Class: Gitlab::SSHPublicKey
- Inherits:
-
Object
- Object
- Gitlab::SSHPublicKey
- Includes:
- Utils::StrongMemoize
- Defined in:
- lib/gitlab/ssh_public_key.rb
Direct Known Subclasses
Defined Under Namespace
Classes: Technology
Constant Summary collapse
- TECHNOLOGIES =
See man.openbsd.org/sshd#AUTHORIZED_KEYS_FILE_FORMAT for the list of supported algorithms.
Technology.new(:rsa, SSHData::PublicKey::RSA, [1024, 2048, 3072, 4096], %w[ssh-rsa]), Technology.new(:dsa, SSHData::PublicKey::DSA, [1024, 2048, 3072], %w[ssh-dss]), Technology.new(:ecdsa, SSHData::PublicKey::ECDSA, [256, 384, 521], %w[ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521]), Technology.new(:ed25519, SSHData::PublicKey::ED25519, [256], %w[ssh-ed25519]), Technology.new(:ecdsa_sk, SSHData::PublicKey::SKECDSA, [256], %w[[email protected]]), Technology.new(:ed25519_sk, SSHData::PublicKey::SKED25519, [256], %w[[email protected]]) ].freeze
Instance Attribute Summary collapse
-
#key ⇒ Object
readonly
Returns the value of attribute key.
-
#key_text ⇒ Object
readonly
Returns the value of attribute key_text.
Class Method Summary collapse
- .sanitize(key_content) ⇒ Object
- .supported_algorithms ⇒ Object
- .supported_algorithms_for_name(name) ⇒ Object
- .supported_sizes(name) ⇒ Object
- .supported_types ⇒ Object
- .technologies ⇒ Object
- .technology(name) ⇒ Object
- .technology_for_key(key) ⇒ Object
Instance Method Summary collapse
- #banned? ⇒ Boolean
- #bits ⇒ Object
- #fingerprint ⇒ Object
- #fingerprint_sha256 ⇒ Object
-
#initialize(key_text) ⇒ SSHPublicKey
constructor
A new instance of SSHPublicKey.
- #type ⇒ Object
- #valid? ⇒ Boolean
Constructor Details
#initialize(key_text) ⇒ SSHPublicKey
Returns a new instance of SSHPublicKey.
70 71 72 73 74 75 76 77 78 79 80 81 82 83 |
# File 'lib/gitlab/ssh_public_key.rb', line 70 def initialize(key_text) @key_text = key_text # We need to strip options to parse key with options or in known_hosts # format. See https://man.openbsd.org/sshd#AUTHORIZED_KEYS_FILE_FORMAT # and https://man.openbsd.org/sshd#SSH_KNOWN_HOSTS_FILE_FORMAT = @key_text.to_s.match(/(\A|\s)(#{self.class.supported_algorithms.join('|')}).*/).to_s @key = begin SSHData::PublicKey.parse_openssh() rescue SSHData::DecodeError end end |
Instance Attribute Details
#key ⇒ Object (readonly)
Returns the value of attribute key.
68 69 70 |
# File 'lib/gitlab/ssh_public_key.rb', line 68 def key @key end |
#key_text ⇒ Object (readonly)
Returns the value of attribute key_text.
68 69 70 |
# File 'lib/gitlab/ssh_public_key.rb', line 68 def key_text @key_text end |
Class Method Details
.sanitize(key_content) ⇒ Object
52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 |
# File 'lib/gitlab/ssh_public_key.rb', line 52 def self.sanitize(key_content) ssh_type, *parts = key_content.strip.split return key_content if parts.empty? parts.each_with_object(+"#{ssh_type} ").with_index do |(part, content), index| content << part if self.new(content).valid? break [content, parts[index + 1]].compact.join(' ') # Add the comment part if present elsif parts.size == index + 1 # return original content if we've reached the last element break key_content end end end |
.supported_algorithms ⇒ Object
44 45 46 |
# File 'lib/gitlab/ssh_public_key.rb', line 44 def self.supported_algorithms technologies.flat_map { |tech| tech.supported_algorithms } end |
.supported_algorithms_for_name(name) ⇒ Object
48 49 50 |
# File 'lib/gitlab/ssh_public_key.rb', line 48 def self.supported_algorithms_for_name(name) technology(name).supported_algorithms end |
.supported_sizes(name) ⇒ Object
40 41 42 |
# File 'lib/gitlab/ssh_public_key.rb', line 40 def self.supported_sizes(name) technology(name).supported_sizes end |
.supported_types ⇒ Object
36 37 38 |
# File 'lib/gitlab/ssh_public_key.rb', line 36 def self.supported_types technologies.map(&:name) end |
.technologies ⇒ Object
20 21 22 23 24 25 26 |
# File 'lib/gitlab/ssh_public_key.rb', line 20 def self.technologies if Gitlab::FIPS.enabled? Gitlab::FIPS::SSH_KEY_TECHNOLOGIES else TECHNOLOGIES end end |
.technology(name) ⇒ Object
28 29 30 |
# File 'lib/gitlab/ssh_public_key.rb', line 28 def self.technology(name) technologies.find { |tech| tech.name.to_s == name.to_s } end |
.technology_for_key(key) ⇒ Object
32 33 34 |
# File 'lib/gitlab/ssh_public_key.rb', line 32 def self.technology_for_key(key) technologies.find { |tech| key.instance_of?(tech.key_class) } end |
Instance Method Details
#banned? ⇒ Boolean
120 121 122 123 124 |
# File 'lib/gitlab/ssh_public_key.rb', line 120 def banned? return false unless valid? banned_ssh_keys.fetch(type.to_s, []).include?(fingerprint_sha256) end |
#bits ⇒ Object
101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 |
# File 'lib/gitlab/ssh_public_key.rb', line 101 def bits return unless valid? case type when :rsa key.n.num_bits when :dsa key.p.num_bits when :ecdsa key.openssl.group.order.num_bits when :ed25519 256 when :ecdsa_sk 256 when :ed25519_sk 256 end end |
#fingerprint ⇒ Object
93 94 95 |
# File 'lib/gitlab/ssh_public_key.rb', line 93 def fingerprint key.fingerprint(md5: true) if valid? end |
#fingerprint_sha256 ⇒ Object
97 98 99 |
# File 'lib/gitlab/ssh_public_key.rb', line 97 def fingerprint_sha256 'SHA256:' + key.fingerprint(md5: false) if valid? end |
#type ⇒ Object
89 90 91 |
# File 'lib/gitlab/ssh_public_key.rb', line 89 def type technology.name if valid? end |
#valid? ⇒ Boolean
85 86 87 |
# File 'lib/gitlab/ssh_public_key.rb', line 85 def valid? key.present? end |