in src/main/java/software/aws/neptune/jdbc/utilities/SshTunnel.java [108:145]
private static void setHostKeyType(final JSch jSch, final Session session,
final ConnectionProperties connectionProperties)
throws SQLException {
// If strict checking is disabled, set it to NO and exit.
if (!connectionProperties.getSshStrictHostKeyChecking()) {
session.setConfig(STRICT_HOST_KEY_CHECKING, NO);
return;
}
// Strict checking is enabled, need to get known hosts file.
final String knowHostsFilename = getPath(StringUtils.isBlank(connectionProperties.getSshKnownHostsFile()) ?
SSH_KNOWN_HOSTS_FILE : connectionProperties.getSshKnownHostsFile()).toString();
if (!Files.exists(Paths.get(knowHostsFilename))) {
throw SqlError.createSQLException(
LOGGER,
SqlState.INVALID_AUTHORIZATION_SPECIFICATION,
SqlError.KNOWN_HOSTS_FILE_NOT_FOUND,
connectionProperties.getSshKnownHostsFile());
}
try {
jSch.setKnownHosts(knowHostsFilename);
} catch (final JSchException e) {
throw new SQLException(e.getMessage(), e);
}
final HostKey[] hostKeys = jSch.getHostKeyRepository().getHostKey();
final HostKey hostKey = Arrays.stream(hostKeys)
.filter(hk -> hk.getHost().equals(getHostName(connectionProperties)))
.findFirst().orElse(null);
// This will ensure a match between how the host key was hashed in the known_hosts file.
final String hostKeyType = (hostKey != null) ? hostKey.getType() : null;
// Set the hash algorithm
if (hostKeyType != null) {
session.setConfig(SERVER_HOST_KEY, hostKeyType);
}
session.setConfig(HASH_KNOWN_HOSTS, YES);
}