Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/npm/cli.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/node_modules/sshpk/lib/fingerprint.js
diff options
context:
space:
mode:
Diffstat (limited to 'node_modules/sshpk/lib/fingerprint.js')
-rw-r--r--node_modules/sshpk/lib/fingerprint.js80
1 files changed, 69 insertions, 11 deletions
diff --git a/node_modules/sshpk/lib/fingerprint.js b/node_modules/sshpk/lib/fingerprint.js
index 4e75e6667..0004b376e 100644
--- a/node_modules/sshpk/lib/fingerprint.js
+++ b/node_modules/sshpk/lib/fingerprint.js
@@ -1,4 +1,4 @@
-// Copyright 2015 Joyent, Inc.
+// Copyright 2018 Joyent, Inc.
module.exports = Fingerprint;
@@ -8,6 +8,7 @@ var algs = require('./algs');
var crypto = require('crypto');
var errs = require('./errors');
var Key = require('./key');
+var PrivateKey = require('./private-key');
var Certificate = require('./certificate');
var utils = require('./utils');
@@ -26,11 +27,12 @@ function Fingerprint(opts) {
this.hash = opts.hash;
this.type = opts.type;
+ this.hashType = opts.hashType;
}
Fingerprint.prototype.toString = function (format) {
if (format === undefined) {
- if (this.algorithm === 'md5')
+ if (this.algorithm === 'md5' || this.hashType === 'spki')
format = 'hex';
else
format = 'base64';
@@ -39,8 +41,12 @@ Fingerprint.prototype.toString = function (format) {
switch (format) {
case 'hex':
+ if (this.hashType === 'spki')
+ return (this.hash.toString('hex'));
return (addColons(this.hash.toString('hex')));
case 'base64':
+ if (this.hashType === 'spki')
+ return (this.hash.toString('base64'));
return (sshBase64Format(this.algorithm,
this.hash.toString('base64')));
default:
@@ -50,14 +56,20 @@ Fingerprint.prototype.toString = function (format) {
Fingerprint.prototype.matches = function (other) {
assert.object(other, 'key or certificate');
- if (this.type === 'key') {
+ if (this.type === 'key' && this.hashType !== 'ssh') {
+ utils.assertCompatible(other, Key, [1, 7], 'key with spki');
+ if (PrivateKey.isPrivateKey(other)) {
+ utils.assertCompatible(other, PrivateKey, [1, 6],
+ 'privatekey with spki support');
+ }
+ } else if (this.type === 'key') {
utils.assertCompatible(other, Key, [1, 0], 'key');
} else {
utils.assertCompatible(other, Certificate, [1, 0],
'certificate');
}
- var theirHash = other.hash(this.algorithm);
+ var theirHash = other.hash(this.algorithm, this.hashType);
var theirHash2 = crypto.createHash(this.algorithm).
update(theirHash).digest('base64');
@@ -68,6 +80,11 @@ Fingerprint.prototype.matches = function (other) {
return (this.hash2 === theirHash2);
};
+/*JSSTYLED*/
+var base64RE = /^[A-Za-z0-9+\/=]+$/;
+/*JSSTYLED*/
+var hexRE = /^[a-fA-F0-9]+$/;
+
Fingerprint.parse = function (fp, options) {
assert.string(fp, 'fingerprint');
@@ -81,13 +98,18 @@ Fingerprint.parse = function (fp, options) {
options = {};
if (options.enAlgs !== undefined)
enAlgs = options.enAlgs;
+ if (options.algorithms !== undefined)
+ enAlgs = options.algorithms;
assert.optionalArrayOfString(enAlgs, 'algorithms');
+ var hashType = 'ssh';
+ if (options.hashType !== undefined)
+ hashType = options.hashType;
+ assert.string(hashType, 'options.hashType');
+
var parts = fp.split(':');
if (parts.length == 2) {
alg = parts[0].toLowerCase();
- /*JSSTYLED*/
- var base64RE = /^[A-Za-z0-9+\/=]+$/;
if (!base64RE.test(parts[1]))
throw (new FingerprintFormatError(fp));
try {
@@ -99,16 +121,50 @@ Fingerprint.parse = function (fp, options) {
alg = 'md5';
if (parts[0].toLowerCase() === 'md5')
parts = parts.slice(1);
+ parts = parts.map(function (p) {
+ while (p.length < 2)
+ p = '0' + p;
+ if (p.length > 2)
+ throw (new FingerprintFormatError(fp));
+ return (p);
+ });
parts = parts.join('');
- /*JSSTYLED*/
- var md5RE = /^[a-fA-F0-9]+$/;
- if (!md5RE.test(parts))
+ if (!hexRE.test(parts) || parts.length % 2 !== 0)
throw (new FingerprintFormatError(fp));
try {
hash = Buffer.from(parts, 'hex');
} catch (e) {
throw (new FingerprintFormatError(fp));
}
+ } else {
+ if (hexRE.test(fp)) {
+ hash = Buffer.from(fp, 'hex');
+ } else if (base64RE.test(fp)) {
+ hash = Buffer.from(fp, 'base64');
+ } else {
+ throw (new FingerprintFormatError(fp));
+ }
+
+ switch (hash.length) {
+ case 32:
+ alg = 'sha256';
+ break;
+ case 16:
+ alg = 'md5';
+ break;
+ case 20:
+ alg = 'sha1';
+ break;
+ case 64:
+ alg = 'sha512';
+ break;
+ default:
+ throw (new FingerprintFormatError(fp));
+ }
+
+ /* Plain hex/base64: guess it's probably SPKI unless told. */
+ if (options.hashType === undefined)
+ hashType = 'spki';
}
if (alg === undefined)
@@ -126,7 +182,8 @@ Fingerprint.parse = function (fp, options) {
return (new Fingerprint({
algorithm: alg,
hash: hash,
- type: options.type || 'key'
+ type: options.type || 'key',
+ hashType: hashType
}));
};
@@ -152,8 +209,9 @@ Fingerprint.isFingerprint = function (obj, ver) {
* API versions for Fingerprint:
* [1,0] -- initial ver
* [1,1] -- first tagged ver
+ * [1,2] -- hashType and spki support
*/
-Fingerprint.prototype._sshpkApiVersion = [1, 1];
+Fingerprint.prototype._sshpkApiVersion = [1, 2];
Fingerprint._oldVersionDetect = function (obj) {
assert.func(obj.toString);
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-04 10:26:00 +0300