[dumload.git] / src / com / jcraft / jsch / KnownHosts.java

/* -*-mode:java; c-basic-offset:2; indent-tabs-mode:nil -*- */
/*
Copyright (c) 2002-2010 ymnk, JCraft,Inc. All rights reserved.

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:

  1. Redistributions of source code must retain the above copyright notice,
     this list of conditions and the following disclaimer.

  2. Redistributions in binary form must reproduce the above copyright 
     notice, this list of conditions and the following disclaimer in 
     the documentation and/or other materials provided with the distribution.

  3. The names of the authors may not be used to endorse or promote products
     derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL JCRAFT,
INC. OR ANY CONTRIBUTORS TO THIS SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/

package com.jcraft.jsch;

import java.io.*;

public
class KnownHosts implements HostKeyRepository{
  private static final String _known_hosts="known_hosts";

  /*
  static final int SSHDSS=0;
  static final int SSHRSA=1;
  static final int UNKNOWN=2;
  */

  private JSch jsch=null;
  private String known_hosts=null;
  private java.util.Vector pool=null;

  private MAC hmacsha1=null;

  KnownHosts(JSch jsch){
    super();
    this.jsch=jsch;
    pool=new java.util.Vector();
  }

  void setKnownHosts(String foo) throws JSchException{
    try{
      known_hosts=foo;
      FileInputStream fis=new FileInputStream(foo);
      setKnownHosts(fis);
    }
    catch(FileNotFoundException e){
    } 
  }
  void setKnownHosts(InputStream foo) throws JSchException{
    pool.removeAllElements();
    StringBuffer sb=new StringBuffer();
    byte i;
    int j;
    boolean error=false;
    try{
      InputStream fis=foo;
      String host;
      String key=null;
      int type;
      byte[] buf=new byte[1024];
      int bufl=0;
loop:
      while(true){
	bufl=0;
        while(true){
          j=fis.read();
          if(j==-1){
            if(bufl==0){ break loop; }
            else{ break; }
          }
	  if(j==0x0d){ continue; }
	  if(j==0x0a){ break; }
          if(buf.length<=bufl){
            if(bufl>1024*10) break;   // too long...
            byte[] newbuf=new byte[buf.length*2];
            System.arraycopy(buf, 0, newbuf, 0, buf.length);
            buf=newbuf;
          }
          buf[bufl++]=(byte)j;
	}

	j=0;
        while(j<bufl){
          i=buf[j];
	  if(i==' '||i=='\t'){ j++; continue; }
	  if(i=='#'){
	    addInvalidLine(Util.byte2str(buf, 0, bufl));
	    continue loop;
	  }
	  break;
	}
	if(j>=bufl){ 
	  addInvalidLine(Util.byte2str(buf, 0, bufl));
	  continue loop; 
	}

        sb.setLength(0);
        while(j<bufl){
          i=buf[j++];
          if(i==0x20 || i=='\t'){ break; }
          sb.append((char)i);
	}
	host=sb.toString();
	if(j>=bufl || host.length()==0){
	  addInvalidLine(Util.byte2str(buf, 0, bufl));
	  continue loop; 
	}

        sb.setLength(0);
	type=-1;
        while(j<bufl){
          i=buf[j++];
          if(i==0x20 || i=='\t'){ break; }
          sb.append((char)i);
	}
	if(sb.toString().equals("ssh-dss")){ type=HostKey.SSHDSS; }
	else if(sb.toString().equals("ssh-rsa")){ type=HostKey.SSHRSA; }
	else { j=bufl; }
	if(j>=bufl){
	  addInvalidLine(Util.byte2str(buf, 0, bufl));
	  continue loop; 
	}

        sb.setLength(0);
        while(j<bufl){
          i=buf[j++];
          if(i==0x0d){ continue; }
          if(i==0x0a){ break; }
          sb.append((char)i);
	}
	key=sb.toString();
	if(key.length()==0){
	  addInvalidLine(Util.byte2str(buf, 0, bufl));
	  continue loop; 
	}

	//System.err.println(host);
	//System.err.println("|"+key+"|");

