HostKeyVerifierImpl.java

package hudson.plugins.ec2.ssh;

import com.trilead.ssh2.ServerHostKeyVerifier;
import com.trilead.ssh2.crypto.digest.MD5;
import com.xerox.amazonws.ec2.ConsoleOutput;

import java.util.logging.Logger;

/**
 * {@link ServerHostKeyVerifier} that makes sure that the host key fingerprint
 * showed up in {@link ConsoleOutput#getOutput()}.
 * 
 * @author Kohsuke Kawaguchi
 */
public class HostKeyVerifierImpl implements ServerHostKeyVerifier {
    private final String console;

    public HostKeyVerifierImpl(ConsoleOutput console) {
        this.console = console.getOutput();
    }

    public HostKeyVerifierImpl(String console) {
        this.console = console;
    }

    private String getFingerprint(byte[] serverHostKey) {
        MD5 md5 = new MD5();
        md5.update(serverHostKey);

        byte[] fingerprint = new byte[16];

        md5.digest(fingerprint);
        StringBuilder buf = new StringBuilder();
        for( byte b : fingerprint ) {
            if(buf.length()>0)  buf.append(':');
            buf.append(String.format("%02x",b));
        }
        return buf.toString();
    }

    public boolean verifyServerHostKey(String hostname, int port, String serverHostKeyAlgorithm, byte[] serverHostKey) throws Exception {
        String fingerprint = getFingerprint(serverHostKey);

        LOGGER.fine("Host key fingerprint of "+hostname+" is "+fingerprint);

        boolean matches = console.contains(fingerprint);

        if(!matches)
            LOGGER.severe("No matching fingerprint found in the console output: "+console);

        return matches;
    }

    private static final Logger LOGGER = Logger.getLogger(HostKeyVerifierImpl.class.getName());
}