File: login_httpsign.go

package info (click to toggle)
tea-cli 0.11.1-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 1,648 kB
  • sloc: makefile: 116; sh: 17
file content (92 lines) | stat: -rw-r--r-- 2,082 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
 
// Copyright 2022 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT

package task

import (
	"os"
	"path/filepath"
	"strings"

	"code.gitea.io/sdk/gitea"
	"code.gitea.io/tea/modules/utils"
	"golang.org/x/crypto/ssh"
)

// ListSSHPubkey lists all the ssh keys in the ssh agent and the ~/.ssh/*.pub files
// It returns a list of SSH keys in the format of:
// "fingerprint keytype comment - principals: principals (ssh-agent or path to pubkey file)"
func ListSSHPubkey() []string {
	var keys []string

	keys = append(keys, getAgentKeys()...)
	keys = append(keys, getLocalKeys()...)

	return keys
}

func getAgentKeys() []string {
	ag, err := gitea.GetAgent()
	if err != nil {
		return []string{}
	}

	akeys, err := ag.List()
	if err != nil {
		return nil
	}

	var keys []string

	for _, akey := range akeys {
		if key := parseKeys([]byte(akey.String()), "ssh-agent"); key != "" {
			keys = append(keys, key)
		}
	}

	return keys
}

func getLocalKeys() []string {
	var keys []string

	// enumerate ~/.ssh/*.pub files
	glob, err := utils.AbsPathWithExpansion("~/.ssh/*.pub")
	if err != nil {
		return []string{}
	}
	localPubkeyPaths, err := filepath.Glob(glob)
	if err != nil {
		return []string{}
	}

	// parse each local key with present privkey & compare fingerprints to online keys
	for _, pubkeyPath := range localPubkeyPaths {
		var pubkeyFile []byte
		pubkeyFile, err = os.ReadFile(pubkeyPath)
		if err != nil {
			continue
		}

		if key := parseKeys(pubkeyFile, pubkeyPath); key != "" {
			keys = append(keys, key)
		}
	}

	return keys
}

func parseKeys(pkinput []byte, sshPath string) string {
	pkey, comment, _, _, err := ssh.ParseAuthorizedKey(pkinput)
	if err != nil {
		return ""
	}

	if strings.Contains(pkey.Type(), "cert-v01@openssh.com") {
		principals := pkey.(*ssh.Certificate).ValidPrincipals
		return ssh.FingerprintSHA256(pkey) + " " + pkey.Type() + " " + comment +
			" - principals: " + strings.Join(principals, ",") + " (" + sshPath + ")"
	}

	return ssh.FingerprintSHA256(pkey) + " " + pkey.Type() + " " + comment + " (" + sshPath + ")"
}