harbr 0.2.10 → 2.8.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.DS_Store +0 -0
- data/exe/harbr +225 -150
- data/lib/examples/container.toml +13 -0
- data/lib/harbr/container.rb +14 -10
- data/lib/harbr/host.rb +21 -0
- data/lib/harbr/version.rb +1 -1
- data/lib/harbr.rb +21 -6
- data/vendor/bundle/ruby/3.2.0/cache/dddr-1.0.8.gem +0 -0
- data/vendor/bundle/ruby/3.2.0/cache/dddr-1.1.0.gem +0 -0
- data/vendor/bundle/ruby/3.2.0/cache/dddr-1.1.1.gem +0 -0
- data/vendor/bundle/ruby/3.2.0/cache/net-ssh-7.2.1.gem +0 -0
- data/vendor/bundle/ruby/3.2.0/gems/dddr-1.0.8/.DS_Store +0 -0
- data/vendor/bundle/ruby/3.2.0/gems/dddr-1.0.8/.rspec +3 -0
- data/vendor/bundle/ruby/3.2.0/gems/dddr-1.0.8/.standard.yml +3 -0
- data/vendor/bundle/ruby/3.2.0/gems/dddr-1.0.8/CHANGELOG.md +5 -0
- data/vendor/bundle/ruby/3.2.0/gems/dddr-1.0.8/CODE_OF_CONDUCT.md +84 -0
- data/vendor/bundle/ruby/3.2.0/gems/dddr-1.0.8/LICENSE.txt +21 -0
- data/vendor/bundle/ruby/3.2.0/gems/dddr-1.0.8/README.md +96 -0
- data/vendor/bundle/ruby/3.2.0/gems/dddr-1.0.8/Rakefile +10 -0
- data/vendor/bundle/ruby/3.2.0/gems/dddr-1.0.8/hero.png +0 -0
- data/vendor/bundle/ruby/3.2.0/gems/dddr-1.0.8/lib/dddr/version.rb +5 -0
- data/vendor/bundle/ruby/3.2.0/gems/dddr-1.0.8/lib/dddr.rb +205 -0
- data/vendor/bundle/ruby/3.2.0/gems/dddr-1.0.8/sig/dddr.rbs +4 -0
- data/vendor/bundle/ruby/3.2.0/gems/dddr-1.1.0/.DS_Store +0 -0
- data/vendor/bundle/ruby/3.2.0/gems/dddr-1.1.0/.rspec +3 -0
- data/vendor/bundle/ruby/3.2.0/gems/dddr-1.1.0/.standard.yml +3 -0
- data/vendor/bundle/ruby/3.2.0/gems/dddr-1.1.0/CHANGELOG.md +5 -0
- data/vendor/bundle/ruby/3.2.0/gems/dddr-1.1.0/CODE_OF_CONDUCT.md +84 -0
- data/vendor/bundle/ruby/3.2.0/gems/dddr-1.1.0/LICENSE.txt +21 -0
- data/vendor/bundle/ruby/3.2.0/gems/dddr-1.1.0/README.md +96 -0
- data/vendor/bundle/ruby/3.2.0/gems/dddr-1.1.0/Rakefile +10 -0
- data/vendor/bundle/ruby/3.2.0/gems/dddr-1.1.0/hero.png +0 -0
- data/vendor/bundle/ruby/3.2.0/gems/dddr-1.1.0/lib/dddr/version.rb +5 -0
- data/vendor/bundle/ruby/3.2.0/gems/dddr-1.1.0/lib/dddr.rb +182 -0
- data/vendor/bundle/ruby/3.2.0/gems/dddr-1.1.0/sig/dddr.rbs +4 -0
- data/vendor/bundle/ruby/3.2.0/gems/dddr-1.1.1/.DS_Store +0 -0
- data/vendor/bundle/ruby/3.2.0/gems/dddr-1.1.1/.rspec +3 -0
- data/vendor/bundle/ruby/3.2.0/gems/dddr-1.1.1/.standard.yml +3 -0
- data/vendor/bundle/ruby/3.2.0/gems/dddr-1.1.1/CHANGELOG.md +5 -0
- data/vendor/bundle/ruby/3.2.0/gems/dddr-1.1.1/CODE_OF_CONDUCT.md +84 -0
- data/vendor/bundle/ruby/3.2.0/gems/dddr-1.1.1/LICENSE.txt +21 -0
- data/vendor/bundle/ruby/3.2.0/gems/dddr-1.1.1/README.md +96 -0
- data/vendor/bundle/ruby/3.2.0/gems/dddr-1.1.1/Rakefile +10 -0
- data/vendor/bundle/ruby/3.2.0/gems/dddr-1.1.1/hero.png +0 -0
- data/vendor/bundle/ruby/3.2.0/gems/dddr-1.1.1/lib/dddr/version.rb +5 -0
- data/vendor/bundle/ruby/3.2.0/gems/dddr-1.1.1/lib/dddr.rb +184 -0
- data/vendor/bundle/ruby/3.2.0/gems/dddr-1.1.1/sig/dddr.rbs +4 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/.dockerignore +6 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/.github/FUNDING.yml +1 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/.github/config/rubocop_linter_action.yml +4 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/.github/workflows/ci-with-docker.yml +44 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/.github/workflows/ci.yml +94 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/.github/workflows/rubocop.yml +16 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/.gitignore +15 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/.rubocop.yml +22 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/.rubocop_todo.yml +1081 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/CHANGES.txt +738 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/DEVELOPMENT.md +23 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/Dockerfile +29 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/Dockerfile.openssl3 +17 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/Gemfile +13 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/Gemfile.noed25519 +12 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/Gemfile.norbnacl +12 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/ISSUE_TEMPLATE.md +30 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/LICENSE.txt +19 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/Manifest +132 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/README.md +298 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/Rakefile +192 