package com.sshtools.common.knownhosts;

import com.sshtools.common.publickey.SshKeyUtils;
import com.sshtools.common.ssh.SshException;
import com.sshtools.common.ssh.components.ComponentManager;
import com.sshtools.common.ssh.components.SshHmac;
import com.sshtools.common.ssh.components.SshPublicKey;
import com.sshtools.common.ssh.components.jce.OpenSshCertificate;
import com.sshtools.common.util.Base64;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

/* loaded from: input_file:com/sshtools/common/knownhosts/KnownHostsKeyVerification.class */
public class KnownHostsKeyVerification implements HostKeyVerification, HostKeyUpdater {
    private static final String HASH_MAGIC = "|1|";
    private static final String HASH_DELIM = "|";
    LinkedList<HostFileEntry> entries = new LinkedList<>();
    Set<KeyEntry> keyEntries = new LinkedHashSet();
    Set<KeyEntry> revokedEntries = new LinkedHashSet();
    Map<SshPublicKey, List<KeyEntry>> entriesByPublicKey = new HashMap();
    List<CertAuthorityEntry> certificateAuthorities = new ArrayList();
    private boolean hashHosts = false;
    private boolean useCanonicalHostname = System.getProperty("maverick.knownHosts.enableReverseDNS", "true").equalsIgnoreCase("true");
    private boolean useReverseDNS = System.getProperty("maverick.knownHosts.enableReverseDNS", "true").equalsIgnoreCase("true");
    Pattern nonStandard = Pattern.compile("\\[([^\\]]+)\\]:([\\d]{1,5})");

    /* loaded from: input_file:com/sshtools/common/knownhosts/KnownHostsKeyVerification$BlankEntry.class */
    public class BlankEntry extends NonValidatingFileEntry {
        public BlankEntry() {
            super();
        }

        @Override // com.sshtools.common.knownhosts.KnownHostsKeyVerification.HostFileEntry
        String getFormattedLine() {
            return "";
        }
    }

    /* loaded from: input_file:com/sshtools/common/knownhosts/KnownHostsKeyVerification$CertAuthorityEntry.class */
    public class CertAuthorityEntry extends KeyEntry {
        CertAuthorityEntry(Set<String> set, SshPublicKey sshPublicKey, String str) {
            super(set, sshPublicKey, str);
        }

        @Override // com.sshtools.common.knownhosts.KnownHostsKeyVerification.HostFileEntry
        String getFormattedLine() {
            try {
                return String.format("@cert-authority %s %s", getNames(), SshKeyUtils.getFormattedKey(this.key, this.comment));
            } catch (IOException e) {
                throw new IllegalStateException(e.getMessage(), e);
            }
        }

        @Override // com.sshtools.common.knownhosts.KnownHostsKeyVerification.KeyEntry, com.sshtools.common.knownhosts.KnownHostsKeyVerification.HostFileEntry
        boolean canValidate() {
            return true;
        }

        @Override // com.sshtools.common.knownhosts.KnownHostsKeyVerification.KeyEntry, com.sshtools.common.knownhosts.KnownHostsKeyVerification.HostFileEntry
        boolean validate(SshPublicKey sshPublicKey, String... strArr) throws SshException {
            if (matchesHost(strArr) && (sshPublicKey instanceof OpenSshCertificate)) {
                return ((OpenSshCertificate) sshPublicKey).getSignedBy().equals(this.key);
            }
            return false;
        }

        @Override // com.sshtools.common.knownhosts.KnownHostsKeyVerification.KeyEntry
        public final boolean isCertAuthority() {
            return true;
        }
    }

    /* loaded from: input_file:com/sshtools/common/knownhosts/KnownHostsKeyVerification$CommentEntry.class */
    public class CommentEntry extends NonValidatingFileEntry {
        String comment;

        CommentEntry(String str) {
            super();
            this.comment = str;
        }

        @Override // com.sshtools.common.knownhosts.KnownHostsKeyVerification.HostFileEntry
        String getFormattedLine() {
            return String.format("#%s", this.comment);
        }
    }

    /* loaded from: input_file:com/sshtools/common/knownhosts/KnownHostsKeyVerification$HostFileEntry.class */
    public abstract class HostFileEntry {
        public HostFileEntry() {
        }

        abstract String getFormattedLine();

        abstract boolean canValidate();

        abstract boolean validate(SshPublicKey sshPublicKey, String... strArr) throws SshException;
    }

