You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

115 lines
3.1 KiB

  1. // Copyright 2015 Joyent, Inc.
  2. module.exports = {
  3. read: read,
  4. write: write
  5. };
  6. var assert = require('assert-plus');
  7. var Buffer = require('safer-buffer').Buffer;
  8. var rfc4253 = require('./rfc4253');
  9. var utils = require('../utils');
  10. var Key = require('../key');
  11. var PrivateKey = require('../private-key');
  12. var sshpriv = require('./ssh-private');
  13. /*JSSTYLED*/
  14. var SSHKEY_RE = /^([a-z0-9-]+)[ \t]+([a-zA-Z0-9+\/]+[=]*)([ \t]+([^ \t][^\n]*[\n]*)?)?$/;
  15. /*JSSTYLED*/
  16. var SSHKEY_RE2 = /^([a-z0-9-]+)[ \t\n]+([a-zA-Z0-9+\/][a-zA-Z0-9+\/ \t\n=]*)([^a-zA-Z0-9+\/ \t\n=].*)?$/;
  17. function read(buf, options) {
  18. if (typeof (buf) !== 'string') {
  19. assert.buffer(buf, 'buf');
  20. buf = buf.toString('ascii');
  21. }
  22. var trimmed = buf.trim().replace(/[\\\r]/g, '');
  23. var m = trimmed.match(SSHKEY_RE);
  24. if (!m)
  25. m = trimmed.match(SSHKEY_RE2);
  26. assert.ok(m, 'key must match regex');
  27. var type = rfc4253.algToKeyType(m[1]);
  28. var kbuf = Buffer.from(m[2], 'base64');
  29. /*
  30. * This is a bit tricky. If we managed to parse the key and locate the
  31. * key comment with the regex, then do a non-partial read and assert
  32. * that we have consumed all bytes. If we couldn't locate the key
  33. * comment, though, there may be whitespace shenanigans going on that
  34. * have conjoined the comment to the rest of the key. We do a partial
  35. * read in this case to try to make the best out of a sorry situation.
  36. */
  37. var key;
  38. var ret = {};
  39. if (m[4]) {
  40. try {
  41. key = rfc4253.read(kbuf);
  42. } catch (e) {
  43. m = trimmed.match(SSHKEY_RE2);
  44. assert.ok(m, 'key must match regex');
  45. kbuf = Buffer.from(m[2], 'base64');
  46. key = rfc4253.readInternal(ret, 'public', kbuf);
  47. }
  48. } else {
  49. key = rfc4253.readInternal(ret, 'public', kbuf);
  50. }
  51. assert.strictEqual(type, key.type);
  52. if (m[4] && m[4].length > 0) {
  53. key.comment = m[4];
  54. } else if (ret.consumed) {
  55. /*
  56. * Now the magic: trying to recover the key comment when it's
  57. * gotten conjoined to the key or otherwise shenanigan'd.
  58. *
  59. * Work out how much base64 we used, then drop all non-base64
  60. * chars from the beginning up to this point in the the string.
  61. * Then offset in this and try to make up for missing = chars.
  62. */
  63. var data = m[2] + (m[3] ? m[3] : '');
  64. var realOffset = Math.ceil(ret.consumed / 3) * 4;
  65. data = data.slice(0, realOffset - 2). /*JSSTYLED*/
  66. replace(/[^a-zA-Z0-9+\/=]/g, '') +
  67. data.slice(realOffset - 2);
  68. var padding = ret.consumed % 3;
  69. if (padding > 0 &&
  70. data.slice(realOffset - 1, realOffset) !== '=')
  71. realOffset--;
  72. while (data.slice(realOffset, realOffset + 1) === '=')
  73. realOffset++;
  74. /* Finally, grab what we think is the comment & clean it up. */
  75. var trailer = data.slice(realOffset);
  76. trailer = trailer.replace(/[\r\n]/g, ' ').
  77. replace(/^\s+/, '');
  78. if (trailer.match(/^[a-zA-Z0-9]/))
  79. key.comment = trailer;
  80. }
  81. return (key);
  82. }
  83. function write(key, options) {
  84. assert.object(key);
  85. if (!Key.isKey(key))
  86. throw (new Error('Must be a public key'));
  87. var parts = [];
  88. var alg = rfc4253.keyTypeToAlg(key);
  89. parts.push(alg);
  90. var buf = rfc4253.write(key);
  91. parts.push(buf.toString('base64'));
  92. if (key.comment)
  93. parts.push(key.comment);
  94. return (Buffer.from(parts.join(' ')));
  95. }