Class: Cryptorecord::Sshfp

Inherits:

Object

Object
Cryptorecord::Sshfp

show all

Defined in:: lib/cryptorecord/sshfp.rb

Overview

Cryptorecord::Sshfp-class generates sshfp-dns-records. The ssh-host-keys are read from files

Instance Attribute Summary collapse

#cipher ⇒ Integer

The cipher.
#digest ⇒ Integer

Sha1 = 1, sha256 = 2.
#host ⇒ String

The fqdn-host.
#key ⇒ String readonly

The ssh-host-key, without the type and comment.
#rectype ⇒ String readonly

“SSHFP”.

Instance Method Summary collapse

#fingerprint ⇒ String

this function creates a Hash-String.
#initialize(args = {}) ⇒ Sshfp constructor

This constructor initializes cipher, key, digest, host and keyfile If keyfile was provided, the key will automatically read from file.
#left ⇒ String

This method returns the left-hand name of a dns-record.
#read_file(keyfile) ⇒ Object

This function reads in the key from file and initializes the cipher- and key-variable.
#right ⇒ String

This method returns the right-hand content of a dns-record.
#to_s ⇒ String

This method concats the sshfp-record.

Constructor Details

#initialize(args = {}) ⇒ `Sshfp`

This constructor initializes cipher, key, digest, host and keyfile If keyfile was provided, the key will automatically read from file

Parameters:

args (Hash) (defaults to: {}) —

the options to initialize the object with

Options Hash (args):

digest (Integer) —

sha1 = 1, sha256 = 2
host (String) —

fqdn of the host
keyfile (String) —

path to the keyfile

# File 'lib/cryptorecord/sshfp.rb', line 51

def initialize(args = {})
  @cipher = nil
  @key = nil
  self.digest = args.fetch(:digest, 2)
  @host = args.fetch(:host, 'localhost')
  keyfile = args.fetch(:keyfile, nil)
  @rectype = 'SSHFP'
  read_file(keyfile) unless keyfile.nil?
end

Instance Attribute Details

#cipher ⇒ `Integer`

Returns the cipher. ssh-rsa = 1, ssh-dss = 2, ecdsa = 3 and ed25519 = 4.

Returns:

(Integer) —

the cipher. ssh-rsa = 1, ssh-dss = 2, ecdsa = 3 and ed25519 = 4

# File 'lib/cryptorecord/sshfp.rb', line 40

class Sshfp
  attr_reader :cipher, :digest, :key, :rectype
  attr_accessor :host

  # This constructor initializes cipher, key, digest, host and keyfile
  # If keyfile was provided, the key will automatically read from file
  #
  # @param [Hash] args the options to initialize the object with
  # @option args [Integer] digest sha1 = 1, sha256 = 2
  # @option args [String] host fqdn of the host
  # @option args [String] keyfile path to the keyfile
  def initialize(args = {})
    @cipher = nil
    @key = nil
    self.digest = args.fetch(:digest, 2)
    @host = args.fetch(:host, 'localhost')
    keyfile = args.fetch(:keyfile, nil)
    @rectype = 'SSHFP'
    read_file(keyfile) unless keyfile.nil?
  end

  # This setter initializes cipher
  #
  # @param [Integer] val the key-cipher.
  # ssh-rsa = 1, ssh-dss = 2, ecdsa = 3 and ed25519 = 4
  # @raise Cryptorecord::ArgumentError
  def cipher=(val)
    if val.to_i < 1 || val.to_i > 4
      raise ArgumentError, 'Invalid cipher. Has to be 0,1,2,3 or 4'
    end

    @cipher = val
  end

  # This setter initializes the hash-algo
  #
  # @param [Integer] val digest. sha1 = 1, sha256 = 2
  # @raise Cryptorecord::ArgumentError
  def digest=(val)
    unless val.to_i == 1 || val.to_i == 2
      raise ArgumentError, 'Invalid digest. Has to be 1 or 2'
    end
    @digest = val
  end

  # This function reads in the key from file and
  # initializes the cipher- and key-variable
  # @param [String] keyfile path to the ssh-hostkey-file
  # @raise Cryptorecord::ArgumentError
  def read_file(keyfile)
    raise ArgumentError, 'No hostkey-file defined' if keyfile.nil?

