orthrus-ssh 0.5.1 → 0.6.0

data/Manifest.txt

@@ -5,14 +5,13 @@ README.txt
 Rakefile
 bin/orthrus
 lib/orthrus.rb
-lib/orthrus/key.rb
-lib/orthrus/key_holder.rb
 lib/orthrus/ssh.rb
 lib/orthrus/ssh/agent.rb
 lib/orthrus/ssh/buffer.rb
 lib/orthrus/ssh/dsa.rb
 lib/orthrus/ssh/http_agent.rb
 lib/orthrus/ssh/key.rb
+lib/orthrus/ssh/key_manager.rb
 lib/orthrus/ssh/public_key_set.rb
 lib/orthrus/ssh/rack_app.rb
 lib/orthrus/ssh/rsa.rb
@@ -22,10 +21,12 @@ test/data/id_dsa
 test/data/id_dsa.pub
 test/data/id_rsa
 test/data/id_rsa.pub
+test/orthrus_case.rb
 test/sessions.rb
 test/test_orthrus_ssh_agent.rb
 test/test_orthrus_ssh_dsa.rb
 test/test_orthrus_ssh_http_agent.rb
+test/test_orthrus_ssh_key_manager.rb
 test/test_orthrus_ssh_public_key_set.rb
 test/test_orthrus_ssh_rackapp.rb
 test/test_orthrus_ssh_rsa.rb

data/README.txt

@@ -30,6 +30,7 @@ A user authentication system built on SSH's key
 
 After checking out the source, run:
 
+  $ gem install hoe
   $ rake newb
 
 This task will install any missing dependencies, run the tests/specs,

data/Rakefile

@@ -3,7 +3,7 @@
 require 'rubygems'
 require 'hoe'
 
- Hoe.plugin :minitest
+Hoe.plugin :minitest
 
 Hoe.spec 'orthrus-ssh' do
   developer('Evan Phoenix', 'evan@phx.io')

data/lib/orthrus/ssh.rb

@@ -7,7 +7,7 @@ require 'orthrus/ssh/dsa'
 require 'orthrus/ssh/utils'
 
 module Orthrus::SSH
-  VERSION = '0.5.1'
+  VERSION = '0.6.0'
 
   def self.load_private(path)
     data = File.read(path)

data/lib/orthrus/ssh/agent.rb

@@ -117,7 +117,7 @@ module Orthrus::SSH
 
     # Using the agent and the given public key, sign the given data. The
     # signature is returned in SSH2 format.
-    def sign(key, data)
+    def sign(key, data, b64armor=false)
       type, reply = send_and_wait(SSH2_AGENT_SIGN_REQUEST,
                                   :string, Buffer.from(:key, key),
                                   :string, data,
@@ -130,13 +130,12 @@ module Orthrus::SSH
       end
 
       b = Buffer.new reply.read_string
-      [b.read_string, b.read_string]
-    end
+      type = b.read_string
+      sign = b.read_string
 
-    def hexsign(key, data)
-      type, sig = sign key, data
+      sign = Utils.encode64 sign if b64armor
 
-      [type, [sig].pack("m").gsub("\n","")]
+      [type, sign]
     end
 
     private

data/lib/orthrus/ssh/dsa.rb

@@ -50,7 +50,7 @@ module Orthrus::SSH
 
   class DSAPublicKey < PublicKey
     def self.parse(data)
-      raw = data.unpack("m").first
+      raw = Utils.decode64 data
 
       b = Buffer.new raw
 

data/lib/orthrus/ssh/http_agent.rb

@@ -7,16 +7,16 @@ require 'net/http'
 
 module Orthrus::SSH
   class HTTPAgent
-    def initialize(url)
+    def initialize(url, key_manager=nil)
       @url = url
-      @keys = []
+      @key_manager ||= KeyManager.new
       @access_token = nil
     end
 
     attr_reader :access_token
 
-    def add_key(key)
-      @keys << Orthrus::SSH.load_private(key)
+    def load_key(key)
+      @key_manager.load_key key
     end
 
     def check(user, k)
@@ -48,11 +48,11 @@ module Orthrus::SSH
     end
 
     def start(user)
-      @keys.each do |k|
+      @key_manager.each_key do |k|
         sid, data = check(user, k)
         next unless sid
 