    /* loaded from: input_file:com/sshtools/common/knownhosts/KnownHostsKeyVerification$KeyEntry.class */
    public abstract class KeyEntry extends HostFileEntry {
        String comment;
        Set<String> names;
        SshPublicKey key;
        boolean hashedEntry;

        KeyEntry(Set<String> set, SshPublicKey sshPublicKey, String str) {
            super();
            this.hashedEntry = false;
            this.names = set;
            this.key = sshPublicKey;
            this.comment = str;
            if (set.size() == 1 && set.iterator().next().startsWith(KnownHostsKeyVerification.HASH_DELIM)) {
                this.hashedEntry = true;
            }
        }

        public boolean isHashedEntry() {
            return this.hashedEntry;
        }

        public SshPublicKey getKey() {
            return this.key;
        }

        public String getNames() {
            StringBuffer stringBuffer = new StringBuffer();
            for (String str : this.names) {
                if (stringBuffer.length() > 0) {
                    stringBuffer.append(",");
                }
                stringBuffer.append(str);
            }
            return stringBuffer.toString();
        }

        boolean matchesHash(String str, String... strArr) throws SshException {
            for (String str2 : strArr) {
                if (KnownHostsKeyVerification.this.checkHash(str, str2)) {
                    return true;
                }
            }
            return false;
        }

        boolean matchesHost(String... strArr) throws SshException {
            boolean z = true;
            boolean z2 = false;
            for (String str : this.names) {
                if (str.startsWith(KnownHostsKeyVerification.HASH_MAGIC)) {
                    return matchesHash(str, strArr);
                }
                if (str.startsWith("!")) {
                    if (matches(str.substring(1), strArr)) {
                        z = false;
                        z2 = true;
                    }
                } else if (matches(str, strArr)) {
                    z2 = true;
                }
            }
            if (z2) {
                return z;
            }
            return false;
        }

        @Override // com.sshtools.common.knownhosts.KnownHostsKeyVerification.HostFileEntry
        boolean canValidate() {
            return true;
        }

        @Override // com.sshtools.common.knownhosts.KnownHostsKeyVerification.HostFileEntry
        boolean validate(SshPublicKey sshPublicKey, String... strArr) throws SshException {
            if (matchesHost(strArr)) {
                return sshPublicKey.equals(this.key);
            }
            return false;
        }

        boolean matches(String str, String... strArr) {
            String replace = str.replace(".", "\\.").replace("[", "\\[").replace("]", "\\]");
            if (replace.contains("*")) {
                replace = replace.replace("*", ".*");
            }
            if (replace.contains("?")) {
                replace = replace.replace("?", ".");
            }
            for (String str2 : strArr) {
                if (str2.matches(replace)) {
                    return true;
                }
            }
            return false;
        }

        public String getComment() {
            return this.comment;
        }

        public boolean isRevoked() {
            return false;
        }

        public boolean isCertAuthority() {
            return false;
        }
    }

    /* loaded from: input_file:com/sshtools/common/knownhosts/KnownHostsKeyVerification$NonValidatingFileEntry.class */
    abstract class NonValidatingFileEntry extends HostFileEntry {
        NonValidatingFileEntry() {
            super();
        }

        @Override // com.sshtools.common.knownhosts.KnownHostsKeyVerification.HostFileEntry
        boolean canValidate() {
            return false;
        }

        @Override // com.sshtools.common.knownhosts.KnownHostsKeyVerification.HostFileEntry
        boolean validate(SshPublicKey sshPublicKey, String... strArr) throws SshException {
            throw new UnsupportedOperationException();
        }
    }

    /* loaded from: input_file:com/sshtools/common/knownhosts/KnownHostsKeyVerification$RevokedEntry.class */
    public class RevokedEntry extends KeyEntry {
        KeyEntry revokedEntry;

        RevokedEntry(Set<String> set, KeyEntry keyEntry) {
            super(set, keyEntry.getKey(), keyEntry.getComment());
            this.revokedEntry = keyEntry;
        }

        @Override // com.sshtools.common.knownhosts.KnownHostsKeyVerification.HostFileEntry
        String getFormattedLine() {
            return String.format("@revoked %s", this.revokedEntry.getFormattedLine());
        }

        @Override // com.sshtools.common.knownhosts.KnownHostsKeyVerification.KeyEntry, com.sshtools.common.knownhosts.KnownHostsKeyVerification.HostFileEntry
        boolean canValidate() {
            return true;
        }

