Class: SshSig::Verifier

Inherits:
Object
  • Object
show all
Defined in:
lib/ssh_sig/verifier.rb

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(public_keys) ⇒ Verifier

Returns a new instance of Verifier.



7
8
9
 
# File 'lib/ssh_sig/verifier.rb', line 7

def initialize(public_keys)
  @public_keys = public_keys
end

Class Method Details

.from_armored_pubkey(armored_pubkey) ⇒ Object 



11
12
13
14
15
 
# File 'lib/ssh_sig/verifier.rb', line 11

def self.from_armored_pubkey(armored_pubkey)
  public_keys = ::SshSig::KeyLoader::PubKey.load(armored_pubkey)

  new(public_keys)
end

.from_github(username, base_addr = 'https://github.com') ⇒ Object 



17
18
19
20
21
 
# File 'lib/ssh_sig/verifier.rb', line 17

def self.from_github(username, base_addr = 'https://github.com')
  public_keys = ::SshSig::KeyLoader::Http.load_dot_keys(username, base_addr)

  new(public_keys)
end

.from_gitlab(username, base_addr = 'https://gitlab.com') ⇒ Object 



23
24
25
26
27
 
# File 'lib/ssh_sig/verifier.rb', line 23

def self.from_gitlab(username, base_addr = 'https://gitlab.com')
  public_keys = ::SshSig::KeyLoader::Http.load_dot_keys(username, base_addr)

  new(public_keys)
end

Instance Method Details

#verify(blob, message) ⇒ Object 



29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
# File 'lib/ssh_sig/verifier.rb', line 29

def verify(blob, message)
  return false unless blob&.signature

  @public_keys.any? do |key|
    key.ssh_do_verify(
      blob.signature.bytes,
      blob.signature_data(message),
      # When using RSA, net-ssh uses this to determine the digest algorithm to use.
      # Added in net-ssh 6.3.0.beta1
      { host_key: blob.signature.algorithm }
    )
  end
rescue ::Ed25519::VerifyError
  # Ed25519 public keys raise exceptions when they fail to verify,
  # but RSA public keys don't
  false
end