@de-otio/chaoskb-server 0.2.11 → 0.2.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/lib/handler/middleware/ssh-auth.d.ts +8 -1
- package/dist/lib/handler/middleware/ssh-auth.d.ts.map +1 -1
- package/dist/lib/handler/middleware/ssh-auth.js +113 -17
- package/dist/lib/handler/middleware/ssh-auth.js.map +1 -1
- package/dist/lib/handler/middleware/ssh-auth.ts +124 -17
- package/package.json +1 -1
|
@@ -33,7 +33,14 @@ export declare function buildCanonicalString(method: string, path: string, times
|
|
|
33
33
|
* is strictly greater than the stored highest-seen sequence.
|
|
34
34
|
*/
|
|
35
35
|
export declare function checkSequence(ddb: DynamoDBDocumentClient, tableName: string, tenantId: string, fingerprint: string, sequence: number): Promise<void>;
|
|
36
|
-
|
|
36
|
+
/**
|
|
37
|
+
* Verify an SSH signature against a canonical string.
|
|
38
|
+
* The public key is the base64-encoded SSH wire-format blob from the request header.
|
|
39
|
+
* Supports Ed25519, RSA (PKCS#1 v1.5 SHA-256), and ECDSA (SHA-256).
|
|
40
|
+
*/
|
|
41
|
+
export declare function verifySSHSignature(publicKeyBase64: string, canonicalString: string, signatureBase64: string): boolean;
|
|
42
|
+
/** @deprecated Use verifySSHSignature instead. */
|
|
43
|
+
export declare const verifyEd25519Signature: typeof verifySSHSignature;
|
|
37
44
|
export declare function authenticateRequest(event: {
|
|
38
45
|
requestContext: {
|
|
39
46
|
http: {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ssh-auth.d.ts","sourceRoot":"","sources":["../../../../lib/handler/middleware/ssh-auth.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,sBAAsB,EAA+B,MAAM,uBAAuB,CAAC;AAG5F,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,qBAAa,SAAU,SAAQ,KAAK;aAGhB,UAAU,EAAE,MAAM;gBADlC,OAAO,EAAE,MAAM,EACC,UAAU,EAAE,MAAM;CAKrC;AAED,UAAU,gBAAgB;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAKD;;;;;;;GAOG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,gBAAgB,CA4BlF;AA6BD,uEAAuE;AACvE,wBAAgB,wBAAwB,CAAC,eAAe,EAAE,MAAM,GAAG,MAAM,CAExE;AAED,wBAAgB,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAWvD;AAED,wBAAgB,oBAAoB,CAClC,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,MAAM,EAChB,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,GACnB,MAAM,CAKR;AAED;;;;;GAKG;AACH,wBAAsB,aAAa,CACjC,GAAG,EAAE,sBAAsB,EAC3B,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,MAAM,EACnB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,IAAI,CAAC,CAqCf;
|
|
1
|
+
{"version":3,"file":"ssh-auth.d.ts","sourceRoot":"","sources":["../../../../lib/handler/middleware/ssh-auth.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,sBAAsB,EAA+B,MAAM,uBAAuB,CAAC;AAG5F,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,qBAAa,SAAU,SAAQ,KAAK;aAGhB,UAAU,EAAE,MAAM;gBADlC,OAAO,EAAE,MAAM,EACC,UAAU,EAAE,MAAM;CAKrC;AAED,UAAU,gBAAgB;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAKD;;;;;;;GAOG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,gBAAgB,CA4BlF;AA6BD,uEAAuE;AACvE,wBAAgB,wBAAwB,CAAC,eAAe,EAAE,MAAM,GAAG,MAAM,CAExE;AAED,wBAAgB,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAWvD;AAED,wBAAgB,oBAAoB,CAClC,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,MAAM,EAChB,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,GACnB,MAAM,CAKR;AAED;;;;;GAKG;AACH,wBAAsB,aAAa,CACjC,GAAG,EAAE,sBAAsB,EAC3B,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,MAAM,EACnB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,IAAI,CAAC,CAqCf;AA4GD;;;;GAIG;AACH,wBAAgB,kBAAkB,CAChC,eAAe,EAAE,MAAM,EACvB,eAAe,EAAE,MAAM,EACvB,eAAe,EAAE,MAAM,GACtB,OAAO,CAcT;AAED,kDAAkD;AAClD,eAAO,MAAM,sBAAsB,2BAAqB,CAAC;AAOzD,wBAAsB,mBAAmB,CACvC,KAAK,EAAE;IACL,cAAc,EAAE;QAAE,IAAI,EAAE;YAAE,MAAM,EAAE,MAAM,CAAC;YAAC,IAAI,EAAE,MAAM,CAAA;SAAE,CAAA;KAAE,CAAC;IAC3D,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB,EACD,GAAG,EAAE,sBAAsB,EAC3B,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,UAAU,CAAC,CA8HrB"}
|
|
@@ -33,13 +33,13 @@ var __importStar = (this && this.__importStar) || (function () {
|
|
|
33
33
|
};
|
|
34
34
|
})();
|
|
35
35
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
36
|
-
exports.AuthError = void 0;
|
|
36
|
+
exports.verifyEd25519Signature = exports.AuthError = void 0;
|
|
37
37
|
exports.parseAuthHeaders = parseAuthHeaders;
|
|
38
38
|
exports.fingerprintFromPublicKey = fingerprintFromPublicKey;
|
|
39
39
|
exports.verifyTimestamp = verifyTimestamp;
|
|
40
40
|
exports.buildCanonicalString = buildCanonicalString;
|
|
41
41
|
exports.checkSequence = checkSequence;
|
|
42
|
-
exports.
|
|
42
|
+
exports.verifySSHSignature = verifySSHSignature;
|
|
43
43
|
exports.authenticateRequest = authenticateRequest;
|
|
44
44
|
const crypto = __importStar(require("crypto"));
|
|
45
45
|
const lib_dynamodb_1 = require("@aws-sdk/lib-dynamodb");
|
|
@@ -167,27 +167,123 @@ async function checkSequence(ddb, tableName, tenantId, fingerprint, sequence) {
|
|
|
167
167
|
throw error;
|
|
168
168
|
}
|
|
169
169
|
}
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
170
|
+
/**
|
|
171
|
+
* Read an SSH wire-format string (uint32 length + bytes) from a buffer.
