RubyGems - harbr - Versions diffs - 0.2.10 → 2.8.1 - Mend

harbr 0.2.10 → 2.8.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (179) hide show

data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/authentication/certificate.rb ADDED Viewed

@@ -0,0 +1,183 @@
+require 'securerandom'
+module Net
+  module SSH
+    module Authentication
+      # Class for representing an SSH certificate.
+      #
+      # http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/usr.bin/ssh/PROTOCOL.certkeys?rev=1.10&content-type=text/plain
+      class Certificate
+        attr_accessor :nonce
+        attr_accessor :key
+        attr_accessor :serial
+        attr_accessor :type
+        attr_accessor :key_id
+        attr_accessor :valid_principals
+        attr_accessor :valid_after
+        attr_accessor :valid_before
+        attr_accessor :critical_options
+        attr_accessor :extensions
+        attr_accessor :reserved
+        attr_accessor :signature_key
+        attr_accessor :signature
+        # Read a certificate blob associated with a key of the given type.
+        def self.read_certblob(buffer, type)
+          cert = Certificate.new
+          cert.nonce = buffer.read_string
+          cert.key = buffer.read_keyblob(type)
+          cert.serial = buffer.read_int64
+          cert.type = type_symbol(buffer.read_long)
+          cert.key_id = buffer.read_string
+          cert.valid_principals = buffer.read_buffer.read_all(&:read_string)
+          cert.valid_after = Time.at(buffer.read_int64)
+          cert.valid_before = if RUBY_PLATFORM == "java"
+                                # 0x20c49ba5e353f7 = 0x7fffffffffffffff/1000, the largest value possible for JRuby
+                                # JRuby Time.at multiplies the arg by 1000, and then stores it in a signed long.
+                                # 0x20c49ba2d52500 = 292278993-01-01 00:00:00 +0000
+                                # JRuby 9.1 does not accept the year 292278994 because of edge cases (https://github.com/JodaOrg/joda-time/issues/190)
+                                Time.at([0x20c49ba2d52500, buffer.read_int64].min)
+                              else
+                                Time.at(buffer.read_int64)
+                              end
+          cert.critical_options = read_options(buffer)
+          cert.extensions = read_options(buffer)
+          cert.reserved = buffer.read_string
+          cert.signature_key = buffer.read_buffer.read_key
+          cert.signature = buffer.read_string
+          cert
+        end
+        def ssh_type
+          key.ssh_type + "-cert-v01@openssh.com"
+        end
+        def ssh_signature_type
+          key.ssh_type
+        end
+        # Serializes the certificate (and key).
+        def to_blob
+          Buffer.from(
+            :raw, to_blob_without_signature,
+            :string, signature
+          ).to_s
+        end
+        def ssh_do_sign(data, sig_alg = nil)
+          key.ssh_do_sign(data, sig_alg)
+        end
+        def ssh_do_verify(sig, data, options = {})
+          key.ssh_do_verify(sig, data, options)
+        end
+        def to_pem
+          key.to_pem
+        end
+        def fingerprint
+          key.fingerprint
+        end
+        # Signs the certificate with key.
+        def sign!(key, sign_nonce = nil)
+          # ssh-keygen uses 32 bytes of nonce.
+          self.nonce = sign_nonce || SecureRandom.random_bytes(32)
+          self.signature_key = key
+          self.signature = Net::SSH::Buffer.from(
+            :string, key.ssh_signature_type,
+            :mstring, key.ssh_do_sign(to_blob_without_signature)
+          ).to_s
+          self
+        end
+        def sign(key, sign_nonce = nil)
+          cert = clone
+          cert.sign!(key, sign_nonce)
+        end
+        # Checks whether the certificate's signature was signed by signature key.
+        def signature_valid?
+          buffer = Buffer.new(signature)
+          sig_format = buffer.read_string
+          signature_key.ssh_do_verify(buffer.read_string, to_blob_without_signature, host_key: sig_format)
+        end
+        def self.read_options(buffer)
+          names = []
+          options = buffer.read_buffer.read_all do |b|
+            name = b.read_string
+            names << name
+            data = b.read_string
+            data = Buffer.new(data).read_string unless data.empty?
+            [name, data]
+          end
+          raise ArgumentError, "option/extension names must be in sorted order" if names.sort != names
+          Hash[options]
+        end
+        private_class_method :read_options
+        def self.type_symbol(type)
+          types = { 1 => :user, 2 => :host }
+          raise ArgumentError("unsupported type: #{type}") unless types.include?(type)
+          types.fetch(type)
+        end
+        private_class_method :type_symbol
+        private
+        def type_value(type)
+          types = { user: 1, host: 2 }
+          raise ArgumentError("unsupported type: #{type}") unless types.include?(type)
+          types.fetch(type)
+        end
+        def ssh_time(t)
+          # Times in certificates are represented as a uint64.
+          [[t.to_i, 0].max, 2 << 64 - 1].min
+        end
+        def to_blob_without_signature
+          Buffer.from(
+            :string, ssh_type,
+            :string, nonce,
+            :raw, key_without_type,
+            :int64, serial,
+            :long, type_value(type),
+            :string, key_id,
+            :string, valid_principals.inject(Buffer.new) { |acc, elem| acc.write_string(elem) }.to_s,
+            :int64, ssh_time(valid_after),
+            :int64, ssh_time(valid_before),
+            :string, options_to_blob(critical_options),
+            :string, options_to_blob(extensions),
+            :string, reserved,
+            :string, signature_key.to_blob
+          ).to_s
+        end
+        def key_without_type
+          # key.to_blob gives us e.g. "ssh-rsa,<key>" but we just want "<key>".
+          tmp = Buffer.new(key.to_blob)
+          tmp.read_string # skip the underlying key type
+          tmp.read
+        end
+        def options_to_blob(options)
+          options.keys.sort.inject(Buffer.new) do |b, name|
+            b.write_string(name)
+            data = options.fetch(name)
+            data = Buffer.from(:string, data).to_s unless data.empty?
+            b.write_string(data)
+          end.to_s
+        end
+      end
+    end
+  end
+end

