Class: HrrRbSsh::Authentication::Method::Publickey

Inherits:

HrrRbSsh::Authentication::Method

• Object
• HrrRbSsh::Authentication::Method
• HrrRbSsh::Authentication::Method::Publickey

Includes:

Loggable

Defined in:

lib/hrr_rb_ssh/authentication/method/publickey.rb,
lib/hrr_rb_ssh/authentication/method/publickey/context.rb,
lib/hrr_rb_ssh/authentication/method/publickey/algorithm.rb,
lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_dss.rb,
lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_rsa.rb,
lib/hrr_rb_ssh/authentication/method/publickey/algorithm/functionable.rb,
lib/hrr_rb_ssh/authentication/method/publickey/algorithm/signature_blob.rb,
lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256.rb,
lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384.rb,
lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521.rb

Defined Under Namespace

Classes: Algorithm, Context

Constant Summary

NAME =

'publickey'

PREFERENCE =

20

Instance Attribute Summary

Attributes included from Loggable

#log_key, #logger

Instance Method Summary

• #authenticate(userauth_request_message) ⇒ Object
• #initialize(transport, options, variables, authentication_methods, logger: nil) ⇒ Publickey constructor

  A new instance of Publickey.

• #request_authentication(username, service_name) ⇒ Object
• #send_request_with_signature(username, service_name, public_key_algorithm_name, secret_key) ⇒ Object
• #send_request_without_signature(username, service_name, public_key_algorithm_name, secret_key) ⇒ Object
• #userauth_pk_ok_message(public_key_algorithm_name, public_key_blob) ⇒ Object

Methods included from Loggable

#log_debug, #log_error, #log_fatal, #log_info, #log_warn

Methods included from SubclassWithPreferenceListable

#[], #inherited, #list_preferred, #list_supported

Constructor Details

#initialize(transport, options, variables, authentication_methods, logger: nil) ⇒ Publickey

Returns a new instance of Publickey.

# File 'lib/hrr_rb_ssh/authentication/method/publickey.rb', line 15

def initialize transport, options, variables, authentication_methods, logger: nil
  self.logger = logger
  @transport = transport
  @options = options
  @session_id = options['session id']
  @authenticator = options.fetch( 'authentication_publickey_authenticator', Authenticator.new{ false } )
  @variables = variables
  @authentication_methods = authentication_methods
end

Instance Method Details

#authenticate(userauth_request_message) ⇒ Object

# File 'lib/hrr_rb_ssh/authentication/method/publickey.rb', line 25

def authenticate userauth_request_message
  public_key_algorithm_name = userauth_request_message[:'public key algorithm name']
  unless Algorithm.list_preferred.include?(public_key_algorithm_name)
    log_info { "unsupported public key algorithm: #{public_key_algorithm_name}" }
    return false
  end
  unless userauth_request_message[:'with signature']
    log_info { "public key algorithm is ok, require signature" }
    public_key_blob = userauth_request_message[:'public key blob']
    userauth_pk_ok_message public_key_algorithm_name, public_key_blob
  else
    log_info { "verify signature" }
    username = userauth_request_message[:'user name']
    algorithm = Algorithm[public_key_algorithm_name].new logger: logger
    context = Context.new(username, algorithm, @session_id, userauth_request_message, @variables, @authentication_methods, logger: logger)
    @authenticator.authenticate context
  end
end

#request_authentication(username, service_name) ⇒ Object

# File 'lib/hrr_rb_ssh/authentication/method/publickey.rb', line 53

def request_authentication username, service_name
  public_key_algorithm_name, secret_key = @options['client_authentication_publickey']
  send_request_without_signature username, service_name, public_key_algorithm_name, secret_key
  payload = @transport.receive
  case payload[0,1].unpack("C")[0]
  when Message::SSH_MSG_USERAUTH_PK_OK::VALUE
    send_request_with_signature username, service_name, public_key_algorithm_name, secret_key
    @transport.receive
  else
    payload
  end
end

#send_request_with_signature(username, service_name, public_key_algorithm_name, secret_key) ⇒ Object

# File 'lib/hrr_rb_ssh/authentication/method/publickey.rb', line 82

def send_request_with_signature username, service_name, public_key_algorithm_name, secret_key
  algorithm = Algorithm[public_key_algorithm_name].new logger: logger
  public_key_blob = algorithm.generate_public_key_blob(secret_key)
  signature = algorithm.generate_signature(@session_id, username, service_name, 'publickey', secret_key)
  message = {
    :'message number'            => Message::SSH_MSG_USERAUTH_REQUEST::VALUE,
    :"user name"                 => username,
    :"service name"              => service_name,
    :"method name"               => NAME,
    :"with signature"            => true,
    :'public key algorithm name' => public_key_algorithm_name,
    :'public key blob'           => public_key_blob,
    :'signature'                 => signature,
  }
  payload = Message::SSH_MSG_USERAUTH_REQUEST.new(logger: logger).encode message
  @transport.send payload
end

#send_request_without_signature(username, service_name, public_key_algorithm_name, secret_key) ⇒ Object

# File 'lib/hrr_rb_ssh/authentication/method/publickey.rb', line 66

def send_request_without_signature username, service_name, public_key_algorithm_name, secret_key
  algorithm = Algorithm[public_key_algorithm_name].new logger: logger
  public_key_blob = algorithm.generate_public_key_blob(secret_key)
  message = {
    :'message number'            => Message::SSH_MSG_USERAUTH_REQUEST::VALUE,
    :"user name"                 => username,
    :"service name"              => service_name,
    :"method name"               => NAME,
    :"with signature"            => false,
    :'public key algorithm name' => public_key_algorithm_name,
    :'public key blob'           => public_key_blob,
  }
  payload = Message::SSH_MSG_USERAUTH_REQUEST.new(logger: logger).encode message
  @transport.send payload
end

#userauth_pk_ok_message(public_key_algorithm_name, public_key_blob) ⇒ Object

# File 'lib/hrr_rb_ssh/authentication/method/publickey.rb', line 44

def userauth_pk_ok_message public_key_algorithm_name, public_key_blob
  message = {
    :'message number'                             => Message::SSH_MSG_USERAUTH_PK_OK::VALUE,
    :'public key algorithm name from the request' => public_key_algorithm_name,
    :'public key blob from the request'           => public_key_blob,
  }
  payload = Message::SSH_MSG_USERAUTH_PK_OK.new(logger: logger).encode message
end