	HostKey hk = null;
        hk = new HashedHostKey(host, type, 
                               Util.fromBase64(Util.str2byte(key), 0, 
                                               key.length()));
	pool.addElement(hk);
      }
      fis.close();
      if(error){
	throw new JSchException("KnownHosts: invalid format");
      }
    }
    catch(Exception e){
      if(e instanceof JSchException)
	throw (JSchException)e;         
      if(e instanceof Throwable)
        throw new JSchException(e.toString(), (Throwable)e);
      throw new JSchException(e.toString());
    }
  }
  private void addInvalidLine(String line) throws JSchException {
    HostKey hk = new HostKey(line, HostKey.UNKNOWN, null);
    pool.addElement(hk);
  }
  String getKnownHostsFile(){ return known_hosts; }
  public String getKnownHostsRepositoryID(){ return known_hosts; }

  public int check(String host, byte[] key){
    int result=NOT_INCLUDED;
    if(host==null){
      return result;
    }

    int type=getType(key);
    HostKey hk;

    synchronized(pool){
      for(int i=0; i<pool.size(); i++){
        hk=(HostKey)(pool.elementAt(i));
        if(hk.isMatched(host) && hk.type==type){
          if(Util.array_equals(hk.key, key)){
            return OK;
          }
          else{
            result=CHANGED;
	  }
        }
      }
    }

    if(result==NOT_INCLUDED &&
       host.startsWith("[") &&
       host.indexOf("]:")>1
       ){
      return check(host.substring(1, host.indexOf("]:")), key);
    }

    return result;
  }
  public void add(HostKey hostkey, UserInfo userinfo){
    int type=hostkey.type;
    String host=hostkey.getHost();
    byte[] key=hostkey.key;

    HostKey hk=null;
    synchronized(pool){
      for(int i=0; i<pool.size(); i++){
        hk=(HostKey)(pool.elementAt(i));
        if(hk.isMatched(host) && hk.type==type){
/*
	  if(Util.array_equals(hk.key, key)){ return; }
	  if(hk.host.equals(host)){
	    hk.key=key;
	    return;
	  }
	  else{
	    hk.host=deleteSubString(hk.host, host);
	    break;
	  }
*/
        }
      }
    }

    hk=hostkey;

    pool.addElement(hk);

    String bar=getKnownHostsRepositoryID();
    if(bar!=null){
      boolean foo=true;
      File goo=new File(bar);
      if(!goo.exists()){
        foo=false;
        if(userinfo!=null){
          foo=userinfo.promptYesNo(bar+" does not exist.\n"+
                                   "Are you sure you want to create it?"
                                   );
          goo=goo.getParentFile();
          if(foo && goo!=null && !goo.exists()){
            foo=userinfo.promptYesNo("The parent directory "+goo+" does not exist.\n"+
                                     "Are you sure you want to create it?"
                                     );
            if(foo){
              if(!goo.mkdirs()){
                userinfo.showMessage(goo+" has not been created.");
                foo=false;
              }
              else{
                userinfo.showMessage(goo+" has been succesfully created.\nPlease check its access permission.");
              }
            }
          }
          if(goo==null)foo=false;
        }
      }
      if(foo){
        try{ 
          sync(bar); 
        }
        catch(Exception e){ System.err.println("sync known_hosts: "+e); }
      }
    }
  }

  public HostKey[] getHostKey(){
    return getHostKey(null, null);
  }
  public HostKey[] getHostKey(String host, String type){
    synchronized(pool){
      int count=0;
      for(int i=0; i<pool.size(); i++){
	HostKey hk=(HostKey)pool.elementAt(i);
	if(hk.type==HostKey.UNKNOWN) continue;
	if(host==null || 
	   (hk.isMatched(host) && 
	    (type==null || hk.getType().equals(type)))){
	  count++;
	}
      }
      if(count==0)return null;
      HostKey[] foo=new HostKey[count];
      int j=0;
      for(int i=0; i<pool.size(); i++){
	HostKey hk=(HostKey)pool.elementAt(i);
	if(hk.type==HostKey.UNKNOWN) continue;
	if(host==null || 
	   (hk.isMatched(host) && 
	    (type==null || hk.getType().equals(type)))){
	  foo[j++]=hk;
	}
      }
      return foo;
    }
  }
  public void remove(String host, String type){
    remove(host, type, null);
  }
  public void remove(String host, String type, byte[] key){
    boolean sync=false;
    synchronized(pool){
    for(int i=0; i<pool.size(); i++){
      HostKey hk=(HostKey)(pool.elementAt(i));
      if(host==null ||
	 (hk.isMatched(host) && 
	  (type==null || (hk.getType().equals(type) &&
			  (key==null || Util.array_equals(key, hk.key)))))){
        String hosts=hk.getHost();
        if(hosts.equals(host) || 
           ((hk instanceof HashedHostKey) &&
            ((HashedHostKey)hk).isHashed())){
          pool.removeElement(hk);
        }
        else{
          hk.host=deleteSubString(hosts, host);
        }
	sync=true;
      }
    }
    }
    if(sync){
      try{sync();}catch(Exception e){};
    }
  }

