[6a3a178] | 1 | // Copyright 2015 Joyent, Inc.
|
---|
| 2 |
|
---|
| 3 | module.exports = {
|
---|
| 4 | read: read,
|
---|
| 5 | write: write
|
---|
| 6 | };
|
---|
| 7 |
|
---|
| 8 | var assert = require('assert-plus');
|
---|
| 9 | var Buffer = require('safer-buffer').Buffer;
|
---|
| 10 | var rfc4253 = require('./rfc4253');
|
---|
| 11 | var utils = require('../utils');
|
---|
| 12 | var Key = require('../key');
|
---|
| 13 | var PrivateKey = require('../private-key');
|
---|
| 14 |
|
---|
| 15 | var sshpriv = require('./ssh-private');
|
---|
| 16 |
|
---|
| 17 | /*JSSTYLED*/
|
---|
| 18 | var SSHKEY_RE = /^([a-z0-9-]+)[ \t]+([a-zA-Z0-9+\/]+[=]*)([ \t]+([^ \t][^\n]*[\n]*)?)?$/;
|
---|
| 19 | /*JSSTYLED*/
|
---|
| 20 | var SSHKEY_RE2 = /^([a-z0-9-]+)[ \t\n]+([a-zA-Z0-9+\/][a-zA-Z0-9+\/ \t\n=]*)([^a-zA-Z0-9+\/ \t\n=].*)?$/;
|
---|
| 21 |
|
---|
| 22 | function read(buf, options) {
|
---|
| 23 | if (typeof (buf) !== 'string') {
|
---|
| 24 | assert.buffer(buf, 'buf');
|
---|
| 25 | buf = buf.toString('ascii');
|
---|
| 26 | }
|
---|
| 27 |
|
---|
| 28 | var trimmed = buf.trim().replace(/[\\\r]/g, '');
|
---|
| 29 | var m = trimmed.match(SSHKEY_RE);
|
---|
| 30 | if (!m)
|
---|
| 31 | m = trimmed.match(SSHKEY_RE2);
|
---|
| 32 | assert.ok(m, 'key must match regex');
|
---|
| 33 |
|
---|
| 34 | var type = rfc4253.algToKeyType(m[1]);
|
---|
| 35 | var kbuf = Buffer.from(m[2], 'base64');
|
---|
| 36 |
|
---|
| 37 | /*
|
---|
| 38 | * This is a bit tricky. If we managed to parse the key and locate the
|
---|
| 39 | * key comment with the regex, then do a non-partial read and assert
|
---|
| 40 | * that we have consumed all bytes. If we couldn't locate the key
|
---|
| 41 | * comment, though, there may be whitespace shenanigans going on that
|
---|
| 42 | * have conjoined the comment to the rest of the key. We do a partial
|
---|
| 43 | * read in this case to try to make the best out of a sorry situation.
|
---|
| 44 | */
|
---|
| 45 | var key;
|
---|
| 46 | var ret = {};
|
---|
| 47 | if (m[4]) {
|
---|
| 48 | try {
|
---|
| 49 | key = rfc4253.read(kbuf);
|
---|
| 50 |
|
---|
| 51 | } catch (e) {
|
---|
| 52 | m = trimmed.match(SSHKEY_RE2);
|
---|
| 53 | assert.ok(m, 'key must match regex');
|
---|
| 54 | kbuf = Buffer.from(m[2], 'base64');
|
---|
| 55 | key = rfc4253.readInternal(ret, 'public', kbuf);
|
---|
| 56 | }
|
---|
| 57 | } else {
|
---|
| 58 | key = rfc4253.readInternal(ret, 'public', kbuf);
|
---|
| 59 | }
|
---|
| 60 |
|
---|
| 61 | assert.strictEqual(type, key.type);
|
---|
| 62 |
|
---|
| 63 | if (m[4] && m[4].length > 0) {
|
---|
| 64 | key.comment = m[4];
|
---|
| 65 |
|
---|
| 66 | } else if (ret.consumed) {
|
---|
| 67 | /*
|
---|
| 68 | * Now the magic: trying to recover the key comment when it's
|
---|
| 69 | * gotten conjoined to the key or otherwise shenanigan'd.
|
---|
| 70 | *
|
---|
| 71 | * Work out how much base64 we used, then drop all non-base64
|
---|
| 72 | * chars from the beginning up to this point in the the string.
|
---|
| 73 | * Then offset in this and try to make up for missing = chars.
|
---|
| 74 | */
|
---|
| 75 | var data = m[2] + (m[3] ? m[3] : '');
|
---|
| 76 | var realOffset = Math.ceil(ret.consumed / 3) * 4;
|
---|
| 77 | data = data.slice(0, realOffset - 2). /*JSSTYLED*/
|
---|
| 78 | replace(/[^a-zA-Z0-9+\/=]/g, '') +
|
---|
| 79 | data.slice(realOffset - 2);
|
---|
| 80 |
|
---|
| 81 | var padding = ret.consumed % 3;
|
---|
| 82 | if (padding > 0 &&
|
---|
| 83 | data.slice(realOffset - 1, realOffset) !== '=')
|
---|
| 84 | realOffset--;
|
---|
| 85 | while (data.slice(realOffset, realOffset + 1) === '=')
|
---|
| 86 | realOffset++;
|
---|
| 87 |
|
---|
| 88 | /* Finally, grab what we think is the comment & clean it up. */
|
---|
| 89 | var trailer = data.slice(realOffset);
|
---|
| 90 | trailer = trailer.replace(/[\r\n]/g, ' ').
|
---|
| 91 | replace(/^\s+/, '');
|
---|
| 92 | if (trailer.match(/^[a-zA-Z0-9]/))
|
---|
| 93 | key.comment = trailer;
|
---|
| 94 | }
|
---|
| 95 |
|
---|
| 96 | return (key);
|
---|
| 97 | }
|
---|
| 98 |
|
---|
| 99 | function write(key, options) {
|
---|
| 100 | assert.object(key);
|
---|
| 101 | if (!Key.isKey(key))
|
---|
| 102 | throw (new Error('Must be a public key'));
|
---|
| 103 |
|
---|
| 104 | var parts = [];
|
---|
| 105 | var alg = rfc4253.keyTypeToAlg(key);
|
---|
| 106 | parts.push(alg);
|
---|
| 107 |
|
---|
| 108 | var buf = rfc4253.write(key);
|
---|
| 109 | parts.push(buf.toString('base64'));
|
---|
| 110 |
|
---|
| 111 | if (key.comment)
|
---|
| 112 | parts.push(key.comment);
|
---|
| 113 |
|
---|
| 114 | return (Buffer.from(parts.join(' ')));
|
---|
| 115 | }
|
---|