data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/authentication/constants.rb ADDED Viewed

@@ -0,0 +1,20 @@
+module Net
+  module SSH
+    module Authentication
+      # Describes the constants used by the Net::SSH::Authentication components
+      # of the Net::SSH library. Individual authentication method implemenations
+      # may define yet more constants that are specific to their implementation.
+      module Constants
+        USERAUTH_REQUEST          = 50
+        USERAUTH_FAILURE          = 51
+        USERAUTH_SUCCESS          = 52
+        USERAUTH_BANNER           = 53
+        USERAUTH_PASSWD_CHANGEREQ = 60
+        USERAUTH_PK_OK            = 60
+        USERAUTH_METHOD_RANGE     = 60..79
+      end
+    end
+  end
+end

data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/authentication/ed25519.rb ADDED Viewed

@@ -0,0 +1,186 @@
+gem 'ed25519', '~> 1.2'
+gem 'bcrypt_pbkdf', '~> 1.0' unless RUBY_PLATFORM == "java"
+require 'ed25519'
+require 'base64'
+require 'net/ssh/transport/cipher_factory'
+require 'net/ssh/authentication/pub_key_fingerprint'
+require 'bcrypt_pbkdf' unless RUBY_PLATFORM == "java"
+module Net
+  module SSH
+    module Authentication
+      module ED25519
+        class SigningKeyFromFile < SimpleDelegator
+          def initialize(pk, sk)
+            key = ::Ed25519::SigningKey.from_keypair(sk)
+            raise ArgumentError, "pk does not match sk" unless pk == key.verify_key.to_bytes
+            super(key)
+          end
+        end
+        class OpenSSHPrivateKeyLoader
+          CipherFactory = Net::SSH::Transport::CipherFactory
+          MBEGIN = "-----BEGIN OPENSSH PRIVATE KEY-----\n"
+          MEND = "-----END OPENSSH PRIVATE KEY-----"
+          MAGIC = "openssh-key-v1"
+          class DecryptError < ArgumentError
+            def initialize(message, encrypted_key: false)
+              super(message)
+              @encrypted_key = encrypted_key
+            end
+            def encrypted_key?
+              return @encrypted_key
+            end
+          end
+          def self.read(datafull, password)
+            datafull = datafull.strip
+            raise ArgumentError.new("Expected #{MBEGIN} at start of private key") unless datafull.start_with?(MBEGIN)
+            raise ArgumentError.new("Expected #{MEND} at end of private key") unless datafull.end_with?(MEND)
+            datab64 = datafull[MBEGIN.size...-MEND.size]
+            data = Base64.decode64(datab64)
+            raise ArgumentError.new("Expected #{MAGIC} at start of decoded private key") unless data.start_with?(MAGIC)
+            buffer = Net::SSH::Buffer.new(data[MAGIC.size + 1..-1])
+            ciphername = buffer.read_string
+            raise ArgumentError.new("#{ciphername} in private key is not supported") unless
+              CipherFactory.supported?(ciphername)
+            kdfname = buffer.read_string
+            raise ArgumentError.new("Expected #{kdfname} to be or none or bcrypt") unless %w[none bcrypt].include?(kdfname)
+            kdfopts = Net::SSH::Buffer.new(buffer.read_string)
+            num_keys = buffer.read_long
+            raise ArgumentError.new("Only 1 key is supported in ssh keys #{num_keys} was in private key") unless num_keys == 1
+            _pubkey = buffer.read_string
+            len = buffer.read_long
+            keylen, blocksize, ivlen = CipherFactory.get_lengths(ciphername, iv_len: true)
+            raise ArgumentError.new("Private key len:#{len} is not a multiple of #{blocksize}") if
+              ((len < blocksize) || ((blocksize > 0) && (len % blocksize) != 0))
+            if kdfname == 'bcrypt'
+              salt = kdfopts.read_string
+              rounds = kdfopts.read_long
+              raise "BCryptPbkdf is not implemented for jruby" if RUBY_PLATFORM == "java"
+              key = BCryptPbkdf::key(password, salt, keylen + ivlen, rounds)
+              raise DecryptError.new("BCyryptPbkdf failed", encrypted_key: true) unless key