  protected void sync() throws IOException { 
    if(known_hosts!=null)
      sync(known_hosts); 
  }
  protected synchronized void sync(String foo) throws IOException {
    if(foo==null) return;
    FileOutputStream fos=new FileOutputStream(foo);
    dump(fos);
    fos.close();
  }

  private static final byte[] space={(byte)0x20};
  private static final byte[] cr=Util.str2byte("\n");
  void dump(OutputStream out) throws IOException {
    try{
      HostKey hk;
      synchronized(pool){
      for(int i=0; i<pool.size(); i++){
        hk=(HostKey)(pool.elementAt(i));
        //hk.dump(out);
	String host=hk.getHost();
	String type=hk.getType();
	if(type.equals("UNKNOWN")){
	  out.write(Util.str2byte(host));
	  out.write(cr);
	  continue;
	}
	out.write(Util.str2byte(host));
	out.write(space);
	out.write(Util.str2byte(type));
	out.write(space);
	out.write(Util.str2byte(hk.getKey()));
	out.write(cr);
      }
      }
    }
    catch(Exception e){
      System.err.println(e);
    }
  }
  private int getType(byte[] key){
    if(key[8]=='d') return HostKey.SSHDSS;
    if(key[8]=='r') return HostKey.SSHRSA;
    return HostKey.UNKNOWN;
  }
  private String deleteSubString(String hosts, String host){
    int i=0;
    int hostlen=host.length();
    int hostslen=hosts.length();
    int j;
    while(i<hostslen){
      j=hosts.indexOf(',', i);
      if(j==-1) break;
      if(!host.equals(hosts.substring(i, j))){
        i=j+1;	  
        continue;
      }
      return hosts.substring(0, i)+hosts.substring(j+1);
    }
    if(hosts.endsWith(host) && hostslen-i==hostlen){
      return hosts.substring(0, (hostlen==hostslen) ? 0 :hostslen-hostlen-1);
    }
    return hosts;
  }

  private synchronized MAC getHMACSHA1(){
    if(hmacsha1==null){
      try{
        Class c=Class.forName(jsch.getConfig("hmac-sha1"));
        hmacsha1=(MAC)(c.newInstance());
      }
      catch(Exception e){ 
        System.err.println("hmacsha1: "+e); 
      }
    }
    return hmacsha1;
  }

  HostKey createHashedHostKey(String host, byte[]key) throws JSchException {
    HashedHostKey hhk=new HashedHostKey(host, key);
    hhk.hash();
    return hhk;
  } 
  class HashedHostKey extends HostKey{
    private static final String HASH_MAGIC="|1|";
    private static final String HASH_DELIM="|";

    private boolean hashed=false;
    byte[] salt=null;
    byte[] hash=null;


    HashedHostKey(String host, byte[] key) throws JSchException {
      this(host, GUESS, key);
    }
    HashedHostKey(String host, int type, byte[] key) throws JSchException {
      super(host, type, key);
      if(this.host.startsWith(HASH_MAGIC) &&
         this.host.substring(HASH_MAGIC.length()).indexOf(HASH_DELIM)>0){
        String data=this.host.substring(HASH_MAGIC.length());
        String _salt=data.substring(0, data.indexOf(HASH_DELIM));
        String _hash=data.substring(data.indexOf(HASH_DELIM)+1);
        salt=Util.fromBase64(Util.str2byte(_salt), 0, _salt.length());
        hash=Util.fromBase64(Util.str2byte(_hash), 0, _hash.length());
        if(salt.length!=20 ||  // block size of hmac-sha1
           hash.length!=20){
          salt=null;
          hash=null;
          return;
        }
        hashed=true;
      }
    }