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/SECURITY.md +4 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/THANKS.txt +110 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/appveyor.yml +58 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/docker-compose.yml +25 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/authentication/agent.rb +284 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/authentication/certificate.rb +183 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/authentication/constants.rb +20 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/authentication/ed25519.rb +186 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/authentication/ed25519_loader.rb +31 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/authentication/key_manager.rb +327 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/authentication/methods/abstract.rb +79 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/authentication/methods/hostbased.rb +72 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/authentication/methods/keyboard_interactive.rb +77 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/authentication/methods/none.rb +34 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/authentication/methods/password.rb +80 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/authentication/methods/publickey.rb +137 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/authentication/pageant.rb +497 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/authentication/pub_key_fingerprint.rb +43 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/authentication/session.rb +172 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/buffer.rb +449 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/buffered_io.rb +202 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/config.rb +406 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/connection/channel.rb +694 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/connection/constants.rb +33 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/connection/event_loop.rb +123 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/connection/keepalive.rb +59 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/connection/session.rb +712 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/connection/term.rb +180 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/errors.rb +106 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/key_factory.rb +218 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/known_hosts.rb +265 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/loggable.rb +62 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/packet.rb +106 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/prompt.rb +62 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/proxy/command.rb +123 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/proxy/errors.rb +16 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/proxy/http.rb +98 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/proxy/https.rb +50 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/proxy/jump.rb +54 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/proxy/socks4.rb +67 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/proxy/socks5.rb +140 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/service/forward.rb +426 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/test/channel.rb +147 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/test/extensions.rb +173 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/test/kex.rb +46 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/test/local_packet.rb +53 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/test/packet.rb +101 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/test/remote_packet.rb +40 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/test/script.rb +180 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/test/socket.rb +65 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/test.rb +94 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/transport/algorithms.rb +524 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/transport/chacha20_poly1305_cipher.rb +117 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/transport/chacha20_poly1305_cipher_loader.rb +17 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/transport/cipher_factory.rb +128 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/transport/constants.rb +40 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/transport/ctr.rb +115 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/transport/hmac/abstract.rb +97 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/transport/hmac/md5.rb +10 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/transport/hmac/md5_96.rb +9 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/transport/hmac/none.rb +13 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/transport/hmac/ripemd160.rb +11 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/transport/hmac/sha1.rb +11 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/transport/hmac/sha1_96.rb +9 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/transport/hmac/sha2_256.rb +11 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/transport/hmac/sha2_256_96.rb +9 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/transport/hmac/sha2_256_etm.rb +12 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/transport/hmac/sha2_512.rb +11 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/transport/hmac/sha2_512_96.rb +9 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/transport/hmac/sha2_512_etm.rb +12 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/transport/hmac.rb +47 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/transport/identity_cipher.rb +65 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/transport/kex/abstract.rb +130 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/transport/kex/abstract5656.rb +72 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/transport/kex/curve25519_sha256.rb +39 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/transport/kex/curve25519_sha256_loader.rb +30 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/transport/kex/diffie_hellman_group14_sha1.rb +37 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/transport/kex/diffie_hellman_group14_sha256.rb +11 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/transport/kex/diffie_hellman_group1_sha1.rb +122 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha1.rb +72 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha256.rb +11 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/transport/kex/ecdh_sha2_nistp256.rb +39 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/transport/kex/ecdh_sha2_nistp384.rb +21 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/transport/kex/ecdh_sha2_nistp521.rb +21 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/transport/kex.rb +31 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/transport/key_expander.rb +30 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/transport/openssl.rb +274 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/transport/openssl_cipher_extensions.rb +8 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/transport/packet_stream.rb +301 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/transport/server_version.rb +77 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/transport/session.rb +354 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/transport/state.rb +208 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/verifiers/accept_new.rb +33 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/verifiers/accept_new_or_local_tunnel.rb +33 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/verifiers/always.rb +58 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/verifiers/never.rb +19 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/version.rb +68 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh.rb +338 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/net-ssh-public_cert.pem +20 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/net-ssh.gemspec +46 -0
- data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/support/ssh_tunnel_bug.rb +65 -0
- data/vendor/bundle/ruby/3.2.0/specifications/dddr-1.0.8.gemspec +27 -0
- data/vendor/bundle/ruby/3.2.0/specifications/dddr-1.1.0.gemspec +27 -0
- data/vendor/bundle/ruby/3.2.0/specifications/dddr-1.1.1.gemspec +27 -0
- data/vendor/bundle/ruby/3.2.0/specifications/net-ssh-7.2.1.gemspec +38 -0
- metadata +174 -9
- data/config/manifest.yml +0 -5
- data/lib/harbr/job.rb +0 -252
- data/lib/harbr/lxd/job.rb +0 -119
- data/lib/harbr/lxd/setup.rb +0 -45
@@ -0,0 +1,183 @@
|
|
1
|
+
require 'securerandom'
|
2
|
+
|
3
|
+
module Net
|
4
|
+
module SSH
|
5
|
+
module Authentication
|
6
|
+
# Class for representing an SSH certificate.
|
7
|
+
#
|
8
|
+
# http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/usr.bin/ssh/PROTOCOL.certkeys?rev=1.10&content-type=text/plain
