Class: Net::SSH::Authentication::Certificate

Inherits:

Object

• Object
• Net::SSH::Authentication::Certificate

Defined in:

lib/net/ssh/authentication/certificate.rb

Overview

Class for representing an SSH certificate.

cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/usr.bin/ssh/PROTOCOL.certkeys?rev=1.10&content-type=text/plain

Instance Attribute Summary

• #critical_options ⇒ Object

  Returns the value of attribute critical_options.

• #extensions ⇒ Object

  Returns the value of attribute extensions.

• #key ⇒ Object

  Returns the value of attribute key.

• #key_id ⇒ Object

  Returns the value of attribute key_id.

• #nonce ⇒ Object

  Returns the value of attribute nonce.

• #reserved ⇒ Object

  Returns the value of attribute reserved.

• #serial ⇒ Object

  Returns the value of attribute serial.

• #signature ⇒ Object

  Returns the value of attribute signature.

• #signature_key ⇒ Object

  Returns the value of attribute signature_key.

• #type ⇒ Object

  Returns the value of attribute type.

• #valid_after ⇒ Object

  Returns the value of attribute valid_after.

• #valid_before ⇒ Object

  Returns the value of attribute valid_before.

• #valid_principals ⇒ Object

  Returns the value of attribute valid_principals.

Class Method Summary

• .read_certblob(buffer, type) ⇒ Object

  Read a certificate blob associated with a key of the given type.

Instance Method Summary

• #fingerprint ⇒ Object
• #sign(key, sign_nonce = nil) ⇒ Object
• #sign!(key, sign_nonce = nil) ⇒ Object

  Signs the certificate with key.

• #signature_valid? ⇒ Boolean

  Checks whether the certificate’s signature was signed by signature key.

• #ssh_do_sign(data) ⇒ Object
• #ssh_do_verify(sig, data) ⇒ Object
• #ssh_signature_type ⇒ Object
• #ssh_type ⇒ Object
• #to_blob ⇒ Object

  Serializes the certificate (and key).

• #to_pem ⇒ Object

Instance Attribute Details

#critical_options ⇒ Object

Returns the value of attribute critical_options.

# File 'lib/net/ssh/authentication/certificate.rb', line 18

def critical_options
  @critical_options
end

#extensions ⇒ Object

Returns the value of attribute extensions.

# File 'lib/net/ssh/authentication/certificate.rb', line 19

def extensions
  @extensions
end

#key ⇒ Object

Returns the value of attribute key.

# File 'lib/net/ssh/authentication/certificate.rb', line 11

def key
  @key
end

#key_id ⇒ Object

Returns the value of attribute key_id.

# File 'lib/net/ssh/authentication/certificate.rb', line 14

def key_id
  @key_id
end

#nonce ⇒ Object

Returns the value of attribute nonce.

# File 'lib/net/ssh/authentication/certificate.rb', line 10

def nonce
  @nonce
end

#reserved ⇒ Object

Returns the value of attribute reserved.

# File 'lib/net/ssh/authentication/certificate.rb', line 20

def reserved
  @reserved
end

#serial ⇒ Object

Returns the value of attribute serial.

# File 'lib/net/ssh/authentication/certificate.rb', line 12

def serial
  @serial
end

#signature ⇒ Object

Returns the value of attribute signature.

# File 'lib/net/ssh/authentication/certificate.rb', line 22

def signature
  @signature
end

#signature_key ⇒ Object

Returns the value of attribute signature_key.

# File 'lib/net/ssh/authentication/certificate.rb', line 21

def signature_key
  @signature_key
end

#type ⇒ Object

Returns the value of attribute type.

# File 'lib/net/ssh/authentication/certificate.rb', line 13

def type
  @type
end

#valid_after ⇒ Object

Returns the value of attribute valid_after.

# File 'lib/net/ssh/authentication/certificate.rb', line 16

def valid_after
  @valid_after
end

#valid_before ⇒ Object

Returns the value of attribute valid_before.

# File 'lib/net/ssh/authentication/certificate.rb', line 17

def valid_before
  @valid_before
end

#valid_principals ⇒ Object

Returns the value of attribute valid_principals.