    data = File.read(keyfile)
    (type, @key) = data.split(' ')
    cipher_by_type(type)
  end

  # this function creates a Hash-String
  #
  # @return [String] Hash-string of the key
  # @raise Cryptorecord::KeyError
  def fingerprint
    raise Cryptorecord::KeyError, 'No certificate defined' if @key.nil?

    case @digest.to_i
    when 1
      return OpenSSL::Digest::SHA1.new(Base64.strict_decode64(@key)).to_s
    when 2
      return OpenSSL::Digest::SHA256.new(Base64.strict_decode64(@key)).to_s
    end
  end

  # This method returns the left-hand name of a dns-record
  # @return [String] left-hand name of a dns-record
  def left
    "#{@host}."
  end

  # This method returns the right-hand content of a dns-record
  # @return [String] right-hand content of a dns-record
  def right
    "#{@cipher} #{@digest} #{fingerprint}"
  end

  # This method concats the sshfp-record
  #
  # @return [String] sshfp dns-record as defined in rfc4255
  # @raise Cryptorecord::KeyError
  def to_s
    raise Cryptorecord::KeyError, 'No certificate defined' if @key.nil?
    "#{left} IN #{@rectype} #{right}"
  end

  private

  # This helper-function selects the cipher using the given
  # type
  #
  # @param [String] type ssh-rsa = 1, ssh-dss = 2,
  # ecdsa-sha2-nistp256 = 3, ssh-ed25519 = 4
  # @raise Cryptorecord::CipherError
  # @return [Integer] integer value of the cipher
  def cipher_by_type(type)
    case type
    when 'ssh-rsa'
      self.cipher = 1
    when 'ssh-dss'
      self.cipher = 2
    when 'ecdsa-sha2-nistp256'
      self.cipher = 3
    when 'ssh-ed25519'
      self.cipher = 4
    else
      raise Cryptorecord::CipherError, 'Unsupported cipher'
    end
  end
end

#digest ⇒ `Integer`

Returns sha1 = 1, sha256 = 2.

Returns:

(Integer) —

sha1 = 1, sha256 = 2

# File 'lib/cryptorecord/sshfp.rb', line 40

class Sshfp
  attr_reader :cipher, :digest, :key, :rectype
  attr_accessor :host

  # This constructor initializes cipher, key, digest, host and keyfile
  # If keyfile was provided, the key will automatically read from file
  #
  # @param [Hash] args the options to initialize the object with
  # @option args [Integer] digest sha1 = 1, sha256 = 2
  # @option args [String] host fqdn of the host
  # @option args [String] keyfile path to the keyfile
  def initialize(args = {})
    @cipher = nil
    @key = nil
    self.digest = args.fetch(:digest, 2)
    @host = args.fetch(:host, 'localhost')
    keyfile = args.fetch(:keyfile, nil)
    @rectype = 'SSHFP'
    read_file(keyfile) unless keyfile.nil?
  end

  # This setter initializes cipher
  #
  # @param [Integer] val the key-cipher.
  # ssh-rsa = 1, ssh-dss = 2, ecdsa = 3 and ed25519 = 4
  # @raise Cryptorecord::ArgumentError
  def cipher=(val)
    if val.to_i < 1 || val.to_i > 4
      raise ArgumentError, 'Invalid cipher. Has to be 0,1,2,3 or 4'
    end

    @cipher = val
  end

  # This setter initializes the hash-algo
  #
  # @param [Integer] val digest. sha1 = 1, sha256 = 2
  # @raise Cryptorecord::ArgumentError
  def digest=(val)
    unless val.to_i == 1 || val.to_i == 2
      raise ArgumentError, 'Invalid digest. Has to be 1 or 2'
    end
    @digest = val
  end

  # This function reads in the key from file and
  # initializes the cipher- and key-variable
  # @param [String] keyfile path to the ssh-hostkey-file
  # @raise Cryptorecord::ArgumentError
  def read_file(keyfile)
    raise ArgumentError, 'No hostkey-file defined' if keyfile.nil?

    data = File.read(keyfile)
    (type, @key) = data.split(' ')
    cipher_by_type(type)
  end