|
9
|
+
class Certificate
|
10
|
+
attr_accessor :nonce
|
11
|
+
attr_accessor :key
|
12
|
+
attr_accessor :serial
|
13
|
+
attr_accessor :type
|
14
|
+
attr_accessor :key_id
|
15
|
+
attr_accessor :valid_principals
|
16
|
+
attr_accessor :valid_after
|
17
|
+
attr_accessor :valid_before
|
18
|
+
attr_accessor :critical_options
|
19
|
+
attr_accessor :extensions
|
20
|
+
attr_accessor :reserved
|
21
|
+
attr_accessor :signature_key
|
22
|
+
attr_accessor :signature
|
23
|
+
|
24
|
+
# Read a certificate blob associated with a key of the given type.
|
25
|
+
def self.read_certblob(buffer, type)
|
26
|
+
cert = Certificate.new
|
27
|
+
cert.nonce = buffer.read_string
|
28
|
+
cert.key = buffer.read_keyblob(type)
|
29
|
+
cert.serial = buffer.read_int64
|
30
|
+
cert.type = type_symbol(buffer.read_long)
|
31
|
+
cert.key_id = buffer.read_string
|
32
|
+
cert.valid_principals = buffer.read_buffer.read_all(&:read_string)
|
33
|
+
cert.valid_after = Time.at(buffer.read_int64)
|
34
|
+
|
35
|
+
cert.valid_before = if RUBY_PLATFORM == "java"
|
36
|
+
# 0x20c49ba5e353f7 = 0x7fffffffffffffff/1000, the largest value possible for JRuby
|
37
|
+
# JRuby Time.at multiplies the arg by 1000, and then stores it in a signed long.
|
38
|
+
# 0x20c49ba2d52500 = 292278993-01-01 00:00:00 +0000
|
39
|
+
# JRuby 9.1 does not accept the year 292278994 because of edge cases (https://github.com/JodaOrg/joda-time/issues/190)
|
40
|
+
Time.at([0x20c49ba2d52500, buffer.read_int64].min)
|
41
|
+
else
|
42
|
+
Time.at(buffer.read_int64)
|
43
|
+
end
|
44
|
+
|
45
|
+
cert.critical_options = read_options(buffer)
|
46
|
+
cert.extensions = read_options(buffer)
|
47
|
+
cert.reserved = buffer.read_string
|
48
|
+
cert.signature_key = buffer.read_buffer.read_key
|
49
|
+
cert.signature = buffer.read_string
|
50
|
+
cert
|
51
|
+
end
|
52
|
+
|
53
|
+
def ssh_type
|
54
|
+
key.ssh_type + "-cert-v01@openssh.com"
|
55
|
+
end
|
56
|
+
|
57
|
+
def ssh_signature_type
|
58
|
+
key.ssh_type
|
59
|
+
end
|
60
|
+
|
61
|
+
# Serializes the certificate (and key).
|
62
|
+
def to_blob
|
63
|
+
Buffer.from(
|
64
|
+
:raw, to_blob_without_signature,
|
65
|
+
:string, signature
|
66
|
+
).to_s
|
67
|
+
end
|
68
|
+
|
69
|
+
def ssh_do_sign(data, sig_alg = nil)
|
70
|
+
key.ssh_do_sign(data, sig_alg)
|
71
|
+
end
|
72
|
+
|
73
|
+
def ssh_do_verify(sig, data, options = {})
|
74
|
+
key.ssh_do_verify(sig, data, options)
|
75
|
+
end
|
76
|
+
|
77
|
+
def to_pem
|
78
|
+
key.to_pem
|
79
|
+
end
|
80
|
+
|
81
|
+
def fingerprint
|
82
|
+
key.fingerprint
|
83
|
+
end
|
84
|
+
|
85
|
+
# Signs the certificate with key.
|
86
|
+
def sign!(key, sign_nonce = nil)
|
87
|
+
# ssh-keygen uses 32 bytes of nonce.
|
88
|
+
self.nonce = sign_nonce || SecureRandom.random_bytes(32)
|
89
|
+
self.signature_key = key
|
90
|
+
self.signature = Net::SSH::Buffer.from(
|
91
|
+
:string, key.ssh_signature_type,
|
92
|
+
:mstring, key.ssh_do_sign(to_blob_without_signature)
|
93
|
+
).to_s
|
94
|
+
self
|
95
|
+
end
|
96
|
+
|
97
|
+
def sign(key, sign_nonce = nil)
|
98
|
+
cert = clone
|
99
|
+
cert.sign!(key, sign_nonce)
|
100
|
+
end
|
101
|
+
|
102
|
+
# Checks whether the certificate's signature was signed by signature key.
|
103
|
+
def signature_valid?
