net-ssh 6.0.0.beta1 → 6.0.0.beta2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 16c438c23a0dc7ead21778dea22cff5dcb8c4ffa
-  data.tar.gz: 19f4f5a5e082b1dbdd39aac4c1e90144e2b56540
+SHA256:
+  metadata.gz: 5614d2fa5b1b6396aae6c99ee8dab8a7c4c9dfddfaed4ba2f2666539b56d22df
+  data.tar.gz: f999a5eb2e98e9e81efe4f628d02350fd33d3fd4e101f286ec36d83a538a7d60
 SHA512:
-  metadata.gz: 593269d7a4788bb428ee0a2131d53bc87f4051b929da404eb6c8d7e560deedd35bd5ae0d6948b9463210efd2ec87d813bfcdd60ac017cee914253f5389130dbd
-  data.tar.gz: c5548d70f356434795f87371c0be1638ec468b1b170207dec738d48af37d45ba2d9dced66c7d0b74f42f8d8bd640d1676dfc6d8b41590d89860c79be3d0578f5
+  metadata.gz: 389e60f10a0db01d775135b59837cd8d115777f6587d866c9afc821f239139d77f874cea4128672ef7a3d102a96c25be7dce025fda2667c89e9111f2ac6fc809
+  data.tar.gz: fed18846ef1d1e99407ae179b143f88338d258ed8e89bc5c18d4d31d0f15f8c75a004f0c93d25259c9f35e51cdaa581d4a066cc1f51a28e394b29d5afeda1910

data/CHANGES.txt

@@ -1,3 +1,7 @@
+=== 6.0.0 beta2
+  
+  * Support :certkeys and CertificateFile configuration option  [Ander Scarling, #722]
+
 === 6.0.0 beta1
 
   * curve25519sha256 support [Florian Wininger ,#690]

data/Manifest

@@ -33,7 +33,6 @@ lib/net/ssh/proxy/errors.rb
 lib/net/ssh/proxy/http.rb
 lib/net/ssh/proxy/socks4.rb
 lib/net/ssh/proxy/socks5.rb
-lib/net/ssh/ruby_compat.rb
 lib/net/ssh/service/forward.rb
 lib/net/ssh/test.rb
 lib/net/ssh/test/channel.rb

data/lib/net/ssh.rb

@@ -66,7 +66,7 @@ module Net
       auth_methods bind_address compression compression_level config
       encryption forward_agent hmac host_key remote_user
       keepalive keepalive_interval keepalive_maxcount kex keys key_data
-      languages logger paranoid password port proxy
+      keycerts languages logger paranoid password port proxy
       rekey_blocks_limit rekey_limit rekey_packet_limit timeout verbose
       known_hosts global_known_hosts_file user_known_hosts_file host_key_alias
       host_name user properties passphrase keys_only max_pkt_size
@@ -144,6 +144,8 @@ module Net
     # * :kex => the key exchange algorithm (or algorithms) to use
     # * :keys => an array of file names of private keys to use for publickey
     #   and hostbased authentication
+    # * :keycerts => an array of file names of key certificates to use
+    #    with publickey authentication
     # * :key_data => an array of strings, with each element of the array being
     #   a raw private key in PEM format.
     # * :keys_only => set to +true+ to use only private keys from +keys+ and

data/lib/net/ssh/authentication/key_manager.rb

@@ -30,6 +30,9 @@ module Net
         # The list of user key data that will be examined
         attr_reader :key_data
 
+        # The list of user key certificate files that will be examined
+        attr_reader :keycert_files
+
         # The map of loaded identities
         attr_reader :known_identities
 
@@ -43,6 +46,7 @@ module Net
           self.logger = logger
           @key_files = []
           @key_data = []
+          @keycert_files = []
           @use_agent = options[:use_agent] != false
           @known_identities = {}
           @agent = nil
@@ -66,6 +70,12 @@ module Net
           self
         end
 
+        # Add the given keycert_file to the list of keycert files that will be used.
+        def add_keycert(keycert_file)
+          keycert_files.push(File.expand_path(keycert_file)).uniq!
+          self
+        end
+
         # Add the given key_file to the list of keys that will be used.
         def add_key_data(key_data_)
           key_data.push(key_data_).uniq!
@@ -108,7 +118,7 @@ module Net
               user_identities.delete(corresponding_user_identity) if corresponding_user_identity
 
               if !options[:keys_only] || corresponding_user_identity
-                known_identities[key] = { from: :agent }
+                known_identities[key] = { from: :agent, identity: key }
                 yield key
               end
             end
@@ -122,6 +132,21 @@ module Net
             yield key
           end
 
