Class: Net::SSH::Authentication::Certificate

Inherits:
Object
  • Object
show all
Defined in:
lib/net/ssh/authentication/certificate.rb

Overview

Class for representing an SSH certificate.

cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/usr.bin/ssh/PROTOCOL.certkeys?rev=1.10&content-type=text/plain

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#critical_optionsObject

Returns the value of attribute critical_options.



18
19
20
 
# File 'lib/net/ssh/authentication/certificate.rb', line 18

def critical_options
  @critical_options
end

#extensionsObject

Returns the value of attribute extensions.



19
20
21
 
# File 'lib/net/ssh/authentication/certificate.rb', line 19

def extensions
  @extensions
end

#keyObject

Returns the value of attribute key.



11
12
13
 
# File 'lib/net/ssh/authentication/certificate.rb', line 11

def key
  @key
end

#key_idObject

Returns the value of attribute key_id.



14
15
16
 
# File 'lib/net/ssh/authentication/certificate.rb', line 14

def key_id
  @key_id
end

#nonceObject

Returns the value of attribute nonce.



10
11
12
 
# File 'lib/net/ssh/authentication/certificate.rb', line 10

def nonce
  @nonce
end

#reservedObject

Returns the value of attribute reserved.



20
21
22
 
# File 'lib/net/ssh/authentication/certificate.rb', line 20

def reserved
  @reserved
end

#serialObject

Returns the value of attribute serial.



12
13
14
 
# File 'lib/net/ssh/authentication/certificate.rb', line 12

def serial
  @serial
end

#signatureObject

Returns the value of attribute signature.



22
23
24
 
# File 'lib/net/ssh/authentication/certificate.rb', line 22

def signature
  @signature
end

#signature_keyObject

Returns the value of attribute signature_key.



21
22
23
 
# File 'lib/net/ssh/authentication/certificate.rb', line 21

def signature_key
  @signature_key
end

#typeObject

Returns the value of attribute type.



13
14
15
 
# File 'lib/net/ssh/authentication/certificate.rb', line 13

def type
  @type
end

#valid_afterObject

Returns the value of attribute valid_after.



16
17
18
 
# File 'lib/net/ssh/authentication/certificate.rb', line 16

def valid_after
  @valid_after
end

#valid_beforeObject

Returns the value of attribute valid_before.



17
18
19
 
# File 'lib/net/ssh/authentication/certificate.rb', line 17

def valid_before
  @valid_before
end

#valid_principalsObject

Returns the value of attribute valid_principals.



15
16
17
 
# File 'lib/net/ssh/authentication/certificate.rb', line 15

def valid_principals
  @valid_principals
end

Class Method Details

.read_certblob(buffer, type) ⇒ Object

Read a certificate blob associated with a key of the given type.



25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
 
# File 'lib/net/ssh/authentication/certificate.rb', line 25

def self.read_certblob(buffer, type)
  cert = Certificate.new
  cert.nonce = buffer.read_string
  cert.key = buffer.read_keyblob(type)
  cert.serial = buffer.read_int64
  cert.type = type_symbol(buffer.read_long)
  cert.key_id = buffer.read_string
  cert.valid_principals = buffer.read_buffer.read_all(&:read_string)
  cert.valid_after = Time.at(buffer.read_int64)
  cert.valid_before = Time.at(buffer.read_int64)
  cert.critical_options = read_options(buffer)
  cert.extensions = read_options(buffer)
  cert.reserved = buffer.read_string
  cert.signature_key = buffer.read_buffer.read_key
  cert.signature = buffer.read_string
  cert
end

Instance Method Details

#fingerprintObject 



71
72
73
 
# File 'lib/net/ssh/authentication/certificate.rb', line 71

def fingerprint
  key.fingerprint
end

#sign(key, sign_nonce = nil) ⇒ Object 



87
88
89
90
 
# File 'lib/net/ssh/authentication/certificate.rb', line 87

def sign(key, sign_nonce=nil)
  cert = clone
  cert.sign!(key, sign_nonce)
end

#sign!(key, sign_nonce = nil) ⇒ Object

Signs the certificate with key.



76
77
78
79
80
81
82
83
84
85
 
# File 'lib/net/ssh/authentication/certificate.rb', line 76

def sign!(key, sign_nonce=nil)
  # ssh-keygen uses 32 bytes of nonce.
  self.nonce = sign_nonce || SecureRandom.random_bytes(32)
  self.signature_key = key
  self.signature = Net::SSH::Buffer.from(
    :string, key.ssh_signature_type,
    :mstring, key.ssh_do_sign(to_blob_without_signature)
  ).to_s
  self
end

#signature_valid?Boolean

Checks whether the certificate’s signature was signed by signature key.

Returns:

  • (Boolean) 


93
94
95
96
97
 
# File 'lib/net/ssh/authentication/certificate.rb', line 93

def signature_valid?
  buffer = Buffer.new(signature)
  buffer.read_string # skip signature format
  signature_key.ssh_do_verify(buffer.read_string, to_blob_without_signature)
end

#ssh_do_sign(data) ⇒ Object 



59
60
61
 
# File 'lib/net/ssh/authentication/certificate.rb', line 59

def ssh_do_sign(data)
  key.ssh_do_sign(data)
end

#ssh_do_verify(sig, data) ⇒ Object 



63
64
65
 
# File 'lib/net/ssh/authentication/certificate.rb', line 63

def ssh_do_verify(sig, data)
  key.ssh_do_verify(sig, data)
end

#ssh_signature_typeObject 



47
48
49
 
# File 'lib/net/ssh/authentication/certificate.rb', line 47

def ssh_signature_type
  key.ssh_type
end

#ssh_typeObject 



43
44
45
 
# File 'lib/net/ssh/authentication/certificate.rb', line 43

def ssh_type
  key.ssh_type + "[email protected]"
end

#to_blobObject

Serializes the certificate (and key).



52
53
54
55
56
57
 
# File 'lib/net/ssh/authentication/certificate.rb', line 52

def to_blob
  Buffer.from(
    :raw, to_blob_without_signature,
    :string, signature
  ).to_s
end

#to_pemObject 



67
68
69
 
# File 'lib/net/ssh/authentication/certificate.rb', line 67

def to_pem
  key.to_pem
end