1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
// Copyright 2012 Joyent, Inc. All rights reserved.
var assert = require('assert-plus');
var sshpk = require('sshpk');
var util = require('util');
var HASH_ALGOS = {
'sha1': true,
'sha256': true,
'sha512': true
};
var PK_ALGOS = {
'rsa': true,
'dsa': true,
'ecdsa': true
};
function HttpSignatureError(message, caller) {
if (Error.captureStackTrace)
Error.captureStackTrace(this, caller || HttpSignatureError);
this.message = message;
this.name = caller.name;
}
util.inherits(HttpSignatureError, Error);
function InvalidAlgorithmError(message) {
HttpSignatureError.call(this, message, InvalidAlgorithmError);
}
util.inherits(InvalidAlgorithmError, HttpSignatureError);
function validateAlgorithm(algorithm) {
var alg = algorithm.toLowerCase().split('-');
if (alg.length !== 2) {
throw (new InvalidAlgorithmError(alg[0].toUpperCase() + ' is not a ' +
'valid algorithm'));
}
if (alg[0] !== 'hmac' && !PK_ALGOS[alg[0]]) {
throw (new InvalidAlgorithmError(alg[0].toUpperCase() + ' type keys ' +
'are not supported'));
}
if (!HASH_ALGOS[alg[1]]) {
throw (new InvalidAlgorithmError(alg[1].toUpperCase() + ' is not a ' +
'supported hash algorithm'));
}
return (alg);
}
///--- API
module.exports = {
HASH_ALGOS: HASH_ALGOS,
PK_ALGOS: PK_ALGOS,
HttpSignatureError: HttpSignatureError,
InvalidAlgorithmError: InvalidAlgorithmError,
validateAlgorithm: validateAlgorithm,
/**
* Converts an OpenSSH public key (rsa only) to a PKCS#8 PEM file.
*
* The intent of this module is to interoperate with OpenSSL only,
* specifically the node crypto module's `verify` method.
*
* @param {String} key an OpenSSH public key.
* @return {String} PEM encoded form of the RSA public key.
* @throws {TypeError} on bad input.
* @throws {Error} on invalid ssh key formatted data.
*/
sshKeyToPEM: function sshKeyToPEM(key) {
assert.string(key, 'ssh_key');
var k = sshpk.parseKey(key, 'ssh');
return (k.toString('pem'));
},
/**
* Generates an OpenSSH fingerprint from an ssh public key.
*
* @param {String} key an OpenSSH public key.
* @return {String} key fingerprint.
* @throws {TypeError} on bad input.
* @throws {Error} if what you passed doesn't look like an ssh public key.
*/
fingerprint: function fingerprint(key) {
assert.string(key, 'ssh_key');
var k = sshpk.parseKey(key, 'ssh');
return (k.fingerprint('md5').toString('hex'));
},
/**
* Converts a PKGCS#8 PEM file to an OpenSSH public key (rsa)
*
* The reverse of the above function.
*/
pemToRsaSSHKey: function pemToRsaSSHKey(pem, comment) {
assert.equal('string', typeof (pem), 'typeof pem');
var k = sshpk.parseKey(pem, 'pem');
k.comment = comment;
return (k.toString('ssh'));
}
};
|
