/** {@inheritDoc} */
public boolean verifyServerHostKey(
String hostname, int port, String serverHostKeyAlgorithm, byte[] serverHostKey)
throws Exception {
try {
final int result = database.verifyHostkey(hostname, serverHostKeyAlgorithm, serverHostKey);
final boolean isNew;
switch (result) {
case KnownHosts.HOSTKEY_IS_OK:
return true;
case KnownHosts.HOSTKEY_IS_NEW:
isNew = true;
break;
case KnownHosts.HOSTKEY_HAS_CHANGED:
isNew = false;
break;
default:
throw new IllegalStateException("Unknown verification result: " + result);
}
String fingerprint = KnownHosts.createHexFingerprint(serverHostKeyAlgorithm, serverHostKey);
boolean keyCheck =
myXmlRpcClient.verifyServerHostKey(
myHandlerNo, hostname, port, serverHostKeyAlgorithm, fingerprint, isNew);
if (keyCheck) {
String hashedHostname = KnownHosts.createHashedHostname(hostname);
// Add the host key to the in-memory database
database.addHostkey(new String[] {hashedHostname}, serverHostKeyAlgorithm, serverHostKey);
// Also try to add the key to a known_host file
try {
KnownHosts.addHostkeyToFile(
new File(knownHostPath),
new String[] {hashedHostname},
serverHostKeyAlgorithm,
serverHostKey);
} catch (IOException ignore) {
// TODO log text
}
return true;
} else {
System.err.println(
GitBundle.message("sshmain.invald.host.key", serverHostKeyAlgorithm, fingerprint));
return false;
}
} catch (Throwable t) {
System.err.println(GitBundle.message("sshmain.failed.to.verify.key", t.getMessage()));
t.printStackTrace();
return false;
}
}
/**
* Configure known host database for connection
*
* @param c a connection
* @throws IOException if there is a IO problem
*/
private void configureKnownHosts(Connection c) throws IOException {
File knownHostFile = new File(knownHostPath);
if (knownHostFile.exists()) {
database.addHostkeys(knownHostFile);
}
final List<String> algorithms = myHost.getHostKeyAlgorithms();
c.setServerHostKeyAlgorithms(algorithms.toArray(new String[algorithms.size()]));
}