package com.ibm.net.ssh;

import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.UnknownHostException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:lib/com.ibm.ws.prereq.rxa.2.3_1.0.90.jar:com/ibm/net/ssh/KnownHosts.class */
public class KnownHosts {
    private static final String COPYRIGHT = "\n\nLicensed Materials - Property of IBM\n\n(C) Copyright IBM Corp. 2008, 2011 All Rights Reserved.\n\nUS Government Users Restricted Rights - Use, duplication or\ndisclosure restricted by GSA ADP Schedule Contract with\nIBM Corp.\n\n\n";
    private static final String JCEKS_KEYSTORE = "jceks";
    private static final String HMAC_SHA1 = "HmacSHA1";
    private static final String HASH_MAGIC = "|1|";
    private static final String HASH_DELIM = "|";
    private KeyStore keyStore;
    private static final char[] KEYSTORE_PASSWORD = {'h', 'i', 'C', '2', 'b', 'W', '6', 'x'};
    private static final String KNOWN_HOSTS_KEYSTORE_FILE = System.getProperty("user.home") + File.separator + "knownhosts.keystore";
    private static final String KNOWN_HOSTS_FILE = System.getProperty("user.home") + File.separator + ".ssh" + File.separator + "known_hosts";
    private static Logger logger = Logger.getLogger("com.ibm.net.ssh");

    public KnownHosts() {
        this(KNOWN_HOSTS_KEYSTORE_FILE);
    }

    public KnownHosts(String str) {
        try {
            load(str);
            migrateKnownHosts();
        } catch (IOException e) {
            logger.fine("Could not load keystores: " + e.toString());
        }
    }

    public boolean addHost(InetSocketAddress inetSocketAddress, PublicKey publicKey) {
        boolean z = false;
        FileOutputStream fileOutputStream = null;
        try {
            try {
                try {
                    try {
                        this.keyStore.setKeyEntry(inetSocketAddress.toString(), publicKey, KEYSTORE_PASSWORD, null);
                        fileOutputStream = new FileOutputStream(KNOWN_HOSTS_KEYSTORE_FILE);
                        this.keyStore.store(fileOutputStream, KEYSTORE_PASSWORD);
                        z = true;
                        if (fileOutputStream != null) {
                            try {
                                fileOutputStream.close();
                            } catch (IOException e) {
                            }
                        }
                    } catch (FileNotFoundException e2) {
                        logger.fine("Unable to store key file.");
                        if (fileOutputStream != null) {
                            try {
                                fileOutputStream.close();
                            } catch (IOException e3) {
                            }
                        }
                    }
                } catch (Throwable th) {
                    if (fileOutputStream != null) {
                        try {
                            fileOutputStream.close();
                        } catch (IOException e4) {
                        }
                    }
                    throw th;
                }
            } catch (IOException e5) {
                logger.fine("IOException storing key store.");
                if (fileOutputStream != null) {
                    try {
                        fileOutputStream.close();
                    } catch (IOException e6) {
                    }
                }
            } catch (KeyStoreException e7) {
                logger.fine("General exception setting key entry to store.");
                if (fileOutputStream != null) {
                    try {
                        fileOutputStream.close();
                    } catch (IOException e8) {
                    }
                }
            }
        } catch (NoSuchAlgorithmException e9) {
            logger.fine("No such algorithm setting key entry to store.");
            if (fileOutputStream != null) {
                try {
                    fileOutputStream.close();
                } catch (IOException e10) {
                }
            }
        } catch (CertificateException e11) {
            logger.fine("Certificate exception setting key entry.");
            if (fileOutputStream != null) {
                try {
                    fileOutputStream.close();
                } catch (IOException e12) {
                }
            }
        }
        return z;
    }

    public boolean removeHost(InetSocketAddress inetSocketAddress) {
        boolean z = false;
        try {
            this.keyStore.deleteEntry(inetSocketAddress.toString());
            z = true;
        } catch (KeyStoreException e) {
            logger.fine("General exception deleting entry from store.");
        }
        return z;
    }

    public boolean contains(InetSocketAddress inetSocketAddress) {
        try {
            return this.keyStore.containsAlias(inetSocketAddress.toString());
        } catch (KeyStoreException e) {
            logger.fine("General exception getting alias from store.");
            return false;
        }
    }

    public boolean checkHost(InetSocketAddress inetSocketAddress, PublicKey publicKey) {
        try {
            PublicKey publicKey2 = (PublicKey) this.keyStore.getKey(inetSocketAddress.toString(), KEYSTORE_PASSWORD);
            return publicKey2 != null ? Arrays.equals(publicKey2.getEncoded(), publicKey.getEncoded()) : matchHashedHost(inetSocketAddress, publicKey);
        } catch (KeyStoreException e) {
            logger.fine("General exception getting key from store.");
            return false;
        } catch (NoSuchAlgorithmException e2) {
            logger.fine("No such key store algorithm.");
            return false;
        } catch (UnrecoverableKeyException e3) {
            logger.fine("Unrecoverable key exception.");
            return false;
        }
    }

