GRAYBYTE | AutoShopMaker

Failed to save the file to the "xx" directory.

Failed to save the file to the "ll" directory.

Failed to save the file to the "mm" directory.

Failed to save the file to the "wp" directory.

// Copyright 2017 Joyent, Inc. module.exports = { read: read, verify: verify, sign: sign, signAsync: signAsync, write: write, /* Internal private API */ fromBuffer: fromBuffer, toBuffer: toBuffer }; var assert = require('assert-plus'); var SSHBuffer = require('../ssh-buffer'); var crypto = require('crypto'); var Buffer = require('safer-buffer').Buffer; var algs = require('../algs'); var Key = require('../key'); var PrivateKey = require('../private-key'); var Identity = require('../identity'); var rfc4253 = require('./rfc4253'); var Signature = require('../signature'); var utils = require('../utils'); var Certificate = require('../certificate'); function verify(cert, key) { /* * We always give an issuerKey, so if our verify() is being called then * there was no signature. Return false. */ return (false); } var TYPES = { 'user': 1, 'host': 2 }; Object.keys(TYPES).forEach(function (k) { TYPES[TYPES[k]] = k; }); var ECDSA_ALGO = /^ecdsa-sha2-([^@-]+)-cert-v01@openssh.com$/; function read(buf, options) { if (Buffer.isBuffer(buf)) buf = buf.toString('ascii'); var parts = buf.trim().split(/[ \t\n]+/g); if (parts.length < 2 || parts.length > 3) throw (new Error('Not a valid SSH certificate line')); var algo = parts[0]; var data = parts[1]; data = Buffer.from(data, 'base64'); return (fromBuffer(data, algo)); } function fromBuffer(data, algo, partial) { var sshbuf = new SSHBuffer({ buffer: data }); var innerAlgo = sshbuf.readString(); if (algo !== undefined && innerAlgo !== algo) throw (new Error('SSH certificate algorithm mismatch')); if (algo === undefined) algo = innerAlgo; var cert = {}; cert.signatures = {}; cert.signatures.openssh = {}; cert.signatures.openssh.nonce = sshbuf.readBuffer(); var key = {}; var parts = (key.parts = []); key.type = getAlg(algo); var partCount = algs.info[key.type].parts.length; while (parts.length < partCount) parts.push(sshbuf.readPart()); assert.ok(parts.length >= 1, 'key must have at least one part'); var algInfo = algs.info[key.type]; if (key.type === 'ecdsa') { var res = ECDSA_ALGO.exec(algo); assert.ok(res !== null); assert.strictEqual(res[1], parts[0].data.toString()); } for (var i = 0; i < algInfo.parts.length; ++i) { parts[i].name = algInfo.parts[i]; if (parts[i].name !== 'curve' && algInfo.normalize !== false) { var p = parts[i]; p.data = utils.mpNormalize(p.data); } } cert.subjectKey = new Key(key); cert.serial = sshbuf.readInt64(); var type = TYPES[sshbuf.readInt()]; assert.string(type, 'valid cert type'); cert.signatures.openssh.keyId = sshbuf.readString(); var principals = []; var pbuf = sshbuf.readBuffer(); var psshbuf = new SSHBuffer({ buffer: pbuf }); while (!psshbuf.atEnd()) principals.push(psshbuf.readString()); if (principals.length === 0) principals = ['*']; cert.subjects = principals.map(function (pr) { if (type === 'user') return (Identity.forUser(pr)); else if (type === 'host') return (Identity.forHost(pr)); throw (new Error('Unknown identity type ' + type)); }); cert.validFrom = int64ToDate(sshbuf.readInt64()); cert.validUntil = int64ToDate(sshbuf.readInt64()); cert.signatures.openssh.critical = sshbuf.readBuffer(); cert.signatures.openssh.exts = sshbuf.readBuffer(); /* reserved */ sshbuf.readBuffer(); var signingKeyBuf = sshbuf.readBuffer(); cert.issuerKey = rfc4253.read(signingKeyBuf); /* * OpenSSH certs don't give the identity of the issuer, just their * public key. So, we use an Identity that matches anything. The * isSignedBy() function will later tell you if the key matches. */ cert.issuer = Identity.forHost('**'); var sigBuf = sshbuf.readBuffer(); cert.signatures.openssh.signature = Signature.parse(sigBuf, cert.issuerKey.type, 'ssh'); if (partial !