diff options
author | Jeff Forcier <jeff@bitprophet.org> | 2017-08-28 17:45:54 -0700 |
---|---|---|
committer | Jeff Forcier <jeff@bitprophet.org> | 2017-08-28 17:45:56 -0700 |
commit | 03df3cf9cd0f12cc04abe88a8674e6968363340c (patch) | |
tree | ce82a9d68cfb3b4186b87c450f37686c8ae8b419 /paramiko/rsakey.py | |
parent | b942d94e2d59335f11f635164525a4f578ea6991 (diff) | |
download | paramiko-03df3cf9cd0f12cc04abe88a8674e6968363340c.tar.gz |
Overhaul PublicBlob and use it better within RSAKey.
This allows server-side Paramiko code to correctly create
cert-bearing RSAKey objects and thus verify client signatures,
and now the test suite passes again, barring the stub tests.
Re #1042
Diffstat (limited to 'paramiko/rsakey.py')
-rw-r--r-- | paramiko/rsakey.py | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/paramiko/rsakey.py b/paramiko/rsakey.py index 7abcfa28..3f28689a 100644 --- a/paramiko/rsakey.py +++ b/paramiko/rsakey.py @@ -54,8 +54,26 @@ class RSAKey(PKey): else: if msg is None: raise SSHException('Key object may not be empty') - if msg.get_text() != 'ssh-rsa': + type_ = msg.get_text() + nonce = None + # Regular public key - nothing special to do besides the implicit + # type check. + if type_ == 'ssh-rsa': + pass + # OpenSSH-compatible certificate - store full copy as .public_blob + # (so signing works correctly) and then fast-forward past the + # nonce. + elif type_ == 'ssh-rsa-cert-v01@openssh.com': + # This seems the cleanest way to 'clone' an already-being-read + # message? + self.load_certificate(Message(msg.asbytes())) + # Read out nonce as it comes before the public numbers. + # TODO: usefully interpret it & other non-public-number fields + nonce = msg.get_string() + else: raise SSHException('Invalid key') + # Now that we've read type and (possibly) nonce, public numbers are + # next in either case. self.key = rsa.RSAPublicNumbers( e=msg.get_mpint(), n=msg.get_mpint() ).public_key(default_backend()) |