Class: Gitlab::SSHPublicKey

Inherits:

Object

• Object
• Gitlab::SSHPublicKey

Defined in:

lib/gitlab/ssh_public_key.rb

Direct Known Subclasses

SshHostKey::Fingerprint

Defined Under Namespace

Classes: Technology

Constant Summary

TECHNOLOGIES =

See man.openbsd.org/sshd#AUTHORIZED_KEYS_FILE_FORMAT for the list of supported algorithms.

Technology.new(:rsa, SSHData::PublicKey::RSA, [1024, 2048, 3072, 4096], %w(ssh-rsa)),
  Technology.new(:dsa, SSHData::PublicKey::DSA, [1024, 2048, 3072], %w(ssh-dss)),
  Technology.new(:ecdsa, SSHData::PublicKey::ECDSA, [256, 384, 521], %w(ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521)),
  Technology.new(:ed25519, SSHData::PublicKey::ED25519, [256], %w(ssh-ed25519)),
  Technology.new(:ecdsa_sk, SSHData::PublicKey::SKECDSA, [256], %w(sk-ecdsa-sha2-nistp256@openssh.com)),
  Technology.new(:ed25519_sk, SSHData::PublicKey::SKED25519, [256], %w(sk-ssh-ed25519@openssh.com))
].freeze

Instance Attribute Summary

• #key ⇒ Object readonly

  Returns the value of attribute key.

• #key_text ⇒ Object readonly

  Returns the value of attribute key_text.

Class Method Summary

• .sanitize(key_content) ⇒ Object
• .supported_algorithms ⇒ Object
• .supported_algorithms_for_name(name) ⇒ Object
• .supported_sizes(name) ⇒ Object
• .supported_types ⇒ Object
• .technologies ⇒ Object
• .technology(name) ⇒ Object
• .technology_for_key(key) ⇒ Object

Instance Method Summary

• #bits ⇒ Object
• #fingerprint ⇒ Object
• #fingerprint_sha256 ⇒ Object
• #initialize(key_text) ⇒ SSHPublicKey constructor

  A new instance of SSHPublicKey.

• #type ⇒ Object
• #valid? ⇒ Boolean

Constructor Details

#initialize(key_text) ⇒ SSHPublicKey

Returns a new instance of SSHPublicKey.

# File 'lib/gitlab/ssh_public_key.rb', line 68

def initialize(key_text)
  @key_text = key_text

  # We need to strip options to parse key with options or in known_hosts
  # format. See https://man.openbsd.org/sshd#AUTHORIZED_KEYS_FILE_FORMAT
  # and https://man.openbsd.org/sshd#SSH_KNOWN_HOSTS_FILE_FORMAT
  key_text_without_options = @key_text.to_s.match(/(\A|\s)(#{self.class.supported_algorithms.join('|')}).*/).to_s

  @key =
    begin
      SSHData::PublicKey.parse_openssh(key_text_without_options)
    rescue SSHData::DecodeError
    end
end

Instance Attribute Details

#key ⇒ Object (readonly)

Returns the value of attribute key.

# File 'lib/gitlab/ssh_public_key.rb', line 66

def key
  @key
end

#key_text ⇒ Object (readonly)

Returns the value of attribute key_text.

# File 'lib/gitlab/ssh_public_key.rb', line 66

def key_text
  @key_text
end

Class Method Details

.sanitize(key_content) ⇒ Object

# File 'lib/gitlab/ssh_public_key.rb', line 50

def self.sanitize(key_content)
  ssh_type, *parts = key_content.strip.split

  return key_content if parts.empty?

  parts.each_with_object(+"#{ssh_type} ").with_index do |(part, content), index|
    content << part

    if self.new(content).valid?
      break [content, parts[index + 1]].compact.join(' ') # Add the comment part if present
    elsif parts.size == index + 1 # return original content if we've reached the last element
      break key_content
    end
  end
end

.supported_algorithms ⇒ Object

# File 'lib/gitlab/ssh_public_key.rb', line 42

def self.supported_algorithms
  technologies.flat_map { |tech| tech.supported_algorithms }
end

.supported_algorithms_for_name(name) ⇒ Object

# File 'lib/gitlab/ssh_public_key.rb', line 46

def self.supported_algorithms_for_name(name)
  technology(name).supported_algorithms
end

.supported_sizes(name) ⇒ Object

# File 'lib/gitlab/ssh_public_key.rb', line 38

def self.supported_sizes(name)
  technology(name).supported_sizes
end

.supported_types ⇒ Object

# File 'lib/gitlab/ssh_public_key.rb', line 34

def self.supported_types
  technologies.map(&:name)
end

.technologies ⇒ Object

# File 'lib/gitlab/ssh_public_key.rb', line 18

def self.technologies
  if Gitlab::FIPS.enabled?
    Gitlab::FIPS::SSH_KEY_TECHNOLOGIES
  else
    TECHNOLOGIES
  end
end

.technology(name) ⇒ Object

# File 'lib/gitlab/ssh_public_key.rb', line 26

def self.technology(name)
  technologies.find { |tech| tech.name.to_s == name.to_s }
end

.technology_for_key(key) ⇒ Object

# File 'lib/gitlab/ssh_public_key.rb', line 30

def self.technology_for_key(key)
  technologies.find { |tech| key.instance_of?(tech.key_class) }
end

Instance Method Details

#bits ⇒ Object

# File 'lib/gitlab/ssh_public_key.rb', line 99

def bits
  return unless valid?

  case type
  when :rsa
    key.n.num_bits
  when :dsa
    key.p.num_bits
  when :ecdsa
    key.openssl.group.order.num_bits
  when :ed25519
    256
  when :ecdsa_sk
    256
  when :ed25519_sk
    256
  end
end

#fingerprint ⇒ Object

# File 'lib/gitlab/ssh_public_key.rb', line 91

def fingerprint
  key.fingerprint(md5: true) if valid?
end

#fingerprint_sha256 ⇒ Object

# File 'lib/gitlab/ssh_public_key.rb', line 95

def fingerprint_sha256
  'SHA256:' + key.fingerprint(md5: false) if valid?
end

#type ⇒ Object

# File 'lib/gitlab/ssh_public_key.rb', line 87

def type
  technology.name if valid?
end

#valid? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/gitlab/ssh_public_key.rb', line 83

def valid?
  key.present?
end