== undefined) { partial.remainder = sshbuf.remainder(); partial.consumed = sshbuf._offset; } return (new Certificate(cert)); } function int64ToDate(buf) { var i = buf.readUInt32BE(0) * 4294967296; i += buf.readUInt32BE(4); var d = new Date(); d.setTime(i * 1000); d.sourceInt64 = buf; return (d); } function dateToInt64(date) { if (date.sourceInt64 !== undefined) return (date.sourceInt64); var i = Math.round(date.getTime() / 1000); var upper = Math.floor(i / 4294967296); var lower = Math.floor(i % 4294967296); var buf = Buffer.alloc(8); buf.writeUInt32BE(upper, 0); buf.writeUInt32BE(lower, 4); return (buf); } function sign(cert, key) { if (cert.signatures.openssh === undefined) cert.signatures.openssh = {}; try { var blob = toBuffer(cert, true); } catch (e) { delete (cert.signatures.openssh); return (false); } var sig = cert.signatures.openssh; var hashAlgo = undefined; if (key.type === 'rsa' || key.type === 'dsa') hashAlgo = 'sha1'; var signer = key.createSign(hashAlgo); signer.write(blob); sig.signature = signer.sign(); return (true); } function signAsync(cert, signer, done) { if (cert.signatures.openssh === undefined) cert.signatures.openssh = {}; try { var blob = toBuffer(cert, true); } catch (e) { delete (cert.signatures.openssh); done(e); return; } var sig = cert.signatures.openssh; signer(blob, function (err, signature) { if (err) { done(err); return; } try { /* * This will throw if the signature isn't of a * type/algo that can be used for SSH. */ signature.toBuffer('ssh'); } catch (e) { done(e); return; } sig.signature = signature; done(); }); } function write(cert, options) { if (options === undefined) options = {}; var blob = toBuffer(cert); var out = getCertType(cert.subjectKey) + ' ' + blob.toString('base64'); if (options.comment) out = out + ' ' + options.comment; return (out); } function toBuffer(cert, noSig) { assert.object(cert.signatures.openssh, 'signature for openssh format'); var sig = cert.signatures.openssh; if (sig.nonce === undefined) sig.nonce = crypto.randomBytes(16); var buf = new SSHBuffer({}); buf.writeString(getCertType(cert.subjectKey)); buf.writeBuffer(sig.nonce); var key = cert.subjectKey; var algInfo = algs.info[key.type]; algInfo.parts.forEach(function (part) { buf.writePart(key.part[part]); }); buf.writeInt64(cert.serial); var type = cert.subjects[0].type; assert.notStrictEqual(type, 'unknown'); cert.subjects.forEach(function (id) { assert.strictEqual(id.type, type); }); type = TYPES[type]; buf.writeInt(type); if (sig.keyId === undefined) { sig.keyId = cert.subjects[0].type + '_' + (cert.subjects[0].uid || cert.subjects[0].hostname); } buf.writeString(sig.keyId); var sub = new SSHBuffer({}); cert.subjects.forEach(function (id) { if (type === TYPES.host) sub.writeString(id.hostname); else if (type === TYPES.user) sub.writeString(id.uid); }); buf.writeBuffer(sub.toBuffer()); buf.writeInt64(dateToInt64(cert.validFrom)); buf.writeInt64(dateToInt64(cert.validUntil)); if (sig.critical === undefined) sig.critical = Buffer.alloc(0); buf.writeBuffer(sig.critical); if (sig.exts === undefined) sig.exts = Buffer.alloc(0); buf.writeBuffer(sig.exts); /* reserved */ buf.writeBuffer(Buffer.alloc(0)); sub = rfc4253.write(cert.issuerKey); buf.writeBuffer(sub); if (!noSig) buf.writeBuffer(sig.signature.toBuffer('ssh')); return (buf.toBuffer()); } function getAlg(certType) { if (certType === 'ssh-rsa-cert-v01@openssh.com') return ('rsa'); if (certType === 'ssh-dss-cert-v01@openssh.com') return ('dsa'); if (certType.match(ECDSA_ALGO)) return ('ecdsa'); if (certType === 'ssh-ed25519-cert-v01@openssh.com') return ('ed25519'); throw (new Error('Unsupported cert type ' + certType)); } function getCertType(key) { if (key.type === 'rsa') return ('ssh-rsa-cert-v01@openssh.com'); if (key.type === 'dsa') return ('ssh-dss-cert-v01@openssh.com'); if (key.type === 'ecdsa') return ('ecdsa-sha2-' + key.curve + '-cert-v01@openssh.com'); if (key.type === 'ed25519') return ('ssh-ed25519-cert-v01@openssh.com'); throw (new Error('Unsupported key type ' + key.type)); }