    boolean isMatched(String _host){
      if(!hashed){
        return super.isMatched(_host);
      }
      MAC macsha1=getHMACSHA1();
      try{
        synchronized(macsha1){
          macsha1.init(salt);
          byte[] foo=Util.str2byte(_host);
          macsha1.update(foo, 0, foo.length);
          byte[] bar=new byte[macsha1.getBlockSize()];
          macsha1.doFinal(bar, 0);
          return Util.array_equals(hash, bar);
        }
      }
      catch(Exception e){
        System.out.println(e);
      }
      return false;
    }

    boolean isHashed(){
      return hashed;
    }

    void hash(){
      if(hashed)
        return;
      MAC macsha1=getHMACSHA1();
      if(salt==null){
        Random random=Session.random;
        synchronized(random){
          salt=new byte[macsha1.getBlockSize()];
          random.fill(salt, 0, salt.length);
        }
      }
      try{
        synchronized(macsha1){
          macsha1.init(salt);
          byte[] foo=Util.str2byte(host);
          macsha1.update(foo, 0, foo.length);
          hash=new byte[macsha1.getBlockSize()];
          macsha1.doFinal(hash, 0);
        }
      }
      catch(Exception e){
      }
      host=HASH_MAGIC+Util.byte2str(Util.toBase64(salt, 0, salt.length))+
        HASH_DELIM+Util.byte2str(Util.toBase64(hash, 0, hash.length));
      hashed=true;
    }
  }
}
Commit	Line	Data
0763e16d JW	1	/* --mode:java; c-basic-offset:2; indent-tabs-mode:nil -- */
	2	/*
	3	Copyright (c) 2002-2010 ymnk, JCraft,Inc. All rights reserved.
	4
	5	Redistribution and use in source and binary forms, with or without
	6	modification, are permitted provided that the following conditions are met:
	7
	8	1. Redistributions of source code must retain the above copyright notice,
	9	this list of conditions and the following disclaimer.
	10
	11	2. Redistributions in binary form must reproduce the above copyright
	12	notice, this list of conditions and the following disclaimer in
	13	the documentation and/or other materials provided with the distribution.
	14
	15	3. The names of the authors may not be used to endorse or promote products
	16	derived from this software without specific prior written permission.
	17
	18	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
	19	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
	20	FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL JCRAFT,
	21	INC. OR ANY CONTRIBUTORS TO THIS SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT,
	22	INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
	23	LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
	24	OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
	25	LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
	26	NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
	27	EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	28	*/
	29
	30	package com.jcraft.jsch;
	31
	32	import java.io.*;
	33
	34	public
	35	class KnownHosts implements HostKeyRepository{
	36	private static final String _known_hosts="known_hosts";
	37
	38	/*
	39	static final int SSHDSS=0;
	40	static final int SSHRSA=1;
	41	static final int UNKNOWN=2;
	42	*/
	43
	44	private JSch jsch=null;
	45	private String known_hosts=null;
	46	private java.util.Vector pool=null;
	47
	48	private MAC hmacsha1=null;
	49
	50	KnownHosts(JSch jsch){
	51	super();
	52	this.jsch=jsch;
	53	pool=new java.util.Vector();
	54	}
	55
	56	void setKnownHosts(String foo) throws JSchException{
	57	try{
	58	known_hosts=foo;
	59	FileInputStream fis=new FileInputStream(foo);
	60	setKnownHosts(fis);
	61	}
	62	catch(FileNotFoundException e){
	63	}
	64	}