+            else
+              key = '\x00' * (keylen + ivlen)
+            end
+            cipher = CipherFactory.get(ciphername, key: key[0...keylen], iv: key[keylen...keylen + ivlen], decrypt: true)
+            decoded = cipher.update(buffer.remainder_as_buffer.to_s)
+            decoded << cipher.final
+            decoded = Net::SSH::Buffer.new(decoded)
+            check1 = decoded.read_long
+            check2 = decoded.read_long
+            raise DecryptError.new("Decrypt failed on private key", encrypted_key: kdfname == 'bcrypt') if (check1 != check2)
+            type_name = decoded.read_string
+            case type_name
+            when "ssh-ed25519"
+              PrivKey.new(decoded)
+            else
+              decoded.read_private_keyblob(type_name)
+            end
+          end
+        end
+        class PubKey
+          include Net::SSH::Authentication::PubKeyFingerprint
+          attr_reader :verify_key
+          def initialize(data)
+            @verify_key = ::Ed25519::VerifyKey.new(data)
+          end
+          def self.read_keyblob(buffer)
+            PubKey.new(buffer.read_string)
+          end
+          def to_blob
+            Net::SSH::Buffer.from(:mstring, "ssh-ed25519".dup, :string, @verify_key.to_bytes).to_s
+          end
+          def ssh_type
+            "ssh-ed25519"
+          end
+          def ssh_signature_type
+            ssh_type
+          end
+          def ssh_do_verify(sig, data, options = {})
+            @verify_key.verify(sig, data)
+          end
+          def to_pem
+            # TODO this is not pem
+            ssh_type + Base64.encode64(@verify_key.to_bytes)
+          end
+        end
+        class PrivKey
+          CipherFactory = Net::SSH::Transport::CipherFactory
+          MBEGIN = "-----BEGIN OPENSSH PRIVATE KEY-----\n"
+          MEND = "-----END OPENSSH PRIVATE KEY-----\n"
+          MAGIC = "openssh-key-v1"
+          attr_reader :sign_key
+          def initialize(buffer)
+            pk = buffer.read_string
+            sk = buffer.read_string
+            _comment = buffer.read_string
+            @pk = pk
+            @sign_key = SigningKeyFromFile.new(pk, sk)
+          end
+          def to_blob
+            public_key.to_blob
+          end
+          def ssh_type
+            "ssh-ed25519"
+          end
+          def ssh_signature_type
+            ssh_type
+          end
+          def public_key
+            PubKey.new(@pk)
+          end
+          def ssh_do_sign(data, sig_alg = nil)
+            @sign_key.sign(data)
+          end
+          def self.read(data, password)
+            OpenSSHPrivateKeyLoader.read(data, password)
+          end
+        end
+      end
+    end
+  end
+end

data/vendor/bundle/ruby/3.2.0/gems/net-ssh-7.2.1/lib/net/ssh/authentication/ed25519_loader.rb ADDED Viewed

@@ -0,0 +1,31 @@
+module Net
+  module SSH
+    module Authentication
+      # Loads ED25519 support which requires optinal dependecies like
+      # ed25519, bcrypt_pbkdf
+      module ED25519Loader
+        begin
+          require 'net/ssh/authentication/ed25519'
+          LOADED = true
+          ERROR = nil
+        rescue LoadError => e
+          ERROR = e
+          LOADED = false
+        end
+        def self.raiseUnlessLoaded(message)
+          description = ERROR.is_a?(LoadError) ? dependenciesRequiredForED25519 : ''
+          description << "#{ERROR.class} : \"#{ERROR.message}\"\n" if ERROR
+          raise NotImplementedError, "#{message}\n#{description}" unless LOADED
+        end
+        def self.dependenciesRequiredForED25519
+          result = "net-ssh requires the following gems for ed25519 support:\n"
+          result << " * ed25519 (>= 1.2, < 2.0)\n"
+          result << " * bcrypt_pbkdf (>= 1.0, < 2.0)\n" unless RUBY_PLATFORM == "java"
+          result << "See https://github.com/net-ssh/net-ssh/issues/565 for more information\n"
+        end
+      end
+    end
+  end
+end