RubyGems - harbr - Versions diffs - 0.2.10 → 2.8.1 - Mend

harbr 0.2.10 → 2.8.1

Files changed (179) hide show

data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/authentication/certificate.rb ADDED Viewed

@@ -0,0 +1,183 @@
+require 'securerandom'
+module Net
+  module SSH
+    module Authentication
+      # Class for representing an SSH certificate.
+      #
+      # http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/usr.bin/ssh/PROTOCOL.certkeys?rev=1.10&content-type=text/plain
+      class Certificate
+        attr_accessor :nonce
+        attr_accessor :key
+        attr_accessor :serial
+        attr_accessor :type
+        attr_accessor :key_id
+        attr_accessor :valid_principals
+        attr_accessor :valid_after
+        attr_accessor :valid_before
+        attr_accessor :critical_options
+        attr_accessor :extensions
+        attr_accessor :reserved
+        attr_accessor :signature_key
+        attr_accessor :signature
+        # Read a certificate blob associated with a key of the given type.
+        def self.read_certblob(buffer, type)
+          cert = Certificate.new
+          cert.nonce = buffer.read_string
+          cert.key = buffer.read_keyblob(type)
+          cert.serial = buffer.read_int64
+          cert.type = type_symbol(buffer.read_long)
+          cert.key_id = buffer.read_string
+          cert.valid_principals = buffer.read_buffer.read_all(&:read_string)
+          cert.valid_after = Time.at(buffer.read_int64)
+          cert.valid_before = if RUBY_PLATFORM == "java"
+                                # 0x20c49ba5e353f7 = 0x7fffffffffffffff/1000, the largest value possible for JRuby
+                                # JRuby Time.at multiplies the arg by 1000, and then stores it in a signed long.
+                                # 0x20c49ba2d52500 = 292278993-01-01 00:00:00 +0000
+                                # JRuby 9.1 does not accept the year 292278994 because of edge cases (https://github.com/JodaOrg/joda-time/issues/190)
+                                Time.at([0x20c49ba2d52500, buffer.read_int64].min)
+                              else
+                                Time.at(buffer.read_int64)
+                              end
+          cert.critical_options = read_options(buffer)
+          cert.extensions = read_options(buffer)
+          cert.reserved = buffer.read_string
+          cert.signature_key = buffer.read_buffer.read_key
+          cert.signature = buffer.read_string
+          cert
+        end
+        def ssh_type
+          key.ssh_type + "-cert-v01@openssh.com"
+        end
+        def ssh_signature_type
+          key.ssh_type
+        end
+        # Serializes the certificate (and key).
+        def to_blob
+          Buffer.from(
+            :raw, to_blob_without_signature,
+            :string, signature
+          ).to_s
+        end
+        def ssh_do_sign(data, sig_alg = nil)
+          key.ssh_do_sign(data, sig_alg)
+        end
+        def ssh_do_verify(sig, data, options = {})
+          key.ssh_do_verify(sig, data, options)
+        end
+        def to_pem
+          key.to_pem
+        end
+        def fingerprint
+          key.fingerprint
+        end
+        # Signs the certificate with key.
+        def sign!(key, sign_nonce = nil)
+          # ssh-keygen uses 32 bytes of nonce.
+          self.nonce = sign_nonce || SecureRandom.random_bytes(32)
+          self.signature_key = key
+          self.signature = Net::SSH::Buffer.from(
+            :string, key.ssh_signature_type,
+            :mstring, key.ssh_do_sign(to_blob_without_signature)
+          ).to_s
+          self
+        end
+        def sign(key, sign_nonce = nil)
+          cert = clone
+          cert.sign!(key, sign_nonce)
+        end
+        # Checks whether the certificate's signature was signed by signature key.
+        def signature_valid?
+          buffer = Buffer.new(signature)
+          sig_format = buffer.read_string
+          signature_key.ssh_do_verify(buffer.read_string, to_blob_without_signature, host_key: sig_format)
+        end
+        def self.read_options(buffer)
+          names = []
+          options = buffer.read_buffer.read_all do |b|
+            name = b.read_string
+            names << name
+            data = b.read_string
+            data = Buffer.new(data).read_string unless data.empty?
+            [name, data]
+          end
+          raise ArgumentError, "option/extension names must be in sorted order" if names.sort != names
+          Hash[options]
+        end
+        private_class_method :read_options
+        def self.type_symbol(type)
+          types = { 1 => :user, 2 => :host }
+          raise ArgumentError("unsupported type: #{type}") unless types.include?(type)
+          types.fetch(type)
+        end
+        private_class_method :type_symbol
+        private
+        def type_value(type)
+          types = { user: 1, host: 2 }
+          raise ArgumentError("unsupported type: #{type}") unless types.include?(type)
+          types.fetch(type)
+        end
+        def ssh_time(t)
+          # Times in certificates are represented as a uint64.
+          [[t.to_i, 0].max, 2 << 64 - 1].min
+        end
+        def to_blob_without_signature
+          Buffer.from(
+            :string, ssh_type,
+            :string, nonce,
+            :raw, key_without_type,
+            :int64, serial,
+            :long, type_value(type),
+            :string, key_id,
+            :string, valid_principals.inject(Buffer.new) { |acc, elem| acc.write_string(elem) }.to_s,
+            :int64, ssh_time(valid_after),
+            :int64, ssh_time(valid_before),
+            :string, options_to_blob(critical_options),
+            :string, options_to_blob(extensions),
+            :string, reserved,
+            :string, signature_key.to_blob
+          ).to_s
+        end
+        def key_without_type
+          # key.to_blob gives us e.g. "ssh-rsa,<key>" but we just want "<key>".
+          tmp = Buffer.new(key.to_blob)
+          tmp.read_string # skip the underlying key type
+          tmp.read
+        end
+        def options_to_blob(options)
+          options.keys.sort.inject(Buffer.new) do |b, name|
+            b.write_string(name)
+            data = options.fetch(name)
+            data = Buffer.from(:string, data).to_s unless data.empty?
+            b.write_string(data)
+          end.to_s
+        end
+      end
+    end
+  end
+end

