Class: Net::SSH::Authentication::Certificate

Inherits:
Object
  • Object
show all
Defined in:
lib/net/ssh/authentication/certificate.rb

Overview

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#critical_optionsObject

Returns the value of attribute critical_options


18
19
20
# File 'lib/net/ssh/authentication/certificate.rb', line 18

def critical_options
  @critical_options
end

#extensionsObject

Returns the value of attribute extensions


19
20
21
# File 'lib/net/ssh/authentication/certificate.rb', line 19

def extensions
  @extensions
end

#keyObject

Returns the value of attribute key


11
12
13
# File 'lib/net/ssh/authentication/certificate.rb', line 11

def key
  @key
end

#key_idObject

Returns the value of attribute key_id


14
15
16
# File 'lib/net/ssh/authentication/certificate.rb', line 14

def key_id
  @key_id
end

#nonceObject

Returns the value of attribute nonce


10
11
12
# File 'lib/net/ssh/authentication/certificate.rb', line 10

def nonce
  @nonce
end

#reservedObject

Returns the value of attribute reserved


20
21
22
# File 'lib/net/ssh/authentication/certificate.rb', line 20

def reserved
  @reserved
end

#serialObject

Returns the value of attribute serial


12
13
14
# File 'lib/net/ssh/authentication/certificate.rb', line 12

def serial
  @serial
end

#signatureObject

Returns the value of attribute signature


22
23
24
# File 'lib/net/ssh/authentication/certificate.rb', line 22

def signature
  @signature
end

#signature_keyObject

Returns the value of attribute signature_key


21
22
23
# File 'lib/net/ssh/authentication/certificate.rb', line 21

def signature_key
  @signature_key
end

#typeObject

Returns the value of attribute type


13
14
15
# File 'lib/net/ssh/authentication/certificate.rb', line 13

def type
  @type
end

#valid_afterObject

Returns the value of attribute valid_after


16
17
18
# File 'lib/net/ssh/authentication/certificate.rb', line 16

def valid_after
  @valid_after
end

#valid_beforeObject

Returns the value of attribute valid_before


17
18
19
# File 'lib/net/ssh/authentication/certificate.rb', line 17

def valid_before
  @valid_before
end

#valid_principalsObject

Returns the value of attribute valid_principals


15
16
17
# File 'lib/net/ssh/authentication/certificate.rb', line 15

def valid_principals
  @valid_principals
end

Class Method Details

.read_certblob(buffer, type) ⇒ Object

Read a certificate blob associated with a key of the given type.


25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
# File 'lib/net/ssh/authentication/certificate.rb', line 25

def self.read_certblob(buffer, type)
  cert = Certificate.new
  cert.nonce = buffer.read_string
  cert.key = buffer.read_keyblob(type)
  cert.serial = buffer.read_int64
  cert.type = type_symbol(buffer.read_long)
  cert.key_id = buffer.read_string
  cert.valid_principals = buffer.read_buffer.read_all(&:read_string)
  cert.valid_after = Time.at(buffer.read_int64)
  
  cert.valid_before = if RUBY_PLATFORM == "java"
                        # 0x20c49ba5e353f7 = 0x7fffffffffffffff/1000, the largest value possible for JRuby
                        # JRuby Time.at multiplies the arg by 1000, and then stores it in a signed long.
                        # 0x20c49ba2d52500 = 292278993-01-01 00:00:00 +0000
                        # JRuby 9.1 does not accept the year 292278994 because of edge cases (https://github.com/JodaOrg/joda-time/issues/190)
                        Time.at([0x20c49ba2d52500, buffer.read_int64].min)
                      else
                        Time.at(buffer.read_int64)
                      end

  cert.critical_options = read_options(buffer)
  cert.extensions = read_options(buffer)
  cert.reserved = buffer.read_string
  cert.signature_key = buffer.read_buffer.read_key
  cert.signature = buffer.read_string
  cert
end

Instance Method Details

#fingerprintObject


81
82
83
# File 'lib/net/ssh/authentication/certificate.rb', line 81

def fingerprint
  key.fingerprint
end

#sign(key, sign_nonce = nil) ⇒ Object


97
98
99
100
# File 'lib/net/ssh/authentication/certificate.rb', line 97

def sign(key, sign_nonce=nil)
  cert = clone
  cert.sign!(key, sign_nonce)
end

#sign!(key, sign_nonce = nil) ⇒ Object

Signs the certificate with key.


86
87
88
89
90
91
92
93
94
95
# File 'lib/net/ssh/authentication/certificate.rb', line 86

def sign!(key, sign_nonce=nil)
  # ssh-keygen uses 32 bytes of nonce.
  self.nonce = sign_nonce || SecureRandom.random_bytes(32)
  self.signature_key = key
  self.signature = Net::SSH::Buffer.from(
    :string, key.ssh_signature_type,
    :mstring, key.ssh_do_sign(to_blob_without_signature)
  ).to_s
  self
end

#signature_valid?Boolean

Checks whether the certificate's signature was signed by signature key.

Returns:

  • (Boolean)

103
104
105
106
107
# File 'lib/net/ssh/authentication/certificate.rb', line 103

def signature_valid?
  buffer = Buffer.new(signature)
  buffer.read_string # skip signature format
  signature_key.ssh_do_verify(buffer.read_string, to_blob_without_signature)
end

#ssh_do_sign(data) ⇒ Object


69
70
71
# File 'lib/net/ssh/authentication/certificate.rb', line 69

def ssh_do_sign(data)
  key.ssh_do_sign(data)
end

#ssh_do_verify(sig, data, options = {}) ⇒ Object


73
74
75
# File 'lib/net/ssh/authentication/certificate.rb', line 73

def ssh_do_verify(sig, data, options = {})
  key.ssh_do_verify(sig, data, options)
end

#ssh_signature_typeObject


57
58
59
# File 'lib/net/ssh/authentication/certificate.rb', line 57

def ssh_signature_type
  key.ssh_type
end

#ssh_typeObject


53
54
55
# File 'lib/net/ssh/authentication/certificate.rb', line 53

def ssh_type
  key.ssh_type + "[email protected]"
end

#to_blobObject

Serializes the certificate (and key).


62
63
64
65
66
67
# File 'lib/net/ssh/authentication/certificate.rb', line 62

def to_blob
  Buffer.from(
    :raw, to_blob_without_signature,
    :string, signature
  ).to_s
end

#to_pemObject


77
78
79
# File 'lib/net/ssh/authentication/certificate.rb', line 77

def to_pem
  key.to_pem
end