    private void load(String str) throws IOException {
        FileInputStream fileInputStream = null;
        try {
            fileInputStream = new FileInputStream(str);
        } catch (FileNotFoundException e) {
        }
        try {
            try {
                try {
                    this.keyStore = KeyStore.getInstance(JCEKS_KEYSTORE);
                    this.keyStore.load(fileInputStream, KEYSTORE_PASSWORD);
                    if (fileInputStream != null) {
                        fileInputStream.close();
                    }
                } catch (KeyStoreException e2) {
                    logger.fine("General exception loading key store.");
                    if (fileInputStream != null) {
                        fileInputStream.close();
                    }
                }
            } catch (NoSuchAlgorithmException e3) {
                logger.fine("No such key store algorithm.");
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
            } catch (CertificateException e4) {
                logger.fine("Certficate exception loading key store.");
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
            }
        } catch (Throwable th) {
            if (fileInputStream != null) {
                fileInputStream.close();
            }
            throw th;
        }
    }

    private void migrateKnownHosts() throws IOException {
        String readLine;
        try {
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(new FileInputStream(KNOWN_HOSTS_FILE), "UTF-8"));
            Base64Decoder base64Decoder = new Base64Decoder();
            do {
                readLine = bufferedReader.readLine();
                if (logger.isLoggable(Level.FINER)) {
                    logger.finer("line = " + readLine);
                }
                if (readLine != null && !readLine.startsWith(HASH_MAGIC)) {
                    String[] split = readLine.split(" ");
                    if (split.length >= 3) {
                        String str = split[0];
                        String str2 = split[2];
                        if (logger.isLoggable(Level.FINER)) {
                            logger.finer("hostname = " + str);
                            logger.finer("keyBlobString =  " + str2);
                        }
                        String[] split2 = str.split(",");
                        if (split2.length >= 2) {
                            try {
                                InetSocketAddress inetSocketAddress = new InetSocketAddress(InetAddress.getByAddress(split2[0], InetAddress.getByName(split2[1]).getAddress()), SecureSession.DEFAULT_PORT);
                                if (inetSocketAddress != null) {
                                    ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(base64Decoder.decodeBuffer(str2));
                                    PublicKey streamToPublicKey = PublicKeyFile.streamToPublicKey(SSHString.readString(byteArrayInputStream), byteArrayInputStream);
                                    if (streamToPublicKey != null) {
                                        addHost(inetSocketAddress, streamToPublicKey);
                                    } else {
                                        logger.fine("Null public key.");
                                    }
                                }
                            } catch (UnknownHostException e) {
                                logger.fine("Invalid address: " + SSHNameList.nameListToString(split2));
                            }
                        }
                    }
                }
            } while (readLine != null);
            bufferedReader.close();
        } catch (UnsupportedEncodingException e2) {
            throw new IOException(e2.toString());
        }
    }

    private boolean matchHashedHost(InetSocketAddress inetSocketAddress, PublicKey publicKey) {
        String readLine;
        BufferedReader bufferedReader = null;
        try {
            bufferedReader = new BufferedReader(new InputStreamReader(new FileInputStream(KNOWN_HOSTS_FILE), "UTF-8"));
        } catch (UnsupportedEncodingException e) {
            logger.finer("Unsupported Encoding: UTF-8");
        } catch (IOException e2) {
            logger.finer("IOException: " + e2.toString());
        }
        Base64Decoder base64Decoder = new Base64Decoder();
        do {
            try {
                readLine = bufferedReader.readLine();
                if (logger.isLoggable(Level.FINER)) {
                    logger.finer("line = " + readLine);
                }
                if (readLine != null && readLine.startsWith(HASH_MAGIC)) {
                    String[] split = readLine.split("\\|");
                    if (split.length >= 4 && split[1].equals("1")) {
                        byte[] decodeBuffer = base64Decoder.decodeBuffer(split[2]);
                        if (logger.isLoggable(Level.FINER)) {
                            logger.finer("salt = " + SSHString.bytesToString(decodeBuffer));
                        }
                        Mac mac = null;
                        try {
                            mac = Mac.getInstance(HMAC_SHA1);
                        } catch (NoSuchAlgorithmException e3) {
                            logger.fine("No such algorithm for Mac: " + e3);
                        }
                        byte[] bArr = null;
                        if (mac != null) {
                            try {
                                mac.init(new SecretKeySpec(decodeBuffer, HMAC_SHA1));
                                mac.update(inetSocketAddress.getAddress().getHostAddress().getBytes());
                                bArr = mac.doFinal();
                                if (logger.isLoggable(Level.FINER)) {
                                    logger.finer(inetSocketAddress.getAddress().getHostAddress() + " -> " + SSHString.bytesToString(bArr));
                                }
                            } catch (InvalidKeyException e4) {
                                logger.fine("Invalid key for spec: " + e4);
                            }
                        }
                        String[] split2 = split[3].split(" ");
                        if (split2.length >= 3) {
                            byte[] decodeBuffer2 = base64Decoder.decodeBuffer(split2[0]);
                            if (logger.isLoggable(Level.FINER)) {
                                logger.finer("fileHashedHost = " + SSHString.bytesToString(decodeBuffer2));
                            }
                            if (Arrays.equals(bArr, decodeBuffer2)) {
                                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(base64Decoder.decodeBuffer(split2[2]));
                                byte[] encoded = PublicKeyFile.streamToPublicKey(SSHString.readString(byteArrayInputStream), byteArrayInputStream).getEncoded();
                                byte[] encoded2 = publicKey.getEncoded();
                                bufferedReader.close();
                                return Arrays.equals(encoded, encoded2);
                            }
                        }
                    }
                }
            } catch (IOException e5) {
                logger.fine("IO exception during read of file.");
                return false;
            }
        } while (readLine != null);
        bufferedReader.close();
        return false;
    }
}
