def _serialize_extensions(self): # Options must be lexically ordered by "name" if they appear in the # sequence. Each named option may only appear once in a certificate. extensions_list = sorted(self.extensions) serialized = '' # Format is a series of {extension name}{empty string} for extension in extensions_list: serialized += pack_ssh_string(extension) serialized += pack_ssh_string('') return serialized
def _serialize_valid_principals(self): serialized = '' for principal in self.valid_principals: serialized += pack_ssh_string(principal) return serialized
def get_signature_key(self): """ Get the SSH Public Key associated with this CA. Packed per RFC4253 section 6.6. :return: SSH Public Key. """ key = pack_ssh_string(self.public_key_type) key += pack_ssh_mpint(self.e) key += pack_ssh_mpint(self.n) return key
def _serialize_ssh_public_key(self): """ Serialize the Public Key into a string. This is not specified in http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.certkeys but https://tools.ietf.org/id/draft-ietf-curdle-ssh-ed25519-02.html :return: The bytes that belong in the SSH Certificate between the nonce and the certificate serial number. """ public_key = pack_ssh_string(self.a) return public_key
def test_strings(): strings = { '': '00000000'.decode('hex'), u'abc': '00000003616263'.decode('hex'), b'1234': '0000000431323334'.decode('hex'), '1234': '0000000431323334'.decode('hex') } for known_input, known_answer in strings.iteritems(): assert known_answer == pack_ssh_string(known_input)
def _serialize_certificate_body(self): body = pack_ssh_string(self.cert_key_type) body += pack_ssh_string(self.nonce) body += self._serialize_ssh_public_key() body += pack_ssh_uint64(self.serial) body += pack_ssh_uint32(self.cert_type) body += pack_ssh_string(self.key_id) body += pack_ssh_string(self._serialize_valid_principals()) body += pack_ssh_uint64(self.valid_after) body += pack_ssh_uint64(self.valid_before) body += pack_ssh_string(self._serialize_critical_options()) body += pack_ssh_string(self._serialize_extensions()) body += pack_ssh_string('') body += pack_ssh_string(self.ca.get_signature_key()) return body
def _serialize_critical_options(self): # Options must be lexically ordered by "name" if they appear in the # sequence. Each named option may only appear once in a certificate. serialized = '' if self.critical_option_force_command is not None: serialized += pack_ssh_string('force-command') serialized += pack_ssh_string( pack_ssh_string(self.critical_option_force_command)) if self.critical_option_source_address is not None: serialized += pack_ssh_string('source-address') serialized += pack_ssh_string( pack_ssh_string(self.critical_option_source_address)) return serialized
def test_strings(): strings = {'': '00000000'.decode('hex'), u'abc': '00000003616263'.decode('hex'), b'1234': '0000000431323334'.decode('hex'), '1234': '0000000431323334'.decode('hex')} for known_input, known_answer in strings.iteritems(): assert known_answer == pack_ssh_string(known_input)
def _serialize_signature(self, signature): # pack signature block sig_inner = pack_ssh_string(self.public_key_type) sig_inner += pack_ssh_string(signature) return pack_ssh_string(sig_inner)
def test_strings(): strings = {'': binascii.unhexlify('00000000'), 'abc': binascii.unhexlify('00000003616263'), b'1234': binascii.unhexlify('0000000431323334'), '1234': binascii.unhexlify('0000000431323334')} for known_input, known_answer in strings.items(): assert known_answer == pack_ssh_string(known_input)