Module: DeprecatedRsaSha1::KeyManager

Defined in:
lib/vagrant/patches/net-ssh.rb

Instance Method Summary collapse

Instance Method Details

#initialize(logger, options = {}) ⇒ Object


9
10
11
12
# File 'lib/vagrant/patches/net-ssh.rb', line 9

def initialize(logger, options={})
  @deprecated_rsa_sha1 = options.delete(:deprecated_rsa_sha1)
  super
end

#load_identities(identities, ask_passphrase, ignore_decryption_errors) ⇒ Object


42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
# File 'lib/vagrant/patches/net-ssh.rb', line 42

def load_identities(identities, ask_passphrase, ignore_decryption_errors)
  identities.map do |identity|
    begin
      case identity[:load_from]
      when :pubkey_file
        key = Net::SSH::KeyFactory.load_public_key(identity[:pubkey_file])
        if @deprecated_rsa_sha1 && key.respond_to?(:deprecated_rsa_sha1=)
          key.deprecated_rsa_sha1 = true
          Vagrant.global_logger.debug("set RSA SHA1 deprecation on public key: #{key.fingerprint}")
        end
        { public_key: key, from: :file, file: identity[:privkey_file] }
      when :privkey_file
        private_key = Net::SSH::KeyFactory.load_private_key(
          identity[:privkey_file], options[:passphrase], ask_passphrase, options[:password_prompt]
        )
        key = private_key.send(:public_key)
        if @deprecated_rsa_sha1 && key.respond_to?(:deprecated_rsa_sha1=)
          key.deprecated_rsa_sha1 = true
          private_key.deprecated_rsa_sha1 = true
          Vagrant.global_logger.debug("set RSA SHA1 deprecation on public key: #{key.fingerprint}")
          Vagrant.global_logger.debug("set RSA SHA1 deprecation on private key: #{private_key.fingerprint}")
        end
        { public_key: key, from: :file, file: identity[:privkey_file], key: private_key }
      when :data
        private_key = Net::SSH::KeyFactory.load_data_private_key(
          identity[:data], options[:passphrase], ask_passphrase, "<key in memory>", options[:password_prompt]
        )
        key = private_key.send(:public_key)
        if @deprecated_rsa_sha1 && key.respond_to?(:deprecated_rsa_sha1=)
          key.deprecated_rsa_sha1 = true
          private_key.deprecated_rsa_sha1 = true
          Vagrant.global_logger.debug("set RSA SHA1 deprecation on public key: #{key.fingerprint}")
          Vagrant.global_logger.debug("set RSA SHA1 deprecation on private key: #{private_key.fingerprint}")
        end
        { public_key: key, from: :key_data, data: identity[:data], key: private_key }
      else
        identity
      end
    rescue OpenSSL::PKey::RSAError, OpenSSL::PKey::DSAError, OpenSSL::PKey::ECError, OpenSSL::PKey::PKeyError, ArgumentError => e
      if ignore_decryption_errors
        identity
      else
        process_identity_loading_error(identity, e)
        nil
      end
    rescue Exception => e
      process_identity_loading_error(identity, e)
      nil
    end
  end.compact
end

#sign(identity, data) ⇒ Object

Raises:

  • (Net::SSH::Authentication::KeyManager::KeyManagerError)

14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
# File 'lib/vagrant/patches/net-ssh.rb', line 14

def sign(identity, data)
  info = known_identities[identity] or raise Net::SSH::Authentication::KeyManager::KeyManagerError, "the given identity is unknown to the key manager"

  if info[:key].nil? && info[:from] == :file
    begin
      info[:key] = Net::SSH::KeyFactory.load_private_key(info[:file], options[:passphrase], !options[:non_interactive], options[:password_prompt])
      if @deprecated_rsa_sha1 && info[:key].respond_to?(:deprecated_rsa_sha1=)
        info[:key].deprecated_rsa_sha1 = true
        Vagrant.global_logger.debug("set RSA SHA1 deprecation on private key: #{info[:key].fingerprint}")
      end
    rescue OpenSSL::OpenSSLError, Exception => e
      raise Net::SSH::Authentication::KeyManager::KeyManagerError, "the given identity is known, but the private key could not be loaded: #{e.class} (#{e.message})"
    end
  end

  if info[:key]
    return Net::SSH::Buffer.from(:string, identity.ssh_signature_type,
      :mstring, info[:key].ssh_do_sign(data.to_s)).to_s
  end

  if info[:from] == :agent
    raise Net::SSH::Authentication::KeyManager::KeyManagerError, "the agent is no longer available" unless agent
    return agent.sign(info[:identity], data.to_s)
  end

  raise Net::SSH::Authentication::KeyManager::KeyManagerError, "[BUG] can't determine identity origin (#{info.inspect})"
end