65	void setKnownHosts(InputStream foo) throws JSchException{
66	pool.removeAllElements();
67	StringBuffer sb=new StringBuffer();
68	byte i;
69	int j;
70	boolean error=false;
71	try{
72	InputStream fis=foo;
73	String host;
74	String key=null;
75	int type;
76	byte[] buf=new byte[1024];
77	int bufl=0;
78	loop:
79	while(true){
80	bufl=0;
81	while(true){
82	j=fis.read();
83	if(j==-1){
84	if(bufl==0){ break loop; }
85	else{ break; }
86	}
87	if(j==0x0d){ continue; }
88	if(j==0x0a){ break; }
89	if(buf.length<=bufl){
90	if(bufl>1024*10) break; // too long...
91	byte[] newbuf=new byte[buf.length*2];
92	System.arraycopy(buf, 0, newbuf, 0, buf.length);
93	buf=newbuf;
94	}
95	buf[bufl++]=(byte)j;
96	}
97
98	j=0;
99	while(j<bufl){
100	i=buf[j];
101	if(i==' '\|\|i=='\t'){ j++; continue; }
102	if(i=='#'){
103	addInvalidLine(Util.byte2str(buf, 0, bufl));
104	continue loop;
105	}
106	break;
107	}
108	if(j>=bufl){
109	addInvalidLine(Util.byte2str(buf, 0, bufl));
110	continue loop;
111	}
112
113	sb.setLength(0);
114	while(j<bufl){
115	i=buf[j++];
116	if(i==0x20 \|\| i=='\t'){ break; }
117	sb.append((char)i);
118	}
119	host=sb.toString();
120	if(j>=bufl \|\| host.length()==0){
121	addInvalidLine(Util.byte2str(buf, 0, bufl));
122	continue loop;
123	}
124
125	sb.setLength(0);
126	type=-1;
127	while(j<bufl){
128	i=buf[j++];
129	if(i==0x20 \|\| i=='\t'){ break; }
130	sb.append((char)i);
131	}
132	if(sb.toString().equals("ssh-dss")){ type=HostKey.SSHDSS; }
133	else if(sb.toString().equals("ssh-rsa")){ type=HostKey.SSHRSA; }
134	else { j=bufl; }
135	if(j>=bufl){
136	addInvalidLine(Util.byte2str(buf, 0, bufl));
137	continue loop;
138	}
139
140	sb.setLength(0);
141	while(j<bufl){
142	i=buf[j++];
143	if(i==0x0d){ continue; }
144	if(i==0x0a){ break; }
145	sb.append((char)i);
146	}
147	key=sb.toString();
148	if(key.length()==0){
149	addInvalidLine(Util.byte2str(buf, 0, bufl));
150	continue loop;
151	}
152
153	//System.err.println(host);
154	//System.err.println("\|"+key+"\|");
155
156	HostKey hk = null;
157	hk = new HashedHostKey(host, type,
158	Util.fromBase64(Util.str2byte(key), 0,
159	key.length()));
160	pool.addElement(hk);
161	}
162	fis.close();
163	if(error){
164	throw new JSchException("KnownHosts: invalid format");
165	}
166	}
167	catch(Exception e){
168	if(e instanceof JSchException)
169	throw (JSchException)e;
170	if(e instanceof Throwable)
171	throw new JSchException(e.toString(), (Throwable)e);
172	throw new JSchException(e.toString());
173	}
174	}
175	private void addInvalidLine(String line) throws JSchException {
176	HostKey hk = new HostKey(line, HostKey.UNKNOWN, null);
177	pool.addElement(hk);
178	}
179	String getKnownHostsFile(){ return known_hosts; }
180	public String getKnownHostsRepositoryID(){ return known_hosts; }
181
182	public int check(String host, byte[] key){
183	int result=NOT_INCLUDED;
184	if(host==null){
185	return result;
186	}
187
188	int type=getType(key);
189	HostKey hk;
190
191	synchronized(pool){
192	for(int i=0; i<pool.size(); i++){
193	hk=(HostKey)(pool.elementAt(i));
194	if(hk.isMatched(host) && hk.type==type){
195	if(Util.array_equals(hk.key, key)){
196	return OK;
197	}
198	else{
199	result=CHANGED;
200	}
201	}
202	}
203	}
204
205	if(result==NOT_INCLUDED &&
206	host.startsWith("[") &&
207	host.indexOf("]:")>1
208	){
209	return check(host.substring(1, host.indexOf("]:")), key);
210	}
211
212	return result;
213	}
214	public void add(HostKey hostkey, UserInfo userinfo){
215	int type=hostkey.type;
216	String host=hostkey.getHost();
217	byte[] key=hostkey.key;
218
219	HostKey hk=null;
220	synchronized(pool){
221	for(int i=0; i<pool.size(); i++){
