Class: Gitlab::SSHPublicKey

Inherits:
Object
  • Object
show all
Defined in:
lib/gitlab/ssh_public_key.rb

Direct Known Subclasses

SshHostKey::Fingerprint

Defined Under Namespace

Classes: Technology

Constant Summary collapse

TECHNOLOGIES =

See man.openbsd.org/sshd#AUTHORIZED_KEYS_FILE_FORMAT for the list of supported algorithms.

Technology.new(:rsa, SSHData::PublicKey::RSA, [1024, 2048, 3072, 4096], %w(ssh-rsa)),
  Technology.new(:dsa, SSHData::PublicKey::DSA, [1024, 2048, 3072], %w(ssh-dss)),
  Technology.new(:ecdsa, SSHData::PublicKey::ECDSA, [256, 384, 521], %w(ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521)),
  Technology.new(:ed25519, SSHData::PublicKey::ED25519, [256], %w(ssh-ed25519)),
  Technology.new(:ecdsa_sk, SSHData::PublicKey::SKECDSA, [256], %w([email protected])),
  Technology.new(:ed25519_sk, SSHData::PublicKey::SKED25519, [256], %w([email protected]))
].freeze

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(key_text) ⇒ SSHPublicKey

Returns a new instance of SSHPublicKey.


68
69
70
71
72
73
74
75
76
77
78
79
80
81
# File 'lib/gitlab/ssh_public_key.rb', line 68

def initialize(key_text)
  @key_text = key_text

  # We need to strip options to parse key with options or in known_hosts
  # format. See https://man.openbsd.org/sshd#AUTHORIZED_KEYS_FILE_FORMAT
  # and https://man.openbsd.org/sshd#SSH_KNOWN_HOSTS_FILE_FORMAT
  key_text_without_options = @key_text.to_s.match(/(\A|\s)(#{self.class.supported_algorithms.join('|')}).*/).to_s

  @key =
    begin
      SSHData::PublicKey.parse_openssh(key_text_without_options)
    rescue SSHData::DecodeError
    end
end

Instance Attribute Details

#keyObject (readonly)

Returns the value of attribute key.


66
67
68
# File 'lib/gitlab/ssh_public_key.rb', line 66

def key
  @key
end

#key_textObject (readonly)

Returns the value of attribute key_text.


66
67
68
# File 'lib/gitlab/ssh_public_key.rb', line 66

def key_text
  @key_text
end

Class Method Details

.sanitize(key_content) ⇒ Object


50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
# File 'lib/gitlab/ssh_public_key.rb', line 50

def self.sanitize(key_content)
  ssh_type, *parts = key_content.strip.split

  return key_content if parts.empty?

  parts.each_with_object(+"#{ssh_type} ").with_index do |(part, content), index|
    content << part

    if self.new(content).valid?
      break [content, parts[index + 1]].compact.join(' ') # Add the comment part if present
    elsif parts.size == index + 1 # return original content if we've reached the last element
      break key_content
    end
  end
end

.supported_algorithmsObject


42
43
44
# File 'lib/gitlab/ssh_public_key.rb', line 42

def self.supported_algorithms
  technologies.flat_map { |tech| tech.supported_algorithms }
end

.supported_algorithms_for_name(name) ⇒ Object


46
47
48
# File 'lib/gitlab/ssh_public_key.rb', line 46

def self.supported_algorithms_for_name(name)
  technology(name).supported_algorithms
end

.supported_sizes(name) ⇒ Object


38
39
40
# File 'lib/gitlab/ssh_public_key.rb', line 38

def self.supported_sizes(name)
  technology(name).supported_sizes
end

.supported_typesObject


34
35
36
# File 'lib/gitlab/ssh_public_key.rb', line 34

def self.supported_types
  technologies.map(&:name)
end

.technologiesObject


18
19
20
21
22
23
24
# File 'lib/gitlab/ssh_public_key.rb', line 18

def self.technologies
  if Gitlab::FIPS.enabled?
    Gitlab::FIPS::SSH_KEY_TECHNOLOGIES
  else
    TECHNOLOGIES
  end
end

.technology(name) ⇒ Object


26
27
28
# File 'lib/gitlab/ssh_public_key.rb', line 26

def self.technology(name)
  technologies.find { |tech| tech.name.to_s == name.to_s }
end

.technology_for_key(key) ⇒ Object


30
31
32
# File 'lib/gitlab/ssh_public_key.rb', line 30

def self.technology_for_key(key)
  technologies.find { |tech| key.instance_of?(tech.key_class) }
end

Instance Method Details

#bitsObject


99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
# File 'lib/gitlab/ssh_public_key.rb', line 99

def bits
  return unless valid?

  case type
  when :rsa
    key.n.num_bits
  when :dsa
    key.p.num_bits
  when :ecdsa
    key.openssl.group.order.num_bits
  when :ed25519
    256
  when :ecdsa_sk
    256
  when :ed25519_sk
    256
  end
end

#fingerprintObject


91
92
93
# File 'lib/gitlab/ssh_public_key.rb', line 91

def fingerprint
  key.fingerprint(md5: true) if valid?
end

#fingerprint_sha256Object


95
96
97
# File 'lib/gitlab/ssh_public_key.rb', line 95

def fingerprint_sha256
  'SHA256:' + key.fingerprint(md5: false) if valid?
end

#typeObject


87
88
89
# File 'lib/gitlab/ssh_public_key.rb', line 87

def type
  technology.name if valid?
end

#valid?Boolean

Returns:

  • (Boolean)

83
84
85
# File 'lib/gitlab/ssh_public_key.rb', line 83

def valid?
  key.present?
end