Method: Equity::Controller::Key.authorized_keys

Defined in:
lib/equity/controller/key.rb

.authorized_keysObject

Returns an array of keys which are authorized to control equity. Raises a SecurityError if either of the authorized key files are writable by group or world, or if a private key is found in the files.



126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
 
# File 'lib/equity/controller/key.rb', line 126

def self.authorized_keys
  # Return cached keys if they've already been loaded.
  return @authorized_keys if @authorized_keys
  # Read the keys and verify file permissions.
  pem = ""
  if File.exist?(PERSONAL_AUTHORIZED_KEYS_PATH)
    mode = File.stat(PERSONAL_AUTHORIZED_KEYS_PATH).mode
    unless mode & 022 == 0
      raise SecurityError, "unsafe permissions on #{PERSONAL_AUTHORIZED_KEYS_PATH} - must not be writable by group or world"
    end
    pem = IO.read(PERSONAL_AUTHORIZED_KEYS_PATH) + "\n"
  end
  if File.exist?(SYSTEM_AUTHORIZED_KEYS_PATH)
    mode = File.stat(SYSTEM_AUTHORIZED_KEYS_PATH).mode
    unless mode & 022 == 0
      raise SecurityError, "unsafe permissions on #{SYSTEM_AUTHORIZED_KEYS_PATH} - must not be writable by group or world"
    end
    pem += IO.read(SYSTEM_AUTHORIZED_KEYS_PATH)
  end
  # Instantiate the keys and verify that they're all public.
  pems = pem.split(/-----END DSA PUBLIC KEY-----/)
  pems.pop
  pems.collect! do |pem|
    key = new(pem + "-----END DSA PUBLIC KEY-----")
    if key.private?
      raise SecurityError, "private key found in authorized keys - only public keys should be authorized"
    end
    key
  end
  # Cache the loaded keys.
  @authorized_keys = pems
end