  # this function creates a Hash-String
  #
  # @return [String] Hash-string of the key
  # @raise Cryptorecord::KeyError
  def fingerprint
    raise Cryptorecord::KeyError, 'No certificate defined' if @key.nil?

    case @digest.to_i
    when 1
      return OpenSSL::Digest::SHA1.new(Base64.strict_decode64(@key)).to_s
    when 2
      return OpenSSL::Digest::SHA256.new(Base64.strict_decode64(@key)).to_s
    end
  end

  # This method returns the left-hand name of a dns-record
  # @return [String] left-hand name of a dns-record
  def left
    "#{@host}."
  end

  # This method returns the right-hand content of a dns-record
  # @return [String] right-hand content of a dns-record
  def right
    "#{@cipher} #{@digest} #{fingerprint}"
  end

  # This method concats the sshfp-record
  #
  # @return [String] sshfp dns-record as defined in rfc4255
  # @raise Cryptorecord::KeyError
  def to_s
    raise Cryptorecord::KeyError, 'No certificate defined' if @key.nil?
    "#{left} IN #{@rectype} #{right}"
  end

  private

  # This helper-function selects the cipher using the given
  # type
  #
  # @param [String] type ssh-rsa = 1, ssh-dss = 2,
  # ecdsa-sha2-nistp256 = 3, ssh-ed25519 = 4
  # @raise Cryptorecord::CipherError
  # @return [Integer] integer value of the cipher
  def cipher_by_type(type)
    case type
    when 'ssh-rsa'
      self.cipher = 1
    when 'ssh-dss'
      self.cipher = 2
    when 'ecdsa-sha2-nistp256'
      self.cipher = 3
    when 'ssh-ed25519'
      self.cipher = 4
    else
      raise Cryptorecord::CipherError, 'Unsupported cipher'
    end
  end
end

#host ⇒ `String`

Returns the fqdn-host.

Returns:

(String) —

the fqdn-host

# File 'lib/cryptorecord/sshfp.rb', line 40

class Sshfp
  attr_reader :cipher, :digest, :key, :rectype
  attr_accessor :host

  # This constructor initializes cipher, key, digest, host and keyfile
  # If keyfile was provided, the key will automatically read from file
  #
  # @param [Hash] args the options to initialize the object with
  # @option args [Integer] digest sha1 = 1, sha256 = 2
  # @option args [String] host fqdn of the host
  # @option args [String] keyfile path to the keyfile
  def initialize(args = {})
    @cipher = nil
    @key = nil
    self.digest = args.fetch(:digest, 2)
    @host = args.fetch(:host, 'localhost')
    keyfile = args.fetch(:keyfile, nil)
    @rectype = 'SSHFP'
    read_file(keyfile) unless keyfile.nil?
  end

  # This setter initializes cipher
  #
  # @param [Integer] val the key-cipher.
  # ssh-rsa = 1, ssh-dss = 2, ecdsa = 3 and ed25519 = 4
  # @raise Cryptorecord::ArgumentError
  def cipher=(val)
    if val.to_i < 1 || val.to_i > 4
      raise ArgumentError, 'Invalid cipher. Has to be 0,1,2,3 or 4'
    end

    @cipher = val
  end

  # This setter initializes the hash-algo
  #
  # @param [Integer] val digest. sha1 = 1, sha256 = 2
  # @raise Cryptorecord::ArgumentError
  def digest=(val)
    unless val.to_i == 1 || val.to_i == 2
      raise ArgumentError, 'Invalid digest. Has to be 1 or 2'
    end
    @digest = val
  end

  # This function reads in the key from file and
  # initializes the cipher- and key-variable
  # @param [String] keyfile path to the ssh-hostkey-file
  # @raise Cryptorecord::ArgumentError
  def read_file(keyfile)
    raise ArgumentError, 'No hostkey-file defined' if keyfile.nil?

    data = File.read(keyfile)
    (type, @key) = data.split(' ')
    cipher_by_type(type)
  end

  # this function creates a Hash-String
  #
  # @return [String] Hash-string of the key
  # @raise Cryptorecord::KeyError
  def fingerprint
    raise Cryptorecord::KeyError, 'No certificate defined' if @key.nil?

