1
|
|
|
# frozen_string_literal: true |
2
|
|
|
|
3
|
|
|
# rubocop:disable Style/Documentation |
4
|
|
|
|
5
|
|
|
require 'English' |
6
|
|
|
|
7
|
|
|
require_relative 'exception/invalid_key_exception' |
8
|
|
|
require_relative 'exception/ssh_keygen_missing_exception' |
9
|
|
|
|
10
|
|
|
module AMA |
11
|
|
|
module Chef |
12
|
|
|
module SSHPrivateKeys |
13
|
|
|
class SSHKeygenHandler |
14
|
|
|
def initialize(binary) |
15
|
|
|
@binary = binary |
16
|
|
|
end |
17
|
|
|
|
18
|
|
|
def public_key_fingerprint(public_key) |
19
|
|
|
execution = run_with_temporary_file(public_key) do |path| |
20
|
|
|
return [@binary, '-l', '-f', path] |
21
|
|
|
end |
22
|
|
|
if execution.error |
23
|
|
|
message = 'Failed to generate fingerprint for ' \ |
24
|
|
|
"public key #{public_key}" |
25
|
|
|
raise_execution_exception(execution, message) |
26
|
|
|
end |
27
|
|
|
execution |
28
|
|
|
end |
29
|
|
|
|
30
|
|
|
# @param [AMA::Chef::SSHPrivateKeys::Model::KeyPair] pair |
31
|
|
|
# @return [AMA::Chef::SSHPrivateKeys::Model::PublicKey] |
32
|
|
|
def generate_public_key(pair) |
33
|
|
|
execution = run_with_temporary_file(pair.private_key) do |path| |
34
|
|
|
[@binary, '-y', '-f', path, '-P', pair.passphrase.to_s] |
35
|
|
|
end |
36
|
|
|
if execution.error? |
37
|
|
|
message = "Failed to create public key from private key #{pair.id}" |
38
|
|
|
raise_execution_exception(execution, message) |
39
|
|
|
end |
40
|
|
|
raw = execution.stdout.chomp |
41
|
|
|
match_data = /([\w\-]+)\s+([^\s]+)\s*(.*)/.match(raw) |
42
|
|
|
unless match_data |
43
|
|
|
msg = "Failed to read public key created from private key: #{raw}" |
44
|
|
|
raise_invalid_key_exception(msg) |
45
|
|
|
end |
46
|
|
|
AMA::Chef::SSHPrivateKeys::Model::PublicKey.new.tap do |key| |
47
|
|
|
key.type = match_data[1] |
48
|
|
|
key.data = match_data[2] |
49
|
|
|
key.comment = match_data[3] |
50
|
|
|
end |
51
|
|
|
end |
52
|
|
|
|
53
|
|
|
def self.locate_binary |
54
|
|
|
execution = ::Mixlib::ShellOut.new('which', 'ssh-keygen') |
55
|
|
|
execution.run_command |
56
|
|
|
execution.error? ? nil : execution.stdout.lines.first.chomp |
57
|
|
|
end |
58
|
|
|
|
59
|
|
|
def self.locate_binary! |
60
|
|
|
binary = locate_binary |
61
|
|
|
return binary if binary |
62
|
|
|
raise( |
63
|
|
|
AMA::Chef::SSHPrivateKeys::Exception::SSHKeygenMissingException, |
64
|
|
|
'Failed to locate ssh-keygen binary for key validation' |
65
|
|
|
) |
66
|
|
|
end |
67
|
|
|
|
68
|
|
|
private |
69
|
|
|
|
70
|
|
|
def execute(*command) |
71
|
|
|
::Chef::Log.debug("Executing command: #{command}") |
72
|
|
|
::Mixlib::ShellOut.new(*command).tap(&:run_command) |
73
|
|
|
end |
74
|
|
|
|
75
|
|
|
def run_with_temporary_file(content) |
76
|
|
|
with_temporary_file(content) do |path| |
77
|
|
|
execute(*yield(path)) |
78
|
|
|
end |
79
|
|
|
end |
80
|
|
|
|
81
|
|
|
def with_temporary_file(content) |
82
|
|
|
target = Tempfile.new(['ama-ssh-private-keys-']) |
83
|
|
|
::IO.write(target.path, content) |
84
|
|
|
begin |
85
|
|
|
return yield(target.path) |
86
|
|
|
ensure |
87
|
|
|
target.close(true) |
88
|
|
|
end |
89
|
|
|
end |
90
|
|
|
|
91
|
|
|
def raise_invalid_key_exception(*message) |
92
|
|
|
raise( |
93
|
|
|
AMA::Chef::SSHPrivateKeys::Exception::InvalidKeyException, |
94
|
|
|
message.join(" #{$ORS}") |
95
|
|
|
) |
96
|
|
|
end |
97
|
|
|
|
98
|
|
|
def raise_execution_exception(execution, *message) |
99
|
|
|
message.push("STDOUT: #{execution.stdout}") |
100
|
|
|
message.push("STDERR: #{execution.stderr}") |
101
|
|
|
raise_invalid_key_exception(*message) |
102
|
|
|
end |
103
|
|
|
end |
104
|
|
|
end |
105
|
|
|
end |
106
|
|
|
end |
107
|
|
|
|