def _serialize_extensions(self):
# Options must be lexically ordered by "name" if they appear in the
# sequence. Each named option may only appear once in a certificate.
extensions_list = sorted(self.extensions)
serialized = ''
# Format is a series of {extension name}{empty string}
for extension in extensions_list:
serialized += pack_ssh_string(extension)
serialized += pack_ssh_string('')
return serialized
def _serialize_extensions(self):
# Options must be lexically ordered by "name" if they appear in the
# sequence. Each named option may only appear once in a certificate.
extensions_list = sorted(self.extensions)
serialized = ''
# Format is a series of {extension name}{empty string}
for extension in extensions_list:
serialized += pack_ssh_string(extension)
serialized += pack_ssh_string('')
return serialized
def _serialize_valid_principals(self):
serialized = ''
for principal in self.valid_principals:
serialized += pack_ssh_string(principal)
return serialized
def _serialize_valid_principals(self):
serialized = ''
for principal in self.valid_principals:
serialized += pack_ssh_string(principal)
return serialized
def get_signature_key(self):
"""
Get the SSH Public Key associated with this CA.
Packed per RFC4253 section 6.6.
:return: SSH Public Key.
"""
key = pack_ssh_string(self.public_key_type)
key += pack_ssh_mpint(self.e)
key += pack_ssh_mpint(self.n)
return key
def get_signature_key(self):
"""
Get the SSH Public Key associated with this CA.
Packed per RFC4253 section 6.6.
:return: SSH Public Key.
"""
key = pack_ssh_string(self.public_key_type)
key += pack_ssh_mpint(self.e)
key += pack_ssh_mpint(self.n)
return key
def _serialize_ssh_public_key(self):
"""
Serialize the Public Key into a string. This is not specified in
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.certkeys
but https://tools.ietf.org/id/draft-ietf-curdle-ssh-ed25519-02.html
:return: The bytes that belong in the SSH Certificate between the nonce and the
certificate serial number.
"""
public_key = pack_ssh_string(self.a)
return public_key
def test_strings():
strings = {
'': '00000000'.decode('hex'),
u'abc': '00000003616263'.decode('hex'),
b'1234': '0000000431323334'.decode('hex'),
'1234': '0000000431323334'.decode('hex')
}
for known_input, known_answer in strings.iteritems():
assert known_answer == pack_ssh_string(known_input)
def _serialize_certificate_body(self):
body = pack_ssh_string(self.cert_key_type)
body += pack_ssh_string(self.nonce)
body += self._serialize_ssh_public_key()
body += pack_ssh_uint64(self.serial)
body += pack_ssh_uint32(self.cert_type)
body += pack_ssh_string(self.key_id)
body += pack_ssh_string(self._serialize_valid_principals())
body += pack_ssh_uint64(self.valid_after)
body += pack_ssh_uint64(self.valid_before)
body += pack_ssh_string(self._serialize_critical_options())
body += pack_ssh_string(self._serialize_extensions())
body += pack_ssh_string('')
body += pack_ssh_string(self.ca.get_signature_key())
return body
def _serialize_certificate_body(self):
body = pack_ssh_string(self.cert_key_type)
body += pack_ssh_string(self.nonce)
body += self._serialize_ssh_public_key()
body += pack_ssh_uint64(self.serial)
body += pack_ssh_uint32(self.cert_type)
body += pack_ssh_string(self.key_id)
body += pack_ssh_string(self._serialize_valid_principals())
body += pack_ssh_uint64(self.valid_after)
body += pack_ssh_uint64(self.valid_before)
body += pack_ssh_string(self._serialize_critical_options())
body += pack_ssh_string(self._serialize_extensions())
body += pack_ssh_string('')
body += pack_ssh_string(self.ca.get_signature_key())
return body
def _serialize_critical_options(self):
# Options must be lexically ordered by "name" if they appear in the
# sequence. Each named option may only appear once in a certificate.
serialized = ''
if self.critical_option_force_command is not None:
serialized += pack_ssh_string('force-command')
serialized += pack_ssh_string(
pack_ssh_string(self.critical_option_force_command))
if self.critical_option_source_address is not None:
serialized += pack_ssh_string('source-address')
serialized += pack_ssh_string(
pack_ssh_string(self.critical_option_source_address))
return serialized
def _serialize_critical_options(self):
# Options must be lexically ordered by "name" if they appear in the
# sequence. Each named option may only appear once in a certificate.
serialized = ''
if self.critical_option_force_command is not None:
serialized += pack_ssh_string('force-command')
serialized += pack_ssh_string(
pack_ssh_string(self.critical_option_force_command))
if self.critical_option_source_address is not None:
serialized += pack_ssh_string('source-address')
serialized += pack_ssh_string(
pack_ssh_string(self.critical_option_source_address))
return serialized
def test_strings():
strings = {'': '00000000'.decode('hex'), u'abc': '00000003616263'.decode('hex'),
b'1234': '0000000431323334'.decode('hex'), '1234': '0000000431323334'.decode('hex')}
for known_input, known_answer in strings.iteritems():
assert known_answer == pack_ssh_string(known_input)
def _serialize_signature(self, signature):
# pack signature block
sig_inner = pack_ssh_string(self.public_key_type)
sig_inner += pack_ssh_string(signature)
return pack_ssh_string(sig_inner)
def test_strings():
strings = {'': binascii.unhexlify('00000000'), 'abc': binascii.unhexlify('00000003616263'),
b'1234': binascii.unhexlify('0000000431323334'), '1234': binascii.unhexlify('0000000431323334')}
for known_input, known_answer in strings.items():
assert known_answer == pack_ssh_string(known_input)