-        sig = k.hexsign(data)
+        sig = @key_manager.sign k, data, true
 
         token = negotiate(k, sid, sig)
         if token
@@ -61,22 +61,6 @@ module Orthrus::SSH
         end
       end
 
-      if Agent.available?
-        agent = Agent.connect
-        agent.identities.each do |k|
-          sid, data = check(user, k)
-          next unless sid
-
-          type, sig = agent.hexsign k, data
-
-          token = negotiate(k, sid, sig)
-          if token
-            @access_token = token
-            return
-          end
-        end
-      end
-
       raise "Unable to find key to authenticate with"
     end
   end

data/lib/orthrus/ssh/key.rb

@@ -4,10 +4,11 @@ module Orthrus::SSH
       @key = k
       @digest = digest
       @comment = nil
+      @source = nil
     end
 
     attr_reader :key
-    attr_accessor :comment
+    attr_accessor :comment, :source
 
     def rsa?
       @key.kind_of? OpenSSL::PKey::RSA
@@ -25,26 +26,25 @@ module Orthrus::SSH
     def inspect
       "#<#{self.class} #{fingerprint}>"
     end
-  end
 
-  class PrivateKey < Key
-    def sign(data)
-      @key.sign @digest.new, data
+    def ==(o)
+      return false unless o.kind_of? Orthrus::SSH::Key
+      @key.to_pem == o.key.to_pem
     end
+  end
 
-    def hexsign(data)
-      [sign(data)].pack("m").gsub("\n","")
+  class PrivateKey < Key
+    def sign(data, b64armor=false)
+      s = @key.sign @digest.new, data
+      b64armor ? Utils.encode64(s) : s
     end
   end
 
   class PublicKey < Key
-    def verify(sign, data)
+    def verify(sign, data, b64armor=false)
+      sign = Utils.decode64 sign if b64armor
       @key.verify @digest.new, sign, data
     end
-
-    def hexverify(sign, data)
-      verify sign.unpack("m").first, data
-    end
   end
 
 end

data/lib/orthrus/ssh/key_manager.rb

@@ -0,0 +1,59 @@
+require 'orthrus/ssh'
+require 'orthrus/ssh/agent'
+
+module Orthrus::SSH
+  class KeyManager
+    def initialize(try_agent=true)
+      @keys = []
+
+      agent = nil
+      if try_agent and Agent.available?
+        begin
+          agent = Agent.connect
+        rescue IOError
+          # ignore
+        end
+      end
+
+      @agent = agent
+    end
+
+    attr_reader :keys
+
+    def add_key(key)
+      @keys << key
+    end
+
+    def load_key(path)
+      add_key Orthrus::SSH.load_private(path)
+    end
+
+    def agent_identities
+      @agent && @agent.identities
+    end
+
+    def each_key
+      @keys.each { |x| yield x }
+      if @agent
+        @agent.identities.each do |x|
+          x.source = @agent
+          yield x
+        end
+      end
+    end
+
+    def sign(key, data, b64armor=false)
+      if key.source.kind_of? Agent
+        _, sign = key.source.sign key, data
+      else
+        sign = key.sign data
+      end
+
+      if b64armor
+        Utils.encode64 sign
+      else
+        sign
+      end
+    end
+  end
+end

data/lib/orthrus/ssh/rack_app.rb

@@ -52,7 +52,7 @@ module Orthrus::SSH
 
       sig = req.params['sig']
 
-      if pub.hexverify(sig, nonce)
+      if pub.verify(sig, nonce, true)
         form "code=verified&access_token=1"
       else
         form "code=fail"

data/lib/orthrus/ssh/rsa.rb

@@ -16,7 +16,7 @@ module Orthrus::SSH
 
       return d unless base64
 
-      [d].pack("m").gsub("\n","")
+      Utils.encode64 d
     end
 
     def type
@@ -30,7 +30,7 @@ module Orthrus::SSH
 
   class RSAPublicKey < PublicKey
     def self.parse(data)
-      raw = data.unpack("m").first
+      raw = Utils.decode64 data
 
       b = Buffer.new raw
 

data/lib/orthrus/ssh/utils.rb

@@ -22,5 +22,12 @@ module Orthrus::SSH
       OpenSSL::Digest::SHA1.hexdigest data
     end
 
