[Summary view] [Print] [Text view]

   1  <?php
   2  
   3  /**
   4   * Data structure representing a raw public key.
   5   */
   6  final class PhabricatorAuthSSHPublicKey extends Phobject {
   7  
   8    private $type;
   9    private $body;
  10    private $comment;
  11  
  12    private function __construct() {
  13      // <internal>
  14    }
  15  
  16    public static function newFromStoredKey(PhabricatorAuthSSHKey $key) {
  17      $public_key = new PhabricatorAuthSSHPublicKey();
  18      $public_key->type = $key->getKeyType();
  19      $public_key->body = $key->getKeyBody();
  20      $public_key->comment = $key->getKeyComment();
  21  
  22      return $public_key;
  23    }
  24  
  25    public static function newFromRawKey($entire_key) {
  26      $entire_key = trim($entire_key);
  27      if (!strlen($entire_key)) {
  28        throw new Exception(pht('No public key was provided.'));
  29      }
  30  
  31      $parts = str_replace("\n", '', $entire_key);
  32  
  33      // The third field (the comment) can have spaces in it, so split this
  34      // into a maximum of three parts.
  35      $parts = preg_split('/\s+/', $parts, 3);
  36  
  37      if (preg_match('/private\s*key/i', $entire_key)) {
  38        // Try to give the user a better error message if it looks like
  39        // they uploaded a private key.
  40        throw new Exception(pht('Provide a public key, not a private key!'));
  41      }
  42  
  43      switch (count($parts)) {
  44        case 1:
  45          throw new Exception(
  46            pht('Provided public key is not properly formatted.'));
  47        case 2:
  48          // Add an empty comment part.
  49          $parts[] = '';
  50          break;
  51        case 3:
  52          // This is the expected case.
  53          break;
  54      }
  55  
  56      list($type, $body, $comment) = $parts;
  57  
  58      $recognized_keys = array(
  59        'ssh-dsa',
  60        'ssh-dss',
  61        'ssh-rsa',
  62        'ecdsa-sha2-nistp256',
  63        'ecdsa-sha2-nistp384',
  64        'ecdsa-sha2-nistp521',
  65      );
  66  
  67      if (!in_array($type, $recognized_keys)) {
  68        $type_list = implode(', ', $recognized_keys);
  69        throw new Exception(
  70          pht(
  71            'Public key type should be one of: %s',
  72            $type_list));
  73      }
  74  
  75      $public_key = new PhabricatorAuthSSHPublicKey();
  76      $public_key->type = $type;
  77      $public_key->body = $body;
  78      $public_key->comment = $comment;
  79  
  80      return $public_key;
  81    }
  82  
  83    public function getType() {
  84      return $this->type;
  85    }
  86  
  87    public function getBody() {
  88      return $this->body;
  89    }
  90  
  91    public function getComment() {
  92      return $this->comment;
  93    }
  94  
  95    public function getHash() {
  96      $body = $this->getBody();
  97      $body = trim($body);
  98      $body = rtrim($body, '=');
  99      return PhabricatorHash::digestForIndex($body);
 100    }
 101  
 102    public function getEntireKey() {
 103      $key = $this->type.' '.$this->body;
 104      if (strlen($this->comment)) {
 105        $key = $key.' '.$this->comment;
 106      }
 107      return $key;
 108    }
 109  
 110    public function toPKCS8() {
 111  
 112      // TODO: Put a cache in front of this.
 113  
 114      $tmp = new TempFile();
 115      Filesystem::writeFile($tmp, $this->getEntireKey());
 116      list($pem_key) = execx(
 117        'ssh-keygen -e -m PKCS8 -f %s',
 118        $tmp);
 119      unset($tmp);
 120  
 121      return $pem_key;
 122    }
 123  
 124  }