Class: Net::SSH::Authentication::Certificate

Inherits:
Object
  • Object
show all
Defined in:
lib/net/ssh/authentication/certificate.rb

Overview

Class for representing an SSH certificate.

cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/usr.bin/ssh/PROTOCOL.certkeys?rev=1.10&content-type=text/plain

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#critical_optionsObject

Returns the value of attribute critical_options.



16
17
18
 
# File 'lib/net/ssh/authentication/certificate.rb', line 16

def critical_options
  @critical_options
end

#extensionsObject

Returns the value of attribute extensions.



17
18
19
 
# File 'lib/net/ssh/authentication/certificate.rb', line 17

def extensions
  @extensions
end

#keyObject

Returns the value of attribute key.



9
10
11
 
# File 'lib/net/ssh/authentication/certificate.rb', line 9

def key
  @key
end

#key_idObject

Returns the value of attribute key_id.



12
13
14
 
# File 'lib/net/ssh/authentication/certificate.rb', line 12

def key_id
  @key_id
end

#nonceObject

Returns the value of attribute nonce.



8
9
10
 
# File 'lib/net/ssh/authentication/certificate.rb', line 8

def nonce
  @nonce
end

#reservedObject

Returns the value of attribute reserved.



18
19
20
 
# File 'lib/net/ssh/authentication/certificate.rb', line 18

def reserved
  @reserved
end

#serialObject

Returns the value of attribute serial.



10
11
12
 
# File 'lib/net/ssh/authentication/certificate.rb', line 10

def serial
  @serial
end

#signatureObject

Returns the value of attribute signature.



20
21
22
 
# File 'lib/net/ssh/authentication/certificate.rb', line 20

def signature
  @signature
end

#signature_keyObject

Returns the value of attribute signature_key.



19
20
21
 
# File 'lib/net/ssh/authentication/certificate.rb', line 19

def signature_key
  @signature_key
end

#typeObject

Returns the value of attribute type.



11
12
13
 
# File 'lib/net/ssh/authentication/certificate.rb', line 11

def type
  @type
end

#valid_afterObject

Returns the value of attribute valid_after.



14
15
16
 
# File 'lib/net/ssh/authentication/certificate.rb', line 14

def valid_after
  @valid_after
end

#valid_beforeObject

Returns the value of attribute valid_before.



15
16
17
 
# File 'lib/net/ssh/authentication/certificate.rb', line 15

def valid_before
  @valid_before
end

#valid_principalsObject

Returns the value of attribute valid_principals.



13
14
15
 
# File 'lib/net/ssh/authentication/certificate.rb', line 13

def valid_principals
  @valid_principals
end

Class Method Details

.read_certblob(buffer, type) ⇒ Object

Read a certificate blob associated with a key of the given type.



23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/net/ssh/authentication/certificate.rb', line 23

def self.read_certblob(buffer, type)
  cert = Certificate.new
  cert.nonce = buffer.read_string
  cert.key = buffer.read_keyblob(type)
  cert.serial = buffer.read_int64
  cert.type = type_symbol(buffer.read_long)
  cert.key_id = buffer.read_string
  cert.valid_principals = buffer.read_buffer.read_all(&:read_string)
  cert.valid_after = Time.at(buffer.read_int64)
  cert.valid_before = Time.at(buffer.read_int64)
  cert.critical_options = read_options(buffer)
  cert.extensions = read_options(buffer)
  cert.reserved = buffer.read_string
  cert.signature_key = buffer.read_buffer.read_key
  cert.signature = buffer.read_string
  cert
end

Instance Method Details

#fingerprintObject 



69
70
71
 
# File 'lib/net/ssh/authentication/certificate.rb', line 69

def fingerprint
  key.fingerprint
end

#sign(key, sign_nonce = nil) ⇒ Object 



85
86
87
88
 
# File 'lib/net/ssh/authentication/certificate.rb', line 85

def sign(key, sign_nonce=nil)
  cert = clone
  cert.sign!(key, sign_nonce)
end

#sign!(key, sign_nonce = nil) ⇒ Object

Signs the certificate with key.



74
75
76
77
78
79
80
81
82
83
 
# File 'lib/net/ssh/authentication/certificate.rb', line 74

def sign!(key, sign_nonce=nil)
  # ssh-keygen uses 32 bytes of nonce.
  self.nonce = sign_nonce || SecureRandom.random_bytes(32)
  self.signature_key = key
  self.signature = Net::SSH::Buffer.from(
    :string, key.ssh_signature_type,
    :mstring, key.ssh_do_sign(to_blob_without_signature)
  ).to_s
  self
end

#signature_valid?Boolean

Checks whether the certificate’s signature was signed by signature key.

Returns:

  • (Boolean) 


91
92
93
94
95
 
# File 'lib/net/ssh/authentication/certificate.rb', line 91

def signature_valid?
  buffer = Buffer.new(signature)
  buffer.read_string # skip signature format
  signature_key.ssh_do_verify(buffer.read_string, to_blob_without_signature)
end

#ssh_do_sign(data) ⇒ Object 



57
58
59
 
# File 'lib/net/ssh/authentication/certificate.rb', line 57

def ssh_do_sign(data)
  key.ssh_do_sign(data)
end

#ssh_do_verify(sig, data) ⇒ Object 



61
62
63
 
# File 'lib/net/ssh/authentication/certificate.rb', line 61

def ssh_do_verify(sig, data)
  key.ssh_do_verify(sig, data)
end

#ssh_signature_typeObject 



45
46
47
 
# File 'lib/net/ssh/authentication/certificate.rb', line 45

def ssh_signature_type
  key.ssh_type
end

#ssh_typeObject 



41
42
43
 
# File 'lib/net/ssh/authentication/certificate.rb', line 41

def ssh_type
  key.ssh_type + "[email protected]"
end

#to_blobObject

Serializes the certificate (and key).



50
51
52
53
54
55
 
# File 'lib/net/ssh/authentication/certificate.rb', line 50

def to_blob
  Buffer.from(
    :raw, to_blob_without_signature,
    :string, signature
  ).to_s
end

#to_pemObject 



65
66
67
 
# File 'lib/net/ssh/authentication/certificate.rb', line 65

def to_pem
  key.to_pem
end