|
|
172
|
+
*/
|
|
173
|
+
function readSSHString(buf, offset) {
|
|
174
|
+
const len = buf.readUInt32BE(offset);
|
|
175
|
+
return { data: buf.subarray(offset + 4, offset + 4 + len), next: offset + 4 + len };
|
|
176
|
+
}
|
|
177
|
+
// --- DER / ASN.1 encoding helpers ---
|
|
178
|
+
function derLength(length) {
|
|
179
|
+
if (length < 128)
|
|
180
|
+
return Buffer.from([length]);
|
|
181
|
+
if (length < 256)
|
|
182
|
+
return Buffer.from([0x81, length]);
|
|
183
|
+
const buf = Buffer.alloc(3);
|
|
184
|
+
buf[0] = 0x82;
|
|
185
|
+
buf.writeUInt16BE(length, 1);
|
|
186
|
+
return buf;
|
|
187
|
+
}
|
|
188
|
+
function derWrap(tag, content) {
|
|
189
|
+
return Buffer.concat([Buffer.from([tag]), derLength(content.length), content]);
|
|
190
|
+
}
|
|
191
|
+
function derSequence(...items) {
|
|
192
|
+
return derWrap(0x30, Buffer.concat(items));
|
|
193
|
+
}
|
|
194
|
+
function derInteger(data) {
|
|
195
|
+
// Strip leading zeros, but keep padding zero if high bit is set
|
|
196
|
+
let start = 0;
|
|
197
|
+
while (start < data.length - 1 && data[start] === 0 && !(data[start + 1] & 0x80)) {
|
|
198
|
+
start++;
|
|
199
|
+
}
|
|
200
|
+
let buf = data.subarray(start);
|
|
201
|
+
if (buf[0] & 0x80) {
|
|
202
|
+
buf = Buffer.concat([Buffer.from([0x00]), buf]);
|
|
203
|
+
}
|
|
204
|
+
return derWrap(0x02, buf);
|
|
205
|
+
}
|
|
206
|
+
function derBitString(data) {
|
|
207
|
+
return derWrap(0x03, Buffer.concat([Buffer.from([0x00]), data]));
|
|
208
|
+
}
|
|
209
|
+
function derOid(encoded) {
|
|
210
|
+
return derWrap(0x06, encoded);
|
|
211
|
+
}
|
|
212
|
+
const DER_NULL = Buffer.from([0x05, 0x00]);
|
|
213
|
+
/**
|
|
214
|
+
* Build a crypto.KeyObject from an SSH public key blob (base64-encoded wire format).
|
|
215
|
+
* Supports ssh-ed25519, ssh-rsa, and ecdsa-sha2-nistp{256,384,521}.
|
|
216
|
+
*/
|
|
217
|
+
function createPublicKeyFromSSHBlob(publicKeyBase64) {
|
|
218
|
+
const blob = Buffer.from(publicKeyBase64, 'base64');
|
|
219
|
+
const { data: keyTypeBytes, next: off1 } = readSSHString(blob, 0);
|
|
220
|
+
const keyType = keyTypeBytes.toString('utf-8');
|
|
221
|
+
if (keyType === 'ssh-ed25519') {
|
|
222
|
+
const { data: rawKey } = readSSHString(blob, off1);
|
|
223
|
+
const spki = Buffer.concat([
|
|
224
|
+
Buffer.from('302a300506032b6570032100', 'hex'),
|
|
225
|
+
rawKey,
|
|
226
|
+
]);
|
|
227
|
+
return crypto.createPublicKey({ key: spki, format: 'der', type: 'spki' });
|
|
228
|
+
}
|
|
229
|
+
if (keyType === 'ssh-rsa') {
|
|
230
|
+
const { data: e, next: off2 } = readSSHString(blob, off1);
|
|
231
|
+
const { data: n } = readSSHString(blob, off2);
|
|
232
|
+
// OID 1.2.840.113549.1.1.1 (rsaEncryption)
|
|
233
|
+
const rsaOid = derOid(Buffer.from('2a864886f70d010101', 'hex'));
|
|
234
|
+
const algorithmId = derSequence(rsaOid, DER_NULL);
|
|
235
|
+
const rsaPublicKey = derSequence(derInteger(n), derInteger(e));
|
|
236
|
+
return crypto.createPublicKey({
|
|
237
|
+
key: derSequence(algorithmId, derBitString(rsaPublicKey)),
|
|
238
|
+
format: 'der',
|
|
239
|
+
type: 'spki',
|
|
240
|
+
});
|
|
241
|
+
}
|
|
242
|
+
if (keyType.startsWith('ecdsa-sha2-')) {
|
|
243
|
+
const { data: curveNameBytes, next: off2 } = readSSHString(blob, off1);
|
|
244
|
+
const { data: point } = readSSHString(blob, off2);
|
|
245
|
+
const curve = curveNameBytes.toString('utf-8');
|
|
246
|
+
const curveOids = {
|
|
247
|
+
'nistp256': '2a8648ce3d030107', // 1.2.840.10045.3.1.7
|
|
248
|
+
'nistp384': '2b81040022', // 1.3.132.0.34
|
|
249
|
+
'nistp521': '2b81040023', // 1.3.132.0.35
|
|
250
|
+
};
|
|
251
|
+
const oidHex = curveOids[curve];
|
|
252
|
+
if (!oidHex)
|
|
253
|
+
throw new Error(`Unsupported ECDSA curve: ${curve}`);
|
|
254
|
+
// OID 1.2.840.10045.2.1 (ecPublicKey)
|
|
255
|
+
const ecOid = derOid(Buffer.from('2a8648ce3d0201', 'hex'));
|
|
256
|
+
const algorithmId = derSequence(ecOid, derOid(Buffer.from(oidHex, 'hex')));
|
|
257
|
+
return crypto.createPublicKey({
|
|
258
|
+
key: derSequence(algorithmId, derBitString(point)),
|
|
182
259
|
format: 'der',
|
|
183
260
|
type: 'spki',
|
|
184
261
|
});
|
|
185
|
-
|
|
262
|
+
}
|
|
263
|
+
throw new Error(`Unsupported SSH key type: ${keyType}`);
|
|
264
|
+
}
|
|
265
|
+
/**
|
|
266
|
+
* Verify an SSH signature against a canonical string.
|
|
267
|
+
* The public key is the base64-encoded SSH wire-format blob from the request header.
|
|
268
|
+
* Supports Ed25519, RSA (PKCS#1 v1.5 SHA-256), and ECDSA (SHA-256).
