-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathkey_public.go
80 lines (66 loc) · 2.17 KB
/
key_public.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
package sshx
import (
"crypto"
"fmt"
"os"
"golang.org/x/crypto/ssh"
)
// PublicKey defines common methods for all ssh public keys.
type PublicKey interface {
ssh.PublicKey
Raw() crypto.PublicKey
Equal(PublicKey) error
String() string
}
// WrapSSHPublicKey wraps the provided ssh.PublicKey.
func WrapSSHPublicKey(sshPublicKey ssh.PublicKey) PublicKey {
switch t := sshPublicKey.(type) {
case PublicKey:
return t
default:
return &publicKey{PublicKey: sshPublicKey}
}
}
// NewPublicKeyFromOpenSSHAuthorizedKeyBytes parses an SSH public key from PEM bytes.
func NewPublicKeyFromOpenSSHAuthorizedKeyBytes(raw []byte) (PublicKey, error) {
sshPubKey, _, _, _, err := ssh.ParseAuthorizedKey(raw)
if err != nil {
return nil, fmt.Errorf("unable to parse ssh public key from raw openssh public key: %v", err)
}
return WrapSSHPublicKey(sshPubKey), nil
}
// NewPublicKeyFromOpenSSHAuthorizedKeyFile parses an SSH public key from PEM file.
func NewPublicKeyFromOpenSSHAuthorizedKeyFile(filePath string) (PublicKey, error) {
rawFileContent, err := os.ReadFile(filePath) //nolint:gosec // G304 is a choice here
if err != nil {
return nil, fmt.Errorf("unable to read %q file: %w", filePath, err)
}
return NewPublicKeyFromOpenSSHAuthorizedKeyBytes(rawFileContent)
}
type publicKey struct {
ssh.PublicKey
}
func (key publicKey) Raw() crypto.PublicKey {
cryptoPubKeyGetter, ok := key.PublicKey.(ssh.CryptoPublicKey)
if !ok {
panic(fmt.Sprintf("ssh public key %T does not implement crypto public key", key.PublicKey))
}
return cryptoPubKeyGetter.CryptoPublicKey()
}
func (key publicKey) Equal(comparedKey PublicKey) error {
comparedKeyCryptoPubKey := comparedKey.Raw()
cryptoPubKey := key.Raw()
cryptoPubKeyWithEqual, ok := cryptoPubKey.(interface {
Equal(crypto.PublicKey) bool
})
if !ok {
return fmt.Errorf("crypto public key %T does not implement Equal method", cryptoPubKey)
}
if !cryptoPubKeyWithEqual.Equal(comparedKeyCryptoPubKey) {
return fmt.Errorf("crypto public key %T is not equal to provided crypto public key %T", cryptoPubKeyWithEqual, comparedKey)
}
return nil
}
func (key publicKey) String() string {
return string(ssh.MarshalAuthorizedKey(key.PublicKey))
}