222	hk=(HostKey)(pool.elementAt(i));
223	if(hk.isMatched(host) && hk.type==type){
224	/*
225	if(Util.array_equals(hk.key, key)){ return; }
226	if(hk.host.equals(host)){
227	hk.key=key;
228	return;
229	}
230	else{
231	hk.host=deleteSubString(hk.host, host);
232	break;
233	}
234	*/
235	}
236	}
237	}
238
239	hk=hostkey;
240
241	pool.addElement(hk);
242
243	String bar=getKnownHostsRepositoryID();
244	if(bar!=null){
245	boolean foo=true;
246	File goo=new File(bar);
247	if(!goo.exists()){
248	foo=false;
249	if(userinfo!=null){
250	foo=userinfo.promptYesNo(bar+" does not exist.\n"+
251	"Are you sure you want to create it?"
252	);
253	goo=goo.getParentFile();
254	if(foo && goo!=null && !goo.exists()){
255	foo=userinfo.promptYesNo("The parent directory "+goo+" does not exist.\n"+
256	"Are you sure you want to create it?"
257	);
258	if(foo){
259	if(!goo.mkdirs()){
260	userinfo.showMessage(goo+" has not been created.");
261	foo=false;
262	}
263	else{
264	userinfo.showMessage(goo+" has been succesfully created.\nPlease check its access permission.");
265	}
266	}
267	}
268	if(goo==null)foo=false;
269	}
270	}
271	if(foo){
272	try{
273	sync(bar);
274	}
275	catch(Exception e){ System.err.println("sync known_hosts: "+e); }
276	}
277	}
278	}
279
280	public HostKey[] getHostKey(){
281	return getHostKey(null, null);
282	}
283	public HostKey[] getHostKey(String host, String type){
284	synchronized(pool){
285	int count=0;
286	for(int i=0; i<pool.size(); i++){
287	HostKey hk=(HostKey)pool.elementAt(i);
288	if(hk.type==HostKey.UNKNOWN) continue;
289	if(host==null \|\|
290	(hk.isMatched(host) &&
291	(type==null \|\| hk.getType().equals(type)))){
292	count++;
293	}
294	}
295	if(count==0)return null;
296	HostKey[] foo=new HostKey[count];
297	int j=0;
298	for(int i=0; i<pool.size(); i++){
299	HostKey hk=(HostKey)pool.elementAt(i);
300	if(hk.type==HostKey.UNKNOWN) continue;
301	if(host==null \|\|
302	(hk.isMatched(host) &&
303	(type==null \|\| hk.getType().equals(type)))){
304	foo[j++]=hk;
305	}
306	}
307	return foo;
308	}
309	}
310	public void remove(String host, String type){
311	remove(host, type, null);
312	}
313	public void remove(String host, String type, byte[] key){
314	boolean sync=false;
315	synchronized(pool){
316	for(int i=0; i<pool.size(); i++){
317	HostKey hk=(HostKey)(pool.elementAt(i));
318	if(host==null \|\|
319	(hk.isMatched(host) &&
320	(type==null \|\| (hk.getType().equals(type) &&
321	(key==null \|\| Util.array_equals(key, hk.key)))))){
322	String hosts=hk.getHost();
323	if(hosts.equals(host) \|\|
324	((hk instanceof HashedHostKey) &&
325	((HashedHostKey)hk).isHashed())){
326	pool.removeElement(hk);
327	}
328	else{
329	hk.host=deleteSubString(hosts, host);
330	}
331	sync=true;
332	}
333	}
334	}
335	if(sync){
336	try{sync();}catch(Exception e){};
337	}
338	}
339
340	protected void sync() throws IOException {
341	if(known_hosts!=null)
342	sync(known_hosts);
343	}
344	protected synchronized void sync(String foo) throws IOException {
345	if(foo==null) return;
346	FileOutputStream fos=new FileOutputStream(foo);
347	dump(fos);
348	fos.close();
349	}
350
351	private static final byte[] space={(byte)0x20};
352	private static final byte[] cr=Util.str2byte("\n");
353	void dump(OutputStream out) throws IOException {
354	try{
355	HostKey hk;
356	synchronized(pool){
357	for(int i=0; i<pool.size(); i++){
358	hk=(HostKey)(pool.elementAt(i));
359	//hk.dump(out);
360	String host=hk.getHost();
361	String type=hk.getType();
362	if(type.equals("UNKNOWN")){
363	out.write(Util.str2byte(host));
364	out.write(cr);
365	continue;
366	}
367	out.write(Util.str2byte(host));