data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/authentication/constants.rb ADDED Viewed

@@ -0,0 +1,20 @@
+module Net
+  module SSH
+    module Authentication
+      # Describes the constants used by the Net::SSH::Authentication components
+      # of the Net::SSH library. Individual authentication method implemenations
+      # may define yet more constants that are specific to their implementation.
+      module Constants
+        USERAUTH_REQUEST          = 50
+        USERAUTH_FAILURE          = 51
+        USERAUTH_SUCCESS          = 52
+        USERAUTH_BANNER           = 53
+        USERAUTH_PASSWD_CHANGEREQ = 60
+        USERAUTH_PK_OK            = 60
+        USERAUTH_METHOD_RANGE     = 60..79
+      end
+    end
+  end
+end

data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/authentication/ed25519.rb ADDED Viewed

@@ -0,0 +1,186 @@
+gem 'ed25519', '~> 1.2'
+gem 'bcrypt_pbkdf', '~> 1.0' unless RUBY_PLATFORM == "java"
+require 'ed25519'
+require 'base64'
+require 'net/ssh/transport/cipher_factory'
+require 'net/ssh/authentication/pub_key_fingerprint'
+require 'bcrypt_pbkdf' unless RUBY_PLATFORM == "java"
+module Net
+  module SSH
+    module Authentication
+      module ED25519
+        class SigningKeyFromFile < SimpleDelegator
+          def initialize(pk, sk)
+            key = ::Ed25519::SigningKey.from_keypair(sk)
+            raise ArgumentError, "pk does not match sk" unless pk == key.verify_key.to_bytes
+            super(key)
+          end
+        end
+        class OpenSSHPrivateKeyLoader
+          CipherFactory = Net::SSH::Transport::CipherFactory
+          MBEGIN = "-----BEGIN OPENSSH PRIVATE KEY-----\n"
+          MEND = "-----END OPENSSH PRIVATE KEY-----"
+          MAGIC = "openssh-key-v1"
+          class DecryptError < ArgumentError
+            def initialize(message, encrypted_key: false)
+              super(message)
+              @encrypted_key = encrypted_key
+            end
+            def encrypted_key?
+              return @encrypted_key
+            end
+          end
+          def self.read(datafull, password)
+            datafull = datafull.strip
+            raise ArgumentError.new("Expected #{MBEGIN} at start of private key") unless datafull.start_with?(MBEGIN)
+            raise ArgumentError.new("Expected #{MEND} at end of private key") unless datafull.end_with?(MEND)
+            datab64 = datafull[MBEGIN.size...-MEND.size]
+            data = Base64.decode64(datab64)
+            raise ArgumentError.new("Expected #{MAGIC} at start of decoded private key") unless data.start_with?(MAGIC)
+            buffer = Net::SSH::Buffer.new(data[MAGIC.size + 1..-1])
+            ciphername = buffer.read_string
+            raise ArgumentError.new("#{ciphername} in private key is not supported") unless
+              CipherFactory.supported?(ciphername)
+            kdfname = buffer.read_string
+            raise ArgumentError.new("Expected #{kdfname} to be or none or bcrypt") unless %w[none bcrypt].include?(kdfname)
+            kdfopts = Net::SSH::Buffer.new(buffer.read_string)
+            num_keys = buffer.read_long
+            raise ArgumentError.new("Only 1 key is supported in ssh keys #{num_keys} was in private key") unless num_keys == 1
+            _pubkey = buffer.read_string
+            len = buffer.read_long
+            keylen, blocksize, ivlen = CipherFactory.get_lengths(ciphername, iv_len: true)
+            raise ArgumentError.new("Private key len:#{len} is not a multiple of #{blocksize}") if
+              ((len < blocksize) || ((blocksize > 0) && (len % blocksize) != 0))
+            if kdfname == 'bcrypt'
+              salt = kdfopts.read_string
+              rounds = kdfopts.read_long
+              raise "BCryptPbkdf is not implemented for jruby" if RUBY_PLATFORM == "java"
+              key = BCryptPbkdf::key(password, salt, keylen + ivlen, rounds)
+              raise DecryptError.new("BCyryptPbkdf failed", encrypted_key: true) unless key