    case @digest.to_i
    when 1
      return OpenSSL::Digest::SHA1.new(Base64.strict_decode64(@key)).to_s
    when 2
      return OpenSSL::Digest::SHA256.new(Base64.strict_decode64(@key)).to_s
    end
  end

  # This method returns the left-hand name of a dns-record
  # @return [String] left-hand name of a dns-record
  def left
    "#{@host}."
  end

  # This method returns the right-hand content of a dns-record
  # @return [String] right-hand content of a dns-record
  def right
    "#{@cipher} #{@digest} #{fingerprint}"
  end

  # This method concats the sshfp-record
  #
  # @return [String] sshfp dns-record as defined in rfc4255
  # @raise Cryptorecord::KeyError
  def to_s
    raise Cryptorecord::KeyError, 'No certificate defined' if @key.nil?
    "#{left} IN #{@rectype} #{right}"
  end

  private

  # This helper-function selects the cipher using the given
  # type
  #
  # @param [String] type ssh-rsa = 1, ssh-dss = 2,
  # ecdsa-sha2-nistp256 = 3, ssh-ed25519 = 4
  # @raise Cryptorecord::CipherError
  # @return [Integer] integer value of the cipher
  def cipher_by_type(type)
    case type
    when 'ssh-rsa'
      self.cipher = 1
    when 'ssh-dss'
      self.cipher = 2
    when 'ecdsa-sha2-nistp256'
      self.cipher = 3
    when 'ssh-ed25519'
      self.cipher = 4
    else
      raise Cryptorecord::CipherError, 'Unsupported cipher'
    end
  end
end

#key ⇒ `String` (readonly)

Returns the ssh-host-key, without the type and comment.

Returns:

(String) —

the ssh-host-key, without the type and comment

# File 'lib/cryptorecord/sshfp.rb', line 40

class Sshfp
  attr_reader :cipher, :digest, :key, :rectype
  attr_accessor :host

  # This constructor initializes cipher, key, digest, host and keyfile
  # If keyfile was provided, the key will automatically read from file
  #
  # @param [Hash] args the options to initialize the object with
  # @option args [Integer] digest sha1 = 1, sha256 = 2
  # @option args [String] host fqdn of the host
  # @option args [String] keyfile path to the keyfile
  def initialize(args = {})
    @cipher = nil
    @key = nil
    self.digest = args.fetch(:digest, 2)
    @host = args.fetch(:host, 'localhost')
    keyfile = args.fetch(:keyfile, nil)
    @rectype = 'SSHFP'
    read_file(keyfile) unless keyfile.nil?
  end

  # This setter initializes cipher
  #
  # @param [Integer] val the key-cipher.
  # ssh-rsa = 1, ssh-dss = 2, ecdsa = 3 and ed25519 = 4
  # @raise Cryptorecord::ArgumentError
  def cipher=(val)
    if val.to_i < 1 || val.to_i > 4
      raise ArgumentError, 'Invalid cipher. Has to be 0,1,2,3 or 4'
    end

    @cipher = val
  end

  # This setter initializes the hash-algo
  #
  # @param [Integer] val digest. sha1 = 1, sha256 = 2
  # @raise Cryptorecord::ArgumentError
  def digest=(val)
    unless val.to_i == 1 || val.to_i == 2
      raise ArgumentError, 'Invalid digest. Has to be 1 or 2'
    end
    @digest = val
  end

  # This function reads in the key from file and
  # initializes the cipher- and key-variable
  # @param [String] keyfile path to the ssh-hostkey-file
  # @raise Cryptorecord::ArgumentError
  def read_file(keyfile)
    raise ArgumentError, 'No hostkey-file defined' if keyfile.nil?

    data = File.read(keyfile)
    (type, @key) = data.split(' ')
    cipher_by_type(type)
  end

  # this function creates a Hash-String
  #
  # @return [String] Hash-string of the key
  # @raise Cryptorecord::KeyError
  def fingerprint
    raise Cryptorecord::KeyError, 'No certificate defined' if @key.nil?

