package hudson.plugins.sshslaves.verifiers;

import com.trilead.ssh2.KnownHosts;
import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.Extension;
import hudson.model.TaskListener;
import hudson.plugins.sshslaves.Messages;
import hudson.plugins.sshslaves.SSHLauncher;
import hudson.plugins.sshslaves.verifiers.SshHostKeyVerificationStrategy;
import hudson.slaves.ComputerLauncher;
import hudson.slaves.SlaveComputer;
import java.io.File;
import java.io.IOException;
import java.nio.file.Paths;
import org.apache.commons.lang.StringUtils;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;
import org.kohsuke.stapler.DataBoundConstructor;

/* loaded from: input_file:WEB-INF/lib/ssh-slaves.jar:hudson/plugins/sshslaves/verifiers/KnownHostsFileKeyVerificationStrategy.class */
public class KnownHostsFileKeyVerificationStrategy extends SshHostKeyVerificationStrategy {
    public static final String KNOWN_HOSTS_DEFAULT = Paths.get(System.getProperty("user.home"), ".ssh", "known_hosts").toString();
    public static final String KNOWN_HOSTS_PROPERTY = KnownHostsFileKeyVerificationStrategy.class.getName() + ".known_hosts_file";
    private static final String KNOWN_HOSTS_FILE_PATH = StringUtils.defaultIfBlank(System.getProperty(KNOWN_HOSTS_PROPERTY), KNOWN_HOSTS_DEFAULT);
    private static final File KNOWN_HOSTS_FILE = new File(KNOWN_HOSTS_FILE_PATH);

    @Extension
    /* loaded from: input_file:WEB-INF/lib/ssh-slaves.jar:hudson/plugins/sshslaves/verifiers/KnownHostsFileKeyVerificationStrategy$KnownHostsFileKeyVerificationStrategyDescriptor.class */
    public static class KnownHostsFileKeyVerificationStrategyDescriptor extends SshHostKeyVerificationStrategy.SshHostKeyVerificationStrategyDescriptor {
        @NonNull
        public String getDisplayName() {
            return Messages.KnownHostsFileHostKeyVerifier_DisplayName();
        }
    }

    @DataBoundConstructor
    public KnownHostsFileKeyVerificationStrategy() {
    }

    @Override // hudson.plugins.sshslaves.verifiers.SshHostKeyVerificationStrategy
    public boolean verify(SlaveComputer slaveComputer, HostKey hostKey, TaskListener taskListener) throws Exception {
        ComputerLauncher launcher = slaveComputer.getLauncher();
        if (!(launcher instanceof SSHLauncher)) {
            return false;
        }
        if (!KNOWN_HOSTS_FILE.exists()) {
            taskListener.getLogger().println(Messages.KnownHostsFileHostKeyVerifier_NoKnownHostsFile(KNOWN_HOSTS_FILE.getAbsolutePath()));
            return false;
        }
        SSHLauncher sSHLauncher = (SSHLauncher) launcher;
        String host = sSHLauncher.getHost();
        String str = host + ":" + sSHLauncher.getPort();
        taskListener.getLogger().println(Messages.KnownHostsFileHostKeyVerifier_SearchingFor(host, KNOWN_HOSTS_FILE));
        int verify = verify(host, hostKey.getAlgorithm(), hostKey.getKey());
        taskListener.getLogger().println(Messages.KnownHostsFileHostKeyVerifier_SearchingFor(str, KNOWN_HOSTS_FILE));
        int verify2 = verify(str, hostKey.getAlgorithm(), hostKey.getKey());
        if (0 == verify || 0 == verify2) {
            taskListener.getLogger().println(Messages.KnownHostsFileHostKeyVerifier_KeyTrusted(SSHLauncher.getTimestamp()));
            return true;
        }
        if (1 == verify && 1 == verify2) {
            taskListener.getLogger().println(Messages.KnownHostsFileHostKeyVerifier_NewKeyNotTrusted(SSHLauncher.getTimestamp()));
            return false;
        }
        taskListener.getLogger().println(Messages.KnownHostsFileHostKeyVerifier_ChangedKeyNotTrusted(SSHLauncher.getTimestamp()));
        return false;
    }

    private int verify(String str, String str2, byte[] bArr) throws IOException {
        return new KnownHosts(KNOWN_HOSTS_FILE).verifyHostkey(str, str2, bArr);
    }

    @Override // hudson.plugins.sshslaves.verifiers.SshHostKeyVerificationStrategy
    public String[] getPreferredKeyAlgorithms(SlaveComputer slaveComputer) throws IOException {
        ComputerLauncher launcher = slaveComputer.getLauncher();
        return ((launcher instanceof SSHLauncher) && KNOWN_HOSTS_FILE.exists()) ? new KnownHosts(KNOWN_HOSTS_FILE).getPreferredServerHostkeyAlgorithmOrder(((SSHLauncher) launcher).getHost()) : super.getPreferredKeyAlgorithms(slaveComputer);
    }

    @Restricted({NoExternalUse.class})
    public File getKnownHostsFile() {
        return KNOWN_HOSTS_FILE;
    }
}