368	out.write(space);
369	out.write(Util.str2byte(type));
370	out.write(space);
371	out.write(Util.str2byte(hk.getKey()));
372	out.write(cr);
373	}
374	}
375	}
376	catch(Exception e){
377	System.err.println(e);
378	}
379	}
380	private int getType(byte[] key){
381	if(key[8]=='d') return HostKey.SSHDSS;
382	if(key[8]=='r') return HostKey.SSHRSA;
383	return HostKey.UNKNOWN;
384	}
385	private String deleteSubString(String hosts, String host){
386	int i=0;
387	int hostlen=host.length();
388	int hostslen=hosts.length();
389	int j;
390	while(i<hostslen){
391	j=hosts.indexOf(',', i);
392	if(j==-1) break;
393	if(!host.equals(hosts.substring(i, j))){
394	i=j+1;
395	continue;
396	}
397	return hosts.substring(0, i)+hosts.substring(j+1);
398	}
399	if(hosts.endsWith(host) && hostslen-i==hostlen){
400	return hosts.substring(0, (hostlen==hostslen) ? 0 :hostslen-hostlen-1);
401	}
402	return hosts;
403	}
404
405	private synchronized MAC getHMACSHA1(){
406	if(hmacsha1==null){
407	try{
408	Class c=Class.forName(jsch.getConfig("hmac-sha1"));
409	hmacsha1=(MAC)(c.newInstance());
410	}
411	catch(Exception e){
412	System.err.println("hmacsha1: "+e);
413	}
414	}
415	return hmacsha1;
416	}
417
418	HostKey createHashedHostKey(String host, byte[]key) throws JSchException {
419	HashedHostKey hhk=new HashedHostKey(host, key);
420	hhk.hash();
421	return hhk;
422	}
423	class HashedHostKey extends HostKey{
424	private static final String HASH_MAGIC="\|1\|";
425	private static final String HASH_DELIM="\|";
426
427	private boolean hashed=false;
428	byte[] salt=null;
429	byte[] hash=null;
430
431
432	HashedHostKey(String host, byte[] key) throws JSchException {
433	this(host, GUESS, key);
434	}
435	HashedHostKey(String host, int type, byte[] key) throws JSchException {
436	super(host, type, key);
437	if(this.host.startsWith(HASH_MAGIC) &&
438	this.host.substring(HASH_MAGIC.length()).indexOf(HASH_DELIM)>0){
439	String data=this.host.substring(HASH_MAGIC.length());
440	String _salt=data.substring(0, data.indexOf(HASH_DELIM));
441	String _hash=data.substring(data.indexOf(HASH_DELIM)+1);
442	salt=Util.fromBase64(Util.str2byte(_salt), 0, _salt.length());
443	hash=Util.fromBase64(Util.str2byte(_hash), 0, _hash.length());
444	if(salt.length!=20 \|\| // block size of hmac-sha1
445	hash.length!=20){
446	salt=null;
447	hash=null;
448	return;
449	}
450	hashed=true;
451	}
452	}
453
454	boolean isMatched(String _host){
455	if(!hashed){
456	return super.isMatched(_host);
457	}
458	MAC macsha1=getHMACSHA1();
459	try{
460	synchronized(macsha1){
461	macsha1.init(salt);
462	byte[] foo=Util.str2byte(_host);
463	macsha1.update(foo, 0, foo.length);
464	byte[] bar=new byte[macsha1.getBlockSize()];
465	macsha1.doFinal(bar, 0);
466	return Util.array_equals(hash, bar);
467	}
468	}
469	catch(Exception e){
470	System.out.println(e);
471	}
472	return false;
473	}
474
475	boolean isHashed(){
476	return hashed;
477	}
478
479	void hash(){
480	if(hashed)
481	return;
482	MAC macsha1=getHMACSHA1();
483	if(salt==null){
484	Random random=Session.random;
485	synchronized(random){
486	salt=new byte[macsha1.getBlockSize()];
487	random.fill(salt, 0, salt.length);
488	}
489	}
490	try{
491	synchronized(macsha1){
492	macsha1.init(salt);
493	byte[] foo=Util.str2byte(host);
494	macsha1.update(foo, 0, foo.length);
495	hash=new byte[macsha1.getBlockSize()];
496	macsha1.doFinal(hash, 0);
497	}
498	}
499	catch(Exception e){
500	}
501	host=HASH_MAGIC+Util.byte2str(Util.toBase64(salt, 0, salt.length))+
502	HASH_DELIM+Util.byte2str(Util.toBase64(hash, 0, hash.length));
503	hashed=true;
504	}
505	}
506	}