    case @digest.to_i
    when 1
      return OpenSSL::Digest::SHA1.new(Base64.strict_decode64(@key)).to_s
    when 2
      return OpenSSL::Digest::SHA256.new(Base64.strict_decode64(@key)).to_s
    end
  end

  # This method returns the left-hand name of a dns-record
  # @return [String] left-hand name of a dns-record
  def left
    "#{@host}."
  end

  # This method returns the right-hand content of a dns-record
  # @return [String] right-hand content of a dns-record
  def right
    "#{@cipher} #{@digest} #{fingerprint}"
  end

  # This method concats the sshfp-record
  #
  # @return [String] sshfp dns-record as defined in rfc4255
  # @raise Cryptorecord::KeyError
  def to_s
    raise Cryptorecord::KeyError, 'No certificate defined' if @key.nil?
    "#{left} IN #{@rectype} #{right}"
  end

  private

  # This helper-function selects the cipher using the given
  # type
  #
  # @param [String] type ssh-rsa = 1, ssh-dss = 2,
  # ecdsa-sha2-nistp256 = 3, ssh-ed25519 = 4
  # @raise Cryptorecord::CipherError
  # @return [Integer] integer value of the cipher
  def cipher_by_type(type)
    case type
    when 'ssh-rsa'
      self.cipher = 1
    when 'ssh-dss'
      self.cipher = 2
    when 'ecdsa-sha2-nistp256'
      self.cipher = 3
    when 'ssh-ed25519'
      self.cipher = 4
    else
      raise Cryptorecord::CipherError, 'Unsupported cipher'
    end
  end
end

#rectype ⇒ `String` (readonly)

Returns “SSHFP”.

Returns:

(String) —

“SSHFP”

# File 'lib/cryptorecord/sshfp.rb', line 40

class Sshfp
  attr_reader :cipher, :digest, :key, :rectype
  attr_accessor :host

  # This constructor initializes cipher, key, digest, host and keyfile
  # If keyfile was provided, the key will automatically read from file
  #
  # @param [Hash] args the options to initialize the object with
  # @option args [Integer] digest sha1 = 1, sha256 = 2
  # @option args [String] host fqdn of the host
  # @option args [String] keyfile path to the keyfile
  def initialize(args = {})
    @cipher = nil
    @key = nil
    self.digest = args.fetch(:digest, 2)
    @host = args.fetch(:host, 'localhost')
    keyfile = args.fetch(:keyfile, nil)
    @rectype = 'SSHFP'
    read_file(keyfile) unless keyfile.nil?
  end

  # This setter initializes cipher
  #
  # @param [Integer] val the key-cipher.
  # ssh-rsa = 1, ssh-dss = 2, ecdsa = 3 and ed25519 = 4
  # @raise Cryptorecord::ArgumentError
  def cipher=(val)
    if val.to_i < 1 || val.to_i > 4
      raise ArgumentError, 'Invalid cipher. Has to be 0,1,2,3 or 4'
    end

    @cipher = val
  end

  # This setter initializes the hash-algo
  #
  # @param [Integer] val digest. sha1 = 1, sha256 = 2
  # @raise Cryptorecord::ArgumentError
  def digest=(val)
    unless val.to_i == 1 || val.to_i == 2
      raise ArgumentError, 'Invalid digest. Has to be 1 or 2'
    end
    @digest = val
  end

  # This function reads in the key from file and
  # initializes the cipher- and key-variable
  # @param [String] keyfile path to the ssh-hostkey-file
  # @raise Cryptorecord::ArgumentError
  def read_file(keyfile)
    raise ArgumentError, 'No hostkey-file defined' if keyfile.nil?

    data = File.read(keyfile)
    (type, @key) = data.split(' ')
    cipher_by_type(type)
  end

  # this function creates a Hash-String
  #
  # @return [String] Hash-string of the key
  # @raise Cryptorecord::KeyError
  def fingerprint
    raise Cryptorecord::KeyError, 'No certificate defined' if @key.nil?

    case @digest.to_i
    when 1
      return OpenSSL::Digest::SHA1.new(Base64.strict_decode64(@key)).to_s
    when 2
      return OpenSSL::Digest::SHA256.new(Base64.strict_decode64(@key)).to_s
    end
  end

