HostEntry
        public boolean appliesTo(KeyType keyType, String str) {
            return false;
        }

        @Override // net.schmizz.sshj.transport.verification.OpenSSHKnownHosts.HostEntry
        public boolean verify(PublicKey publicKey) {
            return false;
        }

        @Override // net.schmizz.sshj.transport.verification.OpenSSHKnownHosts.HostEntry
        public String getLine() {
            return this.comment;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/sshj-0.7.0.jar:net/schmizz/sshj/transport/verification/OpenSSHKnownHosts$EntryFactory.class */
    public static class EntryFactory {
        public static HostEntry parseEntry(String str) throws IOException {
            PublicKey generatePublic;
            if (isComment(str)) {
                return new CommentEntry(str);
            }
            String[] split = str.split(" ");
            int i = 0;
            Marker fromString = Marker.fromString(split[0]);
            if (fromString != null) {
                i = 0 + 1;
            }
            int i2 = i;
            int i3 = i + 1;
            String str2 = split[i2];
            int i4 = i3 + 1;
            String str3 = split[i3];
            KeyType fromString2 = KeyType.fromString(str3);
            if (fromString2 != KeyType.UNKNOWN) {
                int i5 = i4 + 1;
                generatePublic = getKey(split[i4]);
            } else {
                if (!isBits(str3)) {
                    OpenSSHKnownHosts.LOG.error("Error reading entry `{}`, could not determine type", str);
                    return null;
                }
                fromString2 = KeyType.RSA;
                int i6 = i4 + 1;
                BigInteger bigInteger = new BigInteger(split[i4]);
                int i7 = i6 + 1;
                try {
                    generatePublic = SecurityUtils.getKeyFactory("RSA").generatePublic(new RSAPublicKeySpec(new BigInteger(split[i6]), bigInteger));
                } catch (Exception e) {
                    OpenSSHKnownHosts.LOG.error("Error reading entry `{}`, could not create key", str, e);
                    return null;
                }
            }
            return isHashed(str2) ? new HashedEntry(fromString, str2, fromString2, generatePublic) : new SimpleEntry(fromString, str2, fromString2, generatePublic);
        }

        private static PublicKey getKey(String str) throws IOException {
            return new Buffer.PlainBuffer(Base64.decode(str)).readPublicKey();
        }

        private static boolean isBits(String str) {
            try {
                Integer.parseInt(str);
                return true;
            } catch (NumberFormatException e) {
                return false;
            }
        }

        private static boolean isComment(String str) {
            return str.isEmpty() || str.startsWith("#");
        }

        public static boolean isHashed(String str) {
            return str.startsWith("|1|");
        }
    }

    /* loaded from: input_file:WEB-INF/lib/sshj-0.7.0.jar:net/schmizz/sshj/transport/verification/OpenSSHKnownHosts$HashedEntry.class */
    public static class HashedEntry extends AbstractEntry {
        private final MAC sha1;
        private final String hashedHost;
        private final String salt;
        private byte[] saltyBytes;

        public HashedEntry(Marker marker, String str, KeyType keyType, PublicKey publicKey) throws SSHException {
            super(marker, keyType, publicKey);
            this.sha1 = new HMACSHA1();
            this.hashedHost = str;
            String[] split = this.hashedHost.split("\\|");
            if (split.length != 4) {
                throw new SSHException("Unrecognized format for hashed hostname");
            }
            this.salt = split[2];
        }

        @Override // net.schmizz.sshj.transport.verification.OpenSSHKnownHosts.HostEntry
        public boolean appliesTo(KeyType keyType, String str) throws IOException {
            return this.type == keyType && this.hashedHost.equals(hashHost(str));
        }

        private String hashHost(String str) throws IOException {
            this.sha1.init(getSaltyBytes());
            return "|1|" + this.salt + "|" + Base64.encodeBytes(this.sha1.doFinal(str.getBytes(IOUtils.UTF8)));
        }

        private byte[] getSaltyBytes() throws IOException {
            if (this.saltyBytes == null) {
                this.saltyBytes = Base64.decode(this.salt);
            }
            return this.saltyBytes;
        }

        @Override // net.schmizz.sshj.transport.verification.OpenSSHKnownHosts.AbstractEntry, net.schmizz.sshj.transport.verification.OpenSSHKnownHosts.HostEntry
        public String getLine() {
            return null;
        }