        @Override // com.sshtools.common.knownhosts.KnownHostsKeyVerification.KeyEntry
        public final boolean isRevoked() {
            return true;
        }
    }

    /* loaded from: input_file:com/sshtools/common/knownhosts/KnownHostsKeyVerification$Ssh2KeyEntry.class */
    public class Ssh2KeyEntry extends KeyEntry {
        boolean hashedEntry;

        Ssh2KeyEntry(Set<String> set, SshPublicKey sshPublicKey, String str) {
            super(set, sshPublicKey, str);
            this.hashedEntry = false;
            if (set.size() == 1 && set.iterator().next().startsWith(KnownHostsKeyVerification.HASH_DELIM)) {
                this.hashedEntry = true;
            }
        }

        @Override // com.sshtools.common.knownhosts.KnownHostsKeyVerification.KeyEntry
        public boolean isHashedEntry() {
            return this.hashedEntry;
        }

        @Override // com.sshtools.common.knownhosts.KnownHostsKeyVerification.HostFileEntry
        String getFormattedLine() {
            try {
                return String.format("%s %s", getNames(), SshKeyUtils.getFormattedKey(this.key, this.comment)).trim();
            } catch (IOException e) {
                throw new IllegalStateException(e.getMessage(), e);
            }
        }
    }

    public KnownHostsKeyVerification(InputStream inputStream) throws SshException, IOException {
        load(inputStream);
    }

    public KnownHostsKeyVerification() {
    }

    public synchronized void clear() {
        this.entries.clear();
        this.keyEntries.clear();
        this.revokedEntries.clear();
        this.entriesByPublicKey.clear();
        this.certificateAuthorities.clear();
    }

    public synchronized void load(InputStream inputStream) throws SshException, IOException {
        clear();
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
        while (true) {
            try {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    return;
                }
                String trim = readLine.trim();
                if (trim.equals("")) {
                    this.entries.add(new BlankEntry());
                } else if (trim.startsWith("#")) {
                    this.entries.add(new CommentEntry(trim.substring(1)));
                } else {
                    StringTokenizer stringTokenizer = new StringTokenizer(trim, " ");
                    if (stringTokenizer.hasMoreTokens()) {
                        String str = (String) stringTokenizer.nextElement();
                        String str2 = "";
                        if (str.startsWith("@")) {
                            str2 = str;
                            str = (String) stringTokenizer.nextElement();
                        }
                        try {
                        } catch (IOException e) {
                            onInvalidHostEntry(trim);
                        } catch (OutOfMemoryError e2) {
                            bufferedReader.close();
                            throw new SshException("Error parsing known_hosts file, is your file corrupt?", 17);
                        }
                        if (stringTokenizer.hasMoreTokens()) {
                            String nextToken = stringTokenizer.nextToken();
                            if (!loadSsh1PublicKey(str, nextToken, stringTokenizer, trim)) {
                                if (stringTokenizer.hasMoreTokens()) {
                                    SshPublicKey publicKey = SshKeyUtils.getPublicKey(nextToken + " " + stringTokenizer.nextToken());
                                    StringBuffer stringBuffer = new StringBuffer();
                                    while (stringTokenizer.hasMoreTokens()) {
                                        if (stringBuffer.length() > 0) {
                                            stringBuffer.append(" ");
                                        }
                                        stringBuffer.append(stringTokenizer.nextToken());
                                    }
                                    loadSsh2PublicKey(str, str2, nextToken, publicKey, stringBuffer.toString());
                                } else {
                                    onInvalidHostEntry(trim);
                                }
                            }
                        } else {
                            onInvalidHostEntry(trim);
                        }
                    } else {
                        onInvalidHostEntry(trim);
                    }
                }
            } finally {
                bufferedReader.close();
                inputStream.close();
            }
        }
    }

    private Set<String> getNames(String str) {
        return new LinkedHashSet(Arrays.asList(str.split(",")));
    }

    private void loadSsh2PublicKey(String str, String str2, String str3, SshPublicKey sshPublicKey, String str4) throws SshException {
        KeyEntry revokedEntry;
        if (str2.equalsIgnoreCase("@cert-authority")) {
            CertAuthorityEntry certAuthorityEntry = new CertAuthorityEntry(getNames(str), sshPublicKey, str4);
            this.certificateAuthorities.add(certAuthorityEntry);
            revokedEntry = certAuthorityEntry;
        } else {
            revokedEntry = str2.equalsIgnoreCase("@revoked") ? new RevokedEntry(getNames(str), new Ssh2KeyEntry(getNames(str), sshPublicKey, str4)) : new Ssh2KeyEntry(getNames(str), sshPublicKey, str4);
        }
        addEntry(revokedEntry);
    }