|
|
269
|
+
*/
|
|
270
|
+
function verifySSHSignature(publicKeyBase64, canonicalString, signatureBase64) {
|
|
271
|
+
try {
|
|
272
|
+
const keyObject = createPublicKeyFromSSHBlob(publicKeyBase64);
|
|
273
|
+
const signatureBuffer = Buffer.from(signatureBase64, 'base64');
|
|
274
|
+
const data = Buffer.from(canonicalString);
|
|
275
|
+
// Ed25519/Ed448 infer the algorithm; RSA and ECDSA use SHA-256
|
|
276
|
+
const algorithm = keyObject.asymmetricKeyType === 'ed25519' || keyObject.asymmetricKeyType === 'ed448'
|
|
277
|
+
? null
|
|
278
|
+
: 'sha256';
|
|
279
|
+
return crypto.verify(algorithm, data, keyObject, signatureBuffer);
|
|
186
280
|
}
|
|
187
281
|
catch {
|
|
188
282
|
return false;
|
|
189
283
|
}
|
|
190
284
|
}
|
|
285
|
+
/** @deprecated Use verifySSHSignature instead. */
|
|
286
|
+
exports.verifyEd25519Signature = verifySSHSignature;
|
|
191
287
|
function tenantIdFromPublicKey(publicKeyBase64) {
|
|
192
288
|
const hash = crypto.createHash('sha256').update(publicKeyBase64).digest('hex');
|
|
193
289
|
return hash.slice(0, 32);
|
|
@@ -229,7 +325,7 @@ async function authenticateRequest(event, ddb, tableName) {
|
|
|
229
325
|
// Perform a dummy signature verification to equalize timing
|
|
230
326
|
const dummyKey = Buffer.alloc(32, 0x01).toString('base64');
|
|
231
327
|
try {
|
|
232
|
-
|
|
328
|
+
verifySSHSignature(dummyKey, 'dummy', 'dummy');
|
|
233
329
|
}
|
|
234
330
|
catch {
|
|
235
331
|
// Expected to fail — timing equalization only
|
|
@@ -280,7 +376,7 @@ async function authenticateRequest(event, ddb, tableName) {
|
|
|
280
376
|
}
|
|
281
377
|
// Verify the SSH signature against the canonical string (includes sequence)
|
|
282
378
|
const canonicalString = buildCanonicalString(event.requestContext.http.method, event.requestContext.http.path, parsed.timestamp, parsed.sequence, event.body);
|
|
283
|
-
const valid =
|
|
379
|
+
const valid = verifySSHSignature(publicKey, canonicalString, parsed.signature);
|
|
284
380
|
if (!valid) {
|
|
285
381
|
logger_js_1.logger.warn('Signature verification failed', { tenantId });
|
|
286
382
|
throw new AuthError('Invalid signature', 401);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ssh-auth.js","sourceRoot":"","sources":["../../../../lib/handler/middleware/ssh-auth.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAqCA,4CA4BC;AA8BD,4DAEC;AAED,0CAWC;AAED,oDAWC;AAQD,sCA2CC;AAED,wDAyBC;AAOD,kDAsIC;AAtVD,+CAAiC;AACjC,wDAA4F;AAC5F,4CAAsC;AAQtC,MAAa,SAAU,SAAQ,KAAK;IAGhB;IAFlB,YACE,OAAe,EACC,UAAkB;QAElC,KAAK,CAAC,OAAO,CAAC,CAAC;QAFC,eAAU,GAAV,UAAU,CAAQ;QAGlC,IAAI,CAAC,IAAI,GAAG,WAAW,CAAC;IAC1B,CAAC;CACF;AARD,8BAQC;AAQD,uFAAuF;AACvF,MAAM,sBAAsB,GAAG,EAAE,GAAG,IAAI,CAAC;AAEzC;;;;;;;GAOG;AACH,SAAgB,gBAAgB,CAAC,OAA+B;IAC9D,MAAM,UAAU,GAAG,OAAO,CAAC,eAAe,CAAC,IAAI,OAAO,CAAC,eAAe,CAAC,CAAC;IACxE,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,IAAI,SAAS,CAAC,8BAA8B,EAAE,GAAG,CAAC,CAAC;IAC3D,CAAC;IAED,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;QAC7C,yCAAyC;QACzC,IAAI,UAAU,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;YAC1C,OAAO,qBAAqB,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QACpD,CAAC;QACD,MAAM,IAAI,SAAS,CAAC,8BAA8B,EAAE,GAAG,CAAC,CAAC;IAC3D,CAAC;IAED,MAAM,SAAS,GAAG,UAAU,CAAC,KAAK,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;IAC5D,MAAM,SAAS,GAAG,OAAO,CAAC,qBAAqB,CAAC,IAAI,OAAO,CAAC,qBAAqB,CAAC,CAAC;IACnF,MAAM,WAAW,GAAG,OAAO,CAAC,oBAAoB,CAAC,IAAI,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAEnF,IAAI,CAAC,SAAS,IAAI,CAAC,SAAS,EAAE,CAAC;QAC7B,MAAM,IAAI,SAAS,CAAC,gDAAgD,EAAE,GAAG,CAAC,CAAC;IAC7E,CAAC;IAED,MAAM,QAAQ,GAAG,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7D,IAAI,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC;QACpB,MAAM,IAAI,SAAS,CAAC,yBAAyB,EAAE,GAAG,CAAC,CAAC;IACtD,CAAC;IAED,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;AAC5C,CAAC;AAED,mEAAmE;AACnE,SAAS,qBAAqB,CAC5B,MAAc,EACd,OAA+B;IAE/B,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;IACnD,MAAM,MAAM,GAA2B,EAAE,CAAC;IAE1C,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACtC,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAClC,IAAI,OAAO,KAAK,CAAC,CAAC;YAAE,SAAS;QAC7B,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC;IAC3D,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;QACpC,MAAM,IAAI,SAAS,CAAC,uCAAuC,EAAE,GAAG,CAAC,CAAC;IACpE,CAAC;IAED,MAAM,WAAW,GAAG,OAAO,CAAC,oBAAoB,CAAC,IAAI,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAEnF,OAAO;QACL,SAAS,EAAE,MAAM,CAAC,KAAK,CAAC;QACxB,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC;QACvB,QAAQ,EAAE,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;KACtD,CAAC;AACJ,CAAC;AAED,uEAAuE;AACvE,SAAgB,wBAAwB,CAAC,eAAuB;IAC9D,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;AACrG,CAAC;AAED,SAAgB,eAAe,CAAC,SAAiB;IAC/C,MAAM,WAAW,GAAG,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAC;IAClD,IAAI,KAAK,CAAC,WAAW,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,SAAS,CAAC,0BAA0B,EAAE,GAAG,CAAC,CAAC;IACvD,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,WAAW,CAAC,CAAC;IACzC,IAAI,IAAI,GAAG,sBAAsB,EAAE,CAAC;QAClC,MAAM,IAAI,SAAS,CAAC,2BAA2B,EAAE,GAAG,CAAC,CAAC;IACxD,CAAC;AACH,CAAC;AAED,SAAgB,oBAAoB,CAClC,MAAc,EACd,IAAY,EACZ,SAAiB,EACjB,QAAgB,EAChB,IAAoB;IAEpB,MAAM,QAAQ,GAAG,IAAI;QACnB,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;QACxD,CAAC,CAAC,EAAE,CAAC;IACP,OAAO,iBAAiB,MAAM,IAAI,IAAI,KAAK,SAAS,KAAK,QAAQ,KAAK,QAAQ,EAAE,CAAC;AACnF,CAAC;AAED;;;;;GAKG;AACI,KAAK,UAAU,aAAa,CACjC,GAA2B,EAC3B,SAAiB,EACjB,QAAgB,EAChB,WAAmB,EACnB,QAAgB;IAEhB,IAAI,QAAQ,IAAI,CAAC,EAAE,CAAC;QAClB,MAAM,IAAI,SAAS,CAAC,kCAAkC,EAAE,GAAG,CAAC,CAAC;IAC/D,CAAC;IAED,IAAI,CAAC;QACH,MAAM,GAAG,CAAC,IAAI,CACZ,IAAI,4BAAa,CAAC;YAChB,SAAS,EAAE,SAAS;YACpB,GAAG,EAAE;gBACH,EAAE,EAAE,UAAU,QAAQ,EAAE;gBACxB,EAAE,EAAE,YAAY,WAAW,EAAE;aAC9B;YACD,gBAAgB,EAAE,uBAAuB;YACzC,mBAAmB,EACjB,uDAAuD;YACzD,yBAAyB,EAAE;gBACzB,MAAM,EAAE,QAAQ;aACjB;SACF,CAAC,CACH,CAAC;IACJ,CAAC;IAAC,OAAO,KAAc,EAAE,CAAC;QACxB,IACE,KAAK;YACL,OAAO,KAAK,KAAK,QAAQ;YACzB,MAAM,IAAI,KAAK;YACf,KAAK,CAAC,IAAI,KAAK,iCAAiC,EAChD,CAAC;YACD,kBAAM,CAAC,IAAI,CAAC,+CAA+C,EAAE;gBAC3D,QAAQ;gBACR,WAAW;gBACX,QAAQ;aACT,CAAC,CAAC;YACH,MAAM,IAAI,SAAS,CAAC,+CAA+C,EAAE,GAAG,CAAC,CAAC;QAC5E,CAAC;QACD,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAgB,sBAAsB,CACpC,eAAuB,EACvB,eAAuB,EACvB,eAAuB;IAEvB,IAAI,CAAC;QACH,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC;QAC/D,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC;QAC/D,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAE1C,kDAAkD;QAClD,MAAM,SAAS,GAAG,MAAM,CAAC,eAAe,CAAC;YACvC,GAAG,EAAE,MAAM,CAAC,MAAM,CAAC;gBACjB,8CAA8C;gBAC9C,MAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE,KAAK,CAAC;gBAC9C,eAAe;aAChB,CAAC;YACF,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,MAAM;SACb,CAAC,CAAC;QAEH,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,eAAe,CAAC,CAAC;IAC/D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,SAAS,qBAAqB,CAAC,eAAuB;IACpD,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC/E,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAC3B,CAAC;AAEM,KAAK,UAAU,mBAAmB,CACvC,KAIC,EACD,GAA2B,EAC3B,SAAiB;IAEjB,MAAM,MAAM,GAAG,gBAAgB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC/C,eAAe,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAElC,yDAAyD;IACzD,6FAA6F;IAC7F,gEAAgE;IAChE,MAAM,SAAS,GAAG,gBAAgB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAClD,MAAM,QAAQ,GAAG,qBAAqB,CAAC,SAAS,CAAC,CAAC;IAClD,MAAM,WAAW,GAAG,wBAAwB,CAAC,SAAS,CAAC,CAAC;IAExD,gDAAgD;IAChD,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,IAAI,CAC3B,IAAI,2BAAY,CAAC;QACf,SAAS,EAAE,SAAS;QACpB,sBAAsB,EAAE,uBAAuB;QAC/C,yBAAyB,EAAE;YACzB,KAAK,EAAE,UAAU,QAAQ,EAAE;YAC3B,KAAK,EAAE,MAAM;SACd;QACD,KAAK,EAAE,CAAC;KACT,CAAC,CACH,CAAC;IAEF,IAAI,gBAAgB,GAAG,QAAQ,CAAC;IAEhC,IAAI,CAAC,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/C,+EAA+E;QAC/E,mFAAmF;QACnF,+CAA+C;QAC/C,MAAM,WAAW,GAAG,MAAM,GAAG,CAAC,IAAI,CAChC,IAAI,2BAAY,CAAC;YACf,SAAS,EAAE,SAAS;YACpB,sBAAsB,EAAE,uBAAuB;YAC/C,yBAAyB,EAAE;gBACzB,KAAK,EAAE,aAAa,QAAQ,EAAE;gBAC9B,KAAK,EAAE,MAAM;aACd;YACD,KAAK,EAAE,CAAC;SACT,CAAC,CACH,CAAC;QAEF,IAAI,CAAC,WAAW,CAAC,KAAK,IAAI,WAAW,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzD,4DAA4D;YAC5D,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAC3D,IAAI,CAAC;gBACH,sBAAsB,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;YACrD,CAAC;YAAC,MAAM,CAAC;gBACP,8CAA8C;YAChD,CAAC;YACD,MAAM,IAAI,SAAS,CAAC,oBAAoB,EAAE,GAAG,CAAC,CAAC;QACjD,CAAC;QAED,iCAAiC;QACjC,gBAAgB,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,kBAAkB,CAAW,CAAC;QAEtE,oCAAoC;QACpC,MAAM,cAAc,GAAG,MAAM,GAAG,CAAC,IAAI,CACnC,IAAI,2BAAY,CAAC;YACf,SAAS,EAAE,SAAS;YACpB,sBAAsB,EAAE,uBAAuB;YAC/C,yBAAyB,EAAE;gBACzB,KAAK,EAAE,UAAU,gBAAgB,EAAE;gBACnC,KAAK,EAAE,MAAM;aACd;YACD,KAAK,EAAE,CAAC;SACT,CAAC,CACH,CAAC;QAEF,IAAI,CAAC,cAAc,CAAC,KAAK,IAAI,cAAc,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC/D,MAAM,IAAI,SAAS,CAAC,oBAAoB,EAAE,GAAG,CAAC,CAAC;QACjD,CAAC;QAED,MAAM,cAAc,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC/C,MAAM,KAAK,GAAG,cAAc,CAAC,cAAc,CAAuB,CAAC;QACnE,IAAI,CAAC,KAAK,IAAI,cAAc,CAAC,eAAe,CAAC,KAAK,kBAAkB,EAAE,CAAC;YACrE,MAAM,IAAI,SAAS,CAAC,oBAAoB,EAAE,GAAG,CAAC,CAAC;QACjD,CAAC;QACD,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACxC,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC3C,IAAI,WAAW,CAAC,MAAM,KAAK,YAAY,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,WAAW,EAAE,YAAY,CAAC,EAAE,CAAC;YACrG,MAAM,IAAI,SAAS,CAAC,qBAAqB,EAAE,GAAG,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC/B,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAW,CAAC,CAAC;QAC7D,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC3C,IAAI,SAAS,CAAC,MAAM,KAAK,WAAW,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,SAAS,EAAE,WAAW,CAAC,EAAE,CAAC;YAC/F,oFAAoF;YACpF,MAAM,KAAK,GAAG,MAAM,CAAC,cAAc,CAAuB,CAAC;YAC3D,IAAI,CAAC,KAAK,IAAI,MAAM,CAAC,eAAe,CAAC,KAAK,kBAAkB,EAAE,CAAC;gBAC7D,MAAM,IAAI,SAAS,CAAC,qBAAqB,EAAE,GAAG,CAAC,CAAC;YAClD,CAAC;YACD,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACxC,IAAI,WAAW,CAAC,MAAM,KAAK,YAAY,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,WAAW,EAAE,YAAY,CAAC,EAAE,CAAC;gBACrG,MAAM,IAAI,SAAS,CAAC,qBAAqB,EAAE,GAAG,CAAC,CAAC;YAClD,CAAC;QACH,CAAC;IACH,CAAC;IAED,4EAA4E;IAC5E,MAAM,eAAe,GAAG,oBAAoB,CAC1C,KAAK,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,EAChC,KAAK,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,EAC9B,MAAM,CAAC,SAAS,EAChB,MAAM,CAAC,QAAQ,EACf,KAAK,CAAC,IAAI,CACX,CAAC;IAEF,MAAM,KAAK,GAAG,sBAAsB,CAClC,SAAS,EACT,eAAe,EACf,MAAM,CAAC,SAAS,CACjB,CAAC;IAEF,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,kBAAM,CAAC,IAAI,CAAC,+BAA+B,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC3D,MAAM,IAAI,SAAS,CAAC,mBAAmB,EAAE,GAAG,CAAC,CAAC;IAChD,CAAC;IAED,6EAA6E;IAC7E,IAAI,MAAM,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;QACxB,MAAM,aAAa,CAAC,GAAG,EAAE,SAAS,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;IACtF,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,gBAAgB,EAAE,SAAS,EAAE,WAAW,EAAE,CAAC;AAChE,CAAC;AAED;;;GAGG;AACH,SAAS,gBAAgB,CAAC,OAA+B;IACvD,oBAAoB;IACpB,MAAM,YAAY,GAAG,OAAO,CAAC,qBAAqB,CAAC,IAAI,OAAO,CAAC,qBAAqB,CAAC,CAAC;IACtF,IAAI,YAAY;QAAE,OAAO,YAAY,CAAC;IAEtC,yDAAyD;IACzD,MAAM,UAAU,GAAG,OAAO,CAAC,eAAe,CAAC,IAAI,OAAO,CAAC,eAAe,CAAC,CAAC;IACxE,IAAI,UAAU,EAAE,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;QAC3C,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;QACvD,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YACtC,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YAClC,IAAI,OAAO,KAAK,CAAC,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;gBAC1D,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC;YACjC,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,IAAI,SAAS,CAAC,uCAAuC,EAAE,GAAG,CAAC,CAAC;AACpE,CAAC"}