        @Override // net.schmizz.sshj.transport.verification.OpenSSHKnownHosts.AbstractEntry
        protected String getHostPart() {
            return this.hashedHost;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/sshj-0.7.0.jar:net/schmizz/sshj/transport/verification/OpenSSHKnownHosts$HostEntry.class */
    public interface HostEntry {
        boolean appliesTo(KeyType keyType, String str) throws IOException;

        boolean verify(PublicKey publicKey) throws IOException;

        String getLine();
    }

    /* loaded from: input_file:WEB-INF/lib/sshj-0.7.0.jar:net/schmizz/sshj/transport/verification/OpenSSHKnownHosts$Marker.class */
    public enum Marker {
        CA_CERT("@cert-authority"),
        REVOKED("@revoked");

        private final String sMarker;

        Marker(String str) {
            this.sMarker = str;
        }

        public String getMarkerString() {
            return this.sMarker;
        }

        public static Marker fromString(String str) {
            for (Marker marker : values()) {
                if (marker.sMarker.equals(str)) {
                    return marker;
                }
            }
            return null;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/sshj-0.7.0.jar:net/schmizz/sshj/transport/verification/OpenSSHKnownHosts$SimpleEntry.class */
    public static class SimpleEntry extends AbstractEntry {
        private final List<String> hosts;
        private final String hostnames;

        public SimpleEntry(Marker marker, String str, KeyType keyType, PublicKey publicKey) {
            super(marker, keyType, publicKey);
            this.hostnames = str;
            this.hosts = Arrays.asList(str.split(","));
        }

        @Override // net.schmizz.sshj.transport.verification.OpenSSHKnownHosts.AbstractEntry
        protected String getHostPart() {
            return this.hostnames;
        }

        @Override // net.schmizz.sshj.transport.verification.OpenSSHKnownHosts.HostEntry
        public boolean appliesTo(KeyType keyType, String str) throws IOException {
            return keyType == this.type && this.hostnames.contains(str);
        }
    }

    public OpenSSHKnownHosts(File file) throws IOException {
        this.khFile = file;
        if (!file.exists()) {
            return;
        }
        BufferedReader bufferedReader = new BufferedReader(new FileReader(file));
        while (true) {
            try {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    IOUtils.closeQuietly(bufferedReader);
                    return;
                }
                try {
                    HostEntry parseEntry = EntryFactory.parseEntry(readLine);
                    if (parseEntry != null) {
                        this.entries.add(parseEntry);
                    }
                } catch (SSHException e) {
                    this.log.debug("Bad line ({}): {} ", e.toString(), readLine);
                }
            } catch (Throwable th) {
                IOUtils.closeQuietly(bufferedReader);
                throw th;
            }
        }
    }

    public File getFile() {
        return this.khFile;
    }

    @Override // net.schmizz.sshj.transport.verification.HostKeyVerifier
    public boolean verify(String str, int i, PublicKey publicKey) {
        KeyType fromKey = KeyType.fromKey(publicKey);
        if (fromKey == KeyType.UNKNOWN) {
            return false;
        }
        String str2 = i != 22 ? "[" + str + "]:" + i : str;
        for (HostEntry hostEntry : this.entries) {
            try {
                if (hostEntry.appliesTo(fromKey, str2)) {
                    if (!hostEntry.verify(publicKey)) {
                        if (!hostKeyChangedAction(hostEntry, str2, publicKey)) {
                            return false;
                        }
                    }
                    return true;
                }
            } catch (IOException e) {
                this.log.error("Error with {}: {}", hostEntry, e);
                return false;
            }
        }
        return hostKeyUnverifiableAction(str2, publicKey);
    }

    protected boolean hostKeyUnverifiableAction(String str, PublicKey publicKey) {
        return false;
    }

    protected boolean hostKeyChangedAction(HostEntry hostEntry, String str, PublicKey publicKey) {
        this.log.warn("Host key for `{}` has changed!", str);
        return false;
    }

    public List<HostEntry> entries() {
        return this.entries;
    }

    public void write() throws IOException {
        BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(new FileOutputStream(this.khFile));
        try {
            Iterator<HostEntry> it = this.entries.iterator();
            while (it.hasNext()) {
                bufferedOutputStream.write((it.next().getLine() + LS).getBytes(IOUtils.UTF8));
            }
        } finally {
            bufferedOutputStream.close();
        }
    }

    public static File detectSSHDir() {
        File file = new File(System.getProperty("user.home"), ".ssh");
        if (file.exists()) {
            return file;
        }
        return null;
    }
}