+    def self.encode64(data)
+      [data].pack("m").gsub("\n","")
+    end
+
+    def self.decode64(data)
+      data.unpack("m").first
+    end
   end
 end

data/test/orthrus_case.rb

@@ -0,0 +1,22 @@
+class OrthrusTestCase < MiniTest::Unit::TestCase
+  DATA_PATH = File.expand_path "../data", __FILE__
+
+  def setup
+    @id_rsa = File.join DATA_PATH, "id_rsa"
+    @rsa = Orthrus::SSH.load_private @id_rsa
+
+    @rsa_pub = Orthrus::SSH.load_public File.join(DATA_PATH, "id_rsa.pub")
+  end
+
+  def added_to_agent(path)
+    begin
+      `chmod 0600 #{path}; ssh-add #{path} 2>&1`
+      fail unless $?.exitstatus == 0
+
+      yield
+    ensure
+      `ssh-add -d #{path} 2>&1`
+    end
+  end
+
+end

data/test/test_orthrus_ssh_http_agent.rb

@@ -7,11 +7,12 @@ require 'orthrus/ssh/http_agent'
 require 'stringio'
 
 require 'sessions'
+require 'orthrus_case'
 
-class TestOrthrusSSHHTTPAgent < MiniTest::Unit::TestCase
-  DATA_PATH = File.expand_path "../data", __FILE__
-
+class TestOrthrusSSHHTTPAgent < OrthrusTestCase
   def setup
+    super
+
     @@app ||= Orthrus::SSH::RackApp.new OrthrusTestSessions.new
     @app = @@app
     @@server ||= begin
@@ -25,10 +26,6 @@ class TestOrthrusSSHHTTPAgent < MiniTest::Unit::TestCase
 
     sleep 1
 
-    @id_rsa = File.join DATA_PATH, "id_rsa"
-    @rsa = Orthrus::SSH.load_private @id_rsa
-
-    @rsa_pub = Orthrus::SSH.load_public File.join(DATA_PATH, "id_rsa.pub")
     @app.sessions.add_key "evan", @rsa_pub
   end
 
@@ -41,7 +38,7 @@ class TestOrthrusSSHHTTPAgent < MiniTest::Unit::TestCase
     url = URI.parse "http://127.0.0.1:8787/"
     h = Orthrus::SSH::HTTPAgent.new url
 
-    h.add_key @id_rsa
+    h.load_key @id_rsa
 
     h.start "evan"
 
@@ -51,11 +48,7 @@ class TestOrthrusSSHHTTPAgent < MiniTest::Unit::TestCase
   def test_access_token_from_agent
     skip unless Orthrus::SSH::Agent.available?
 
-    begin
-      `chmod 0600 #{@id_rsa}; ssh-add #{@id_rsa} 2>&1`
-
-      fail unless $?.exitstatus == 0
-
+    added_to_agent @id_rsa do
       assert Orthrus::SSH::Agent.connect.identities.any? { |id|
                id.public_identity == @rsa_pub.public_identity
              }
@@ -66,8 +59,6 @@ class TestOrthrusSSHHTTPAgent < MiniTest::Unit::TestCase
       h.start "evan"
 
       assert_equal "1", h.access_token
-    ensure
-      `ssh-add -d #{@id_rsa} 2>&1`
     end
   end
 end