|
104
|
+
buffer = Buffer.new(signature)
|
105
|
+
sig_format = buffer.read_string
|
106
|
+
signature_key.ssh_do_verify(buffer.read_string, to_blob_without_signature, host_key: sig_format)
|
107
|
+
end
|
108
|
+
|
109
|
+
def self.read_options(buffer)
|
110
|
+
names = []
|
111
|
+
options = buffer.read_buffer.read_all do |b|
|
112
|
+
name = b.read_string
|
113
|
+
names << name
|
114
|
+
data = b.read_string
|
115
|
+
data = Buffer.new(data).read_string unless data.empty?
|
116
|
+
[name, data]
|
117
|
+
end
|
118
|
+
|
119
|
+
raise ArgumentError, "option/extension names must be in sorted order" if names.sort != names
|
120
|
+
|
121
|
+
Hash[options]
|
122
|
+
end
|
123
|
+
private_class_method :read_options
|
124
|
+
|
125
|
+
def self.type_symbol(type)
|
126
|
+
types = { 1 => :user, 2 => :host }
|
127
|
+
raise ArgumentError("unsupported type: #{type}") unless types.include?(type)
|
128
|
+
|
129
|
+
types.fetch(type)
|
130
|
+
end
|
131
|
+
private_class_method :type_symbol
|
132
|
+
|
133
|
+
private
|
134
|
+
|
135
|
+
def type_value(type)
|
136
|
+
types = { user: 1, host: 2 }
|
137
|
+
raise ArgumentError("unsupported type: #{type}") unless types.include?(type)
|
138
|
+
|
139
|
+
types.fetch(type)
|
140
|
+
end
|
141
|
+
|
142
|
+
def ssh_time(t)
|
143
|
+
# Times in certificates are represented as a uint64.
|
144
|
+
[[t.to_i, 0].max, 2 << 64 - 1].min
|
145
|
+
end
|
146
|
+
|
147
|
+
def to_blob_without_signature
|
148
|
+
Buffer.from(
|
149
|
+
:string, ssh_type,
|
150
|
+
:string, nonce,
|
151
|
+
:raw, key_without_type,
|
152
|
+
:int64, serial,
|
153
|
+
:long, type_value(type),
|
154
|
+
:string, key_id,
|
155
|
+
:string, valid_principals.inject(Buffer.new) { |acc, elem| acc.write_string(elem) }.to_s,
|
156
|
+
:int64, ssh_time(valid_after),
|
157
|
+
:int64, ssh_time(valid_before),
|
158
|
+
:string, options_to_blob(critical_options),
|
159
|
+
:string, options_to_blob(extensions),
|
160
|
+
:string, reserved,
|
161
|
+
:string, signature_key.to_blob
|
162
|
+
).to_s
|
163
|
+
end
|
164
|
+
|
165
|
+
def key_without_type
|
166
|
+
# key.to_blob gives us e.g. "ssh-rsa,<key>" but we just want "<key>".
|
167
|
+
tmp = Buffer.new(key.to_blob)
|
168
|
+
tmp.read_string # skip the underlying key type
|
169
|
+
tmp.read
|
170
|
+
end
|
171
|
+
|
172
|
+
def options_to_blob(options)
|
173
|
+
options.keys.sort.inject(Buffer.new) do |b, name|
|
174
|
+
b.write_string(name)
|
175
|
+
data = options.fetch(name)
|
176
|
+
data = Buffer.from(:string, data).to_s unless data.empty?