+          known_identity_blobs = known_identities.keys.map(&:to_blob)
+          keycert_files.each do |keycert_file|
+            keycert = KeyFactory.load_public_key(keycert_file)
+            next if known_identity_blobs.include?(keycert.to_blob)
+
+            (_, corresponding_identity) = known_identities.detect { |public_key, _|
+              public_key.to_pem == keycert.to_pem
+            }
+
+            if corresponding_identity
+              known_identities[keycert] = corresponding_identity
+              yield keycert
+            end
+          end
+
           self
         end
 
@@ -152,7 +177,7 @@ module Net
 
           if info[:from] == :agent
             raise KeyManagerError, "the agent is no longer available" unless agent
-            return agent.sign(identity, data.to_s)
+            return agent.sign(info[:identity], data.to_s)
           end
 
           raise KeyManagerError, "[BUG] can't determine identity origin (#{info.inspect})"

data/lib/net/ssh/authentication/session.rb

@@ -63,6 +63,7 @@ module Net
 
           key_manager = KeyManager.new(logger, options)
           keys.each { |key| key_manager.add(key) } unless keys.empty?
+          keycerts.each { |keycert| key_manager.add_keycert(keycert) } unless keycerts.empty?
           key_data.each { |key2| key_manager.add_key_data(key2) } unless key_data.empty?
           default_keys.each { |key| key_manager.add(key) } unless options.key?(:keys) || options.key?(:key_data)
 
@@ -146,6 +147,12 @@ module Net
           Array(options[:keys])
         end
 
+        # Returns an array of paths to the keycert files that should be used when
+        # attempting any key-based authentication mechanism.
+        def keycerts
+          Array(options[:keycerts])
+        end
+
         # Returns an array of the key data that should be used when
         # attempting any key-based authentication mechanism.
         def key_data

data/lib/net/ssh/buffer.rb

@@ -1,4 +1,3 @@
-require 'net/ssh/ruby_compat'
 require 'net/ssh/transport/openssl'
 
 require 'net/ssh/authentication/certificate'

data/lib/net/ssh/buffered_io.rb

@@ -1,6 +1,5 @@
 require 'net/ssh/buffer'
 require 'net/ssh/loggable'
-require 'net/ssh/ruby_compat'
 
 module Net 
   module SSH

data/lib/net/ssh/config.rb

@@ -11,6 +11,7 @@ module Net
     #
     # * ChallengeResponseAuthentication => maps to the :auth_methods option challenge-response (then coleasced into keyboard-interactive)
     # * KbdInteractiveAuthentication => maps to the :auth_methods keyboard-interactive
+    # * CertificateFile => maps to the :keycerts option
     # * Ciphers => maps to the :encryption option
     # * Compression => :compression
     # * CompressionLevel => :compression_level
@@ -129,7 +130,7 @@ module Net
               block_seen = true
             elsif !block_seen
               case key
-              when 'identityfile'
+              when 'identityfile', 'certificatefile'
                 (globals[key] ||= []) << value
               when 'include'
                 included_file_paths(base_dir, value).each do |file_path|
@@ -140,7 +141,7 @@ module Net
               end
             elsif block_matched
               case key
-              when 'identityfile'
+              when 'identityfile', 'certificatefile'
                 (settings[key] ||= []) << value
               when 'include'
                 included_file_paths(base_dir, value).each do |file_path|
@@ -161,7 +162,7 @@ module Net
 
           globals.merge(settings) do |key, oldval, newval|
             case key
-            when 'identityfile'
+            when 'identityfile', 'certificatefile'
               oldval + newval
             else
               newval
@@ -196,25 +197,26 @@ module Net
 