|
|
1
|
+
{"version":3,"file":"ssh-auth.js","sourceRoot":"","sources":["../../../../lib/handler/middleware/ssh-auth.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAqCA,4CA4BC;AA8BD,4DAEC;AAED,0CAWC;AAED,oDAWC;AAQD,sCA2CC;AAiHD,gDAkBC;AAUD,kDAsIC;AAjcD,+CAAiC;AACjC,wDAA4F;AAC5F,4CAAsC;AAQtC,MAAa,SAAU,SAAQ,KAAK;IAGhB;IAFlB,YACE,OAAe,EACC,UAAkB;QAElC,KAAK,CAAC,OAAO,CAAC,CAAC;QAFC,eAAU,GAAV,UAAU,CAAQ;QAGlC,IAAI,CAAC,IAAI,GAAG,WAAW,CAAC;IAC1B,CAAC;CACF;AARD,8BAQC;AAQD,uFAAuF;AACvF,MAAM,sBAAsB,GAAG,EAAE,GAAG,IAAI,CAAC;AAEzC;;;;;;;GAOG;AACH,SAAgB,gBAAgB,CAAC,OAA+B;IAC9D,MAAM,UAAU,GAAG,OAAO,CAAC,eAAe,CAAC,IAAI,OAAO,CAAC,eAAe,CAAC,CAAC;IACxE,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,IAAI,SAAS,CAAC,8BAA8B,EAAE,GAAG,CAAC,CAAC;IAC3D,CAAC;IAED,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;QAC7C,yCAAyC;QACzC,IAAI,UAAU,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;YAC1C,OAAO,qBAAqB,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QACpD,CAAC;QACD,MAAM,IAAI,SAAS,CAAC,8BAA8B,EAAE,GAAG,CAAC,CAAC;IAC3D,CAAC;IAED,MAAM,SAAS,GAAG,UAAU,CAAC,KAAK,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;IAC5D,MAAM,SAAS,GAAG,OAAO,CAAC,qBAAqB,CAAC,IAAI,OAAO,CAAC,qBAAqB,CAAC,CAAC;IACnF,MAAM,WAAW,GAAG,OAAO,CAAC,oBAAoB,CAAC,IAAI,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAEnF,IAAI,CAAC,SAAS,IAAI,CAAC,SAAS,EAAE,CAAC;QAC7B,MAAM,IAAI,SAAS,CAAC,gDAAgD,EAAE,GAAG,CAAC,CAAC;IAC7E,CAAC;IAED,MAAM,QAAQ,GAAG,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7D,IAAI,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC;QACpB,MAAM,IAAI,SAAS,CAAC,yBAAyB,EAAE,GAAG,CAAC,CAAC;IACtD,CAAC;IAED,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;AAC5C,CAAC;AAED,mEAAmE;AACnE,SAAS,qBAAqB,CAC5B,MAAc,EACd,OAA+B;IAE/B,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;IACnD,MAAM,MAAM,GAA2B,EAAE,CAAC;IAE1C,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACtC,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAClC,IAAI,OAAO,KAAK,CAAC,CAAC;YAAE,SAAS;QAC7B,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC;IAC3D,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;QACpC,MAAM,IAAI,SAAS,CAAC,uCAAuC,EAAE,GAAG,CAAC,CAAC;IACpE,CAAC;IAED,MAAM,WAAW,GAAG,OAAO,CAAC,oBAAoB,CAAC,IAAI,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAEnF,OAAO;QACL,SAAS,EAAE,MAAM,CAAC,KAAK,CAAC;QACxB,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC;QACvB,QAAQ,EAAE,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;KACtD,CAAC;AACJ,CAAC;AAED,uEAAuE;AACvE,SAAgB,wBAAwB,CAAC,eAAuB;IAC9D,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;AACrG,CAAC;AAED,SAAgB,eAAe,CAAC,SAAiB;IAC/C,MAAM,WAAW,GAAG,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAC;IAClD,IAAI,KAAK,CAAC,WAAW,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,SAAS,CAAC,0BAA0B,EAAE,GAAG,CAAC,CAAC;IACvD,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,WAAW,CAAC,CAAC;IACzC,IAAI,IAAI,GAAG,sBAAsB,EAAE,CAAC;QAClC,MAAM,IAAI,SAAS,CAAC,2BAA2B,EAAE,GAAG,CAAC,CAAC;IACxD,CAAC;AACH,CAAC;AAED,SAAgB,oBAAoB,CAClC,MAAc,EACd,IAAY,EACZ,SAAiB,EACjB,QAAgB,EAChB,IAAoB;IAEpB,MAAM,QAAQ,GAAG,IAAI;QACnB,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;QACxD,CAAC,CAAC,EAAE,CAAC;IACP,OAAO,iBAAiB,MAAM,IAAI,IAAI,KAAK,SAAS,KAAK,QAAQ,KAAK,QAAQ,EAAE,CAAC;AACnF,CAAC;AAED;;;;;GAKG;AACI,KAAK,UAAU,aAAa,CACjC,GAA2B,EAC3B,SAAiB,EACjB,QAAgB,EAChB,WAAmB,EACnB,QAAgB;IAEhB,IAAI,QAAQ,IAAI,CAAC,EAAE,CAAC;QAClB,MAAM,IAAI,SAAS,CAAC,kCAAkC,EAAE,GAAG,CAAC,CAAC;IAC/D,CAAC;IAED,IAAI,CAAC;QACH,MAAM,GAAG,CAAC,IAAI,CACZ,IAAI,4BAAa,CAAC;YAChB,SAAS,EAAE,SAAS;YACpB,GAAG,EAAE;gBACH,EAAE,EAAE,UAAU,QAAQ,EAAE;gBACxB,EAAE,EAAE,YAAY,WAAW,EAAE;aAC9B;YACD,gBAAgB,EAAE,uBAAuB;YACzC,mBAAmB,EACjB,uDAAuD;YACzD,yBAAyB,EAAE;gBACzB,MAAM,EAAE,QAAQ;aACjB;SACF,CAAC,CACH,CAAC;IACJ,CAAC;IAAC,OAAO,KAAc,EAAE,CAAC;QACxB,IACE,KAAK;YACL,OAAO,KAAK,KAAK,QAAQ;YACzB,MAAM,IAAI,KAAK;YACf,KAAK,CAAC,IAAI,KAAK,iCAAiC,EAChD,CAAC;YACD,kBAAM,CAAC,IAAI,CAAC,+CAA+C,EAAE;gBAC3D,QAAQ;gBACR,WAAW;gBACX,QAAQ;aACT,CAAC,CAAC;YACH,MAAM,IAAI,SAAS,CAAC,+CAA+C,EAAE,GAAG,CAAC,CAAC;QAC5E,CAAC;QACD,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,GAAW,EAAE,MAAc;IAChD,MAAM,GAAG,GAAG,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;IACrC,OAAO,EAAE,IAAI,EAAE,GAAG,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,MAAM,GAAG,CAAC,GAAG,GAAG,CAAC,EAAE,IAAI,EAAE,MAAM,GAAG,CAAC,GAAG,GAAG,EAAE,CAAC;AACtF,CAAC;AAED,uCAAuC;AAEvC,SAAS,SAAS,CAAC,MAAc;IAC/B,IAAI,MAAM,GAAG,GAAG;QAAE,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;IAC/C,IAAI,MAAM,GAAG,GAAG;QAAE,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC;IACrD,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC5B,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;IACd,GAAG,CAAC,aAAa,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IAC7B,