  # This method returns the left-hand name of a dns-record
  # @return [String] left-hand name of a dns-record
  def left
    "#{@host}."
  end

  # This method returns the right-hand content of a dns-record
  # @return [String] right-hand content of a dns-record
  def right
    "#{@cipher} #{@digest} #{fingerprint}"
  end

  # This method concats the sshfp-record
  #
  # @return [String] sshfp dns-record as defined in rfc4255
  # @raise Cryptorecord::KeyError
  def to_s
    raise Cryptorecord::KeyError, 'No certificate defined' if @key.nil?
    "#{left} IN #{@rectype} #{right}"
  end

  private

  # This helper-function selects the cipher using the given
  # type
  #
  # @param [String] type ssh-rsa = 1, ssh-dss = 2,
  # ecdsa-sha2-nistp256 = 3, ssh-ed25519 = 4
  # @raise Cryptorecord::CipherError
  # @return [Integer] integer value of the cipher
  def cipher_by_type(type)
    case type
    when 'ssh-rsa'
      self.cipher = 1
    when 'ssh-dss'
      self.cipher = 2
    when 'ecdsa-sha2-nistp256'
      self.cipher = 3
    when 'ssh-ed25519'
      self.cipher = 4
    else
      raise Cryptorecord::CipherError, 'Unsupported cipher'
    end
  end
end

Instance Method Details

#fingerprint ⇒ `String`

this function creates a Hash-String

Returns:

(String) —

Hash-string of the key

Raises:

Cryptorecord::KeyError

# File 'lib/cryptorecord/sshfp.rb', line 101

def fingerprint
  raise Cryptorecord::KeyError, 'No certificate defined' if @key.nil?

  case @digest.to_i
  when 1
    return OpenSSL::Digest::SHA1.new(Base64.strict_decode64(@key)).to_s
  when 2
    return OpenSSL::Digest::SHA256.new(Base64.strict_decode64(@key)).to_s
  end
end

#left ⇒ `String`

This method returns the left-hand name of a dns-record

Returns:

(String) —

left-hand name of a dns-record



114
115
116

# File 'lib/cryptorecord/sshfp.rb', line 114

def left
  "#{@host}."
end

#read_file(keyfile) ⇒ `Object`

This function reads in the key from file and initializes the cipher- and key-variable

Parameters:

keyfile (String) —

path to the ssh-hostkey-file

Raises:

Cryptorecord::ArgumentError

# File 'lib/cryptorecord/sshfp.rb', line 89

def read_file(keyfile)
  raise ArgumentError, 'No hostkey-file defined' if keyfile.nil?

  data = File.read(keyfile)
  (type, @key) = data.split(' ')
  cipher_by_type(type)
end

#right ⇒ `String`

This method returns the right-hand content of a dns-record

Returns:

(String) —

right-hand content of a dns-record



120
121
122

# File 'lib/cryptorecord/sshfp.rb', line 120

def right
  "#{@cipher} #{@digest} #{fingerprint}"
end

#to_s ⇒ `String`

This method concats the sshfp-record

Returns:

(String) —

sshfp dns-record as defined in rfc4255

Raises:

Cryptorecord::KeyError

# File 'lib/cryptorecord/sshfp.rb', line 128

def to_s
  raise Cryptorecord::KeyError, 'No certificate defined' if @key.nil?
  "#{left} IN #{@rectype} #{right}"
end

Class: Cryptorecord::Sshfp

Overview

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(args = {}) ⇒ Sshfp

Instance Attribute Details

#cipher ⇒ Integer

#digest ⇒ Integer

#host ⇒ String

#key ⇒ String (readonly)

#rectype ⇒ String (readonly)

Instance Method Details

#fingerprint ⇒ String

#left ⇒ String

#read_file(keyfile) ⇒ Object

#right ⇒ String

#to_s ⇒ String

#initialize(args = {}) ⇒ `Sshfp`

#cipher ⇒ `Integer`

#digest ⇒ `Integer`

#host ⇒ `String`

#key ⇒ `String` (readonly)

#rectype ⇒ `String` (readonly)

#fingerprint ⇒ `String`

#left ⇒ `String`

#read_file(keyfile) ⇒ `Object`

#right ⇒ `String`

#to_s ⇒ `String`