+            else
+              key = '\x00' * (keylen + ivlen)
+            end
+            cipher = CipherFactory.get(ciphername, key: key[0...keylen], iv: key[keylen...keylen + ivlen], decrypt: true)
+            decoded = cipher.update(buffer.remainder_as_buffer.to_s)
+            decoded << cipher.final
+            decoded = Net::SSH::Buffer.new(decoded)
+            check1 = decoded.read_long
+            check2 = decoded.read_long
+            raise DecryptError.new("Decrypt failed on private key", encrypted_key: kdfname == 'bcrypt') if (check1 != check2)
+            type_name = decoded.read_string
+            case type_name
+            when "ssh-ed25519"
+              PrivKey.new(decoded)
+            else
+              decoded.read_private_keyblob(type_name)
+            end
+          end
+        end
+        class PubKey
+          include Net::SSH::Authentication::PubKeyFingerprint
+          attr_reader :verify_key
+          def initialize(data)
+            @verify_key = ::Ed25519::VerifyKey.new(data)
+          end
+          def self.read_keyblob(buffer)
+            PubKey.new(buffer.read_string)
+          end
+          def to_blob
+            Net::SSH::Buffer.from(:mstring, "ssh-ed25519".dup, :string, @verify_key.to_bytes).to_s
+          end
+          def ssh_type
+            "ssh-ed25519"
+          end
+          def ssh_signature_type
+            ssh_type
+          end
+          def ssh_do_verify(sig, data, options = {})
+            @verify_key.verify(sig, data)
+          end
+          def to_pem
+            # TODO this is not pem
+            ssh_type + Base64.encode64(@verify_key.to_bytes)
+          end
+        end
+        class PrivKey
+          CipherFactory = Net::SSH::Transport::CipherFactory
+          MBEGIN = "-----BEGIN OPENSSH PRIVATE KEY-----\n"
+          MEND = "-----END OPENSSH PRIVATE KEY-----\n"
+          MAGIC = "openssh-key-v1"
+          attr_reader :sign_key
+          def initialize(buffer)
+            pk = buffer.read_string
+            sk = buffer.read_string
+            _comment = buffer.read_string
+            @pk = pk
+            @sign_key = SigningKeyFromFile.new(pk, sk)
+          end
+          def to_blob
+            public_key.to_blob
+          end
+          def ssh_type
+            "ssh-ed25519"
+          end
+          def ssh_signature_type
+            ssh_type
+          end
+          def public_key
+            PubKey.new(@pk)
+          end
+          def ssh_do_sign(data, sig_alg = nil)
+            @sign_key.sign(data)
+          end
+          def self.read(data, password)
+            OpenSSHPrivateKeyLoader.read(data, password)
+          end
+        end
+      end
+    end
+  end
+end

data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/authentication/ed25519_loader.rb ADDED Viewed

@@ -0,0 +1,31 @@
+module Net
+  module SSH
+    module Authentication
+      # Loads ED25519 support which requires optinal dependecies like
+      # ed25519, bcrypt_pbkdf
+      module ED25519Loader
+        begin
+          require 'net/ssh/authentication/ed25519'
+          LOADED = true
+          ERROR = nil
+        rescue LoadError => e
+          ERROR = e
+          LOADED = false
+        end
+        def self.raiseUnlessLoaded(message)
+          description = ERROR.is_a?(LoadError) ? dependenciesRequiredForED25519 : ''
+          description << "#{ERROR.class} : \"#{ERROR.message}\"\n" if ERROR
+          raise NotImplementedError, "#{message}\n#{description}" unless LOADED
+        end
+        def self.dependenciesRequiredForED25519
+          result = "net-ssh requires the following gems for ed25519 support:\n"
+          result << " * ed25519 (>= 1.2, < 2.0)\n"
+          result << " * bcrypt_pbkdf (>= 1.0, < 2.0)\n" unless RUBY_PLATFORM == "java"
+          result << "See https://github.com/net-ssh/net-ssh/issues/565 for more information\n"
+        end
+      end
+    end
+  end
+end