13 files changed, 114 insertions, 19 deletions

diff --git a/qa/Gemfile b/qa/Gemfile
index c3e61568f3d..d69c71003ae 100644
--- a/qa/Gemfile
+++ b/qa/Gemfile
@@ -6,5 +6,4 @@ gem 'capybara-screenshot', '~> 1.0.18'
 gem 'rake', '~> 12.3.0'
 gem 'rspec', '~> 3.7'
 gem 'selenium-webdriver', '~> 3.8.0'
-gem 'net-ssh', require: false
 gem 'airborne', '~> 0.2.13'
diff --git a/qa/Gemfile.lock b/qa/Gemfile.lock
index 51d2e4d7a10..565adac7499 100644
--- a/qa/Gemfile.lock
+++ b/qa/Gemfile.lock
@@ -46,7 +46,6 @@ GEM
     mini_mime (1.0.0)
     mini_portile2 (2.3.0)
     minitest (5.11.1)
-    net-ssh (4.1.0)
     netrc (0.11.0)
     nokogiri (1.8.1)
       mini_portile2 (~> 2.3.0)
@@ -98,7 +97,6 @@ DEPENDENCIES
   airborne (~> 0.2.13)
   capybara (~> 2.16.1)
   capybara-screenshot (~> 1.0.18)
-  net-ssh
   pry-byebug (~> 3.5.1)
   rake (~> 12.3.0)
   rspec (~> 3.7)
diff --git a/qa/qa.rb b/qa/qa.rb
index f2ad43cd04a..fb926dbe735 100644
--- a/qa/qa.rb
+++ b/qa/qa.rb
@@ -15,7 +15,11 @@ module QA
     autoload :API, 'qa/runtime/api'
 
     module Key
+      autoload :Base, 'qa/runtime/key/base'
       autoload :RSA, 'qa/runtime/key/rsa'
+      autoload :DSA, 'qa/runtime/key/dsa'
+      autoload :ECDSA, 'qa/runtime/key/ecdsa'
+      autoload :ED25519, 'qa/runtime/key/ed25519'
     end
   end
 
diff --git a/qa/qa/runtime/key/base.rb b/qa/qa/runtime/key/base.rb
new file mode 100644
index 00000000000..85f339033e5
--- /dev/null
+++ b/qa/qa/runtime/key/base.rb
@@ -0,0 +1,38 @@
+module QA
+  module Runtime
+    module Key
+      class Base
+        attr_reader :private_key, :public_key, :fingerprint
+
+        def initialize(name, bits)
+          Dir.mktmpdir do |dir|
+            path = "#{dir}/id_#{name}"
+
+            ssh_keygen(name, bits, path)
+            populate_key_data(path)
+          end
+        end
+
+        private
+
+        def ssh_keygen(name, bits, path)
+          cmd = %W[ssh-keygen -t #{name} -b #{bits} -f #{path} -N] << ''
+
+          IO.popen([*cmd, err: %i[child out]]) do |io|
+            out = io.read
+            io.close
+
+            raise "ssh-keygen failed with output: #{out}" unless $?.success?
+          end
+        end
+
+        def populate_key_data(path)
+          @private_key = File.binread(path)
+          @public_key = File.binread("#{path}.pub")
+          @fingerprint =
+            `ssh-keygen -l -E md5 -f #{path} | cut -d' ' -f2 | cut -d: -f2-`.chomp
+        end
+      end
+    end
+  end
+end
diff --git a/qa/qa/runtime/key/dsa.rb b/qa/qa/runtime/key/dsa.rb
new file mode 100644
index 00000000000..e984107b747
--- /dev/null
+++ b/qa/qa/runtime/key/dsa.rb
@@ -0,0 +1,11 @@
+module QA
+  module Runtime
+    module Key
+      class DSA < Base
+        def initialize
+          super('dsa', 1024)
+        end
+      end
+    end
+  end
+end
diff --git a/qa/qa/runtime/key/ecdsa.rb b/qa/qa/runtime/key/ecdsa.rb
new file mode 100644
index 00000000000..71238e4352a
--- /dev/null
+++ b/qa/qa/runtime/key/ecdsa.rb
@@ -0,0 +1,11 @@
+module QA
+  module Runtime
+    module Key
+      class ECDSA < Base
+        def initialize(bits = 521)
+          super('ecdsa', bits)
+        end
+      end
+    end
+  end
+end
diff --git a/qa/qa/runtime/key/ed25519.rb b/qa/qa/runtime/key/ed25519.rb
new file mode 100644
index 00000000000..bd2f2522447
--- /dev/null
+++ b/qa/qa/runtime/key/ed25519.rb
@@ -0,0 +1,11 @@
+module QA
+  module Runtime
+    module Key
+      class ED25519 < Base
+        def initialize
+          super('ed25519', 256)
+        end
+      end
+    end
+  end
+end
diff --git a/qa/qa/runtime/key/rsa.rb b/qa/qa/runtime/key/rsa.rb
index faa6b47b5a0..d94bde52325 100644
--- a/qa/qa/runtime/key/rsa.rb
+++ b/qa/qa/runtime/key/rsa.rb
@@ -1,21 +1,9 @@
-require 'net/ssh'
-require 'forwardable'
-
 module QA
   module Runtime
     module Key
-      class RSA
-        extend Forwardable
-
-        attr_reader :key
-        def_delegators :@key, :fingerprint, :to_pem
-
+      class RSA < Base
         def initialize(bits = 4096)
-          @key = OpenSSL::PKey::RSA.new(bits)
-        end
-
-        def public_key
-          @public_key ||= "#{key.ssh_type} #{[key.to_blob].pack('m0')}"
+          super('rsa', bits)
         end
       end
     end
diff --git a/qa/qa/specs/features/project/deploy_key_clone_spec.rb b/qa/qa/specs/features/project/deploy_key_clone_spec.rb
index 0c09f8168d9..0e240bf9029 100644
--- a/qa/qa/specs/features/project/deploy_key_clone_spec.rb
+++ b/qa/qa/specs/features/project/deploy_key_clone_spec.rb
@@ -35,7 +35,7 @@ module QA
       Factory::Resource::SecretVariable.fabricate! do |resource|
         resource.project = project
         resource.key = 'DEPLOY_KEY'
-        resource.value = key.to_pem
+        resource.value = key.private_key
       end
 
