/** {@inheritDoc} */ public boolean verifyServerHostKey( String hostname, int port, String serverHostKeyAlgorithm, byte[] serverHostKey) throws Exception { try { final int result = database.verifyHostkey(hostname, serverHostKeyAlgorithm, serverHostKey); final boolean isNew; switch (result) { case KnownHosts.HOSTKEY_IS_OK: return true; case KnownHosts.HOSTKEY_IS_NEW: isNew = true; break; case KnownHosts.HOSTKEY_HAS_CHANGED: isNew = false; break; default: throw new IllegalStateException("Unknown verification result: " + result); } String fingerprint = KnownHosts.createHexFingerprint(serverHostKeyAlgorithm, serverHostKey); boolean keyCheck = myXmlRpcClient.verifyServerHostKey( myHandlerNo, hostname, port, serverHostKeyAlgorithm, fingerprint, isNew); if (keyCheck) { String hashedHostname = KnownHosts.createHashedHostname(hostname); // Add the host key to the in-memory database database.addHostkey(new String[] {hashedHostname}, serverHostKeyAlgorithm, serverHostKey); // Also try to add the key to a known_host file try { KnownHosts.addHostkeyToFile( new File(knownHostPath), new String[] {hashedHostname}, serverHostKeyAlgorithm, serverHostKey); } catch (IOException ignore) { // TODO log text } return true; } else { System.err.println( GitBundle.message("sshmain.invald.host.key", serverHostKeyAlgorithm, fingerprint)); return false; } } catch (Throwable t) { System.err.println(GitBundle.message("sshmain.failed.to.verify.key", t.getMessage())); t.printStackTrace(); return false; } }
/** * Configure known host database for connection * * @param c a connection * @throws IOException if there is a IO problem */ private void configureKnownHosts(Connection c) throws IOException { File knownHostFile = new File(knownHostPath); if (knownHostFile.exists()) { database.addHostkeys(knownHostFile); } final List<String> algorithms = myHost.getHostKeyAlgorithms(); c.setServerHostKeyAlgorithms(algorithms.toArray(new String[algorithms.size()])); }