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,OAAO,CAAC,GAAW,EAAE,OAAe;IAC3C,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,SAAS,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC;AACjF,CAAC;AAED,SAAS,WAAW,CAAC,GAAG,KAAe;IACrC,OAAO,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;AAC7C,CAAC;AAED,SAAS,UAAU,CAAC,IAAY;IAC9B,gEAAgE;IAChE,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,OAAO,KAAK,GAAG,IAAI,CAAC,MAAM,GAAG,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC,EAAE,CAAC;QACjF,KAAK,EAAE,CAAC;IACV,CAAC;IACD,IAAI,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC/B,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,EAAE,CAAC;QAClB,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;IAClD,CAAC;IACD,OAAO,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;AAC5B,CAAC;AAED,SAAS,YAAY,CAAC,IAAY;IAChC,OAAO,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;AACnE,CAAC;AAED,SAAS,MAAM,CAAC,OAAe;IAC7B,OAAO,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;AAChC,CAAC;AAED,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC;AAE3C;;;GAGG;AACH,SAAS,0BAA0B,CAAC,eAAuB;IACzD,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC;IACpD,MAAM,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,aAAa,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IAClE,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAE/C,IAAI,OAAO,KAAK,aAAa,EAAE,CAAC;QAC9B,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QACnD,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC;YACzB,MAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE,KAAK,CAAC;YAC9C,MAAM;SACP,CAAC,CAAC;QACH,OAAO,MAAM,CAAC,eAAe,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;IAC5E,CAAC;IAED,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;QAC1B,MAAM,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QAC1D,MAAM,EAAE,IAAI,EAAE,CAAC,EAAE,GAAG,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QAC9C,2CAA2C;QAC3C,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,oBAAoB,EAAE,KAAK,CAAC,CAAC,CAAC;QAChE,MAAM,WAAW,GAAG,WAAW,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAClD,MAAM,YAAY,GAAG,WAAW,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;QAC/D,OAAO,MAAM,CAAC,eAAe,CAAC;YAC5B,GAAG,EAAE,WAAW,CAAC,WAAW,EAAE,YAAY,CAAC,YAAY,CAAC,CAAC;YACzD,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,MAAM;SACb,CAAC,CAAC;IACL,CAAC;IAED,IAAI,OAAO,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;QACtC,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QACvE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QAClD,MAAM,KAAK,GAAG,cAAc,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAC/C,MAAM,SAAS,GAA2B;YACxC,UAAU,EAAE,kBAAkB,EAAI,sBAAsB;YACxD,UAAU,EAAE,YAAY,EAAW,eAAe;YAClD,UAAU,EAAE,YAAY,EAAW,eAAe;SACnD,CAAC;QACF,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;QAChC,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,KAAK,EAAE,CAAC,CAAC;QAClE,sCAAsC;QACtC,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,gBAAgB,EAAE,KAAK,CAAC,CAAC,CAAC;QAC3D,MAAM,WAAW,GAAG,WAAW,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC;QAC3E,OAAO,MAAM,CAAC,eAAe,CAAC;YAC5B,GAAG,EAAE,WAAW,CAAC,WAAW,EAAE,YAAY,CAAC,KAAK,CAAC,CAAC;YAClD,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,MAAM;SACb,CAAC,CAAC;IACL,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,6BAA6B,OAAO,EAAE,CAAC,CAAC;AAC1D,CAAC;AAED;;;;GAIG;AACH,SAAgB,kBAAkB,CAChC,eAAuB,EACvB,eAAuB,EACvB,eAAuB;IAEvB,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,0BAA0B,CAAC,eAAe,CAAC,CAAC;QAC9D,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC;QAC/D,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAC1C,+DAA+D;QAC/D,MAAM,SAAS,GACb,SAAS,CAAC,iBAAiB,KAAK,SAAS,IAAI,SAAS,CAAC,iBAAiB,KAAK,OAAO;YAClF,CAAC,CAAC,IAAI;YACN,CAAC,CAAC,QAAQ,CAAC;QACf,OAAO,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE,eAAe,CAAC,CAAC;IACpE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,kDAAkD;AACrC,QAAA,sBAAsB,GAAG,kBAAkB,CAAC;AAEzD,SAAS,qBAAqB,CAAC,eAAuB;IACpD,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC/E,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAC3B,CAAC;AAEM,KAAK,UAAU,mBAAmB,CACvC,KAIC,EACD,GAA2B,EAC3B,SAAiB;IAEjB,MAAM,MAAM,GAAG,gBAAgB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC/C,eAAe,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAElC,yDAAyD;IACzD,6FAA6F;IAC7F,gEAAgE;IAChE,MAAM,SAAS,GAAG,gBAAgB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAClD,MAAM,QAAQ,GAAG,qBAAqB,CAAC,SAAS,CAAC,CAAC;IAClD,MAAM,WAAW,GAAG,wBAAwB,CAAC,SAAS,CAAC,CAAC;IAExD,gDAAgD;IAChD,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,IAAI,CAC3B,IAAI,2BAAY,CAAC;QACf,SAAS,EAAE,SAAS;QACpB,sBAAsB,EAAE,uBAAuB;QAC/C,yBAAyB,EAAE;YACzB,KAAK,EAAE,UAAU,QAAQ,EAAE;YAC3B,KAAK,EAAE,MAAM;SACd;QACD,KAAK,EAAE,CAAC;KACT,CAAC,CACH,CAAC;IAEF,IAAI,gBAAgB,GAAG,QAAQ,CAAC;IAEhC,IAAI,CAAC,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/C,+EAA+E;QAC/E,mFAAmF;QACnF,+CAA+C;QAC/C,MAAM,WAAW,GAAG,MAAM,GAAG,CAAC,IAAI,CAChC,IAAI,2BAAY,CAAC;YACf,SAAS,EAAE,SAAS;YACpB,sBAAsB,EAAE,uBAAuB;YAC/C,yBAAyB,EAAE;gBACzB,KAAK,EAAE,aAAa,QAAQ,EAAE;gBAC9B,KAAK,EAAE,MAAM;aACd;YACD,KAAK,EAAE,CAAC;SACT,CAAC,CACH,CAAC;QAEF,IAAI,CAAC,WAAW,CAAC,KAAK,IAAI,WAAW,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzD,4DAA4D;YAC5D,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAC3D,IAAI,CAAC;gBACH,kBAAkB,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;YACjD,CAAC;YAAC,MAAM,CAAC;gBACP,8CAA8C;YAChD,CAAC;YACD,MAAM,IAAI,SAAS,CAAC,oBAAoB,EAAE,GAAG,CAAC,CAAC;QACjD,CAAC;QAED,iCAAiC;QACjC,gBAAgB,