         private
 
+        TRANSLATE_CONFIG_KEY_RENAME_MAP = {
+          bindaddress: :bind_address,
+          compression: :compression,
+          compressionlevel: :compression_level,
+          certificatefile: :keycerts,
+          connecttimeout: :timeout,
+          forwardagent: :forward_agent,
+          identitiesonly: :keys_only,
+          identityagent: :identity_agent,
+          globalknownhostsfile: :global_known_hosts_file,
+          hostkeyalias: :host_key_alias,
+          identityfile: :keys,
+          fingerprinthash: :fingerprint_hash,
+          port: :port,
+          stricthostkeychecking: :strict_host_key_checking,
+          user: :user,
+          userknownhostsfile: :user_known_hosts_file,
+          checkhostip: :check_host_ip
+        }.freeze
         def translate_config_key(hash, key, value, settings)
-          rename = {
-            bindaddress: :bind_address,
-            compression: :compression,
-            compressionlevel: :compression_level,
-            connecttimeout: :timeout,
-            forwardagent: :forward_agent,
-            identitiesonly: :keys_only,
-            identityagent: :identity_agent,
-            globalknownhostsfile: :global_known_hosts_file,
-            hostkeyalias: :host_key_alias,
-            identityfile: :keys,
-            fingerprinthash: :fingerprint_hash,
-            port: :port,
-            stricthostkeychecking: :strict_host_key_checking,
-            user: :user,
-            userknownhostsfile: :user_known_hosts_file,
-            checkhostip: :check_host_ip
-          }
           case key
           when :ciphers
             hash[:encryption] = value.split(/,/)
@@ -276,8 +278,8 @@ module Net
             hash[:send_env] = multi_send_env.map { |e| Regexp.new pattern2regex(e).source, false }
           when :numberofpasswordprompts
             hash[:number_of_password_prompts] = value.to_i
-          when *rename.keys
-            hash[rename[key]] = value
+          when *TRANSLATE_CONFIG_KEY_RENAME_MAP.keys
+            hash[TRANSLATE_CONFIG_KEY_RENAME_MAP[key]] = value
           end
         end
 

data/lib/net/ssh/connection/event_loop.rb

@@ -1,5 +1,4 @@
 require 'net/ssh/loggable'
-require 'net/ssh/ruby_compat'
 
 module Net 
   module SSH 

data/lib/net/ssh/connection/session.rb

@@ -1,5 +1,4 @@
 require 'net/ssh/loggable'
-require 'net/ssh/ruby_compat'
 require 'net/ssh/connection/channel'
 require 'net/ssh/connection/constants'
 require 'net/ssh/service/forward'

data/lib/net/ssh/proxy/command.rb

@@ -1,7 +1,6 @@
 require 'socket'
 require 'rubygems'
 require 'net/ssh/proxy/errors'
-require 'net/ssh/ruby_compat'
 
 module Net
   module SSH

data/lib/net/ssh/proxy/socks5.rb

@@ -1,5 +1,4 @@
 require 'socket'
-require 'net/ssh/ruby_compat'
 require 'net/ssh/proxy/errors'
 
 module Net

data/lib/net/ssh/transport/packet_stream.rb

@@ -1,7 +1,6 @@
 require 'net/ssh/buffered_io'
 require 'net/ssh/errors'
 require 'net/ssh/packet'
-require 'net/ssh/ruby_compat'
 require 'net/ssh/transport/cipher_factory'
 require 'net/ssh/transport/hmac'
 require 'net/ssh/transport/state'

data/lib/net/ssh/version.rb

@@ -56,7 +56,7 @@ module Net
 
       # The prerelease component of this version of the Net::SSH library
       # nil allowed
-      PRE   = "beta1"
+      PRE   = "beta2"
 
       # The current version of the Net::SSH library as a Version instance
       CURRENT = new(*[MAJOR, MINOR, TINY, PRE].compact)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: net-ssh
 version: !ruby/object:Gem::Version
-  version: 6.0.0.beta1
+  version: 6.0.0.beta2
 platform: ruby
 authors:
 - Jamis Buck
@@ -31,7 +31,7 @@ cert_chain:
   +MqVFjDxsJA7cDfACke51RypSH1gZoPjzoW6w0sMRAzZT8hU1eGyqtNuBiSZ1UKv
   B/ztNLEP0OWhpj/NZ1fnGRvo/T0=
   -----END CERTIFICATE-----
-date: 2019-10-25 00:00:00.000000000 Z
+date: 2020-01-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bcrypt_pbkdf
@@ -208,7 +208,6 @@ files:
 - lib/net/ssh/proxy/jump.rb
 - lib/net/ssh/proxy/socks4.rb
 - lib/net/ssh/proxy/socks5.rb
-- lib/net/ssh/ruby_compat.rb
 - lib/net/ssh/service/forward.rb
 - lib/net/ssh/test.rb
 - lib/net/ssh/test/channel.rb
@@ -284,8 +283,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 1.3.1
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.6.8
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: 'Net::SSH: a pure-Ruby implementation of the SSH2 client protocol.'

data/lib/net/ssh/ruby_compat.rb

@@ -1,13 +0,0 @@
-require 'thread'
-
-class String
-  if RUBY_VERSION < "1.9"
-    def getbyte(index)
-      self[index]
-    end
-
-    def setbyte(index, c)
-      self[index] = c
-    end
-  end
-end