    private void addEntry(KeyEntry keyEntry) {
        if (this.entriesByPublicKey.containsKey(keyEntry.getKey())) {
            removeEntries(keyEntry.getKey());
        }
        this.entriesByPublicKey.put(keyEntry.getKey(), new ArrayList());
        this.entries.add(keyEntry);
        this.entriesByPublicKey.get(keyEntry.getKey()).add(keyEntry);
        if (keyEntry instanceof KeyEntry) {
            this.keyEntries.add(keyEntry);
        }
        if (keyEntry instanceof RevokedEntry) {
            this.revokedEntries.add(keyEntry);
        }
    }

    public synchronized void setComment(KeyEntry keyEntry, String str) {
        if (!this.keyEntries.contains(keyEntry)) {
            throw new IllegalArgumentException("KeyEntry provided is no longer in this known_hosts file.");
        }
        keyEntry.comment = str;
    }

    private boolean loadSsh1PublicKey(String str, String str2, StringTokenizer stringTokenizer, String str3) throws SshException {
        return str2.matches("[0-9]+");
    }

    public synchronized void setHashHosts(boolean z) {
        this.hashHosts = z;
    }

    protected void onInvalidHostEntry(String str) throws SshException {
    }

    protected void onHostKeyMismatch(String str, List<SshPublicKey> list, SshPublicKey sshPublicKey) throws SshException {
    }

    protected void onUnknownHost(String str, SshPublicKey sshPublicKey) throws SshException {
    }

    protected void onRevokedKey(String str, SshPublicKey sshPublicKey) {
    }

    public synchronized void removeEntries(String str) throws SshException {
        ArrayList arrayList = new ArrayList();
        for (KeyEntry keyEntry : getKeyEntries()) {
            if (keyEntry.matchesHost(str)) {
                arrayList.add(keyEntry);
            }
        }
        removeEntry((KeyEntry[]) arrayList.toArray(new KeyEntry[0]));
    }

    public synchronized void removeEntries(String... strArr) throws SshException {
        for (String str : strArr) {
            removeEntries(str);
        }
    }

    public synchronized void removeEntries(SshPublicKey sshPublicKey) {
        removeEntry((KeyEntry[]) this.entriesByPublicKey.get(sshPublicKey).toArray(new KeyEntry[0]));
    }

    public synchronized void removeEntry(KeyEntry... keyEntryArr) {
        List asList = Arrays.asList(keyEntryArr);
        this.keyEntries.removeAll(asList);
        this.revokedEntries.removeAll(asList);
        this.entries.removeAll(asList);
        Iterator<Map.Entry<SshPublicKey, List<KeyEntry>>> it = this.entriesByPublicKey.entrySet().iterator();
        while (it.hasNext()) {
            it.next().getValue().removeAll(asList);
        }
        this.certificateAuthorities.removeAll(asList);
    }

    public synchronized void addEntry(SshPublicKey sshPublicKey, String str, String... strArr) throws SshException {
        if (!useHashHosts()) {
            addEntry(new Ssh2KeyEntry(new HashSet(Arrays.asList(strArr)), sshPublicKey, str));
            return;
        }
        for (String str2 : strArr) {
            addEntry(new Ssh2KeyEntry(new HashSet(Arrays.asList(generateHash(str2))), sshPublicKey, str));
        }
    }

    @Override // com.sshtools.common.knownhosts.HostKeyVerification
    public synchronized boolean verifyHost(String str, SshPublicKey sshPublicKey) throws SshException {
        return verifyHost(str, sshPublicKey, true);
    }

