diff options
Diffstat (limited to 'lib/net/ssh/authentication/certificate.rb')
| -rw-r--r-- | lib/net/ssh/authentication/certificate.rb | 50 |
1 files changed, 26 insertions, 24 deletions
diff --git a/lib/net/ssh/authentication/certificate.rb b/lib/net/ssh/authentication/certificate.rb index cfd8c4e..ecf5df8 100644 --- a/lib/net/ssh/authentication/certificate.rb +++ b/lib/net/ssh/authentication/certificate.rb @@ -1,7 +1,7 @@ require 'securerandom' -module Net - module SSH +module Net + module SSH module Authentication # Class for representing an SSH certificate. # @@ -20,7 +20,7 @@ module Net attr_accessor :reserved attr_accessor :signature_key attr_accessor :signature - + # Read a certificate blob associated with a key of the given type. def self.read_certblob(buffer, type) cert = Certificate.new @@ -39,15 +39,15 @@ module Net cert.signature = buffer.read_string cert end - + def ssh_type key.ssh_type + "-cert-v01@openssh.com" end - + def ssh_signature_type key.ssh_type end - + # Serializes the certificate (and key). def to_blob Buffer.from( @@ -55,23 +55,23 @@ module Net :string, signature ).to_s end - + def ssh_do_sign(data) key.ssh_do_sign(data) end - + def ssh_do_verify(sig, data) key.ssh_do_verify(sig, data) end - + def to_pem key.to_pem end - + def fingerprint key.fingerprint end - + # Signs the certificate with key. def sign!(key, sign_nonce=nil) # ssh-keygen uses 32 bytes of nonce. @@ -83,19 +83,19 @@ module Net ).to_s self end - + def sign(key, sign_nonce=nil) cert = clone cert.sign!(key, sign_nonce) end - + # Checks whether the certificate's signature was signed by signature key. def signature_valid? buffer = Buffer.new(signature) buffer.read_string # skip signature format signature_key.ssh_do_verify(buffer.read_string, to_blob_without_signature) end - + def self.read_options(buffer) names = [] options = buffer.read_buffer.read_all do |b| @@ -105,33 +105,33 @@ module Net data = Buffer.new(data).read_string unless data.empty? [name, data] end - + raise ArgumentError, "option/extension names must be in sorted order" if names.sort != names - + Hash[options] end private_class_method :read_options - + def self.type_symbol(type) types = { 1 => :user, 2 => :host } raise ArgumentError("unsupported type: #{type}") unless types.include?(type) types.fetch(type) end private_class_method :type_symbol - + private - + def type_value(type) types = { user: 1, host: 2 } raise ArgumentError("unsupported type: #{type}") unless types.include?(type) types.fetch(type) end - + def ssh_time(t) # Times in certificates are represented as a uint64. [[t.to_i, 0].max, 2 << 64 - 1].min end - + def to_blob_without_signature Buffer.from( :string, ssh_type, @@ -149,14 +149,14 @@ module Net :string, signature_key.to_blob ).to_s end - + def key_without_type # key.to_blob gives us e.g. "ssh-rsa,<key>" but we just want "<key>". tmp = Buffer.new(key.to_blob) tmp.read_string # skip the underlying key type tmp.read end - + def options_to_blob(options) options.keys.sort.inject(Buffer.new) do |b, name| b.write_string(name) @@ -166,4 +166,6 @@ module Net end.to_s end end -end; end; end + end + end +end |