|
177
|
+
b.write_string(data)
|
178
|
+
end.to_s
|
179
|
+
end
|
180
|
+
end
|
181
|
+
end
|
182
|
+
end
|
183
|
+
end
|
@@ -0,0 +1,20 @@
|
|
1
|
+
module Net
|
2
|
+
module SSH
|
3
|
+
module Authentication
|
4
|
+
# Describes the constants used by the Net::SSH::Authentication components
|
5
|
+
# of the Net::SSH library. Individual authentication method implemenations
|
6
|
+
# may define yet more constants that are specific to their implementation.
|
7
|
+
module Constants
|
8
|
+
USERAUTH_REQUEST = 50
|
9
|
+
USERAUTH_FAILURE = 51
|
10
|
+
USERAUTH_SUCCESS = 52
|
11
|
+
USERAUTH_BANNER = 53
|
12
|
+
|
13
|
+
USERAUTH_PASSWD_CHANGEREQ = 60
|
14
|
+
USERAUTH_PK_OK = 60
|
15
|
+
|
16
|
+
USERAUTH_METHOD_RANGE = 60..79
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
@@ -0,0 +1,186 @@
|
|
1
|
+
gem 'ed25519', '~> 1.2'
|
2
|
+
gem 'bcrypt_pbkdf', '~> 1.0' unless RUBY_PLATFORM == "java"
|
3
|
+
|
4
|
+
require 'ed25519'
|
5
|
+
|
6
|
+
require 'base64'
|
7
|
+
|
8
|
+
require 'net/ssh/transport/cipher_factory'
|
9
|
+
require 'net/ssh/authentication/pub_key_fingerprint'
|
10
|
+
require 'bcrypt_pbkdf' unless RUBY_PLATFORM == "java"
|
11
|
+
|
12
|
+
module Net
|
13
|
+
module SSH
|
14
|
+
module Authentication
|
15
|
+
module ED25519
|
16
|
+
class SigningKeyFromFile < SimpleDelegator
|
17
|
+
def initialize(pk, sk)
|
18
|
+
key = ::Ed25519::SigningKey.from_keypair(sk)
|
19
|
+
raise ArgumentError, "pk does not match sk" unless pk == key.verify_key.to_bytes
|
20
|
+
|
21
|
+
super(key)
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
class OpenSSHPrivateKeyLoader
|
26
|
+
CipherFactory = Net::SSH::Transport::CipherFactory
|
27
|
+
|
28
|
+
MBEGIN = "-----BEGIN OPENSSH PRIVATE KEY-----\n"
|
29
|
+
MEND = "-----END OPENSSH PRIVATE KEY-----"
|
30
|
+
MAGIC = "openssh-key-v1"
|
31
|
+
|
32
|
+
class DecryptError < ArgumentError
|
33
|
+
def initialize(message, encrypted_key: false)
|
34
|
+
super(message)
|
35
|
+
@encrypted_key = encrypted_key
|
36
|
+
end
|
37
|
+
|
38
|
+
def encrypted_key?