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,kBAAkB,CAAW,CAAC;QAEtE,oCAAoC;QACpC,MAAM,cAAc,GAAG,MAAM,GAAG,CAAC,IAAI,CACnC,IAAI,2BAAY,CAAC;YACf,SAAS,EAAE,SAAS;YACpB,sBAAsB,EAAE,uBAAuB;YAC/C,yBAAyB,EAAE;gBACzB,KAAK,EAAE,UAAU,gBAAgB,EAAE;gBACnC,KAAK,EAAE,MAAM;aACd;YACD,KAAK,EAAE,CAAC;SACT,CAAC,CACH,CAAC;QAEF,IAAI,CAAC,cAAc,CAAC,KAAK,IAAI,cAAc,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC/D,MAAM,IAAI,SAAS,CAAC,oBAAoB,EAAE,GAAG,CAAC,CAAC;QACjD,CAAC;QAED,MAAM,cAAc,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC/C,MAAM,KAAK,GAAG,cAAc,CAAC,cAAc,CAAuB,CAAC;QACnE,IAAI,CAAC,KAAK,IAAI,cAAc,CAAC,eAAe,CAAC,KAAK,kBAAkB,EAAE,CAAC;YACrE,MAAM,IAAI,SAAS,CAAC,oBAAoB,EAAE,GAAG,CAAC,CAAC;QACjD,CAAC;QACD,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACxC,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC3C,IAAI,WAAW,CAAC,MAAM,KAAK,YAAY,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,WAAW,EAAE,YAAY,CAAC,EAAE,CAAC;YACrG,MAAM,IAAI,SAAS,CAAC,qBAAqB,EAAE,GAAG,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC/B,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAW,CAAC,CAAC;QAC7D,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC3C,IAAI,SAAS,CAAC,MAAM,KAAK,WAAW,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,SAAS,EAAE,WAAW,CAAC,EAAE,CAAC;YAC/F,oFAAoF;YACpF,MAAM,KAAK,GAAG,MAAM,CAAC,cAAc,CAAuB,CAAC;YAC3D,IAAI,CAAC,KAAK,IAAI,MAAM,CAAC,eAAe,CAAC,KAAK,kBAAkB,EAAE,CAAC;gBAC7D,MAAM,IAAI,SAAS,CAAC,qBAAqB,EAAE,GAAG,CAAC,CAAC;YAClD,CAAC;YACD,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACxC,IAAI,WAAW,CAAC,MAAM,KAAK,YAAY,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,WAAW,EAAE,YAAY,CAAC,EAAE,CAAC;gBACrG,MAAM,IAAI,SAAS,CAAC,qBAAqB,EAAE,GAAG,CAAC,CAAC;YAClD,CAAC;QACH,CAAC;IACH,CAAC;IAED,4EAA4E;IAC5E,MAAM,eAAe,GAAG,oBAAoB,CAC1C,KAAK,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,EAChC,KAAK,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,EAC9B,MAAM,CAAC,SAAS,EAChB,MAAM,CAAC,QAAQ,EACf,KAAK,CAAC,IAAI,CACX,CAAC;IAEF,MAAM,KAAK,GAAG,kBAAkB,CAC9B,SAAS,EACT,eAAe,EACf,MAAM,CAAC,SAAS,CACjB,CAAC;IAEF,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,kBAAM,CAAC,IAAI,CAAC,+BAA+B,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC3D,MAAM,IAAI,SAAS,CAAC,mBAAmB,EAAE,GAAG,CAAC,CAAC;IAChD,CAAC;IAED,6EAA6E;IAC7E,IAAI,MAAM,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;QACxB,MAAM,aAAa,CAAC,GAAG,EAAE,SAAS,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;IACtF,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,gBAAgB,EAAE,SAAS,EAAE,WAAW,EAAE,CAAC;AAChE,CAAC;AAED;;;GAGG;AACH,SAAS,gBAAgB,CAAC,OAA+B;IACvD,oBAAoB;IACpB,MAAM,YAAY,GAAG,OAAO,CAAC,qBAAqB,CAAC,IAAI,OAAO,CAAC,qBAAqB,CAAC,CAAC;IACtF,IAAI,YAAY;QAAE,OAAO,YAAY,CAAC;IAEtC,yDAAyD;IACzD,MAAM,UAAU,GAAG,OAAO,CAAC,eAAe,CAAC,IAAI,OAAO,CAAC,eAAe,CAAC,CAAC;IACxE,IAAI,UAAU,EAAE,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;QAC3C,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;QACvD,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YACtC,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YAClC,IAAI,OAAO,KAAK,CAAC,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;gBAC1D,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC;YACjC,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,IAAI,SAAS,CAAC,uCAAuC,EAAE,GAAG,CAAC,CAAC;AACpE,CAAC"}
|
|
@@ -174,33 +174,140 @@ export async function checkSequence(
|
|
|
174
174
|
}
|
|
175
175
|
}
|
|
176
176
|
|
|
177
|
-
|
|
177
|
+
/**
|
|
178
|
+
* Read an SSH wire-format string (uint32 length + bytes) from a buffer.
|
|
179
|
+
*/
|
|
180
|
+
function readSSHString(buf: Buffer, offset: number): { data: Buffer; next: number } {
|
|
181
|
+
const len = buf.readUInt32BE(offset);
|
|
182
|
+
return { data: buf.subarray(offset + 4, offset + 4 + len), next: offset + 4 + len };
|
|
183
|
+
}
|
|
184
|
+
|
|
185
|
+
// --- DER / ASN.1 encoding helpers ---
|
|
186
|
+
|
|
187
|
+
function derLength(length: number): Buffer {
|
|
188
|
+
if (length < 128) return Buffer.from([length]);
|
|
189
|
+
if (length < 256) return Buffer.from([0x81, length]);
|
|
190
|
+
const buf = Buffer.alloc(3);
|
|
191
|
+
buf[0] = 0x82;
|
|
192
|
+
buf.writeUInt16BE(length, 1);
|
|
193
|
+
return buf;
|
|
194
|
+
}
|
|
195
|
+
|
|
196
|
+
function derWrap(tag: number, content: Buffer): Buffer {
|
|
197
|
+
return Buffer.concat([Buffer.from([tag]), derLength(content.length), content]);
|
|
198
|
+
}
|
|
199
|
+
|
|
200
|
+
function derSequence(...items: Buffer[]): Buffer {
|
|
201
|
+
return derWrap(0x30, Buffer.concat(items));
|
|
202
|
+
}
|
|
203
|
+
|
|
204
|
+
function derInteger(data: Buffer): Buffer {
|
|
205
|
+
// Strip leading zeros, but keep padding zero if high bit is set
|
|
206
|
+
let start = 0;
|
|
207
|
+
while (start < data.length - 1 && data[start] === 0 && !(data[start + 1] & 0x80)) {
|
|
208
|
+
start++;
|
|
209
|
+
}
|
|
210
|
+
let buf = data.subarray(start);
|
|
211
|
+
if (buf[0] & 0x80) {
|
|
212
|
+
buf = Buffer.concat([Buffer.from([0x00]), buf]);
|
|
213
|
+
}
|
|
214
|
+
return derWrap(0x02, buf);
|
|
215
|
+
}
|
|
216
|
+
|
|
217
|
+
function derBitString(data: Buffer): Buffer {
|
|
218
|
+
return derWrap(0x03, Buffer.concat([Buffer.from([0x00]), data]));
|
|
219
|
+
}
|
|
220
|
+
|
|
221
|
+
function derOid(encoded: Buffer): Buffer {
|
|
222
|
+
return derWrap(0x06, encoded);
|
|
223
|
+
}
|
|
224
|
+
|
|
225
|
+
const DER_NULL = Buffer.from([0x05, 0x00]);
|
|
226
|
+
|
|
227
|
+
/**
|
|
228
|
+
* Build a crypto.KeyObject from an SSH public key blob (base64-encoded wire format).
