Class: Net::SSH::Authentication::Certificate
- Inherits:
-
Object
- Object
- Net::SSH::Authentication::Certificate
- Defined in:
- lib/net/ssh/authentication/certificate.rb
Overview
Class for representing an SSH certificate.
Instance Attribute Summary collapse
-
#critical_options ⇒ Object
Returns the value of attribute critical_options.
-
#extensions ⇒ Object
Returns the value of attribute extensions.
-
#key ⇒ Object
Returns the value of attribute key.
-
#key_id ⇒ Object
Returns the value of attribute key_id.
-
#nonce ⇒ Object
Returns the value of attribute nonce.
-
#reserved ⇒ Object
Returns the value of attribute reserved.
-
#serial ⇒ Object
Returns the value of attribute serial.
-
#signature ⇒ Object
Returns the value of attribute signature.
-
#signature_key ⇒ Object
Returns the value of attribute signature_key.
-
#type ⇒ Object
Returns the value of attribute type.
-
#valid_after ⇒ Object
Returns the value of attribute valid_after.
-
#valid_before ⇒ Object
Returns the value of attribute valid_before.
-
#valid_principals ⇒ Object
Returns the value of attribute valid_principals.
Class Method Summary collapse
-
.read_certblob(buffer, type) ⇒ Object
Read a certificate blob associated with a key of the given type.
Instance Method Summary collapse
- #fingerprint ⇒ Object
- #sign(key, sign_nonce = nil) ⇒ Object
-
#sign!(key, sign_nonce = nil) ⇒ Object
Signs the certificate with key.
-
#signature_valid? ⇒ Boolean
Checks whether the certificate’s signature was signed by signature key.
- #ssh_do_sign(data, sig_alg = nil) ⇒ Object
- #ssh_do_verify(sig, data, options = {}) ⇒ Object
- #ssh_signature_type ⇒ Object
- #ssh_type ⇒ Object
-
#to_blob ⇒ Object
Serializes the certificate (and key).
- #to_pem ⇒ Object
Instance Attribute Details
#critical_options ⇒ Object
Returns the value of attribute critical_options.
18 19 20 |
# File 'lib/net/ssh/authentication/certificate.rb', line 18 def @critical_options end |
#extensions ⇒ Object
Returns the value of attribute extensions.
19 20 21 |
# File 'lib/net/ssh/authentication/certificate.rb', line 19 def extensions @extensions end |
#key ⇒ Object
Returns the value of attribute key.
11 12 13 |
# File 'lib/net/ssh/authentication/certificate.rb', line 11 def key @key end |
#key_id ⇒ Object
Returns the value of attribute key_id.
14 15 16 |
# File 'lib/net/ssh/authentication/certificate.rb', line 14 def key_id @key_id end |
#nonce ⇒ Object
Returns the value of attribute nonce.
10 11 12 |
# File 'lib/net/ssh/authentication/certificate.rb', line 10 def nonce @nonce end |
#reserved ⇒ Object
Returns the value of attribute reserved.
20 21 22 |
# File 'lib/net/ssh/authentication/certificate.rb', line 20 def reserved @reserved end |
#serial ⇒ Object
Returns the value of attribute serial.
12 13 14 |
# File 'lib/net/ssh/authentication/certificate.rb', line 12 def serial @serial end |
#signature ⇒ Object
Returns the value of attribute signature.
22 23 24 |
# File 'lib/net/ssh/authentication/certificate.rb', line 22 def signature @signature end |
#signature_key ⇒ Object
Returns the value of attribute signature_key.
21 22 23 |
# File 'lib/net/ssh/authentication/certificate.rb', line 21 def signature_key @signature_key end |
#type ⇒ Object
Returns the value of attribute type.
13 14 15 |
# File 'lib/net/ssh/authentication/certificate.rb', line 13 def type @type end |
#valid_after ⇒ Object
Returns the value of attribute valid_after.
16 17 18 |
# File 'lib/net/ssh/authentication/certificate.rb', line 16 def valid_after @valid_after end |
#valid_before ⇒ Object
Returns the value of attribute valid_before.
17 18 19 |
# File 'lib/net/ssh/authentication/certificate.rb', line 17 def valid_before @valid_before end |
#valid_principals ⇒ Object
Returns the value of attribute valid_principals.