|
39
|
+
return @encrypted_key
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
43
|
+
def self.read(datafull, password)
|
44
|
+
datafull = datafull.strip
|
45
|
+
raise ArgumentError.new("Expected #{MBEGIN} at start of private key") unless datafull.start_with?(MBEGIN)
|
46
|
+
raise ArgumentError.new("Expected #{MEND} at end of private key") unless datafull.end_with?(MEND)
|
47
|
+
|
48
|
+
datab64 = datafull[MBEGIN.size...-MEND.size]
|
49
|
+
data = Base64.decode64(datab64)
|
50
|
+
raise ArgumentError.new("Expected #{MAGIC} at start of decoded private key") unless data.start_with?(MAGIC)
|
51
|
+
|
52
|
+
buffer = Net::SSH::Buffer.new(data[MAGIC.size + 1..-1])
|
53
|
+
|
54
|
+
ciphername = buffer.read_string
|
55
|
+
raise ArgumentError.new("#{ciphername} in private key is not supported") unless
|
56
|
+
CipherFactory.supported?(ciphername)
|
57
|
+
|
58
|
+
kdfname = buffer.read_string
|
59
|
+
raise ArgumentError.new("Expected #{kdfname} to be or none or bcrypt") unless %w[none bcrypt].include?(kdfname)
|
60
|
+
|
61
|
+
kdfopts = Net::SSH::Buffer.new(buffer.read_string)
|
62
|
+
num_keys = buffer.read_long
|
63
|
+
raise ArgumentError.new("Only 1 key is supported in ssh keys #{num_keys} was in private key") unless num_keys == 1
|
64
|
+
|
65
|
+
_pubkey = buffer.read_string
|
66
|
+
|
67
|
+
len = buffer.read_long
|
68
|
+
|
69
|
+
keylen, blocksize, ivlen = CipherFactory.get_lengths(ciphername, iv_len: true)
|
70
|
+
raise ArgumentError.new("Private key len:#{len} is not a multiple of #{blocksize}") if
|
71
|
+
((len < blocksize) || ((blocksize > 0) && (len % blocksize) != 0))
|
72
|
+
|
73
|
+
if kdfname == 'bcrypt'
|
74
|
+
salt = kdfopts.read_string
|
75
|
+
rounds = kdfopts.read_long
|
76
|
+
|
77
|
+
raise "BCryptPbkdf is not implemented for jruby" if RUBY_PLATFORM == "java"
|
78
|
+
|
79
|
+
key = BCryptPbkdf::key(password, salt, keylen + ivlen, rounds)
|
80
|
+
raise DecryptError.new("BCyryptPbkdf failed", encrypted_key: true) unless key
|
81
|
+
else
|
82
|
+
key = '\x00' * (keylen + ivlen)
|
83
|
+
end
|
84
|
+
|
85
|
+
cipher = CipherFactory.get(ciphername, key: key[0...keylen], iv: key[keylen...keylen + ivlen], decrypt: true)
|
86
|
+
|
87
|
+
decoded = cipher.update(buffer.remainder_as_buffer.to_s)
|
88
|
+
decoded << cipher.final
|
89
|
+
|
90
|
+
decoded = Net::SSH::Buffer.new(decoded)
|
91
|
+
check1 = decoded.read_long
|
92
|
+
check2 = decoded.read_long
|
93
|
+
|
94
|
+
raise DecryptError.new("Decrypt failed on private key", encrypted_key: kdfname == 'bcrypt') if (check1 != check2)
|
95
|
+
|
96
|
+
type_name = decoded.read_string
|
97
|
+
case type_name
|
98
|
+
when "ssh-ed25519"
|
99
|
+
PrivKey.new(decoded)
|
100
|
+
else
|
101
|
+
decoded.read_private_keyblob(type_name)
|
102
|
+
end
|
103
|
+
end
|
104
|
+
end
|
105
|
+
|
106
|
+
class PubKey
|
107
|
+
include Net::SSH::Authentication::PubKeyFingerprint
|
108
|
+
|
109
|
+
attr_reader :verify_key
|
110
|
+
|
111
|
+
def initialize(data)
|
112
|
+
