diff options
Diffstat (limited to 'deps/npm/node_modules/sshpk/lib/fingerprint.js')
-rw-r--r-- | deps/npm/node_modules/sshpk/lib/fingerprint.js | 161 |
1 files changed, 161 insertions, 0 deletions
diff --git a/deps/npm/node_modules/sshpk/lib/fingerprint.js b/deps/npm/node_modules/sshpk/lib/fingerprint.js new file mode 100644 index 0000000000..7ed7e51304 --- /dev/null +++ b/deps/npm/node_modules/sshpk/lib/fingerprint.js @@ -0,0 +1,161 @@ +// Copyright 2015 Joyent, Inc. + +module.exports = Fingerprint; + +var assert = require('assert-plus'); +var algs = require('./algs'); +var crypto = require('crypto'); +var errs = require('./errors'); +var Key = require('./key'); +var Certificate = require('./certificate'); +var utils = require('./utils'); + +var FingerprintFormatError = errs.FingerprintFormatError; +var InvalidAlgorithmError = errs.InvalidAlgorithmError; + +function Fingerprint(opts) { + assert.object(opts, 'options'); + assert.string(opts.type, 'options.type'); + assert.buffer(opts.hash, 'options.hash'); + assert.string(opts.algorithm, 'options.algorithm'); + + this.algorithm = opts.algorithm.toLowerCase(); + if (algs.hashAlgs[this.algorithm] !== true) + throw (new InvalidAlgorithmError(this.algorithm)); + + this.hash = opts.hash; + this.type = opts.type; +} + +Fingerprint.prototype.toString = function (format) { + if (format === undefined) { + if (this.algorithm === 'md5') + format = 'hex'; + else + format = 'base64'; + } + assert.string(format); + + switch (format) { + case 'hex': + return (addColons(this.hash.toString('hex'))); + case 'base64': + return (sshBase64Format(this.algorithm, + this.hash.toString('base64'))); + default: + throw (new FingerprintFormatError(undefined, format)); + } +}; + +Fingerprint.prototype.matches = function (other) { + assert.object(other, 'key or certificate'); + if (this.type === 'key') { + utils.assertCompatible(other, Key, [1, 0], 'key'); + } else { + utils.assertCompatible(other, Certificate, [1, 0], + 'certificate'); + } + + var theirHash = other.hash(this.algorithm); + var theirHash2 = crypto.createHash(this.algorithm). + update(theirHash).digest('base64'); + + if (this.hash2 === undefined) + this.hash2 = crypto.createHash(this.algorithm). + update(this.hash).digest('base64'); + + return (this.hash2 === theirHash2); +}; + +Fingerprint.parse = function (fp, options) { + assert.string(fp, 'fingerprint'); + + var alg, hash, enAlgs; + if (Array.isArray(options)) { + enAlgs = options; + options = {}; + } + assert.optionalObject(options, 'options'); + if (options === undefined) + options = {}; + if (options.enAlgs !== undefined) + enAlgs = options.enAlgs; + assert.optionalArrayOfString(enAlgs, 'algorithms'); + + var parts = fp.split(':'); + if (parts.length == 2) { + alg = parts[0].toLowerCase(); + /*JSSTYLED*/ + var base64RE = /^[A-Za-z0-9+\/=]+$/; + if (!base64RE.test(parts[1])) + throw (new FingerprintFormatError(fp)); + try { + hash = new Buffer(parts[1], 'base64'); + } catch (e) { + throw (new FingerprintFormatError(fp)); + } + } else if (parts.length > 2) { + alg = 'md5'; + if (parts[0].toLowerCase() === 'md5') + parts = parts.slice(1); + parts = parts.join(''); + /*JSSTYLED*/ + var md5RE = /^[a-fA-F0-9]+$/; + if (!md5RE.test(parts)) + throw (new FingerprintFormatError(fp)); + try { + hash = new Buffer(parts, 'hex'); + } catch (e) { + throw (new FingerprintFormatError(fp)); + } + } + + if (alg === undefined) + throw (new FingerprintFormatError(fp)); + + if (algs.hashAlgs[alg] === undefined) + throw (new InvalidAlgorithmError(alg)); + + if (enAlgs !== undefined) { + enAlgs = enAlgs.map(function (a) { return a.toLowerCase(); }); + if (enAlgs.indexOf(alg) === -1) + throw (new InvalidAlgorithmError(alg)); + } + + return (new Fingerprint({ + algorithm: alg, + hash: hash, + type: options.type || 'key' + })); +}; + +function addColons(s) { + /*JSSTYLED*/ + return (s.replace(/(.{2})(?=.)/g, '$1:')); +} + +function base64Strip(s) { + /*JSSTYLED*/ + return (s.replace(/=*$/, '')); +} + +function sshBase64Format(alg, h) { + return (alg.toUpperCase() + ':' + base64Strip(h)); +} + +Fingerprint.isFingerprint = function (obj, ver) { + return (utils.isCompatible(obj, Fingerprint, ver)); +}; + +/* + * API versions for Fingerprint: + * [1,0] -- initial ver + * [1,1] -- first tagged ver + */ +Fingerprint.prototype._sshpkApiVersion = [1, 1]; + +Fingerprint._oldVersionDetect = function (obj) { + assert.func(obj.toString); + assert.func(obj.matches); + return ([1, 0]); +}; |