15 16 17 |
# File 'lib/net/ssh/authentication/certificate.rb', line 15 def valid_principals @valid_principals end |
Class Method Details
.read_certblob(buffer, type) ⇒ Object
Read a certificate blob associated with a key of the given type.
25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 |
# File 'lib/net/ssh/authentication/certificate.rb', line 25 def self.read_certblob(buffer, type) cert = Certificate.new cert.nonce = buffer.read_string cert.key = buffer.read_keyblob(type) cert.serial = buffer.read_int64 cert.type = type_symbol(buffer.read_long) cert.key_id = buffer.read_string cert.valid_principals = buffer.read_buffer.read_all(&:read_string) cert.valid_after = Time.at(buffer.read_int64) cert.valid_before = if RUBY_PLATFORM == "java" # 0x20c49ba5e353f7 = 0x7fffffffffffffff/1000, the largest value possible for JRuby # JRuby Time.at multiplies the arg by 1000, and then stores it in a signed long. # 0x20c49ba2d52500 = 292278993-01-01 00:00:00 +0000 # JRuby 9.1 does not accept the year 292278994 because of edge cases (https://github.com/JodaOrg/joda-time/issues/190) Time.at([0x20c49ba2d52500, buffer.read_int64].min) else Time.at(buffer.read_int64) end cert. = (buffer) cert.extensions = (buffer) cert.reserved = buffer.read_string cert.signature_key = buffer.read_buffer.read_key cert.signature = buffer.read_string cert end |
Instance Method Details
#fingerprint ⇒ Object
81 82 83 |
# File 'lib/net/ssh/authentication/certificate.rb', line 81 def fingerprint key.fingerprint end |
#sign(key, sign_nonce = nil) ⇒ Object
97 98 99 100 |
# File 'lib/net/ssh/authentication/certificate.rb', line 97 def sign(key, sign_nonce = nil) cert = clone cert.sign!(key, sign_nonce) end |
#sign!(key, sign_nonce = nil) ⇒ Object
Signs the certificate with key.
86 87 88 89 90 91 92 93 94 95 |
# File 'lib/net/ssh/authentication/certificate.rb', line 86 def sign!(key, sign_nonce = nil) # ssh-keygen uses 32 bytes of nonce. self.nonce = sign_nonce || SecureRandom.random_bytes(32) self.signature_key = key self.signature = Net::SSH::Buffer.from( :string, key.ssh_signature_type, :mstring, key.ssh_do_sign(to_blob_without_signature) ).to_s self end |
#signature_valid? ⇒ Boolean
Checks whether the certificate’s signature was signed by signature key.
103 104 105 106 107 |
# File 'lib/net/ssh/authentication/certificate.rb', line 103 def signature_valid? buffer = Buffer.new(signature) buffer.read_string # skip signature format signature_key.ssh_do_verify(buffer.read_string, to_blob_without_signature) end |
#ssh_do_sign(data, sig_alg = nil) ⇒ Object
69 70 71 |
# File 'lib/net/ssh/authentication/certificate.rb', line 69 def ssh_do_sign(data, sig_alg = nil) key.ssh_do_sign(data, sig_alg) end |
#ssh_do_verify(sig, data, options = {}) ⇒ Object
73 74 75 |
# File 'lib/net/ssh/authentication/certificate.rb', line 73 def ssh_do_verify(sig, data, = {}) key.ssh_do_verify(sig, data, ) end |
#ssh_signature_type ⇒ Object
57 58 59 |
# File 'lib/net/ssh/authentication/certificate.rb', line 57 def ssh_signature_type key.ssh_type end |
#ssh_type ⇒ Object
53 54 55 |
# File 'lib/net/ssh/authentication/certificate.rb', line 53 def ssh_type key.ssh_type + "[email protected]" end |
#to_blob ⇒ Object
Serializes the certificate (and key).
62 63 64 65 66 67 |
# File 'lib/net/ssh/authentication/certificate.rb', line 62 def to_blob Buffer.from( :raw, to_blob_without_signature, :string, signature ).to_s end |
#to_pem ⇒ Object
77 78 79 |
# File 'lib/net/ssh/authentication/certificate.rb', line 77 def to_pem key.to_pem end |