|
|
229
|
+
* Supports ssh-ed25519, ssh-rsa, and ecdsa-sha2-nistp{256,384,521}.
|
|
230
|
+
*/
|
|
231
|
+
function createPublicKeyFromSSHBlob(publicKeyBase64: string): crypto.KeyObject {
|
|
232
|
+
const blob = Buffer.from(publicKeyBase64, 'base64');
|
|
233
|
+
const { data: keyTypeBytes, next: off1 } = readSSHString(blob, 0);
|
|
234
|
+
const keyType = keyTypeBytes.toString('utf-8');
|
|
235
|
+
|
|
236
|
+
if (keyType === 'ssh-ed25519') {
|
|
237
|
+
const { data: rawKey } = readSSHString(blob, off1);
|
|
238
|
+
const spki = Buffer.concat([
|
|
239
|
+
Buffer.from('302a300506032b6570032100', 'hex'),
|
|
240
|
+
rawKey,
|
|
241
|
+
]);
|
|
242
|
+
return crypto.createPublicKey({ key: spki, format: 'der', type: 'spki' });
|
|
243
|
+
}
|
|
244
|
+
|
|
245
|
+
if (keyType === 'ssh-rsa') {
|
|
246
|
+
const { data: e, next: off2 } = readSSHString(blob, off1);
|
|
247
|
+
const { data: n } = readSSHString(blob, off2);
|
|
248
|
+
// OID 1.2.840.113549.1.1.1 (rsaEncryption)
|
|
249
|
+
const rsaOid = derOid(Buffer.from('2a864886f70d010101', 'hex'));
|
|
250
|
+
const algorithmId = derSequence(rsaOid, DER_NULL);
|
|
251
|
+
const rsaPublicKey = derSequence(derInteger(n), derInteger(e));
|
|
252
|
+
return crypto.createPublicKey({
|
|
253
|
+
key: derSequence(algorithmId, derBitString(rsaPublicKey)),
|
|
254
|
+
format: 'der',
|
|
255
|
+
type: 'spki',
|
|
256
|
+
});
|
|
257
|
+
}
|
|
258
|
+
|
|
259
|
+
if (keyType.startsWith('ecdsa-sha2-')) {
|
|
260
|
+
const { data: curveNameBytes, next: off2 } = readSSHString(blob, off1);
|
|
261
|
+
const { data: point } = readSSHString(blob, off2);
|
|
262
|
+
const curve = curveNameBytes.toString('utf-8');
|
|
263
|
+
const curveOids: Record<string, string> = {
|
|
264
|
+
'nistp256': '2a8648ce3d030107', // 1.2.840.10045.3.1.7
|
|
265
|
+
'nistp384': '2b81040022', // 1.3.132.0.34
|
|
266
|
+
'nistp521': '2b81040023', // 1.3.132.0.35
|
|
267
|
+
};
|
|
268
|
+
const oidHex = curveOids[curve];
|
|
269
|
+
if (!oidHex) throw new Error(`Unsupported ECDSA curve: ${curve}`);
|
|
270
|
+
// OID 1.2.840.10045.2.1 (ecPublicKey)
|
|
271
|
+
const ecOid = derOid(Buffer.from('2a8648ce3d0201', 'hex'));
|
|
272
|
+
const algorithmId = derSequence(ecOid, derOid(Buffer.from(oidHex, 'hex')));
|
|
273
|
+
return crypto.createPublicKey({
|
|
274
|
+
key: derSequence(algorithmId, derBitString(point)),
|
|
275
|
+
format: 'der',
|
|
276
|
+
type: 'spki',
|
|
277
|
+
});
|
|
278
|
+
}
|
|
279
|
+
|
|
280
|
+
throw new Error(`Unsupported SSH key type: ${keyType}`);
|
|
281
|
+
}
|
|
282
|
+
|
|
283
|
+
/**
|
|
284
|
+
* Verify an SSH signature against a canonical string.
|
|
285
|
+
* The public key is the base64-encoded SSH wire-format blob from the request header.
|
|
286
|
+
* Supports Ed25519, RSA (PKCS#1 v1.5 SHA-256), and ECDSA (SHA-256).
|
|
287
|
+
*/
|
|
288
|
+
export function verifySSHSignature(
|
|
178
289
|
publicKeyBase64: string,
|
|
179
290
|
canonicalString: string,
|
|
180
291
|
signatureBase64: string,
|
|
181
292
|
): boolean {
|
|
182
293
|
try {
|
|
183
|
-
const
|
|
294
|
+
const keyObject = createPublicKeyFromSSHBlob(publicKeyBase64);
|
|
184
295
|
const signatureBuffer = Buffer.from(signatureBase64, 'base64');
|
|
185
296
|
const data = Buffer.from(canonicalString);
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
|
|
192
|
-
publicKeyBuffer,
|
|
193
|
-
]),
|
|
194
|
-
format: 'der',
|
|
195
|
-
type: 'spki',
|
|
196
|
-
});
|
|
197
|
-
|
|
198
|
-
return crypto.verify(null, data, keyObject, signatureBuffer);
|
|
297
|
+
// Ed25519/Ed448 infer the algorithm; RSA and ECDSA use SHA-256
|
|
298
|
+
const algorithm =
|
|
299
|
+
keyObject.asymmetricKeyType === 'ed25519' || keyObject.asymmetricKeyType === 'ed448'
|
|
300
|
+
? null
|
|
301
|
+
: 'sha256';
|
|
302
|
+
return crypto.verify(algorithm, data, keyObject, signatureBuffer);
|
|
199
303
|
} catch {
|
|
200
304
|
return false;
|
|
201
305
|
}
|
|
202
306
|
}
|
|
203
307
|
|
|
308
|
+
/** @deprecated Use verifySSHSignature instead. */
|
|
309
|
+
export const verifyEd25519Signature = verifySSHSignature;
|
|
310
|
+
|
|
204
311
|
function tenantIdFromPublicKey(publicKeyBase64: string): string {
|
|
205
312
|
const hash = crypto.createHash('sha256').update(publicKeyBase64).digest('hex');
|
|
206
313
|
return hash.slice(0, 32);
|
|
@@ -260,7 +367,7 @@ export async function authenticateRequest(
|
|
|
260
367
|
// Perform a dummy signature verification to equalize timing
|
|
261
368
|
const dummyKey = Buffer.alloc(32, 0x01).toString('base64');
|
|
262
369
|
try {
|
|
263
|
-
|
|
370
|
+
verifySSHSignature(dummyKey, 'dummy', 'dummy');
|
|
264
371
|
} catch {
|
|
265
372
|
// Expected to fail — timing equalization only
|
|
266
373
|
}
|
|
@@ -323,7 +430,7 @@ export async function authenticateRequest(
|
|
|
323
430
|
event.body,
|
|
324
431
|
);
|
|
325
432
|
|
|
326
|
-
const valid =
|
|
433
|
+
const valid = verifySSHSignature(
|
|
327
434
|
publicKey,
|
|
328
435
|
canonicalString,
|
|
329
436
|
parsed.signature,
|