@verify_key = ::Ed25519::VerifyKey.new(data)
|
113
|
+
end
|
114
|
+
|
115
|
+
def self.read_keyblob(buffer)
|
116
|
+
PubKey.new(buffer.read_string)
|
117
|
+
end
|
118
|
+
|
119
|
+
def to_blob
|
120
|
+
Net::SSH::Buffer.from(:mstring, "ssh-ed25519".dup, :string, @verify_key.to_bytes).to_s
|
121
|
+
end
|
122
|
+
|
123
|
+
def ssh_type
|
124
|
+
"ssh-ed25519"
|
125
|
+
end
|
126
|
+
|
127
|
+
def ssh_signature_type
|
128
|
+
ssh_type
|
129
|
+
end
|
130
|
+
|
131
|
+
def ssh_do_verify(sig, data, options = {})
|
132
|
+
@verify_key.verify(sig, data)
|
133
|
+
end
|
134
|
+
|
135
|
+
def to_pem
|
136
|
+
# TODO this is not pem
|
137
|
+
ssh_type + Base64.encode64(@verify_key.to_bytes)
|
138
|
+
end
|
139
|
+
end
|
140
|
+
|
141
|
+
class PrivKey
|
142
|
+
CipherFactory = Net::SSH::Transport::CipherFactory
|
143
|
+
|
144
|
+
MBEGIN = "-----BEGIN OPENSSH PRIVATE KEY-----\n"
|
145
|
+
MEND = "-----END OPENSSH PRIVATE KEY-----\n"
|
146
|
+
MAGIC = "openssh-key-v1"
|
147
|
+
|
148
|
+
attr_reader :sign_key
|
149
|
+
|
150
|
+
def initialize(buffer)
|
151
|
+
pk = buffer.read_string
|
152
|
+
sk = buffer.read_string
|
153
|
+
_comment = buffer.read_string
|
154
|
+
|
155
|
+
@pk = pk
|
156
|
+
@sign_key = SigningKeyFromFile.new(pk, sk)
|
157
|
+
end
|
158
|
+
|
159
|
+
def to_blob
|
160
|
+
public_key.to_blob
|
161
|
+
end
|
162
|
+
|
163
|
+
def ssh_type
|
164
|
+
"ssh-ed25519"
|
165
|
+
end
|
166
|
+
|
167
|
+
def ssh_signature_type
|
168
|
+
ssh_type
|
169
|
+
end
|
170
|
+
|
171
|
+
def public_key
|
172
|
+
PubKey.new(@pk)
|
173
|
+
end
|
174
|
+
|
175
|
+
def ssh_do_sign(data, sig_alg = nil)
|
176
|
+
@sign_key.sign(data)
|
177
|
+
end
|
178
|
+
|
179
|
+
def self.read(data, password)
|
180
|
+
OpenSSHPrivateKeyLoader.read(data, password)
|
181
|
+
end
|
182
|
+
end
|
183
|
+
end
|
184
|
+
end
|
185
|
+
end
|
186
|
+
end
|
@@ -0,0 +1,31 @@
|
|
1
|
+
module Net
|
2
|
+
module SSH
|
3
|
+
module Authentication
|
4
|
+
# Loads ED25519 support which requires optinal dependecies like
|
5
|
+
# ed25519, bcrypt_pbkdf
|
6
|
+
module ED25519Loader
|
7
|
+
begin
|
8
|
+
require 'net/ssh/authentication/ed25519'
|
9
|
+
LOADED = true
|
10
|
+
ERROR = nil
|
11
|
+
rescue LoadError => e
|
12
|
+
ERROR = e
|
13
|
+
LOADED = false
|
14
|
+
end
|
15
|
+
|
16
|
+
def self.raiseUnlessLoaded(message)
|
17
|
+
description = ERROR.is_a?(LoadError) ? dependenciesRequiredForED25519 : ''
|
18
|
+
description << "#{ERROR.class} : \"#{ERROR.message}\"\n" if ERROR
|
19
|
+
raise NotImplementedError, "#{message}\n#{description}" unless LOADED
|
20
|
+
end
|
21
|
+
|
22
|
+
def self.dependenciesRequiredForED25519
|
23
|
+
result = "net-ssh requires the following gems for ed25519 support:\n"
|
24
|
+
result << " * ed25519 (>= 1.2, < 2.0)\n"
|
25
|
+
result << " * bcrypt_pbkdf (>= 1.0, < 2.0)\n" unless RUBY_PLATFORM == "java"
|
26
|
+
result << "See https://github.com/net-ssh/net-ssh/issues/565 for more information\n"
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|