Class: Net::SSH::Authentication::Certificate

Inherits:
Object
  • Object
show all
Defined in:
lib/net/ssh/authentication/certificate.rb

Overview

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#critical_optionsObject

Returns the value of attribute critical_options.



18
19
20
# File 'lib/net/ssh/authentication/certificate.rb', line 18

def critical_options
  @critical_options
end

#extensionsObject

Returns the value of attribute extensions.



19
20
21
# File 'lib/net/ssh/authentication/certificate.rb', line 19

def extensions
  @extensions
end

#keyObject

Returns the value of attribute key.



11
12
13
# File 'lib/net/ssh/authentication/certificate.rb', line 11

def key
  @key
end

#key_idObject

Returns the value of attribute key_id.



14
15
16
# File 'lib/net/ssh/authentication/certificate.rb', line 14

def key_id
  @key_id
end

#nonceObject

Returns the value of attribute nonce.



10
11
12
# File 'lib/net/ssh/authentication/certificate.rb', line 10

def nonce
  @nonce
end

#reservedObject

Returns the value of attribute reserved.



20
21
22
# File 'lib/net/ssh/authentication/certificate.rb', line 20

def reserved
  @reserved
end

#serialObject

Returns the value of attribute serial.



12
13
14
# File 'lib/net/ssh/authentication/certificate.rb', line 12

def serial
  @serial
end

#signatureObject

Returns the value of attribute signature.



22
23
24
# File 'lib/net/ssh/authentication/certificate.rb', line 22

def signature
  @signature
end

#signature_keyObject

Returns the value of attribute signature_key.



21
22
23
# File 'lib/net/ssh/authentication/certificate.rb', line 21

def signature_key
  @signature_key
end

#typeObject

Returns the value of attribute type.



13
14
15
# File 'lib/net/ssh/authentication/certificate.rb', line 13

def type
  @type
end

#valid_afterObject

Returns the value of attribute valid_after.



16
17
18
# File 'lib/net/ssh/authentication/certificate.rb', line 16

def valid_after
  @valid_after
end

#valid_beforeObject

Returns the value of attribute valid_before.



17
18
19
# File 'lib/net/ssh/authentication/certificate.rb', line 17

def valid_before
  @valid_before
end

#valid_principalsObject

Returns the value of attribute valid_principals.



15
16
17
# File 'lib/net/ssh/authentication/certificate.rb', line 15

def valid_principals
  @valid_principals
end

Class Method Details

.read_certblob(buffer, type) ⇒ Object

Read a certificate blob associated with a key of the given type.



25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
# File 'lib/net/ssh/authentication/certificate.rb', line 25

def self.read_certblob(buffer, type)
  cert = Certificate.new
  cert.nonce = buffer.read_string
  cert.key = buffer.read_keyblob(type)
  cert.serial = buffer.read_int64
  cert.type = type_symbol(buffer.read_long)
  cert.key_id = buffer.read_string
  cert.valid_principals = buffer.read_buffer.read_all(&:read_string)
  cert.valid_after = Time.at(buffer.read_int64)

  cert.valid_before = if RUBY_PLATFORM == "java"
                        # 0x20c49ba5e353f7 = 0x7fffffffffffffff/1000, the largest value possible for JRuby
                        # JRuby Time.at multiplies the arg by 1000, and then stores it in a signed long.
                        # 0x20c49ba2d52500 = 292278993-01-01 00:00:00 +0000
                        # JRuby 9.1 does not accept the year 292278994 because of edge cases (https://github.com/JodaOrg/joda-time/issues/190)
                        Time.at([0x20c49ba2d52500, buffer.read_int64].min)
                      else
                        Time.at(buffer.read_int64)
                      end

  cert.critical_options = read_options(buffer)
  cert.extensions = read_options(buffer)
  cert.reserved = buffer.read_string
  cert.signature_key = buffer.read_buffer.read_key
  cert.signature = buffer.read_string
  cert
end

Instance Method Details

#fingerprintObject



81
82
83
# File 'lib/net/ssh/authentication/certificate.rb', line 81

def fingerprint
  key.fingerprint
end

#sign(key, sign_nonce = nil) ⇒ Object



97
98
99
100
# File 'lib/net/ssh/authentication/certificate.rb', line 97

def sign(key, sign_nonce = nil)
  cert = clone
  cert.sign!(key, sign_nonce)
end

#sign!(key, sign_nonce = nil) ⇒ Object

Signs the certificate with key.



86
87
88
89
90
91
92
93
94
95
# File 'lib/net/ssh/authentication/certificate.rb', line 86

def sign!(key, sign_nonce = nil)
  # ssh-keygen uses 32 bytes of nonce.
  self.nonce = sign_nonce || SecureRandom.random_bytes(32)
  self.signature_key = key
  self.signature = Net::SSH::Buffer.from(
    :string, key.ssh_signature_type,
    :mstring, key.ssh_do_sign(to_blob_without_signature)
  ).to_s
  self
end

#signature_valid?Boolean

Checks whether the certificate’s signature was signed by signature key.

Returns:

  • (Boolean)


103
104
105
106
107
# File 'lib/net/ssh/authentication/certificate.rb', line 103

def signature_valid?
  buffer = Buffer.new(signature)
  buffer.read_string # skip signature format
  signature_key.ssh_do_verify(buffer.read_string, to_blob_without_signature)
end

#ssh_do_sign(data, sig_alg = nil) ⇒ Object



69
70
71
# File 'lib/net/ssh/authentication/certificate.rb', line 69

def ssh_do_sign(data, sig_alg = nil)
  key.ssh_do_sign(data, sig_alg)
end

#ssh_do_verify(sig, data, options = {}) ⇒ Object



73
74
75
# File 'lib/net/ssh/authentication/certificate.rb', line 73

def ssh_do_verify(sig, data, options = {})
  key.ssh_do_verify(sig, data, options)
end

#ssh_signature_typeObject



57
58
59
# File 'lib/net/ssh/authentication/certificate.rb', line 57

def ssh_signature_type
  key.ssh_type
end

#ssh_typeObject



53
54
55
# File 'lib/net/ssh/authentication/certificate.rb', line 53

def ssh_type
  key.ssh_type + "[email protected]"
end

#to_blobObject

Serializes the certificate (and key).



62
63
64
65
66
67
# File 'lib/net/ssh/authentication/certificate.rb', line 62

def to_blob
  Buffer.from(
    :raw, to_blob_without_signature,
    :string, signature
  ).to_s
end

#to_pemObject



77
78
79
# File 'lib/net/ssh/authentication/certificate.rb', line 77

def to_pem
  key.to_pem
end