# File 'lib/net/ssh/authentication/certificate.rb', line 15

def valid_principals
  @valid_principals
end

Class Method Details

.read_certblob(buffer, type) ⇒ Object

Read a certificate blob associated with a key of the given type.

# File 'lib/net/ssh/authentication/certificate.rb', line 25

def self.read_certblob(buffer, type)
  cert = Certificate.new
  cert.nonce = buffer.read_string
  cert.key = buffer.read_keyblob(type)
  cert.serial = buffer.read_int64
  cert.type = type_symbol(buffer.read_long)
  cert.key_id = buffer.read_string
  cert.valid_principals = buffer.read_buffer.read_all(&:read_string)
  cert.valid_after = Time.at(buffer.read_int64)
  
  cert.valid_before = if RUBY_PLATFORM == "java"
                        # 0x20c49ba5e353f7 = 0x7fffffffffffffff/1000, the largest value possible for JRuby
                        # JRuby Time.at multiplies the arg by 1000, and then stores it in a signed long.
                        # 0x20c49ba5e353f7 = 292278994-08-17 01:12:55 -0600
                        Time.at([0x20c49ba5e353f7, buffer.read_int64].min)
                      else
                        Time.at(buffer.read_int64)
                      end

  cert.critical_options = read_options(buffer)
  cert.extensions = read_options(buffer)
  cert.reserved = buffer.read_string
  cert.signature_key = buffer.read_buffer.read_key
  cert.signature = buffer.read_string
  cert
end

Instance Method Details

#fingerprint ⇒ Object

# File 'lib/net/ssh/authentication/certificate.rb', line 80

def fingerprint
  key.fingerprint
end

#sign(key, sign_nonce = nil) ⇒ Object

# File 'lib/net/ssh/authentication/certificate.rb', line 96

def sign(key, sign_nonce=nil)
  cert = clone
  cert.sign!(key, sign_nonce)
end

#sign!(key, sign_nonce = nil) ⇒ Object

Signs the certificate with key.

# File 'lib/net/ssh/authentication/certificate.rb', line 85

def sign!(key, sign_nonce=nil)
  # ssh-keygen uses 32 bytes of nonce.
  self.nonce = sign_nonce || SecureRandom.random_bytes(32)
  self.signature_key = key
  self.signature = Net::SSH::Buffer.from(
    :string, key.ssh_signature_type,
    :mstring, key.ssh_do_sign(to_blob_without_signature)
  ).to_s
  self
end

#signature_valid? ⇒ Boolean

Checks whether the certificate’s signature was signed by signature key.

Returns:

• (Boolean)

# File 'lib/net/ssh/authentication/certificate.rb', line 102

def signature_valid?
  buffer = Buffer.new(signature)
  buffer.read_string # skip signature format
  signature_key.ssh_do_verify(buffer.read_string, to_blob_without_signature)
end

#ssh_do_sign(data) ⇒ Object

# File 'lib/net/ssh/authentication/certificate.rb', line 68

def ssh_do_sign(data)
  key.ssh_do_sign(data)
end

#ssh_do_verify(sig, data) ⇒ Object

# File 'lib/net/ssh/authentication/certificate.rb', line 72

def ssh_do_verify(sig, data)
  key.ssh_do_verify(sig, data)
end

#ssh_signature_type ⇒ Object

# File 'lib/net/ssh/authentication/certificate.rb', line 56

def ssh_signature_type
  key.ssh_type
end

#ssh_type ⇒ Object

# File 'lib/net/ssh/authentication/certificate.rb', line 52

def ssh_type
  key.ssh_type + "-cert-v01@openssh.com"
end

#to_blob ⇒ Object

Serializes the certificate (and key).

# File 'lib/net/ssh/authentication/certificate.rb', line 61

def to_blob
  Buffer.from(
    :raw, to_blob_without_signature,
    :string, signature
  ).to_s
end

#to_pem ⇒ Object

# File 'lib/net/ssh/authentication/certificate.rb', line 76

def to_pem
  key.to_pem
end