package ch.cyberduck.core.sftp.openssh;

import ch.cyberduck.core.Local;
import ch.cyberduck.core.exception.AccessDeniedException;
import ch.cyberduck.core.exception.ChecksumException;
import ch.cyberduck.core.exception.ConnectionCanceledException;
import ch.cyberduck.core.local.LocalTouchFactory;
import ch.cyberduck.core.preferences.PreferencesFactory;
import ch.cyberduck.core.sftp.PreferencesHostKeyVerifier;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.SecureRandom;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import net.schmizz.sshj.common.KeyType;
import net.schmizz.sshj.common.SSHRuntimeException;
import net.schmizz.sshj.transport.verification.OpenSSHKnownHosts;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.io.IOUtils;
import org.apache.log4j.Logger;

/* loaded from: input_file:ch/cyberduck/core/sftp/openssh/OpenSSHHostKeyVerifier.class */
public abstract class OpenSSHHostKeyVerifier extends PreferencesHostKeyVerifier {
    private static final Logger log = Logger.getLogger(OpenSSHHostKeyVerifier.class);
    protected OpenSSHKnownHosts database;
    private final Local file;

    /* loaded from: input_file:ch/cyberduck/core/sftp/openssh/OpenSSHHostKeyVerifier$DelegatingOpenSSHKnownHosts.class */
    private final class DelegatingOpenSSHKnownHosts extends OpenSSHKnownHosts {
        public DelegatingOpenSSHKnownHosts(Local local) throws IOException {
            super(new File(local.getAbsolute()));
        }

        protected boolean hostKeyUnverifiableAction(String str, PublicKey publicKey) {
            try {
                return OpenSSHHostKeyVerifier.this.isUnknownKeyAccepted(str, publicKey);
            } catch (ConnectionCanceledException | ChecksumException e) {
                return false;
            }
        }

        protected boolean hostKeyChangedAction(OpenSSHKnownHosts.KnownHostEntry knownHostEntry, String str, PublicKey publicKey) {
            try {
                boolean isChangedKeyAccepted = OpenSSHHostKeyVerifier.this.isChangedKeyAccepted(str, publicKey);
                if (isChangedKeyAccepted) {
                    OpenSSHHostKeyVerifier.this.database.entries().remove(knownHostEntry);
                    try {
                        OpenSSHHostKeyVerifier.this.database.write();
                    } catch (IOException e) {
                        this.log.error(String.format("Failure removing host key from database: %s", e.getMessage()));
                    }
                }
                return isChangedKeyAccepted;
            } catch (ConnectionCanceledException | ChecksumException e2) {
                return false;
            }
        }
    }

    public OpenSSHHostKeyVerifier(Local local) {
        this.file = local;
        InputStream inputStream = null;
        try {
            try {
                if (!local.exists()) {
                    LocalTouchFactory.get().touch(local);
                }
                inputStream = local.getInputStream();
                this.database = new DelegatingOpenSSHKnownHosts(local);
                IOUtils.closeQuietly(inputStream);
            } catch (AccessDeniedException e) {
                log.error(String.format("Cannot read known hosts file %s", local));
                IOUtils.closeQuietly(inputStream);
            } catch (IOException | SSHRuntimeException e2) {
                log.error(String.format("Cannot read known hosts file %s", local), e2);
                IOUtils.closeQuietly(inputStream);
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly(inputStream);
            throw th;
        }
    }

    @Override // ch.cyberduck.core.sftp.PreferencesHostKeyVerifier
    public boolean verify(String str, int i, PublicKey publicKey) throws ConnectionCanceledException, ChecksumException {
        return null == this.database ? super.verify(str, i, publicKey) : this.database.verify(str, i, publicKey);
    }

    @Override // ch.cyberduck.core.sftp.PreferencesHostKeyVerifier, ch.cyberduck.core.sftp.AbstractHostKeyCallback
    public void allow(String str, PublicKey publicKey, boolean z) {
        if (null == this.database) {
            super.allow(str, publicKey, z);
            return;
        }
        try {
            OpenSSHKnownHosts.HostEntry hostEntry = new OpenSSHKnownHosts.HostEntry((OpenSSHKnownHosts.Marker) null, PreferencesFactory.get().getBoolean("ssh.knownhosts.hostname.hash") ? hash(str) : str, KeyType.fromKey(publicKey), publicKey);
            this.database.entries().add(hostEntry);
            if (z && this.file.attributes().getPermission().isWritable()) {
                this.database.write(hostEntry);
            }
        } catch (IOException e) {
            log.error(String.format("Failure adding host key to database: %s", e.getMessage()));
            super.allow(str, publicKey, z);
        }
    }

    private static String hash(String str) throws IOException {
        try {
            byte[] bArr = new byte[MessageDigest.getInstance("SHA-1").getDigestLength()];
            new SecureRandom().nextBytes(bArr);
            try {
                return String.format("|1|%s|%s", new String(Base64.encodeBase64(bArr)), new String(Base64.encodeBase64(hmacSha1Hash(bArr, str))));
            } catch (IOException e) {
                throw new IOException(e);
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new IOException(e2);
        }
    }

    private static byte[] hmacSha1Hash(byte[] bArr, String str) throws IOException {
        try {
            Mac mac = Mac.getInstance("HmacSHA1");
            mac.init(new SecretKeySpec(bArr, 0, bArr.length, mac.getAlgorithm()));
            mac.update(str.getBytes());
            return mac.doFinal();
        } catch (GeneralSecurityException e) {
            throw new IOException(e);
        }
    }

    public String toString() {
        StringBuilder sb = new StringBuilder("OpenSSHHostKeyVerifier{");
        sb.append("database=").append(this.database);
        sb.append(", file=").append(this.file);
        sb.append('}');
        return sb.toString();
    }
}