       project.visit!
diff --git a/qa/spec/runtime/key/dsa_spec.rb b/qa/spec/runtime/key/dsa_spec.rb
new file mode 100644
index 00000000000..600e7ce4ee6
--- /dev/null
+++ b/qa/spec/runtime/key/dsa_spec.rb
@@ -0,0 +1,9 @@
+describe QA::Runtime::Key::DSA do
+  describe '#public_key' do
+    subject { described_class.new.public_key }
+
+    it 'generates a public DSA key' do
+      expect(subject).to match(%r{\Assh\-dss AAAA[0-9A-Za-z+/]+={0,3}})
+    end
+  end
+end
diff --git a/qa/spec/runtime/key/ecdsa_spec.rb b/qa/spec/runtime/key/ecdsa_spec.rb
new file mode 100644
index 00000000000..55a5c5e5c1b
--- /dev/null
+++ b/qa/spec/runtime/key/ecdsa_spec.rb
@@ -0,0 +1,17 @@
+describe QA::Runtime::Key::ECDSA do
+  describe '#public_key' do
+    [256, 384, 521].each do |bits|
+      it "generates a public #{bits}-bits ECDSA key" do
+        subject = described_class.new(bits).public_key
+
+        expect(subject).to match(%r{\Aecdsa\-sha2\-\w+ AAAA[0-9A-Za-z+/]+={0,3}})
+      end
+    end
+  end
+
+  describe '#new' do
+    it 'does not support arbitrary bits' do
+      expect { described_class.new(123) }.to raise_error(RuntimeError)
+    end
+  end
+end
diff --git a/qa/spec/runtime/key/ed25519_spec.rb b/qa/spec/runtime/key/ed25519_spec.rb
new file mode 100644
index 00000000000..4844e7affdf
--- /dev/null
+++ b/qa/spec/runtime/key/ed25519_spec.rb
@@ -0,0 +1,9 @@
+describe QA::Runtime::Key::ED25519 do
+  describe '#public_key' do
+    subject { described_class.new.public_key }
+
+    it 'generates a public ED25519 key' do
+      expect(subject).to match(%r{\Assh\-ed25519 AAAA[0-9A-Za-z+/]})
+    end
+  end
+end
diff --git a/qa/spec/runtime/key/rsa_spec.rb b/qa/spec/runtime/key/rsa_spec.rb
index 0921f9a7c6b..fbcc7ffdcb4 100644
--- a/qa/spec/runtime/key/rsa_spec.rb
+++ b/qa/spec/runtime/key/rsa_spec.rb
@@ -3,7 +3,7 @@ describe QA::Runtime::Key::RSA do
     subject { described_class.new.public_key }
 
     it 'generates a public RSA key' do
-      expect(subject).to match(%r{\Assh\-rsa AAAA[0-9A-Za-z+/]+={0,3}\z})
+      expect(subject).to match(%r{\Assh\-rsa AAAA[0-9A-Za-z+/]+={0,3}})
     end
   end
 end