    private synchronized boolean verifyHost(String str, SshPublicKey sshPublicKey, boolean z) throws SshException {
        Set<String> resolveNames = resolveNames(str);
        Iterator<KeyEntry> it = this.revokedEntries.iterator();
        while (it.hasNext()) {
            if (it.next().validate(sshPublicKey, (String[]) resolveNames.toArray(new String[0]))) {
                onRevokedKey(str, sshPublicKey);
                return false;
            }
        }
        if (this.entriesByPublicKey.containsKey(sshPublicKey)) {
            Iterator<KeyEntry> it2 = this.entriesByPublicKey.get(sshPublicKey).iterator();
            while (it2.hasNext()) {
                if (it2.next().validate(sshPublicKey, (String[]) resolveNames.toArray(new String[0]))) {
                    return true;
                }
            }
        }
        if (sshPublicKey instanceof OpenSshCertificate) {
            Iterator<CertAuthorityEntry> it3 = this.certificateAuthorities.iterator();
            while (it3.hasNext()) {
                if (it3.next().validate(sshPublicKey, (String[]) resolveNames.toArray(new String[0]))) {
                    return true;
                }
            }
        }
        if (!z) {
            return false;
        }
        onUnknownHost(str, sshPublicKey);
        return verifyHost(str, sshPublicKey, false);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Set<String> resolveNames(String str) {
        String str2 = str;
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        linkedHashSet.add(str);
        Matcher matcher = this.nonStandard.matcher(str);
        boolean matches = matcher.matches();
        if (matches) {
            str2 = matcher.group(1);
        }
        if (useCanonicalHostname() || useReverseDNS()) {
            try {
                InetAddress byName = InetAddress.getByName(str2);
                if (useCanonicalHostname()) {
                    linkedHashSet.add(matches ? String.format("[%s]:%s", byName.getHostName(), matcher.group(2)) : byName.getHostName());
                }
                if (useReverseDNS()) {
                    linkedHashSet.add(matches ? String.format("[%s]:%s", byName.getHostAddress(), matcher.group(2)) : byName.getHostAddress());
                }
            } catch (UnknownHostException e) {
            }
        }
        return linkedHashSet;
    }

    public boolean useCanonicalHostname() {
        return this.useCanonicalHostname;
    }

    public boolean useReverseDNS() {
        return this.useReverseDNS;
    }

    public boolean useHashHosts() {
        return this.hashHosts;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean checkHash(String str, String str2) throws SshException {
        SshHmac componentFactory = ComponentManager.getInstance().supportedHMacsCS().getInstance("hmac-sha1");
        String substring = str.substring(HASH_MAGIC.length());
        String substring2 = substring.substring(0, substring.indexOf(HASH_DELIM));
        byte[] decode = Base64.decode(substring.substring(substring.indexOf(HASH_DELIM) + 1));
        componentFactory.init(Base64.decode(substring2));
        componentFactory.update(str2.getBytes());
        return Arrays.equals(decode, componentFactory.doFinal());
    }

    private String generateHash(String str) throws SshException {
        SshHmac componentFactory = ComponentManager.getInstance().supportedHMacsCS().getInstance("hmac-sha1");
        byte[] bArr = new byte[componentFactory.getMacLength()];
        ComponentManager.getInstance().getRND().nextBytes(bArr);
        componentFactory.init(bArr);
        componentFactory.update(str.getBytes());
        return HASH_MAGIC + Base64.encodeBytes(bArr, false) + HASH_DELIM + Base64.encodeBytes(componentFactory.doFinal(), false);
    }

    public synchronized String toString() {
        StringBuffer stringBuffer = new StringBuffer("");
        Iterator<HostFileEntry> it = this.entries.iterator();
        while (it.hasNext()) {
            stringBuffer.append(it.next().getFormattedLine());
            stringBuffer.append(System.getProperty("line.separator"));
        }
        return stringBuffer.toString();
    }

    public void setUseCanonicalHostnames(boolean z) {
        this.useCanonicalHostname = z;
    }

    public void setUseReverseDNS(boolean z) {
        this.useReverseDNS = z;
    }

    public Set<KeyEntry> getKeyEntries() {
        return this.keyEntries;
    }

    @Override // com.sshtools.common.knownhosts.HostKeyUpdater
    public boolean isKnownHost(String str, SshPublicKey sshPublicKey) throws SshException {
        return verifyHost(str, sshPublicKey, false);
    }

    @Override // com.sshtools.common.knownhosts.HostKeyUpdater
    public void updateHostKey(String str, SshPublicKey sshPublicKey) throws SshException {
        Set<String> resolveNames = resolveNames(str);
        addEntry(sshPublicKey, "", (String[]) resolveNames.toArray(new String[0]));
        onHostKeyUpdated(resolveNames, sshPublicKey);
    }

    protected void onHostKeyUpdated(Set<String> set, SshPublicKey sshPublicKey) {
    }
}