data/test/test_orthrus_ssh_key_manager.rb

@@ -0,0 +1,77 @@
+require 'minitest/unit'
+require 'minitest/autorun'
+
+require 'orthrus/ssh/key_manager'
+
+require 'orthrus_case'
+
+class TestOrthrusSSHKeyManager < OrthrusTestCase
+  def setup
+    super
+
+    @kg = Orthrus::SSH::KeyManager.new
+  end
+
+  def test_add_key
+    @kg.add_key @rsa
+
+    assert_equal @rsa, @kg.keys.first
+  end
+
+  def test_load_key
+    @kg.load_key @id_rsa
+    assert_equal @rsa, @kg.keys.first
+  end
+
+  def test_agent_identities
+    kg = @kg.agent_identities.first
+    assert_kind_of Orthrus::SSH::Key, kg
+  end
+
+  def test_each_key
+    @kg.add_key @rsa
+
+    keys = []
+    @kg.each_key { |x| keys << x }
+
+    assert keys.include?(@rsa)
+  end
+
+  def test_each_keys_with_agent
+    keys = []
+
+    added_to_agent @id_rsa do
+      @kg.each_key { |x| keys << x }
+    end
+
+    assert keys.include?(@rsa_pub)
+  end
+
+  def test_sign
+    @kg.add_key @rsa
+
+    data = "hello"
+    sign = @kg.sign @rsa, data
+
+    assert @rsa_pub.verify(sign, data)
+  end
+
+  def test_sign_with_agent
+    added_to_agent @id_rsa do
+      data = "hello"
+
+      id = nil
+      @kg.each_key do |k|
+        if k == @rsa_pub
+          id = k
+          break
+        end
+      end
+
+      assert id 
+
+      sign = @kg.sign id, data
+      assert @rsa_pub.verify(sign, data)
+    end
+  end
+end

data/test/test_orthrus_ssh_rackapp.rb

@@ -73,7 +73,7 @@ class TestOrthrusSSHRackApp < MiniTest::Unit::TestCase
 
     data = params['nonce']
 
-    sig = Rack::Utils.escape @rsa.hexsign(data)
+    sig = Rack::Utils.escape @rsa.sign(data, true)
 
     env["QUERY_STRING"] = "state=signed&sig=#{sig}&session_id=1"
 

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: orthrus-ssh
 version: !ruby/object:Gem::Version 
-  hash: 9
+  hash: 7
   prerelease: 
   segments: 
   - 0
-  - 5
-  - 1
-  version: 0.5.1
+  - 6
+  - 0
+  version: 0.6.0
 platform: ruby
 authors: 
 - Evan Phoenix
@@ -82,14 +82,13 @@ files:
 - Rakefile
 - bin/orthrus
 - lib/orthrus.rb
-- lib/orthrus/key.rb
-- lib/orthrus/key_holder.rb
 - lib/orthrus/ssh.rb
 - lib/orthrus/ssh/agent.rb
 - lib/orthrus/ssh/buffer.rb
 - lib/orthrus/ssh/dsa.rb
 - lib/orthrus/ssh/http_agent.rb
 - lib/orthrus/ssh/key.rb
+- lib/orthrus/ssh/key_manager.rb
 - lib/orthrus/ssh/public_key_set.rb
 - lib/orthrus/ssh/rack_app.rb
 - lib/orthrus/ssh/rsa.rb
@@ -99,10 +98,12 @@ files:
 - test/data/id_dsa.pub
 - test/data/id_rsa
 - test/data/id_rsa.pub
+- test/orthrus_case.rb
 - test/sessions.rb
 - test/test_orthrus_ssh_agent.rb
 - test/test_orthrus_ssh_dsa.rb
 - test/test_orthrus_ssh_http_agent.rb
+- test/test_orthrus_ssh_key_manager.rb
 - test/test_orthrus_ssh_public_key_set.rb
 - test/test_orthrus_ssh_rackapp.rb
 - test/test_orthrus_ssh_rsa.rb
@@ -145,6 +146,7 @@ test_files:
 - test/test_orthrus_ssh_agent.rb
 - test/test_orthrus_ssh_dsa.rb
 - test/test_orthrus_ssh_http_agent.rb
+- test/test_orthrus_ssh_key_manager.rb
 - test/test_orthrus_ssh_public_key_set.rb
 - test/test_orthrus_ssh_rackapp.rb
 - test/test_orthrus_ssh_rsa.rb

data/lib/orthrus/key.rb

@@ -1,12 +0,0 @@
-require 'openssl'
-
-module Orthrus
-
-  CURVE = "secp224k1"
-
-  class Key
-    def self.new_pair
-
-    end
-  end
-end

data/lib/orthrus/key_holder.rb

@@ -1,15 +0,0 @@
-module Orthrus
-  class KeyHolder
-    def initialize
-      @keys = {}
-    end
-
-    def add_key(name, key)
-      @keys[name] = key
-    end
-
-    def key(name)
-      @keys[name]
-    end
-  end
-end